Weekly Security Roundup #55: Getting the Fundamentals Right
Cyber security starts with simple things that anyone can do (that means you too)
How has your week been so far?
Before you head off to enjoy the weekend, let’s review together the most important security news of the week.
And before we jump to the list, maybe you’d like to read more about the main types of attacks that target home users. We know it’s difficult at times to figure out which types of threats you should really worry about, so we made this simple list you can rely on.
You’ll find more examples that are part of this category in the Weekly Security Roundup below, so getting the basics will make the news more relevant and helpful.
Security articles of the week
We already know that ransomware creators operate like business owners, so here comes more proof:
A new service launched this week is offering a new Ransomware product under the name CryptoLocker to anyone willing to pay ten percent of the collected ransom.
For now, only Windows users are in the crosshairs, but the ransomware makers say they’re going to expand to include other platforms as well.
Talos published a very interesting analysis that shows how tech support scammers work, given that they’ve been very visible lately. Their reverse engineering shows details that will make you more attentive when dealing with such threats.
One of the hottest debates this week was around the ProtonMail DDoS attacks, which were very strong and persistent. The email service provider admitted that they paid a $6000 ransom for the attackers to stop, but that they wouldn’t do it again.
Is this moral? Would you pay if you were them?
Making a website or an email look legitimate is an essential part of the infection process. If the potential victim isn’t persuaded to open the email, click the link or download the attachment, than the target is missed. So cyber criminals try to get their hands on actual, legitimate certificates to make their attacks pass the usual verification stages.
In their arsenal, cyber criminals value good targeting highly. They want to hit as close to home as possible, so they harvest information about you, your habits, your family and friends, your job and your hobbies. They work up a scenario so when they hit you’re convinced that they’re legit.
It’s amazing how little attention users pay to the most basic cyber security measures:
The same group of teenage hackers that hacked the AOL email account of the CIA director John Brennan two weeks ago has now hacked into AOL email accounts of the FBI Deputy Director, Mark Giuliano and his wife.
What made it so simple? Here’s a potential explanation: not paying attention to authentication basics.
You may have old apps you haven’t used in a while on your PC, but don’t disregard them – they can be a huge security risk! If you don’t use them constantly, it’s better to uninstall them altogether.
8. Gmail & Facebook work to improve your security and privacy
Google and Facebook are not at the forefront of security and privacy, but these two features coming soon can be handy: Gmail will soon warn users if they receive emails sent over unencrypted connections and Facebook will also offer self destructing messages, like Snapchat does.
This opinion piece makes a very good point:
The fact is that many security vendors have built technologies around a defensive perimeter. But times have changed; businesses now operate across the Internet and data doesn’t sit nicely behind a walled garden anymore. The next generation of security solutions needs to address problems being created today, not yesterday.
Spam is getting more diverse and cunning each time. The latest report from Kaspersky Lab shows how seasonal spam impacts users and the latest tactics employed by cyber criminals.
Never a dull week in cyber security. We find ourselves circling back to the same basic advice, because, before talking about more advanced cyber security measures, we must ensure that the fundamentals are covered.
Don’t know where to get started? Here’s a top tip.