Are You Prepared for the Onslaught of Cyber-Attacks?


It's said the only sure things in life are death and taxes. While this pearl of wisdom has stood the test of time, in the not too distant future, there could be an addition to that list: Cyber-Attack. That's because cyber-attacks on businesses and individuals are up nearly 50% in the past year alone. Where cybercriminals used to almost exclusively target big businesses with deep pockets, now that ransomware has become so prolific, small businesses and even individuals are finding their online assets and machines being hijacked. And why not, since most individuals and small businesses offer little in the way of resistance.

The Cyber Sharks Are Here

Who can forget the opening music to the movie, “Jaws”?  In its day, the novel and subsequent blockbuster motion picture were enough to keep people on the beaches and out of the surf.  But as paranoid as many moms became about letting their kids frolic in the waves back in 1975, 40 years later we should all be hearing the ominous strains of “da-dum, da-dum, da-dum” every time we surf the web.  That’s because while “Jaws” was a work of fiction, the arrival of schools of Cyber Sharks is all too real.

 Courtesy of whatwouldjuliado.wordpress.com
Just like the real deal, there is 100% reliable cyber shark repellant that can keep someone from putting the byte on your computer, tablet and/or smartphone.  While individuals are woefully unprepared to be hacked, many of the devices connected to the Internet of Everything have absolutely no protection whatsoever. Many people access the Internet with their smartphones, tablets and other devices but with no or insufficient protection on them.

Everything from appliances, to medical devices, to automobiles are rapidly becoming web-enabled.  While this provides the public with even more interactivity, it also provides hackers with more ways to get to consumers and businesses. Just as most people make the mistake of thinking their smartphone is a phone instead of a computer that you can talk on, most don’t realize that the average automobile built today has100 lines of code onboard.  Many are now Wi-Fi enabled as well. You don’t have a car with computer onboard. You have a computer that can be driven.  Soon, these computer cars will do most, if not all, of the driving.  So if a hacker can take control of your car, what does that mean for the passengers and driver?  (On a recent “60-Minutes” episode, hackers gained access to the car in which Leslie Stahl was driving, turning on the lights and windshield wipers. So this is not just a hypothetical possibility.)

Who’s Watching Who in Your Smart House?


Photo Credit: consumerist.com
Smart houses and appliances are also becoming more and more commonplace.  They’re also becoming easy pickings for hackers.  If a hacker can crack your home’s security system, this makes breaking and entering child’s play.  Don’t even get me started on what a hacker can do to your web-enabled Nanny Cam.  The same smart TV that you just installed in your living room can be hacked into with ease, since most contain little or no security.   

A February 24, 2015 blog by CNN reported: Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen to everything you say. And what you say isn't just processed by the television; it may be forwarded over the Internet for remote processing. It's literally Orwellian.”
  
Photo Credit: itproportal.com
What’s really scary is that last year alone, more than 10,000 smart appliances were hacked, according to leading US security firm, Proofpoint.  Once inside your smart TV or refrigerator, hackers can then gain access to other web-enabled devices.  Believe it or not, your refrigerator can then spam your smartphone, laptop or tablet once infected.  Even if your device does come with some semblance of security, unless the protection is updated on a regular basis, it’s only a matter of time before a hacker will prevail.

How Do I Hack Thee?  Let Me Count the Ways


So many smart devices … so little time.  Nearly any device is susceptible to being hacked.  Symantec reported on March 12: All of the devices failed to check whether they were communicating with an authorized server, leaving them open to man-in-the-middle attacks. One out of five devices did not encrypt communications and many did not lock out attackers after a certain number of password attempts, further weakening their security. All of the potential weaknesses that could afflict Internet of things systems, such as authentication and traffic encryption, are already well known to the security industry, but despite this, known mitigation techniques are often neglected on these devices.”

Photo Credit: ilookbothways.com
While Symantec’s report was referring to smart appliances, in October of 2014, the US government told the   FDA to start taking medical device security seriously, citing the same problems that smart appliances were facing.  The next time you go to the hospital for a dialysis treatment or to get your pacemaker checked out, you might like to ask your physician about the inherent hacking vulnerabilities of these devices.

The number of ways that hackers can get into your devices is staggering. Below are some of the most popular tools of the hacker’s trade:
  • Password cracking software, such as ophcrack and Proactive Password Auditor. These are still used, however, social media has made it easier because users give up so much of their personal data today.
  •  Network scanning software (a.k.a., Sniffers) are programs or devices that monitor all data passing through a computer network. It sniffs the data and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter certain types of data, capture passwords, and more. Examples are Nmap and NetScanTools Pro and Network analyzer software, such as Cain & Abel and OmniPeek. 
  • Wireless network analyzer software, such as Aircrack-ng and CommView for WiFi. Networks. These are often used in places like StarBucks and other free, Wi-Fi enabled stores and restaurants.
Photo Credit: youtube.com
  • File search software, such as FileLocator Pro and Identity Finder  The Hex Dump (a.k.a., Voodoo). When an electronic device is manufactured, it is programmed with firmware.  Hacking firmware is simply a matter of buying a programmer that can receive the memory dump and transmit it to a computer where the code can be altered.  Then the modified code is transmitted back to the device. 
  • Attacking Defaults. Virtually every piece of hardware on the market comes with a set of standard defaults, including username and password that provide access to the system.  Since most people do not change these default settings, this is the easiest way to exploit a system. Examples are Web application vulnerability scanning software, such as Acunetix Web Vulnerability Scanner and WebInspect along with Network vulnerability scanning software, such as GFI LanGuard, QualysGuard and Exploit software, such as Metasploit. 
  • SQL Injection. While it sounds like a medical procedure, SQL Injection attacks are conducted by entering unexpected entries into a database and then probing the returned error messages to reveal information that can be used to hack the system.  For instance, by entering met characters like #$%^ into a field that processes only alphanumeric information, the database could be tricked into revealing the contents of the database, or in some other way compromise a SQL server. Examples are database security scanning software, such as SQLPing3 and AppDetectivePro.

Photo Credit: huffingtonpost.com
While all of the above-mentioned tactics require a bit of technical knowhow, there are many other hacking programs and devices that can be bought online.  There are also online forums, hacking blogs and clubs that teach hackers the tools of the trade.  There are also annual hacker conventions and hackathons such as the one held yearly in Las Vegas.  If you don’t believe me, simply google, “hacking devices available online.”

The real danger is that the Cyber Sharks have the upper hand since detection, much less prosecution, is hit-and-miss at best.  Meanwhile, hacking continues to proliferate nearly unchecked.  CNN recently reported that in 2014, hackers exposed the personal information of 110 million Americans, roughly half of the nation’s adults.

Photo Credit: northbaybusinessjournal.com
Here is a checklist for businesses  - that can lower their exposure and reduce their risk to cyber attacks. It was created by my business partner, Hector Cisneros. It comes from a presentation he does for business that are especially vulnerable to cyber attacks. (By the way, he’s also available for speaking engagements on this subject.)
  • Get help! Use your vendors for support and to coordinate products. Not all products play well together!
  •  Use a multi-disciplined approach – Network security has many entry ways, including low tech, surveillance, email, text, and social monitoring.
  •  Use a multi-layered approach – You need protection from the Cloud to the firewall servers ― PCs and all smart devices.
  •  Use Traps like “Honey Pots” – Traps should be an integral part of your defense.
  •  You must setup employee policies to minimize your exposure. These policies need to cover proper usage of systems, especially password and social media usage policies.
  • Employee education is a key factor. They need to know the cost both, to the company and themselves.  They also need to know what behaviors are allowed and prohibited.
  • Vigilance is extremely important from the CEO, to the network administrators, to the employees and down to the janitors.
Photo Credit: fbi.gov
  • Regularly check other governments’ site for cyber security threats.
  • Regularly check the website of top companies that provide security solutions for cyber security threats. (i.e., Trend, Symantec, Malwarebytes, MacAfee, etc.)  Get their newsletters.
  • Subscribe to some security blogs to automatically receive current information.  Again look at the top companies cited above.
  • Take the time to read and learn all you can about security and intrusion detection.
  • Scan the news daily for current information on cyber attacks.
  • Find podcasts and webcasts that teach and inform on cyber security and intrusion detection.

Here is a checklist for individuals from a previous article, “The Hack Attack is Back (it also contains more detail so you should check it out):
  • First, find out what your bank’s policies are with regard to your accounts being hacked. Check out about single use credit cards. These are good for making purchases online, especially during the holidays.  Another way is to use PayPal or some similar payment system. 
  • Only use a credit card as the final means of payment. This gives you two layers of protections for
    Photo Credit: myid.com
    fraud.
  •  If you using a debit card to make purchases, stop! Use a regular credit card for store and online purchases.
  • If you don’t currently have an ID protection service, get one. Their annual cost is relatively low and many offer monthly plans. (See “The Hack Attack is Back” for list of providers.)
  •  If you don't have a paper shredder, buy one. They’re generally inexpensive and good ones can be found for under $100.
  •  Speaking of keeping your data secure: Make sure your smart devices (computers, tablets, smartphones, etc.) are password-protected with at least an eight-digit password made up of numbers, letters and some special symbols. 
  • Make sure you keep your all your smart devices current with regards to security updates. If you’re running Microsoft Windows, this is almost a weekly process.  If you love free apps for your tablet and/or smartphone, beware! Many of these apps can compromise the security of that device.
  • Regularly check the FBI and other scam/fraud websites to learn about and lookup current or suspected threats and scams.
  • Last but not least, refrain from visiting websites of a dubious nature. This includes porn sites, warez, free software apps, online first-run movies and music sites.
Photo Credit: dragula.buzznet.com
So the next time you turn on your Smart TV or start your web-enabled car, don’t be surprised if the sound you hear emanating from your speakers goes something like, “da-dum, da-dum, da-dum.”

In this article, I discussed the huge increase in cyber attacks aimed not just at large US corporations, but also small businesses and individuals that have happened this year. The rise of ransomware has made it possible for cyber criminals to be profitable by going after individuals and small businesses. Follow the how to protect yourself list provided to minimize your risk and exposure. There is one specifically for businesses and one for individuals.

If you'd like to read more articles like this one, check out "Trick or Tweet? The Vulnerabilities Inherent to Twitter and All Social Networks" and "Working the Web - Is There a Cyber Attack in Your Future?" or enter the words “hacking” or “hack attack” in the Search box at the top of this blog. If you found this article useful, please feel free to share and repost it. I welcome your opinion and comments, just add them to the Comments section below.

If you'd like a free copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form below and we'll email it to you. Your information is always kept private and is never sold.


Carl Weiss is president of Working the Web to Win, an award-winning digital marketing agency based in Jacksonville, Florida.  You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio.

1 comment:

  1. your blog is more usefull ans easly use...

    Fancy designer wear and fashioable.......
    Here We Have Some For You In Your Budget
    For More.... Plz visit Plz visit:-
    designer wear printed

    ReplyDelete