Feb 28, 2020
Welcome!
We are going to hit a number of topics today from the world of Technology and I have a special guest today who will discuss a subject close that I feel is important for my listeners as well. We are going to talk about some of the dangers of using the cloud and why you need to be careful. Passphrases beat Passwords, Malware on Macs, Ransomware, Cloud Liability and How Big Tech is taking advantage of our kids.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
Businesses in Danger: Data Transfer between Cloud Apps
Passwords: Length trumps Complexity
Businesses Must Understand The Intricacies of Cloud Security
Malware on Macs: Not as Bad as the Headlines Might Lead You to Believe
Businesses Beware: Ransomware is on the rise, again
Liability belongs to You: Misconfigured Clouds and Security
All Businesses are Tech Businesses - Like it or Not
Big Tech taking Advantage of Our Kids
---
Automated Machine Generated Transcript:
Craig
Hey, good morning, everybody, Craig Peterson here. I am not doing
the Facebook Live this week. If you watched it last week, I'd love
to know what you think. Of course, it's something I am more than
glad to do. We're busy, so I don't want to do something that people
aren't going to like. We're thinking about trying to do something a
little bit different, where we go ahead and instead of just the
radio show when we do these Lives. We're going to use those for
deep dive so you can ask questions and all of that sort of stuff. I
think that's going to work out pretty darn well. We'll see how that
goes. We're, you know, we're just trying a few different things
here as time goes on. Hey, I got a great interview coming up with a
friend of mine. He has been sugar-free now for years, you know, is
a tech show right then, and there's no particular tech behind this.
You know, if you listen to me for a while that I have had a weight
problem, okay. Ever since I was a kid, I had a belly on me. The
bottom of my rib cage there in the center kind of points out as I
get a ski jump from my belly over the years. I've had this constant
battle with my weight, and I lost 80 pounds, I put 40 back on
throughout about 15, almost 20 years. I guess that's not too bad.
Now I've taken it off again. I've talked about what I did to do
that. I want you to hear what Barry has to say. I invited him on.
He's an incredible guy and done so many interesting things over his
life. He has a book out there, and he had a membership site. He was
helping people for a while to get rid of their sugar addictions,
but he's going to give us some tips and tricks and some points as
well coming up a little bit later on today. I want to discuss a
fair amount today about "The Cloud" because so many people think
it's a panacea. They think by using the cloud somehow relieves them
from the regulatory liability of these regulations that are out
there and some of the things that you're supposed to comply with,
right? In some cases, if you are a subcontractor selling stuff to a
military contractor, there's now a ten-year prison sentence plus
all of these fines and things that can nail you. So people are
thinking, well, we'll just move to the cloud, right? It's going to
make it easier. It's going to make it cheaper. And you know, the
first pass on those numbers might be the case it might be cheaper.
But what I have found in doing a little bit more digging is that
many companies are now abandoning the cloud. And when I found they
were abandoning the cloud, that's when I started getting interested
trying to figure out why what's going on here. Here. And so I dug
into it, and I'm going to share that with you today. I think that's
an essential thing for businesses. I've got a new report out from
the FBI this week that's backing me up from five years ago. I think
that's kind of cool. So we'll talk about what the FBI is warning
and telling us to do. From our security standpoint. We're going to
also talk about some of the intricacies of cloud security. Still,
Mac malware on Max, this is kind of interesting, isn't it because
we all been kind of conditioned to think the Macs are malware-free,
due to their secure design. They use software designed in the
university environment for networking, unlike windows. You know, so
when you think about the Mac and you think that you are completely
free of malware, that is not the case. We'll talk about what kinds
of malware you are likely to be exposed to that could kind of nail
you. We're going to talk about business ransomware, you do not hear
much about it, because you know, there was such a big deal a year
to two years ago, but it is on the rise again. So we'll talk about
that and how that's affecting business. We're also going to talk
about the fact that if you are in business, face it, and you're a
tech business. There are no two ways about it, right? As a business
person, now you have to use technology. So how do you do it? How do
you take care of your security and your technology, when the
Calvary is incoming, they're not there? You're just like every
other business out there. That means you have to develop some
technical prowess and expertise. You have to be also the guys that
take care of your security. Maybe you'll bring in professional
services firms to help you out. Companies like mine can come in and
design your network or redesign your network. Or maybe have
accountants come in and look over your bookkeeping. Maybe help to
improve some efficiencies in the business. Maybe you bring a legal
team in to make sure that you're not going to get nailed by some of
these regulations out there. The bottom line is that we are all
tech businesses in this day and age. That's something that I don't
think most people consider. We'll get into that a little bit later
on today. We're also going to be talking about big tech, taking
advantage of our kids some new lawsuits filed under the children's
online privacy protection act or COPPA, against some of the biggest
companies out there in the online world. These are all big deals, I
think. That's what we're going to be talking about today. If you
want to two, you can get all of these different segments from my
weekly radio shows my appearances on TV and radio at my website at
Craig Peterson dot com, and you can listen to them individually.
You can also subscribe to the podcast. What we've been doing with
the radio show since the whole radio show from soup to nuts is an
hour and a half long every week is to put it out as one long show.
Thanks to a suggestion from a few listeners and one guy that kind
of pushed me over the edge in making it that way. If you subscribe
to the podcast on any of the major podcasting services, you are
going to get a one hour and a half, a 90-minute podcast that covers
all the latest news of the week. I appreciate everybody that's
doing that. Of course, our numbers have gone down a little bit in
the podcast downloads because there are fewer downloads instead of
the show being a different podcast is now one podcast, but I think
it is better. There was an event that was held by the FBI infragard
program in New Hampshire here last week. I didn't go as I was just
tied up. They hold it the morning, every couple of months, and most
of the time, I just can't go. But the event was called "The Calvary
is not coming." They weren't talking about Covid-19 The
coronavirus. They were talking about our infrastructure, our
businesses when we get attacked. I work with the FBI on cases and
help them understand what's going on with attacks against our
customers like when Iran or China, Russia, or even others are
trying to attack our customers by doing some nasty stuff with our
customers, right? Our customer's data that we just don't want to
have happened. We just didn't want that information to get out.
While preparing these tutorials, the pop-up-trainings, and
coursework, it brought to mind this idea of the Calvary, and
whether or not they're coming. You and I, we are the people who are
responsible for the security in the businesses we work in, right?
And that can end up meaning that it's all on our shoulders. So this
whole Calvary thing got me to thinking that I think there's a great
analogy here. We are the Calvary, I'm the Calvary, and that is the
director Action I've been going anyways, not with that specific
wording, that particular name, okay. But that's the direction I've
always been going. But now I think I'm going to get way more
specific about that. Because you are the Calvary, you are the
people that your family goes to when there's a problem. You are the
people who are relied on by the business owner. Maybe you are the
business owner, and the buck stops with you when it comes to
technology when it comes to security when it comes to making
everything work, right. That's the way it is with me, right? I'm
the business owner, and yet the tech buck, the security buck stops
with me. And so that's the approach I'm going to be taking here. We
are the Calvary. I am the Calvary. You are the Calvary every one of
you, right? You listen to this tech show to understand technology a
little bit better because you're the person that others go to who
is going to answer their questions. Who's going to fix their
problems. I think it's great, but I also feel a huge responsibility
to help you with that. I kind of woke up in more than one time over
the last few months with nightmares, that's the wrong word, but how
do I help you? How do I help you guys best? What are the things you
need to know that is going to be easy? It is a question that we
need to work on need to understand. We need to make work for us and
our families, our business families as well as our families. That's
my theme. I have already got five tutorials in the can where I'm
doing screenshots, and I am showing you what to do while you're
watching my desktop as I am doing things. I'm installing an
extension, or I'm locking down a Windows computer, or I'm
configuring a firewall. I am doing all of these things you have to
do for everybody or that you have to understand. That's where we're
going. I am committed to this. I think I have a message that that
works that people can understand, right? The Calvary isn't coming.
You are the Calvary. We are the Calvary, each one of us, and that's
what we will be covering. So keep an eye on that. Make sure you're
on my email list because these tutorials, although free, you can
only get them if you subscribe. Craig Peterson dot com is where
you're going to find it online. Craig Peterson dot com. Make sure
you also use subscribe to the podcast, I'd appreciate it if you
enjoy these. A subscription always helps us out and helps get the
word out even further. We'll be right back listening to Craig
Peterson on WGAN and, of course, online at Craig Peterson dot
com.
Hi guys, welcome back. Craig Peterson here on WGAN. In online, of course, Craig Peterson dot com. We're going to talk about the cloud and what stuff you need to worry about and what you don't. I was at my chiropractor's just this week and talking with him, and he has moved his practice in with another chiropractor. It's a little bit bigger, they've got massage therapists, and now there are four chiropractors in practice there. He was asking because he was concerned, they have a system there that is cloud-based, and you know, time was they would have a server there in the office, maybe in the basement, and they would have their little firewall, they try and keep things safe. Now that it's out in the cloud, their worried. We're going to be getting into that in a few minutes. And then also coming up here at the top of the hour. I've got my friend Barry who's going to be joining us, and we're going to be discussing sugar, which is, yeah, I guess there's kind of a tech angle to the sugar side, right? Like the high fructose corn syrup and the problems coming from that, of course, we're not going to talk about that part of it, but what he's done and the book he has as well as what you can do. First off, let's talk about our first cloud topic of the day. And this is about businesses in danger, and how they're in danger now from the cloud. The cloud, as I mentioned in the last segment, is not a panacea; it does not relieve you of any responsibility for the data that is in the cloud. So, for instance, if you have patient data, if you have data that is privileged or personally identifiable, putting it into a cloud vendor's hand does not relieve you of that responsibility. If you want to check it out with most of the major vendors out there like Google, for instance, you can find their statements online of what it is that they will accept responsibility for, which is nothing. And that's particularly true if you're not using the business type services. For instance, with Office 365, if you are using their email service, for example, and you're on their lower tier of the platform, you're not going to get security. You're not going to get the ability to block some of the most malicious types of emails that might be coming in. It's not backed up. They are not going to have some of the multi-factor-authentication that you really should have tied in with things, maybe like DUO or others, alright. Just because there is a cloud-service does not mean it's safe. Just because a company like Microsoft with its Office 365 does have some pretty darn secure services. Don't assume that the lower end service is they have are going to be safe for you either. And there's a great article I have up on my website right now. And it's from Health Net security. And it's talking about this subject and saying that 44% of malicious threats are cloud-enabled nowadays. Think about that. It's huge. Time was when the risks were what viruses and we know anti-virus software now is pretty much good for nothing, right? Because the anti-virus software is not going to protect you from modern threats. But that's what it was. It was all this virus stuff that might spread and worms that might cover the basics. But now we're seeing that cybercriminals are using the cloud because it's been an effective method for them to hide their attacks. Because the cloud vendor again, it's you know, friendly. Glee, this is you know, saying, you see a lot, aren't I? Frankly, when you get right down to it, if you are in a big cloud vendor like Microsoft or Google or an Amazon. Or even some of these smaller guys that are still pretty big, you're not even noticeable. Would they notice if you moved to another cloud provider? You will not change their bottom line or their top line. You're not even a rounding error. How much do you think that they care about you individually? What can you do when you get hacked, and you're in the cloud? What can you do when their cloud network goes down? What can you do when their software isn't working when a rollout of their latest release doesn't work? Or maybe it just doesn't work for you and 10,000 other people, which is nothing, right? Because Yeah, well, we got millions of subscribers 10,000 Some people Yeah, well, we'll get right on that for you, sir. Right, because you're not even in the 1%.
Lots of problems here. And when we're talking about the security
side, yeah, in some ways, it's going to be more secure. But in many
ways, it's not. Here's a quote here from a threat company that they
do a lot of research is called net scope and scale P. and Ray can
Aziz is the threat research director over there. And he's saying,
and we are seeing increasingly complex thread techniques being used
across cloud applications, spanning from Cloud phishing and malware
delivery, to cloud absolute control and ultimately, cloud data
exfiltration. Of course, data exfiltration is where the bad guys
are stealing your bank account information, stealing nutritional
property, stealing your customer's information, etc. Or research
Research shows the sophistication and scale of the cloud-enabled
Kill Chain to increase, requiring security defenses that understand
thousands of cloud apps to keep pace with attackers and block cloud
threats. For these reasons, any enterprise using the cloud needs to
modernize and extend its security architecture. In other words,
what he's saying is any business because we know when he's an
enterprise, I want to bring up a critical point. I was doing some
work and doing some training with a bunch of accountants in
Ireland. The largest group of accountants in Ireland, and I was
explaining some of the security problems that we see here and
around the world and that they see there, and they started talking
about enterprises. Now I note in enterprises, right, and enterprise
is big business. You think of enterprises here in the United
States, and you're thinking about you know, the multi-billion
dollar profit that some of these vast enterprises get. An
enterprise means any business, right? It's an enterprise for a kid
to set up a lemonade stand at the side of the road and sell
lemonade to passers-by. That's an enterprise. So they're saying
here, and I agree that every business, no matter how small, needs
to understand the threat and understand that cloud apps aren't the
answer and you have to take care of it yourself.
The Calvary isn't coming. Your end Nat not even in that you're not
a rounding error when it comes to the amount of money these
companies made and make every year. So you have to be your own
Calvary. Now, when we're stuck talking about businesses here,
they're saying that 89% of companies are In the cloud Now, that
doesn't mean they're hundred percent in the cloud, it just means
you're using the cloud service. I bet you when you got right down
to it, that those numbers are probably really 100%. People are
using some of the services that maybe you shouldn't be using,
right. They're using Google Docs and Sheets and all of those types
of things. I use Grammarly all of the time, and some of those
things can leak data. So we're trying to be careful not to use some
of the cloud services when it comes to more confidential data. But
really, it's 100%.
Think about everything you're doing, all of the collaboration
tools, and people are using Slack, which is not secure. And they're
using that to share information within the team. You know, it's a
great productivity application, sweb mail apps, those are probably
the most popular and used today, people using Gmail or I mentioned
office 365. I have a friend who still uses Yahoo, who knew that
they were still in business doing email, right? There, the average
company is using 142 different cloud applications. And I'm what I'm
just trying to do here. Now, I'm not trying to scare you away from
using the cloud. It isn't just a scare tactic. I'm not trying to
sell you a listen. You need to have multiple layers, and you have
to buy them for me, right? What I want you to do here, my whole
goal of talking about this today is to get you to pay attention to
what you're doing, and the data that you have up there. We're going
to talk about this more when we get back. We'll finish this up.
We're talking about the new FBI, released this week, what they're
saying about security and what you can do to help. So stick around.
You're listening to Craig Peterson on WGAN. We'll be right
back.
Hey, welcome back, everybody, Craig Peterson here, WGAN online
at Craig Peterson dot com. We're going to talk here about the FBI
his latest recommendation from their press release this week. We've
got more coming up about cloud security. Ransomware is on the rise
again, what type is it? What's it doing? And at the top of the
hour, I've got Barry Friedman joining us. We're going to talk about
sugar,
and the impact of sugar. Now, this isn't an entirely tech-related
topic, but I know you're going to appreciate this. He is a great
guy. He's got an excellent little book out. It's been up for quite
a few years now. It is this concept that he has about sugar and
what to do with it, and about it has helped to change my life. I
figured I would share it with you. It's one of the things I find
essential. Let's finish up our first cloud topic of the day because
I want you guys to think about your use of the cloud. When you get
into the larger businesses, it's looking like the average of these
Fortune 500 companies. The real big ones, but not like the, you
know, absolutely massive ones. Those guys are using over 2400
distinct cloud services and apps. Think about what you're using
what you're doing. And let's help you think about it for a minute
here. Here's a top of five cloud app categories. Which of these are
you using Cloud Storage? So we're thinking about things like
Dropbox here or box, we're thinking about things like Google Drive,
which again, all of these guys Microsoft has one drive, all of them
have tiers that are safe. However, most people are not buying their
secure tier. So keep that in mind. Next, collaboration tools, which
collaboration tools are you using? Right? I am talking about Slack
here, and about the Microsoft Teams program. And there are many
other types of collaboration as well. We use some for putting
together diagrams to use some for some of our graphics arts. We use
some cloud apps for grabbing videos and doing some video
production. Webmail, what are you using for webmail? Consumer
stuff? What do you do? Are you going on to amazon.com to order
things? How about some of these other sites, social media, many of
us my business included, we have social media accounts that we use
to keep in touch with our prospects and with our clients. Which are
these are you using Google Drive, YouTube, office 365. Hopefully,
you're at least using one of the business versions of office 365.
How about Facebook? How about Google? Gmail, Microsoft Office
SharePoint, that's a pretty common one. Outlook. How about Twitter,
Amazon services like s3 or Amazon Web Services. It was the list
goes on and on. LinkedIn, many of them are using them. When and
when we're talking about 44% of the threats being cloud-based. It
gets to be a big deal. The five top targeted cloud apps are
Microsoft Office 365. Now we're seeing this right now with one of
our clients who is using Office 365. Now we have them on one of the
enterprise levels that they need. They have multiple times a day
people trying to break into their Microsoft Office 365 for business
accounts from Iran. Now numerous times a day, but also from China
and Russia. The next top one box. Very good. Again, outstanding
software, but you have to have the right kind. And make sure you're
using at least two-factor authentication with some sort of a random
one-time password (OTP) type generator. Google Drive Microsoft as
your GitHub. Man, it goes on and on lots of great information here.
I'm not planning on doing a full course on the cloud anytime soon.
But we are going to talk about it more a little bit today coming up
later on. But I want to get to this FBI thing right now. About five
years ago, there was some academic research that was published, and
I remember reading it back then I was really, really into it came
out of Cornell, and they looked at the strength of passwords. And
we went into the whole history of behind passwords how they started
I remember the very first passwords, you know, we remember using
systems didn't have passwords. But it has evolved to the point
today where these recommendations that came out five years ago are
starting to take root with people.
There have been so many discussions, so many arguments, if you
will, about what should or should not happen when it comes to
security. Some are arguing that we need more complexity in our
passwords. Many businesses require you to have uppercase lowercase
digits, special characters in the password used to be used to have
control characters and your passwords. I haven't seen that
requirement in a long time. It was back in the days of terminals.
Others say, Hey, listen, all you need to do is make your passwords
longer. Because part of the problem we have with passwords is the
more Like some password, the more likely somebody is going to write
it down. And if they write it down, the cleaning crew or somebody
else is going to come across it, right? That's a bit of a problem.
Well, the FBI is Portland office this week, came out on the side of
longer passwords and not this whole complexity mess. So in the FBI
statement, they said, quote, instead of using the short, complex
password, it's hard to remember, consider using a longer
passphrase. It involves combining multiple words into a long string
of at least 15 characters. The extra length of the password makes
it harder to crack while also making it easier for you to remember.
It falls right in line with the research out of Cornell. It is what
I've been recommending for a long time. You're best off using some
sort of a phrase such as a four-word phrase for a password.
Remember, I use password managers, and you should be. You should be
using one password or using Lastpass to make sure that you are safe
right. So using one of those have it choose the words for you
randomly. Both of them have the ability to generate passwords.
Occasionally I will use these very complex ones with upper
lowercase special characters and numbers. But I only do that when
the site requires you to do that. Okay. But this is a very, very
big deal. And you might have seen stuff about this before there is
a famous now-infamous XKCD webcomic that is online, I should say.
It is kind of cool. A lot of sarcasm, math, and language, but it's
looking at password strength and through 20 years of effort and
said We've successfully trained everyone to use passwords that are
hard for humans to remember, but easy for computers to guess. And
that is the problem, the harder it is for the computer to guess.
The longer it'll take to break-in to, and the less likely they can
get into your account, right? So they break it down, look for
common substitutions, look at the order numerals punctuations and
basically, they come out and say, Hey, listen for your average
password, using troubadour ampersand three as the example. That's
1-234-567-8910 11 characters, which is a pretty good length, right?
Most sites only require eight characters. That breaks down to 28
bits of entropy. That's two to the 28th power, and at 1000 guesses
a second, it would take a computer above three days to break that
particular password.
You know, possible attack if it's a weak remote web service, it can
be a lot faster, there are hash tables that are news. Those hash
tables make it so that the bad guys can crack a password in just
minutes. When you start using these big ones, and the example is
like course, correct battery staple, that's 44 bits, takes 550
years to guess versus three days. Think about that for a few
minutes. I think it's vital that we use these passphrases from once
again, I agree with the FBI on this one. All right, when we come
back, we have one more segment before we get into our little sugar
interview. And we're going to talk a bit of malware on Mac. So
stick around. We'll be right back.
Hey, welcome back, everybody. Craig Peterson here on WGAN and online, Craig Peterson dot com. We're going to talk right now about malware on max. Right, our max hack-proof is not kind of the bottom line. But we're going to talk about that we also have more coming up on some of the cloud risks and things you can do, where you should keep an eye out when it comes to the cloud services that you're using. And I want you to think about what services you're using. And we did talk about that a little bit earlier. Okay, so let's get into the max right now. When we get back to the top of the hour, we're going to be joined by my good friend. We're going to be talking a little about what's going on when it comes to sugar, guys, so he's coming up here in about what 1015 minutes, so make sure you stick around you're going to enjoy it. He has a book out there by You'll find it over on Amazon almost anywhere online. And I think you'll get a lot out of it. It's called I love me more than sugar, the why and how of 30 days sugar-free. So it's, it's absolutely a great idea and is something must pay attention to, we have such an obesity epidemic in addition to all the illnesses, so many of them traced back to that one ingredient. Why and how and what's going on. All of that is coming up with my friend Barry Friedman coming up at the top of the hour. So our Macs you know if you've watched me for a while that I am a huge Apple fan, right? And I'm a big Apple fan mainly because when Apple first came out with iOS 10, not iOS but with a Mac os 10. They had switched from using what was a complete and total toy operating system to a real one using Unix and a refined version of Unix. They ended up having a mock OS underneath it. I had worked on both platforms before helping to develop the kernels in both of those, so I thought, well, this is great, maybe now's the time because I was frustrated, right. I had been using Unix for years. I had, at that point, used Linux as well. And so many of the apps that I wanted to use just weren't available for Linux or any version of Unix. That was a big BSD guy. He still used BSD for some of the things we're doing. I just said, this Is it, right? Because you could drop into a terminal, you had a real terminal, a real operating system sitting under underneath you. And I thought that was pretty darn cool. And I have stuck with Max ever since. But Macs are not foolproof. They do come under attack. Apple has tightened things up. If you've got Catalina, which is the latest release of the Mac operating system, you know that some of the old apps that you might have had no longer work on Catalina, because Apple now has put some requirements in place. The biggest one is, you guys need to be 64 bits instead of 32 bits. That makes the operating system writing a little bit easier because you no longer have to handle two sets of libraries and worry about linking the man or the addressing space for the application. After all, you want to randomize it. And so now I'm going down a rat hole, you're getting kind of geeky, but that's one of the things the other big thing is now you might have noticed that Apple has a lot of controls in place about where an application can go on your Mac, what it has access to and will pop up and ask you about it. There is a lot more stuff coming up. In fact, in the next minor release of Catalina, there's going to be more restrictions in place. But even with all of those things, there are still some vulnerabilities, nothing like Windows. But Windows is getting better. But there are still some significant flaws in the way windows works with its file-sharing services, services turned on, even though it has a firewall. It's a crappy one, and that's part of what we're going to take care of with some of the courses and tutorials I am offering. You're going to be able to lock down any Windows or Mac computer all by yourself. You're going to be able to lock down your small business network, and I am teaching you how to do that, absolutely free. No upsells. Depending on how far you want to be able to lock it down, I will have some courses and things too. As I've said so many times, you're the Calvary the hackers are coming you have to be prepared. When we're talking about Macs, what must we pay attention to? Malwarebytes has some outstanding software that you can use on a Mac and also on Windows. It's one of the few pieces of software one of the packages that I recommend, frankly, but they've got a new report out, and they're saying that Mac malware is now growing faster than malware for Windows, for the first time. It is a quote right out of malware bytes. For the first time, Macs outpaced Windows PC in the number of threats detected per endpoint. I want you to remember, that is threats, not actual successful attacks. In total, we saw approximately 24 million Windows, adware detections, and 30 million Mac detections. We're talking about adware here. These aren't the viruses that have plagued windows forever. It isn't the ransomware that continues to plague windows and will for years to come. We're talking about adware detections. Frankly, what this boils down to so that you don't get too worried about it with your Mac. It is that most of the Mac malware is much more of a nuisance, and it is a real danger. Because Macs are generally not vulnerable to what we would normally classify as malware. They do have some pop-ups that can happen because of the browsers. That's why I've got my training coming up. You guys that are the frontline defenses in your homes and your families and your businesses, you are the Calvary. I've got some great Calvary training coming up for all of you. Keep an eye out for that here in a couple of weeks. But Macs are mostly only vulnerable to this so-called adware frankly and add whereas I said it's more of a nuisance than a danger. Here's something else that Malwarebytes acknowledges it says max differed drastically from windows in terms of the types of threats seen. Between us. It's because they design Macs drastically different than Windows machines. Mac's operating system is designed right. Back to Malwarebytes, where we found several different categories and families in our top detections and Windows threats that classify as traditional malware, especially those aimed at businesses. Most Mac threats and certainly the most common ones are families of adware and potentially unwanted wanted programs (PUPs). Among the top 10 Mac threats for consumers and businesses or it is a mix of these PUPs, these potentially unwanted programs, and adware. The PUPs are a variety of mostly cleaning apps termed as unwanted not just by Malwarebytes but by the Mac user community at large. Two of the best-known examples mean Mac keeper and Mac booth. And I had to add to that, that I have a good friend and he was in the insurance business for years, had his practice and they had several people working for him as he was handling insurance, and then he went into investment type stuff. And it was interesting to me that he fell for that whole pop thing multiple times. He just kept downloading and paying for Mac keeper, which just doesn't do anything, and is malware itself. It is adware. Mac boosters are the same sort of problem. Don't install those things. By the way, when it comes to a Mac, this is very crucial. You have to install the software yourself, right. So until last year, the two top Mac adware apps had detected installations. Number one Hundred of thousands in 2019. However, one new piece of adware was detected 30 million times. It's called New Tab. It appeared on the scene in December 2018. It's an adware family that attempts to redirect searches in the web browser to earn illicit affiliate revenue. I've talked about that before it clicks on ads using your browser. And it is usually delivered in the form of apps with embedded Safari, Safari extension Safari is Apple's number one browser, Apple's browser itself, right. So don't use a new tab. Most crucially of all, Mac malware is not a virus, and it can't spread by itself.
It isn't a worm that kind of crawls around. Mac OS does not allow unsigned apps to be installed without user permission at all. The mission these apps cannot spread from machine to machine. You have to fix them. No drive-by, right? None of that happens on a Mac. So the way Mac malware gets installed is by entirely new users like you and me into installing it ourselves. And when we're talking about these potentially unwanted programs, when I call it a scam, where, frankly, but these types of scams advertising junk apps, pretend they're doing something useful. And this is part of what chrome google just got rid of over 500 Chrome extensions because they were doing the same thing. They had scareware built into them. They weren't clicking on all kinds of ads out there to try and drive up revenues. Naive users like my buddy that get tricked into installing them and sometimes even paying for them, which is what he did with Mac keeper. Okay. And then they're hijacking your browser. It's just crazy. So protect yourself. It is simple. Only ever install apps from the Mac App Store or a trusted developer. Only install browser extensions that are recommended by me or by trustworthy sources, because they are not signed and not reviewed. You can always delete them, and you can always remove them, you know, and that's been my advice for people for a long time. Go through your inventory of apps, including on your iPhones, your iPads, etc. The thing that you see that you haven't used in a while delete them. I just went through earlier this week on my iPhone, I sat there and said, Okay, I haven't used that for a while, but I really could use it soon. No, I haven't used it for a while, and I deleted it, which is what I recommend everybody do here. Be very careful that great article from nine to five Mac by Ben Lovejoy that I was commenting on here this segment, and you'll find it online and, of course, at Craig Peterson dot com. And this is part of what I do if you are on my email list, you will get these emails. We have a high open-rate like 40% of you guys open these emails, and I think that's just phenomenal. It's a very, very high rate because they are so useful. So make sure you subscribe, Craig Peterson, calm, slash subscribe, get on my email list, and articles like this and others, including that FBI warning that just came out, will show up in your mailbox. Usually, Saturday morning depends on how far a week's been going. Stick around when we come back. I got my friend joining us, Barry Friedman. You're listening to Craig Peterson on w GAN online Craig Peterson dot com.
Hello, everybody, welcome back. Craig Peterson here on WGAN. A
little earlier this week, I sat down and recorded an interview with
a friend of mine. I've known him for quite a while now. His name is
Barry Friedman. He's written a book that you'll find online. It is
one of the Amazon number one bestsellers titled I love me, more
than sugar. You know that I have been very conscious about my
health, particularly recently, right? As I get a little bit older,
you realize I'd better be healthy, or I'm going to have all kinds
of problems.
I have been doing all sorts of diets over the years over the last
40 years. A lot, okay. I kind of stuck with the Atkins diet for a
while lost quite a bit of weight. I also have tried a couple of
other things. Over the last couple of years, year and a half,
anyway, my wife and I have been doing Intermittent fasting. We
found it to be just absolutely incredible for us. Now, Barry has a
different way of approaching it that's been very successful for him
and many other people. So I asked him if he'd sit down with us and
talk a little bit about it, and he did. So here we go with the
interview with Barry Friedman.
Again, check it out online, you'll find this book. It's called I
love me more than sugar, the why and how of 30 days sugar-free.
We're joined right now by Barry Friedman. He is an author. He has
been quite busy over the years, even on Johnny Carson, back in the
day. He is a gentleman that I know and appreciate. He's helped me
out with a few things over the years. I want to talk a little bit
about this book here. I love me more than sugar. What he has found.
What he's doing. To help not just me out a little bit, but he's
going to talk about sugar and how it impacts all
So let's get started. Barry, welcome.
Barry
Hey, Craig.
Craig 2:06
Now there is a whole bunch of controversy out there right now, I've
heard people say there are a million diet plans. If you do a Google
search, you'll find one that'll work for you because they all work.
You know, and it's varying degrees, right? And I've done this over
the years, I lost 80 pounds doing the diet, which is really
something and then I put about half of that on over the next 20
years. I've taken it off now by doing intermittent fasting and
being a little more cautious about what I eat. Looking at all of
these changes over the years, one of the significant changes I see
right now, Barry, has to do with this food pyramid, which tells us
we have to eat grains that were the basis of it. Why don't you tell
us a little bit about why that is? What's the problem with the
grains and sugars in them.
Barry
It is funny, you know, all that stuff. See, you would talk to a
nutritionist and do well to dig into that, Craig. But what I can
tell you is, you know, since childhood of our culture, our parents
often use sugar as a reward, punishment, and bribe. It works its
way into our lives so fast, so pervasively, and it's kind of a
miracle. We eat a lot of wheat. We eat a lot of grains, and those
turn into sugar. We eat a lot of sugar. We're up to about 150 to
180 pounds a year average for Americans. It's about eight pounds
every three weeks. I know that because I used to go on TV talking
about my book and a juggle an eight-pound bowling ball. I would
hand that to the host and say, here's how much sugar an average
person eats in three weeks, and they hit the table with it. Yeah,
it's funny, you know, I think in 2020 or within this decade, we are
going to unequivocably look at sugar the same way we now look at
tobacco. It snuck in. Back in the old days, go back 150 years, rich
people would eat four pounds of the stuff a year. Our systems have
not developed fast enough to handle the massive increase, and it
shows up in all kinds of ways, overweight, and obesity. A lot of
people will tell you it has a lot to do with the number of cancers
we have. If you were to look at those two curves, cancer, and sugar
consumption, those curves look pretty similar. Now, I'm not a
doctor. I'm a four-time world champion who doesn't eat sugar.
Craig 4:28
Sugar over the years, we know it has caused problems. I saw some
studies looking at some of the Egyptian mummies thousands of years
ago now a couple of thousand years ago, and they had all kinds of
problems with their teeth and many other diseases that they had.
Now they're attributing that to sugar. You mentioned that when we
were younger, we would get a little bit of sugar as kind of a treat
or reward. Now we see these hangry commercials, but you need to eat
this Chocolate Bar because it's going. It has gotten out of
hand
Unknown Speaker 5:04
Yeah, it's hilarious. I mean, that's how we get up to 150 180
pounds a year, it's added to everything. Crackers and salt have
dextrose in it to keep it from caking, salt has sugar, which is
fantastic. You know, a lot of savory foods will have it, and it
just shows up everywhere. The truth is, after eight years of coming
up, Leap Day 2020 will be my eighth anniversary. My first day
sugar-free was leap-day 2012. I love these every four years I get
an actual anniversary. What happens, you know, what happens when it
stopped eating is the taste for the desire for the need. The
addiction goes away. Food starts to taste differently. I've often
said to people, Craig, that you can't speak for the version of
yourself who lives on the other side of 30-day sugar-free. Right
now, the person I am is influenced by everything I've done in the
last whatever, 30 days or 30 years. That person on the other side
of a 30-day sugar-free detox is an entirely different person as far
as skin or anxieties. Usually, the feelings they have, their skin,
the amount of sleep they need, the way their teeth feel. My teeth
feel so good all the time right now used to be able to take my
pulse in my teeth after eating a four-pack of Reese's Peanut Butter
Cups. I could feel my pulse. Yeah, I may have been feeling my
finger, but it felt like my tooth was banging. Anyway, if somebody
is interested in doing that, you know jumping, find little tricks
you can do for yourself like tell yourself you're not getting any
sugar for 10 AM or noon. Little tiny tricks will turn around the
habits.
Craig 6:35
It is the habit that is the problem. In so many ways for so many
people. Going back to what I've been doing with intermittent
fasting. You know I had it in my mind that I had to eat. We look at
our kids nowadays. They have breakfast, and they have a mid-morning
snack in school, they have lunch at school and then an afternoon
snack after school and another bite before they go to practice. The
score it's getting bigger, just listening to it and drink during
sports practice
Barry
Yeah, exactly. It is sugar, and it's compounding.
Craig
When I decided, Hey, I'm going to skip a meal, you know, just a
very moderate light-fast. Yeah, my brain was just going, Oh, you've
got to eat. I found that really what it was for me was kind of
always an addict, right? I was addicted to it. Is sugar that way
too? You are describing it as you know, try not to have sugar
before 10 AM. Is this something an addiction, frankly?
Barry
Oh my gosh, are you kidding me? I mean, the sugar beats up four
organs pretty severely, the brain, the liver, the heart, and the
skin. As far as the brain and when you're talking about like, even
before we take that bite, you know, it starts firing up, you know,
it fires up the same receptors that are fired up by gambling or sex
or drugs. No chance of addiction. They're right certainly no chance
of addiction. But yeah, it plays, and you know, it's funny going
off sugar and I did it for 30 days. Well, I did for one day at
first felt so good on March 1, 2012. I was like, I have to do this
for 30 days and see what happens about 20 days into that. I was
like, Oh my gosh, I'm going to do this for a year just because I
feel so alive right now I have to see how I feel. But what happens
is it throws a monkey wrench into well-choreographed habits that
you have in your life, right the way you live and yours and other
people's. That's another thing that happens, you know, it's like I
live in a family with a wife and a son. We mean, you don't do
sugar. It's a personal decision. You know, you get this little
dance of confusion that you get to run around, but it's also within
that is bliss, and there's resentment, and there's a renewal, and
there's hope the emotions so much is involved. When we eat sugar,
you know, it's not supposed to be a portal for squelching fear and
sadness and loneliness, anger. It's supposed to be for food, and so
few of the 650,000 items that are on a market shelf, serve that
exact purpose. The food you know, we can walk around and collect
what's food, in a pretty small basket, and other stuff are usually
just connectors for that hundred and 150-180 pounds of sugar a
year.
Craig 9:10
Let's talk about this bloating, right? We were discussing a little
bit about what happens when we eat a lot of sugar. The insulin
response, for ten years, I was a volunteer paramedic, and I
certainly had diabetic patients. You'd find them just unconscious,
and what do you do with them? I know a lot of people who have
diabetes, as well. A lot of this has to do not just with the
insulin response, which I'd love to chat about briefly. It has to
do with inflammation at the cellular level. Our bodies are blocking
themselves because of what we're doing with some of the sugars that
we're eating. We put on weight, and that increases our inflammatory
response. It results in some of these other problems with the brain
and the heart and the liver.
Barry
Yeah. There are very few things that surprise me when I walk around
an airport, and I still travel a fair amount. When walking around
an airport, I see a lot of large people. We're big people nowadays,
and it's not surprising. You know, when you talked about the
molecules, sugar is composed of two molecules, I'll keep this as
technical as possible, Glucose, and fructose. Glucose gets
metabolized by every cell in the body, you know, and if we don't
get it from the diet, our diet our bodies make it. Fructose, so
very different. The only organized organ that can metabolize that
is the liver. The liver is the single transporter for it. It's
overworked. I mean, it's it probably did pretty well back in the
days when people ate four pounds of sugar, wealthy people ate four
pounds of sugar, not average peasants, the likes of me. I've gotten
a few they called it the delicate spice back in the day, and that's
what our livers could healthfully handle you don't see a lot of
large people when we look back in old pictures. I just got all
these pictures of my grandma, and her family send through the
legacy box is such a beautiful thing to get these 14 Films back. No
one is fat, Craig. There's nothing personal in the video. Yeah,
going back to probably the 1880s the earliest people on here, but
that's just people running around. They've not filled themselves.
It's a challenge, man, you know, and it becomes a very personal
decision, no one's going to make us quit sugar. We've been talking
about it.
Craig
Hey, stick around. When we get back, we're going to finish up our
interview with Barry. He has some more interesting points,
including how he got to the point he's at right now. So we'll be
talking about that. And we're also going to talk a little bit about
intermittent fasting, what I've been doing, and what you might want
to do and then we're going to get back into technology. Listen to
Craig Peterson WGAN.
Craig
Hey, welcome back everybody Craig Peterson here WGAN online at
Craig Peterson dot com. Hey, let's pick up our interview with Barry
Friedman. In case you were wondering what the name of his book is,
it's "I love me more than sugar." I quite enjoyed it. This guy is a
great guy and has been involved with so many things over the years,
from being on the Johnny Carson show doing juggling through today
where I met him because he's one of the coaches in one of the
programs in which I participate. Very, very great guy, and we're
going to talk more with him about the whole sugar thing.
Barry
I wasn't famous for a long time when I first tried this and then
then it started, like, wow, he's still doing that, you know, the
Curiosity started then I wrote a book about it and got on TV shows
as fast as I wanted to dial-up and call-in or fly-in and be on
Morning News. There's a call for it. It's a curiosity, but soon, it
will be something that we must study.
Craig
Yeah, I think it's going to be common sense a few years from now.
We're speaking with Barry Friedman. He has written a book, and I
want to get into that. Now. I'm glad you brought it up. It is part
of the 30-day exercise that you discussed. There's a plan in there.
Why don't you tell us a bit about the book? I found it over on
Amazon. Easy enough to find, and what's it doing? How's it going to
help people?
Barry
Yeah, you know, this book is it's very non-scientific, and I, my
buddy, Penn Jillette of Penn and Teller, the taller, bigger-half of
Penn and Teller, He lost over 100 pounds on it. He wrote a great
book called presto, how I lost 100 pounds. He's got an excellent
subtitle for it, but his first line in the book, and I'm one of the
few people in the world that can jump on to his tagline. If you
take diet advice from a juggler, you're an idiot, because that's
what he wrote in the book. I wrote the book really from just a
perspective of a guy who did it. A guy who, you know, I traveled
around a lot. I did shows for 34 years. Ted conferences, TV shows,
I was around a lot of delicious sugar, and I used to love it all.
From 2012 on, no added sugar, anything. I tell stories about that
journey. Some substitutions we can do, where it starts, what it
does to us. Some challenges you may come across, and then the 30
days is walked through very scientifically. I ran an online program
for five and a half years and helped thousands of people do a
30-day challenge. What that gave me Craig was a massive database of
where people are on day one, day two, day three. It is a traceable
spike. I mean, you can see some of the most dramatic days of my
life. And you know, it's, I call it in the book ground zero-day for
ground zero it was crashing. I remember lying on a massage table.
Tears are running down my face. Not because of not having sugar,
but I knew that moment was a turning point. My wife as she was like
holding me down deep massage as hard as she could just get stuff
moving in my body, but I was I felt like it was the door of the
threshold into a new life. I think if I would have folded at that
point, just grab something I wouldn't have just gone back to going
past that day. That was when everything changed. So we in the
community, we often talk about what's your day for, and sometimes
it's a day for other people, but there is a time when we need to.
That's the hero's journey part. That's where you grab the mystical
apprentice who goes with you and the mentor who goes with you and
walk you through dope. If that helps, I would love to walk you
through that. Visa v the book and we have a Facebook page with the
how 50-60,000 people on it who have all dabbled in some realm of
it, and it's a movement. As I said at the beginning, we will soon
look at this the same way we now look at tobacco, no doubt about
it.
Craig 3:55
The book is called "I love me more than sugar." Barry Friedman is
the Author, anything else you'd like to add here? Barry, before we
go?
Barry
Oh, I would just love to tell everybody that if something in this
conversation spoke to you, I trust it. Don't question it. There's a
fight or flight reflex in the brain that a little gland, that small
almond-shaped gland whose job it is to take us away from scary
things. If something touched you before, it has a chance to go
through that part of the brain, a chance to tell yourself that
there is a time for doing this. Know that sugars not for
satisfaction or completion. It has never put through that kind of
test. It's always about getting more. Like, I said, we will look at
this as a real downfall for society. It got added to everything,
and it became routine. As Craig said, we began hearing commercials
about how we owe it to ourselves how we deserve this. So I trust
the gut influences the gut instinct. If you heard something and
take a chance,
Craig 4:53
I put a link on my website as well obviously to this interview, and
you mentioned a Facebook page. What's the name of that group? Or
that page?
Barry
Thirty days sugar-free, but the last 30 days sugar-free Facebook
group. We post some stuff in there from time to time.
Craig 5:10
All right, and it's a community, and I think that's something that
can help.
Barry
Yeah. Boy does it ever. It is easy to feel alone in this stuff.
Craig 5:16
Yeah, exactly. Especially in this day and age again, Barry
Friedman. I love me more than sugar and 30 days sugar-free. Look it
up on Facebook. I appreciate you being with us today.
Unknown Speaker 5:28
Thanks so much, Craig. Thanks for what you're doing. Bye-Bye.
Craig 5:31
Hey, as I said, I hope you enjoyed it. Barry's just a great guy.
It's a lot of fun chatting with him about what is going on out
there. What he's been doing, and he's done a lot, right. I think
the most exciting people, frankly, are the people who have done a
lot of different diverse experiences in it, and it helps us help
you helps me just overall. All right, so we got a couple more
things we want. To cover here today, one of them is the liability
here on cloud services. We'll get to that in a little bit of
business. Ransomware, I think, is an important thing. We'll be
talking about that and big tech taking advantage of our kids. But I
want to kind of continue with this theme. Barry was talking about
sugar, and I know that you know, some diets w for some people,
they're not great for others. If you have diabetes, of course,
getting to getting rid of some of the sugar can be problematic,
right? You know, I was a volunteer in the ambulance service for ten
years, and I quite a bit of advanced training and everything else.
When called to the scene of a diabetic emergency, we would
administer d-50, which is 50% dextrose to diabetics who were out of
it, then take the blood samples and stuff so they can spin them up
in the lab quickly when we got into the hospital. You know,
probably if someone has a diabetic emergency that you got to get
some sugar into them right away. So getting rid of sugar is a
difficult thing for a person with diabetes. I have, as I mentioned
before, on the show, I have been focused on intermittent fasting.
It is effortless to do. I've been following a doctor up at the
University of Toronto, Dr. Fung, who has several books out on the
subject. Before I started this, I read at least a half a dozen
books on intermittent fasting. There are so many ways to do
intermittent fasting nowadays. You want to go 12 hours a day, at
least without eating. And that's not hard when you get right down
to it. You know, think about going to finishing dinner at six
o'clock or seven o'clock at night. And then not having any snacks,
not eating until six or 7 AM. The next day, there's your 12 hours.
And then the other thing to do with intermittent fasting is never,
ever, ever snack. Now you can have dessert if you want, you're
going to have ice cream, cake, pie, you can have any of that stuff
that you might want to have, but have it with your meal. Don't wait
an hour before you have dessert or two hours or more, have it right
away. What you're trying to do is control the insulin levels. Now a
better way to do it is what's called 16-eight. That is instead of
12 hours of no food at all. You can have water, you can have clear
liquids, obviously no sugar, and you go for the 16 hours. That
means if you stop at 6 PM by 6 AM, your 12 hours and you want
another four hours left, so let me know You could eat at 10 AM. Or
if you finish your meal at 7 PM, which is the latest, you should
finish eating. That means you could eat at 11 AM The next morning.
You might have a skip breakfast again, no snacks, just black
coffee, or tea with no milk. And then you, you have your lunch at
noon, and then you have your dinner at four or five or six o'clock.
Whatever works for you. You will lose weight, and you will get
healthier. If you have diabetes or have other medical issues. You
want to talk to your doctor about it. But this can cure type two
diabetes, just intermittent fasting. But the whole sugar thing I
think is something any of us can do. Even if you can't fast. Hey,
Craig Peterson here, WGAN stick around. We got a lot coming up.
Yeah, we're back into tech in the next segment.
Hello, everybody, welcome back, Craig Peterson here. I hope you're
on my email list. I want to keep everybody up to date. We've got
some training for you guys. You're the Calvary, right? You're the
people who come in to help fix the problems with small business
computers. Maybe you're responsible for them. Perhaps you're the
owner of the business, right? You're responsible for making sure
that everything's running right and for choosing the right
technology and stuff. I appreciate you all being with me. I have
some specialized training coming up for you as well. But you need
to be on my email list if you are going to find out about those
pieces of training. The way to do that is just going to Craig
Peterson dot com slash subscribe. Of course. Peterson
P-E-T-E-R-S-O-N. Just like it sounds, Craig Peterson dot slash
subscribe, and you'll get my weekly email outlining the most
significant threats that are out there right now. All of the
articles that we talked about in the show, and more. Plus a few
more that I just don't get to that are essential. People love it.
We get an excellent open rate, some of the best in the industry.
That's how good this newsletter is. And I provide it for free. And
I give a lot of these pieces of training, absolutely free. All of
my tutorials are available on my website as well at Craig Peterson
dot com. I built the technology behind some of the biggest
organizations websites in the world. And yet mine is very sad.
Okay, I have to get my act together. Oh, well, there's always
something else to do. Right, just the cobblers kids. Well, let's
get into ransomware because it is on the rise again. But let's
start with a little history because I think this is cool when you
get right into it. There is an article that I started reading over
at CSO online that reminded me of it, and you'll see a link to it
as well on my website at Craig Peterson dot com and in this
morning's newsletter. Hopefully, you got that. But it started this
ransomware thing back in 1991. There is a biologist who was doing
AIDS research, and he was kind of upset that other people who were
also researching AIDS, were getting more notice, and he wanted more
credit than he was getting. He started sending out quote, AIDS
research quote, on floppy disks via US mail back in 91, to other
aids researchers. It had a piece of malware on there called PC
Cyborg Cyborg. It was the first ransomware that we know of. Isn't
that something, right? It was these researchers who were competing
with this one researcher. The next big one used encryption was back
in the aughts. Back in the mid-aughts, Bob 2005, it was called an
Archie vs. It used encryption and was defeated. You can find its
password over in Wikipedia even nowadays. Now, in 2010, we started
seeing the series of what are called police ransomware packages.
And they were warnings from law enforcement about victims of
illicit activities and demanded payment of fines. So this was a new
generation of anonymous payment services that they started to use
to be able to better hard payments without getting caught. Of
course, this was some of the Bitcoin and some of these other types
of services. that allows you to send money, semi-anonymously.
Remember that right it is not anonymous, the FBI and the Secret
Service have worked together to arrest people who have been using
Bitcoin illegally for, you know, these types of anonymous
transactions. There was a new trend that started to emerge, and
that was cryptocurrencies. Other than the legal activities that
occurred that drove up the price of cryptocurrencies. Which were
artificially high begin with, the other big drive for
cryptocurrencies, has been ransomware. People need to pay ransoms,
at least they want to pay ransoms. How do they do it? Well, that's
what the criminal started to use. Extortionists just absolutely
love them. Why? They are designed to be relatively untraceable, and
relatively anonymous, right? So they started shooting their demands
to other currencies. It's also nice because then they don't have to
worry about, well, what's the value? In France, it's a euro, or In
Britain, it's pound sterling, the US dollar, Canadian dollar,
Australian dollar, know the value. cryptocurrency is pretty much
flat, no matter what currency you're using. These attacks started
shooting up about that point in time. But as of a couple of years
ago, in 2018, the ransomware boom seemed to be on its way out. The
hackers had found other illicit ways that people were using to snag
Bitcoin. One of them is still in use today, and that is to have
something on your browser that starts to use your browser to do
Bitcoin mining for them. Okay. They were also looking for bitcoin
wallets, Cryptojacking became very popular. It is something denial
of service attackers have been using for years. They gain control
of computers without their users or owners of the computers
knowing. Cryptojacking ransomware decline, but cryptojacking SHOT
UP 14-15%, so they're using your electricity, they're using your
computer to have this whole, you know, the whole thing of having a
new mind for Bitcoin. And of course today and it's not just Bitcoin
and other cryptocurrencies. But today, many of these
cryptocurrencies, it is costly to do mining, because most of the
coins are gone. That's part of the reason they want to use your
computer, but even then, the payback isn't as big as it used to be.
So now we're starting to see two big drivers behind this massive
surge recently in ransomware. So the First has to do with the vague
guarantees of the cryptocurrency pricing. Many of the
crypto-jackers. We're using the victim's computers to mine this
open-source Monero currency. However, Monero prices have been
dropping, and Bitcoin prices have dropped dramatically as well.
Although now with some of the real viruses, like the Covid-19. Some
of them are going up because people are moving their money into
gold and some cryptocurrencies. Monero prices have started
dropping, and the bad guys are starting to realize that mining
cryptocurrency is not going to be as rewarding as ransomware.
Attackers had already compromised the victim's computer with Trojan
downloaders making it easy to launch a ransomware attack when the
time was right.
It took them only about a year 18 months to make a U-turn. It is just fascinating when you get right into it. We've seen a lot of them over the years, and now they are attacking businesses. They've always used this kind of spray and pray tactic of trying to send out this ransomware to as many computers as possible and as many people as possible, hoping that we are going to be successful without a significant return on investment. They've been going more and more against or against us by going directly right using phishing, spearfishing techniques, and other types of targeted attacks. So let's take a brief look here at some of the most significant attack methods that are out there. Sam Sam is number one right now is started appearing about five years ago is ramped up. These may go even higher. High profile ransomware, like Sam Sam, has been used to attack the Colorado Department of Transportation and the City of Atlanta. Atlanta was hit multiple times by it, talking about incompetency. Numerous health care facilities, hospitals. This is ransomware as a service, where people are designing the ransomware they're selling it to anybody who has the money, and they even provide tech support for people who get the ransomware. Isn't that just amazing? Originally thought to have Eastern European origin, now it's going wild in the US. We've got some Iranians who are claiming to be involved with it as well. We got right, pure locker many more. So be careful out there. Ransomware is on the rise. And backups aren't even successful in protecting anymore when we get back we'll talk a little bit about that. And of course, a whole lot more so stick around. Craig Peterson here on WGAN.
Hey, welcome back, everybody, Craig Peterson here on WGAN online. Of course, Craig Peterson dot com. Hey, I want to finish this up this whole thing with ransomware. It's on the increase is a huge deal, not just for businesses. Frankly, it's a big deal for all of us. Then I mentioned just as we were going out in the last segment, that ransomware, it used to be that you could just make sure you had a good backup. If you got nailed with ransomware, all they would be doing is encrypting all of your files on your computers is spreading. Of course, that's a major headache if you have good backups because, at that point, you just have to restore all of those backups, and that can take days, depending on it is all set up. You know, when we set it up for some of our larger clients, we set it up with our equipment on their site. That way, we can get them back online within hours, if not within minutes, right, which is what you need. So the time had a backup that was offline and off-site, and multigenerational would protect you from having your files encrypted and losing them all. Nowadays, ransomware is a little bit different. What it's doing is the first thing is it gets installed on your computer, unbeknownst to you, right? And you wouldn't install it on purpose. And it spreads between the computers, any files it can see. It then allows a remote operator someone to get on, or it uses an automated system that looks for files, and things would be valuable. So spreadsheets and searches through your Word docs and other stuff on your computer. It seems in your cache history on your web browsers in case you're using cloud services, and it tries to find things in there that are going to hurt you the most. The remote control then allows a remote operator, who has now had a look at some of those files to say, hey, I want to dig into this a little bit more. And he'll hop on your computer and look around and say, oh, okay, yeah, I'm going to get this file, upload that file. All of this is happening, and you have no idea. Your firewall is only protecting stuff from coming into your network from the outside. Once it's in, it does not do anything about files that are being exfiltrated. Those that sent out from your system. We do that for our clients. We watch all of the data going out, anything that shouldn't be going out. If it has private information, social security numbers, if it has customer numbers, if it has bank account numbers, all of those we can recognize, and we stop it immediately. We stop it right away and preventing data from exfiltration. We just had that happen. Just a few weeks ago with one of our clients, they had data being taken out of their computers because someone had been trying to steal it. Many times, that's one of your employees, okay. They then have your data in hand. The ransom at this point is, hey, and we have your data, we have your customer list, we have intellectual property, we have data that could hurt you if it were released, pay up sucker.
And if you don't pay up, that data will then be released to the internet. That's a terrible thing, at least in my book. If it gets released to the internet, what happens is you will lose face as a business. You can probably lose customers. You could face fines and penalities if that data is personally identifiable. So that's the difference between older ransomware and current ransomware. They'll still encrypt all of your data, they've poked around and uploaded it, they'll get you one way or the other. Either. They're going to hold a gun to your proverbial head and threaten the release of your data, or they're going to have it encrypted. At that point that if you don't pay up, they are going to release that to the internet. So there you go. By the way, misconfigured clouds cloud storage is a huge problem. We've seen so many security breaches because of that over the last years. But I want to point out two more things here before we go for the day. One is, all of our businesses today are tech businesses, no matter what. Some companies have realized that even though you have a physical presence, like Barnes and Noble, they had to compete in the online world if they were going to survive. Walmart's done the same thing. They've come to realize that if they did not, basically go after their brick and mortar business and go after the online market they would be out of business. That is what they've been doing that right now. They have become a real threat to Amazon. Like it or not, companies who are in business in five or ten years from now will understand they are tech businesses. They are going to be defensive when it comes to cybercriminals, but old offensive in the way they pursued technology. So this is going to make you break their business. I had to bring it up. We have a great article online from Outlook business.com on my website at Craig Peterson calm about this, you have to protect your assets, and your assets have to become more digital than they've ever been before. And I want to go on now to something from Ars Technica. And this is something that I've talked to school districts about before because we have had numerous school districts. In New Hampshire, they're called SKUs. These are kind of super districts that are In technology trouble, I've been a keynote speaker before at some of these events for school districts, and it's been really interesting to me to really get in and help them out, Help Help them examine what it is that they have, how it's, you know, he it may be good enough, it might not be good enough. But right now, there are some lawsuits out there. And this is one of the articles I was talking about this week. And we included in our newsletter this week as well, because Google is now facing some lawsuits from State's attorneys general, and specifically this week, New Mexico Attorney General. His name is Hector Balderas. Has filed a lawsuit alleging that Google has been collecting and using the data of school children in New Mexico in violation of the children's online Privacy Protection Act (COPPA.) Also, New Mexico's unfair practices act. Now, COPPA says that these companies cannot collect the personal data associated with children under the age of 13. It covers websites, apps, digital platforms that collect this data from younger users have to have a privacy notice, and explicitly, parents must consent for any collection of the data.
You might remember a scramble it occurred some years ago as online websites who had games for kids and things right, that some of them were just teaching games, some were evil. These online websites collected the data of our children, and it was a problem for them. Well, now, since Google has been in this game and winning in so many areas, they become a target. You might know I'm a big Apple fan, right? Particularly, if you listen to the show a little bit earlier today, because basically, Macs, I should say, macintoshes are immune to the type of malware that Windows computers get almost every day. Well, the same thing is true for iOS. Apple's trying to get iPads into schools because they are secure and easy to use devices. I use them every day myself. My team uses them. Kids just know how to use them. Google introduced a whole family of software that can be used by schools for kids. Just think about the standard Google stuff right where you've got Google Docs. You've got Google Sheets right there, and you've got spreadsheets that are easy to use, easy to share. You've got, you know, a document editor, kind of like Microsoft Word that's easy to use, easy to share. Many schools are just using that underlying platform to have assignments go out to the kids, etc. Pile on top of that Google Chrome, and Chromebooks, which are quite inexpensive. Chromebooks are a fraction of the cost of an iPad, even with Apple's educational discounts. All this is getting them in the hands of kids. In New Mexico and other places, these school districts are using some of these platforms that are explicitly designed for use in elementary and middle schools by school children. Google is providing the platforms, and then Google is providing the operating system. These Google Chromebooks are great devices. By the way, I have nothing against Chromebooks. The main problem is that all the data about you and your children are going to be collected. That means sensitive information such as geo-location, your browsing history, search histories, viewing histories, contact lists, saved passwords, voice recordings, and other behavioral data. Okay, no matter who you are, and that's what New Mexico is alleging here, tracking their student data like this without the parental consent is not only illegal, it's dangerous. Now, Google is claiming that New Mexico's claims are factually wrong, adding that it allows schools to control access and requires the schools to seek parental consent. Google's not asking for permission doesn't know if it was given. Google further said, quote, we do not use personal information from users in primary and secondary schools to target ads. However, they do collect it. That child's data might be used when the child is a little bit older. Think about that for a few minutes. Here we are as adults, hopefully making informed decisions about what data we're sharing. But our kids are not. As they get older, that data that was collected about them before they were of the age of majority before they were 13 years old, can be used against them. Hey, guys, I want you to make sure you get my tutorials you get all of my newsletters and keep up to date and all this stuff. So make sure you subscribe right now. That is the end of today's show. Go to Craig Peterson dot com slash subscribe. Your listening to me on WGAN and online Craig Peterson.com slash subscribe. take care of everybody. Bye-bye
Transcribed by https://otter.ai
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553