Aug 8, 2020
Craig discusses the Future of Cybercrime and Why it might already be here.
For more tech tips, news, and updates visit - CraigPeterson.com
Automated Machine-Generated Transcript:
[00:00:00] I can't believe it's been an hour. Hey, we're going to talk right now about the futures, biggest cybercrime threat. And guess what? It's already here.
Hey, you're listening to Craig Peterson. I really appreciate you being with me and I enjoy being here on the radio. You can also hear me during the week, so make sure you listen to morning drive time. Those appearances as well.
Well, we're going to get into really the future here. What is the future? What does it contain? It's a crystal ball, right? Well, in reality, there is no crystal ball, but this is a great article that I want to review with you guys. It's from a site. Called dark reading. And if you are someone who is involved in cybersecurity, it really is a must-follow site. There's just so much great stuff in here, [
00:01:00] but this is about the future of cybercrime.
And what does that mean? So let's, uh, I'm going to kind of zoom in a little bit here on this, so you can see it on the screen. If you're watching this in the video, um, Bottom line, the bad guys are paying a lot of attention to what we're doing. They're paying attention to what the FBI is doing, what cybersecurity professionals are doing.
What's being done also by the businesses out there. The responses. To these crimes. And sometimes they'll even get really advanced and start poking. And see if you notice we had a law firm, a big law firm, one of the biggest in the state and they reached out and we went in and talked to them and said that, well, they said, Oh, we're all set.
We're all set. Right. Which is what we hear every time. And yet we've never walked into a business that was really all set. Right.
[00:02:00] So we were working with our, it people, their security people. And we said, Hey, is it okay here? Let's just do a test. If can I try and drive a freight train through your front door and, uh, do a little bit of a white hat backing here.
And they said, yeah, absolutely. Let's have a look. Let's see if, if our security provider even notices. We drove, not afraid train, but I am a multitude of freight trains, including cross Continentals. Through the front door. Uh, and guess what nobody noticed it, nobody noticed at all, because we went back and talked to them and, uh, Dick, who was the guy we were dealing with there, who was our it, the head of it said, yeah, you know, we didn't get any calls.
I said, okay. So that's great. Let's get down to work here. We'd be more than glad to clean things up for you and have a look at what you got and maybe help backfill a little bit. And.
[00:03:00] No, no, there's no budget for it. You're only a loft, right? With w with incredible amounts of PII. Plus all of the case histories, we, we had another small, this was a one-man practice where someone had.
Paid to hack into his computers. Uh, apparently his ex-wife and she charged it on his credit card. So that's part of what we're going to talk about here right now. We've, we've all known about the fake news and the propaganda that's going on and sometimes see something new, but you know what it is, it's not that much different from what had happened with the Nigerian scam, right.
Although. They were just broadcasting to everybody trying to get somebody to bite today. It's the same thing but refined it's refined down to what we call phishing or spear-phishing attacks. So as they're saying right here, they are growing
[00:04:00] in sophistication. They're looking to focus on what works best and when it does work best.
Now, this is the part that I think is very, very, very. Concerning to me, and it should be for everybody else. And that is that you can get hackers for hire. How long ago was that law? That small law firm, about two years ago. Um, and back then, I think it was 50 bucks and fed, uh, that was paid on this lawyer's credit card by his ex-wife that apparently was for hacker services.
Well, now they're way more complicated and professional. So. The hackers start now at $300 to hack an individual for $300. You can have a person hacked and get at their data. And in the case, so the small law firm is a one-man operation. They ended up deleting.
[00:05:00] All of his court documents that had to be filed, all got deleted.
Any pictures of his kid got deleted or, or his ex-wife got deleted. That one. It's what they do. And union 300 bucks. Yeah. Yeah. Deal. Right. So when a young adult over in Eurasia can get $7,000 per month. $7,000 is enough to support a family in many of those countries for a year, a year. Okay. That's how much money they can make so they can get $7,000 a month.
By conducting cyber extortions sound like a big deal to you. What's cyber extortion while it can be a number of things nowadays, again, they just refine the techniques. Ransomware has been around a long time, but it's still refined now. So extortion could be something as simple as old fashioned ransomware, where they encrypt all of
[00:06:00] your data and then they demand money from you.
To get your data back. And according to the FBI, the odds are about 50% that you'll get all your data back if you pay the ransom. Okay. So the odds aren't that great if you do pay so on the other side, Uh, if you don't pay, what do you have to do? Well, you have to restore from backups. Did your backups work?
Will your backups take months to download? Because it's up in the cloud somewhere. Most backups take at least a week to download. And does your backup provider have the option to put all your files on a hard disk and ship it to you? So that you can now restore those files. Right. Uh, and so the other way they're doing extortion is failing, pop up.
This is so clear are so refined, right? They'll get on your machine and they'll take control. No, no, no, it's not. It doesn't mean that they're controlling and your
[00:07:00] mouse and your senior mouse move when you're not expecting it and things type being program's coming up on your screen. No, they do it in the background.
So they will install are basically a remote control. And then within a couple of weeks, weeks, one, or their people will hop onto your machine and see what files you have there. Now, if there are great financial files or maybe there are designs of intellectual property, maybe there's personally identifiable information of your customers.
They'll say, Oh, okay, well, this is actually pretty good. And they will upload all of those files. He'll grab them off the machine. Now there's still a copy on your machine. Your machine's still working really well. There's no problem here. And then they will pop up a message for you. Kind of like a ransomware message.
It says if you don't pay up. We're going to release all of this data and they'll give you some samples of some of your data, right? And
[00:08:00] so people start freaking out. Well, there you go. That's another example of cyber extortion that's happening right now. So these guys and gals over there they're in Eurasia can make almost a million dollars a year.
It's readily achievable. According to this article here, and I believe it over on dark reading.com. So it's a very, very lucrative proposition because if you make a million dollars in those countries, you, your family, your extended family is set for maybe the rest of their lives, certainly for a decade.
And you're just a rich American who cares, right. If we steal that money from you. Now it goes on to talk about the weakest link here. Okay. And they talk about the human firewall. I refer to where right? You've got hardware. Do you know what that is? You got the software, you know what that is? You've
[00:09:00] got firmware.
Which is software that's embedded in the hardware? And then you've got wetware, which is us, right. Mostly water, as said, in, in that star Trek episode, right. Bags of water, I think is how that alien referred to us. So we're wetware and we are. The biggest problem. In many, many cases, remember we went through the statistics from IBM on attack vectors and compromised passwords and usernames compromised accounts were the number one way to get in.
And also the most costly when it came to a breach. So these phishing attempts, which again, think of the old Nigerian scams, how they've morphed today into a, it's a note from Bank of America telling you that your account has been frozen. You need to click through and do an update or. Very recent here.
I've been getting these for the last few weeks. It's a note from
[00:10:00] Amazon saying that your prime membership has been suspended because your credit card didn't work when it was charged. And if you want your prime membership to continue, you have to go onto their website. No, no, no, you don't type it in, just click this link, right?
Those efficient attempts. Now the shocking part of this is 70 to 90. Percent of these successful breaches come from. Social engineering, phishing attacks, one type of social engineering. There's a number of others. What just happened to Twitter, where Barack Obama was telling you to send him a Bitcoin. So send me a thousand dollars in Bitcoin.
I'll send you back 2000 as part of payback for you, right? Because you deserve that money. And it was, I think over 120,000 toddlers people sent this hacker. Well, how did they get in. How'd they get into Twitter to take over all of these big accounts, big named accounts?
[00:11:00] Well, they use social engineering.
They called on the phone and they got people inside Twitter to believe they were from it. Very very big deal. So the criminals have a lot of ways to do stuff. They've got a lot of tools. We're starting to see artificial intelligence. We had another one called vishing and this was an interesting one that happened over in the UK.
They were owned by a German company and they got a phone call from the owner. There's a German company. Right? I think it was supposedly the CEO and he told them to wire some money over. And this is the amount. These are the account numbers. The voice was entirely generated. It was not a real human being.
Okay. So we gotta be careful here. There are so many examples of it happening, but we'll see what happens with five G coming down the pike here.
We're really starting to look at the internet
[00:12:00] of forgotten things. How many pieces of the internet of things hardware do you have? That you've forgotten about how many of them have patches available? How many of them ever had a single patch available? Have you been patching your light bulbs, people? Cause that's what it comes down to.
Alright. Stick around. We're losing some stations. Now either's going to stick with us, make sure you visit me online. So you get all of this stuff. Craig peterson.com/subscribe. I love to hear from you and try and keep you a little bit up to date on the goings-on.
Take care of everybody. If you're leaving, have a great week.
Hey, you're gonna have a great week, even if you're not leaving and we will be back after the top of the hour.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: