I was having lunch today with my IT partner, TC Consulting in Woodland Hills, Ca., and he gave me the “Breaking News” ~
Please do not open any emails that appear to have come from your own email. There is a ransom ware virus out today. You can click on the link below to find out more that you probably want to know.
Document1 pretending to come from your own email address – JS malware leads to Locky ransomware
Thank you Tony Clark of TC Consulting, for keeping us safe and spreading the news to my followers and you followers spreading the news to those you know to keep them safe!
Keep it real, keep it in action and keep it locked up!
Its tax season and the IRS issued an alert to all payroll and HR departments to beware of the old scheme of emerging phishing emails and the new twist is they appear to come from cyber criminal posing as company executives requesting personal information of their employees.
Criminals are focusing on payroll departments tricking people into sharing personal data, IRS Commissioner John Koskinen, “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
Spoofing refers to tricking or deceiving computer systems or other computer users. This is typically done by hiding one’s identity or faking the identity of another user on the Internet.
Here are a few examples to look for during this tax season:
- Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
The IRS has noticed an 400% surge in phishing and malware incidents so far this tax season. I recommend training, education and some more training and education be diligent and present to all your daily tasks.
Till next time keep it real, keep it secure and keep it locked up!
Has your data occurred to you like its been held for ransom? Well it might be the on going problem of “Ransomeware” not only for individuals and small businesses, it can certainly also find its way onto compromised systems within an enterprise environment.
CryptoLocker was perhaps the most notorious instance of Ransomeware – a piece of malware that would lock the files on an infected computer and demand that the end user provide payment to the operator of the attack.
The Zombie Army aka Botnet use to distribute CryptoLocker was shut down, there are similar types of malware that persist. For businesses who have a work force working off premise and connecting to work networks, there exists the concern that not just personal systems , but systems holding a companies critical data could be locked by hackers on an infected system.
The past four posts I hope have been of value and to empower your organization to take action with one of your most important creations you have built, your business! Keep it real, keep it in action and keep it locked up!
Monday ~ Monday! Awesome people we are moving into “Hacks Targeting User Data” and it would be hard to miss the hack of shhhhh! Ashley Madison website that made headlines this past summer and not to mention dropped a name or two, yikes! Then T-Mobile, Experian and VTech it makes one wonder, who’s watching the store.
Let’s consider Big Data requires new tools to filter traffic and secure networks. More then just authenticating access once, keeping track of the coming and going and any suspicious behavior.
Analyzing the anomalies in your network is highly recommend and asking yourself is there encrypted data or suspicious behavior? Who is logging in and out, what is being accessed?
Suspicious activity using a transaction monitor, SQL server logs, application logs, or network session data?
Has your server been manipulated or configurations changed. Is everything still in compliance with security policies?
Are there any changes in the infrastructure configuration management and vulnerability and is everything in compliance with your security policy?
Analyze everything, consolidate risk and protection, choose your data sources and anonymize your data traffic. These are just some of the ways big data is changing enterprise security. Keep developing security strategies that target big data weaknesses.
Till next time, Keep your eye on the store!
Welcome back! And it’s Friday, I am hopeful your week was successful and productive! If your organization is concerned about security take a look at the case of APTS – ADVANCED PERSISTENT THREATS .
APT, sophisticated social engineering – such as meticulously targeted phishing – is combined with sophisticated technological tools that can camouflage themselves on networks and relay information back to a central server in order to very explicitly fool an enterprise and steal data. According to IT association ISACA , one of four companies or 28% have already experienced an APT attack.
Internationally deployed and targeted with a specific goal in mind, APTs represent a growing threat, especially to government enterprises. They tend to go a long time without being either discovered or effectively cleaned, leading to very large amounts of top-secret data being stolen of a duration of months, if not years.
It is more critical than ever for cyber security leaders, IT professionals and business owners to have a thorough understanding of these threats, and to be prepared to quickly and effectively respond.”
Next week – Hacks Targeting User Data..
To say that data breaches are a growing problem is perhaps an understatement. The frequency with which enterprises of all sizes have found themselves targets, and victims of online criminality, has increased at a fantastic rate. From public schools, government institutions, health care, private and publicity owned businesses appear to be at risk for fraud and cyber attacks. But there is hope! Security professionals are finding ways to get ahead of the threats . The malware and the people using it are getting smarter and a new model, based intelligence, is necessary.
Intelligence on where threats are arising, their capabilities and their targets – is necessary to keep up with the threats. That is digital threat intelligence.
To keep an enterprise secure and understand the role of digital threat intelligence we will take a look at the most recent trending exploits to appear on the cyber threat landscape. Till next time lock it up and stay secure!
Happy New Year! I am excited about the possibilities and opportunities that this year will bring. There will be new technology to learn, new social media to implement and creating new marketing for our businesses.
I will be creating new posts that will be engaging, something to think about and it is my intention that you will be inspired to take action with your business that brings liveliness, growth, fun and thrive so your excited about 2016.
2016 start your engines!