Select Page
Surviving Identity Theft

Surviving Identity Theft

What is Identity Theft?

Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy and dealing with the stress and financial heartache that follows identity theft. 

Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies. Even if just one of these gets hacked, the criminals can gain access to your personal information. Assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud. 

How to detect it

  • Review your financial cards and other accounts regularly for any charges or payments you did not make. An easy way to do this is to sign up for email, text messages, or phone app notifications for payments and other transactions. Monitor them for fraud.
  • Investigate situations when merchants decline your credit or debit cards. Look into letters or phone calls from debt collectors for overdue payments for credit cards, medical bills, or loans that you know are not yours. 
  • Pay attention to letters that inform you about unemployment or other government benefit claims for which you never applied. 
  • If available in your area, review your credit reports at least once a year. For example, in the United States, you can request free reports from annualcreditreport.com. 

What to do when it happens

  • Contact the organization that is involved in the fraud. For example, if a criminal opened a credit card in your name, call that credit card company to notify it about the fraud. If someone filed for a tax refund or unemployment benefits in your name, contact the corresponding government organization.
  • File a report with law enforcement to create an official record of identity theft. You can often do this online. For example, in the United States you can report at identitytheft.gov. Follow the site’s instructions for any additional steps you may need to take.
  • When responding to fraud, keep records of your interactions with your financial institutions and law enforcement, as well as the costs you incur due to identity theft in case these details will be needed later.
  • Notify your insurance company; you may have identity theft protection included in one of your policies.

How to defend against it

Here are some simple steps you can take to decrease the chance of identity fraud happening: 

  • Limit how much information you share about yourself with online services and websites.
  • Use a unique strong password for all of your online accounts and enable two-factor authentication as additional protection for your most important accounts.
  • If applicable in your location, restrict who can get access to your credit reports. For example, in the United States freeze your credit score so that anyone who tries to get a credit card or loan in your name has to first temporarily unfreeze it.
  • Consider getting insurance coverage, either through a dedicated policy or as part of your existing insurance plan, that covers the costs of dealing with identity theft.
Securing Wi-Fi At Home

Securing Wi-Fi At Home

Overview 

To create a secure home network, you need to start by securing your WiFi access point (sometimes called a WiFi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home WiFi to create a far more secure home network for you and your family.

Focus on The Basics

Often the easiest way to connect to and configure your WiFi device is while connected to your home network. Point your web browser to the specific IP address documented in your device’s manual (an example of this would be https://192.168.1.1), or use a utility or mobile app provided by your WiFi device vendor.

1. Change the Admin Password

Your WiFi access point was most likely shipped with a default password for the administrator account that allows you to change the device configuration. Often these default passwords are publicly known, perhaps even posted on the Internet. Be sure to change the admin password to a unique, strong password, so only you have access to it. If your device allows it, change the admin username as well.

2. Create a Network Password: 

Configure your WiFi network, so it has a unique, strong password as well (make sure it is different from your device admin password). This way only people and devices you trust can join your home network. Consider using a password manager to select a strong password and to keep track of all of your passwords for you.

3. Firmware Updates: 

Turn on automatic updating of your WiFi access point’s operating system, often called firmware. This way you ensure your device is as secure as possible with the latest security options. If automatic updating is not an option on your WiFi access point, periodically log into and check your device to see if any updates are available. If your device is no longer supported by the vendor, consider buying a new one that you can update to obtain the latest security features

Use a Guest Network: 

A guest network is a virtual separate network that your WiFi access point can create. This means that your WiFi access point actually has two networks. The primary network is the one that your trusted devices connect to, such as your computer, smartphone, or tablet devices. The guest network is what untrusted devices connect to, such as guests visiting your house or perhaps some of your personal smart home devices. When something connects to your guest network, it cannot see or communicate with any of your trusted personal devices connected to your primary network.

5. Use Secure DNS Filtering:

DNS is an internetwide service that converts the names of websites into numeric addresses. It is what helps ensure your computer can connect to a website when you type in the website’s name. WiFi access points typically use the default DNS server supplied by your internet service provider, but more secure alternatives are available for free from services such as OpenDNS, CloudFlare for Families, or Quad9that can provide extra security by blocking malicious or other undesirable websites. Log into your WiFi access point and change the DNS server address to a more secure alternative. 

Securing your home WiFi access point is the first, and one of the most important, steps in creating a secure home network. For more information about securing your WiFi access point, refer to the device’s manual, or if your internet service provider provided your WiFi device, contact them for more information on security features.


Resources

Making Passwords Simple:
https://www.sans.org/securityawarenesstraining/resources/makingpasswordssimple

Password Managers:
https://www.sans.org/securityawarenesstraining/resources/passwordmanagers0

Updating:
https://www.sans.org/securityawarenesstraining/resources/powerupdating

OpenDNS Setup Guide:
https://www.opendns.com/setupguide/#familyshield

OUCH! Is published by SANS Security Awareness and is distributed under the Creative Commons BYNCND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walter Scrivens, Phil Hoffman, Alan Waggoner, Les Ridout, Princess Young

Guest Editor Joshua Wright

Guest Editor Joshua Wright

(Twitter @joswr1ght) is a senior director at Counter Hack Challenges, LLC, leading the coordination and development of cyber challenges for NetWars and the Holiday Hack Challenge. Find Josh at LinkedIn here: https://linkedin.com/in/joswr1ght.

How to Build a Holistic Information Security Learning Program for Your Organization

How to Build a Holistic Information Security Learning Program for Your Organization

The security of our information systems is now a number one priority. We can no longer think of a society without all the luxury of technology. These technologies are powered by information systems that need to be secured. Whether you are trying to secure a multibillion-dollar company, a government institution, or a small one-person business, everyone should start taking security seriously.

According to the NIST publication SP 800-50 there are three steps that lead to an effective security program. This program targets everyone in the organization at different levels and functions.

For Everyone.

Everyone should have basic information security understanding and know what they should do in case of a security event through an awareness program. Awareness is about helping people know what to do and not necessarily understanding how security works.

“Awareness is not training. The purpose of awareness presentations is simply to focus attention on security.” The Awareness program is intended to allow individuals to recognize IT security concerns and respond accordingly.

The awareness program should be based on key aspects of the organization’s information security policy. The information should be adapted to suit the need of everyone within the organization right from the top of the organization to the lowest level. Therefore, everyone within the organization should be provided with a security awareness program.

All IT System Users

All users using the information systems should be provided with basic information security training. This is in addition to the security awareness program for everyone. The security awareness program tells people not to click on a link in an email from an unknown sender but to delete it. But how does the user go about deleting this email securely?  Therefore, these users should be trained to carry out the recommendations in the security awareness program.

Any user exposed to the organization’s IT systems should be provided with basic information security and literacy training. The main difference between an awareness program and training is more formal, having a goal of building knowledge and skills to facilitate job performance. Training strives to produce relevant and needed security skills and competencies.”

Here, the organization needs to come out with the training need analyses and build a training program that ranges from a beginner to an advanced level.

IT and Security Professionals

Any misstep by any IT professional could easily lead to a security breach. It does not matter whether they are System Developers, Network Engineers, or Operating Systems Administrators.  They are all standing side by side with the information and cybersecurity professionals on the battlefield of cyberwarfare.

Education teaches people to make educated decisions. All IT professionals exposed to the information systems on a technical level should be well-educated to help them perform their jobs effectively and efficiently.

Therefore, a continued security education program that will provide them regular security training tailored to their job role should be available to them. A well-tailored information security education should be available at multiple levels. The beginners, the intermediate, and at the advanced level.  Organizations should strive to produce IT security specialists and professionals capable of vision and pro-active response.

 

 

North Koreans Hackers Indicted by U.S. DOJ for $200 Million Heist

North Koreans Hackers Indicted by U.S. DOJ for $200 Million Heist

Some North Korean citizens are being charged by the U.S. Justice department for the 2014 Sony Pictures hack, and the global WannaCry Ransomware attack of 2017. According to investigators from the US Secret Service and the department of homeland security those indicted includes:

Jon Chang Hyok (a.k.a “Alex/Quan Jiang”)

Kim Il (a.k.a. “Julien Kim”/”Tony Walker”)

Park Jin Hyok (a.k.a. Pak Jin Hek/Pak Kwang Jin)

They are also being accused of masterminding the theft of $200 million through cyber theft. They are suspected to be members of north Korea hacking group operated by the Reconnaissance General Bureau (RGB), which is an intelligence division of the Democratic People’s Republic of Korea (DPRK).

In the last few years these groups were suspected to have masterminded the $81 million Bangladesh Bank Heist

It is also confirmed that the group stole $6.1 million through ATM heist in 2018 using Payday ATM attack in what is called “ATM cash out scheme”.  Their area of specialization goes beyond traditional banks heist and into cryptocurrencies. The suspects are also accused  of stealing over $112 million in cryptocurrency across the globe.

The U.S. DOJ Indictment
https://www.justice.gov/opa/press-release/file/1367701/download

Documentary of the Bangladesh Bank Heist.

What do We do About the 4% Clickers?

What do We do About the 4% Clickers?

According to a report from Webroot.com during crises such as the COVID-19 Crises “3 in 10 workers worldwide have clicked a phishing link in the past year. In the US, it’s 1 in 3.”

In a normal situation 4% of the people will click on a link from an unknown sender even when the hyperlink states, “Don’t click on this link” Research shows you cannot avoid this phenomenon.

Training and security awareness programs have helped organisation to reduce successful attack on their network from phishing. However, such an attack does not need lots of people clicking to be 100% successful. The success from the 4% is enough to be a nuisance to your organisation.  So, what can you do about this problem?

The attackers trying to break into the corporate network want to be able to move laterally within the network. Even when you cannot eliminate the 4% you could take measures to reduce the effect of their actions by introducing Zero Trust Security (ZTS) into your organisation. With Zero Trust Security you can reduce lateral movement in your network and as such, intruders have limited access to few systems within the network. Zero Trust Security is not a product but a set of design principles which cannot be implemented using a single product. So, watch out for vendors that promise to sell you a single product that would provide you Zero Trust Security.

According to Microsoft, Zero Trust controls can be implemented across six fundamental elements of your network:

  • Identities
  • Devices
  • Applications
  • Data
  • Infrastructure
  • Networks

In addition to the above controls, there should be visibility of all assets of the environment and complete orchestration of all automation.

Other security vendors such as OneTrust (CISCO), Checkpoint, Palo Alto Networks have similar ideas regarding the implementation of Zero Trust Security. Zero Trust Security is a holistic approach to security architecture design. It is based on the fundamental concept of Never trust, always verify anyone or anything operating within or from outside the security boundary. It is designed to protect all computer assets, applications, and data.

Zero Trust Security ensures all resources are accessed securely regardless of location.  The principles of The Least privilege are implemented through access control and strictly enforced.

To learn more about Zero Trust Security please visit our ZTS training.

TRAINING

Understanding Zero Trust Security (ZTS)

DATE

Febuary 24-25, 2021

TRAINING TYPE

Virtual

ENROLL BELOW

All training runs from 9:00 to 16:30 every day.

Data Leaks Was Up About 93% In 2020 In New Reports

Data Leaks Was Up About 93% In 2020 In New Reports

Breaches and leaks of sensitive data from agencies almost doubled last year, even as consumer worries over information privacy surged, in accordance to two new reports posted on Data Protection Day.

January 28 marks the signing in 1981 of Convention 108, the first legally binding global treaty dealing with privacy and records protection. Also known as Data Privacy Day in North America, it is now an awareness raising event aimed at groups and consumers alike.

However, new research from Imperva warned that unauthorized transmissions of data from organizations’ networks to external locations had soared 93% in 2020.

The security vendor detected 883,865 such incidents at the begin of the year, rising to 1.7 million via the end of December, and argued the figure would be even greater if loss of data via physical devices, printouts and the like had been included.

“Data safety should never be an afterthought – but sadly it frequently is, specifically when companies prioritize speed over security. The rush to hold business continuity in 2020 has accelerated trade at such a tempo that large gaps now exist in process and safety round data,” said Chris Waynforth, AVP Northern Europe at Imperva.

It is naïve to assume that it is only human access to information that leads to compromise. Over 50% of access requests to databases are coming no longer from users, but from application to application.

The danger of major regulatory fines should be making this a board-level issue, the vendor added.

Imperva urged corporations to comply with various key steps to better guard their data, beginning with discovery and classification, good controls, non-stop monitoring and quarantining in the event of an attack.

Data minimization must be a paramount consideration throughout, as information continues to disperse throughout complicated multi- and hybrid cloud environments, the company argued.

However, consumers also have a large part to play in maintaining their information out of harm’s way. Some 77% told Entrust they are worried about data privacy, and 64% said their focus about the difficulty has extended over the previous 12 months.

At the same time, though, many people (63%) have been willing to hand over more data to applications in return for greater personalization. Nearly half (47%) stated they don’t review the T&Cs of an app before downloading, with most claiming it was because these were often too long to read.