↕
posted by Gary Eikenberry 2022-03-12
I've been asked if, in light of the war on Ukraine, should Kaspersky AV be trusted? While I can't necessarily give a definitive answer, I can suggest reading this post: https://basic-tutorials.com/news/ukraine-war-can-we-still-trust-kaspersky-co
If you're like me and tend to do online banking or anything else that requires you to log in on your phone when you're connected via a public wifi hotspot or using your G4 or whatever data connection you shouldn't place too much trust in that "secure connection" padlock icon. Using a VPN service adds a much greater level of protection as well as defeating trackers.
Why make it easy for the nasty side of the internet to turn you from a user to a victim?
"I think we've been hacked." The call came from a family law firm. In fact the problem started with a "click bait" email which compromised one of the partner's address book followed by an email appearing to be from a client with an attachment which, when opened, installed a key-logger giving some unknown third party access to all manner of passwords, sensitive files and other information.
They were relatively lucky this time. The mistake was detected, passwords were changed and, although some data was compromised, they weren't hit with ransomware and security holes were plugged.
Sometimes anti-malware apps can give a false sense of security. There is no substitute for informed and vigilant users and safe-computing practices.
Many people think of a VPN as nothing more than a way to circumvent geo-restricted content, but a VPN can be just as important for safe computing as your anti-malware software. I you don't know why, take a look at
https://www.forbes.com/sites/leemathews/2017/01/27/what-is-a-vpn-and-why-should-you-use-one/#4be73ed14b8fWe live in an era where the vast majority of individuals seem to be more than willing to trade privacy and data security for connectivity -- or at least what passes for connectivity on social media, all to often leaving themselves easy marks for insidious click-bait.
More and more of the recovery operations we've had to do on clients' devices recently aren't due to hacking but ill-advised clicking. Please think before you click and back up regularly.
We live in an era where the vast majority of individuals seem to be more than willing to trade privacy and data security for connectivity -- or at least what passes for connectivity on social media, all to often leaving themselves easy marks for insidious click-bait.
More and more of the recovery operations we've had to do on clients' devices recently aren't due to hacking but ill-advised clicking. Please think before you click and back up regularly.
In our current political and economic environment it would be naive to assume that any government or large organization (criminal or otherwise) wouldn't be concerned, not only with protecting their own data, but also exploiting the vulnerabilities of their competitors.
Is your hardware safe? If Meltdown & Spectre and NSA back doors weren't enough now there's the Bloomberg Report of Chinese infiltration of a major server supply chain. What should you fear?
https://www.servethehome.com/bloomberg-reports-china-infiltrated-the-supermicro-supply-chain-we-investigate/Take this seriously! My organisation was hit. 3 users lost a week of email and about 50 documents. Gary's team got us back up and running at a cost that amounted to less than the demanded ransom. But even if it had been more, better that than supporting the criminals who may or may not have coughed up the encryption keys. Only the fact that our file server doesn't run on Windows saved us from more devastating circumstances.
A recent ransomware crisis we were called upon to help remedy resulted in > 30 billable hours of support time and 2 days of lost productivity. In the end there was minimal data loss because of a solid backup strategy and a quick realization and response. But this was far from trivial.
2 days later we received a call from another client who had been hit by the same exploit. They weren't as quick to realize what they were facing and their latest backup was compromised, resulting in 2+ days of downtime and 6 days of lost data.
Safe computing practices and personnel policies to teach them and make them mandatory are absolutely critical in the current IT environment. If you use email or a web browser (and who doesn't?) you are vulnerable. If you don't take steps to protect yourself your are naive.
The recent media uproar about the WannaCry exploit has, once again, brought the issue of computer security to the forefront but some clarification is called for. First, this was not a case of hacking as it has been mislabeled. It was, in fact, a particularly virulent example of malware which, by all indications, required user action, such as opening an email attachment or a web link, to launch the code that did the damage.
If anything, the damage done in this case should serve to underscore the basic tenets of safe computing:
1. Regular backups are critical.
2. All systems should be kept up to date. Old and unpatched operating systems and software are as dangerous to computer networks as broken floorboards or windows are to a house.
3. Policies and user training to prevent the user actions which invite malicious code into networks are equally important: the best locks and alarm systems for your home aren't much help if its residents open the doors indiscriminately to anyone and everyone who comes along.
Don't trust Apple to keep you safe! An ill-advised click on a website that was probably bogus in the first place created a real mess.Malware designed for Windows can't harm OS-X, but a Java applet launched by a click doesn't care what your operating system is.
Today we were hit for the second time in less than a month with "fake" ransomware. Fake because the files on the PC aren't really encrypted but you can't get past the message that says they are. By removing the hard drive and accessing it as an external device Gary was able to save the files and then restore the PC from a cloned image before reloading the files copied from the drive before it was re-done.
Fake or real, ultimately the only solution to these attacks is a good drive clone and/or backup.
Whatever you do, don't pay these idiots to encourage this scourge.
Overheard in a pub: "This whole computer virus thing is just a protection scam perpetrated by the guys that make the software." Malware is indeed a big business but the ones getting rich are not the anti-malware software companies. Ransomware, on-line identity and credit card theft are major revenue streams for organized crime and terrorism. Failure to protect yourself with safe computing habits amounts to aiding and abetting.
And most anti-malware software, especially the free versions that most people use, will not, on its own, protect you from things like phishing exploits and clicking sketchy links or "OK" buttons without understanding what you're accepting or agreeing to.
Good point! Ask yourself "How much does a good backup strategy cost?" Then ask yourself "How much would it cost us to recover from a ransomware attack or some idiot unplugging a running server to plug in a hoover?" You can buy anti-malware products but they aren't foolproof. To protect yourself from fools (or machine failure or nasties that slip through the anti-malware gaps) you need backups!
The importance of backups can't be over-emphasized. One of our laptops was hit with ransomware. Probably from opening an email or a website. Fortunately it was discovered before anything got introduced to our server. Even though paying to have the laptop recovered cost less than paying the ransom the most recent backup for the laptop was almost 2 months old so the lost data also represented a cost.
Take this seriously. Failure to do so can cost time, money and loss of opportunity. Believe me. I'm speaking from experience.
It's important to stress that running something other than Windows can no longer (if it ever did) keep you safe. Lately we've been seeing a number of web-based exploits that are what we refer to s operating system agnostic, which is to say that they attempt to do their dastardly deeds regardless of what system you're booting. If you use a browser and are connected to the Internet you are potentially vulnerable. Of course this type of threat generally requires that you visit a compromised website, but without the proper protection you won't necessarily know that the site you're visiting is compromised.
A staff member for a client organisation recently thought she was clicking a link that would take her to eBay. By the time she realized that the "eBay" that the link had sent here to was not the real thing, the damage was already done. Not only had she given up her eBay account access information, but the malicious code that had run in the background had installed a downloader worm on her office workstation.
Whatever your operating system or computing environment, a few simple habits can help protect you from malware and other threats which can transform your computer into a portal to a nightmare of hijacked email, ransomed data, stolen passwords or even stolen identities and other disasters. Just as I tell students in my self-defence and street-proofing classes, I don't intend to make you paranoid, but want to stress the importance of arming yourself with some information and techniques to make you safer. Have a look at
http://www.geconsult.ca/safe.php for an overview on safe computing.
