Cybersecurity Blog

Fake Norton Security scam loading malware onto computers – 02/19/19

 

Norton is reporting there is a new tech support scam that is impersonating their antivirus software.  This is how it works, after visiting a compromised or malicious website users see a dialog box popup titled Windows Alert. It warns the user that their PC may be infected and asks if they want a 10 second quick scan performed.

Once the user clicks OK in the dialog box, several new windows that look a lot like a Norton security scan start popping up. Of course the scan appears to find a virus and then asks you to download and install an antivirus update. If you proceed with their request,  an annoying piece of malware is downloaded onto your machine. Nasty business indeed!

Unfortunately, Norton is not the only piece of software the scammers are impersonating. These creative criminals have also been impersonating Microsoft 360, prompting users to download driver updates.

The good news is, with a little knowledge you can protect yourself from these types of scams.

What you need to know:

  • Files cannot be scanned for viruses using a website running inside a browser. Only an application running outside of a browser can perform virus scans.
  • You will not get virus scans from applications that are not installed on your computer. Your workstation does not have Norton antivirus installed on it.
  • Drivers are automatically updated on your workstation. You will never be prompted to update them manually.
  • Closing a suspicious dialog box can download malware onto your machine. Close the entire browser window instead.

If you are at home and get a dialog box alerting you of a possible virus infection:

  1. Close the browser window.
  2. Open your antivirus application.
  3. Run a virus scan

If you get virus warning on your workstation:

  1. Don’t click on anything and leave your machine on.
  2. Disconnect from the network.
  3. Call the IT Service Desk at 403-440-6000.

If you get prompted to update an application:

  1. Close the browser window.
  2. Open the application that needs updating.
  3. Select Check for updates from the Help menu.

If in doubt, please call the IT Service Desk. They are always happy to help.

 

Chrome can now tell you if your password is part of a data breach – 02/07/19

Google used to have an extension for Chrome that lets you know if a password you are using is part of a known data breach. If you are one of my on- the-ball readers, your reaction should be somewhere between “Hold the phone” and “No flipping way”. After all, how the heck can they check if your password is part of a breach if it doesn’t actually read your password?

Well some clever people at Google had come up with a lovely little process that kept everything nice and secure.  So how did it work? Basically when you logged in to a site they took your username, encrypted and hashed it and then send it to Google. Their databases of unsafe passwords were searched. When they found possible matches, they downloaded that encrypted information to your computer. The extension then decryptes the account details and checked for a match. As the final matching was done on your machine, Google didn’t know your account details. All of that was kept from their preying eyes.

While the extension was lovely, Google has decommissioned it and instead added that functionality to their password management system. Now you get the benefit of the password checking without having to download an extension.

Updated 03/01/22

750 million newly compromised credentials added to data breach list – 02/01/19

 

Last month I told you about a huge list of compromised credentials floating around the dark web for free. Researchers at the Hasso-Plattner Institute in Germany did some more digging. They are reporting an additional 25 billion credentials are included in that list. They estimate that 750 million of those are newly compromised credentials, not seen on the dark web before.

With all these credentials available for free for any delinquent to use as they wish, the chances that your username and password are no longer secure just went up exponentially. As a result we are seeing an increase in hacked security cameras, baby monitors and other smart home devices.

Up to this point, the hackers have simply terrorized home owners. However, one family near Chicago discovered that a hacked thermostat can be dangerous when their home was jacked up to 90 degrees. The family was alerted to something being amiss when they heard a deep voice coming from a security camera in their son’s room. It wasn’t until they went upstairs to investigate did they realize how dangerously warm the room was.

To protect your family:

  1. Check security features before your buy. Look for default passwords that can be changed, firmware that can be updated and 2 step verification/authentication.
  2. Change the default password on the device
  3. Use strong effective passwords
  4. Don’t reuse passwords
  5. Enable two step verification/authentication when it is available

 

Password reuse results in missile alert terrifying a family – 01/24/19

A Florida family was terrorized by a notification coming from their Nest security camera alerting them of a missile launch by North Korea.  Interestingly enough, until they heard the alert the family didn’t even know the camera had speakers.

 

 

Although the traumatized mom blames Nest for not notifying their users of a data breach, it wasn’t Nest who was breached. The data breached occurred elsewhere. As the family reuses passwords, once one of their accounts was exposed it left all of their accounts vulnerable.

Although it certainly would have been a nice bit of customer service for Nest to notify their account holders that they should change their passwords if they reuse them, it is not their legal responsibility as they were not hacked. The responsibility for notification lies with the breached account provider.  The family didn’t say whether that notification was received.

Regardless of whether Nest should have notified their users or not, this poor mother still had to watch her terrified nine year old son crawl under the carpet in a panicked attempt to protect himself from nuclear missiles.  No mother should have to experience that.

How do you prevent your family from being traumatized by a prankster hacker?

  1. Be familiar with all the features of your  camera before you buy it. Know if it has a microphone or speakers, connects to the internet, whether the default password can be changed, how the firmware is updated and where recorded video is stored.
  2. Change the default password as soon as you set up the camera. Use a unique, effective passphrase.
  3. Update the camera’s firmware as soon as it is installed and keep it up to date. If it has an automatic update feature, enable it.
  4. Disconnect the camera from the internet when you aren’t using it.

Taking these steps will greatly reduce the chances of your camera being hacked. These same steps can be taken to secure any IoT device.

Our world is rapidly changing with technology creeping into all aspects of our lives. It is important that we change with it to ensure our families safety. That means we need to be aware of the risks associated with the devices that we bring into our homes and how to mitigate them. As this Florida family has learned, tech companies aren’t going to do this for us even if we are 114% certain that they should.

 

Are your credentials part of the latest data breach? – 01/17/19

 

Troy Hunt, the creator of Have I Been Pwned has just found a massive collection of usernames and passwords sitting on the web.  When I say massive, I mean massive. We are talking 1,160,253,228 unique login credentials (usernames and passwords).  We have seen large dumps of credentials for sale on the web before. However there has never been a collection of this size.

This alone is concerning, but when you also consider that the information is not sitting hidden in some dusty corner of the dark web, but being openly discussed in various forums the alarms bells start to sound. Add the fact that the information is being given away and not sold and you have reached DEFCON 1. Now any miscreant with time on his hands can start banging away at websites with a free list of easily found credentials. This greatly increases the chance your account(s) will be compromised.

It’s a like finding a garage door opener while out for a walk with your dog. You may not have been planning on breaking into a garage, but when fortune smiles upon you, you take advantage of it and pick up that sucker and start seeing which doors it opens.

The good news is there are things you can do to protect yourself.

  1. Visit Have I Been Pwned and find out if you are affected.
  2. Change the passwords on affected accounts as well as any accounts using the same password.

If you aren’t reusing passwords, this is a relatively easy task. If you are then it sucks to be you and it may take you a while.  On the up side,  you do get to give those brain cells a good workout trying to remember all the accounts that used that password. I lied, that sucks to.

After changing umpteen passwords and straining to remember the names of all your accounts, you may want to stop reusing them and start using a password manager.  KeePass is sitting on your workstation and is free to download and use at home. Give Verle Winsor a call to find out how to use it.

If you are ready to invest in a more user friendly tool, you may like Dashlane, 1Password, or LastPass .  They all generate effective unique passwords for you and make logging in a breeze on all of your devices.

 

 

Hotel chain data breach 11/30/18

 

Have you stayed at one of the following hotels in the past 4 years?

  • W Hotels
  • St. Regis
  • Sheraton Hotels & Resorts
  • Westin Hotels & Resorts
  • Element Hotels
  • Aloft Hotels
  • The Luxury Collection
  • Tribute Portfolio
  • Le Meridien Hotels & Resorts
  • Four Points by Sheraton
  • Design Hotels

Lucky you!!  There is a possibility your name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure data, reservation dates and/or  credit card information were stolen in a data breach.  Marriott has reported an unauthorized access to their guest reservation database was made on or before Sept 10 of this year.  However they acknowledge that the criminals have been inside the company’s network since 2014.

In response they have set up a dedicated website, established a call center to answer questions and will be emailing those affected. To make their customers feel better they are also offering a free on year subscription to an internet monitoring service. When a subscriber’s personal information is found on the web, they are  notified.  This service is available to customers in Canada.

If you think you may have been affected, visit the website for more information and look for signs of identity theft.

 

Beware the online gift exchange – 11/29/18

 

The Better Business Bureau is reporting that Facebook and other social media sites are seeing a resurgence of the “Secret Sister” gift exchange.  This gift exchange and others like it, promise participants several  gifts in exchange for sending one inexpensive gift. All you have to do is give up some personal information and invite your friends to join.  If you think this sounds too good to be true, you would be right.

This scam is a classic pyramid scheme which is illegal in both Canada and the US. If you run across one of these gift exchanges on social media, report the post immediately.

 

Buying tech this Christmas? Check out its creepy factor – 11/20/18

 

This year, there are tons of cool tech gadgets on the market. Everything from teddy bears that connect to the internet to personal alarms. As neat as all of these devices are, some of them have the potential to leave the users feeling exposed and violated.

Thankfully, the good folks at Mozilla have put together a terrific website that examines the privacy risks of the hottest tech gifts. At privacy not included you can find out what information a device collects, what is done with that data and what kind of security the device has. They also rate customer service. To make it extra fun, consumers can give each item a creepiness rating based on how comfortable they would be having that device in their home.  Check it out.

 

Must Read – The Newsletter is Changing 11/02/18

As part of our efforts to continually improve the newsletter and the information it delivers, we will be returning to the Mailchimp delivery format November 16, 2018.  Newsletter articles will continue to reside here, only the delivery format will change.

This will allow us to create newsletters that are more visually appealing and determine what kind of articles people are most interested in.  This will be the last newsletter to appear in your inbox as a weekly digest email.  For more details, please refer to the email that I sent out to all subscribers.

I hope you enjoy the new format.

Hack the box results – 10/25/18

 

Today was the final day for the Hack the Box escape room type activity.  We had four teams compete in total.  In the end we had two faculty teams, one employee team and one student team take up the challenge.  HPHED blew away the competition finishing up in just under 20 minutes.  HR came in second at 26 minutes, third was the Faculty of Science and Technology and our wonderful students came in last at 30 minutes.

Good fun was had by all.  All participants walked away with pens and charging cables from the good folks at Lenovo.  Employees also snagged a contest entry code for the Cyber Security Challenge.

Interestingly, HPHED was quite concerned about the leaderboard and their showing on it.  They are rather keen to remedy the situation.  Facilities management, I would keep an eye on that leaderboard, we may see some changes in the last few days of the Challenge.

Just a reminder that you have until Oct 30 at 4:00 pm to enter in your codes.  Tomorrow the last of the newsletter codes will go out.  If you have missed previous ones, scroll through the articles on the newsletter website to find them.  The Cyberwar Threat, Cyber Safety Survival Guide and the General Security Tips webpage can still be mined for contest entry codes.  Check the Cyber Security Challenge webpage for details.