October Newsletter 2019
Quote of the Month
“Be afraid … Be very afraid.”
– Ronnie, The Fly (1986)
It seems ironic that Halloween marks the final day of National Cybersecurity Awareness Month (NCSAM). The ghoulish holiday of spooks dredges up visits by shady hacker carnies. Except there’s no need to ask, “Trick or Treat?” With cybercriminals, it’s always a trick. And if you fall for it, it will cost you. Let’s look at some tricks from recent fraudsters you should be afraid of – very afraid.
Don’t Get Pinned
This juicy hack comes to us from Pieter Gunst, @DigitalLawyer. In a nutshell, a hacker pretends to be a bank employee alerting you to fraudulent account charges. The fraudster uses your member number and social engineering to reset your bank account password, then logs in as you. He reads off recent transactions asking if they are valid. This makes the call seem more legitimate. Eventually, the hacker asks for your bank pin code. This was the final straw that ended this particular fraud attempt. According to Pieter, this was “the most credible phishing attempt” he’d experienced to date. Here are the details.
Don’t Cash That Check
If you get a check in the mail you are not expecting, DON’T CASH IT. It’s likely a scam that will end up costing you dearly. By signing a check, you are signing a legally binding contract. So, you better know what that check is for before you sign your life away. You may be agreeing to a high-interest loan or enrolling in an expensive membership program. It’s nearly impossible to cancel these memberships and your monthly fee could be much more than the amount of that check.
Don’t Greet the Holidays
Do you love receiving holiday cards? Christmas is nearly upon us, so be prepared to sniff and snuff out malicious cyber greetings. Don’t open electronic greeting cards from people or companies you don’t know. Just like phishing emails, these e-cards contain malware laden links waiting to inject your computer with surprise gifts you really don’t want.
Don’t Read Fake News
Yep, fake news is a real thing. And, it’s dangerous. You could easily become a victim of an online scam by consuming what you think is a real news site, but which is actually a fake. Fake news sites serve up malicious links. Fake news sites sell fake products. And, fake shopping sites are dreaded wormholes. Don’t read fake news and don’t buy fake products.
Don’t Answer the Phone
You know from horror movies you should never answer the phone – especially if you are home alone at night. What about calls from numbers you don’t recognize with no caller ID? Should you answer those? No. There’s no treat that comes from an unknown number. More than likely, it’s a scammer trying to get you to divulge personal information or pay an erroneous bill. NEVER SAY THE WORD “YES” WHEN TALKING TO AN UNKNOWN CALLER. The fraudster is trying to record your voice saying “yes” so he can prove you agreed to buy something (which you did not). If the caller says, “Can you hear me?” HANG UP.
Do Play the 2019 NCSAM Trivia Game!
Enough about things you shouldn’t do. Let’s talk about actions you should take, in the wake of National Cybersecurity Awareness Month. The NCSAM website has a lot of information we hope you put to good use this month. It’s always important to be vigilant when it comes to cybersecurity awareness. And, if you haven’t played the NCSAM Trivia game, you’re missing out! It’s easy, fun and informative. For example, do you know how many attempted cyberattacks are reported to the Pentagon every day? Download the 2019 Trivia Game and instructions to find out.
Identifying the Threat From Within
Concerned about inside security threats at your company? In this SC Magazine feature, Gurucul CEO Saryu Nayyar explains how user and entity behavior monitoring uses modern machine learning algorithms which can automatically track and analyze employee behavior to identify anomalous and suspicious activities.
When most people think of the “insider threat” there are usually some common stereotypes that spring to mind. Often people conjure up an image of a nefarious employee acting like a super villain out of a 60s James Bond film.
In reality, the insider threat is much more complex. Many times, insider threat behaviour can be attributed to a number of causes. There are three types of insider threats: user error, malicious insider and compromised account. Good examples could be an employee who received a poor performance review and is now itching to “get even” with the company. Or perhaps it’s a rogue IT admin who is using their unmonitored elevated access to snoop out confidential data on the network. It could also be a former employee who still retains access into key systems, even long after leaving the company.
IoT Has Spawned Entity-Based Risks – Now What?
The Internet of Things (IoT) connects vast amounts of devices to the Internet. But increased security means increased security threats. In this Forbes column, Gurucul CEO Saryu Nayyar explains the steps organizations should take to implement an IoT security strategy.
The Internet of Things (IoT) is driving transformational change in IT infrastructures. Connecting everything — printers, medical devices, cameras, industrial devices, door locks, cars, etc. — to the network, the cloud or both is creating a vast, porous security perimeter.
In fact, it’s largely undefendable using traditional security architectures.
The security problem will only grow more complex. A study conducted by 451 Research (via Yahoo Finance) estimates that “the number of IoT connected devices (excluding PCs, smart TVs, and game consoles) will be approximately 8 billion in 2019 and reaching nearly 14 billion in 2024,” while a report from the International Data Corporation (via MarketWatch) forecasts that worldwide spending on IoT will reach $745 billion in 2019.
In the News
What’s New On Our Blog
FS-ISAC 2019 Americas Fall Summit. November 17-20, 2019. Washington, DC. Join Gurucul at this event for actionable information on how to address evolving threats, develop new strategies and meet changing regulations.
Health-ISAC 2019 Fall Summit. December 2-6, 2019. San Diego, CA. Up your game with Gurucul! We offer Behavior Based Security Analytics and Intelligence to predict, detect and stop insider threats, healthcare provider fraud, and consumer fraud.
RSA Conference. February 24-28, 2020. San Francisco, CA. The 2020 RSA Conference theme is “Human Element” which is perfect for Gurucul. Our behavior based security analytics and intelligence detects and prevents risky, anomalous behavior – by malicious insiders or external hackers. Visit our booth for details!