Categories
Podcast Episodes Uncategorized

Tis the Season for Cybercrime: 5 Things you can do to protect yourself this holiday season.

Hello again internet, its me your host the Script Kitty: Killer Kat! Once again the holidays are right around the corner and I have a special gift for you, 5 things you can do to protect yourself from cyber crime this holiday season.

Whether you are looking under the tree for a new VR headset, a smart home device, or anything else WiFi enabled there is one thing for sure, black hat hackers are waiting for their own present, the thousands of unpatched devices that go online every year on December 25th. Every holiday season thousands of people receive new devices as gifts and in a rush to use their new devices many people, especially younger people skip installing device updates before connecting and using the device. To a hacker an unpatched device is a goldmine, many security updates contain fixes for well known security issues and when a device is left unpatched it allows hackers to gain easy access by exploiting well known security flaws. Because cyber criminals know lots of unpatched devices will go online on December 25th many of them search for and target these unpatched devices, but the good news is that knowledge goes both ways and that brings us to my first tip: Update and setup devices before gifting them. If you have a game console, computer, phone, or any other device you are planning to gift to someone this year (especially if that person is younger) take the time to install software updates and set up the device before hand. Not only will this protect the device from opportunistic cyber criminals but it will also save your loved ones valuable time spent waiting for software updates to download and install on Christmas morning.

Installing software updates will keep your devices from getting hacked through outdated software but what about more deceptive social engineering based attacks. Well its sad to say but the holidays are a prime time for cyber scams such as phishing, with many cyber criminals exploiting the chaos of the holidays to craft convincing looking emails or phone scams designed to trick you into loosing your valuable data. If you get an email that informs you of a problem (Usually with an online shopping order) and provides a link that then asks you to reenter your login information, then there is a good chance that you have fallen victim to a classic phishing scam. Lucky I have some tips to help you avoid these scams, if you are presented with a login page close that page of your browser and manually enter the website directly, this prevents hackers from using fake websites to steal your login information. Even though the idea of a fake website seems a little crazy at first glance, through a combination of almost identical URLs and exactly copying the original webpage’s HTML (Which is the information your web browser uses to show you what a website looks like) these fake websites have fooled even experienced Cybersecurity experts and high ranking government officials.

On the topic of shopping online, this next topic is something I’ll be exploring in future episodes so if you haven’t already please consider subscribing so you don’t miss out on those and all the rest of the fascinating content I have in store for the CyberKat Cafe! With that said our third topic is online shopping. Be it fake 5 star reviews, counterfeit and mislabeled goods, or even straight up scams the holiday season is rife with online shopping based cyber attacks. Some things to watch out for while shopping online are: Fake 5 star reviews, many online brands have been bribing regular users on sites like Amazon to leave 5 star reviews in exchange for free products and sometimes cash or gift card payments. While this goes against the rules of basically every online market place I have reported this behavior directly to amazon and they declined to comment, I’ll also note that as of time of writing they have also not taken visible action against the companies and people involved in this. So since Amazon is not going to take these reviews down, I’ll help you spot them. The first thing to look for are vague 5 star reviews that don’t really say anything about the product, usually something like “Its great!” or “I bought this for someone and they loved it!”, especially look out for “I haven’t received/used this yet but it looks great!” many of these fake 5 star reviews get a rebate on the purchased item that is only applied once they have left the review so they will often times leave a review before they actually get the product so they can get their rebates early. I’ll be going further in depth on my research into this issue so if that is something that interests you watch this space.

Another thing to look out for while shopping online is SEO or Search Engine Optimization. Now SEO by itself is not malicious, perhaps a little manipulative or deceptive but never the less a standard practice used by organizations to improve online visibility. SEO takes advantage of the way search algorithms work to make something appear more frequently or higher up in searches. Have you ever seen an amazon post with 30 different keywords in the product name before getting to what the item is actually called? Usually something along the lines of “| Gift for him | Gift for her | Travel |For home | gift for men ” etc. That is a classic example of SEO in action, because these keywords are so effective at getting visibility and selling products they are often combined with other scams such as the fake reviews mentioned above. Real companies with established brands don’t use SEO like this to grab attention, and while not every product with a word salad title is a scam the majority of them are low quality and not worth your money.

So you have your gifts bought online safely, software updates installed, you’re safe right? Well almost, there is one last way that black hat hackers take advantage of the holiday season and that’s through holiday apps with hidden malware. As reported by Barracuda Networks hackers are using holiday themed android applications to infect users phones with malware. Now malware on Android is nothing new, I even have an upcoming episode on the disturbing prevalence of Android malware. The best way to protect yourself against this malware is to only download apps from official market places such as the Google Play Store, however even the Play Store is rife with malware. Be cautious of downloading free apps and of apps that ask for unnecessary permissions. There are many kinds of malicious apps, some slow your phone down by using its resources to mine Cryptocurrency or to show you thousands of invisible ads to farm ad revenue. Some will steal your information or encrypt your phone. But no matter what kind it is, malware is certainly something you don’t want to get for Christmas.

My 5th and final tip is to share this with someone, Cybersecurity works best when everyone is informed and educated about best practices. The human element is often one of the easiest things for hackers to exploit but with proper education it can also be one of the greatest defenses. This holiday season take the time to share this with someone you love so they can be informed and protected against cyber criminals. And if you enjoyed this please remember to subscribe so you can be notified whenever new content is available.

And with that said, until next time this is Killer Kat signing off, stay safe out there, and don’t forget to have a merry Christmas and a happy New Year!

Categories
Uncategorized

The Holiday Season, How it Effects Cybersecurity and What You Should do About it.

Hello once again internet, its me your favorite (and only) Script Kitty here to wish you some holiday cheer as we talk about the holidays and what that means for Cybersecurity.

Every year during the holiday season hundreds of people go online to purchase Christmas gifts for their family members, and this influx of activity has some risk associated with it. Always remember to practice good internet hygiene as holiday themed Phishing attacks are a common occurrence as well as less than reputable sellers hawking counterfeit goods. Just because the amazon listing says it has good reviews or its a name brand product doesn’t mean it is and Amazon knows that but doesn’t care; Pro Tip always make sure you know exactly what you’re buying or at least have a look at the seller page to see if its shady.

I have 2 related articles coming out soon exposing how companies pay Facebook users to leave fake amazon reviews and how Etsy is knowingly selling fake “Handmade” goods and the proof I collected as well as their refusal to remove these products. In the mean time if something seems too good to be true it probably is, don’t risk it.

But what about once all the shopping is over? Does the risk stop once you gather with your loved ones to exchange gifts? No sadly as one big thing to be on the lookout for this holiday season as someone who is informed about Cybersecurity is configuration of new devices. It happens after someone unwraps their new smart toaster, VR headset that makes maps of your house, RGB enabled smart face mask , or something less cyberpunk like a new laptop or smart phone. Every Christmas there is a large influx new poorly secured devices coming online and the attackers know it. Many people rush to set up these devices as fast as possible and overlook important security controls thus creating this attack surface which in turn shows the true spirit of Christmas by gifting Cyber Criminals with the gift that keeps on giving. This year if you know tech gifts are coming up take the time to discuss with the gift giver beforehand and the recipient afterwards and make sure that best practices are followed and everyone stays safe this Christmas.

And of course no December would be complete without the annual SANS Holiday Hack. As they say on their website:

Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity villains, and save the whole holiday season from treachery. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.

I would highly recommend everyone to check it out even if you’re new to the Infosec community there are lots of great talks by people in the industry, last year I watched a great talk by Josh Wright about open S3 buckets which I highly recommend watching as could security is still as relevant as ever perhaps even more so with more webdevs using cloud based tools. Click this hyperlink to get more information or to start playing and a big thank you to SANS for hosting this event every year. I hope to see you there this year readers, if you see me feel free to say hello.

And with that its Killer Kat signing off until next time happy holidays, stay safe out there and keep tuned for those articles exposing Amazon and Etsy for knowingly allowing fraud on their platforms.