The $100 Million Phone Call – Tale of the MGM Hack
0
Dan Gavin
The $100 Million Phone Call – Tale of the MGM Hack

In 2008, an Australian man received a $147,000 phone bill while traveling in Europe. It appeared his 12-year-old son was playing a game of “Tap, Tap, Revenge” on his iPhone the whole time. That was quite a bill, but it is peanuts compared to the 10-minute phone call to technical support that cost MGM Resorts close to $100 Million.  

In September of 2023, a group of cyber hackers from the US and UK, ranging in age from 19-22 called Scattered Spider, used social engineering to take down many of the operations of the almost $34 Billion gambling giant. Cyber criminals went to the Linked-In social media page to find an employee that works in IT for MGM Resorts. A member of the State sponsored group named Scattered Spider called the MGM tech support team impersonating a hard-working IT employee that needed a password reset. After 10 minutes on the phone, the hackers owned that account. This was the cornerstone of the operation. If tech support verified who they were talking to prior to resetting the password, this attack may have been less damaging. The helpful tech support worker had an amygdala hijacking. The urgency to help took over the logical part of the brain that would have verified the caller.  

Once in the network, they escalated their privileges (gained admin rights) and found their way into the most valuable computers. The computers were responsible for the hospitality applications used to run the hotels and casinos. The hacking group loaded ransomware on over 100 servers. One by one the ransomware encrypted the systems and the applications crashed. Hotel keys no longer worked. Slot machines were unavailable. Point-of-Sales systems (credit cards) were unable to take payments. Guests were not able to reserve rooms and check in or out. MGM saw operations in eight states affected by the intrusion.  

Because MGM did not immediately pay the ransom, their systems were in a state of upheaval for 10 days. The losses from the disabled slot machines alone cost MGM an estimate of $5 Million a day. Some estimate a total loss of $8.4 Million per day. MGM Resorts International claimed the disruption in service caused a $100 Million loss in the third quarter results. Additionally, they spent another $10 Million on legal fees and technical consulting. As a result of the attack, their stock dropped $850 Million in market value. They have since recovered that loss. However, their biggest loss might be the damage to their reputation.  

Just a week before, another casino giant, Caesars Entertainment, suffered a ransomware attack. In contrast they immediately negotiated the ransom from $30 to $15 Million and saw only minimal disruption. The bright side (if there was one) for both corporations was that they both carried excellent cybersecurity insurance policies which covered the cost.  

There may be legitimate business reasons to pay the ransom, but it comes with an additional ethical price. The ransom you pay funds other elicit criminal activities like drug smuggling and human trafficking. We will save that discussion for another day.  

Don’t think this only happens to huge corporations, it happens to small and medium sized companies every day in America. Employees need cybersecurity training, so they don’t fall for the kind of trick played on MGM. You need to have company policies in place to protect against impersonation. You need business plans such as Incident Response Plans and Contingency of Operation plans developed and ready in case of an attack or disaster.

Keep all that in mind for your business the next time you receive an unexpected call. What will this phone call really cost? 

Original article in the Sierra Vista Herald found here:

Scammed! How Hackers Hijack Your Amygdala
0
Dan Gavin
Scammed! How Hackers Hijack Your Amygdala

Last week an elderly friend called me. He had been scammed out of $13,000 … almost. RIGHT before he finalized sending the money, he had a lucid moment and thought “this is probably a scam”. He ended the call and phoned his bank. All ended well.

So, what can we do to help our elderly friends and family? They are easy pickins for professional scammers. These scams work because they incite a cognitive response in the mind of the potential victim that causes them to jettison all logic. They simply fall prey to an ancient brain-part — the amygdala. Chris Hadnagy (professional white hat social engineer) references the term “amygdala hijacking”. It’s a term coined by Dr. Daniel Goleman. Hadnagy states scammers use techniques that hijack the amygdala which shuts off the logic center of your brain. The tragic result is that in less than 30 minutes your elderly loved one will transfer tens of thousands of dollars to a person they’ve never met.

According to Hadnagy, there are 4 vectors of social engineering attacks: 1. Phishing. 2. Vishing. 3. SMiShing. 4. Impersonation. I’m sure we could add to or subdivide these categories, but this is enough for now.

Phishing is typically an email delivery. That’s how my friend was targeted. He received an email informing him his Norton antivirus subscription had just been renewed for $250. He was kindly informed to “call this number if you’d like to cancel.” Panic set in. The amygdala hijack was on. He completely ignored the fact he NEVER had a Norton antivirus account.

Vishing uses the same content essentially as a phishing email but delivered over a phone call. SMiShing is the same – except over text message. Impersonation is an in-person visit from someone pretending to be someone like phoneline repair or a plumber.

In almost all these cases the scam works because the content of the message causes the victim to immediately panic. The anger, fear, or excitement they feel disables all the logic which they would normally use to make informed decisions. This is where the amygdala takes center stage. Logic takes a lunch break.

It’s here that the scammer handholds the victim all the way through the scam. They promise to fully refund the victim’s money. This makes the amygdala happy. The scammers convince the victim to let them remote connect to their computer. Next, they do some confusingly technical looking things to build false trust. But it’s all a ruse. The scammer is counting on the good heart and trusting character of the victim. Trust and honesty make them the perfect victim.

To protect yourself and your loved ones, here are a few rules:

1. Trust no one.

2. If you get any kind of communication you didn’t expect, pay attention to your feelings. Does it make you anxious in any way? Then it’s a scam.

3. If the message you received claims your bank account or credit card have been charged, close the message and contact your bank using a known-good number.

4. If the message appears to come from a government agency, close the message and contact the agency using a known good number.

5. Every organization that deals with your money has a fraud department. Contact them. They can help you get things straightened out.

6. Contact the Cyber Guys at CyberEye.

Original Article appeared in the Sierra Vista Herald here

Protect Your Castle Like a Medieval Fortress
0
Tom Jewkes

In the year 1209 the Cathars were besieged at Carcassonne in southern France. The Cathars were a religious group branded heretical by the Pope. Within the heavily fortified city the Cathars were protected but vulnerable to a supply chain attack.

The Castle Comtal within the fortified city in France’s Aude department, stands as a monumental testament to medieval military architecture and strategy. One of the most distinctive features of this castle is its portcullis with two independently controlled gates. This engineering marvel serves as an apt metaphor for the need to separate your Information Technology (IT) and Cybersecurity teams.

The Portcullis at Carcassonne

The fortified city of Carcassonne has a complex defensive system that has stood the test of time. One of its remarkable features is the portcullis, a heavy grilled door that could be dropped or raised to secure the castle’s entrance. But what sets Carcassonne’s portcullis apart is its two independently controlled gates. This means that even if one gate were compromised, the other could remain secure, providing an additional layer of defense.

Separating IT and Cybersecurity Teams: A Modern-Day Portcullis

In modern organizations, the IT and Cybersecurity teams often have different mandates but overlapping responsibilities. The IT team is generally responsible for managing the hardware, software, and networks that keep the company running. In security terms this is called “Availability”. The Cybersecurity team, on the other hand, focuses mainly on protecting the “Confidentiality” (controlling who can see what), and the “Integrity” (who can change what).

Much like the dual gates of Carcassonne’s portcullis, these teams should operate independently but in tandem. A Change Board approves software installations and updates; The Cybersecurity team updates the allow policies and the IT team implements the changes.

Advantages of Separation

1. **Focused Expertise**: Specializing allows each team to become experts in their area, leading to better performance and problem-solving.

2. **Risk Mitigation**: Separating the approval and installation of software makes it almost impossible for a disgruntled employee to wreak havoc.

3. **Checks and Balances**: Independent operations allow for internal checks, reducing the likelihood of systemic failures and oversights.

The Harmony of Independence and Interdependence

While it’s crucial for these teams to operate independently, they should not work in silos. Much like the independent but harmoniously functioning gates of Carcassonne, IT and Cybersecurity teams should have protocols for secure communication and collaboration. For instance, while the IT team may be responsible for implementing a new software platform, the Cybersecurity team should be involved in assessing its security features and updating the allow policies.

Conclusion

The dual-gate portcullis at the Castle at Carcassonne serves as a timeless symbol of defense in depth. In a world where cyber threats are increasingly sophisticated, the need for separate but coordinated IT and Cybersecurity teams has never been greater. By learning from the past and applying its lessons to the present, your company can fortify your castle against the ever-evolving challenges facing you.

A Chicken Tale – A Cyber Parable
0
Dan Gavin
A Chicken Tale – A Cyber Parable

A Cyber Parable:  Imagine you are a chicken rancher. Your chicken are free-range, no antibiotics, and (most importantly) hypo-allergenic. So, people with egg allergies can use your eggs to make cookies and other goodies. If they ever inadvertently eat store bought eggs they would die. You can see the value in your eggs.  

You Are At Risk:  But who would even want to harm your business. You are small. You only serve a small geographic area. Imagine, you have a very elite clientele. Because your eggs are so unique, your clientele consists of some very influential and powerful people. If a criminal wanted to target a powerful person, they wouldn’t have to do it directly. All they have to do is gain access to your hen houses and plant store bought eggs. Then wait for you to deliver them to your clients. It doesn’t even matter to the criminal if they hurt others as well. Those would merely be collateral damage to the criminal. As long as their target was affected, their mission is complete.

Supply-Side Attacks:  This is pretty much how supply side software attacks happen. A legitimate software vendor with lackadaisical security on their software repository (the henhouse) gets infiltrated by a threat actor. A legitimate file (your precious eggs) gets infected with malware (store bought eggs), then the threat actor simply waits for the vendor to ship out the infected file. 

Does this happen? You bet it does. A few months ago, a huge software vendor named SolarWinds had this happen to them. It affected about 18,000 of their high value customers. 

Try This:  So now we find we can’t even trust the vendors to keep their software repositories (their hen houses) safe. But what can you do about it? Here’s what you can do. Before you install any new software or any update, you can upload the software to virustotal.com and have the file scanned for you at no cost. It’s not foolproof but will give you at least a small measure of assurance the file hasn’t been tampered with.

Some Cautionary Statements: There are two possible problems here. First, VirusTotal is a public website, so don’t upload any sensitive files. Second, VirusTotal will only report a file as malicious if: 1. VirusTotal has seen it before AND 2. The antivirus engines it uses to scan the file has verified the file is malicious. What this means to you is, if the good eggs were just switched out for bad eggs this morning,  VirusTotal will not know it’s bad. And you will install malicious software. So, with this technique, your mileage may vary.

Other Options:   There are other options for your protection that we have discussed in other articles like application whitelisting and ring fencing that can provide more protection.  Ask us or your local cyber team about it. 

Time to Put a Light on the Shadows
0
Dan Gavin
Time to Put a Light on the Shadows

Missile Controls: During the Cold War, there were hundreds of top-secret nuclear missile silos around the United States and allied countries.  An example of the silo can be seen here in Arizona at the Titan Missile Museum.  Many of the silos are still in use today.  They are guarded with service members with extremely high- level security clearances where the details of the location and security procedures if exposed could give the enemy the upper hand.

National Security Issue: Understanding the importance to national security, what if I told you that for the last seven years, details of operations of nuclear weapons in Europe have been on the internet, freely available to anyone through flashcard-learning applications.  Since 2013, flashcard applications like Quizzlet, Cheg, and Cram were created by service members at six European bases to help them memorize security protocols about US nuclear weapons and the bases.  Details included the location of the exact shelters and “hot” vaults that contain the nuclear weapons.  Camera positions, frequency of patrols, and unique identifiers for restricted area badges were part of the package.  In addition, secret duress words that signal when a guard is being threatened were exposed. 

Security Breach: A journalist from Bellingcat looked up terms associated with nuclear weapons bases, like Weapons Storage and Security Systems (WS3), associated with air bases, and the flashcard apps showed up.  This was a huge security breach, and it went on for more than seven years! 

Shadow IT: This is a perfect example of the risks of Shadow Information Technology (Shadow IT).  Shadow IT is any technology that employees uses without approval or support from their IT department. Examples of Shadow IT include using personal emails, music streaming services, collaboration tools, and storage and sharing applications that have not been approved for use. 

Circumventing the System: The flashcard-learning applications are cloud-based applications open to the public.  The service members did not have a similar technology to help them memorize all the protocols, so they went to the web and used a specific free tool that helped them learn much more efficiently.  The members created Shadow IT because the military did not provide a secure solution. Sometimes, Shadow IT exposes to management the tools required to perform the tasks to get the mission accomplished.  If leadership acknowledged the requirement and created a secure solution, that sensitive information would have been kept secret. 

Big Risks: Shadow IT is a security risk.  It is projected that one-third of successful cyber-attacks are on data located in Shadow IT resources.  That’s because, if the IT department does not know about it, they can’t secure it.  When left unchecked, businesses risk proprietary data or customer data.  If exposed, that means loss in the marketplace, downtime, fines, or damage to reputation. 

How to Avoid It: To protect your business, find out all the tools that are being used by your staff.  Provide amnesty to anyone using unauthorized apps. This provides insight into what is required for their tasks and gives you a chance to confer with your IT or cybersecurity professionals to determine a secure way forward.  Whitelisting application tools provides insight to management into what applications are used on the work network, and management can decide what is allowable.  There are no secrets when a whitelisting tool is used.  Shadow IT is exposed to the light.

Moral of the Story: Whether you are protecting nuclear warhead secrets, or your company’s process to beat the competition, Shadow IT can have a negative impact on your operations.  Discover what is out there and find a way to secure it. 

Catching Wild Pigs
0
Dan Gavin
Catching Wild Pigs

How to Catch a Wild Pig: You catch wild pigs by finding a suitable place in the woods and putting corn on the ground. The pigs find it and begin to come every day to eat the free corn. When they are used to coming every day, you put a fence down on one side of the place where they gather. When they are comfortable with the fence, they begin to eat the corn again, and you put up another side of the fence. They become oblivious to that, and they start to eat again.

Continue until you have all four sides of the fence put up with a gate in the last side. The pigs, habitually coming to eat the free corn, enter through the gate to eat; you slam the gate on them and catch the whole herd. Suddenly the wild pigs have lost their freedom. They run around and around inside the fence, but they are caught.

It Happens to Us: Is this a ranching piece or the Cyber Tripwire?  There is a parallel to the wild pig parable and what is known as “cybersecurity fatigue.”   According to the National Institute of Standards & Technology, security fatigue is “a weariness or reluctance to deal with computer security.”  When asked to make more computer security decisions than they are able to manage, people tend to experience decision fatigue, which leads to security fatigue. Every day, people on their computers are being asked to make a multitude of cybersecurity decisions:  “What’s the password for this site?”  “ Should I open this email?”   “Is it OK to click this link?”   

Collaboration Tools: Due to the pandemic, more people are working remotely, leading to the skyrocketing usage of collaboration tools, like Discord, Teams, and Slack.   The users who are collaborating, sharing links, and sending files, lack the concern of whether the link is legitimate or if the file has embedded malware.  (Was that a fence that just went up? Nothing to see here—it’s normal.)    We’ve been lulled into thinking that we can disregard security concerns for these collaboration tools.

Hackers Take Over: Recently Talos, Cisco’s cyber intelligence division, wrote an article about how hackers are using collaboration tools to evade organizational defenses.  The hackers improperly use the legitimate collaboration tool, which is not blocked, to distribute their malware. This happens because many of the security perimeter controls existing on email or web browsers are not in effect with these collaboration tools; thus, hackers prey upon employees’ cybersecurity fatigue. This fatigue works in the hackers’ favor because users are accustomed to passing information such as links and files through these chat tools thinking they are secure.  (What’s that fence doing there? It’s all normal—nothing to see here.)

Your Counter Measures: Organizations should take measures to combat this, like whitelisting applications and employing endpoint detection.  “Least privilege” should be employed, meaning regular users are not running as administrators.  Remember:  If you click on a malicious link as administrator, now that malware becomes the administrator of your system.  Micro-training, another option for better cybersecurity for your employees, consists of weekly three-minute videos sent via email to keep the protection of your business in the top of their minds.

Pay Attention: Be careful while using your organization’s collaboration tools.  Treat files and links in those tools just like you would in emails.  Stay alert.  That way, when you are happily eating your free corn in the field, and the next day there is a peculiar-looking fence, you’ll know it’s time to run!

The Stuffing Will Make You Sick
0
Dan Gavin
The Stuffing Will Make You Sick

The Conflict: For years, my mother-in-law insisted on stuffing the turkey – with stuffing. She wanted the stuffing to get all the turkey deliciousness by absorbing the juices. I didn’t really like it because the stuffing was soggy, and we had to cook the bird longer. That meant dry breast meat.

The Solution: Now, our family is in charge of the thanksgiving meal. We don’t stuff the turkey. We brine it. Then smoke it. The result? Juicy turkey breast, and crisp, fluffy stuffing. I win.

The Concern: The problem is with putting stuffing in the bird, you can end up with salmonella poisoning if you don’t get the center of the bird up to 160 degrees. That’s what the experts say, anyhow. I’ve never felt like it was worth the risk to test that hypothesis. So, I just kept my mouth shut and soaked the dry breast meat in salty gravy.

Credential Stuffing: There is another stuffing that will make you sick. It’s called “Credential Stuffing.” It works like this: You read a really captivating Cyber Tripwire article about passwords. You’re instructed to make them long. Thus, you create a portmanteau of the first name of every grandchild and their birth year. Then to make it really strong, you put an exclamation point at the end. NO ONE will ever guess that! You have your new favorite password.

Just One Password: Next, you proceed to change all of your passwords to that new, really strong one. Instagram, Facebook, Bank of America, Linkedin, Gmail… the list goes on. Every website you use regularly now has a really strong password—the same password.

The Opening: All it takes is for a threat actor to get the password database from one of those sites, and they will have your email address and password for every other site, especially your email account.

Textbook Scams: What they do next is textbook. They log into your email account and send spam emails to everyone in your address book, straight from your account! One of my clients received an email this week from the victim of an attack just like this.

The email read something like, “Hey, when you get a second, I have something important to talk about. Let me know your availability.” If the recipient replied, there was an immediate response. It read, “Thanks for getting back with me. My daughter was diagnosed with cancer. I’m hoping you can help out financially. Just send me some Google Play gift cards.” This was a classic gift card scam.

The Process: Gift card scams and their variations, “The Refund Scam,” the “Fake Tech Support Scam,” almost always involve gift cards. Here are a few characteristics to watch out for:

  1. Someone CALLS YOU on the phone promising an unexpected monetary award (refund or sweepstakes).
  2. Maybe you get a scary pop-up screen on your computer notifying you of several viruses detected. The screen has an 800 number prominently displayed (Remember: Emotion shuts down the logic center of your brain.).
  3. The person on the phone almost ALWAYS has a non-American accent (No prejudice here. Just fact.).
  4. The person on the phone, or the fake tech support person “accidentally” refunds you too much money.
  5. They need you to “help them get that overpayment back or they will lose their job” (Preying on your natural goodness.).
  6. They instruct you to buy several thousand dollars in gift cards.
  7. Or, they may instruct you to use Western Union to wire money.
  8. Or, they may instruct you to get physical cash from the bank and ship it via FedEx.

Notice the Signs: No matter what the person tells you, or what you see on the computer screen, these are tell-tale signs of fraud. If you find yourself in a situation like this, immediately hang up the phone and contact the cyber guys from CyberEye BEFORE any transactions take place.

Cyber Food Poisoning: Undercooked stuffing can make you sick. Credential stuffing leading to a gift card scam is no less annoying than food poisoning.

The Flight of the Auk
0
Dan Gavin
The Flight of the Auk

Adaptability: One of the fundamentals of survival is the ability to adapt quickly to a changing landscape.

In June 1844, the last Great Auk was killed, ironically, so it could nest permanently in a dusty museum.

Akin to the Dodo: The Great Auk was a helpless, hapless, flightless bird that bred in colonies on some rocky islands in the North Atlantic. You may never have heard of it. Perhaps, because the sly insult “strong as an Auk” doesn’t sting like “cunning as a Dodo”, and “Auk”, could be linguistically confused with “Ox”.

What Is It: The Great Auk is similar to a penguin: flightless and helpless. Why aren’t the penguins extinct, too? They live in Antarctica. People haven’t gone there in great numbers. For the Auk, they lived on an island used by sailors as a pantry for restocking supplies, like bird meat. Antarctica isn’t somewhere people regularly frequent for the same purpose. It’s inconvenient, and inconvenience to humans may have saved the penguin.

Extinction: Whether Dodo, Great Auk, or Wooly Mammoth, the end was the same—extinction. Extinction due a cataclysmic collision of unfortunate events. The animals had developed defenses ideal for the geographic bubble in which they lived which was a specific geographic ecosystem.  Suddenly their bubbles popped. The conditions changed. Their serene world careened into the 19th century, and they lost. They lost because of an inability to adapt.

We Adapt: Humans are different. We don’t adapt to suit our environment. We adapt our environment to suit ourselves. This is our axiom. Now, whether this application of adaptation is a moral one, is not the purpose of this discussion.

Change to Survive: Situations and environments change. Those who most nimbly adapt will survive. The others will not. For a case study, look at Sears. They OWNED the mail-order business. Then came Jeff Bezos in his tiny garage selling books—over the internet. No threat there. Until it was one. It was too late for Sears. Sears SHOULD HAVE owned the online mail-order business. The same way they owned the magazine mail-order world. Like the Great Auk, they failed to recognize a threat. With their ineffective wings and clunky feet, Sears bumbled into the 21st century, failing to adapt quickly when the environment changed.

The Trouble of Inconvenience: For Sears to change its business model would have been inconvenient. People don’t like inconvenience. We develop a bubble of comfortable systems and familiar procedures. We actively reject anything that may disrupt the playful bubble of familiarity.

Hard for the Bad Guys: As defenders of our world, we can use this natural human aversion to personal inconvenience to our advantage. If we make it sufficiently inconvenient for a cyber-criminal to successfully attack us, it may demotivate them and cause them to seek a softer target.

Contact CyberEye – They Know: Unfortunately, this article doesn’t provide the space to list everything you can do to introduce inconvenience into your cyber defense plan. Feel free to contact the Cyber Guys from CyberEye for details.

Recognize the Threat: Both the 19th century Great Auk and the 20th century Great Sears, didn’t recognize the threat early enough. At best, the great Auk could have changed breeding sites to a less convenient location, then decrease the frequency of human interaction. Sears could have bought Amazon’s business model for a few thousand dollars and adapted to it.

Make Adjustments: In 2021, if your business survives the tragedy of COVID, the most likely cause for failure will be a lack of flexibility in your business processes. There is a cyclone of cyber-criminal activity on the near horizon. There are threats we’ve never even considered about to drop anchor just offshore.  Sadly, change is the axiom of the cyber-threat landscape.

The Saga of the Stolen Stingray
0
Dan Gavin
The Saga of the Stolen Stingray

Protect It: I imagine one day I’ll own a 1970 Corvette Stingray. It will have its own garage. I’ll lock the garage doors when I’m not using it to make sure it’s safe. I’ll put an alarm on the building—to be sure. And I WON’T leave the keys in it!

Hijacked: A few months ago, my mother-in-law told me her email “broke.” For a few days, she hadn’t received any emails in her Outlook Client. So, I took a peek at her Cox webmail. I found a message stating the account was locked, due to suspicious activity. After a couple hours with tech support, we were able to get in. We found the account had been sending hundreds of spam emails every day. A criminal had hijacked her mail.

Recently I read a blog post in Dentaltown from a dentist victimized like this. His email account had become an unwitting offender. How did this happen to them? Will it happen to you? How can you prevent it?

Credential Stuffing: These email accounts fell victim to what we call a “credential stuffing attack.” It’s often performed by software known as “bots.” See, websites should be storing your username/password pairs (AKA “credentials”) in an encrypted database, but they often don’t. It’s like storing a 1970 Corvette Stingray in your garage (keys in the switch), and then leaving the door wide open. You’d never do that, but websites do—all the time!

Darkweb Dump: Criminals break into those websites and scoop out your credentials. Then, those same criminals dump your credentials on the darkweb. Other crooks snag these breached credentials from darkweb, Amazon-like sites. They then code their bots with lists of credentials, including yours. Finally, the bot logs into your email account.

Picture this:  You use your Gmail address as the username to log into scrapbook.com. Then, you use the same password for scrapbook.com that you use for your Gmail account. A criminal breaks into scrapbook.com. If the database isn’t encrypted (the doors were left open), the thieves steal your credentials. In essence, the criminal drove away in your beloved Stingray! It happened because you used the same key for every door you own: Your house, your Stingray garage, your business office, your mailbox…  You get my point? Worst of all, you left a copy of the key taped to the front door of your house, right in plain sight.

Unique Passwords: We often recommend in these articles that you make sure and use unique passwords for the bucketload of websites you log into. Certain sites are more critical, for example, your email account, as well as your bank account and other accounts containing your financial information. Use a password manager like Bitwarden. If you use a long, unique passphrase, instead of a short password,  and you use a different passphrase for each site you visit, then you reduce the chance of becoming a credential stuffing victim.

Your BlueTooth Is Showing
0
Dan Gavin
Your BlueTooth Is Showing

Is Your Bluetooth On?: I’ll bet the Bluetooth on your phone is enabled right now. How you can tell: when you get in the car and it automatically switches to the hands-free option. This is how most people operate. It’s convenient.

What Is It?: So, what is Bluetooth? It’s like Wi-Fi but for short distances and its built into nearly every smartphone. In an iPhone you use it to Airdrop files to your friends. It connects to your wireless earbuds so you can listen to Sgt. Pepper’s Lonely Hearts Club Band. It can also be used to steal files off your phone without your knowledge.

Snarfing: I’m referring to the attack tactic called Bluesnarfing. This attack exploits a weakness in some mobile phone Bluetooth implementations and it provides unauthorized access to the personal information stored on your phone.

How It Works: Here’s the scenario. You are attending an event outdoors and properly observing the government recommended social distance of six feet. Maybe you’re at the grocery store or one of the few remaining restaurants in town that still allow sit-down dining (like Dickies over by Food City). Someone sits six-feet next to you. They then create a Bluetooth connection to your smart phone, and capture the data stored on it. All without your notice or consent!

Exposure: Why is this important to you? This attack can expose your emails, contact lists, and text messages. Literally anything you store on your phone. Do you have a photo of your drivers license or social security card in there? Anything else you don’t want to become public?

What Risks?: Maybe you think the risk isn’t very high. I mean, how important are you really? In a way, this is conceptually similar to ransomware attacks. Your data is held for ransom. If an attacker gets access to any sensitive data on your phone, they can simply email you anonymously and request a few Bitcoin to have the data deleted. In case you were wondering, at the time of this writing, Bitcoin traded for $11,345.96 per coin. So yes, it’s worth the effort for someone to steal your data.

Please Stop It: Now you may be wondering how you can stop this attack, or if it’s even worth it to try. I mean, are you really at risk? Mitigation is easy. Turn off the Bluetooth when you are in public places. It takes almost no effort on your part. As for risk. Do you have sensitive data on your phone?

What Bugs You?: Now that I have your attention. Bluesnarfing isn’t the only thing that should terrify you. The really scary one is Bluebugging. Bluebugging allows an attacker to have COMPLETE control over your phone. If your phone is Bluebugged, an attacker can make and receive calls over your phone, AND eavesdrop on YOUR phone calls.

Opportunity: Some of this may have sounded like scenes from Mission Impossible, but Bluesnarfing and Bluebugging aren’t make-believe.  And you don’t need to be Ethan Hunt to become a target. As with Ransomware, sometimes all a cyber-criminal needs is an opportunity. Leaving your Bluetooth on all the time is convenient for sure. For both you AND the criminal.

Copyright © 2024 CyberEye Call us at: ‪(520)224-8981