Search Results for: malicious code

Fake News and the Value of Security Awareness Training

July 1, 2018 by Blog

Fake News

Fake News

Fake News and the Value of Security Awareness Training:

If you are on social media sites like Facebook you have most likely seen the unwittingly fake article post by your friends. These known scams include items like the following: Bill Gates is giving away $5,000.00 if you click on this link;  free Southwest Airline ticket scam; Fake Ray-Ban glasses for cheap and the famous movie star just died article that ends up not being true.

Fact checking and the multiple verification of sources by the author are considered journalism best practices.  As a consumer of news, we expect that the articles we read will provide the information in a format that is;  objective, accurate, truthful, impartial and fair.

But unfortunately this is NOT always the case and we have to become smarter consumers of this information.

First off, let’s look at possible motivations of the fake news articles:

  • Sell more newspapers or magazines
  • Political propaganda to promote opposition agenda
  • Advertising clicks or spam
  • Fraud including phishing scams
  • Spreading of malicious code and viruses

Look at the URL & Consider the Source:

Start out by looking at the URL where the article originated whenever possible and verify you are being routed to the correct legitimate site.  Often the fake news sites have created URL’s that look partially correct. The list of fake news websites is growing and many are listed in Wikipedia and it is easy to research before you click on the article.

Realize that a news article passed to you on social media can easily be fake and that is frequently how the fake news stories go viral. Always consider the source and do research before you react on line and share with others. Consider that your friends with extreme political views might be passing on articles based on their own beliefs.

Slow Down and Research:

Before you get all upset or excited about a news article you see, slow down take a deep breath and realize it might be a fake article!  Look beyond the headline at the author and date of the article.  Look for the authors byline or information on the source of the article.

Official looking “blog articles” could appear to be a  news article when it is really just the authors opinion. In that case you would search for other articles on the same topic to find information from a trusted source.  Many bloggers could care less about the fact-checking process and are just voicing their opinion.

Check the date of the article. You frequently will see fake articles from months ago still being passed around as current news despite the fact they are known fake articles.

If you are not sure if the site is legitimate, check the “about us” section and you might discover the motivations or direction of the site publishing the information. Search for information on the website to make sure you are visiting the legitimate news site you are looking for.

Is this a Joke? Be aware that there are increasing number of “fake joke” articles that actually look very real. That outlandish article you are reacting to could easily be satire and a joke.

Realize that photos can be fake and claims of corroboration and verification can be a lie. Watch out for an article in all caps or bad grammar. Once again, research is the best way to insure that this information is legitimate.

Know the Risk:

Some of the rogue fake news websites are infected with spyware or viruses. By simply visiting the websites you will be subject to adware bugs that will cause pop ups and open your device up to malicious code. The same virus spreading techniques used on adult websites are now being utilized on some of the fake news sites.

Some of the fake news websites are trying to attract as many visitors as possible to drive up online ad revenues. These sites can also be used to lure readers into becoming victims of attacks like phishing and malware including ransomware.  These risk also extend to businesses and organizations when employees are using company devices and networks.

 Final Thoughts:

As we are exposed to more and more fake news articles we will become more savvy and realize this is an ongoing problem that is not going away.  The safest approach in dealing with all news articles is to verify the story independently prior to clicking on the links. It just takes a few seconds to open up a browser window and conduct a search on the headline to verify.

Ongoing security awareness training is a great way to educate employees to the risk associated to this important issue.

The value of security awareness training:

This is where “security awareness training” comes into play. Many of the same principles and best practices that are taught are very relevant to help us in determining fake news articles that come to us in various ways on the Internet. Some of the same best practices used to determine a “phishing email” can be used to weed out a fake news article.

CFISA has been providing online and in-person security awareness training since 2007.  The CFISA training stresses the importance of slowing down when handling email and conducting research before we randomly click on email links and attachments. We should utilize the same best practices when reviewing the validity of news articles we are seeing on the Internet.

Security awareness training options can be found at the Center for Information Security Awareness – CFISA  

 

Security awareness training alert – Apple Mac computers targeted by new ransomware attack

June 13, 2017 by Security Awareness Training

Apple Mac Ransomware

Frequently when I provide onsite security awareness training business sessions, I am asked if Mac Apple computers are safe from computer viruses. My answer is always a strong “NO” but with some explanation.

First off, we know that there are fewer viruses associated to the Apple operating system than with the Windows operating system. However, there are still enough risk to warrant strong security measures for anyone using an Apple Mac.

McAfee Computer Security has estimated that there are approximately 450,000 malicious programs aimed at Macs[i] . As the Apple Mac user base grows, so does the number of targeted malware versions. Recently, a new form of ransomware targeting Apple Mac devices has been discovered called MacRansom.

It seems like most Apple Mac users assume that their systems are safe from things like ransomware attacks. Well it is just that false sense of security that new ransomware attacks are looking for.

According to a recent blog by the security companies Fortinet and AlienVault, a new Apple Mac ransomware attack has been discovered. This malware is called MacRasom which offers ransomware as a service.[1]

This Apple Mac ransomware does everything that Windows ransomware does. This malicious code will encrypt the Apple Mac hard drive and hold the data for ransom.

Protect against ransomware:

  • BACK UP – BACK UP – BACK UP! Back up your hard drive. This is your best way to “turn back time” if your system becomes infected with a ransomware attack. Regular backups of your home system are now required to reduce your risk of losing your data. Remember not to leave external drives attached to the system after the backup as they can also be encrypted by the ransomware.
  • Update all operating systems and anti-virus and anti-spam software – make sure that security updates are enabled and that you have the latest version of your anti-virus definitions.
  • Watch out for phishing email & stop clicking on every link and attachments you get! Clicking on a phishing email message is most likely the way you can get infected with a ransomware attack. So slow down when opening email messages. You do not need to open all your email messages, and you should delete messages you do not need to read. So, get into the habit of ignoring suspicious email messages and links.
  • Did I mention BACK UP???

The value of security awareness training

This is another crime, where security awareness training can help to reduce risk. Being aware of new crimes and scams in the news is a fundamental part of security awareness training. Insuring that employees, family and friends are aware of this scam will greatly reduce the likelihood that you will be victimized.

Sharing new scams and crimes you hear about in the news with others, is important to ensure that the people you care about do not fall victim to these types of crimes.

The Center for Information Security Awareness, CFISA, has been providing online and in-person security awareness training since 2007. The CFISA courses stress the importance of education and understanding the current risk and scams as an important way to protect yourself against these types of crimes.

Ongoing security awareness training is a great way to educate employees to the risk associated to this important issue.

Do you need help with security awareness training for your employees?

Contact CFISA and we will help you with a training option to fit your budget!

Security awareness training options can be found at the Center for Information Security Awareness – CFISA (https://www.cfisa.com)

[i] https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2017.pdf

[1] https://blog.fortinet.com/2017/06/09/macransom-offered-as-ransomware-as-a-service

CFISA Featured in Huffington Post Article

March 9, 2017 by CFISA, Security Awareness Training

Fake News
Fake News

Fake News

How to Combat Fake News and Phishing Scams with Michael Levin from The CFISA

03/09/2017 12:43 am ET
The word of “fake news” has been spread around like wildfire lately, especially since the recent election. It might seem harmless, but frequently these fake news stories can go viral, spreading misinformation to millions of people. It is usually easy to spot fake news, if you look at the source, but there are so many people who don’t know how to identify credible sources, and they may believe most of what they read.

Email phishing is a similar online scam, and it can go hand in hand with fake news. At my corporate job, our IT department is almost always sending out alerts and information on how to spot phishing emails, yet someone always ends up clicking the dreaded links. More and more companies are putting their employees through Security Awareness Training, to try and avoid phishing scam issues in the future. Michael Levin from The Center for Information Security Awareness (CFISA) was kind enough to answer some questions on this training, and why it is smart to take this preventative measure.

How has fake news impacted the public in this day and age?

The term “fake news” has now become a frequent topic in the daily news due to allegations in the political arena. However, claims of fake news have been around for at least half a century, notably rising in prominence in tabloids.

As a consumer of news, we expect that the author has conducted appropriate fact checking and proper multiple verification of sources prior to releasing the article. We expect that the news we read will provide information in a format that is; objective, accurate, truthful, impartial and fair.

But unfortunately, this is NOT always the case, and we should become smarter consumers of this information. Fake news stories online can be used to attract unsuspecting users to spread malware, fraudulent schemes, or even more sinister purposes such as political propaganda.

Why do websites put out fake news in the first place when it would be so simple to discredit them by providing factual news?

The motivation of a fake news article could be any of the following:

  • Sell more newspapers or magazines
  • Political propaganda to promote opposition agenda
  • Advertising clicks or spam
  • Fraud including phishing scams
  • Spreading of malicious code and viruses

Consumers are having more and more difficulty recognizing the fake news articles and sites because they look so convincing. Often, the fake news sites have misleading URLs that look almost legitimate but are counterfeit. Official looking “blog articles” could appear to be a news article when it is really just the author’s opinion.

How does your Security Awareness Training help people identify what is fake and real news?

Cybercrime is the fastest growing crime in the world and every day businesses are being attacked in new ways. Many of the same principles and best practices taught in security awareness training are very relevant to help us in determining fake news articles that come to us in various ways on the Internet.

Training employees to look at the URL and consider the source is a start. There are various ways to verify the content of news articles and determine the motivation of the website or author. The safest approach in dealing with all news articles is to verify the story independently prior to clicking on the links. It just takes a few seconds to open a browser window and conduct a search on the headline to verify.

The CFISA security awareness training helps to reduce the risk and serves to remind employees of security best practices. Ongoing training will keep employees thinking about security on a regular basis that will help to reduce business and personal risk.

How is email phishing similar to fake news?

The motivation and purpose of a phishing email and a fake news article could be the same. Both are popular with cyber criminals as an easy way to trick someone into clicking on a malicious link or attachment. In both cases the information appears to be legitimate and reputable and are designed to trick the victim.

The Center for Information Security Awareness –  was recently featured in a Huffington Post article.

Link to Huffington Post Article

How Ransomware Has Grown Over Time

January 22, 2020 by ransomeware

How Ransomeware Has Grown Over Time

There are several kinds of malware out there, all of which can ruin your information systems. Worms can open new routes of access for hackers, and trojans can sneak their ways onto your computers and steal your information. Yet, there is one kind of malware that can destroy more than your digital networks.

They can take down your whole company, and that’s because it affects more than just your hard drives and processors. Ransomware also affects your finances and your sense of security. Worse, ransomware growth has exploded in recent years.

Ransomware works by locking users out of their own systems and threatening to destroy them. They say that the only way to save your information is to pay a ransom to an unknown hacker. Hackers across the world have started to learn how profitable ransomware can be.

Ransomware exploits people’s fears about technology to score a quick dollar, and hackers are always looking out for easy money. So, they’ve started to use them more, and they’ve gotten stronger as a result.

Ransomware Growth Earned Headlines for a Reason

Ransomware existed since the dawn of malware, ever since hackers realize they could scare people into paying them. Yet, ransomware only earned headlines once it started growing in complexity. When it first began, ransomware was easy to deal with.

They mostly just changed people’s passwords or presented them with a stuck screen when they tried to log in. There weren’t many malicious systems at work in the background, so they were easy to fix. Eventually, hackers realized they needed to smarten up and started improving their ransomware.

As a result, ransomware got stronger, and it began to spread to more complex systems than just home PCs. It also started spreading to the systems that run companies, and once that happened, hackers started demanding more. It’s one thing to lose pictures you took of a vacation, it’s another to lose an entire database of customer information.

Once information like that started to be threatened, the media started paying attention.

It Can Drive Companies to a Grinding Halt

Ransomware doesn’t just threaten companies with deleting their information. Now, most companies back up their information on separate disks. That way, if they lose their information for any reason, they can restore it and keep working from where they left off.

So, ransomware began targeting more than just the information companies stored on their systems. Ransomware began targeting the systems themselves. Most threaten to destroy their systems, but some threaten to exploit their systems instead.

Some can claim that they will use companies’ systems to post fraudulent things online. Other kinds of malware threaten to use their systems to connect to personal systems and leak information about employees online. There’s no end to the ways ransomware can now wreck someone’s life.

Ransomware Has Forced Whole Municipalities to Stop Working

Ransomware has also moved beyond targeting companies, and now can target government systems, too. Just like how tech media started covering ransomware developments when they targeted companies, general news media now covers ransomware. Since it’s targeting government systems, it is putting everyone’s well-being at risk.

People are afraid that ransomware could access personal information of city residents. They also aren’t sure how far ransomware can go. If it can get into municipal systems, what other systems can it get into?

Plus, hackers now have a taste for the power associated with bringing a municipality to its knees. What is there to stop them from going after larger, more powerful systems?

Later, Ransomware Started Merging with Other Malware

Now, most ransomware is a complicated mixture of different kinds of malware. As it locks you out of a system, it may be working to open holes on your network and the computer it’s on. It may install backdoors and inject trojans and other viruses into information systems as people work to remove it.

Trying to remove ransomware can also mean trying to remove a swarm of other kinds of malware, now. Even if you manage to remove all of the new infections it installed, you may not ever feel safe using your computer again. You never know what it may have left behind.

It Can Leave Backdoors on Your System After Removing It

If ransomware manages to install backdoors in your system, then you might as well still be infected even after regaining access to it. Hackers can simply use those backdoors to install a different kind of ransomware, and you will need to work just as hard to get rid of the new version.

Then, hackers can just repeat the process. Sometimes, you need to find ways to plug backdoors without having access to the system, and that can make removing ransomware tough.

Now, Ransomware Demands Bitcoin More Than Gift Cards

It used to be that in order to pay the ransom to hackers, you had to get an Amazon gift card and send them the codes associated with it. Some hackers preferred that you sent them wire transfers of actual cash. Now, times have changed, and hackers want different kinds of money.

They want kinds of money that can’t be traced, and Bitcoin is perfect for that. Most of the time, ransomware will demand that you open a Bitcoin wallet and use your money to buy hundreds or thousands of dollars of Bitcoin. Then, they expect you to send your new Bitcoins to an address, where they’ll go and never be seen again.

Only after doing all these steps will hackers unlock your system, and you won’t even be able to trace them since they use a decentralized kind of currency.

Protecting Your Systems Protects You

Few kinds of cybercrime are as significant as the rate of ransomware growth across the world. Hackers have discovered that by holding information systems hostage, they can hold companies, cities, and potentially even countries hostage, too. The larger their hostage, the more ransom they can demand.

Almost every system is vulnerable to a ransomware attack, as much as any other kind of malware. It’s constantly evolving and finding new vulnerabilities in almost any kind of system. You need to stay ahead of hackers to stay safe and protect your well-being.

To do that, you need professionals who have experience keeping hackers at bay. That’s what we’re here for.

Training your employees is the first step in protecting your business against ransomware!

As you can see, ransomware backup protection is not that difficult once you understand what you’re dealing with. Remember that ransomware can quickly send your business back into the stone age, so you need to do everything you can to prevent that.

Apart from putting the strategies mentioned above into practice, you should also stay educated when it comes to ransomware and ransomware attacks and training your employees is the first step.

About the Center for Information Security Awareness (CFISA) –

The Center for Information Security Awareness was formed in 2007 by a group of leading academics, security experts, and fraud experts to explore ways to increase security awareness among consumers, employees, businesses, and law enforcement.

CFISA Offers:

CFISA currently has a diverse blend of customers using their valuable training, including:

  • Small, medium and large businesses
  • Federal, state and local government agencies
  • Colleges and universities
  • Financial institutions
Learn more about all of our security training offerings at https://www.cfisa.com/training.

The Center for Information Security Awareness