Skip to content
What is Phishing, aka Social Engineering, and How Do I Avoid It?
I recently warned of a very large recent upsurge in ransomware. Now I must warn you to beware of new successful social engineering exploits. What is social engineering?
Wikipedia has a good definition:
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
In other words, phishing, the internet term for social engineering scams is simply a way to trick you into doing something so that you reveal vital information like bank account info, tax return info or send money unwittingly to a devious person.
Let me tell you about social engineering exploits in three recent real world examples. In the first case, City of Hope in Duarte, CA (City of Hope employees fall victim to phishing attack) had three employees targeted by a phishing scam. They unwittingly revealed protected health information (PHI) which by law must be kept confidential. In the other two cases, the loss of data was much more vast. Both Seagate Technologies (Seagate Phish Exposes All Employee W-2’s) and Snapchat (Snapchat falls hook, line & sinker in phishing attack: Employee data leaked after CEO email scam) had an employee get tricked into providing W2 information on all past and current...
Tips on Renewing Warranties on IT, Server and Software
Here is a good blog on whether or not you should renew your warranties on firewalls, servers, routers, software, etc. It is written by a friend of mine, Ken Zimmerman, at Trivalent Group out of [...]
This New OpenSSL v2 Protocol Flaw Merits Watching
Fortunately OpenSSL is publishing a fix on Tuesday - OpenSSL versions 1.0.2g, 1.0.1s - to deal with the protocol flaw. Many systems are vulnerable to an attack that may be comparable with Heartbleed. “This flaw [...]
Be Ransomware Aware
Educate your users - Don’t let them be tricked into downloading malware
Everyone should follow this advice:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter...
I Am a Non-Technical Executive: What Seven Things Should I Be Asking My IT Guys About IT Security?
Irvine, CA - Overseeing IT and security is a daunting task, even if you are an IT professional. If you are an executive to whom IT reports, then the task becomes near impossible. The list of following questions is designed to empower you to have a meaningful discussion with your IT team so you can be an informed and responsible manager pursuing your due diligence role in protecting the assets of your firm. If you are an IT professional, these are questions you should be prepared to answer.
1. Q. When did we last do a risk assessment? Please share that document with me. I would particularly like to see the Risk Assessment Table.
A. Make sure your IT team is periodically assessing the risks to your IT systems. They should be recommending upgrades and new solutions for you from time-to-time, and you should be listening. They need to be able to express the threat in operational and economic terms in order to justify the expenditure. If your team can’t give you a clear and coherent answer on when and how they last did this, send them off with a task and a deadline.
2. Q. When did we last do a Vulnerability Scan? What were the results of that scan? I would like to see the report. Who did the remediation? When is our next scan planned?...
New Virulent, Wide-Spread and Expensive Ransomware Outbreak Coming to You Soon
Orange County, CA - We have seen a surge in ransomware attacks in the past week. While only two Alvaka clients have gotten hit, they are a tale of different system administration acumen.
1. A multi-state firm got hit with the latest breed of ransomware on Friday. Where an otherwise non-event for the most part went wrong was that a key user insisted on having elevated administrative rights for their IT infrastructure. Instead of using a regular user account, with very limited user rights for day-to-day activities, this more powerful account, when struck by the ransomware, infected all the important file shares of the firm, including the branch location file stores. Fortunately they had good backups, but because of poor folder naming conventions and structures it took the guys in our Alvaka Networks’ Network Operations Center about 28 hours straight to get all the user permissions back in order for client to get back to work. The lack of least-permissions as used by this client goes in direct opposition to what we recommend at Alvaka. Least-permissions is the practice of using accounts that grant the user to only the locations on the network for which they have a business need to access.
2. In another example, that struck today, a $200m manufacturer/distributor got hit by the same ransomware. This time it was a Jr executive. He saw some problems with his system, but did not report the problem not knowing what it was and went home. The problem was detected after he left, but the outcome was very different than the prior scenario. Why? Because this user only...