Apr 6, 2019
Cloud and Cloud computing is in the news and we'll talk about what is going on and what to expect
Do you sell things online off a website? If so, you have to listen in to find out what the IRS is doing, right now, it's going to drive you crazy.
It's update time! Microsoft is out with their April update, known as 1903 or 19h1. It has some nice Windows Update policy features.
What are Cybercriminals up to now? They are using new tactics that bypass traditional email security, So listen in to find out more
It's bad enough that cybercriminals are attacking us and stealing out information but now these Bad guys are stealing money right out of bank accounts.
Do you know what a Denial-of-Service or a Distributed Denial-of-Service attacks are? Well, the FBI and Secret Service trying to shut down criminal organizations who are using them in a big way, we'll talk about what they are doing today.
Are you a C-level executive? It is time to remove your cybersecurity blinders -- Cybersecurity is no longer an IT problem it is a boardroom level problem and scary one when you get right down to it. Cybercriminals are using brand impersonation now and it's it costing companies a lot of money
For all this and more tech tips, news, and updates visit - CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment; it might contain errors.
Airing date: 04/06/2019
FBI Shuts Down Denial Of Service Attacks - Supreme Court Ruling Will Affect Every Business
Craig Peterson 0:00
Hey, hello, everybody, Craig Peterson here. And it looks like my
math was wrong. You know, last week I said, I thought we were
coming up to the 1,000th week of being on the air. Actually, we
weren't coming up on it, it was the 1000th week. So this is our One
Thousand and One weeks of broadcasting, and this week, we're going
to have a few different radio appearances, as I usually do all be
on with Jack Heath on Monday, but because I'm going to be busy this
week, as well, actually, I guess, this week? No, I'm not
going to be on with Jack on Monday. But I am going to be on on
other stations Tuesday and Wednesday. Okay. So anyhow, we passed
1000 weeks, you can do the math, that's a lot of years on the air.
I don't know if that makes me old. It's certainly kind that makes
me feel old. But you guys, man, I appreciate you. I appreciate
everyone who listens, and everyone who subscribes to my podcast.
And you can do that quite easily by going to http://CraigPeterson.com/iTunes.
Leave a comment. Hopefully, I've earned a five star from you guys.
And that'll help get the show out so more people are aware of
it.
Craig 1:26
So let's get right into the articles this week. as is true every
week, I send these things out on Saturday morning. So you should
get my show notes-newsletter, and that'll keep you up to date. Let
you know about the latest security problems that have arisen this
last week and other things in the tech biz and tech world that I
think are interesting. So number one this week is from Infosecurity
Magazine. And it's talking about cloud and cloud computing, we'll
get to that in a few minutes. The U.S, man, if you have a website,
if you're selling things online, you got to hear what the IRS is
doing right now.
Craig 2:08
And man, the internet tax stuff, it's going to drive you crazy.
There is a new update here for Windows coming on. Well, it's the
April update. And it's known as version 1903 or 19h1.
Craig 2:26
But it's going to have a new Windows Update policy. And it's going
to let you if you are a big organization that is using the group
policy editor, basically, you have an Active Directory server and
you have group policies for your various accounts.
Craig 2:46
Excuse me, this, the policy is supposed to allow you now to specify
deadlines for automatic updates, and restarts. Now if you don't
have the Windows 10 professional, you're kind of stuck as it is
right now because you can not, I repeat, can not specify when you
want updates to be applied and how long you might want to wait. And
we've certainly talked about that on the show before. But it's
going to give IT admins a lot more control, especially when
managing larger fleets really of devices, number of Windows
devices, so it should be pretty good. And I have some details on
where you'll find it in the menus there on my website at
http://CraigPeterson.com. And Softpedia has really quite a nice
little thing about the whole thing. But basically, you as an admin
can set a deadline for installing updates as high as 30 days.
Usually, I recommend about seven days, five to seven days, because
that lets you get past the initial problems that often accompany
these updates from our friends at Microsoft. And the auto reboot
can be anywhere from zero to seven days following that.
Craig 4:08
Now, this feature is something that was available only in the
pro
version. And now it's available across the board if you are using
group policies, okay? The latest tactics used by cybercriminals
will talk about this. And this is bypassing traditional email
security.
Craig 4:27
And where do most IT professionals feel vulnerable when it comes to
bad guys and attacks and stealing our information, stealing money
literally right out of bank accounts. Well, we'll talk about that
too. But first, I want to get to an article I love the title of
this. This is out of the UK, it's from The Register. It's called
Silence of the WANs, which I thought was just very clever. The
FBI has been working hard to shut down criminal organizations, so
has the Secret Service. I've talked with both of them before about
what they're doing and how effective they have been. And one of the
problems we talked about in my cybersecurity course, was something
called a denial of service attack and distributed denial of service
attack. And we talked about how to prevent them, how to stop them,
and how to make your life so much easier. And we, of course,
concluded that class, it's not open, you can't get into it right
now, because I'm not conducting it right now. But denial of service
attacks is absolutely huge. And the FBI just busted a massive
attack and network about two weeks ago.
Craig 5:45
And this was just amazing. Because the traffic loads plummeted
after the FBI took these guys out. And some of them were right here
in the US. You think most of the time that there may be in Russia
or, you know, some Eastern European country, maybe India, you know,
the normal places these things come from. But the December of 2018,
the FBI really started pushing trying to figure out who was running
the distributed denial of service attacks. Now, here's what how a
DOS works, the denial of service attack.
Craig 6:25
Someone, usually it's either a competitor or more often, it's
someone that disagrees with your company. So a company that maybe
has some sort of a political stance or donated to a charity that
somebody doesn't like, they will start sending dozens, hundreds,
thousands of requests to a web server, this is just a simple
explanation, okay. So they'll send all of these to the web server,
the web server becomes overloaded. It may crash or may not crash
doesn't really matter. But because it has so many requests coming
in, it cannot serve the normal users. So, people who are coming to
your website to find out more about you may be to place an order,
maybe to get some of the information that you're providing, they
cannot get there because of the denial of service attack that's
going on. Well, there is a worse type of denial of service attack,
and it's called a distributed denial of service attack. Because
bottom line, if there's only one machine that's attacking you, it's
pretty darn easy to put a filter in place to block that machine
from getting to you. That makes sense, right? Well, if you have
100, or thousand machines that are all sending data to you becomes
much more difficult to stop. And that's the whole idea behind
distributed denial of service attacks.
Craig 7:55
So they FBI worked with a mitigation provider called Nexusguard.
And they've been tracking this stuff. And they're saying both the
overall number of attacks and the volume of the data fired at the
targets to overwhelm them is down and it's measurably down because
the FBI wiped out 15 of these denials of service mercenary sites.
Some of them are run in America, some of them are run overseas, but
they allowed people to purchase the temporary use of the massive
button that's of compromised devices. Right? Isn't that what I'm
always warning you guys about? That's part of the reason you got to
keep his machine safe. Because millions of machines have been
compromised. They have remote controllers on them. The owners of
the machines just aren't aware of this because they're not paying
any attention to security. And then they hire your machine now to
use to attack a third party. They use your machine to mine for
Bitcoin to make money for them. They use your machine to distribute
kiddie porn, pictures and videos of Americans being beheaded. Okay,
how many times we have to talk about this everybody? So these
massive botnets were in turn commanded to create massive loads of
network traffic and targeted websites and different types of
services, which ultimately overload them and knock some
offline.
Craig 9:27
Now, it seems according to The Register that these 15
denial-of-service groups were so prolific that simply taking them
offline has caused a noticeable drop in global activity for the
entire fourth quarter of 2018. We're talking about an estimate from
the FBI of more than 300,000 attacks over the last five years from
these guys. And Nexusguard is saying the number of attacks fell by
11%. And the size of each attack, which is the low directed at the
target took a nosedive with the average rate dropping 85% and the
maximum size down 24% from a year previous to that. So that's
really good. The huge dip and attacks may not last, because it's so
easy to set up a botnet because so many people haven't properly
secured their computers, okay. And somebody else is going to come
along and take over, fill in that void. There's going to be nude
and distributed denial of services for higher services popping
up.
Craig 10:33
Many of these Internet of Things (IoT) devices are now being used
for botnets. So you're smart light there on the factory floor that
isn't properly secured, are not only being used to attack you and
get the information from your servers. But they're also being used
now too, to a direct these denial-of-service attacks. The number of
these IoT devices that are used in the amplification attacks, which
is a specific type, but they were up over 3,000% from last year and
their accounting for more than half of all the taxing in the last
quarter of 2018. So again, you know, we covered this in detail in
the DIY cybersecurity, make sure you segment your network, if you
have IoT devices, make sure they cannot get out of your network,
except to the control nodes, the legitimate ones, right?
Craig 11:34
The ones that are for the manufacturer to make sure they get
security upgrades. And make sure you do the security updates, make
sure they get the security updates, make sure it's all working.
Because it's no longer you buy a light bulb from the local Home
Depot store for a buck and plug it in. And you don't ever look at
that light bulb again until it burns out.
Craig 11:57
Now with the Internet of Things who the smart bulbs in the smart
everything, you know, thermostats, any of this stuff, those smart
devices now are your responsibility. It's just like a friend of
mine, who we've been providing DNS services to for 20 years,
probably 15, 20 years, well, more than 20 years. And he called us
up he says, Hey, listen, why aren't you guys providing DNS for us
anymore, you know, from my little network. And we were and we dug
into it. And we found out guess what?
Craig 12:32
His home address block that was assigned to him by in this case he
has Comcast was used to access the dark web. Yeah, pretty big
deal.
Craig 12:50
And so now he's running around trying to figure out why now we have
automatic systems in place that saw, wait a minute, the side dark
web block. So all of our stuff worked perfectly. It was great. And
that's how we protect our customer's websites. And that's how we
set up the networks for all of our customers. Just automatic. If
it's not automatic. It's not going to happen, right? So we had
automatically blocked him now he's trying to figure out why what
IoT device, what light switch whatever, went out to the dark web,
and was being used as a tor exit point, even. It's crazy. It's
crazy what's happening. So make sure you know what you're doing,
find some good courses, whether they're mine or somebody else's,
and understand how to do this. And I have free master classes that
we're offering from time to time, make sure you're on my email
list, http://CraigPeterson.com/subscribe. That way, you'll get my
show notes, you'll also get some of the more urgent alerts that
come out. And I'll let you know about the free master classes and
other training that I'm doing. Okay. So
http://CraigPeterson.com/subscribe, and keep listening to this
radio show. Because I do get stuff out here. Although, you know,
when you talk about master classes, they can go easily an hour,
hour and a half or even longer, you know, the courses can take you
six weeks to get through. But you know, stay up to date, do the
right thing.
Craig 14:24
Now, let's talk about the number one problem that IT security
professionals are looking at right now. 91%, this is according to
Insider Threats, 91% of it and security professionals feel
vulnerable to insider threats. And 75% believe the biggest risks
lie in cloud applications like popular file storage, email
solutions. You know, we talked about them before, they're worried
about the Dropbox, Gmail, Google Drive, OneDrive. All of those
things, right. So it is very, very concerning to IT professionals.
And it's, you know, 91% of them being worried about the insider
threats is huge. And that's why again, I have included in the DIY
cybersecurity course, a whole set of policies and procedures that
can go into the HR manuals as well as things that you should be
doing in your business. Now BetterCloud surveyed nearly 500 IT
network security professionals, and you can find this online. It's
called The State of Insider Threats in the Digital Workspace 2019.
So here are the key findings amongst again IT network security
professionals, nearly all of them surveyed, 91%, feel vulnerable to
insider threats. And that means things like people opening an email
clicking on the wrong link, maybe doing something malicious because
I got fired they got a bad review. Right. Those are all insider
threats. 62% of them believe the biggest security threat comes from
the well-meaning but negligent end user. That number fits in with
other stats I've seen solids probably pretty legit. 75% believe the
biggest risks lie in cloud storage and email solutions, which is
really big. And I'm going to talk about an email security article
here in a minute and about how the cybercriminals are changing
their tactics. 46% of IT leaders which means, you know, the IT
managers and above believe that the rise of software-as-a-service
applications makes them the most vulnerable. And man, I'm seeing
that all of the time, especially in regulated industries. And we're
helping out some of these health care providers and legal and
public companies. Man, they're using SaaS, software as a service.
In other words, caught applications like that going on style, and
they're not checking them. We've even done audits on restaurant
chains, just small local chains, and found incredible liability
that they're facing. 40% of them believe they're most vulnerable to
exposure of confidential business information. That's financial
information, customer list, personally identifiable information.
And only 26% of C level executives say they've invested enough to
mitigate the risk of insider threats, versus 44% of IT
managers.
Craig 17:31
So in other words, the C level executives are running around with
blinders on. Kind of scary isn't it when you get right down to it.
So let's get into the latest tactics that are being used by the
cybercriminals to bypass email security. And I've got this article
up again on http://CraigPeterson.com and this is from Industry
News. And they're saying that cybercriminals are using brand
impersonation now in 83% of spear phishing attacks. Now, remember,
these types of phishing attacks against businesses called business
email compromise is kind of a general term to cover most of them.
83% of the time, this is what's used, and it's already accounting
for about a little more than $12 billion worth of stolen funds, not
wasted time, not cost to recovery, right. $12 billion in stolen
funds. In the last couple of years according to the FBI, on the
worldwide statistics. It is huge.
Craig 18:37
One in three of the spear phishing attacks is launched from Gmail
accounts.
Craig 18:47
20% of them occur on Tuesdays. About 20% on Wednesday, 20% on
Thursday, and it drops off to 5% on the weekends, with the slightly
lower numbers on Mondays and Fridays. So no big surprise there.
I've had people contact me, just texting me, you know, my
855-385-5553 number about these extortion scams. I've gotten one or
two of them myself. And I know you guys have gotten them because
you've contacted me, you've texted me about it. And and I've gone
back and forth to kind of explain what's going on. But still
sextortion scams, these are a form of blackmail. And right now it's
making up about 10% of all spear phishing attacks. And it's
expected to increase even more because it is on an increasing line
right now. And employees are also twice as likely to be the target
of blackmail, than of a business email compromise. So, that's a
change from last year. And this is from a report released by
Barracuda and it's called Spearphishing Top Threats and Trends if
you want to look it out. And they looked at about 360,000 spear
phishing emails.
Craig 20:08
So let's get some closer look here. Impersonating Microsoft is one
of the more common techniques used by hackers to try and take over
accounts, financial institutions. Impersonating nearly one in five
attacks. Finance department employees are heavily targeted in
obviously banks and other financial institutions as well. Majority
of subject lines on sextortion emails contain some form of security
alert attackers often include victims email address or password.
Subject lines on more than 70% of the business email compromise
attacks are trying to establish rapport, sense of urgency. Scammers
are using name spoofing techniques, which they've used for years,
changing the display name on Gmail and other employee accounts to
make it look like it's coming from a company employee. So here's
the top subject lines and number the two top 54% say security alert
and 34% say change password. Okay. Very big deal. You'll see this
article up on my website. And we'll have to try and do a master
class on this one because I think this is important for people. I'm
going to set these two aside and I'll let you know any anyone who's
on my email list. I'll let you know about it. These are always
free, will do a deeper dive into it.
Craig 21:30
Make sure you subscribe http://CraigPeterson.com/subscribe if you
haven't already. The US according to Forbes magazine has stepped up
its tax collections here. And if you're selling software in the US,
you've got a whole new problem coming your way, you know that we've
had for a long time now, protection from the federal government
saying the local authorities state and local cannot tax internet
sales. And it has expanded a bit you've had massive companies like
Amazon, who said yeah, we'll pay sales tax, state and local. And if
you ask me, the reason they're doing that is to stomp the little
guy into the ground. And the reason I say that is Amazon can deal
with it. There are estimated to be over 9,000 different tax
regulating entities in the United States. 9,000 of them. You have
to comply with all of these 9000 across the board. How can you use
a small business so that you can't, right? Amazon can. Well, there
are going to be companies that are popping up there already are a
few of them out there right now that are trying to take care of
this problem for you where they'll collect all of the taxes.
Craig 22:56
And what it is resulting in, however, is many businesses is saying
listen with all the European Union rules. They've got their GAFA
rules are cooking up right now> GAFA, gaffer standing for
Google, Apple, Facebook, and Amazon tax.
Craig 23:10
It's a kind of a VAT tax and supply, it's not supply driven. It's
crazy. But there is a decision from the Supreme Court last year
about a dispute between Wayfair now this is that online furniture
company and the State of South Dakota and South Dakota wanted to
collect taxes and Wayfair said no don't need to sell the Supreme
Court overturned a law on not taxing companies with no physical
presence in the taxing state. Because that legally is called legal
nexus. So if you had operations in New Hampshire, you had to, well
New Hampshire is a bad example, because we have no income tax. And
we have no sales tax. Okay. But let's say you're in Massachusetts,
which is a terrible state when it comes to taxes. You're in
Massachusetts, if you sell something to someone in Mass., you have
to click Mass. taxes. And if you sell something to someone in
another state, you didn't necessarily have to collect the tax as
well. Now you are going to. Any company selling online, this is
more than just software companies, it's going to hit businesses
across the board. And it's going to hit you hard.
Craig 24:25
Okay. South Dakota, has rules that say if you have more than 200,
individual sales, or more than a hundred thousand revenues, there
are other states that say more than 100 sales, or 50,000 in
revenue, some of them have 4.7%, some of them have as much as
13.5%, and the thresholds for spending in the state span from
100,000 and $500,000. And there might be 100 transactions a year it
might be 500 and might be 2000 transactions a year. Whoa, okay.
This is going to be a huge burden. 52 new tax codes on the
individual states plus sir taxes that are introduced by counties,
by cities, not just in the US, but 30 countries in Europe, along
with Australia, Japan, South Africa, South Korea, Norway, India,
the list just goes on and on. Hundreds of countries. More than a
hundred out there. And US states have highlighted software in SaaS
products as explicitly liable for sales tax. So remember too that
we're talking about different taxes and different tax rates. You
look in Massachusetts, they have a different tax rate for different
types of IT services, they have different rates for software as a
service in different categories, this is going to be a nightmare.
So there's companies out there like Avalara and TaxJar that will
outsource and take care of a lot of this stuff for you. Many
companies are saying "forget about it." I know companies in Canada
that are just pulling their hair out just dealing with Canadian tax
codes.
Craig 26:10
And many of them are just saying forget it, I'll just wait for the
bill to come from the tax collector basically. So rather than
charging you the appropriate sales tax, they fill out the state's
forms that cross your fingers that they collected enough from you
that they had enough in revenue to pay that state sales taxes.
Craig 26:29
This is why the federal government passed a law saying no internet
sales taxes because it will be a nightmare. Now, it is going to
help local small businesses because now they're going to compete on
a more even footing where they have to collect the sales tax. So do
the bigger companies, right? And so to the people, even small guys
who are selling online, and it's going to help companies like eBay
and Amazon, where you just sell your product on one of those sites
veil worry about all of the sales tax and collecting that. And
they'll take their cut and just pass it back to you. So yeah,
well, this is going to be big. It's in. You heard it here first.
Thank you, Supreme Court.
Craig 27:18
Anyhow, I hope you enjoyed today's show. You can read all of these
articles plus the ones I missed today, including cloud adoption and
what IT pros are concerned about. This 2019 state of enterprise
cloud container adoption security that was published here recently,
all of that in this morning's newsletter. If you didn't get it,
make sure you get the future ones. http://CraigPeterson.com/subscribe,
and I will keep you up to date and you can find out about this and,
of course, a whole lot more. I have now thousands of articles I
published up there my website, because we're over a thousand shows
right now was this show 1001 weekly.
Craig 28:02
This is week 1001, not show 1001. Man, that's a lot of the
time on the air. Anyhow, thanks for listening. Make sure you
subscribe, http://CraigPeterson.com/subscribe and have a great
week. Talk to you next week. Bye-bye
---
Related articles:
Windows 10 April 2019 Update Introduces a New Windows Update Policy
Latest Tactics Used By Cybercriminals To Bypass Traditional Email Security
Cloud Adoption On The Rise, It Pros Unsure Of Risk
The US Has Stepped Up Its Tax Game. You Will Want To Read This If Youโre Selling Online
Most IT And Security Professionals Feel Vulnerable To Insider Threats
Silence Of The Wans: FBI DDoS-For-Hire Takedowns Slash Web Flood Attacks โBy 11%โ
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553