Hidden Vulnerabilities: Why Cybercriminals Target Small Town Businesses 
0
Dan Gavin
Hidden Vulnerabilities: Why Cybercriminals Target Small Town Businesses 

Week after week, we write about the latest breach or how hackers use social engineering to get into corporate and government systems, but as you read this in Cochise County you think these types of things only happen to big corporations in big cities.  You may think: “My small business is not worth the hackers’ efforts.”  I’ve got news for you; your small or medium-size business is worth their effort.  Why?  Because some businesses make it so easy for them. As we do forensic investigations locally in Cochise County, we have met some of the victims.  Sometimes healthcare providers post a banner on their web pages discussing their breach and compromised data. 

One of the most common way hackers get unauthorized access to local business systems is to scan for open ports on public facing servers. A port is simply a door into your network. The port in particular that they love is the one used for remote access.  In this case think of this port as the magic wardrobe that the children found to enter Narnia. During COVID when many switched from working at the office to working at home, the local IT guru opened that famous port so that users could remote into their server or desktop using Microsoft Remote Desktop.  It was a great solution because it is easy, and it works.  Unfortunately for many, it is not at all secure and is a favorite target for our worldwide hackers.   

It’s possible to scan the entire internet in hours. In 2019, a researcher named Robert Graham scanned the entire IPv4 address space for the remote desktop port and found around 3 million exposed servers. That’s exactly what the bad actors do.   Once they find the open port, the first tactic they try is to determine the type of server and use the default usernames and passwords from the manufacturers.  Many people never remove and reset these.  The next thing hackers will attempt a password cracking technique.  Some techniques are sophisticated like the credential stuffing attack, where hackers look on the dark web for actual cracked passwords for the business which was hacked.  They are hoping that people will reuse their passwords.  Another technique is to run a dictionary attack where common usernames and passwords are automatically attempted.  We see this occur locally where the port is opened for maintenance and within an hour there are failed login attempts from North Korea, China, Russia, and Iran. It really happens here in Cochise County. 

Many business owners believe that they are safe from cyber-attacks because their IT person assured the owners that they have the best firewall the world has ever seen along with the latest and greatest anti-virus.  This is a good start, but the bad news is unless you block internet and email traffic on the firewall, it won’t stop phishing emails.  Your anti-virus won’t stop brand new malware.  According to Verizon’s 2023 Data Breach Report, around 90% of breaches are linked to phishing emails. The others are related to downloading malware through internet browsing.   

Some business owners might say they are safe and don’t need cyber security because their software is cloud-based.  In that case, what happens when an employee downloads a key-logger program that was on a link in their email?   The hacker has access to all company data and if that employee had administrative privileges, the hacker has total control.   

If a breach or ransomware attack could shut down your business for more than a day or if a breach would make you liable to your clients, your business needs solid cybersecurity.  We recommend a defense-in-depth strategy where there are multiple layers of defense.  Start with the basics of up-to-date firewalls and anti-virus, then add endpoint detection response that stops malware from executing, then get some monitoring and user training.  You follow that up with solid security policies. 

Don’t be an easy target.  Harden your business with a defense-in-depth strategy to thrive in the digital world.  Get a cyber risk assessment done to make sure that you are not low hanging fruit for the lazy hacker. 

Six ways to harden your digital profile 
0
Dan Gavin
Six ways to harden your digital profile 

“Kevin” was very frugal. He flossed daily, washed his hands often, wore deodorant, and never ate at McDonalds. He always came to a complete stop, separated his recyclables, ate more veggies than meat, and turned off the lights when he left the room. He also used a credit card responsibly; always paying it off every month. He had another card he used rarely and paid off just as quickly so his debt-to-credit ratio would benefit his credit score.  

One day Kevin’s 12-year-old clunker broke down for the last time. He needed a new car. The excitement was actually kind of cool. He researched the options and decided to go for sporty rather than practical this time. The test drive was thrilling. The smell of “new car” instead of “old tube socks filled with fries and candy” was a surprise. A welcome one. But right around the corner was another surprise. A very unwelcome one. Kevin’s credit score. Even though Kevin was ultra responsible in other areas of life, he was not used to checking his credit records regularly. He wasn’t even aware this was a thing. Someone had stolen his identity – and ruined it. 

I have bad news. There is a very high probability your personal information (not just your name and address) is on the dark web. Your social security number, your birth date, your address. Most of what an online criminal will need to steal your identity.  I mention this because 2.9 billion records were recently hacked from National Public Data consisting of these items.   

You’re probably so tired of hearing this. You might even think, “what’s the use?” While this news is dire, it is actually worse than you think. With the exposed personal data (like SSN) combined with other information easily accessible on social media profiles, a criminal can build a detailed profile of a victim. Armed with the data, the criminal can port a cell phone number to a phone they control, intercept the one-time code sent from the victim’s bank account and wipe out the victim’s life savings. They can drain other investment accounts, open new lines of credit, purchase property on credit, etc. Anything you can do with your personal information; a criminal can do just as easily. 

This is going to take some time. Really you can significantly strengthen your digital life within less than 2 hours. While this is not intended to be a technical tutorial, and we cannot give legal advice here, you can do the following: 

  1. Use a password manager like Bitwarden 
  1. Enable 2 factor authentication on all your critical accounts (banking, investment, email social media, cell phone provider) 
  1. Create a free login and freeze your credit reporting account at Experian, Equifax, and Transunion. 
  1. Use good credential hygiene as we have always advocated here. 
  1. Remember, if you get an email, text message or phone call requesting you to unfreeze your credit and you didn’t initiate it, it’s probably a scam 
  1. If you receive a contact you did not initiate AND the person claims you are in trouble in any way AND it makes you feel anxious AT ALL, it’s probably a scam. Stop the communication and contact the purporting organization using a known-good number.  

Moving forward the world is going to be less trustworthy. You need to adopt a posture of zero trust. Be suspicious of everyone and everything. It could save you. 

The original article was posted to the Sierra Vista Herald and can be found here.

Locals At Risk Due to Data Breaches – How to Protect Yourselves 
0
Dan Gavin
Locals At Risk Due to Data Breaches – How to Protect Yourselves 

A data breach that occurred in 2021 could be affecting readers today.  On the dark web, a hacker named ShinyHunters is attempting to sell personal data of 73 million people who were customers of AT&T.  After initially denying the data was theirs, AT&T confirmed that the data appears to be from 2019 and impacts approximately 7.6 million current AT&T account holders and 65.4 million former account holders.   The data includes names, address, phone numbers and for some, even social security numbers (SSN) and birth dates.   Additionally, the security pass codes for 7.6 million accounts were also leaked.   If you were a DirectTV customer, your data may be included.   The subscriber base at the end of 2019 was almost 202 million subscribers, so it appears to be a partial data dump. 

At this point you may be thinking, “Big deal, that was 5 years ago. What use could that information be for hackers?”  Good question.  There is a treasure trove of data that hackers can use that may impact you.  First, hackers could have access to your current account if your security passcode has not changed since then.  AT&T is aware of this and are reaching out to these customers.  Hackers can use phishing and other social engineering techniques claiming to be AT&T support.  If you get an email or SMS text from someone claiming to be an AT&T representative, we recommend that you go “out of band” instead of replying or clicking the link.  Go to AT&T’s website that you know is valid. Contact them through the methods provided on their website.   

One of the biggest dangers of this breach was the stolen SSN and birth date information.  Along with your name and address, hackers can apply for credit cards in your name and run up debt in your name.   Hackers can use your SSN to access your bank accounts.  They could pose as you with the bank’s customer support performing fraudulent transactions and transferring funds.   Using your SSN, a hacker can access your credit reports and subsequently apply for a loan for themselves in your name.  There’s more, but you get the point. 

Vigilance is the optimal option.  We recommend setting up multi-factor authentication on all accounts that offer the option.  Your bank and your credit cards definitely have this available.  It is a little more work to access your account but more than worth the effort. Most accounts use a username and password for access.  Multi-factor authentication uses a second method to verify that the user is authorized.  This may come in the form of a code sent via email or text or using an application like DUO or Authenticator.  Monitor your credit card and bank accounts regularly.  Report suspicious activity right away.  Consider using credit monitoring services. 

Of course, good cyber hygiene with your passwords is always recommended.  Do NOT reuse the same password on multiple sites.  That makes it very simple for hackers to try that password on other accounts. If your information was part of a breach, change your passwords.  To see if your email address has been involved in a breach, visit this site, https://haveibeenpwned.com, and enter your email address.  This provides a list of breaches the account was involved.   

If the AT&T hack is too old to have you concerned, Circle K was hacked in January of this year.  Loyalty data and partial credit card information was revealed. 

Don’t think that you are not a big enough target.  Hackers go for the low hanging fruit. If it’s too easy to pass up, they will not.  The old adage, “an ounce of prevention is worth a pound of cure,” rings very true in the cyber world.   

You can view the original article from the Sierra Vista Herald here.

Copyright © 2024 CyberEye Call us at: ‪(520)224-8981