Most people I encounter talk about their fun with ChatGPT, and I can relate. Type “Write a Valentine’s day note to my lover who likes (activities). I’m attracted to their (attractions) and want them to know (details).” Keep adding details. And, of course, you can say, “Make it rhyme” or “write it like Shakespeare.” You’ll have a smile on your face.

Be sure to select “New chat” whenever you change topics. After you get a surprisingly fun Valentine’s message, open a new chat to ask, “Remind me of the Excel formula to return the first twenty characters of a string.” ChatGPT remembers conversations in chat segments, so avoid mixing topics to get the best results.

AI has given a new meaning to the term Virtual Assistant. Sometimes I compose long email messages and want to shorten them. I first compose the message with no sensitive information, give it to ChatGPT, and say, “Write this shorter.” It is stunning how capable it is at combining sentences and summarizing ideas while mostly keeping the whole meaning. Sometimes it elaborates and incorporates new ideas into the message. I find that amusing and occasionally helpful. I must re-read the output carefully and often make changes since ChatGPT is not perfect at knowing precisely what I mean, but for long messages, it sometimes helps me make them concise, saving the recipient time.

Do not be duped – AI does not know everything and can accidentally produce inaccurate information that sounds very convincing.

When I hear people discussing the risks of ChatGPT, they usually focus on students using it to write their essay assignments for them. They have not considered more severe concerns. If you are interested, search the web for: chatbot ai can be used to create ransomware video.

Fortunately, ChatGPT is implementing safeguards to help prevent malicious use, and there are ways to trick it. Values and ethics vary from person to person, and some people, or governments, might feel justified in using AI to help create weapons, influence elections, or help them with strategies to harm.

Before his death, the famous physicist Stephen Hawking warned that AI could “end mankind.” Elon Musk has donated millions of dollars to OpenAI but intensely voiced concerns about the dangers of AI.

Some of our clients now block access to ChatGPT on company networks and devices. Some won’t.

Please forward this to your friends so they will consider the risks and enjoy AI-related fun. ChatGPT is impressive, and the business world will never be the same.

The post Cybersecurity Concerns and Fun with ChatGPT appeared first on Foster Institute.

In North America, System Intrusion (Now up to 80%) attacks surpass Social Engineering (down to 20%). System Intrusion is when attackers gain access to networks, plant ransomware, establish remote access, and otherwise compromise data and processes in a network.

90% of system intrusion attacks in North America were performed by threat actors external to the company. But the 10% of internal attacks highlights the concern of insider threats. Insider threat is when someone working for an organization accidentally or intentionally gives attackers access.

In North America, the motivation for attacks are:
For financial gain: 96%
Espionage and spying: 3%
Grudges and anger: 1%

Of attacks in North America, 14% were caused Primarily by Cloud Security Misconfigurations, highlighting the need to ensure IT professionals are familiar with the complex security settings related to cloud services. An excellent resource for Microsoft Cloud Security is https://learn.microsoft.com/en-us/microsoft-365/solutions/setup-secure-collaboration-with-teams?view=o365-worldwide#securing-teams-for-sensitive-and-highly-sensitive-data

To see statistics in other parts of the world and overall, you can find the report at https://www.verizon.com/business/resources/reports/dbir/

The post Short List of Essential Cybersecurity Statistics Exposes Attackers and Can Help You Secure Your Systems appeared first on Foster Institute.

An exception will be if you feel held hostage by them, or if there is some other outstanding reason they’ve failed you. Yes, we’ve seen horror stories. In those extreme cases, the executives had already decided to fire their outsourced firm.

When we perform cybersecurity consulting, unless the executives ask us to approach it differently, we give the outsourced firm the benefit of the doubt that their intentions are always to provide you with the best service possible. If we encounter a grave security mistake, that’s one purpose of the audit – for us to catch things like that so your IT providers can fix it. We almost always find at least one gaping hole, which is our specialty. After all, third-party IT companies are responsible for many aspects of your IT operations, while our focus is cybersecurity. Once outsourced IT firms realize we’re there to help and not replace them or their services, they relax, welcome input, and ask questions about the best way to protect you.

If you move to a new provider, there could be a steep learning curve before they can serve you at the same level. Keep in mind that your IT provider is already familiar with your systems and understands the unique challenges you face. Unless their turnover is high, the professionals that serve you know your team members and maintain a friendly, professional working relationship with them.

If you consider changing providers because some well-meaning person says you have the wrong brands of products, find out if their personal bias is evidence-based. If the specific solution your provider prefers meets all the functionality criteria, it is almost always best to allow your IT Professionals to select brands and vendors they like. They typically prefer particular brands and solutions for important reasons.

For example, their engineers might be most familiar with Cisco, Juniper, SonicWALL, WatchGuard, or one of the many other firewall brands. Most brands, if configured properly, will serve you well. As with automobile repairs, you want a technician familiar with your car’s brand. If you ask your outsourced IT company to support an unfamiliar product, you’re putting them in an uncomfortable position. They want to consistently produce excellent outcomes for you, and if you insist that they support a brand they are unfamiliar with, you could be setting them up for failure.

Your outsourced IT firm almost certainly has you set up with specific vendors for your anti-virus, anti-spam, backup solution, etc., because they have automated tools that allow them to monitor and manage your solutions. That efficiency of scale facilitates them taking optimum care of you. Deviating from their standard brands creates unnecessary expense and frustration. For this reason, if you do decide to change providers, prepare yourself for needing to replace some of your software and hardware to conform to the new IT provider’s preferred configuration.

If your provider is too slow to respond, perhaps they’re understaffed but have an expedited service option you could invest in to get priority access to their best engineers. Or maybe they have a different brand or product solution that permits them to use streamlined tools, but you’re still using products a previous IT firm installed.

Without knowing the brands you are using, I cannot say if you’ve got great ones. I can share that most brands have excellent products and solutions that work well when appropriately configured by knowledgeable professionals who’ve proven their proficiency by earning certifications on those brands.

Executives sometimes ask if they should seek a cheaper provider. We rarely see third-party IT companies overcharging for services. They are aware of the competitive nature of their business. Consider how much it would cost you if all your systems were down, and the investment you pay your IT support firm is probably worth it.

Yes, your IT provider might be priced higher, but consider their level of professionalism too. Are they quick to reply when you need them? Do they fix issues the first time?

It can be an excellent sign if you feel you don’t need your provider because you never have any problems. That can indicate that your IT firm is taking such good care of the inner workings of your systems that everything runs smoothly for you. If you did terminate your IT provider, things could start falling apart slowly, without being observable, until everything stacks up to the point when you suffer a disaster.

If you wonder if they are competent, consider asking them for a list of certifications they’ve earned from Microsoft, Cisco, or the brands and technologies they provide and support for you. If they’re not certified, encourage them to take the training and pass the tests. Certifications often involve significant expense and time, so don’t expect them to earn the credentials overnight. Passing the certificate will be a breeze if they’re already knowledgeable about the products they support. And during the training, they might find new ways to help your organization without you needing to buy more stuff. Everyone benefits.

Your firm may not have top-level cybersecurity certifications. Cybersecurity is a complicated and rapidly evolving field that requires intense specialization. We never have expectations that third-party computer services companies know everything there is to know about cybersecurity. We expect them to be open to cybersecurity recommendations. We’re thrilled to discuss and answer their questions as they tune the solutions from brands they sell and support.

As cybersecurity advisors, it is rewarding to see and facilitate, if necessary, our customers strengthening their relationship with their MSPs and other third-party IT firms. Sometimes it is a matter of us helping you identify the pros and cons of the add-on cybersecurity packages your provider offers. Or, if their package isn’t the perfect fit, sometimes you can negotiate the offerings to get the best solution.

Please forward this to your friends if they wonder if they should change to a new outsourced IT consulting firm. As long as they’re well-staffed, competent, and professional, there are many advantages to staying with the company with whom they have an established working relationship.

The post Reasons to Keep Your Same Outsourced Computer Consultant or Managed Service Provider appeared first on Foster Institute.

Delete your third-party apps. You can always reinstall them if you decide to use them. Your phone and tablet are more secure the fewer apps you have. Most people only use 20% of their apps.

On an iPhone, press on the app’s icon and hold your finger down. Follow the prompts to remove and delete the app.

In Android, there are a few ways to delete apps as described in this article: https://www.lifewire.com/delete-apps-on-android-phone-5271421

Please forward this to your friends, so they know to delete old applications too. If they’re waiting for something anyway, it will make the time pass quicker, and they’ll be more secure.

The post The Next Time You’re Bored or Waiting, Delete Some Unused Apps from your Android or iPhone appeared first on Foster Institute.

A young adult received an extortion email claiming to have taken humiliating photos through his laptop’s webcam. The message threatened to send the images to friends and relatives and post them on social media. The youngster felt so distressed that he took his life. All people, including young people, need to know the risk, and please spread the word.

The letters are almost always fake. Executives call us after receiving similar messages. You will know the extortionist is bluffing if you keep your camera covered.

Even a non-technical person could spy on you through your computer, laptop, tablet, or phone, by running typical remote access applications or launching web meeting programs in the background without your knowledge. A bad actor could use advanced techniques to spy on you by remotely activating cameras, and they might disable the camera indicator light.

The most significant danger of covering your camera on a laptop is that if your cover is thicker than a piece of paper, your screen might crack if you stack something on top or compress the closed laptop. The thinner the camera cover, the better.

If you want to use the feature that adjusts the screen brightness based on the ambient light around you, consider using a translucent cover but be sure it blurs the image enough.

You can purchase re-usable peel-and-stick covers for cameras. Remember that sliding covers are risky for laptops and tablets that close. You could trim a part of a sticky note to be your cover for laptops and desktops. Avoid anything that will leave a sticky residue if you peel the tape off later.

If it is impractical to cover your device’s camera, at least check the privacy settings on your phone to control what apps can access your camera. A cover is more secure.

Remember to cover webcams built into some monitors, video game consoles, VR headsets, televisions, and other devices when you’re not using them.

If you have been thinking about covering your cameras, but have not gotten around to it yet, today might be your day. Please spread the word that the extortion letters are almost always fake, and covering a camera is a way to remove all doubt that an unauthorized person took pictures or recorded videos of them. Ensure that youngsters know too; you could save a life.

The post Tell People about Covering Cameras, and You Might Save a Life appeared first on Foster Institute.

To help protect yourself, when you search, click on the organic search results rather than the ads. That behavior can be safer if the advertisers are bad actors trying to lure you to a malicious site or download.

Malicious advertising is not limited to search engines. Advertisements on websites can be just as dangerous. These attacks are called malvertising and trick millions of users each year.

Please forward this to your friends so they know online advertisements, even search engine results, might take them to dangerous sites that attack their computers. The sites could offer downloads that, while the programs might seem legitimate, are tainted executable files infested with malware to attack their computer, encrypt files, steal their information including keystrokes and passwords, and provide remote access to unauthorized bad actors.

Note: We are not endorsing or advising you to use or not use OpenOffice. We use their name as an example because this incident is a current event. This does not indicate that OpenOffice is hacked; if anything, it suggests that the program is attractive enough that users eagerly seek it. Attackers use many famous brands and products. Being selected as a keyword can be flattering. Malvertising is unrelated to companies having security weaknesses.

The post Beware: Attackers Place Malicious Ads at the Top of Search Engine Results appeared first on Foster Institute.

What he is experiencing is a common ploy. The bad actors probably didn’t hack his account, and I’m sure he reset his password just in case. The chances are that they don’t have any pictures. They certainly don’t have photos if whatever they claim happened didn’t happen.

The bullies are adept at social engineering, and their goal is to be terrifying. They’re incentivized because they make more money.

They commonly send information to make their messages look legitimate. They find passwords on the dark web and send those, where someone works, where they went to school, date of birth, and the names and ages of family members. That information is often easy to find, and bad actors having those details doesn’t mean they hacked an account. Often the entire information gathering process is automated. https://fosterinstitute.com/why-phishing-messages-contain-such-accurate-information/

The best thing is to avoid communicating with the bad actors and act like you never receive the messages. The bad actors will pick on someone else to try to get money from them.

I wouldn’t be surprised if he starts getting email messages from them.

Do this now: Be sure none of your email programs displays graphics or images when you open a message. On your iPhone or iPad, go to Settings > Mail and turn off “Load Remote Images.” If you don’t see that option, look under Settings > Mail > Privacy Protection > and choose “Block all Remote Content.” In Outlook, select File > Options > Trust Center > Automatic Downloads and choose: Don’t download pictures automatically. Note that the setting can move around, but a quick search engine search for “how to block email tracking” and the name of your device or application will produce fast results. Take similar steps for every device you use to check your email. This step will usually prevent the attacker from knowing you opened the email message, but you must change the setting before receiving the message.

Cover up the cameras on your computers, tablets, and phones if you do not use the camera often.

If you do receive one of these messages, print it out and save it in case you need it for evidence in the future. Do not forward the message unless you are confident that the transmitted message contains no graphics.

It is up to you to decide if you want to warn family, friends, and everyone else in your address book in case the attacker follows through with their threat. Reassure your contacts that the contents of the message are false.

Make a detailed log, and make copies of all email messages, phone calls, and text messages you receive from them. Submit a complaint at ic3.gov. Contact the police if you fear that your life is in danger. If the email message came from Gmail, notify Google, and they can investigate.

Visit www.haveibeenpwned.com to see if there is evidence that your password has shown up posted on the dark web.

Reset sensitive passwords and enable two-step verification on websites where you log in. Be sure you are current on all security patches on your devices.

Please forward this to everyone you know so that they will prepare for threatening social media and email messages.

The post Watch for Threatening Email and Social Media Messages Saying You’re Hacked appeared first on Foster Institute.

They called the emergency support line and followed the representative’s instructions to install a program that gave the technical expert access to the computer. When the tech support person asked them to log in to their bank account to confirm a $1 charge, my relatives knew the whole thing was a scam and hung up. They’ve decided to throw away the computer and get another because they don’t know what else the program did to their computer. It probably included a keylogger that would capture their username and password when they logged into the bank so the bad actors could log in too. It might have included ransomware and likely a backdoor so the attackers would have continued access to the computer.

Her relatives are knowledgeable people who know to be wary of computer scams. But the alert screen was so convincing that they felt compelled to call. The bad actor posing as a support agent was highly skilled at social engineering. These people are artists at tricking the savviest users.

This is a way to protect your users without preaching to them. Tell them this or another story of a tech support scam. Please forward this to your friends and encourage them to share a story as a simple way to remind their workers to be wary. You might have an even better story to share!

The post Tech Support has been Helping my Relatives, and How to Protect Your Workers appeared first on Foster Institute.

• If your network firewall supports blocking data traffic by country, restrict all connections from all non-essential countries. You might need to allow traffic from specific addresses if one of your providers has a data center in another country.
• If you use Office 365, configure Conditional Access by Country to only accept users logging in from countries where your users will be when they access Office 365. You might need to upgrade your O365 license to enable conditional access by country.
• Configure firewalls on your websites and web applications to only accept connections from countries where you do business. Before limiting countries, ask your web developers if they use tools hosted in other countries. You’ll need to allow connections from those specific companies; else, your web application might malfunction.
• Block your users, in case they get fooled by a fraudulent email message, from accessing websites in countries and categories except those essential for business. When you configure web content filtering, you might be surprised to find out that some of the sites you use must connect to other countries to work correctly. Your team can allow those specific sites without enabling the entire country. Be careful not to overload your IT team with this recommendation.
• If you haven’t already, be sure to implement multi-factor authentication for your VPN, Microsoft Office 365, your privileged user accounts, social media accounts including LinkedIn, and anywhere attackers could inflict damage if they gain access.
• Shut down any unnecessarily exposed ports on your firewall, including remote management. If you must leave ports open, filter by the source address to prevent connections from anywhere except authorized static addresses.
• Configure your spam filter to block email messages from all countries except for those from which you wish to receive messages.
• Implement the email protection features SPF, DKIM, and DMARC to help block fraudulent emails and messages that someone tampered with. There are services to help IT departments accomplish this.
• Discuss Distributed Denial of Service (DDOS) attacks with your Internet provider and web hosting companies and ways they can protect you in case an attacker floods your network, your phone systems, or your websites with so much traffic that it shuts down your systems.
• Uninstall all the programs you do not use. If foreign attackers take over a software company, as they have recently, you won’t be affected if those programs are not installed.

All of these are in addition to the other protections you should already have, including double-checking that all the critical security updates from Microsoft and your browsers are installed on all of your systems, using anti-virus and Endpoint Detection and Response tools, making sure no users are local administrators to make it difficult for attackers to install malware on their computers, using application control, and other recommendations you read in these blogs.

Alert your users to the heightened threat and tell them to be wary of fake news. Remind them never to enter their usernames and passwords when prompted, no matter how convincing a site appears. If they read something that seems scary and instructs them to do something urgently, they must pause before acting. They should ask the IT department if they have the slightest suspicion. If they spot something fraudulent, you might tell them to send an alert to your other users to know the message is fake. They should remove links before they forward the message.

If you have an on-prem Exchange server, attackers will target the server relentlessly. Immediately ensure the Exchange server is patched with all critical updates. Be sure your firewall is configured to block all traffic except specific IP addresses. Talk to your executives about fast-tracking your migration to hosted Exchange if migration is possible.

While the following won’t prevent an attack, you want to be prepared:

• Confirm that the backups of your cloud data function correctly in case attackers delete your Office 365 or other cloud data and render the cloud provider’s backups useless.
• After ransomware attacks, many organizations’ executives are shocked at how long it takes to restore. Be sure your whole disaster recovery process is quick enough to meet your return to operations (RTO) requirements. You might prioritize which services need to be running soonest and make recovery point objectives (RPOs). Practice restoring and measure the time it takes to restore and recover.

Make contingency plans for what you’ll do if the power goes out for an extended time. Consider how you’ll respond if you’re unable to use your online banking. What is your plan if one of your vendors or SaaS providers shuts down for an extended period? Make contingency plans in case your Internet Service Provider goes down. What will you do if fuel becomes unavailable as it was to some regions after the Colonial Pipeline attack? What if your shipping companies cannot deliver packages to you or your customers? Should you take out enough cash to make payroll for your next pay cycle? Planning for these and other risks will allow you to have systems in place in the unlikely event they occur.

You can find additional guidance at https://www.cisa.gov/uscert/ncas/alerts/aa22-011a

The post 10 Things Every Organization Can Do Right Now to Protect Themselves from State-Sponsored Foreign Attacks! appeared first on Foster Institute.

Once attackers gain access to a network, before they make themselves known, they explore your files to

• Locate cyber insurance policies to determine what your coverage limits are.
• Find financial statements to determine how much ransom you can afford to pay.
• Look for the most sensitive files they can download and threaten to release if you do not pay them.
• And watch to see if you’ve discovered, or suspect, that they’ve gained access to your compute

Do you have folder names that contain these letters in a row?

bank
Bank*Statement
budget
HR
Insurance
IRS
password
SSN

See below for the complete list of 123 groups of characters.

The security group MalwareHunterTeam obtained the Pysa ransomware operation’s attack script and shared the list with Bleeping Computer.

Hopefully, we don’t reach a point of needing to name folders, not using descriptive names, but the names of sections of parking lots at major amusement parks. A better strategy is to do everything possible to prevent the attackers’ access. Rather than terrify you, use any concern you feel to redouble your efforts to implement robust cybersecurity controls, including but not limited to:

• Utilize application control features of operating systems. Consider Microsoft AppLocker but consider keeping the implementation less complex by not verifying hashes.
• Apply critical security updates to operating systems, applications, and infrastructure devices such as firewalls.
• Eliminate local administrative rights for all users.
• Have both online and offline backups. Offline backups are disconnected from your network so that if an attacker gets into your network, they cannot alter your backups.
• Even though it can be a monumental task, practice a complete system restore into a test environment so you can rest more confidently that you can get your data back in the event it is encrypted during a ransomware attack.
• Use a two-step login feature for online programs, VPNs, and remote desktop connections.
  If you still have a local Exchange server, migrate it to Office 365 ASAP. Exchange mail servers are the target of successful attacks.

Please communicate with your IT professionals and support them by providing time to focus on implementing security controls. Help them with automation and delegation of daily tasks.

Please forward this to your friends, so they see this example and appreciate the level of sophistication of ransomware tools.

Here’s a full list of text the ransomware program will look for automatically in your folder names:

941
1040
1099
8822
9465
401K
4506-T
ABRH
Addres
agreem
Agreement Disclosure
ARH
Assignment
Audit
balanc
bank
Bank Statement
Benef
billing
Brok
budget
bureau
card
cash
CDA
checking
claim
clandestine
compilation
compromate
concealed
confid
confident
Confidential Disclosure
contact
contr
CPF
CRH
Crime
DDRH
Demog
Detail
Disclosure Agreement
Disclosure Confidential
DRH
emplo
Enrol
federal
Finan
finance
Form
fraud
government
hidden
hir
HR
Human
i-9
illegal
important
Info
insider
Insurance
investigation
IRS
ITIN
K-1
letter
List
Login
mail
NDA
Numb
Partn
passport
passwd
password
pay
payment
payroll
person
Phone
privacy
privat
pwd
Recursos Humanos
report
Resour
resurses human
RHO
routing
RRHH
saving
scans
sec
secret
security
seed
Signed
sin
soc
SS-4
SS#
SSA
SSN
Staf
statement
Statement Bank
studen
SWIFT
tax
Taxpayer
Terror
Transact
unclassified
Vend
W-2
w-4
W-7
W-8BEN
w-9
W-9S

Source of the list of filenames, used with permission: https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after from https://twitter.com/malwrhunterteam

The post Attackers Scan Your Network for These Folder Names appeared first on Foster Institute.