Wednesday, October 26, 2016

Don't equate a successful DDOS attack with weak security

Hi Anything Cyber community,

I'm sure most of you heard about the pervasive Cyber attack late last week that impacted the availability of big name web sites like Twitter and Netflix. If you just based your opinions on watching the news headlines, you'd incorrectly think that the company Dyn has weak security in place since they fell victim to a DDOS attack. While Dyn may have weak security, falling victim to a DDOS (Distributed Denial of Services) is not proof.

Think of a DDOS as an event in which massive amounts of computers are programmed to send requests to access information from servers owned by Dyn responsible for routing traffic to sites such as Twitter and Netflix. Since the Dyn servers were overwhelmed with garbage traffic, the servers were unable to service the requests of legitimate traffic.  A DDOS causes a temporary loss of availability to the Dyn servers. It takes time for DDOS defense mechanisms to mitigate the situation.

DDOS are very common and sometimes caused by non-malicious means. Just think about what happens whenever you try to tap into the next Apple product announcement via the Internet and you're unable to do so. There's so much interest in the announcements that the Apple servers and 3rd party servers contracted to handle the excessive viewer traffic are overwhelmed and many viewers may be left out from watching the event.

Jimmie Walker

Thursday, August 25, 2016

Avoid becoming the next Ransomware victim. Think before you click!

Hi Anything Cyber community,

I'd like to discuss something that is very prevalent in the field of Cyber crime, ransom ware. This form of malware goes by many names such as CryptoWall, Locky, TeslaCrypt, CryptoLocker, and Zepto. The attack vector is typically a phishing email with a malicious attachment with a filename such as 'Invoice' and file extensions such as .docm, .zip, or .pdf. Typically, with phishing emails, the perpetrator creates a sense of urgency to take action by clicking on the malicious attachment. With any form of scam, someone pushing you to do something urgent is always a sign to walk away or back away from your computer.

Ransom ware can be very crippling to a business or individual. Once the malware is executed on a computer, it will systematically encrypt files contained in folders such as 'Downloads', 'Documents', 'Pics', etc. and also go after encrypting any network connected drives. In each folder that contains encrypted files, the malware will leave a ransom note (usually called a HELP file) that lets the victim know how many bit coin it will require in order to get their encrypted files decrypted.

Don't think that you're safe from ransom ware if you store your important files in the Cloud. A lot of cloud services allow for the cloud storage to be locally mapped to a computer. In that instance, the malware will see the cloud storage as any other network connected drive and go after encrypting that data as well.

The best defense is to backup your files from monthly to weekly depending on how sensitive the files and how often the files are modified. Also, with your backup solution, only allow the backup mechanism to be connected to the computer while backing up data. Otherwise, a ransom ware infection on your computer will also encrypt the connected backup mechanism.

As always, another defense is to practice sound judgment when receiving email messages from unknown senders. Whenever there's an attachment involved or a link to click, you're better off trying to contact the organization by looking up their phone number on the Internet and calling them direct to confirm the validity of the email.

Last, a defense I personally find effective is using an Apple computer. Although viruses do exist for Apple products, orders of magnitude more viruses exist for Windows computers. Since Windows is the dominant operating system, Cyber criminals dedicate the majority of their time to attacking Windows computers. Malware is basically just computer code that must be tailored to attack the operating system in question. Ransom ware and other malware typically is only coded to attack Windows machines and therefore do not infect Apple computers.

I could talk about malware for days but all blog posts must come to an end. Please post any questions you may have regarding malware and I'll gladly answer them.

Jimmie Walker
Forensics/Malware/eDiscovery Specialist

Wednesday, June 15, 2016

Free training to fight Hackers

Hi Anything Cyber Community,

With a deficit of approximately 500,000 workers, only 50,000 Computer Scientists graduate domestically each year. Numbers like that provide me with good piece of mind about my job security in the Cyber security arena. Yet, it's important that we get our kids exposed to computer programming since some of them will be needed to combat the computer virus writers of the future. Well, Apple is trying to expose anyone with an iPad to a free ' learn to program' app in the Fall called 'Swift Playgrounds'. I suggest that everyone check it out and I can't wait to test drive the app with my kids.

The app is designed to start at a basic level of learning to program using the few years old programming language, Swift, designed by Apple. As the user learns, the app provides progressively more challenging tasks. While Apple might have intentions to distribute the app for free to sell more iPads, I still admire Apple's effort to bring programming to the masses.

Jimmie Walker, CISSP-ISSMP

Tuesday, May 31, 2016

The flourishing field of e-discovery

Anything Cyber Community,

Know of any recent high school graduates looking for a maturing field with a shortage of talent, forensics and e-discovery is the answer. Social media, text messages, and email result in an enormous amount of data that is fair game come litigation time. If you thought the shortage of Cybersecurity professionals was an issue, I'd bet that the shortage of forensics and e-discovery professionals is even more pronounced. These professionals are needed to guide forensics software to cull through vast amount of data to find pertinent information for court cases.

Barriers of entry into the forensics and e-discovery field are plenty. How many colleges out there offer forensics and e-discovery as an undergrad degree? If you're lucky, 1 or 2 classes are devoted to the subject. Next, companies want professionals to be certified in e-discovery and forensics which means someone needs: access to software that costs thousands of dollars; and access to thousands of dollars to pay for training to become certified. To get more involved in the field, colleges need to catch up with the private industry and incorporate forensics and e-discovery into the curriculum and offer training in forensics software such as Encase and Access Data.

Jimmie Walker, CISSP-ISSMP

Monday, April 25, 2016

Expensive Forensics software can Neutralize Ransom ware

Anything Cyber Community,

Ransom ware has grown in visibility and impact the last few years. Serving as malware that can encrypt chucks of data on a hard drive deemed important to a victim, ransom ware is primarily dealt with by either paying a ransom or having a recent backup of your hard drive. My prior posts from 2015 go into further detail on ransom ware. Recent victims of ransom ware include police precincts, hospitals, and various small businesses. One hospital in California just a few months ago paid a ransom of approximately $17,000 to have their encrypted data recovered.

While working in a previous career, I came across a few instances of hard drives encrypted by Crypto Wall ransom ware. With thousands of dollars worth of Forensics software at my disposal and an ultra powerful Mac Pro, I figured there must be a way for me to retrieve some plain text data off of the encrypted drives with the tools at my disposal. After making an image of the encrypted hard drive and processing the image though the forensics software (which can take a day or two), I was pleasantly surprised to recover a substantial portion of plain text data that the victim had not backed up and thought was lost forever. While I used forensics software from Access Data, software from EnCase may work just as well.

Since most of us (including me in my new career) do not have access to expensive Forensics software, the best advice to reduce the chance of ransom ware infection is to be on the look out for phishing emails, frequently backup your hard drive to a device that's only connected while performing the backup, and to scrutinize clicking on website advertisements that could potentially be malicious. If you do fall victim to ransom ware, contact your local FBI field office which is equipped with the Forensics expertise to potentially recover data off of your encrypted hard drive.

Regards and enjoy your week,

Friday, March 18, 2016

No Internet facing IP address is immune from Hackers

Hi Anything Cyber community,

While hacks of the big companies and high profile celebrities usually make the news, don't think small businesses and ordinary citizens get a pass from Cyber criminals. If you have an IP address that's used to access the Internet, you're a target.

It's important for small businesses to realize that while they may feel there company contains data of no value to hackers, computing resources is just as valuable than the data itself. For example, hackers can use small business resources as a hop point to attack a bigger company that contains valuable data. Once the hacked company discovers the attack which could take 6 or more months to detect per the current statistics, the hacked company will investigate the hack and guess who's IP address will look like the culprit? The hacker's IP? Nope. The small business serving as a hop point? Yes. The same logic applied to small businesses can also apply to individuals.

To mitigate the risk of being used as a pawn by Cybercriminals, work on securing your home network or small business. Some of my previous blogs go into how to accomplish that feat. If you have specific questions, post them.

Enjoy the weekend!

Cyber/Information Security Expert

Sunday, January 31, 2016

The Cloud is coming whether you like it or not

Hi Anything Cyber Community,

The cloud is all around us. If it's not iCloud (my personal cloud of choice) or cloud offerings from other big players like Microsoft, Google, and Amazon, the cloud plays a role in both our personal and professional lives. In my current role as an InfoSec Advisor, I come across numerous proposals to use different cloud vendors that can help my employer better achieve their goals in a more cost effective manner.

Cloud vendors provide us with the dog and pony show trumpeting all the great benefits of moving to the cloud. Of course, they seldom mention the cons such as data security or data loss concerns. That's why it's on the client or cloud buyer to ask those tough questions to verify that the cloud vendor of choice does take data security serious and has tangible safeguards in place. Like in life, you just can't take the vendor's word for it. We also must request written evidence that vulnerability scans are periodically performed by requesting a copy of scan results to document existing vulnerabilities and how the cloud vendor is mitigating or eliminating the vulnerability.

Jimmie Walker