All posts by Eric Peterson

The Human Aspect of Cybersecurity: Social Engineering

Despite the constant advancement of technology protections, human psychology continues to be a constant and susceptible target in the field of cybersecurity. This weakness is exploited by social engineering, which uses human behavior manipulation rather than digital code cracking to gain unauthorized access to systems, data, or physical areas. Social engineers expertly trick people into disclosing private information or taking particular activities using strategies that prey on emotions, trust, and curiosity. Understanding the subtleties of social engineering is increasingly important as the digital era develops, underscoring the crucial significance of awareness and education in protecting people and businesses. Here are our Top 10 Social Engineering Attacks.

Top 10 Social Engineering Attacks

Phishing:

• Description: Attackers send fraudulent emails appearing to be from legitimate sources to get individuals to reveal sensitive information.
• Avoidance: Verify email addresses, especially for unexpected messages. Don’t click on suspicious links. Use email filters.

Spear Phishing:

• Description: A more targeted version of phishing where specific individuals or organizations are attacked.
• Avoidance: Regularly update and patch systems. Train employees to recognize such attempts.

Vishing (Voice Phishing):

• Description: Fraudulent phone calls where scammers pretend to be from trusted organizations to gather sensitive data.
• Avoidance: Don’t give out personal information over the phone unless you initiate the call. Verify unexpected callers by hanging up and calling back through an official number.

Baiting:

• Description: Attackers lure victims with the promise of goods to steal information or infect systems.
• Avoidance: Be skeptical of too-good-to-be-true offers. Download software or content only from trusted sources.

Tailgating/Piggybacking:

• Description: An attacker seeks entry to a restricted area without proper authentication by following someone with authorized access.
• Avoidance: Ensure physical security measures. Don’t let strangers in without verification.

Pretexting:

• Description: Attackers fabricate situations to steal victims’ personal information.
• Avoidance: Be wary of unsolicited communications. Verify identities before sharing any information.

Quizzes and Surveys:

• Description: Scammers use fun quizzes or surveys to gather personal information.
• Avoidance: Don’t participate in random online quizzes, especially those asking personal or security questions.

Waterholing:

• Description: Attackers infect websites frequented by a targeted group.
• Avoidance: Keep software and browsers updated. Use security software that can detect malicious websites.

Scareware:

• Description: Fraudulent claims about malware infections to scare users into installing malicious software.
• Avoidance: Don’t panic when faced with such alerts. Verify through trusted security software.

Honeytrap:

• Description: Attackers use an individual (real or fake persona) to form a relationship with the target to gather information.
• Avoidance: Be cautious with strangers online, especially if they’re overly interested in sensitive or work-related topics.

General Prevention Tips:

1. Regularly educate and train employees about social engineering tactics.
2. Maintain up-to-date security software.
3. Encourage skepticism and verification in all communications.
4. Use multi-factor authentication for accounts.

Conclusion:

While we arm our systems with the newest technology defenses in the ever-expanding digital frontier, it’s critical to remember that the human element still represents the most vulnerable point of entry. The important relationship between psychology and cybersecurity is highlighted by social engineering, which serves as a reminder that not all dangerous threats are coded but rather are intended to persuade. Fostering awareness, alertness, and ongoing education against these deceptive methods becomes prudent and essential as we continue to navigate an interconnected world. After all, information is undoubtedly our best weapon in the fight against social engineering.

You may also find this article and video by the FBI interesting. Also, our article on recovering from a social media scam may be helpful.

If you’ve fallen victim to a social media scam, it’s important to take swift and thorough actions to protect your information and prevent further harm. Here’s a detailed guide to reporting and recovering from such an incident:

1. Identify the Scam:

• Common Social Media Scams:
  • Fake giveaways or contests.
  • “See who viewed your profile” scams.
  • Messages from fake profiles or impersonated friends asking for money or personal information.
  • Clickbait links leading to malicious sites.

2. Change Your Passwords:

• Start with the compromised social media account. Then, change passwords for other important accounts (especially if you reuse passwords, which is not recommended).

3. Check Account Settings:

• Look for any unauthorized changes. This includes checking linked email addresses, phone numbers, and third-party apps with account access.

4. Enable Two-Factor Authentication (2FA):

• Enable MFA/2FA on your social media accounts and any other accounts offering this added security layer.

5. Scan for Malware:

• If you clicked on any suspicious links or downloaded files, scan your device with a reputable antivirus or antimalware software. Preferably, scan with multiple. For example, if you already have Bitdefender installed, scan with Norton Power Eraser, Emsisoft EEK, Malwarebytes, and Eset Online Scanner.

6. Report the Scam to the Social Media Platform:

• Platforms like Facebook, Instagram, Twitter, and LinkedIn have dedicated reporting mechanisms for scams and fake profiles.
  • For instance, on Facebook, go to the specific profile or page > click on the three dots (…) > choose ‘Find Support or Report Profile’ > follow the prompts.

7. Document Everything:

• Take screenshots of the scam, including messages or posts.
• Document any financial losses or unauthorized transactions.

8. Contact Your Bank or Credit Card Company:

• If you’ve shared financial information or believe your financial accounts have been compromised, notify your bank or credit card company immediately. They can guide you on the next steps, including disputing charges or issuing new cards.

9. Monitor Your Accounts:

• Keep an eye on financial and online accounts for any unusual activity.

10. Report to Authorities:

• Depending on the severity, consider filing a report with local law enforcement.
• In the U.S., you can report online scams to the Federal Trade Commission (FTC) via their website.

11. Educate & Spread Awareness:

• Inform your friends and followers (without sharing scam links) about the scam to prevent them from falling for it.
• Educate yourself on common online scams to protect against future threats.

12. Check for Signs of Identity Theft:

• If personal information was shared, monitor for signs of identity theft. Consider signing up for identity monitoring services.
• Consider placing a fraud alert or credit freeze on your credit reports for U.S. residents.

13. Review Privacy Settings:

• Review the privacy settings on your social media accounts to ensure you’re only sharing information with trusted individuals or networks.

Remember: Scammers constantly evolve their tactics, so always be cautious. Never share personal or financial information unless you know an entity’s legitimacy. Regularly educating yourself about the latest scam trends can help you stay one step ahead and help you recover from a social media scam. You may also like our article on recognizing when your computer has a virus; read it HERE.

For further info from Tripwire, click HERE, and from the FTC, click HERE.

Malware Cannot Always Remain Hidden, Not Even In Memory.

In contrast to writing to disk, several sophisticated malware strains are built to run solely in system memory. This “in-memory” method is frequently employed to get around typical antivirus and antimalware programs that examine disk data. Malware isn’t necessarily invisible merely because it’s not present on the disk.

Since the virus must be executed to carry out its intended job, it will suck up system resources, leave a trail in system logs, or trigger observable network activity. These dangers can be discovered with the aid of instruments like memory forensics.

Symptoms of a Malware Infection

Even while malware frequently strives to remain undetectable, it frequently leaves some traces behind. The following are some warning indicators that your computer may be infected:

1. Sluggish Performance: Malware can occasionally be blamed for a sudden slowdown in your computer’s performance by utilizing system resources.
2. Unwanted Pop-ups and Advertising: If you see pop-ups and advertising that you didn’t previously see, especially those that urge you to click on dubious links or advertise antivirus software, it could be adware or another type of malware.
3. Unusual Network Activity: Data use spikes or mysterious network traffic may indicate that malware sends or receives data to or from your device.
4. Security software turned off: In an effort to defend themselves, certain malware can turn off your firewall or antivirus program.
5. Unusual Files and Apps: If you discover new files or applications that you didn’t install, this may be a symptom of an infection.
6. Frequent system crashes or the “blue screen of death” can be a sign, albeit they are not just caused by malware.

Getting Rid of a Malware Infection

Here’s what to do if you believe you have a malware infection:

1. Your machine should start up in Safe Mode. This will prevent most viruses from starting by starting your computer with a minimal set of drivers and services.

• Update and Scan: Run a comprehensive system scan and update your antivirus and antimalware software.
• Use Specialized Tools: Some malware is able to bypass traditional antivirus programs. Specialized malware eradication programs can be useful in these situations.
• Backup and Clean Install: You might need to perform a backup of your important information and a clean installation of your operating system if the infection is serious.
• Change Passwords: After eliminating spyware, particularly that intended to steal personal information, change all of your passwords.
• Stay Current: Update your operating system and software frequently. Numerous malware variants take advantage of well-known flaws in out-of-date software.

Malware is a serious threat, but the fact that it must be allowed to function (run) gives us a considerable edge in terms of identification and mitigation. Always be on guard, keep your software up-to-date, and be wary of what you download and open. Your safety online depends on it.

You may find our article on using Netstat to detect rogue connections interesting, read it HERE.
Additionally, here’s what Microsoft says on removing malware.

Netstat is a command-line utility available on Windows operating systems that allows you to display information about network connections, routing tables, interface statistics, masquerade connections, etc. You can use netstat -ano to see active network connections and their associated process IDs (PIDs), which can help you identify potential rogue connections to your machine.

Here’s a step-by-step tutorial on how to use netstat and the most common switches (-ano).

Step 1: Open Command Prompt

• Press Win + R to open the Run dialog.
• Type “cmd” and press Enter to open the Command Prompt.

Step 2: Run netstat -ano

In the Command Prompt window, type the following command and press Enter:

netstat -ano

This command will display a list of active network connections and associated PIDs.

Step 3: Analyze the Output

The output of netstat -ano will have several columns:

• Proto: Indicates the protocol used (e.g., TCP, UDP).
• Local Address: Shows the local IP address and port.
• Foreign Address: Displays the remote IP address and port.
• State: Shows the state of the connection (e.g., ESTABLISHED, TIME_WAIT).
• PID: Indicates the Process ID associated with the connection.

Here’s how to analyze the output:

• Look for any unfamiliar or suspicious IP addresses in the “Foreign Address” column. These could potentially be rogue connections.
• Check the “State” column to see if any connections are in unusual states (e.g., TIME_WAIT for a long time).
• Identify the PID associated with each connection in the “PID” column. You can cross-reference this PID with the Task Manager to determine which process is responsible for the connection.

Step 4: Investigate Suspicious Connections

If you find any connections that you suspect are rogue or unwanted, take the following actions:

1. Identify the Process: Use the PID from the “PID” column to locate the associated process in Task Manager. Right-click the Taskbar, select “Task Manager,” go to the “Details” tab, and find the process with the matching PID.
2. Research the Process: If the process is unfamiliar or suspicious, research it online to determine if it’s legitimate or potential malware. Be cautious before terminating any processes.
3. Terminate Suspicious Processes: If you’re certain that a process is malicious or unwanted, you can end the process in Task Manager by right-clicking the process and selecting “End Task.” However, exercise caution, as terminating critical system processes can cause system instability; know what you’re doing.
4. Firewall and Antivirus: Ensure that you have a firewall and antivirus software installed and updated. They can help detect and block unwanted network connections and malware.

For more switches and details, visit Microsoft’s documentation on Netstat here. You may also like our article on detecting malware on your machine.

“HyperText Transfer Protocol Secure” is what HTTPS stands for. It is the standard protocol for sending and getting data over the web, but it adds an extra layer of security. This extra protection is shown by the “S” in HTTPS.

When you use HTTPS to connect to a website, the data you send and receive is protected. This means that even if someone gets a hold of the data, they won’t be able to figure out what it says because it has been turned into a code. The data is encrypted, so only the website and your browser have the “keys” to decode and read it.

The Padlock Icon: When you visit a website, you might see a small padlock icon in the address bar, usually next to the website’s URL. This padlock lets you know that the website uses HTTPS and is safe for entering your data; it has an SSL/TLS certificate. The website has a confirmed layer of protection that ensures the information your browser sends to the website stays private and safe.

When HTTPS and the padlock are used together, users know that their data is protected and that the website they’re using has been verified as a safe place that cares about protecting user data. This is especially important for websites where private information is shared, like credit card numbers or personal information.

In this hyper-connected digital age, the internet’s complexity is sometimes hidden by its ease of use. Clicking on a link or entering in a URL opens up a world of knowledge, entertainment, and social interaction, hiding the complex protocols, servers, and data exchanges behind the scenes. Instantaneous global connectedness, once a dream, is now part of our daily lives, so we forget its impact. Human creativity has made such a powerful instrument as ordinary and intuitive as flipping a light switch, but we must occasionally pause and appreciate the internet’s technology and teamwork.

Accessing the internet from any device involves multiple intricate steps. Here’s a granular breakdown of what typically happens:

1. Input URL & Initial Check: You input a URL (e.g., www.cybertipsguide.com) into a web browser. The browser checks its cache to see if it already has the IP address for the URL.
2. Hosts File: If the IP address isn’t in the browser’s cache, the computer checks the local “hosts” file for any static entries that match the domain name.
3. DNS Query: If the “hosts” file doesn’t contain the domain’s IP address, the system queries a DNS (Domain Name System). First, the computer contacts a local recursive or caching DNS server, often provided by your ISP. If this server doesn’t have the IP address cached from previous requests, it will proceed with the DNS resolution process. DNS Resolution Process: Root Name Server: The DNS resolver queries a root name server, which responds with the address of a Top-Level Domain (TLD) server. TLD Name Server: The resolver then asks the TLD server (e.g., .com) about the specific domain. Domain’s Name Server: The TLD server responds with the IP address of the domain’s name server. The resolver then queries this server.
4. Obtain IP Address: The domain’s name server finally provides the IP address for the domain, which gets sent back to the computer.
5. ARP (Address Resolution Protocol): Before the computer can send data packets to the web server, it needs to know the physical MAC address of the next device in the data path, usually your router. If your computer doesn’t already have the router’s MAC address cached, it uses ARP to obtain it. The computer broadcasts an ARP request onto the local network, asking, “Who has this IP address?” The device with that IP (usually the router) responds with its MAC address.
6. Establish Connection: With the web server’s IP address and the router’s MAC address known, the computer initiates a connection using the TCP/IP protocol. This involves a TCP “three-way handshake” to establish a reliable connection: The computer sends a SYN packet. The web server replies with a SYN-ACK packet. The computer responds back with an ACK packet.
7. Data Transfer: Once the connection is established, the browser sends an HTTP request to the web server, asking for the desired webpage. The web server processes the request and sends back the requested data, usually as an HTTP response containing web content like HTML, CSS, and JavaScript.
8. Render the Page: The browser receives the data and processes it. It will render the page, execute scripts, apply styles, and display content.
9. Close Connection: After the data transfer is complete and the webpage rendered, the computer sends a message to terminate the TCP connection with the server. This involves another handshake: The computer sends a FIN packet. The server acknowledges with a FIN-ACK. The server sends its own FIN packet. The computer responds with an ACK, finalizing the termination.

This entire process, spanning from entering a URL to viewing a fully loaded webpage, might seem lengthy, but with modern technology, it usually takes mere seconds.

You might enjoy reading more about how DNS works, visit Microsoft’s article. You should also read our article about Netstat.

Games and third-party applications that you permit to access your social media accounts, like Facebook, can compromise your account’s security and privacy in various ways:

Data Access and Collection: When you grant permissions, you often allow these apps to access personal information, such as your name, profile picture, email, and friend list. This data can be stored, analyzed, and potentially sold by the third-party application or used for targeted advertising.

Post on Your Behalf: Some apps may gain permission to post content on your behalf, which means they can share posts, images, or updates without your direct intervention, potentially misleading or spamming your friends.

Data Sharing and Selling: Once these apps collect your data, there’s no guarantee of its security. If the app’s company decides to sell or share data with another party, your information may be disseminated more widely than you realize.

Malicious Applications: Not every game or app is developed with good intentions. Some might be malicious software in disguise, aiming to gather more than just basic information. This might include login credentials, which can be used to compromise your account or, worse, financial information if connected.

Expanded Attack Surface: Every third-party app connected to your social media account represents another potential vulnerability. If the third-party app has weak security or gets compromised, attackers might exploit that weakness to get deeper into your account or extract more sensitive information.

Excessive Permissions: Sometimes, apps request more permissions than they actually need for functionality. For instance, a basic quiz game might not need access to your entire friends list or your location, but if granted, it increases unnecessary exposure.

Long-Term Access: Many users forget about the apps they’ve connected to their accounts. Over time, these allowances accumulate, and users might not even remember what apps have access to, leaving them vulnerable to breaches from services they no longer use.

Location Sharing: Some apps might request access to your real-time location, which, if misused or accessed by malicious parties, can compromise your physical safety.

Prevention and Best Practices

• Regularly Review Permissions: Check the list of apps and websites with access to your social media accounts. Remove any that are no longer used or seem unnecessary.
• Limit Permissions: Only grant essential permissions. If an app requests access that doesn’t seem relevant to its functionality, it’s a red flag.
• Use Trusted Apps: Only connect apps or play games from reputable developers. Look for reviews or news about the app to ensure its legitimacy.
• Be Wary of Freebies: If an app promises too-good-to-be-true rewards, such as significant amounts of in-game currency, for linking it to your social media, be cautious.

By being discerning about what apps you allow and regularly reviewing permissions, you can enjoy games and third-party apps without compromising the security of your social media accounts.

Learn how to detect malware on your machine in this article. You can learn how to adjust the settings on your devices in this article.

The arrival of 5G heralds a new era in wireless technology, promising faster speeds, lower latency, and a more interconnected world. However, with these advances come new challenges, especially in the realm of security. Both consumers and cybersecurity teams must be aware of the potential threats and vulnerabilities associated with 5G. Let’s delve into what these are and how to prepare for them.

The Promise of 5G:

5G is not just about speed, though that’s a significant advantage. It’s about creating an infrastructure that supports a vast ecosystem of interconnected devices, from smartphones to self-driving cars, smart homes, and the broader Internet of Things (IoT). This expansive connectivity will lead to more data being transmitted and, consequently, more potential points of vulnerability.

Consumer Concerns:

• Privacy Risks: As more devices connect, more personal data gets transmitted over the network. This proliferation of data can make consumers more susceptible to privacy breaches.
• IoT Vulnerabilities: Many IoT devices, like smart thermostats or refrigerators, may lack robust built-in security features, making them potential entry points for malicious actors.
• Network Spoofing: Cybercriminals can set up rogue 5G towers to mimic legitimate networks, tricking users into connecting and potentially intercepting data.
• Cybersecurity Team Concerns:
• Expanded Attack Surface: The vast number of connected devices means there are more potential entry points for cyberattacks.
• Supply Chain Vulnerabilities: As 5G infrastructure is built out, there’s a risk of vulnerabilities being introduced through equipment suppliers or service providers.
• Network Security: Traditional security measures might not be sufficient for 5G’s architecture, necessitating the development of new strategies and tools.
• State-sponsored Threats: As 5G becomes a backbone of global communications, state-sponsored actors might see it as a high-value target, requiring a higher level of defense strategy.

What Can Be Done?

For Consumers:

• Educate Yourself: Understand your devices, how they connect, and what data they transmit.
• Update Regularly: Ensure your devices receive regular security updates.
• Secure Connections: Only connect to trusted networks; be wary of public Wi-Fi, even if it’s 5G.

For Cybersecurity Teams:

• Continuous Monitoring: Adopt real-time monitoring tools that can detect unusual activity on the network.
• Embrace Zero Trust: Given the vastness of 5G networks, consider a zero-trust model where every request is verified.
• Collaboration: Work closely with service providers, equipment suppliers, and industry groups to share information about threats and best practices.

Wrapping Up:

5G is an exciting technological leap forward, but with its capabilities come new challenges. By being proactive and informed, both consumers and cybersecurity teams can enjoy the benefits of 5G while effectively managing the associated risks. The future is connected, and it can also be secure with the right precautions.

You can read more about 5g in this article. You may want to read about what actually happens when you connect to the internet.

Entering the cybersecurity field can be complex but can be approached from various angles, depending on one’s background, interests, and career aspirations. Here are the top 25 ways to pivot into a cybersecurity career.

• Educational Background: Pursue a bachelor’s degree in fields like Computer Science, Information Technology, or Cybersecurity.
• Certifications: Acquire foundational certifications like CompTIA Security+, CySA+, Isaca’s CCSF, (ISC)² SSCP, or Cisco’s CCNA CyberOps.
• Advanced Certifications: Consider professional-level certifications such as CISSP, CISM, CRISC, CISA, GSEC, CEH, and CHFI.
• Internships: Secure internships at tech companies or firms with IT departments to gain practical experience.
• IT Roles: Start in broader IT roles like network administration to build foundational knowledge.
• Bootcamps: Enroll in cybersecurity boot camps to acquire hands-on skills quickly.
• Online Courses: Leverage platforms like Coursera, Udemy, or Cybrary for specialized courses.
• Networking: Attend cybersecurity conferences like BSides, Black Hat, DEF CON, or local meetups.
• Capture The Flag (CTF) Competitions: Participate in these competitions to hone practical hacking skills.
• Specialize: Focus on niche areas like penetration testing, cybersecurity analysis, or compliance.
• Higher Education: Consider pursuing a master’s or other advanced degrees in cybersecurity or related fields (check into Western Governors University, for example)
• Cyber Ranges: Practice skills in simulated environments like cyber ranges.
• Government Programs: Explore cybersecurity training programs offered by government agencies.
• Research: Conduct vulnerability research or ethical hacking to discover and report security flaws.
• Blog or Content Creation: Share knowledge, write articles, or create videos to build a presence in the cybersecurity community.
• Open Source Contribution: Contribute to open-source cybersecurity projects on platforms like GitHub.
• Join Professional Organizations: Become a member of groups like ISACA, (ISC)², or SANS.
• Military or Law Enforcement: Several defense and law enforcement agencies have dedicated cyber units.
• Freelance Work: Offer freelance services for vulnerability assessments, penetration testing, or cybersecurity consulting.
• Stay Updated: Regularly read cybersecurity news from Bleeping Computer, KrebsOnSecurity, or The Hacker News.
• Home Lab Setup: Set up a home lab to experiment, practice skills, and test new tools.
• Job Platforms: Regularly check job platforms like LinkedIn, CyberSecJobs, or InfoSec Jobs for opportunities.
• Soft Skills: Develop skills like communication, essential for roles that convey technical findings to non-technical stakeholders.
• Diversify Skills: Learn about related areas such as data privacy, compliance, or risk management.
• Mentorship: Seek mentors in the field to guide your career path and provide industry insights.

---

Additional Tips and Salary Insights

Continuous Learning

The cybersecurity field is ever-evolving. Dedicate time for regular learning to stay updated with the latest threats and defense mechanisms.

Networking: Building strong professional relationships can open doors to job opportunities and collaborations.

Typical Salaries (U.S. figures as of 2022, which may vary depending on location, company, and experience):

• Entry-Level Cybersecurity Analyst: $55,000 – $90,000
• Cybersecurity Engineer: $85,000 – $130,000
• Penetration Tester: $80,000 – $130,000
• Information Security Manager: $105,000 – $165,000
• Chief Information Security Officer (CISO): $150,000 – $300,000+

It’s essential to note that salaries can vary widely based on location, years of experience, industry demand, and individual qualifications. Refer to the latest industry reports or salary surveys for the most up-to-date figures.

Use this interactive mapping if you’re interested in cyber but unsure of the path or role. You can always find something new and exciting in understanding blue teaming, such as monitoring bad actor activity on the dark web; read more here.