Cybersecurity Blog

Anatomy of a Ransomware Attack – 03/14/17

Your stereotypical hacker used to be an overweight manchild living in his parents basement. Nowadays, however, a hacker can be working for a large organization making billions a year.  Hacking has become big business with ransomware offering hackers the ability to make lots of money quickly and easily.  Everyday you are hearing about companies and organizations being brought to their knees by a cyber attack.  Just how do hackers do it? How do they manage to get through the latest firewalls, anti-virus software and network security protocols to breach some of the highest levels of security found on the planet? Watch the video and find out.

 

What you Should Know Before you Buy an Appliance/Toy that Connects to the Internet. – 03/03/17

 

Technology is an amazing thing.  Everyday we hear about new and exciting technological advances. We can now control our home with our voice, see who is ringing our doorbell at home while we work, track the movements of our teenagers and have our toys interact with us.

Unfortunately manufacturers have been so busy keeping us entertained and making our lives easier that they have forgotten to keep us safe as well.  The majority of these devices do not allow for firmware updates, changing the access passwords or usernames. Security is usually last on the list, leaving many devices with huge holes that cyber criminals can use to gain control of these them.

You may be thinking what is the worst that can happen if they get control of my coffee maker? Well if they gain access to your coffee maker, they can turn your coffee maker into a bot, instructing it to visit a particular website or server. On its own, this is harmless. However if hackers turn millions of devices into bots, it overwhelms the website and crashes the server. This is called a Denial of Service attack. It prevents customers from accessing a site and making purchases,  costing businesses millions in revenue.

Even more concerning are those devices containing cameras or microphones. They can record images of us or our voices and send them to some distant server where security often takes a back seat and our private lives may be monitored. Companies can collect this information and then use it to sell us products. In addition, their often poor security practices can allow hackers to intercept the information or steal it from servers.

So how do you protect yourself and your privacy while still enjoying the wonders of technology?  Here are a few things to consider when purchasing internet connected devices for your home.

  • Do not purchase products that do not allow you to change the default password.
  • Do not purchase products that do not allow the firmware (the software that runs the device) to be upgraded.
  • If the device has a camera or microphone, determine what is being recorded, why is it being recorded and where those recordings are being stored.

Once you have made the purchase and brought your new toy into your home there are some things you can do to protect your data and privacy.

  • Change the default password.
  • Keep the firmware updated.
  • Don’t enable the features that require an Internet connection unless it is really necessary.
  • Disconnect it from the Internet when you are not using it.
  • Cover up recording devices that are not being used.

Don’t give up your privacy or put your security at risk, just because something is super cool.  Not sure if that feature is worth the risk? Ask yourself…is having my coffee pot automatically order beans for me worth loosing access to my bank accounts?

What you need to know about crossing the border – 02/10/17

 

After a Canadian woman was required to surrender her cell phone to US border guards last week and then denied entry, people are wondering what they can do to protect their privacy. Unfortunately, not a whole lot. When crossing the border, you are entering a foreign country and their laws take precedence. They can scan your phone, laptop, tablet or any other device for content as they wish. Any information they find can be used against you. Any sensitive data that is stored can be exposed.

The best way to protect your privacy and that of Mount Royal is to not bring a device with you.  Leave your smartphone, tablet or laptop at home. This is especially true if you are traveling to countries with less than honest border guards who are known hold on to your device until you pay a fine. If you are traveling for business and require portable devices:

  • Ensure that portable devices are wiped clean of anything you want to remain private. This includes removing social media apps and deleting browser, email and text message history.
  • Store data you need access to on Google drive or leave it on your workstation and then use SRAS to access it from your hotel.
  • Make sure you remove your Mount Royal email account from your phone and devices and log out of Google.

Basically you want to turn your smartphone into a phone. It takes calls and that’s it. Theoretically they could ask you to login to your email anyway, however the odds are they are not going to bother.

If you need specific legal advice concerning crossing the border as a Mount Royal University employee, contact Legal Services.

One last piece of advice, be nice to the border guards. Declaring that you have rights as a Canadian citizen will only aggravate them.  You are attempting to enter their country, our privacy laws do not apply.

Common Data Privacy Pitfalls – 02/07/17

What are the most common ways people compromise their privacy online?

Exposing too much personal information online

Cyber criminals mine the internet for your personal information. They use it to determine your security question answers on your accounts, to impersonate you when calling agencies you have accounts with and to create phishing emails that contain content related to your life. To thwart cyber criminals:

  • Set your social media privacy settings to the highest level
  • Don’t accept contact requests from people you do not know
  • Limit what information you enter into websites as much as possible
  • Don’t use information that can easily be found on the Internet for security questions or in your passwords

Not sure how much of your personal information can be found online? Google yourself or better yet have a friend google you. You might be horrified to see what they find.

Sending a regrettable email

We have all been there, we have clicked send and went…”Oh no!!”. Worse yet, we have clicked send and found out days later we have just started Armageddon. How do you avoid sending the regrettable email?

Want a check list to print out and post by your computer? Check out,  Avoid the regrettable email.

Be afraid, Dave the Psychic knows everything – 01/23/17

You have watched the video and you are thinking…what moron posts their banking information online? Guess what? They didn’t necessarily. The hackers could have used the information that they found online to call the financial institutions of each victim and impersonate them. They also could have accessed emails containing credit card data. Don’t want to be featured in the next video? Lock down your social media profiles, don’t post answers to your security questions online, don’t put financial information in emails and be careful what you share.

Used a public computer lately? You may have left your credit card data behind. – 01/09/17

How I almost fulfilled my dream of owning a pair of red soled shoes

Most days the horror stories I read about and pass along to our community do not directly affect us.  They are simply tales of cyber security woe that I pass along to warn the unsuspecting in an attempt to prevent a possible future disaster.  Today was different. Today I had an OMG moment. Once of those moments when the world seems to go on pause while you try and process what you have just seen.  Today one of our lovely analysts in ITS put a library loaner laptop on my desk.  The type of laptop that hundreds of students and staff check out of the library for temporary use every week.  On the screen plain as day for everyone to see,  was the credit card information of the last person who had logged into Google Chrome on the laptop.

After the shock had worn off, I briefly entertained the idea of doing some post Christmas shopping. I had always wanted a pair of Christian Louboutin’s red soled shoes. However, sanity kicked in and I realized that if this one unfortunate individual had made such an enormous mistake, then there is probably a pretty good chance that others have too.

How was such an error made? How did his credit card information get on that laptop? Google Chrome is to blame.  To understand how this could happen, you need to understand how Google Chrome works. Chrome has this fabulous little time saving feature called Autofill.  As you fill out forms, Chrome will ask you if you want it to remember the information.  Things like passwords, your address and yes your credit card information. So the next time you are asked for it in a form, Chrome fills the form out for you. This is a feature that you can disable. Thing is, if at any time you enabled it and information was stored, the data remains stored in Chrome until you go in and delete it.

That is exactly what happened with our poor library laptop borrower.  They opened Chrome, synced their account so they would have access to their bookmarks and then when they were done they closed Chrome and returned the laptop.  Thing is when you sync your account it syncs everything including your Autofill information. In addition, when you close Chrome it does not turn sync off, so the next person who comes along and opens Chrome sees all your bookmarks and has access to your Autofill information which in this case included address and credit card data. Thankfully the good people at the library noticed something was up before it was loaned out again and disaster was averted.

I really would love to go shopping on your dime, however my tastes are rather expensive…Louboutin’s start at 500 Euro… so I think the smarter thing would be to tell you how to avoid leaving your personal information on a workstation that isn’t yours.

  1. If you plan on accessing your Google bookmarks on devices or workstations that are not your own, disable Autofill and delete any stored information.
  2. When you are done working in Chrome on someone else’s workstation, turn off sync. Logging out of Gmail does not turn off sync, it just pauses it while your passwords and autofill entries remain accessible to whoever is using Chrome.

By following these two simple steps, you will avoid receiving a bill for a pair of these beauties.

 

Security on Dating Sites – 10/4/2016

 

Dating sites are popular ways to meet new people. However, not all sites have adequate security. A database containing data from users of HaveAFling, HaveAnAffair and HookUpDating was found on the open web unsecured. The information could be accessed without using a password. The data that could be accessed included names, contact information and bios. The company has since rectified the situation, however if you were one of the users of HaveAnAffair, you may be getting an angry text from your significant other.

When deciding to post personal information on a site or through an app, stick with larger companies who have been around for a while, invest in data security for their users and are reputable.  Better yet, date the old fashioned way and ask out the cutie strolling down Mainstreet.

Want to know more about the data breach?  Check out the ZDNET article.