Doug Bedell — April 20, 2018, 10:36 am

Cyber-Security-Safe In Your Home Office? Maybe Not


Not even a home office might be safe from cyber security attacks. This after a warning from the British and American governments about the proclivities of Russian hackers, including even home offices.

As reported by Forbes, the warning came in a joint announcement from British intelligence, the National Security Council (NSC), the DHS and the FBI on Monday. In a media briefing ahead of the announcement, Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council, said there was ‘high confidence’ Russia was behind the attacks. The hacks were being tracked by British intelligence from a year ago, said Ciaran Martin, director of U.K.’s National Cyber Security Centre, run out of intelligence agency GCHQ, whilst the U.S. noted the attacks started back in 2015….”

“The joint technical alert said Russian state-sponsored hackers had attempted to breach network routers, switches, firewalls and network intrusion detection systems across the world. Those routers were compromised to carry out so-called “man-in-the-middle” attacks where data going between computers and internet servers is intercepted, the NCSC said.”

From their embassy in London, the Russians denied the assertions. “We are disappointed by the fact that such serious claims have been made publicly, without any proof being presented and without any attempt by the United Kingdom to clarify the situation with the Russian side in the first place.”

Doug Bedell — April 18, 2018, 12:14 pm

Digital Firms Becoming Aroused Over Cyber Attacks


The digital industry is becoming more unified and resolved to protect against cyber attacks, Lindsay O’Donnell on the Threat Post blog reports.

At the 2018 RSA Conference in San Francisco April 16–20, “Where the world talks security”, Microsoft President Brad Smith declared in his keynote address that tech companies need to come together to “open the world’s eyes to the impact that this is having,” “this” being government-backed cyberattacks like WannaCry and Not Petya. Those campaigns “impacted computers across 150 countries” and are examples of attacks “that not only crippled civilians’ systems, but also disrupted citizens’ daily lives.”

“These attacks not only brought down computer systems, but paralyzed hospital customers’ appointments, crippled banks and had the potential to shut down power grids,” Smith said. “The WannaCry attacks,” Threat Post notes, “were later officially blamed on North Korea by the U.S. government.”

“In response to attacks, the 34 tech firms have signed an accord pledging both to oppose governments launching cyberattacks against civilians, but also committing to protect all their customers with new tools and products and working together in addressing security.

“These companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro. Others, such as Apple and Google, were not on the list.”

Doug Bedell — April 16, 2018, 1:13 pm

Brian Krebs: A Tax Season Security Warning


It’s not only whether you’re comfortable with your own digital security defenses. Mention your concern about digital security to your tax preparer and anyone else who gives you close-up financial advice and has access to your financial records. These “helper” pros need to be digitally secure too. What do they say about that?

Brian Krebs, a former Washington Post reporter who is now a security expert, raises these “collateral danger” questions in a blog post, “When Identity Thieves Hack Your Accountant.”

“Last month, KrebsOnSecurity was alerted by security expert Alex Holden of Hold Security about a malware gang that appears to have focused on CPAs. The crooks in this case were using a Web-based keylogger that recorded every keystroke typed on the target’s machine, and periodically uploaded screenshots of whatever was being displayed on the victim’s computer screen at the time….”

Read on to your possibly enduring benefit.

Doug Bedell — April 13, 2018, 3:29 pm

DHS Conducts a Biennial Cyber Security Exercise


Here’s an account from the Department of Homeland Security on its conduct of “Cyber Storm VI: Testing the Nation’s Ability to Respond to a Cyber Incident”.

DHS has a link to the Cyber Storm exercise series at www.dhs.gov/cyber-storm. The exercise “involved more than 1,000 members of the private industry, government and international partners who participated in a three-day distributed exercise that focused on the critical manufacturing and transportation sectors. The exercise evaluated and improved the capabilities of the cyber response community, informed preparedness and resilience planning efforts, and evaluated the effectiveness of the National Cyber Incident Response Plan in guiding response. Growth in this community of partners acknowledges the increasing value of information sharing and the benefits of exercising their organizations cyber response plans.”

If active, beyond precautionary measures in cyber security are a priority in your organization, we’d suggest contacting DHS about possibly participating in the next such exercise in 2020.

Doug Bedell — April 11, 2018, 10:29 am

Bruce Schneier Promos the ‘Digital Security Exchange’


Bruce Schneier advises of the Digital Security Exchange, where he is on the advisory committee: “The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats.

“We do this by pairing civil society and social sector organizations with credible and trustworthy digital security experts and trainers who can help them keep their data and networks safe from exposure, exploitation, and attack. We are committed to working with community-based organizations, legal and journalistic organizations, civil rights advocates, local and national organizers, and public and high-profile figures who are working to advance social, racial, political, and economic justice in our communities and our world.”

Sounds like digital help that’s well worth investigating.

Doug Bedell — April 9, 2018, 11:58 am

‘Innocuous’ Web Questions Can Be Harmful


In this time of freshly dawning awareness of the security hazards of social media, Brian Krebs warns against responding to “data harvesting” questions on websites.

“I’m willing to bet,” Krebs writes, “that a good percentage of regular readers here would never respond — honestly or otherwise — to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks — particularly Facebook — seem positively overrun with these data-harvesting schemes. What’s more, I’m constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same.

“On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts…”

So, Krebs advises, “Don’t give away historic details about yourself.” It’s hazardous out there. Be careful.

Doug Bedell — April 6, 2018, 1:21 pm

Healthcare, Too, Can Be Hit By Cyber Attacks


We’re not expressly endorsing the SecurityMetrics Health Network Portal, but it’s certainly noteworthy that the healthcare industry was hit by 23.7 percent of total cyber data breaches last year, as the SecurityMetrics blog notes.

Healthcare IT News displays “The biggest healthcare breaches of 2017” in a click-along format here.

As it’s been demonstrated repeatedly, no industries, organizations or individuals are safe from the risk of cyber attacks, so cyber security should be of concern to anyone using a computer.

Security Metrics has its own 2018 Guide to HIPPA Compliance that’s definitely worth checking out. But as we’ve noted repeatedly, there isn’t an office anywhere that doesn’t need to be mindful of the risk of cyber security intrusions and knowledgeable about fending them off.

Doug Bedell — April 4, 2018, 2:50 pm

Women Policing the Cybersecurity Realm


Barrier Briefs is about security, not gender diversity. Yet it’s pleasing to note that the Dark Reading blog is introducing “10 Women In Security You May Not Know But Should”. That’s cybersecurity, but it’s even more interesting to learn that women are increasingly present in one of the innermost realms of the security profession.

“In an effort to celebrate and shine a light on some of the work women are doing in cybersecurity,” we’re advised, “Dark Reading is publishing a series of articles that identify women who may not be as well-known in the industry (yet), but who are making key contributions. This first installment includes ten women in various sectors of cybersecurity, who were selected based on recommendations and research. The list is in no particular order.

“This is just the first in a series on women you may not know about, but whose work you might see more of in the future. If you know someone who fits the bill, please send us their names and any information about them and their work, to editors@darkreading.com. We expect to see the list get much longer.”

We welcome some Dark Reading on a bright subject, indeed.

Doug Bedell — April 2, 2018, 11:11 am

Tightening Security Against Hackers


It seems like an almost daily security routine: Another of your favorite apps has been hacked, this time MyFitnessPal (150 million accounts), and the NakedSecurity blog puts out another advisory on what to do. The first thing, of course, is don’t panic (it always is). Then change the appropriate password. And have a nice day…

The internet is a relatively new thing in American life, and, indeed, world affairs. But unless it’s utility is to be someday fatally compromised, we’ve got to come to terms with hackers.

This Naked Security post indicates how that is coming to be. Right on for the good guys!

Doug Bedell — March 30, 2018, 2:22 pm

Bruce Schneier Warns About ‘Surveillance Capitalism’


Bruce Schneier lays it out for us and it’s scary and truly annoying – what Harvard Business School professor Shoshana Zuboff calls “surveillance capitalism” has been latched on to by Facebook and, says Schneier, “thousands of other companies that spy on and manipulate us for profit.”

It’s far from the security we expect to have when we turn on our computers.

“There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data. Last year, Equifax was in the news when hackers stole personal information on 150 million people, including Social Security numbers, birth dates, addresses, and driver’s license numbers.

“You certainly didn’t give it permission to collect any of that information. Equifax is one of those thousands of data brokers, most of them you’ve never heard of, selling your personal information without your knowledge or consent to pretty much anyone who will pay for it.

“Surveillance capitalism takes this one step further. Companies like Facebook and Google offer you free services in exchange for your data…”

And they don’t say so. Isn’t that fraud?