Going

now browsing by tag

 
 

#deepweb | Online communication tools keep business dialogues going for travel players

Source: National Cyber Security – Produced By Gregory Evans

Web-conferencing and instant messaging tools are seeing greater usage among travel and tourism trade players who are determined to keep business dialogue alive as the appeal of face-to-face meetings diminish against a backdrop of Covid-19 infection fears.

Sheryl Lim, founder of Singapore-based travel agency Travel Wander, found herself turning to online presentations to keep her regular clientele informed on new adventure tours and destinations as well as reach out to potential new customers.

https://www.ttgasia.com/
Businesses turn to digital communication tools to continue operations remotely amid Covid-19

“Our usual marketing efforts involve conducting product presentations at specific venues but as soon as Covid-19 happened, people started to refrain from going out or meeting other people,” Lim recalled.

“We were in a fix because as a small company, we cannot stop moving and must keep up our marketing efforts. Out of sight, out of mind, as the saying goes, so we must maintain contact with our customers and the marketplace now so that when travel confidence returns, they will consider Travel Wander for their travel planning.”

With print or radio ads priced out of her budget, she turned to web-conferencing tools.

“The travel planning business is a very personal one, where clients prefer meeting face-to-face. But the pandemic has presented us with an unusual situation, and webinars are a good solution that enables us to keep up with sales and marketing communications,” she said.

Travel Wander conducted its first presentation two weeks ago, focusing on the joy of active holidays. The content, delivered through slides and a narration, explained what active holidays were all about, and dispelled myths around such tours. Six people attended it. A week later, a webinar on Sarawak drew 10 people.

Lim has planned a third on Kazakhstan this week, and aims to conduct a weekly session and is working on improving the format to facilitate conversations. The webinars are promoted to regular clients who then spread the word within their social circle.

The product webinars have allowed Lim to determine which destinations were more popular, based on webinar sign-up performance.

For other travel companies that are already utilising web-conferencing, the current pandemic has underscored the value of this mode of communications.

Adam Kamal, general manager of Malaysia’s Suka Travel, said his team is now working remotely from home, relying on WhatsApp video conferencing to address urgent matters, on top of their usual web-conferences with overseas suppliers and outstation agents.

The remote work arrangement was necessary as the government had on Monday evening issued an order to temporarily shutter businesses and restrict movement to fight against Covid-19.

Adam said he introduced and encouraged web-conferencing when he joined the agency last November, and applauded the convenience and cost savings it offers.

“Web-conferencing allows our partners to pull up documents, charts and pictures as they speak. (It also) saves time and costs as we can do meetings virtually. If it were face-to-face meetings, we would have to rent space to hold a seminar and pay for light refreshments,” he said.

Bayu Buana Travel Services Indonesia, which now has 50 per cent of its staff working from home, is encouraging continued reliance on web-conferencing tools to keep dialogues open with airline partners and clients during these trying times.

Agustinus Pake Seko, president director of Bayu Buana Travel Services Indonesia, said his team is familiar with web-conferencing, as there are regular online global meetings with BCD Travel, which the company is part of.

https://www.ttgasia.com/
Laurens: companies are waking up to the benefits of digital transformation amid Covid-19 

Laurens van den Oever, CMO at research firm ForwardKeys, opined that the “one good thing to come out of the coronavirus” is the emphasis on the value of “how to be savvier with our digital offerings, such as travel alerts, impact reports and newsletters”.

“In every business, you need to invest in the necessary tools and equipment for your team. Different time zones, cultural barriers, epidemics and pandemics should not impede the running of your business nor throw you into the Dark Ages,” Oever said.

The ForwardKeys team relies on a suite of communication services, such as Zoom, Slack, WhatsApp and webinars/web information sessions for internal interaction, and Zoom mostly by its analysts to connect with external clients.

“These have helped us a lot (in maintaining business communications, especially now) with all the travel limitations and tradeshow cancellations due to the (outbreak),” he added. – Additional reporting by S Puvaneswary and Mimi Hudoyo

Source link
——————————————————————————————————

The post #deepweb | <p> Online communication tools keep business dialogues going for travel players <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Going After the Good Guys: The Government’s Ransomware Identity Crisis

Source: National Cyber Security – Produced By Gregory Evans

Why fixing that ransomware attack might get you indicted

Editor’s
Note: We’re pleased to publish this article from attorney Ryan Blanch, sharing
an expert perspective on some of the legal issues in the cybersecurity
industry.

When it
comes to ransomware, malware, and hackers, the government is finding it
difficult to keep pace with the quickly evolving landscape of cybercrime. And
sometimes, the government seems to be going after the good guys instead of the
bad guys, as evidenced by the recent CoalFire debacle in which Iowa arrested
and charged the same cybersecurity professionals it had contracted to try to
breach the state’s security systems.

As a criminal
defense attorney, I’ve been involved in myriad cybercrime cases. There were the
DDoS attacks on the Church of Scientology, and then the infamous Blackshades
malware allegedly used to spy on Miss Teen USA. We defended a sports gambling software company
accused of conspiring with the mob abroad, which went to trial and was ultimately dismissed.
Later, we handled a cryptocurrency hacking case, an online currency arbitrage
platform; and, more recently, the allegedly illegal deployment of scores of
Bitcoin ATM machines around high crime neighborhoods – to name a few.

In most
cases, it’s at least apparent why prosecutors are focusing on our client. But
in other cases, prosecutors are barking up the wrong tree—they’re going after
the targets they can find instead of looking for the actual bad guys. After all,
career hackers can be nearly impossible to track down and apprehend. In the
sports gambling case I handled, my client reported that the New York district
attorney’s office wanted to strongarm him into hacking into his clients’
systems to turn over personal data on gamblers and their bookmakers who may be
involved in illegal gambling.

Another area
where prosecutors seem to be struggling to find and prosecute the right parties
is with ransomware attacks. If you should fall victim to a ransomware attack,
be very careful how you navigate your crisis. And that goes double for those
who try to help you. The government may be looking to indict you both. And the penalties are steep.

Let’s hash it out.

How Ransomware Attacks Work: From Attack to Prosecution

Ransomware
brings companies to their knees in an instant as it encrypts user data and
files irretrievably. In some cases, the only way to resume business as usual is
to pay the ransom outright and most of them only take crypto.

Phase 1: The Attack

You show up
to work to find a message like this one filling all 100+ displays of your
company’s employee workstations. Your CTO and IT administrator are in a panic. Your
entire company has been locked out of its servers, computers and files. The company
stands to lose hundreds of thousands of dollars each week that this persists. There
is a countdown clock on the monitor, and IT cannot find any way to access the
system. All you can think is, ‘What would Kiefer Sutherland do?’ 

Phase 2: The Fallout

It’s day two
and the losses have already exceeded $40K. Clients are taking flight as they
fear the worst. Employees are asking whether they should come to work, and the IT
department is pulling its collective hair out.  You wonder what you have them around for if
they can’t fix your computer-related problems. Arnie, Head of IT (for now), has
resorted to Googling (from his personal cell phone) “ransomware help” to look
for outside companies that might be able to lend a hand. 

The 5 bitcoin
demanded hasn’t yet increased, but it might as well have because the volatile
bitcoin market has already added $5,753 to the price (some companies are
starting to keep an emergency bitcoin account to offset the risk of price
fluctuations).  

Someone
reminds you that you have business insurance that may cover this sort of thing.
You call your insurer. They do in fact cover ransomware attacks and have a list
of “approved providers” aka cybersecurity firms who can help.

Phase 3: The White Knight Arrives

It looks as
though all that panic-driven Googling may have paid off. Arnie has already
found a cyber security firm and is on the line with them. As luck would have
it, this firm is also on your insurance company’s “approved provider” list.  The firm thinks they may be able to resolve
the problem remotely. But when asked, they admit that no one can actually decrypt
the files.  More pointedly, if you were
to marshall the combined forces of Homeland Security, the NSA, M.I.T., Kaspersky
Labs and Elliot Gunton to the singular purpose of retrieving the electronic
files of your trading house and photos of your mini labradoodle wearing a tutu,
they would all wind up with zilch. That’s how hard it is to unencrypt what’s
been properly encrypted.

So how can
this cybersecurity firm help?

Pay the
ransom, of course.

So then, what
good are they? Well, for starters, they have a bitcoin wallet on the ready. You
don’t. Secondly, they actually know how to deploy a decryption key. You don’t
(and neither does Arnie).

Turns out
most ransomware, eh hem, artists don’t restore your files for you when you pay
the ransom. They merely send you a key. Technical support doesn’t exist. It’s
do it yourself. And you wouldn’t want your attackers fixing it for you even if
they offered.

Here is why
it makes sense to hire the cyber security firm rather than pay the ransom
yourself in a nutshell:

  1. They can pay immediately.
  2. They may be able to get the attackers
    to lower the ransom. Probably not enough to decrease your cost but enough to
    offset the cost of the firm’s fee.
  3. You shouldn’t be dealing with your attackers.
    They may expand the problem to other systems if you let the wrong information
    slip.
  4. Once you get the key, if you don’t
    deploy it correctly you could corrupt your files forever. Some of these keys
    require several steps to deploy them. And you need to make sure you back up
    your files first, etc.
  5. After you get your files back you
    need to close the proverbial back door. Your attackers could come back if you
    don’t. The honor of your extortionist ends with the promise to send you the
    key. It does not include a promise to never return.
  6. The best firms will issue and update a
    white paper to make sure that you continue to follow best practices to avoid
    subsequent attacks.
  7. An honest firm will tell you if the
    strain of your ransomware variant is actually undecryptable. Some variants are old,
    and the decryption key has already been disseminated publicly. If your firm has
    the key, they may just deploy it for you at little or no cost.
Ransomware screen

Phase 4:  The White Knight Gets Indicted

All good? Not so fast. Now the cyber security firm’s principals and employees are contacted by the FBI’s Cyber Division. The U.S. Attorney’s Office wants to talk about a turn-in date and because they know this is a real company with generally law-abiding individuals, they wanted to call and invite them in to “self-surrender” so they can forgo the unpleasantness that comes with a 3AM home arrest warrant execution.  

Looks like
your company’s savior is going to need to hire a great criminal defense
attorney.

Why? Turns
out the government doesn’t look kindly on paying ransoms. The reasons
themselves are not objectionable:

  •  The money could go straight to terrorist
    organizations and other criminal cartels
  •  The money is difficult to trace when
    transferred through bitcoin.

But the
government also knows that juries don’t like to convict victims for paying
their extortionist. It’s like arresting the mother of a kidnapped child for
paying the kidnappers their ransom to get her baby back.

It would never fly.

How The Government Views Paying Computer Ransoms

Lost
computer files, lost business revenue and even stolen intimate photos are less
sympathetic reasons to sponsor a crime cartel than say, getting a real live
child back. But, just the same, the DOJ doesn’t like to lose. And prosecuting
victims is a losing strategy. So, for now, victims can (probably) pay ransoms
back directly (as ill-advised as that is) to their attackers.

But if you
hire an intermediary, that’s where the government is testing a prosecutorial
theory. The theory is if they can prosecute the cyber firms who pay the ransoms
then they can get a pelt for what they view as an ugly business. Hey, somebody
has to pay. Cybercrime is the new bank robbery and it’s turning into an
epidemic. The government’s so-called ransomware “experts” are in the stone
ages. But prosecuting cyber security firms makes it look like they are doing
something about this epidemic (spoiler alert: they aren’t).

Strangely
enough, the FBI has made multiple statements encouraging or allowing companies
to pay off ransomware attacks:

  • Joseph
    Bonavolonta, Assistant Special Agent of the FBI’s Cyber and Counterintelligence
    Program, said that in most cases, because the FBI can’t
    help these companies recover files, their agents often end up recommending them
    to pay the ransom to get their data back.
  • An
    official statement from the FBI said they don’t “advocate” paying
    ransoms, but that the “FBI understands that when businesses are faced with an
    inability to function, executives will evaluate all options to protect their
    shareholders, employees, and customers.”

They haven’t yet publicly announced a policy of indicting companies for paying ransoms or started issuing mass indictments. But they are hovering around the periphery, looking for instances where they think they might be able to dirty-up the white knight cyber security firm to make them a public example of the perils of paying ransoms as a business model.

What if they succeed? What does that accomplish? It doesn’t stop the ransomware attacks. It doesn’t stop the victims from paying those ransoms directly. But it takes out a middle man would-be protector, leaving the victim to their own devices.

Making the Good Guys Prosecutable: Dirtying up the White Knight

If juries
don’t like to convict victims, how would they feel about their heroes? As a
matter of public policy, do we want to criminally prosecute the saviors of
those who have otherwise irretrievably lost their businesses?  

The answer
is it depends. We should not criminalize the only people that offer any
protection whatsoever to the victims of ransomware. They also provide a
mechanism for insurance companies to insure the losses of such an attack. The
government is putting this in jeopardy (more on this to come). In order to make
a white knight prosecutable, the government needs to shift our view of them. The
prosecution will want the jury’s perception of the white knight to be that of
an opportunistic broker of shattered dreams. Instead of saving their victims
from further attack, they provide a surcharge to further exploit them. As
ridiculous as this sounds, this is what in fact is being kicked around at DOJ
offices everywhere.

The Insurance Companies as Co-Conspirators?

So, if the
cybersecurity firm is recommended and, in some instances, paid for by the
victim’s insurance company, doesn’t that make said insurance company an
accomplice in the conspiracy to pay ransoms to possible crime cartels?  After all, the insurance company knows exactly
how the cyber security firm addresses the problem – by paying ransoms. So, will
the government start prosecuting Allstate for providing ransomware protection
to its insureds?

Probably
not.

But, by
taking the cyber security firm out of the equation, it would force the
insurance company to pay the ransom to the insureds or even worse, pay it
directly to their attackers. Knowing that would result in potential
prosecution, they would have to stop insuring businesses and individuals from
ransom attacks all together, compounding the victim’s losses exponentially.

No Good Deed Goes Unpunished

So if the
reasons listed above are all valid reasons why you SHOULD hire a cyber security
firm in a ransomware attack and if billion dollar insurance companies are
recommending that their insureds hire these companies (knowing full well that
those companies will pay the ransoms), then how in the world can the government
look to criminally charge these very same companies for doing what it has
failed to do – rescue victims of
ransomware?

For now, the government is limiting its
prosecutorial powers to low hanging fruit; looking at smaller cyber security outfits
that they believe make easy targets to test-flex their muscles.  They have yet to rope in the insurance companies
who refer them business. And their internal (and informal) policy of the moment
seems to militate against charging ransomware victims who pay ransoms
directly.   

But it’s
‘victim beware’ when it comes to paying ransoms. You don’t know where the money
is going—and the U.S Treasury’s Office of Foreign Assets Control (OFAC)
maintains a nearly incomprehensible and ever changing
list of thousands of countries, individuals and entities to whom it’s a crime
to send funds.

The takeaway: If you fall victim to ransomware, hire a cyber security
firm to handle it.  If you are such a
firm, proceed with caution and consult with legal counsel about best practices.

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Ryan Blanch. Read the original post at: https://www.thesslstore.com/blog/going-after-the-good-guys-the-governments-ransomware-identity-crisis/

Source link

The post #cybersecurity | #hackerspace |<p> Going After the Good Guys: The Government’s Ransomware Identity Crisis <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Ransomware: Still Going Strong 30 Years On

Source: National Cyber Security – Produced By Gregory Evans

Next month marks the 30th anniversary of the first ever ransomware attack, and according to new research this particular form of malware is still going strong. 

According to the “Mid-Year Threat Landscape Report” published yesterday by Bitdefender, ransomware increased 74.23% year on year in the first six months of 2019. 

Researchers noted a change in the ransomware landscape following the fall of GandCrab earlier this year. In roughly 18 months of activity, this particular piece of ransomware generated more than $2bn. 

“The fall of GandCrab, which dominated the ransomware market with a share of over 50 percent, has left a power vacuum that various spinoffs are quickly filling. This fragmentation can only mean the ransomware market will become more powerful and more resilient against combined efforts by law enforcement and the cybersecurity industry to dismantle it,” wrote researchers. 

A notable player stepping into the space left by GandCrab’s exit is Sodinokibi (aka REvil or Sodin), which has quickly gained popularity in recent ransomware campaigns, focusing on specific industry verticals. 

To help educate businesses about the threat posed by ransomware, Sophos yesterday published a report titled “How Ransomware Attacks.” In addition to detailing how the threat has evolved over the past three decades, Sophos’ report also takes an in-depth look at the largest ransomware families and highlights the most common types of attacks.

Included in the report are the characteristics and file system activity of ten ransomware variations. Alongside classics such as WannaCry, Ryuk, and SamSam, the report delves into newer strains like RobbinHood, Sodinokibi, and LockerGoga. 

While ransomware continues to wreak havoc, Bitdefender researchers identified coin-mining malware used in cryptojacking campaigns, exploits leveraging unpatched or previously unknown vulnerabilities and fileless attacks, and banking trojans as the top three threats facing businesses and consumers. 

Underlining just how serious the consequences of cyber-attacks can be, the researchers found that the European Union economy could face up to €2.5bn in financial losses, should internet infrastructures be taken offline for a single hour by IoT botnets causing DDoS attacks. The losses for an eight-hour workday reach around €20bn.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Ransomware: Still Going Strong 30 Years On appeared first on National Cyber Security.

View full post on National Cyber Security

Google’s Heather Adkins thinks everybody is going to get hacked and you need to be ready

Google’s Heather Adkins thinks everybody is going to get hacked and you need to be readySource: National Cyber Security – Produced By Gregory Evans Google’s Information Security Manager Heather Adkins has a pretty good track record. The company was last hacked in 2009, that’s why Adkins had some good advice for startups in the audience at TechCrunch Disrupt SF. “At some point in the history of your company, you’re probably […] View full post on AmIHackerProof.com | Can You Be Hacked?

The Hacking Wars Are Going to Get Much Worse

Source: National Cyber Security – Produced By Gregory Evans

Reports this month that the United Arab Emirates orchestrated the hacking of a Qatari news agency, helping to incite a crisis in the Middle East, are as unsurprising as they are unwelcome. For years, countries — in particular Russia — have used cyberattacks and the dissemination of disinformation through social…

The post The Hacking Wars Are Going to Get Much Worse appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why is there so much cyber ‘hacking’ going on right now? Computer Digital Forensics Expert says ‘look closer’.

Source: National Cyber Security – Produced By Gregory Evans

Why is there so much cyber ‘hacking’ going on right now? Computer Digital Forensics Expert says ‘look closer’.

Upon reading the attributed link labelled, “The evolution of hacking” – written by “The Guardian” and listed at the end of this article, Simon Smith, a real practicing certified expert White Hat Ethical Hacker and successful Senior forensic Private Investigator,

The post Why is there so much cyber ‘hacking’ going on right now? Computer Digital Forensics Expert says ‘look closer’. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Here’s what your personal data is going for on the dark web

102294588-163793600-530x298

Source: National Cyber Security – Produced By Gregory Evans

Here’s what your personal data is going for on the dark web

It’s an annoying inevitability of the modern world that your personal information is going to be compromised at some point and you’ll have to go through the hassle of changing your password or account number or signing up for credit

The post Here’s what your personal data is going for on the dark web appeared first on National Cyber Security.

View full post on National Cyber Security

Gas stations fight hackers — but they’re going to have to pay for it

103893137-GettyImages-524488072.530x298

Source: National Cyber Security – Produced By Gregory Evans

Gas stations fight hackers — but they’re going to have to pay for it

Hackers are dialing up the heat on gas stations, but business owners are about to start fighting back.
As U.S. retailers continue the nationwide rollout of payment terminals that accept EMV cards, which are chip-enabled debit and credit cards designed

The post Gas stations fight hackers — but they’re going to have to pay for it appeared first on National Cyber Security.

View full post on National Cyber Security

Going Global: SUU Will Train Vietnam’s Next Cyber Security Experts

231

Source: National Cyber Security – Produced By Gregory Evans

Going Global: SUU Will Train Vietnam’s Next Cyber Security Experts

Information technology students in southeast Asia will soon be taking graduate-level cybersecurity courses from Southern Utah University.
It’s all part of a partnership between SUU and FPT Corporation, which is the largest Vietnamese telecommunication company in southeast Asia and on

The post Going Global: SUU Will Train Vietnam’s Next Cyber Security Experts appeared first on National Cyber Security.

View full post on National Cyber Security

19 Books for Teachers Going Back to School

This year, I introduced you to my effort to hold myself accountable to my 2016 resolution: to increase my reading on topics of personal and professional growth. Over the course of this year, I’ve shared […]

The post 19 Books for Teachers Going Back to School appeared first on EducationCloset.

View full post on EducationCloset







#pso #htcs #b4inc

Read More

The post 19 Books for Teachers Going Back to School appeared first on Parent Security Online.

View full post on Parent Security Online