How Hard Is It To Become A Cyber-Criminal?

According to a recent article on Naked Security, not at all hard.  While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.

Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400.  And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically. ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 2

On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password.  Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.

I consider email account compromise to be one of the most personally harmful cyber-exploits.  When another person has access to your email ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 1

Let’s say I just hijacked your email account.  What can I do with it?

First thing, a hijacker would not announce his or her presence in your account.  Staying undetected is important so you do not change your password.  Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!

In order ...

Continue Reading →
0

Keeping Your Personal Information Secure

Certain personal records are a gold mine for cyber-criminals and identity thieves.  Highly targeted personal information include your medical records, tax information, social security number, driver’s license, and even odd bits such as utility bills, and retail or airline loyalty rewards points.  Any of this information can be sold on the Dark Web, or used directly to get free health ...

Continue Reading →
0

Passwords Are On Life Support

Passwords are not dead – not yet.  But they are on life support.  They are no longer enough to truly secure anything on their own.

I just read an sobering, eye-popping article on NetMux that discussed easy ways to crack passwords that are longer than 12 characters.

What makes this so disheartening for me is that I have been telling everyone to increase their password length ...

Continue Reading →
0

Credential Stealing Malware in PDF Attachments

On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims.  Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.

This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment.  The PDF variant uses Windows Powershell to install.  The ...

Continue Reading →
0

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

Facebook Searches Dark Web For Stolen Passwords

facebookThis actually is in the “good news” department.  The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites.  As we have discussed here many times, password reuse creates a serious security vulnerability.  If the cyber-crooks have your password for one site, they will try it on other ...

Continue Reading →
0

How Are Passwords Cracked?

password1The answer to this question is complicated, but not impossible to understand.  The first thing to know is that most passwords are not cracked by guessing, or trying thousands of possibilities one at a time on a typical login screen.  Most systems will lock the account after a certain small number of failed attempts, like 5 or 6. This makes the kind of password ...

Continue Reading →
1
Page 1 of 3 123