Livestream: Cybersecurity Awareness Month Tips | Facebook

Malwarebytes
Malwarebytes 2.2K Views
  • 0
  • 0
  • 62

Join us at 10:15am PT time today for our livestream on Cybersecurity Tips in honor of Cybersecurity Awareness Month!
Alright, hello folks, I am add a director of malwarebytes labs here at malwarebytes' and today we're going to be talking about um basically cyber security awareness month which is this month. Alright. Uh in cyber security awareness month every single week has a theme and at the end of something involving cyber security. Basically, so take a look down here at my chart or my whiteboard of of amazing niggas and you can see that we've got a list. It out the first week that somebody messing around for me and I do apologize it's probably Our uh, our guide, josh camera man and producer um anyway so the first week is to make haven your home a haven for online security and by the way you can go on our blog and and, basically find out about all of these different uh themes and we have links back to the blog post that would be very useful if you wanna try to share them and educate your friends and family so on we to the theme is millions of rewarding jobs, educating for a career in cyber security week three it's everyone's job to ensure online safety at work and week, for safeguarding the nation's critical infrastructure so we are going to be talking Think about just week three it's everyone's job to ensure online safety at work and that is absolutely true and so to do that we're gonna be talking about quite a few different topics here, including uh you know basically, why these attacks happen uh. What you could do as ache accompany to secure so you security data security systems, new end points as well as secure your employees so Why, why do these attacks happen. Why are businesses targeted at all for cyberattack so this seems like a really simple question to answer and it is it's because this is our first of all network. You got a whole lot of systems combined together, making attacks really effective when you're able to actually breach the network and traverse through it there's, some more money to be taken basically uh for the intellectual property, user, credentials, things like that can be started from companies if that data is leaked or stolen somehow Often times you've got kind of the um the double side of you. You got more security in general release. More resources for security for businesses because they have the team security teams. You know they have to protect this stuff. Um or as a consumer, wouldn't have that particular uh resources available to them. However, they're only looking at one computer so a kind of flaw in this is that, yes, we have better solutions for security if your business, but there's more things to monitor and therefore more opportunities for bad guys to somehow break in so Next up, let's talk about a few different attack types. Um and how to protect against them so number one we're. Gonna talk about cloud based attacks So what does this mean. Cloud-based attacks, while there's a lot of different terms that you can use for this kind of stuff, but in the basic sense of the word, any sort of cloud services that you utilize at your business in order to get your work done um this could be anywhere from like dropbox or box or any sort of file storage cloud file storage system, social media, some method of communication remotely there's a lot of different tools out there that uh that lots of people from sales to marketing use in order to get their work done and this most of the stuff is cloud based so you can access it from anywhere now that makes a whole lot of sense from security Point of view and early productivity for security point of view, maybe not so much because bad guys are completely aware of the issue. Right now. Um of a lot of a lot of people utilizing these services and if you're going after an Organization you're gonna wanna try to get them to give you chills or access to those cloud services or use those cloud services in order to actually do the attack so what you can see from the cloud Attack would be simple things like spear fishing Ugh getting an email from from the provider asking for a password reset um maybe even um files to be downloaded and this is this is common malicious spam stuff it's not entirely outside of their own possibility. You must also have social engineering issues as and you might get a phone call from someone claiming to be uh here. We go claiming to be um someone from from eight particular cloud service, saying hey you need to reset your password or your bills. Do blah here is to make be completely aware of these threats and know how to deal with them so in order to protect yourself From these kinds of threats, we recommend, first of all, any cloud service to use used two factor authentication. The big old to pay okay now that is so important and you know what a lot of services these days don't offer. This more and more are which is great. You know our services fantastic into back authentication is fantastic. So you gotta phone you got anything like that. You can use in order to have additional security, added to your account if you are company that has Has access to cloud servers and your employees do as well make sure every single one of them is allowed to use two -factor authentication. Otherwise and makes it really juicy target the next thing is kinda limiting the access to what information is available to who um back when I worked for the government is something that was just common place but today and in corporate America and you know you often see things like anybody having access to whatever they need and that makes sense, especially if you're a small Organization, but the larger. You get the more you have a section to stay the more you have to limit the access that everyone has um because the data becomes harder to attract harder to keep you know, secure um so Recommend that if you don't, if you have 15 employees who do not need access to all of your customer, uh billing information, maybe don't give them access to it. Um because anyone of those employees could get compromised and then there account access can be used in order to steal that data and finally, encrypting krypton crypto mean there's lots of other things. We could help you could spend an hour talking about how to stay safe from this kind of threat um. We gotta move on, but for the most part encrypting, if you have a password manager, if you have a cloud service that's backing up files, encrypted all of it um make sure you use ones that use heavy and corruption that even the creators and the owners of the The business that you are using of the actual cloud service cannot access it. Um. There are few services out there that claim they can do this so I would recommend doing your research. I'm not gonna make any recommendations. Um, but as long as you find the provider that in crips and they can keep these things secure, even from their own employees, then you're good so moving on from talking about cloud attacks and this actually doesn't completely move on because we're still gonna be talking about malicious spam here and uh. what Family is for those who may not know it's basically, phishing attacks talking about how we get emails that say we're from this we're from that um download. This file click on this link, give us your password. Let us, in fact you were actually very friendly. People that's is email say or businesses. You have the unfortunate side effect of not of dealing with both the kind of spam junk that a lot of users get and have a lot of distributed like it and lot of different kinds of ransom ware in the Past um but you also have to worry about spear phishing e-mails so spear fishing for those who don't know he is and I do apologize for my terrible handwriting. I'm not a doctor but I should have been um so spear fishing basically is, is like regular fishing plus something that is the more learning something that is personal so it will put plus personal info And this isn't necessarily have to be personal info I've seen cases where spirit phishing attacks have been for pay increases for the year holidays Etcetera, um once again, I apologize for my terrible handwriting. There you go all in the oven of the things like that stuff that really someone sees on Al email and they're like wow, I wanna look at that right now. Um so it could be that, like I said the page chart for next year. What do you making next year, especially if you're working in the government and you got this regular pay scales um. You can do the same thing with tax documents. You do the same thing with uh you know hey everyone please to this click this link here in order to get a free or for the company or something like that um the possibilities are really endless and attackers utilize superior fishing because it makes the attack see more Legitimate okay, they may come from a source that you recognize they may be talking about a topic or subject that you are interested in or currently working with or on um and so by taking advantage of that, it obviously makes it less of an effective attack against the wider. You know trying to cast the net, but it makes it far more dangerous attack when you're going after an individual or group of individuals and a lot of this information is used um in the spirit phishing attacks isn't just pull out of the air. I mean social media uh other documents the website itself uh of the company could be another another Way in which these attackers are getting information, um if you take a look at your corporate website, how many emails are on their you know. I do a search for the top the top people in your Organization on just on Google are on whatever search engine you wanna use looking for their email see if it pops up anywhere because then you'll know that's out there and if it's out there than bad guys can find it and they can target that email um this is how a lot of or and Co fraud happens we're. There, like ugh hey, we have a wire transfer Please approve and it turns out sending thousands of dollars to an attacker. This is happening few times to different organizations over the years so how do you stay protected or how do you keep your network protected from uv from malicious females. First of all, you're gonna wanna make check to see is the send your address even correct okay double check that if you think it's coming from Tom Jones at yahoo dot com, then you need to take a look and say wait, is that actually Tom Jones at yahoo at Tom Jones dot yeah dot or some Something is totally possible. These days and I hope I'm not getting anyone ideas but really possible to to craft these kind of email addresses that looks so legitimate and so real. But in reality, are just scams. Um second you wanna see do I even know the sender okay. If this is coming from your boss and now you're gonna think you know, on but if it's coming from you know, jesse out in our do you know jesse uh do you know anything about them it's sometimes it's was just reaching out to the people who you think are trying to reach out to you and confirming that they want something now. This is obviously a huge pain. So there should be other things that kind of raise your suspicion. You shouldn't have to call every single person sends an email to you So the next thing to check for is any embedded links that are weird okay so what is that mean. Let's go to our our wonderful whiteboard or I can show you my elegant handwriting and so uh let's say you've got an email message right. Let's just say this. It high, please click for money. I'm e'en they're far more sophisticated than that, but I don't see if you go back in time they're not all that different and this Is the link okay so you just hover over this link with your with your mouse and on the bottom. Usually you can see you know what's the worst that trying to go to the guy that's. Why I go to domain bad guy dot com um so yeah you hover over this and shows you all I'm going to bad guy dot com. I don't wanna go there now. This is kind of a simple example. What if the same thing happens However, in the market for this, it says some some random link like uh. I don't know a be slash bobble so I mean that, regardless is all looks legitimate and it's still a link okay so so that the attacker expects for the user to go and click on this thinking that that dot com is the actual domain awards going but if you have it over this it would still point back to bad guy dot com so always check links before you click on the inside of an email. They don't happen often enough to be an issue where every single second you're gonna have to be checking links, all you have to do is hover over them and it will give you Some idea where it's gonna be going, you don't recognize the domain. If the email says that is coming from the legitimate service but the link says something else don't trust it may be talking security person moving on uh the other thing you need to look out for is basic things that you see and a lot of phishing attacks this is spelling errors. This is um you know weird grammar other the way that the punctuation even even the spacing of documents um honestly For the last two years, a lot of things have become incredibly sophisticated, incredibly realistic. I've seen phishing attacks look exactly like you would see from an official um Organization coming from an email that looks incredibly official and the only way I knew that it was not legitimate was because I hover over the link and it said something other than what I expected and I mean that it's that difficult, sometimes and then. Finally, like I said before, just kind of realized that most services out there um most companies, organizations, things like that, especially if they hold on the sensitive information, like banks, um they're not gonna just reach out to you and say Please reset your password for no reason they usually will send that kind of email. If you requested and then the email itself will say if you didn't request this, please click here and you know maybe somebody's trying to break into your account. Um so just double check you know it's it's worth taking. Some time to just make sure that you're not gonna be clicking on or entering credentials for anything that you aren't hundred percent sure is secure so let's go ahead and move on let's talk about instant messaging, security now uh I'm in all this stuff is kind of outside of the realm of what we normally talk about, but in reality, if you're thinking about businesses, you think about operational security. You're. Gonna wanna make sure that excuse me, you don't want to make sure that everything from not just you endpoint but also how your employees communicate with each other, are secured and that means that using some kind of you know over the counter um not encrypted and secure messaging app is not ideal if your primary method of communication between your employees is like a is a cell phone call or text message. Those things can be intercepted. Those things can be collected Not just by government organizations and whatnot but by actual attackers, they can clone your sim card and actually pretend to be you in some cases so you need to go a step further than that. Alright more than text messages um. There are lots of apps out there that utilize and anti corruption um. There are being what's happens, one that I know when I use uh I know there are other ones and probably far more secure ones as well, but that was gonna be easy uh so make sure you're gonna. You know, looking to those um in addition to that the actual devices that your employees are using to communicate with each other like their phones. If you have the resources for it Provide company owned uh phones or or devices of any kind. You know that way you can ensure that these phones are up to par as far as security goes up. They have their latest updates. They have all security software. You want, on them and they're only used for official use okay so it's less likely you're gonna see a bunch of games or things like that popping up on these phones. I mean, if you do have, of own policy, that should probably be on their do not install games so another To worry about or think about when it comes to this kind of an encryption communication stuff do your employees, even know the importance of this. Um. It could come down to them not realizing that it just by texting someone the password for the account number for your company's Bank um. They are potentially putting your entire Organization at risk because that information is not very well secured so make sure that you communicate with your company with your employees and tell me Importance of making sure you use some kind of encrypted messaging service of being careful about what they write and what they send to each other and then of course, I mean this is kind of outside of, of the scope. A little bit. But at the end of the day, um we want to worry about what they post on social media, as well. Now you shouldn't have to go out there and assign someone in your Organization to just keep it in everyone social media, but to spread the education that social media can be used to extract phone numbers in some cases to extract emails to extract um relevant and meaningful Data and information about you or your Organization that continues in the spirit phishing attack um so this kind of education is really important for our users, not just about how to use the secure apps. But why, as well with the importance of of it, it it is so uh I've talked about staff training when it came instant messaging and stuff. I mean this. This stuff is just really important, just to kinda finish off this topic. It is incredibly important because of not just the high amount of workers that we have these days A lot of people on the go. I mean I work out of our headquarters here at malwarebytes, but I'm traveling a lot and I'd have my phone with me. I need to communicate with my team, members or or my boss or anything like that on the fly and while I'm flying sometimes um so it's it's just incredibly important to know and spread the information around about the amount securing this kind of communication and then finally the last thing I wanna talk about as far securing things go our remote workers because we already Remote workers now many of you probably have no idea but I work, promote um for five years for malwarebytes okay and that was a challenge and it's own okay there's lots of ups and downs there's lots of benefits and drawbacks to working remotely it's a whole different kind of you know mentality. You have to have in order to be an effective worker in that kind of environment, but some of the biggest obviously assholes and issues with having working workforce is the That you got this information that has to be publicly available. Basically anywhere in the world. Okay that some organizations that they only have all these stuff inside a single building um or a single data Center or something like that. They can control access to that information. Um farm or securely because they can't physically keep it off of the Internet and just have it only accessible from their internal um network or cnn or something like that, and in a lot of cases, organizations do that but more and more we see people heading toward the cloud security thing so it's kinda all wraps around to what we saw before and I'm Picture about it so the cloud security just re cloud it's a terrible cloud. I'm so sorry, it looks like a nose. Um utilize here we go so we've we've got the issue of having remote workers so, let's just have this guy he's, a remote worker. How do we know he's a remote worker because he's not wearing any pants and everyone knows that we're all workers don't wear pants othe. This is The common truth, um so these guys are gonna be accessing the cloud services. The bad guys and it's just as happy face, unhappy face right here mean guy, he identifies that he sees that this is happening and then the sends out ac beer phishing attack against your workers and you know that's attack. Let's just make it like a email looks like an email here with unhappy place um so they send us phishing attack to your network to anyone else and make up your person and may come to your local person. You know, look at person right here thinking they're totally secure And safe on the corporate network, they have nothing to worry about. You, just rainbows and sunshine um. They get this phishing email they see it and are like oh oh, I guess this is important because I need to connect to this cloud service so they provide their credentials or they give it up some of the attackers on the network now the attacker having using this person that happy anymore and very sad uh rainbow is gone and reading rainbow so uh so this guy now he's he's Acted uh your corporate network is infected and now this guys email account to send emails to the rest of the company right and these are all just methods of spreading them. Our spreading the threat around see what other access it has one of these e-mails comes back to this remote dude is completely unaware of anything going on locally. You know they may have informed uh is this gonna be like hey ice oz, something to the team the team is still investigating. They haven't sent out any kind of message sorry there's. My own happy The hacker ugh they haven't found the message is something that the news about this particular threat spreading is not something that um that everyone's gonna get immediately. So this do things that's. So legitimate email from this guy and he clicks it which then answer is another another bad guy who's able to break into the network or another endpoint that's compromising now. This guy start sending out emails etc, etc um or text messages or or something and you're, not sure where it's coming from you're, not sure if it's legitimate but regardless this is kind of how it all happens, this is one The way that a lot of this stuff happens, one second folks make sure that you lock your computer is often as possible. Um make sure that your time out for locked in your computer happens. Uh probably uh after a few minutes of inactivity and if it especially uh business computer, is something make sure you have passwords on it. That you have to unlock the computer with the password other it's kind of out of what we're talking about, but since I had to unlock my computer right now it's probably gonna share that information with you um in in the lightest sense of the Word I've seen people utilize someone's unlock system to Santa fun email or do something silly the more likely and less less funny side of this is that if you leave it unlocked computer it's like you know your desk is close to be in the front office door or something like that um. You don't want anyone having access to your system and if you keep it on lock that just gives them access. They want so just fyi keep it locked so uh How do you secure this remote workers well. I'm in the whole point really is that you first of all of the and I'm, as I mentioned before using or some sort of service that can help put your um remote employees onto the corporate network so they can access secured and physically. You know, secured servers and tools and things like that is, is really important. I mean we do that here. We've been doing that since day one um next, you know there are a lot of benefits to this cloud services, especially for most people, so make sure that all those guys they're using to you know they are aware of all these threats. They need this education as much as anybody else Another thing to worry about when it comes to remote workers is making sure that they are physically secure as well. Um most people don't think about this. You think well that computers out there in the world, obviously it's if I have no, if I use the right cloud services it's going to be secured and it will using the right software it's gonna be secured, but at the end of the day, uh how many of you have heard about a few years ago some some person working for the government left their laptop in there. Your car and it got stolen and that laptop had millions of records from the Personal management, um including probably mind and so that that that's how silly is that you know. But think about it. You know you've got a home and your home office is there isn't secure enough. Do you have locks on your on your office doors. Do you put your laptop away at the end of the day where you just leave it there. If someone breaks into your House will be able to steal your equipment will be able to access any of that data. You know so think about that kind of stuff, especially for about worker um and I think you know, as much as safe as you think you are in your own home the reality is that this is valuable information has Regardless if it where it is, if you lived at the bottom of the Sea in a bunker, was still say lock your computer, you know used two factor authentication and make sure you have physical security on on your devices. So, let's stop talking about attacks and started asking questions of ourselves. Okay first of all, we need to security stance if your Organization that does not have security stance here's how you make one okay here's the disease the questions you need to ask and answers you need to get so you can start working on one From a business standpoint, what are what are the big questions. The first one being what needs protecting right. Do you need to protect your database of user credentials. Obviously do you need to protect your database of funny gifts. Maybe not uh so knowing exactly what information is is out there and what information needs to be protected more than others is first place to start alright, secure those user essentials secure that confidential information um more so than anything else okay at the very least, even if you do get Aged usda bad guys gonna have a hard time breaking through that security. So let me let me do a little picture. This is, I really like this topic. Personally and I'm not sure how much time we have left uh. We have anytime left or if anyone's, there watching but I hope you are so this is a concept that I haven't played in awhile, but it is incredibly important here's your network okay, let's, let's say here's, your personal info right here this is this is the data that she wanna secure, secure Neither okay and this is sitting on multiple this is sitting on right at this moment. Let's say in this theoretical explanation. This is sitting on a bunch of servers, just follow servers. Okay generic file servers, fs. They have basic security, but this database were this file. Is also on the same thing is like I said the gifts or maybe birthdays things like that. I mean Something that is really important. Okay so one of the bad guy attempts to break into this network, whatever method they use they go straight here they breaking the spell server suddenly yeah. They don't need that. Yeah. They don't need that and we take your secure data okay so this is this is an issue um that is easily fixed, want maybe not easily, but can be, and this is how you do it okay. You got start off with the bad guy right here. Mr bad guy we're face tries to attack a network okay. Now, your network doesn't look like that For your network doesn't just have a single file server or anything like that. You've got multiple okay so here's like the Web server that say they use a sequel attack and and somehow break into your Web server and then are able to traverse through your internal network. That way um or to your boarder rutter and uh into the network so this is the network Okay now, if the user are at the attack are once they gain access to whatever is out there. The base now we're going to make this kind of this is the network. This is all the connection here are devices on the network needs your computers and laptops. Our phones and this big one right here is a file server okay. This bulbs candle on this page and I apologize see slip so the style survey. It has the gifts. It has the birthdays. You can make another file server Over here and this has other information that really isn't relevant to you know, holidays things like that, something is not proprietary information stuff that doesn't need to be secured. Now where is your secure information at this point and how do you users access it. While your secure information, let's say it's off of one of these notes here where you've got you guys getting to see that kenny maybe anyway you've got an additional file server that's connected to additional security, like another route or or fire Wall or something In an behind this, this is it this is a gate okay. So you're users in order to access this and access this information need to use two factor authentication. They need to use up all kind of stuff that may possibly required in order to gain access to this file server of secure data set that um so the attacker after they break into your main network. They see you all that's out there and you know this point. What are we gonna. Do. This in the syllabus information they're gonna try to get to this data, but it's gonna be a lot harder with this Layout that would be with the previous one and in many cases, bad guys, are after the low hanging you know they want the easy attack and they're not going to to put in the hours and hours or days or weeks of effort in order to breakthrough this security and get to this data alright. So segmenting your data is incredibly important when it comes to uh to keeping hackers away from it and I think that's something that a lot of organizations are still trying to figure out, probably one of the reasons that we see so many breaches uh over the last two years as Because this concept is not followed, this concept is just for in the people. Um segmenting data segment information and segmenting access it mean this is all sounds like it's real uh overly paranoid stuff, but at the end of the day, would you rather be the person who's overly paranoid right now and make sure all the data secure and our customers are happy or be the guy who doesn't care about security right now and then has to deal with it in a rush after all, these customers have left because they left. He. Let us data vanish right theory breached um What kind of damage could the threats do that. Some of the question we have to ask ourselves. You know if you get breach visit what's the fallout from this particular kind of attack. Um and do I have the right technology, protect my data so at this point look at the potential avenues of entry for, for your Organization is a three users is it through your border rounder or your Web server um are you running a database online. Is there any access at all into your internal network from the outside and if there is, is it monitored isn't secured um so actually identified what You need to be secure what could happen that day to evening attacker gets their hands on it. Then you have to decide uh you do you have the right to protect that data and then finally, should you expect your employees to help you out in mitigating those risks. This is this is an important concept to because, like I said, we we talked about malicious email. We talk about spear fishing um and social engineering in general, but it's the primary method of spreading our of these days is to basically, instead of breaking through the security of a network which sometimes is easy because of vulnerabilities or miss configured servers and things like that but most of the time it's through the bad guys where to send an email to one of your employees and your employees click on the link or opens file game over Okay so including your employees in your security plan, is just as important. Alright. You can't just have your your five. It guys. Are too security people or whatever you have as the only people monitoring and looking out for attacks every single person Organization. Today needs to keep an eye out for those things and hopefully, some of the stuff that we mentioned when talking about um about how to recognize the malicious email will come in to play so let's ask yourself, some technology questions. what area of my security posture not well protected so like I mention before you, you need to identify what they don't need to be secured. How to security etcetera etcetera, but is there anything else, is there any other way to get into your network. Do you know hire a pen. testing Or do your own audits or something like that, make sure that the least open. I guess the least obvious entry in your network is closed because, like I said bad guy say they like the low hanging fruit and if they see that you haven't updated your uh, my son be server so you can hit with the internal blue exploit or you have vulnerabilities and that you have impacted your secured in some way and attackers easy to install samson ransom ware I'm e'en. This is kinda stuff happens. All the time um and do you have the right tools to Due to the police protection is another thing as well, so asking yourself all of these questions and getting answers to the released for yourself before you, even go to the point of looking for security vendor to help you out. Is ideal because then you can go to them. You can say this is why we need to protect these other tax. I'm worried about can you help me with that and a vendor can comeback and say yes or no or whatever they say, regardless you know what you're asking um and then. Finally, just a couple of quick questions as to the severity of why you need to do this. What could the damage to my reputation for my company for my employees are my employees, aware of this You know are you doing enough to spread around information about threats that maybe targeting your employees, especially for whatever industry you're working in Iraq or just general kind of security, information and do your employees know how to avoid these threats. Now I covered a lot of stuff here. It was very fast obviously, but invest in your employees getting some kind of security, training, even if it's just like a monthly uh email or computer based training or something that our video that they have to watch and just say yes. I'm aware Of these threats exist, I am aware of how to identify them and I will do my best to stop them and I mean that's all you can really ask the people right so, let's that's wrap all this up here. That they told my producer lily wants me to wrap up um first of all attacks are gonna constantly involved, evolved and and that's uh oh never gonna change um, as the security industry does more to protect users the bad guys do more to attack users or come up with new methods of attack and, like I said before the primary method of spreading is through email which requires a heavy amount of social engineering requiring the users who actually believe that something that legitimate in order to infect their own network um so educate It is so vitally important today and tomorrow, when it comes to this kind of threats and then, if you can, please share this video with your friends and family like you know, like I said this is cyber security awareness month and malwarebytes'. We we call ourselves champions of this cause because we think it's so very important to bring awareness um so please share this with you can't anyone you can and uh and if you have any other, you know, questions yourself, please write them in the chat right now I'll be Doing a little bit of q and a season and I'll see what I can do, but um in the meantime, I mean thank you guys for watching so much and please like, I said, spread this around uh. If you guys like to see this kind of content. Please also comment that ugh on our on our facebook page twitter, whatever you want, please educate us more adam and I will be happy to do that for you guys so question time can actually protect you from malware now. This this is a claim that I've heard alot from alot of different places I know that they're kind of having a big time right now, as far as selling goes um a lot of the videos that I watch on We're commercials that icu something like that often times some and service will come up and saying we can protect you from now where we can solve the security attacks early cyber attacks so there is some truth to that and then there's, not okay first of all, of does one thing and that allows you to basically connect through a tunnel to another computer pretending to be someone else okay, like you know the looking through, though what is it that some wonderland story uh through the looking glass right it's. It allows you to enter a state where your traffic is not monitored because somebody thinks you're. Someone else most of the time okay Some of up especially public ones may not be that secure uh even the tour network it's so people know that there are notes set up in order to monitor activity and track who's, using them. If they can um and the same goes with every other means um especially the public ones. You know they're used by a lot of people if you're trying to do something with them, that they may be um I'd know sensitive, keep in mind that the public addresses over the ip addresses a lot of these public are already blacklisted by a lot of services and so don't do bad things and then maybe use paid one that's what I recommend not to mention the If you are trying to hide your your presence and you don't want someone to know that you're right behind the for instance, you know we do a lot of security research. Um often times that requires us to communicate with malicious command and control server in order to get more information from them. We get more samples from them and we have to hide our presence so we use to do that um, but if the attacker was completely aware that we are using in Iraq because they recognize the ip address, they can easily just block our Attempt and we've seen that numerous times so uh but can be pins actually help you stay stay away from cyber crime and to some extent. Yes, like I said it will protect your you're. It will protect your system from being tracked. It will protect your system from potentially uh. You know navigating to actually don't do that. Alot of a lot of services. They come with things like no script. Another type of blocking tools. You may want to look into a browser that has that kind of stuff especially if you are in because that may give you some kind of false sense of security. I'm gonna up and I can't be touched that's not true. You can be you can still download files so gonna get emails all these things are still gonna happen um and if It's on of the system up and it's not gonna stop that from doing malicious things, so uh as far as securing your an anonymous entity and as far as making it so that your digital footprint is an all over the place. I highly recommend the ends um as your soul method of of protection. I do not recommend only using gives us lots of other security software out there that will do a better job. Question two is it good practice Multiple security solutions so this is kinda questions bounce around alot. Obviously, at malwarebytes' we have a time in the past. We used to say we will be the wing man of the of the products, but that time has passed. Alright. We are now it happen for awhile now pushing ourselves as a single mum, a single solution and it's not that we're a single solution that only does one thing with our products. We have multiple layers that we use uh from exploit sincere and somewhere to Web blocking to actual detecting mower on the system other's lots of different methods that we use Layered security measures that we use all within a single solution, okay, there are lots of vendors out there that may do the same thing. So if you want before you decide I'm going to load out 15 different products on a single endpoint look for us solution that has everything kinda wrapped together in the one that makes your life alot easier question three passwords is it okay to use one password for multiple log ins uh if you're talking about the one, if it's Honestly, there's something I call throwaway passwords or just whatever passwords um. If you're logging into something that requires no security at all. That you really don't care. If anyone access is sure, use one of the same password for multiple services, whatever you want, but we're email your banking you're anything else it's vital or secure. You don't want anyone else have access to use different passwords okay user pastor manager um. There is a pastor manager called one password that requires one password to log into it and that saves passes for you can help generate passwords for you. I highly recommend using a password manager At least those highly sensitive and secure sensitive and important, um websites for accessing question for how critical is it to make sure you're on top of security software updates. You know if you ask me that last year I would say you know it's important but also we decided not pushing outage uh we're. Basically through a software update, so um it's obviously difficult question ask, but as of this year, we've seen at least for new exploits for uh Internet explorer and flash and these exploits are already being weapon eyes in the wild with the few exploit kids. We actually do Selective this may lead to uh a greater amount of exploit kits in the wild and, if that happens, then yes, you need to make sure you are secured and patched, especially something's vulnerable. You know, windows applications, anything that comes to faults on the system. The operating system itself in many cases needs to be updated is there always a threat that someone has hijacked the updating process. Yes, but should that stop. You from uh from updating no okay it's possible. You can walk outside Right now and get shot will it happen. Maybe who knows, but the likelihood of it happening very little and it's more important to go outside and get groceries what do you have to do. Is pick up your kids. Uh question five, what how do I keep Mobile devices secure our their tools for that. There actually are a lot of tools out there right now for Mobile devices, including malwarebytes' for Mobile. I'm sure there's, a better name for that malwarebytes', for Mobile um there's other solutions, as well, anything that blocks scripts anything that monitors uv, four malicious traffic, anything that even even stuff that stops scam calls cuz if you live it, especially in the us. I'm not sure how it is in the rest of the world, but in the us we've just been bombarded by scammer calls This last year just all the time and then coming from from area code, so you think you recognized her phone numbers. You think you recognize kind of the same thing as the spirit phishing attack okay. I San antonio's um area code is 21 zero area code is still 21 zero, even though I live in California right um so I will get calls from a 21, zero uh the same three numbers in my the first part of my phone number and then something else and and it's it's it's a trick to make you think that this is a legitimate Ugh caller that is from somewhere you know and trust is local, is not some scammer. You pick it up it's a scammer, so uh just keep that in mind that you, that there are more options out there now for actual call blocking us of known scammers solid investigate. Those as well. What are the recommended frequency and backing up your stuff um. It depends on the stuff honestly, if it is something that is vitally important that you will seriously be unhappy If you lose back it up as often as possible, you know every day when you finish your day back. It up. Um. You know, do a check to make sure it's not infected or there hasn't been some modifications to it and you can you can upload that pretty much as soon as you're done working on it for the day for things that don't really matter, but you still be kinda bummed about if you lost like personal photos or you know, a letter email from someone, you, like it doesn't really matter um back in those things up. Maybe once every couple of weeks we're gonna be once a month you know, maybe and doing Backups for that kind of stuff rather than completely overriding these things. So there's something not gonna be changed over and over again. So you're. Gonna want anything that you do modify or add just be added. Instead of completely uploading all the files over and over and over again. What's the best way for businesses to secure the networks. I thought I just talked about that. I was the kind of the point of this whole thing um so the best way to secure the networks honestly, security solutions that you trust, education of your employees so they know what to look out for and they can help you and your immediate in the risk that you have to Organization um making sure that you do things Like segmenting data, segmenting access to data and and putting that really important stuff in a place that's even harder to get to than the easy stuff. You know, we live in a world where breaches and hacks and and things like, that happen all the time and you can sit here and still and pretend that yes we're never gonna get hit it's never gonna happen us why would it uh but the reality is that you should always act as if you are about to be attacks okay and because, like I said the bad guys are always evolving There attacks are always evolving that's not gonna change and so even if we have the top security tools and everyone is completely aware of what's going on as far as threats go a single bad. Guy who has a brilliant idea on how to completely server all of that and still come around the possibility is there so rather than assuming that your bullet proof assume that it's coming and I'm gonna make it hard for the bad guy they breaks in and you can you can set them down a rabbit hole into a server that's full of nothing but junk or something terrifying. I don't know whatever you Want um in orders, just you know kinda mess with them if you, if you really wanted to do that otherwise, like I said before to segment that really secure information onto a separate layer of security beyond the other stuff, you don't need usually as much space to do that you don't need to this the investment you want to secure your entire network for that small thing, but it would require a few extra resources, but I promise you it's worth it and then how can I protect the server from adidas attack okay, so adidas attack and that's uh go ahead and use the Real, quick, probably the last time for today I hope you guys have enjoyed my drawing and I know I'm not the best artist but hopefully I'm able to get the concepts across if you would prefer me to this use. Powerpoint slides next time then let me know so adopt attack is basically this here is a files or in the Web server ws okay um. This Web server is hosting, something important, like, like a information or banking website or a amazon paypal, whatever you want right um so if you need us attack it's Distributed denial of service the s and it's basically, when you've got a bunch of infected systems, one of us, but I four infected okay they're. All sending uh oh network, initiation to this service. So, whenever you do actually go on the Internet and and you right in your browser Google dot com, your browser identifies how it gets to come and then, when it reaches out to the Web server it says hello you know I wanna interact to see what services are cool well let's Do this handshake so we can secure uh. We can confirm that we are we are secure that we're communicating on the same level and everything like that um and then so this is called the sin And this is called for acknowledge and then the your computer sends back something else, which I know this is kinda surprising, but it's called a cynic and it basically confirms that they confirmed okay in this point be the actual communication happens between the server and your your browser uc and this is how you get websites down to your to your browser. This is how you see it. This is the basics of how a lot of the Internet works. Okay, but adidas attack. What happens Is, is that you've got this sin and it's happening from a lot of different systems. I mean more than four think about like times a hundred. These systems and you've got a real nasty hotspot net. So what happens is that the system set up these simple packets and I will initiate the conversation the Web service says okay cool and he sends back a snack and he does it for every single one, but Here's, how here's, here's, the tricky thing okay um, when the browser the actual infected system is supposed to send back to confirm that we can open up a conversation. It doesn't send back crap okay and just completely cuts off communication. Meanwhile, the Web server is, is like one let's say that these are all the slots ever has for out more communication with other services or other computer's right, all of them or filled up because all of these systems are saying hey. I wanna communicate, but they're not initiating the actual communication so it's all just kind of stalled and this this runs up the Processing speed, improving the the amount of resources being used and really puts a lot of heavy strain on the process as well as the network itself and a lot of times that results in this Web server going down crashing. Okay so that's what I did us attack is for those of you that may not have known and the way to stay protected against it the most common way is that whoever you use for your Internet router use your hosting alot of times. They have some sort of protection that and I don't remember the exact term so please forgive me, but it basically distributes the traffic coming in through multiple service okay so to show that, on here, real, quick So we've got the attackers same as before, and we've got the server right and then you just have kind of like border servers. Abe's and Web server. There you go so the 11. These attackers go to the ip address, but it gives this Web server. It comes to this guy right here this guy says okay well, you know what this is a lot of traffic is trying to go directly to this dude, but luckily we've got three or four other servers That are also waiting to traffic so it distributes this load. Two different kinds of servers and therefore the attack is not as effective and overloading one server when it's distributed through a lot of different uh different system. So this is often times a lot of ways. How it works. I know there's far more detail before you go in. There and completely yell at me about not getting this perfectly right um it's kind of the basic concept is just distributing the traffic so it's not all being done with one on one system and then What is the difference between malwarebytes premium and the free edition and how reliable would be to start recommending the products to my colleagues and friends. Um well, I mean alright first of all, the difference between free and premium is free is are pretty much are our scanner. What we call our and see engine that basically looks for any of our that's residing on the system at the moment, okay it's not a real time protection is in stop from affecting you, it is a block websites. It doesn't block, exploits citizen block ransom ware. It only looks for stuff that's already on there so a lot of people in the past have use it is mainly remediation tool but the reality is that We've got of our past that to the point where you don't need to susan remediation tool, our premium version has the exploit Nancy ransom. Ware ware protection lots of different tools lots of machine learning stuff that we're putting in there lots of developments we're doing on our detection capabilities so a lot of that is gonna be rolled out into our premium product um the engine itself and what the itself that we use between our free product in our premium products are the same engine in the sense uh. They have the same ways of looking for things in a Look for the same thing so it's not like the premium version actually detect with the free version, just pretend it does no, it does actually the tech malware, but if you want a full security scope and you wanna be able to stop the infection before it happens. Premium version is what I recommend and I would recommend to your friends and family as well um as far as reliability. I think it's pretty reliable, but I'm not really the best person to ask am I kinda bias um so yeah let's see if you have any other questions, no that's. It so folks. I really appreciate you sitting here and watching me and and laughing at my drawing capabilities Next time, hopefully I'll be a little better. Maybe I'll go take an art class, but in the meantime, please stay secure. Take the information you got from this video share. It with your friends and your family uh with with your coworkers and and try to make this this National cyber security awareness month a memorable one and one that you actually get something out of um and, like I said before we have a blog post talking about different efforts, be done in this during this month. Please check them out, check out the links we have inside of them to lead to alot of the content that I talked about today And otherwise, thanks for watching be safe, have a fantastic rest of your week and I'll talk to you next time thanks

Posted 1 year ago in Science & Tech - .