Category Archives: Data Breaches

  • 0

“Life’s A Breach”

Dear Blast Readers,

 

Does your company use third-party vendors? Do those vendors make data security a priority? Does your company allow third-party vendors to access your companies network?

 

Third-party vendors are companies that offer services that the primary company can not support. It is considered a business necessity with most companies to outsource data management, activity processing, and storage to third-party vendors. But, did you know putting your company’s data into the hands of third-party vendors puts your data at risk of being breached?

 

It is common for hackers to try and use third-party vendors to gain access to a business’s data. Yes, businesses may have their own cyber security protocols in place, but access must be given to third-party vendors. When access to a business’s network spans out to a third-party, this is when possible network security vulnerabilities are created.

 

All businesses are responsible for the data that they collect, transmit, use and process, and they are still responsible for that data even when the data is entrusted to a third party.

 

If a third-party vendor gets hacked the consequences for your business varies, depending on the seriousness of the hack. A less serious hack can cause your business to lose vital data, and confidential employee information can be compromised. If the hack is a serious hack there are a few things that can happen, ranging from intense media attention to bankruptcy.

 

Outsourced contractors are often the primary targets of data breaches. So, it is important for the third-party vendors to takes data security seriously. But, how can you be sure if a third-party vendor is a security-conscious vendor? Some signs that a third-party vendor is security-conscious are:

  • The vendors have comprehensive security policies & disaster recovery plans in place and are updated and reviewed regularly.
  • Data Back-ups and recoveries are performed regularly. In case of hardware failure, the vendor has back-up servers to avoid interruptions.
  • Internal security audits are performed regularly.
  • Employees that have access to company data are vetted carefully (thorough background checks are performed).

 

But, as important as it is to make sure that the third-party vendors take data security seriously. It is also just as important to make sure that the data is secure on your end. To do that it is important to:

  • Have a strong internal security policy.
  • Know what data is sensitive & where it is located on your system. Never give one person access to more than one portion of your sensitive data.
  • Know your responsibilities and rights, as well at know those of your providers.

 

Another important aspect of a data breach is the reporting requirements. Reporting requirements differ depending upon the state in which the breach occurs. Additionally, if a breach involves information of clients across state or country lines, other reporting requirements will come into effect. It is vital to know your state’s cyber security breach reporting requirements.

 

If you have any questions about Data Breaches, Cyber Security, Computer Forensics, or Reporting requirements contact FDS Global. You can reach us at our office at (954)727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Beware of the Facebook Notification Virus”

Dear Blast Readers,

 

You are on your Facebook account, answering messages, liking posts, watching videos, and commenting on your friend’s photos. Suddenly, you receive a message from your friend Sam. The message contains a link to a funny cat video in which a cat in a hat is dancing with a maraca in its mouth. The message below the video says “Hilarious video. You NEED to check it out!”. Without giving it a second thought you click on the link to view the video. But, instead of viewing the video you get redirected to a site that you don’t recognize or trust. Naturally, you exit out of the browser thinking that maybe Sam has attached the wrong URL. But, it is too late. Your device has already been infected.

 

Security experts have identified a form of adware that targets social media users tricking them into infecting their own devices. It is known as the “Facebook Notification Virus”. This virus displays messages saying that they are from Facebook. The “Facebook Notification Virus” creates many different forms of messages, including:

  • Friend Requests
  • Chat Messages

 

Some of the notifications that the user received are real copies of notifications that users would see on the real social media site (making the fake notifications seem legit). While other notifications are presenting new features. The purpose of this adware is to redirect users to specific websites, most likely malicious websites, so that the user’s device becomes infected with malicious software. This virus does not just lead users to malicious websites, it also:

  • Monitors User Activity
  • Collects User Information
  • Records Browsing History
  • Tracks Cookies
  • Tracks Keystrokes
  • Tracks IP Addresses
  • Tracks Geographic Location
  • Tracks Zip Codes
  • Tracks Demographic Profiles
  • Tracks Emails
  • Tracks Telephone Numbers
  • Tracks Usernames
  • Tracks Passwords

 

After all this information is collected, the collector, hacker, will then attempt to sell your confidential information on Darknet Markets, then falling into the hands of much more malicious cyber criminals.

 

So, how does this virus spread?

 

The “Facebook Notification Virus” can be spread a few different ways, including:

  • Freeware
  • Shareware
  • Pirated copies of paid utilities.

 

Another way that it can spread is through spam emails. The sender of the spam emails wants you to open the so that his or her tool can get inside your system and infect it.

 

To protect your data and system from the “Facebook Notification Virus”, if you receive any suspicious messages from “Facebook”, you should:

  • Check your system, because you may have been infected.
  • Be careful of the software that you allow in your machine.
  • Verify the email addresses of the “companies” that have messaged you (visit the contact page on the official website of the “company” to verify the email address).

 

If you have any questions relating to the “Facebook Notification Virus”, cyber security, or computer forensics contact FDS Global. You can reach us at our office at (954)727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Television: A Hackers Window Into Your Home

Dear Blast Readers,

 

It has happened. Your home has been invaded. The one place you thought that you were safe from anything malicious has been breached, and it is because of your smart TV. Smart TVs, being one of the most popular devices, present new security risks for users.

 

Hackers can gain access to your home through your TV, and they wouldn’t even need physical access to do so. The only thing that they would need is a “Low-Cost Transmitter”.  A “Low-Cost Transmitter” can easily be purchased online through third party vendors such as Amazon or EBay.

 

With this device, a hacker would be able to send radio signals that can be picked up by your Smart TV and any others within range of the transmitter. When the TV picks up the signal, the hacker has complete and total control of that TV. This then allows the hacker to get privileged access to the TV. Once access is gained, the hacker can cause chaos and harm in many ways, including:

  • The hacker could spy on you through the TVs camera and speaker.
  • The hacker could attack your other Internet connected devices such as: Computers, Tablets and Smartphones.
  • Hackers can access your stored credentials and personal data, putting your identity at risk.

 

Typically, infections are in the temporary memory. The steps to secure your devices varies from product-to-product. Some ways to protect yourself and your data include:

  1. Restart your device regularly.
  2. Secure your router.
  3. Be smart with your web-connected devices.
  4. Check firmware updates (manually if it does not automatically check for updates).
  5. Be vigilant for irregular activity occurring on your network.
  6. Place a piece of tape over your TV’s camera for a low-tech way to ensure privacy.

 

If you have any questions relating Security Risks and Cyber Security contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 2

“How Your Anti-Virus Can Turn On You”

Dear Blast Readers,

 

Imagine, you are sitting at your computer knowing that you did everything that you could to protect the files that are on it. You bought the best anti-virus software on the market, thinking that this would be your last line of defense. Now imagine the day you find out that your anti-virus software has been flipped and now works for the hackers. No one wants to believe that something that protects them could also be used against them. It is a nightmare when you find out that your anti-virus software is a double agent working for the hackers.

 

An Anti-Virus software is a computer program that is used for scanning, identifying, and removing viruses from your computer. Primarily, they are used to protect your computer. Now, image that this program that has access to all your files has gone to “the dark side” and has provided unfettered access to hackers. This type of attack used by hackers is called a “Double Agent” attack.

 

A “Double Agent” attack is an attack that takes over the anti-virus software of PC computers running Windows. This type of attack is performed by hackers. Once in control of the anti-virus software the hacker converts the anti-virus software into malware. The malware then acts on the hacker’s behalf to encrypt the files on the computer holding them for ransom.

 

A “Double Agent” attack can compromise the 14 major anti-virus software available. This type of attack can easily be executed by someone working out of their parent’s basement or a 13-year-old script kid. The way in which these individuals would infect a computer with a double agent attack can include having the user:

·        Access Malicious URLS

·        Download Malicious Attachments

 

To prevent the “Double Agent” attack from occurring, organizations and businesses should:

·        Monitor for spoofed emails.

·        Set up administration controls to prevent downloads from unknown sources.

·        Regularly update anti-virus software in all systems.

 

If you have any questions relating to “Double Agent” Attacks or Computer Forensics and Cyber Security contact FDS Global. You can reach us at your office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Don’t Let Your Data Scurry Away!”

Dear Blast Readers,

 

What comes to mind when you think about the threats to Cybersecurity in America?  The Russians? The Chinese? What can knock out a cities power grid in a blink of an eye? The Answer, it is something that is small and furry. It is the common Squirrel. You often see them frolicking across the top of fences and from tree to tree. Squirrels are the most prolific animal dominating the urban landscape. There are approximately 1.2 billion squirrels living all throughout America.

 

Each of these furry little creatures is a cyber time bomb waiting to happen. Since 2013, squirrels have been responsible for 879 “cyber” attacks across the United States. But how exactly do these malicious balls of fur cause such extreme problems for humans. Simply they chew through data lines or they become entangled in power lines.

 

When Squirrels chew through a data line for cable companies there are a myriad of issues that arise. Firstly, the way data lines work is that there is one central line installed near power lines that all homes and business connect to. If this central line is cut, perhaps from a squirrel, then the loss of connection can lead to data loss. Depending on the type of data loss, a computer’s operating system can become corrupted or important user files such as word documents, excel files, and power points can also become corrupted. The purpose of some forms of ransomware is the corrupting of files, rather than a virus implementing this digital travesty it is a squirrel.

 

When a squirrel becomes entangled in power lines the results are very shocking for all involved. When power lines become, damaged this can also lead to data loss or cyber security issues such as taking down firewalls. With a fire wall down computers can become open to exterior cyber-attacks. On a larger scale then homes and personal computers, power outages due to squirrels can affect power plants and businesses. If data loss is experienced on this scale the damage can exponentially increase.

 

Animals such as Squirrels, birds, rats and snakes have caused more than 1700 power outages affecting almost 5 million people in 2013. So, remember the next time you see a squirrel protect your data not your peanuts.

 

If you have squirrel related issues, contact your local animal control if you have any questions about Cyber Attacks or Cyber Security contact FDS Global. You can reach us at our office at (954) 727-1957 or by email: rmoody@fds.global. Please feel free to visit our website www.FDS.Global