Against

now browsing by tag

 
 

Cybercrime: How To #Define It And #Defend #Yourself #Against It

There’s a good chance words like “cybersecurity” and “hacking” are floating around the minds of Atlanta’s internet users in light of the recent ransomware attack on the city’s computer network or the data breaches that affected Equifax customers.

In 2014, 47 percent of adults in the U.S. had some of their personal information exposed by hackers, and a recent Gallup poll showed that 67 percent of Americans worry “frequently or occasionally” about cybercrime.

Falling victim to cybercrime is a scary thought, but there are steps people can take to protect themselves from malicious agents on the internet. WABE has compiled a guide to common internet crimes with tips on how Atlantans can avoid falling victim to them.

Ransomware
Ransomware attacks affect victims large and small. It was a ransomware attack that left Atlantans without the ability to pay their bills for days in March, but these attacks can affect individual users’ computers as well. Once they’re running on someone’s machine, ransomware programs take control of the computer and threaten to restrict access to it indefinitely unless a ransom is paid.

Ransomware enters a computer or network either by “exploiting a security hole in vulnerable software or by tricking someone to install it,” according to internet security company Norton.

Victims of ransomware might find themselves compelled to pay the money asked of them to get their data back, but the FBI states that’s exactly what a user should not do. Ransomware should be removed by a “computer professional” because even when the malware appears to be gone, it could still be working in the background.

Phishing Scams
Phishing is the act of luring in users with emails or phone calls that appear to be innocuous but are actually sent to trick users into giving away access to their computers, according to Microsoft. Phishing scams usually originate in spam emails or phone calls from people claiming to be with companies such as Microsoft saying they need to gain access to a user’s machine.

It is relatively simple for attackers to disguise the emails they send to look like they originate from someplace official, be it a company’s IT department or even Microsoft itself.

Clicking on a seemingly harmless link in an email can be a trigger to install malware or a route for hackers to access personal information. In 2017, phishing scammers managed to steal the paychecks of 27 Atlanta Public Schools employees, costing the district nearly $300,000, according to the AJC.

Microsoft recommends a few best practices for staying away from phishing scams: make sure to hover over links before clicking on them to be sure they go where they say they do. Be wary of official-looking emails that are full of spelling or grammar mistakes and be sure to double-check spelling on URLs that look official because a slightly misspelled web address could lead somewhere dangerous.

Data Breaches
All it took to put 56 million credit cards at risk and create $62 million in costs was a set of stolen log-on credentials for the computer network of Atlanta-based Home Depot, according to USA Today.

In addition to the credit card information that was stolen from self-checkout counters in Home Depot stores, millions of email addresses were stolen, leading to victims being at risk of further phishing scams.

One thing to remember is that, according to Experian, even though someone might be a victim of a data breach, they are not necessarily a victim of identity theft. The three steps the business services company recommends for people who have fallen victim to this are closely monitoring credit history and looking out for new accounts, keeping track of Social Security benefits and monitoring tax returns for unusual activity.

Denial Of Service Attacks
A Denial of Service, or DoS attack, is when an attacker attempts to take down a computer or network by targeting it with a barrage of requests. Every attempt to access a website by typing a URL or clicking a link is a request, but large numbers of these at the same time can overload a server and prevent legitimate users from accessing a website or its content, according to the United States Computer Emergency Readiness Team.

In 2016, the University of Georgia’s internet was brought to a halt by a Denial of Service attack that “saturated” the university’s internet capacity of 20 gigabytes per second of data, blocking all access to the internet for everyone on campus, according to the AJC.

These attacks are difficult to prevent, simply because they take advantage of the way a server works. But many of these attacks utilize networks called botnet, which are computers connected by the same piece of malware that can all be used at the same time. While a user may not be able to prevent a DoS attack against a network, they could potentially avoid their computer becoming the newest member of a botnet by remaining wary of phishing scams and ensuring their antivirus software is up to date.

Protecting Yourself
While anyone can be the victim of cybercrime, there are a few helpful tips to keep in mind. Norton recommends practices such as using long, difficult-to-guess passwords, keeping your network secured and using a full-service internet security suite.

advertisement:

The post Cybercrime: How To #Define It And #Defend #Yourself #Against It appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber security #experts discuss #mitigating #threats, say #universities can #play a key #role in #protecting the #country against a #cyber attack

Former U.S. Director of National Intelligence and Navy Vice Adm. Mike McConnell advocated today for stronger protection of digital data transfers and for universities to play a key role in filling cyber security jobs.

McConnell was among the keynote speakers at the 2018 SEC Academic Conference hosted by Auburn University. The conference, which is ongoing through Tuesday, is focused on the topic of “Cyber Security: A Shared Responsibility” and brings together representatives from the SEC’s 14 member universities along with industry experts in the area of cyber security.

McConnell is encouraging the use of ubiquitous encryption as a solution for stronger data protection.

“As we go to the cloud…ubiquitous encryption of some sort would be used so that if anybody accessed that data, you can’t read it. If you’re moving [the data] from point A to point B, it scrambles so you can’t read it,” he said.

McConnell understands that stronger data security can come at a cost for others, including law enforcement who may need to access data within a device during a criminal investigation.

“What I’m arguing is the greater need for the country is a higher level of [data] security. If that’s the greater need, then some things of lesser need have to be sacrificed. So when I say ubiquitous encryption, that’s what I’m attempting to describe. It is protecting the data that is the very lifeblood of the country,” McConnell said.

McConnell also addressed how academia can help in securing the nation from cyber attacks.

“We have about 300,000 job openings across the United States for which there are no cyber security-skilled people to fill those jobs,” he said. “Universities are debating academically ‘What is cyber security?’ and ‘How do you credit the degrees?’ and ‘How do you get consensus on what it is and what it should do?’”

He urged universities to move more quickly on coming to a consensus so they can get certified and accredited to start producing students who can fill those jobs.

Glenn Gaffney, executive vice president at In-Q-Tel, also spoke to the role higher education institutions can play in cyber security during his keynote address at the conference.

“It is at the university level where we don’t have to take a top-down approach,” Gaffney said, adding that universities can work together, through research and student involvement, to create proactive solutions to cyber security. “This is where the next generation of leaders will be developed. It’s here that these dialogues must begin. This is the opportunity.”

Ray Rothrock, CEO and chairman of RedSeal Inc., was the day’s third speaker, presenting on the topic of “Infrastructure: IoT, Enterprise, Cyber Physical.” Rothrock also held a signing for his new book, “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

Attendees at the conference are exploring computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect information stored, transmitted and processed with technology.

Students at each SEC member university participated in a Cyber Challenge and presented posters displaying their work in the area of cyber security.

advertisement:

The post Cyber security #experts discuss #mitigating #threats, say #universities can #play a key #role in #protecting the #country against a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New #Book Reveals How #Obama Team #Plotted #Cyberattacks Against #Russia in #2016

Source: National Cyber Security News

On March 13, a book titled “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump” will hit the shelves. Written by Michael Isikoff and David Corn, the book specifically focuses on Russia’s alleged interference in the 2016 US presidential elections.

In the summer of 2016, the Obama team prepared a plan for a large-scale cyber-operation against the Russian media, the country’s most influential businessmen and President Vladimir Putin personally, according to former White House cybersecurity coordinator Michael Daniel.

His remarks are included in “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump,” a book by Michael Isikoff’s and David Corn’s which is due to go on sale on March 13. Excerpts were released by Yahoo News earlier this week.

Daniel explained that the cyber-offensive against Moscow was co-authored by Celeste Wallander, the US National Security Council’s former chief Russia expert.

The plan stipulated that the National Security Agency (NSA) would conduct a number of cyberattacks to neutralize Russian websites and the Guccifer 2.0 hacker, who compromised the emails of the campaign headquarters of former Secretary of State Hillary Clinton and the Democratic Party’s National Committee.

Read More….

advertisement:

View full post on National Cyber Security Ventures

5 #Reasons Why a #Credit Freeze Isn’t Enough to Help Protect #Against #Identity Theft

Source: National Cyber Security News

When a data breach happens, it’d be great if you could simply prevent identity theft with a credit freeze. The truth is, nothing can prevent identity theft, although there are things you can do to help protect against it.

Still, with identity thieves taking aim at everything from tax refunds to bank accounts, it’s worth asking the question: “Is a credit freeze a good idea?

It can be. But it may not be enough. Here’s why.

When your personal information is exposed in a data breach, you could face a greater chance of becoming a victim of identity theft. More of your information could be out there. And if it is, it might be for sale on the dark web for criminals to acquire.

Consider this statistic: You are 11 times more likely to be a victim of identity fraud if you are notified of a breach. That’s according to the 2017 Identity Theft Study by Javelin Strategy & Research.

No one wants their personal information stolen in a data breach. But if it happens to you, you’ll probably want to do whatever you can to help protect yourself against identity theft.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Companies #Look To #Cyber Insurance For #Protection Against #Hackers

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans You have health insurance, car insurance, homeowner’s insurance, how about cyber insurance?   More and more local businesses are buying protection for themselves from huge financial losses in a cyber-attack.   Cyber protection is a fairly new offering in the insurance industry.  But one Sioux Falls development company […] View full post on AmIHackerProof.com | Can You Be Hacked?

Hackers #hired for #year-long #DDoS attack #against #man’s former #employer

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans US federal prosecutors in Minnesota have charged a 46-year-old man with hiring a cyberhitman – well, technically, three hacking services – to launch a year-long campaign of distributed denial of service (DDoS) attacks on his former employer. Prosecutors say that John Kelsey Gammell, 46, contacted seven […] View full post on AmIHackerProof.com | Can You Be Hacked?

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

Source: National Cyber Security – Produced By Gregory Evans

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

‘The weakest part of security is us’

This was the message from ethical hacker Mike G.

Speaking at the Irish Independent annual Dublin Information Sec cyber-security event taking place in Dublin today, Mike G, who helps organisations in their fight against cyber security and hacking, said that humans are very easily hacked.

Citing the hacking of US actress Jennifer Lawrence’s Apple iCloud, Mike G said that the hacking was done through the actresses’ password for iCloud being her dog’s name, and the fact that Ms Lawrence had posted a picture of her dog on Instagram – the hacker went from there and leaked photos apparently showing her in the nude on the internet.

In addition, bad systems design and/or insecure security policies can leave people and organisations vulnerable to hacking.

Mike G, who describes himself as a pilot, engineer, and ethical hacker,  described the various was in which hackers can gain information about a person or a company, including through social media, certain types of jobs – “sales people often give out everything” – and even job listings.

In a sobering talk, he listed spoofing texts, calls and emails among the ways in which people and companies can get hacked.

In addition he said that anything can get hacked including pins, biometrics, TVs, and even our fitbits.

However when a person’s phone can be taken over, it’s “huge” he said.

In what was a stark message to businesses, Mike G asked those present at the event whether their company would be able to recover if the competition had all of their data?

However, the news from the ethical hacker was not all bad.

Mike G and his team do a lot of forensic planning, providing, among other services, cyber security awareness training, and impact penetrating testing to show companies their weak spots and how these can be overcome.

The post ‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

A Student’s #Guide on How to Help #Protect Against #Identity Theft

Source: National Cyber Security – Produced By Gregory Evans

A Student’s #Guide on How to Help #Protect Against #Identity Theft

Your college career is supposed to be about finding yourself and forging your identity—not having it stolen. But, in the United States, over 15 million consumers experienced identity fraud in 2016.

There’s a new victim of identity fraud every two seconds, according to the 2017 Fraud Study from Javelin Strategy & Research. Many of those victims could be college students.

The risk you face? A thief who steals your identity can commit crimes in your name or prevent you from getting that coveted job after graduation.

It’s smart to take steps to learn how to help protect yourself against identity theft. This guide can help. Think of it as “How to Help Protect Against Identity Theft 101.”

An identity-theft definition
What is identity theft? Identity theft occurs when someone steals your personal information — such as your name, address, Social Security number, date of birth, and more — and commits fraud in your name.

Criminals may use your personal data to take over your bank account or open new credit cards and run up debt, all while pretending to be you. They might file fake tax returns, buy or rent property, or commit a host of other crimes using your information.

As a college student, you have plenty to do without having to worry about identity theft. But, like a looming final exam, identity theft isn’t going away. Learning how to help protect yourself—and your financial future—is fast becoming a required course.

What’s in ‘A Student’s Guide’
Here’s what you’ll find in this guide:

Facts about identity theft
How students can help protect their identity
How identity theft happens—from low-tech to high-tech techniques
We’ve also included two additional sections:

A Teacher’s Guide on How to Help Protect Against Identity Theft
A Campus Police Officer’s Guide on How to Help Protect Against Identity Theft
Facts about identity theft
Here are two things you should know about identity theft: It’s big and it can affect your future.

How big? Consider these statistics:

In 2016, over 100 million hours were spent by identity fraud victims trying to resolve their issue, according to a 2017 Fraud Study from Javelin Strategy & Research.
22 percent of students found out they had been a victim of identity fraud after being denied credit or contacted by a debt collector, according to a 2015 Identity Fraud Study, released by Javelin Strategy & Research. Also, the study found students were three times more likely to be victims of identity-theft fraud than the general population.
Identity theft and your future
As for your future, you came to college to prepare for it. But if you become a victim of identity theft, you could spend hours, days, or more dealing with the mess. You also may face obstacles to starting a career and becoming financially independent.

That’s because when an identity thief commits fraud in your name, it can become part of your record. Your financial history—including an identity thief’s bogus dealings—will likely appear in your credit file. Credit bureaus store that data, and a credit file showing financial misdeeds can lead to a low credit score. A low credit score can make it hard to qualify for a variety of financial products and certain life necessities.

Lenders and other businesses typically check your credit report before deciding whether to lend you money or make other big decisions involving your future. Here are a few ways a damaged credit file can hurt you.

You may have a hard time getting approved for a credit card or loan.
You may not get a job offer from a potential employer.
You could have trouble renting an apartment.
You may be unable to get a cell phone account.
No one can prevent all identity theft. But you can take steps to help minimize the risk, and those start will helping to protect your personal information.

How students can help protect their identity
As a college student, you probably have personal information in a lot of places — in your computer, cell phone, academic file, wallet, even on the top of your desk. The goal is to protect this information.

Here’s how to help protect against identity theft from happening:

Guard your numbers. You have a lot of them — credit and debit card numbers, driver’s license number, PINs. Your Social Security number is your most valuable identifier and one of the most prized by identity thieves. Share these numbers only when absolutely necessary, and only when there’s a legitimate reason to provide them. It’s a good idea to memorize your important numbers and never leave them in plain view of someone else.

Avoid public Wi-Fi. Public Wi-Fi networks are not secure. That means that when you go to a café to do work on your computer, someone can intercept what you’re looking at on the web. That might include your email, browsing history and passwords. Your defense? It’s always smart to use a virtual private network. A VPN creates an encrypted connection between your computer and the VPN server. As a result, a nearby hacker can’t intercept your information. If you’re tempted to perform a financial transaction—like, buying something on the web—a VPN is essential.

Beware of shoulder surfing. Always be aware of your surroundings. Take time to make sure someone isn’t glancing over your shoulder while you enter your PIN number at an ATM or key in personal information into your cell phone. Think twice about providing a credit card number over the phone if someone is within listening distance.

Don’t overshare. Identity thieves often seek to bundle your personal information. What you post on social networks can be a rich source of information. Identity thieves can glean details from your life that could help answer security questions on websites—like, “Where were your born?” or “What’s your favorite food?”

Keep personal information in a safe place. It’s easy to leave a credit card or driver’s license lying on your desk. But colleges are social places. It’s hard to predict who might pass through your living space and potentially steal the information on those cards. It could be a friend, or a friend of a friend, or an out-of-town guest of your roommate.

Shred documents that contain personal information. A paper shredder may not have the same college appeal as, say, a refrigerator in your room. But it’s essential for shredding papers that include your personal information. For instance, you probably receive credit card offers in the mail. Don’t just toss them in the trash, where someone could retrieve them. Shred them right away.

Protect your computer from malware. Malware—short for malicious software—includes computer viruses and spyware. It can get installed on your computer or mobile device and you might not realize it. Identity thieves use malware to steal personal information and commit fraud. What to do? Install security software from a reputable company. It’s also essential to keep all your software programs up to date. Another precaution: Back up your information in case a hacker corrupts your computer.

Get savvy about online scams. Identity thieves may try to trick you into clicking on links that install malware on your computer. Or they might set up fake websites offering amazing “deals” to lure you into providing your credit card information. Stick with reputable websites. Never click on a link or an attachment from someone you don’t know.

Keep track of your credit history. The federal Fair Credit Reporting Act allows you to get a free credit report from each of the three major credit bureaus annually. This is where you can look to see if anyone has opened an account in your name. If you see something suspicious, you can take appropriate actions. You can get your free reports at annualcreditreport.com.

Use strong passwords on all your devices. A strong password includes letters, numbers and symbols. It’s a good idea to have separate passwords for all your devices, including computer, tablet, and cellphone. Never share your password with someone else. And remember to change it periodically. Or consider using a reputable password manager. A passport manager is a software application with strong security features that manages and stores your passwords.

Mind your bank cards. Notify your bank or credit card company if you misplace your credit or ATM card. They’ll likely cancel your card and send you a replacement with a new number. Usually they will review recent transactions with you to identify any suspicious activity. As a general rule, check your bank and credit card statements regularly to make sure all activity is legitimate.

A Teacher’s Guide to How to Help Protect Against Identity Theft
As a teacher, you could have the opportunity to help protect students from identity theft.

It’s a good idea to familiarize yourself with the information in A Student’s Guide on How to Help Protect Against Identity Theft. It will help you understand how identity theft happens in college. And you can help guide students in how to minimize the risk.

A Teacher’s Guide includes a list of resources that you can share with your students to help them keep their identities safe.

Here’s a checklist of ways you can help.

Encourage students to practice smart online habits. Let students know, for instance, that not all networks on campus may be secure. If your course requires purchasing materials online, remind students to use a secure network or virtual private network (VPN). Discuss the risk of sharing personal information when students work collaboratively on projects.
Help keep your students’ numbers safe. It’s a good idea never to use a student’s Social Security number as official identifier in coursework or assignments. A student’s Social Security number is a key piece of information for identity thieves.
If appropriate, let students know there are key ways to help protect their identity. These range from checking their credit reports for suspicious accounts to never using a library or public computer to provide personal information.
Find out if your college offers any presentations or workshops on identity-theft protection. Keep a list of available resources handy.
Remind students to lock their computers and protect them with strong passwords. In general, students should never leave their computer where someone can snoop for personal information or steal it.
Point students to resources that can help provide additional information related to identity theft. Here are a few good ones:
U.S. Department of Education: Offers identity-theft prevention tips and materials.
U.S. Federal Trade Commission: Includes prevention and recovery tips. Also offers free publications in bulk.
Identity Theft Resource Center: Includes tips for students and parents.
Finally, it’s important to remind students that protecting their identities is important to their college career and future. Your identity is one of your most important assets.
A Campus Police Officer’s Guide on How to Help Protect Against Identity Theft
As a college law enforcement official, you know that your job is to keep the campus safe and secure. Helping students protect themselves against identity theft may be a crucial part of that.

Here’s a check list of things you might do:

Be familiar with A Student’s Guide to Help Protect Against Identity Theft. It will help you understand how identity theft happens in college, and how you can help students minimize the risk.
Encourage safe practices: Consider reminding students that campus theft often involves the loss of personal information—whether it involves a wallet, computer or personal documents.
Consider a policy for protecting lost devices, such as computers and cellphones that have been turned in to the campus police department. Establish a protocol for making sure the devices get back to their rightful owners.
Become an active partner in protecting against identity theft. Develop and distribute materials about what students can do avoid identity theft.
Encourage students to lock their dorm rooms or apartments when they’re away.
Point student to resources that can help provide additional information related to identity theft. Here are three good ones:
U.S. Department of Education: Offers identity-theft prevention tips and materials.
U.S. Federal Trade Commission: Includes prevention and recovery tips and facts about identity theft. Also offers free publications in bulk.
Identity Theft Resource Center: Includes tips for students and parents.

The post A Student’s #Guide on How to Help #Protect Against #Identity Theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New #bill could let #companies #retaliate against #hackers

Source: National Cyber Security – Produced By Gregory Evans

New #bill could let #companies #retaliate against #hackers

– A new proposed bill could make it legal for companies to retaliate against hackers.

Dubbed the “hack back” bill, it was introduced last week to allow businesses to hack the hackers who’ve infiltrated their computer networks.

Called the Active Cyber Defense Certainty (ACDC) Act, it amends the Computer Fraud and Abuse Act anti-hacking law so a company can take active defensive measures to access an attacker’s computer or network to identify the hackers, as well as find and destroy stolen information. It was introduced by two U.S. Representatives, Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.

“I’ve heard folks say this is like the Wild West what we might be proposing, but in fact it’s not,” Graves told CNN Tech’s Samuel Burke in an interview. “We are already dealing with the Wild West and there’s a lot of outlaws out there but we don’t have a sheriff, we don’t have a deputy and all we were asking for is a neighborhood watch.”

But security experts warn the legislation could have serious consequences if passed.

According to digital forensics expert Lesley Carhart, the fundamental problem with the idea is that a majority of organizations who would want to hack back aren’t qualified to do so responsibly. It often takes a long time to correctly identify who was responsible for a hack.

“In cybercrime and in nation state attacks, there are often lots of attempts to mislead and confuse researchers analyzing the attack timeline or malware,” Carhart said. “A savvy bad guy could fairly easily emulate an innocent third party, and draw down the wrath of unskilled analysts on them.”

One way researchers place blame on a person or group for a hack is by looking at the evidence left in code. For example, researchers found similarities between the WannaCry code and malware created by Lazarus group, a hacking operation that has been linked to North Korea, earlier this year. Intelligence agencies later connected the country to the massive ransomware attack.

But it’s not uncommon for hackers to spoof that evidence and try and trick analysts into thinking it came from somewhere else, such as putting code from known hacking groups, or innocent third-parties, into their malware.

The bill says active defense measures could only be taken inside the U.S., which means it would have limited benefit. A majority of attacks are based outside the country or route their attacks through servers overseas so it looks like they’re coming from overseas, said Amanda Berlin, author of the Defensive Security Handbook.

Companies would also be required to alert the National Cyber Investigative Joint Task Force, an organization led by the FBI, before trying to hack their hackers. The agency could also review active defensive measures before they’re taken.

The FBI and other law enforcement agencies are already involved in investigating and prosecuting cybercrime. They work closely with major security firms and companies impacted by breaches. However, a relatively low number of businesses in the private sector report ransomware, a common and lucrative cyberattack.

Carhart says poking around in a hacker’s network could impede law enforcement investigations and court proceedings by potentially contaminating evidence.

The FBI defense review also introduces some thorny foreign retaliation issues. Kristen Eichensehr, assistant professor at UCLA School of Law, explained in Just Security, a national security publication.

“The FBI’s participation in the review process may trigger the U.S. government’s international legal responsibility for actions of private actors,” she wrote.

However, some firms already engage in hacking back, despite the illegality. Graves said the bill could put some parameters on that behavior.

“Word on the street is many companies are already doing some of these things,” Graves told Burke in an interview. “They know, you know, and I know that they are doing is illegal. What we would be doing is bringing clarity to what some might already be doing and what tools might be successful.”

He also said he hopes additional tools will be developed by the security community that can protect people from hackers.

Some experts believe resources may be better spent elsewhere than through retaliation. According to Berlin, companies should invest in their existing infrastructure to prevent hacks in the first place.

“So many corporations get the basics wrong, or skip steps to spend money on some fancy blinky box that’s supposed to protect them from everything,” Berlin said.

This year’s most serious hack was not sophisticated. Equifax failed to patch a software hole despite a fix existing for months before hackers compromised data on 145.5 million people.

To keep systems secure, Berlin advised companies to remove non-essential machines from direct internet access, and patch early and often to prevent hackers from exploiting known holes. If something can’t be updated or fixed, it should be separated from other networks.

Experts warn that hacking back could also hurt innocent third-parties.

Consider Mirai, a massive botnet that turned connected home devices into an army of zombie computers controlled by one attacker. If a company was attacked by a botnet like Mirai and tried to hack back, they could be hitting an innocent family’s network connected to a security camera, instead of the real person behind the attack.

“I’m afraid it will take us back to ancient Babylon and Hammurabi code which called for an eye for an eye and a tooth for a tooth,” said Bassel Ojjeh, cofounder and CEO of security firm LigaData. “And everyone at this rate will go blind.”

The post New #bill could let #companies #retaliate against #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

10 Approaches You Can Take To Shield Yourself Against Ransomware Attacks

Source: National Cyber Security – Produced By Gregory Evans

The WannaCry attack earlier this year is one of the more notable ransomware attacks in recent memory. The attack, which hit everything from home users to the United Kingdom’s National Health Service, locked key data inside an encryption and then demanded bitcoins in exchange for the key to the data….

The post 10 Approaches You Can Take To Shield Yourself Against Ransomware Attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures