Preview Mode Links will not work in preview mode

Thanks for joining us! Let me know if there are any topics you'd like us to cover by sending an email to me at craigpeterson . com!

Nov 6, 2020

Welcome!  This is a "best of Craig."  I have included the current articles that you should read this week in the article section so check that out.  In this podcast, we cover Fileless Malware is on the rise, How covid is affecting the financial traders, Why you must find out what is on your Enterprise network, and more.

For more tech tips, news, and updates, visit - CraigPeterson.com.

---

Ransomware Demands are Doubling Every Six Months, Study Finds

Teach Your Employees Well: How to Spot Smishing & Vishing Scams

Mimecast Research: Half of all Workers Admit to Opening Emails They Considered Suspicious ‘Check the Box’ Awareness Training has Little Impact on an Organization’s Security Posture

MITRE Shield Matrix Highlights Deception & Concealment Technology

Act of War - Clause Could Nix Cyber Insurance Payouts

Most Businesses Vulnerable to Emerging Risks Not Covered by Their Cyber Insurance

Oh Jeeeesus: Drivers react to Tesla’s full self-driving beta release

Rising Ransomware Breaches Underscore Cybersecurity Failures

SANS Launches New CyberStart Program for All High School Students

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Massive changes ahead. We've even got traders who used to be on the floor of the stock exchange, and on the floor of these massive financial companies. We've even got them at home. Now you're going to be shocked at what they're doing to replace that interaction.

Hi everybody. Craig Peterson here. We're going to be talking about these traders and how virtual reality headsets have changed the way some of them are doing business. We're going to talk about what's on your enterprise network. I talked about this last week.

Hopefully, you got my email. It came out on Wednesday this week. I'm going to try and do two of these a week. It's three minute little a coaching lesson, if you will, on security. This week we talked about your enterprise network. We're going to delve into that more today.

Have look at an email make sure you got that. I know you're used to getting emails from me Saturday mornings. This last weekend we sent our weekly email on Sunday instead of Saturday. I'm not sure if that's better for you guys or not. We certainly didn't have quite as many people open it as usual.

Usually, it's almost half of everybody that's on the list, and that's thousands of people open it but not as good on Sunday. We may switch back to Saturday. We'll see.

It also has to do with our time, right? This is a labor of love, trying to get all this information out to everybody. So things can change.

We're going to talk about some big changes in malware attacks this year, even though the decline a little bit in Q2. They got more potent, and we'll tell you why what's going on years.

Most severe windows bugs is now under active exploit. We'll tell you about that. VPNs are dying. You know what my thinking is about these paid VPN and free VPN services. If you've been listening long enough, right? They do not increase your security. In fact, they decrease your security in some ways. Maybe you're going to stop your local ISP from tracking where you're going online, but you're you overall are much less secure.

Shopify. We've got a huge theft of the hair, and turns out it kind of employees involved. We've got Microsoft booting more Chinese sponsored hackers out.

Wanna Cry. That yeah yeah, that same one that brought the country and the world to its knees a couple of years ago. It's back. And love in the time of Zoom. So if I don't get to all of these today, make sure you check online, or if you're going to miss part of this, all of that available there, Craig peterson.com. We're trying to make sure all of the audio is up there so that you can listen to it in your time on any podcast app. Make sure you check it out, whatever your favorite app is.

Technology has really changed everything, and we have seen that this year, they expect to be just an incredible online shopping season. Now that's good, and that's bad. You've got the local stores who are hurting very badly. I have gone out of my way lately to try and go to a local store as opposed to ending up online and buying stuff because I want to support them. They are part of the economy, obviously. They are where my kids got some of the first jobs in local stores. They are also the place where I can go to see things and play with things. It's not like where Amazon charges me sometimes to return something. That wasn't what I thought it was. That kind of always bothered me. So I like the local merchants and not just the restaurants, but the guys that sell the little electronic gear that we have and other things, but it's going to be a huge year this year.

We're going to talk later on today. This is kind of low on the list, but virtual online Zoom dating.  It is really changing at all. Now we have a story that came up from Ars Technica this week, Owen Walker of the Financial Times, talking about how we have moved our businesses into spare bedrooms in our homes, living rooms, and we've talked about this before.

If you're working from home, make sure you have a spot where all you ever do is work from home. The brain kind of ends up associating, and you can become much more productive that way. Different parts of the room, maybe a different chair. Maybe all you do is turn the chair around just to let your brain know that it is time to get to work.

I also use some apps. I've got vitamin R that I've used, and I don't really use it as much anymore. I've kind of grown disciplined over the years. You might check it out online. Vitamin R. It uses the Pomodoro Technique, which is an Italian name. Remember those little tomato clocks or countdown timers you have in the kitchen, or at least you used to have years ago where it just reminds you, Hey, uh, you're supposed to be working right now cause you hear it go tick tock, tick tock, tick tock, and then it goes off and okay, well, my 20 minutes is upon this particular task, and then you take a brief few minute breaks and then you get right back to it.

There are all kinds of hacks to help us to be more productive when we're at home and ultimately more productive than maybe in the office in some ways. In other ways, you're not as productive, and you're not as productive because you're not around these other people who can come over and ask questions, and much of what we learn, much of what we do is just incidental communications. Where we are in a hallway, we bump into someone, or we go to a meeting. We have a side discussion. That's hard to do when you're on a WebEx team call because you're there, and so are 10 other people, two other people. It doesn't really matter how many other people, because you can't just lean over and say, Hey, what do you think of this or that?

Now, obviously, on the WebEx teams, you can go ahead and type a message, right? You have that chat capability, and you can send it to a specific person. You can do that on Zoom as well, but I don't. I'm not going to talk about Zoom right now because you should not be using it for business. Just you really, really should not.

So focus on that ability to communicate. Some companies are now going to happy hours online, and I've been invited to a Zoom happy hour, and the company's sending me three little bottles of wine. We're going to do it. Taste-testing and we'll just kind of chat while we're there online. It should be fun. It'll be interesting too.

Many businesses are doing that, as well. They have a little happy hours and get-togethers because you're not going out after work for a drink to talk to people. You're not going out in the hallway and talking to people. It is such a different world.

The whole thing with whether or not you're there physically is a whole other problem when it comes to traders. Think about traders. If you've seen some of these movies or TV shows where they're on the floor, I know Fox business, and some of these other business channels have a shot with a camera on the floor, the trading floor, and there just aren't the people there that they used to be. But it's again, it's the interaction, and that's what's been important in the past.

Some banks UBS particularly has been issuing some of its traders over in London. These HoloLens from Microsoft. These are virtual reality headsets, and the idea behind this is to allow the staff to recreate the experience of working on a packed trading floor without ever leaving their homes. I don't know if you saw the video or pictures of this, but when Microsoft first introduced these virtual reality headsets, they had issued them to everybody who was in attendance at this conference room, and they started playing these videos. So you see all these people looking around, of course, they can't see beyond what's right in front of their eyes, which is this HoloLens. These virtual lenses and they're looking around and right up the aisle walks Bill Gates, of course, nobody notices him because he can't see him. They're all just caught up in this experience.

That's what they're trying to do. Banks have been really desperate to bring workers back into the office. When you're talking about these regulatory sensitive roles or roles involving money, where banks will typically force employees to take vacations, which you should be doing, if you're a business person and you have a bookkeeper accountant, make sure they take a vacation, make sure they get out, and have somebody else fill in for them. That's going to help catch people who might be cheating with money. They really want to get these people back in. Trading is one of these, but because people are afraid of the Wuhan virus, they don't want to go into the office. So what they've done, and this is really cool, I'm looking at a picture of her right now is they've set it up so that the traders can be sitting there in their homes, and it looks like they have a bunch of different screens. You've seen this before, right where they have four or five, six screens in front of them, different data on different screens. They can look over, and they can pull up a screen, they can see everything out of the corner of their eye, just like they're used to. So I can see our market rise or drop in something. I think it's really cool. And that's a good use of that technology.

Deutsche Bank, by the way, told its New York staff last week that they were not required to return to the office until mid 20, 21.

Deutsche bank's going to be opening a whole new office. Many of these others are doing it as well, so we'll see what happens.

This HoloLens by Microsoft was new surely seen as a gaming device, and these headsets cost three grand. Many companies using them as a communications tool. You might want to look at it as well, depending on your business and what you are doing.

So coming up, we're going to talk about what's on your enterprise network. What's on the network, your house. You really might be surprised.

We've talked about the security cameras on our networks before and, of course, the internet of things. A new study is out is really very, very concerning to business people and, frankly, to even homeowners. So we're going to get into that right now.

Let's get into this big problem. Now that we have uncovered.

There's a new survey that was done by a research firm called Vanson Bourne. And it was done on behalf of Palo Alto Networks. Now Palo Alto networks are one of the competitors for Cisco and others, who make network equipment. Palo Alto network stuff is pretty decent. They've certainly had their fair share of problems lately, but so has everybody else.

I'm much more into things over at Cisco that has pretty much everything you need, and it's nicely integrated. Palo Alto networks, good people. I know a few people that will work for them. I know some people that absolutely swear by their stuff. So don't think you've got Palo Alto networks here you're completely out of luck cause you're not. They've got some pretty decent stuff.

Let's get into the survey. I found it to be very interesting. When we go into a business, the first thing we typically have to do is scan the network. You must have to have an audit of the devices that are on your network? And then we scan the devices themselves. Typically that means their servers. Whether they're windows servers, Linux servers, we scan them. See what services they have running, which ports they have open on the local firewalls. We scan them all for any sort of malware that might be on them, spyware, et cetera.

Then we move on to really identify the versions of software they're running. In many cases, if you're running Windows, you probably have done some patches, but some 50 ish percent, depending on the number you want to use and whose numbers you trust. About half of all windows computers are not patched up, and something like 30%, 40% of windows computers have never, ever been patched. But let's assume that they have. Let's assume that you're on top of your game. You are the person assigned to it in the business. Maybe you are an IT professional. You've had some training, and you have some certifications, so you're off and running. Things are going great for you, right. You have kept it up to date.

We're moving to the next level, which is our, our macs or our macs up to date. Well, they just keep themselves up to date automatically for the most part.

But remember windows are just the operating system. Mac iOS is just the operating system. How about all the other apps that you have on those computers? All of the applications. There are all a lot of them there, and it's everything from maybe the Microsoft office apps that hopefully you've got set up to do an automatic update. But it's also all of those other little apps that you've put on your computer over the years, that by the way, is another good reason to re-install your operating system every once in a while, make sure you have a good backup, make sure you test it before you do the reinstall and don't just, re-install everything.

Don't just restore that backup blindly, but actually restore the software. That you need. Okay. The data files you need because there are so many pieces of software. We have not been keeping up to date.

So you are the world's best IT administrator and you've got all of the computers up to date, all of the apps, only applications that you really need are actually there on the computer. You're not getting tainted by any of this other stuff that's going on, right? Oh, you are so, so good. Congratulations.

But let's have a look at the other devices on your network. This is where the survey from the research from Vanson Bourne really raises some questions. They surveyed 1,350  IT, which is, of course, information technology decision-makers in the US and 13 other countries, so that's a pretty decent sized survey.

I don't know if these people were self-identified or how exactly they came up with those numbers. You can find it this whole survey if you wanted to download it over on Palo Alto Networks. There's a lot of good information that you can glean from the survey. It's good stuff all the way around.

It's the connected enterprise IoT security report for 2020 is what it's called. These decision-makers, these 1,350 decision-makers in IT, were asked questions to identify the strangest IoT devices they found connected to their organization's networks.

Now let's define the internet of things devices here for a minute. We've already, and we've concluded here that you are the IT guru, right? You know enough to keep windows up today to remove the apps, to keep your macs up to date. How about some of the other devices that are on your network?

I'm not going to mention security cameras because I talked about them all the time. Right.

How about your printers? Have you updated the firmware in your printers? That's part of the reason we use higher-end Xerox printers. They all auto-update themselves, which is really nice, and we can delay the updates, et cetera because again, those printers are computers that are attached to your network. Even the ones that are attached by a USB cable, although they're a little bit less dangerous than something that's internet-connected or ethernet connected.

How about some of the other devices? Do you have a scanner attached to your network? Do you have a fax machine attached to your network? I know a lot of doctor's offices you have to have a scanner, you have to have a fax machine.

If you buy one nowadays, the odds are extremely high that they are connected to your network and maybe write directly to your file server. Have you restricted the access that they have on the file server to make sure they're not doing nasty stuff?

44% of this 1,350 IT business, decision-makers almost half reported seeing wearable medical devices, 43% said they had encountered kettles coffee machines and other connected kitchen appliances. People are doing that all the time and remember that this isn't just in the business offices. This isn't our homes, right? 38. Percent said the same of IP enabled sports equipment. We see more and more of those. Have you seen the commercials for Peloton or this mirror thing? This mirror thing is really kind of cool. You hang it on the wall. It's kind of a mirror with a builtin display that lets you exercise with somebody remotely who is a coach, or maybe it's a prerecorded class.

Some have had IP enabled sports equipment includes skipping ropes and weights. 34 present percent reported smart toys. 27% said they found smart vehicles on their network.

I want to make sure you guys pay close attention to your networks or whether it's a home network or an office network. Make sure you segment the networks as I mentioned in my video this week. Hopefully, you got that training video on Wednesday. Keep an eye out for them. Make sure you click through. I also, if you don't want to watch the video, I also have the transcript there when you click through. So you can just read it pretty quickly. It's like a minute to two-minute read and a three-minute video. So enjoy it and be careful out there.

Scan your networks and scan them frequently.

What is going on with malware? There've been some major changes just over the last few months. That's what we're going to talk about right now. What do you need to watch out for? What should you be doing in your business as well as your home?

We know that they're here. I have been a lot of attacks over the years. That's what we're trying to stop. Isn't it with our businesses, with our home users? That's why we buy antivirus software or why we have a firewall at the edge. Maybe we even upgraded your firewall. You got rid of that piece of junk that was provided by the internet service providers. Most of them are, frankly, pieces of junk. Maybe you're lucky and have a great internet service provider that is giving you really what you need. I have yet, by the way, to see any of those internet service providers out there that are really giving you what you need.

So there is a lot to consider here when we're talking about preventing and preventing malware. What we have found is that malware attacks declined this year in the second quarter, but here's what's happening. Right? They are getting through more.

Historically, we had things that have hit us that have been various types of malware. I remember when I first got nailed back in 91. I had a Unix server that I was running. As you probably know, I've been using Unix since the early eighties, 81, 82.

I was using Unix, and I had my own Unix machines because I was helping to develop the protocols that later on became the internet about a decade or more later.

The Unix world was on a rather open world. Was everybody on the internet was pretty friendly. Most people were involved in research, either government research or businesses doing research online, a lot of smart people, and we actually had some fun back in the day's puns and everything.

We weren't that worried about security, unlike today, where security really is a top of mind thing for so many people. We weren't worried about who's going to do this to me or that to me.

I had a Unix server that I was using, actually at a few of them that I was using for my business. Now, one of those servers was running emails, a program called Sendmail. That's still around today. It was the email package that was ruling the internet back at the time.  I got nailed with something called a worm. It was the Morris Worm. In fact, it got onto my computer through no act of my own.

I didn't click on anything. It got onto my computer because it came through the internet. That was back in the days when we really didn't have much in the line of firewalls, so it just talked to my mail server. One of these days, we'll have to tell some stories about how we really trusted everybody back then.

You could query to see if an email address was good. You could get onto the machine and say, Hey guy, I noticed that you had this problem, so I went in and fixed it for you, and here's what I did. Much, much different world back then.

But that's how malware used to spread. It was something, and it was just kind of automated. It went out, and they just checked everybody's machine to checked firewalls to see what they were to see if they were open.

We've been doing that for a very long time, haven't we? We have been nailed with it. That's what the viruses were and are still, where it gets onto your computer.

Maybe you installed some software that you shouldn't have, and that software now takes over part of your computer. It affects other files. It might be something that's part of a Word macro or an Excel macro. And it now spreads through your sharing of that file and other people opening it.

Worms are like what I got nailed with. Just start crawling around through the internet. So they run some software on your machine, and that looks for other machines, and today things have changed again. 

They are changing pretty frequently out there. What we have seen so far here in 2020 is a decrease in malware detections. Now, just because there's been a decrease in malware detections, I don't want you to think that the threat has diminished because it hasn't. But the signature-based antivirus system are real problems.

Now, what's a signature-based antivirus system. That's any antivirus software, like your McAfee's like your Norton's, the Symantec stuff, any antivirus software, that is working like your body's immune system.

What happens with your body's immune system? You get a virus, and you're your body says, okay, what's going on here? It starts to multiply. Eventually, body figures it out. It develops antibodies for it. So the next time it sees that virus, you're likely to be pretty much immune from it. Your body's going to say, Whoa, that's a virus, and it goes in and kills it pretty darn quickly.

That's the whole idea behind trying to stop the WuHan virus that is spreading out there. How do we stop it while we stop it by just developing antibodies? Right? That's herd immunity. We could also develop antibodies by an antivirus shot that is designed to stop that virus from spreading and prevents you from coming down with COVID-19 symptoms.

In the computer world, it's much the same with most of the software signature-based antivirus software is exactly the same as the way your body's immune system has been working, in many, many ways.

Here's what happens. Someone gets infected with a virus, and they reported to Symantec or Norton, or maybe the software reported itself. Usually, it's a third party that reports that, and they look at it, and they say, okay, so what does this virus look like? There is, in this program, the developers' names embedded, or the name of the hacker group is embedded in it. So we are going to now say any piece of software that it has this hacker group's name in it, we're going to ban. Right?  It recognizes it. So when the file comes onto your computer, your computer looks at it. It looks at the signatures. These are called signatures. To say, okay, how does it match? Or it doesn't match at all, and it might be through a string that's somewhere embedded in there. So it might be through a name. It might be through a number of other things. That's signature-based.

The malware that was not detectable by signature-based antivirus systems jumped 12% in the second quarter of 2020. That is amazing. Amazing, absolutely amazing. Seven in 10 attacks that organizations encountered in the second quarter this year. In fact, involved malware designed to circumvent anti-virus signatures.

Most cyber-attacks last year, and this is probably going to be true in 2020 as well as we get into the fourth quarter. But most cyberattacks in 2019 came about without malware. That means that there were hackers behind this.

We're going to talk about that. What's going on some of the data also from CrowdStrike and what they have found CrowdStrike is an anti-malware anti-hacker company. They've got a lot of great people working for them as well what they have found.

It's like the bad old days of hacking, and they're back on us right now.

We see more and more malware-free attacks. We also see attacks are completely evade a signature-based pieces of antivirus software. If you have antivirus, you think you're protected. You're you really aren't.

Well, we were just talking about malware attacks declining, but what's really happening is that they are becoming more and more evasive. That is a scary, scary world out there right now.

These hackers are no longer just using regular old viruses to try and get into your systems. Time was, the good old days, there might be a macro virus that comes in on one of your Microsoft Office document. You might've gotten a virus from some software. You downloaded some free software from a warez site, but in reality, what is happening right now is the attackers are getting smarter.

Malware is designed now to circumvent completely, antivirus signatures. So that signature software that you had that you bought a few years ago that came with your computer, that junkware that was installed, that came up and said, Hey, you need to, to pay for it now. You had your 30, 60, 90-day free trial. It just isn't gonna work anymore. The antivirus signature code that you bought and paid for and have been using just isn't going to work.

So what do you do? That's a really good question. What is the right thing to do? Well, first of all, we've got to make sure that we're no longer just using antivirus signatures. We've gotta be looking at the behavior of the software. There are companies out there that use white lists in particular. I can think of PC MATIC, and I've got to get them on the show and talk a little bit about this. The way they do it is interesting. There are drawbacks to white lists as well.

The way we do it is a little bit different because we're doing it the Cisco way. We have antivirus signatures. We also have behavioral and analytics. So if. It's an old piece of malware, and an antivirus signature is going to pick it up. Well, our advanced malware platforms are going to pick it up, right? That's what Cisco does, and some others do as well.

But if it doesn't have a signature that's recognized, it watches its behavior, and depending on what happens with the behavior, it might do a few different things.

So, for instance, this week, we got a call from a client because what had happened was there was they got an email that had something that was flagged as suspicious by our software. Immediately that software was uploaded so that Cisco Talos. Talos has been around a long time; they are true experts in cybersecurity. There's a couple of hundred people that sit there and examine it. So that our software automatically sent this thing to Talos to be examined.

We called up the customer and said, Hey, there's something suspicious in your email box. We are heavily filtering all of their emails as well before it even gets into the box. They said, okay, what email was it? The subject matter was an invoice, a specific invoice. We said, look for this and this invoice, and they couldn't find it in their inbox.

Our technician had a look and said, Oh, wait a minute here.

Now what had happened is our software had automatically sent it to Talos for an examination. Telos will look at it and said, wait a minute. This is something that looks very malicious.

So it automatically puts it into a kind of a lockbox and examines it there.

It looked malicious, and so they retroactively pulled that piece of email mail out of that email box all automatically. Joe, our client, had no idea. We didn't realize it had happened either until after it had happened. But the idea is if it's in question, they can remove it.

The way it works, as well with the anti-malware platform that we have is if your computer gets some of the software on it and it starts to do something malicious, we can roll your computer back. So the malicious activity might be that your computer is now starting to probe other computers or probe other server servers that are there in your network. So we noticed that attempted lateral spread and our software would automatically shut off the network port that the computer is attached to. It's just phenomenal what you're able to do nowadays.

Now, one of the security vendors that are out there called WatchGuard analyzed some of the malware attacks that were going on, and it looked at 42,000 firebox appliances that were at customer locations worldwide.

Now, part of the reason I like Cisco is it's using billions of data points every day to figure this out. Right.

So WatchGuard has 42,000. But they found that the devices were blocking 28 million malware samples representing 410 unique attack signatures, which is an increase. But there are all kinds of tools that are available now on the dark web for as little as $50 that can be used in attacks. 

When we delve into this a little bit more and look at some of the incident report data that came out of CrowdStrike, we see some very interesting things for the first time in CrowdStrike's research. They found that so-called malware-free attacks edged ahead of the malware based tool. 51 percent, in 2019, of attacks that were analyzed here by CrowdStrike, 51%, did not have malware.

Now we've talked a little bit about this before I go into this in quite a bit of detail in my courses, in my more advanced cybersecurity stuff, but what's happening is the bad guys are using information that's being harvested from the dark web.

You know how I'm always getting on your case about making sure you're using one password or last pass, right.  I think it's important. Well, part of the reason for that is you should use a different username. I don't like websites that make you use it an email address. Cause that's currently insecure. But you should use a different username at every website, and for sure, you should be using a different password and use one password is great at generating them so's Last Pass. Those are the only two that I recommend. If you're a business, you really should be using 1password.

The bad guys are now taking the information they find from the dark web, which is copies of your email addresses, copies of your passwords. They are using them to log in as a regular user in your network. If you have VPNs, for instance, that your business people, your employees are using to connect, they will find the VPN through a scan, the VPN access point, or the remote desktop access that you might be providing the old terminal services from Microsoft. Then they will do a credential stuffing. They will try and use a username and password from your organization.

We just had this last week happening, and this was a government subcontractor. They did some work for DOD prime contractors, and there were people who were trying to use credentials that were found on the dark web to get in. It's happening all of the time, but now they're getting on.

They have these hands-on keyboard methods. They're trying to use usernames and passwords that they have found on the dark web, and they are using PowerShell. Now, PowerShell is a rip off that Microsoft made from the Unix world, and Microsoft, of course, messed it up pretty badly, and there are all kinds of major security problems with it. Microsoft Windows were not designed with PowerShell in mind.

Nowadays, you have to use PowerShell to do certain things. Microsoft has finally figured out, Oh, wait a minute. Command-line interfaces are wonderful. Maybe we should use them more. So what happens is they use PowerShell.

They start it up, and now they use it to exploit your network, exploit your systems because it's not a virus, it's not a program, very hard to spot and they'll hide files and directories, and they will use these tools like PowerShell and act just like a regular system administrator acts nowadays on a windows machine. System administrators on Windows machines, they're using PowerShell, aren't they? Now, most organizations don't have the technology to be able to differentiate between a legitimate user and a legitimate employee or contractor or an attacker who has stolen credentials.

This is about a very, very big problem out there that's been seen by Cisco,  by CrowdStrike, Rapid seven is another one they're using. They're seeing hackers using valid credentials or reusing credentials from other breaches, i.e., credentials that are found on the dark web. So what do you do? How do you do this? That's our really big question right now.

The bottom line, do not ever reuse passwords. If you're a home user, it's true. If you are a business, it's true. One of the things we do for our customers, and you can do for yourself is to go out to the dark web and search. Use tools, like Have I Been Pwned, very basic tools, and see if your users username slash email addresses are out on the dark web. Also, see if the password that's associated with that account out on the dark web is still in use by them.

Just this week, we found another one of our customers where one of their primary users, one of the C-level people, Paul, was using the same email address and password for the business applications as he was in for one of these hacked accounts out on the dark web. So be very, very careful.

Well, we've just been talking about some of the ways that the hackers are getting into us now, avoiding some of the software we've been using; these antivirus packages just don't work anymore. I'm going to talk about another problem. This is a massive windows bug.

We're going to be getting into a couple of other things here. We'll talk about VPNs a little bit and how it's dying and going away. We've got another employee theft that's happened here, this time to Shopify. Microsoft, and what they've done with Azure. We'll talk a little bit about these cloud systems because they are problematic.

Wanna cry is back and Love in the time of Zoom. Why we're in the midst of a dating revolution. So why don't we start with that one here - Zoom. You know how much I don't like Zoom for business. It is not considered secure or does not meet any of the standard security requirements. So that's a problem if you were to ask me.

We are in the midst of a dating revolution. Do you remember that episode from Seinfeld where George is out doing speed dating, and they had these? What were they? 30 second or 60-second dates. I guess that's been the thing over the years, maybe a little longer than that.

You spend two minutes, five minutes with someone and you're all there at the restaurant or whatever conference room.  It's like musical chairs. Every time you move one. Usually, it's the woman sitting there, and the men move around, and it could be the other way around, I suppose. There was a good way to meet a lot of people. If that's what you're trying to do, see if there might be any chemistry. Usually, they charge for them, and yeah.

Today, well, things have gotten higher-tech. They come about here in Zoom rooms as well. I mentioned earlier today some of the things that we're doing from a business standpoint on Zoom. Many people are now having business meetings obviously, or hopefully not on Zoom, but in the online world.

But right now, what we're seeing is love and marriage. How people are connecting. It used to be, of course, accidental. Then some of us might go to the church we belong to and look for a companion or a mate. There are a lot of ways that things have changed, and they changed a lot, really in the 18th century with the industrial revolution.

Now we're kind of back to the isolation days. Well, so what do we do now?  I don't know if we'll ever really get back to normal. People have found that they can do business from home. They can work from home. Now they found that they can date from home as well.

Already, we're seeing nearly 40% of heterosexual couples reporting that they have met online. Most of the time, that's being through a social media site like Facebook, or maybe some of the others that are out there. Same-sex couples are even a higher percentage here, more than 40% of heterosexuals that are meeting online.

Of course,  there is also the casual encounters that have been going on.  I can't even believe it, but Dr. Fauci even mentioned that, right?  Oh man, we're not getting into that right now.

But this type of online interaction is absolutely surging during the time here of the Wuhan virus. Bars are closed. Restaurants are mostly closed churches can't meet you. Can't sing hymns, depending on where you are. They might only let a few people in. I know there's one state where you can go to a bar, but only one person can be in the congregation of a church. I, I just don't understand some of that stuff, obviously.

So what do you do right now? We see a massive drop in the number of Americans that are married by the time they turn 30. Only about half of them are married by the time they turn 30. Fertility rates have plummeted to 1.7, meaning the average woman will give birth to 1.7 children over her lifetime, which means if that woman can be considered to be part of a couple. That is negative growth in our population. Something that some people have been trying to achieve for a very, very long time, but it is well, well below the natural rate of replacement, which is as I recall, what about 2.1 or 2.2? So that's pretty dramatic, and it is just continuing to go down more.

Men aged 30 to 34 were living with their parents than with the romantic partner, and that's before the Wu Han virus pushed even more of a back into our homes as we've lost jobs and opportunities that are out there. It's just not very, very good, but the future isn't all of that bleak.

I wonder, frankly, when we're talking about general social social media. So things like Facebook and messages and stuff, how much of what we see and we feel we have a connection with other people. How much of what's real. We already know much of what we see. Isn't it real. Some of these social media influencers you've admitted to taking as many as a thousand pictures before they found one that's worthy of posting where all the makeup was. Right. The pose was right. The hair was right. The background was right. The lighting was right. It leads to a false sense of, Oh, keeping up with the Joneses. If you will. There's an older expression. Where people see this, and they think that's the way their life is supposed to be. It's absolutely not.

So how about where where we're trying to do one on one stuff. I think we all can remember going on dates and being a little braggadocious. Maybe inflating things just to ever so slightly. When we went out with somebody and then over time, we got to know them, and then we started to loosen up. I'm in a mastermind group, and I also have seen that in the mastermind group that as we got to know each other. We kind of relaxed, but we know each other's businesses now, and we can give each other good advice and a good kick in the pants when necessary.

So I don't know. The future's not bleak. I think. Yeah. It might take a while for people to get to know each other when we're talking about meeting online, doing little Zoom meetings, or meetups online. But the whole courtship thing has really changed the whole structure of what it is. It is just absolutely amazing, but I think we are still going to be looking for those relationships. We're so going to be trying to find them online, and I think it might work, and I don't know. Maybe a breakup is even easier in the online world or maybe the whole fallacy behind the online world where people are literally making stuff up if the fallacy is going to make it even worse when it comes to breakups. I really don't know.

I'm looking at an article here from Debora Spar. She's a professor of business administration at Harvard business school, and she's been very focused on issues of sex and technology and what's been happening with the technological change. She has a new book out called workmate. Marry Love, how machines shape our human destiny, which is kind of an interesting book. I think the romantic times are going to continue, but we're going to continue to look online for ways of meeting and doing stuff with people. So there you go. Zoom is not just for little family gatherings, but it's also for romance. I think that's kind of cool.

Hey, if you like to listen to the radio, when you're driving around in your truck or your car, one of the things that I do, and here's a little tip for, in case you didn't know you do it is I have Bluetooth in all of my cars.

Nowadays, there's Android play. For Android phones, not all of them, just some of the newer ones, and Apple also play for the newer Apple iPhones. What that allows you to do is run the app near a phone. And once that app is up and running, it will come out through your car stereo.

Now, many of you guys, of course, you're the best and brightest. So you probably know how to do that already. I love the way car play works on the Apple side, Android. It works pretty well too, but the main concept behind it is to keep the interface simple, to keep the number of distractions down.

We are right now under attack. This is the windows vulnerability that I mentioned live on the air here a couple of weeks ago, it's not patched up by most people, and it's really, really bad.

Well, this is a big problem right now. This particular vulnerability is called a zero log on vulnerability.  What that means is your computer is vulnerable to attack without the bad guy actually having to log on to the computer. Very, very, very. Bad. Okay.

Now, this is an escalation of the privilege problem. Microsoft has come out and issued some patches. Apparently, it's not going to be fully fixed for a while, from everything I was reading.

This is crazy because what's happening is they are using domain controllers and remote procedure call login servers to get in. So if you're just running a regular windows machine in your house, obviously you want to keep it up to date.

But this particular exploit is against these servers that are out there. The servers specifically have exposed domain controllers, and remote procedure calls, also called RPC login servers.

Why do you use those? Well, most businesses use those types of servers to allow people to log in remotely. Who logs in remotely? Well, its employees, right? We're there in our homes, and we're trying to get into the office. So we use a domain controller. We are sending RPC calls here for the login servers. You may not know what's actually going on behind the scenes, but that's what it actually is. Now there's a search that you can do on a line. There's a couple of different searches to find. These exposed servers, very, very big binary edge.io. There's a couple of others also let you know about it, but okay. They show more than 33,000 3 million networks that are exposing domain controllers. This is absolutely crazy here.

If a single network has both resources exposed, and the combination can leave the network-wide open with no other requirements. Okay. It's very, very, very, very bad. I don't want to go much more into this. It is absolutely catastrophic. If you are a person who's responsible for the, IT resources within a business. You have to take care of this. Right, right, right away.

The cybersecurity arm of the Department of Homeland security mandated all agencies will over the weekend. They put the mandate out on Friday, and then they had to be done by Monday. They had to apply the patch by Monday night or remove the controllers from the internet. Take that as a little bit of a hint that maybe it's something you should do too.

So if you are a business owner, make sure you check with your managed security services provider and or your employees who are responsible for it. Okay. Cause it's very, very big. It's the year most severe Windows bug that we've seen this year, and who knows, maybe more on the way. So I'm not going to say it is the best or the worst.

Now let's move on to another subject here that I think is worthy of the news here, and that is that VPNs are a risk.

Now, one of the legitimate reasons to use a VPN would be so you don't expose those services on your server. In other words, they're not exposed to the whole internet. If they're not exposed to the internet, some guy or gal somewhere else in the world can't get to them. So how do you let your employees get to those services and keep them locked down for everybody else?

You could do it by having your firewall only allow certain internet addresses to get through to those services. That's what I would advise as a quick stop-gap for you. Ensure that only the home computers that are supposed to be able to get at it can get at it.

But remember too, that it is just a quick stop-gap, because those home computers could be infected and could be used as a launching point to come after your services. So you're letting that home computer through your firewall to get to the RPC services, the login services they need. If that computer is infected, that home computer, it could be used now to attack you. So it's just a stop-gap.

Another way to do it is to use a VPN. Now, you know what I've been saying about VPNs for the longest time, where VPNs are, frankly, a little on the hazardous side, particularly for your security. There's a difference between privacy and security. At least if you ask me.

The biggest difference is privacy means that advertisers don't know where you go, which means your internet service provider doesn't know where you go. That's privacy.

Security is where you don't want that information sold, but even more so, you don't want to have your bank account information stolen or other things that really need to be secured. Okay.

So that's the big difference here. If you get a VPN for your business so that people can connect to these log-in services, or maybe connect to your file server, that's a bit of a problem as well, because remember the VPN can be used both ways.

It's like that saying, I love this old saying, but tracers work both ways. Right?

You use tracer rounds when you're shooting at the enemy so that you can see where the bullets are going.  By the way, that means the enemy can see where the bullets are coming from. The same thing's true with VPNs. You put a VPN in place so that home users can connect to those login services or maybe your SMB CIFS here, your file servers, right, the file shares.  You open it up the VPN so they can get through, but now potentially, the bad guys can use it to get through as well. So it is a big problem.

Because of that, VPNs need to be tracked very closely in your firewalls.

We run all the VPNs that we have for clients or that are requiring security. We run them all through not just a basic firewall but one that reassembles everything. Examined all files that are being downloaded, et cetera, et cetera. Okay. That's what we do now.

There is a new technique in place right now that is gaining a lot of momentum, and frankly, within the next few years, all businesses should be using this. We're doing this already, and it's something called Zerotrust. Zerotrust means in the case of a VPN. Okay, great. There's a VPN in place, but I don't trust that home computer to have full access to my network. In fact, not only mine, do I not trust it to have full access to the network, but I don't even want to have full access to this particular server.

I only want it to have web access, let's say. Even then, I want to go to the next level. I want to make sure that that home computer is not being used to grab my client list. That an employee is about to take with them as they walk out the door to my competitor.

That's where you start getting into Zero trust and what that's all about. We're going to talk a little bit about that. What Gartner's predicting is going to happen here by 2023 and how you can use it and how you shouldn't be using it right now, in fact, so stick around because we'll be right back. 

So we know a little bit about VPNs and what they are. So what's Zero trust and how's a Zero trust network run. What are we looking for here shortly? More than half of businesses will be Zero trust.

I've started to do some three-minute training. So the first one went out on Wednesday, and I was really surprised just how much work it takes to make a three-minute training. But we did it, and we got it accomplished. We're going to try and have a couple of those a week, plus the weekend newsletter, which is, of course, a fair amount of work, but we're doing it for you. Hopefully, you got a lot out of it.

I got a crazy number of responses to the first video. So thank you. Thank you. Thank you for respondeing. Hopefully, I got back to you in a reasonable amount of time here, and we're able to help you out a little bit. Anyhow, if you missed it, go look back on Wednesday this week. That's when I put out the first one. So it should have been in your email box Wednesday. As usual, it's from me@craigpeterson.com. So if you're not getting them and you think you should be double-check, make sure I am on your contact list or whitelist me somehow so that you get those. They're important. I'm going to be doing more of those a week just to kind of a light touch. Let you guys know what's up.

So VPNs have been around now for more than a couple of decades. They've been fantastic. They've saved a lot of businesses a lot of money. Now course, they tend to be kind of dangerous, particularly these free VPNs and the commercial ones that you're using, to somehow try and make yourself more secure. I just shake my head every time I hear these misleading ads. They are lying to you. It's really not going to protect you that much, frankly, if at all. It gives a little bit of privacy in certain situations, but not in others. I had a great call with Doug, in fact, this week. And he was having some problems. He is a small business guy been in business for a long time, sold his business, and now he's almost 80. I think he said he was 78. He's kind of back in business, again, keeping himself busy and occupied. He was wondering and worried about trying to keep some of this stuff secure. So we went through it a little bit with him.

He uses macs, so it is definitely easier to keep secure. When he's on the road, he has one of these little devices he takes with him that allows him to connect to the internet from Verizon. One that directs you directly connects you to the internet, which is dangerous.  Another one that provides you with what's called Nat or network address translation that's a little bit safer. So he's going to send me the model number in particulars of what he's using so that I can help him out a little bit.

By doing that, he's no longer tying into the wifi at the airport or on the airplane or at the coffee shop, wherever he's going. He's got his daughter doing that too, which I think is a very good idea. I know a lot of people, as well that does it. I do it as well. I have one of those little devices. I just replaced the battery in mine because it started swelling. It's a lithium-ion battery. Some of them, when they start to swell, you've got to replace because what can happen is when they swell, they will short out and can start a fire. So be very careful about that.

So he's smart enough to know that you don't want to use public wi-fi. He effectively brings his own little wifi device with him, which is, again, a great idea.

Some people use VPNs when they are out there on the road and connecting back into the main office or their homes. I have that as well, and that lets me get directly in.

Most of the time now, what we've been doing for our office and our customers is putting together zero trust networks. These are far more secure than anything else we have out there right now, as far as firewalls and everything else goes.  The idea is, just like its name implies, that we're looking at everything. We're no longer just trying to do what's called a perimeter security approach where we have a firewall at the perimeter.

Now we are trying to protect ourselves and our businesses from any kind of attack, including insider attacks, including the lateral movement that I've talked about so many times before. Where a bad guy gets a foothold inside of a network, and that bad guy immediately tries to start spreading things. Very dangerous. Very, very dangerous. There's several other flaws too. Perimeter security just doesn't do a good job of counting for any third parties, any vendors you might be working with contractors; all of your supply chain partners. If attackers steal somebody's VPN credentials, now the attacker can get into the network and roam freely. Like I've talked about many times.

Many of us use the same username and password on pretty much every device out there.  That's a problem because when it gets onto the dark web, now the bad guys have it. Plus, the VPNs over time have become a lot more complex and very difficult to manage.

It's rare. I say rare, but I've never seen an exception. In other words, it seems that these businesses have misconfigured VPNs. It seems to be a pandemic out there, frankly—a lot of pain around VPNs.

So this is going to change it all. You are. We're going to have different equipment internally. Your devices are not gonna be able to connect directly.

So the way we have it set up all of the devices on a network, instead of speaking directly with each other, have to go through at least a firewall. The firewall watches what they're trying to do even inside the network. So it's no longer just out there at the perimeter. Frankly, what we've been doing with VPNs, it's just clunky. It's outdated. Frankly, kind of dangerous. So keep all of that in mind.

All right, if you need a little help, if you have some questions, I am more than glad to get on the phone with you guys and chat a little bit and help steer you in the right direction. You can just email me M E @craigpeterson.com, and I'd be more than glad to get back to you. So keep all of that in mind. VPN is dying. Zero trust is what's coming down the road.

Now, I just mentioned the problems of potential internal threats, and that can include bad guys that are in your network, spreading laterally, as I just mentioned, but it can also mean that your employees are the problem.

I've seen that before. I had it happen to me, where I had an employee who took all of my customer records and took my customers with him. I could not believe it. I still can't believe it to this day. What he did, I don't understand it. What does he think he's doing? He may have built up a relationship with my customers. I don't think he brought a single customer in. In fact, he built up a relationship with my customers, and then he figured they're his customers now because he has a relationship with them.

So forget it, Craig. They're his customers. It is just absolutely amazing.

Shopify, which many of you have heard of before and many people are using. Has found that two of their support team employees were involved in a scheme to steal customer transaction records from specific merchants. It affected apparently fewer than 200 merchants, but there's an example of where Zero trust can really come into play. Do your sales guys have access to information they shouldn't have?

How about some of your support people? We have to make sure we're monitoring where they're going and what people are doing within our networks. Okay.

We're going to talk about Microsoft and the Azure store and president Trump and wanna cry. You remember that really bad piece of malware? It's back.

I sent out a three-minute training, the first three-minute training. I'm going to be doing more and more of them here as time goes on. This training got just a plethora of responses from people. I'm so happy I could help out a lot of people this week, including a bunch of very small businesses, and that's what I love to do. That's why I do this, right. Help you guys out a little bit here.

Now, obviously, I have customers, big paying customers, usually, companies that are regulated and actually need cybersecurity.

But for the rest of you, I still will help you just as much as I can. Obviously, there are some things you need to do, and that's what this is all about.

Well, you know already about the Apple app store.  I've talked about it many times. Do you know about the Google play store? Both of those are stores that you go to buy or download little applications that you can use on your smart devices. They're both great little stores. Apple tends to do a better job when it comes to watching for security problems than Google does.

Both of them tend to take about a 30% chunk of any money that you pay. Then of 75% or 70%, I should say to the developer. Well, Microsoft has a store, as well. You might have heard of Azure. That's a service that Microsoft has, and it is an online service. It's a cloud service. It lets you run Microsoft Windows in the cloud, in a data center.

That's managed by Microsoft, run by Microsoft in most cases.  Also, by the way, it'll let you run various types of Linux, and that was a bit of a surprise, but anyhow. That's the Microsoft Azure story. Then we also have stores that are over on Amazon, and that's called AWS Amazon web services. There is a lot of others too.

We tend to use some of the IBM stores, including the IBM mainframe stuff, which has just been amazing to us, just how good those things are. The IBM mainframes, how fast they are, and how inexpensive they are for computing stuff. It's just amazing. Anyhow. Microsoft and IBM and Amazon, and anybody that has one of these cloud services also have a store.

And it's much like the stores that you would expect to find for your smartphone. But in the stores where we're talking about here, Azure, or these cloud services, they actually are selling and leasing or renting fully configured machines. So you can go on, you can say, Hey, I want a new Ubuntu version, blah, blah, blah, or red hat enterprise Linux, which is what we tend to use, version this and such, and maybe you want to also use containerized stuff. And so they have all of these things pre-configured you can say, Hey, I want a database engine and Tada, poof, there is a database engine for you. It can be either poorly maintained by them. And you have no idea what it is. It acts like, mysequel, or whatever database you might want it to act like. Or maybe it really is one. Maybe it's your own version of that. Those types of apps are available in these cloud services just to use those terms loosely.

Well, earlier this year, it turns out according to Dan Goodman, who wrote an article over at ARS Technica up on my site, but members of the Microsoft threat intelligence center suspended 18 Azure active directory applications because they determined they're part of this huge command and control network that was being run out of China.

Now we can also talk here about commanding control because your computer might even be part of this. So if you have a computer and that computer gets hacked, one of the reasons they hack it is to use it as part of a command and control network.

Now here's the idea behind command and control. They're not going to ransom your data. They're not going to try and do something nasty with it. In fact, these command and control guys don't really care that your computer can do anything other than connect to the internet.

So one of the things they'll do with command and control is they will do what's called a denial of service attack against somebody. So there's some company they don't like, or maybe they're ransoming. This company says, Hey, listen, we'll shut down your website unless you pay us a million dollars.

What they'll do is he'll use a thousand, 10,000, however many computers they have in their command and control network. They'll use them now to send off fake website requests to that company. Now that company's servers just get hammered and nowadays we see in the order of tens or even hundreds of thousands of requests. Per second coming into some of these data centers and that there are services out there to protect against. Those types of denial of service attacks. Okay.

But here's where things really start getting interesting. That is, they all also use command and control systems to send out emails, to do phishing, even to research them. So command and control just as it sounds is they have control of your computer, right? They send commands to execute.

So, in this case, what we're finding is that Microsoft had these apps that were in there as your active directory, their cloud service, that were part of this commanding control network. 18 different applications. Again, we're not just, we're not talking about an app, like an app that would be in the windows phone. If you are sad enough to have bought one and no longer getting support. So it is a difference. It's a pretty big difference.

These are the types of applications that are used by businesses, database applications, web server applications. All right. It's not just the fortune 500 companies that are doing this anymore. We're talking about the smaller guys who really don't have the resources to check.

You know, between the two of us, most of these fortune 500 companies aren't doing what they should be doing either. Hence all of the hacks that we've been seeing. So they had the cloud hook, hosted applications.

This is a hacking group that Microsoft is calling gadolinium. They had also been storing stolen data in a Microsoft one drive account and used that account to execute various parts of their campaign. Now, Microsoft, Amazon, all these other cloud providers have been touting how secure it is, how fast these cloud services are. They're just so much cheaper. Oh, this scale that comes from renting computer resources. I remember describing what they were hoping for a way back when with cloud services, that it would be like the power company who cares where the electricity comes from as long as you just flick the switch and the light comes on.

Believe me, and it is no longer like that. The hackers have realized now the benefits of hacking the cloud surfaces and, in this case, using them to share their stolen data to store it, et cetera, et cetera. And now there's so many free trial services and one-time payment accounts. Hackers have been able to quickly get these different things up and running.

They, as I mentioned before, can even buy their own materials, their software to do the hacking, to do the phishing, to do the ransomware, to sell the decryption stuff. They even have banks that'll handle the transactions for them to in converting Bitcoin into the US or whatever dollars they want to. Very very big deal.

Earlier in the show, I've talked about this some of these tools are in use right now in particularly in Windows PowerShell, that are not well secured and are legitimately used by the system. Administrators have become a huge, huge tool for the bad guys to use. They're so widely used for legitimate tasks. It's very hard to detect the reuse of these illegal tasks.

This group, this gadolinium group, has recently started using a modified version of PowerShell empire post-exploitation framework. It's open-source. Can you believe this stuff that's going on? So it's very scary. Agility and scale, frankly, are working both ways here against us, and for us, I am very concerned about some of the stuff that's going to be happening.

If we've got some of these bad guys that are out there, right? Some of these terrorist groups, domestic terrorist groups that are burning our cities right now and shooting people, shooting cops, et cetera, that these terrorists are going to be using—these same techniques shortly here in the US. You probably already are. We already know it is using them to finance and fund their operations. Very, very scary stuff.

So one more thing real quick before we go. That is Wanna Cry. Very, very big deal. SonicWall is reporting a 109% increase in ransomware in the US during the first half of 2020. Keep your eyes out. This is very, very inexpensive for the bad guys to do. Get ransomware on your systems. They have high rates of return on it. There's hardly any risk for them. It's even outsourced. We've talked about that before. It is a preferred method of attack for cybercriminals. So be very, very careful out there.

Get the right kind of security. I was talking with a couple of companies this week. We're going to be putting in place some of the prosumer Cisco stuff to help out a very small company and some of the commercial stuff that you need to have if you are a regulated industry. So we'll be doing some of that this week, too.

You've been listening to Craig Peterson. Have a great week, and make sure you visit me online. me@craigpeterson.com.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553