Login
Can thieves steal identities with only a name and address?
In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.
If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.
With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.
For starters, this information is so general that it is of little value in of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.
For example, with your name and address a thief could:
There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:
In the U.S., the availability of such information will vary from state-to-state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit a library or public office.
Thieves can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $200 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.
The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too.
On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.
Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or by impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).
What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers are bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online, which we outline in detail here.
Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.
The Postal Service has mechanisms in place to prevent this, however. Among which, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.
So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.
Other crucial pieces of your identity include:
Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.
You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.
Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.
Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.
With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who’re after direct access to your finances and more.
Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.
In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.
By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.
Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collects your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too.
Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves.
A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes if far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.
And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.
The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.
For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities.
As we consider the path forward on necessary and appropriate steps to improve mitigation of DNS abuse, it’s helpful to reflect briefly on the origins of this issue within ICANN, and to recognize the various and relevant community inputs to our ongoing work.
As a starting point, it’s important to understand ICANN’s central role in preserving the security, stability, resiliency and global interoperability of the internet’s unique identifier system, and also the limitations established within ICANN’s bylaws. ICANN’s primary mission is to ensure the stable and secure operation of the internet’s unique identifier systems, but as expressly stated in its bylaws, ICANN “shall not regulate (i.e., impose rules and restrictions on) services that use the internet’s unique identifiers or the content that such services carry or provide, outside the express scope of Section 1.1(a).” As such, ICANN’s role is important, but limited, when considering the full range of possible definitions of “DNS Abuse,” and developing a comprehensive understanding of security threat categories and the roles and responsibilities of various players in the internet infrastructure ecosystem is required.
In support of this important work, ICANN’s generic top-level domain (gTLD) contracted parties (registries and registrars) continue to engage with ICANN, and with other stakeholders and community interest groups, to address key factors related to effective and appropriate DNS security threat mitigation, including:
To better understand the various roles, responsibilities and processes, it’s important to first define illegal and abusive online activity. While perspectives may vary across our wide range of interest groups, the emerging consensus on definitions and terminology is that these activities can be categorized as DNS Security Threats, Infrastructure Abuse, Illegal Content, or Abusive Content, with ICANN’s remit generally limited to the first two categories.
Behavior within each of these categories constitutes abuse, and it is incumbent on members of the community to actively work to combat and mitigate these behaviors where they have the capability, expertise and responsibility to do so. We recognize the benefit of coordination with other entities, including ICANN within its bylaw-mandated remit, across their respective areas of responsibility.
The ICANN Organization has been actively involved in advancing work on DNS abuse, including the 2017 initiation of the Domain Abuse Activity Reporting (DAAR) system by the Office of the Chief Technology Officer. DAAR is a system for studying and reporting on domain name registration and security threats across top-level domain (TLD) registries, with an overarching purpose to develop a robust, reliable, and reproducible methodology for analyzing security threat activity, which the ICANN community may use to make informed policy decisions. The first DAAR reports were issued in January 2018 and they are updated monthly. Also in 2017, ICANN published its “Framework for Registry Operators to Address Security Threats,” which provides helpful guidance to registries seeking to improve their own DNS security posture.
The ICANN Organization also plays an important role in enforcing gTLD contract compliance and implementing policies developed by the community via its bottom-up, multi-stakeholder processes. For example, over the last several years, it has conducted registry and registrar audits of the anti-abuse provisions in the relevant agreements.
The ICANN Organization has also been a catalyst for increased community attention and action on DNS abuse, including initiating the DNS Security Facilitation Initiative Technical Study Group, which was formed to investigate mechanisms to strengthen collaboration and communication on security and stability issues related to the DNS. Over the last two years, there have also been multiple ICANN cross-community meeting sessions dedicated to the topic, including the most recent session hosted by the ICANN Board during its Annual General Meeting in October 2021. Also, in 2021, ICANN formalized its work on DNS abuse into a dedicated program within the ICANN Organization. These enforcement and compliance responsibilities are very important to ensure that all of ICANN’s contracted parties are living up to their obligations, and that any so-called “bad actors” are identified and remediated or de-accredited and removed from serving the gTLD registry or registrar markets.
The ICANN Organization continues to develop new initiatives to help mitigate DNS security threats, including: (1) expanding DAAR to integrate some country code TLDs, and to eventually include registrar-level reporting; (2) work on COVID domain names; (3) contributions to the development of a Domain Generating Algorithms Framework and facilitating waivers to allow registries and registrars to act on imminent security threats, including botnets at scale; and (4) plans for the ICANN Board to establish a DNS abuse caucus.
As early as 2009, the ICANN community began to identify the need for additional safeguards to help address DNS abuse and security threats, and those community inputs increased over time and have reached a crescendo over the last two years. In the early stages of this community dialogue, the ICANN Governmental Advisory Committee, via its Public Safety Working Group, identified the need for additional mechanisms to address “criminal activity in the registration of domain names.” In the context of renegotiation of the Registrar Accreditation Agreement between ICANN and accredited registrars, and the development of the New gTLD Base Registry Agreement, the GAC played an important and influential role in highlighting this need, providing formal advice to the ICANN Board, which resulted in new requirements for gTLD registry and registrar operators, and new contractual compliance requirements for ICANN.
Following the launch of the 2012 round of new gTLDs, and the finalization of the 2013 amendments to the RAA, several ICANN bylaw-mandated review teams engaged further on the issue of DNS Abuse. These included the Competition, Consumer Trust and Consumer Choice Review Team (CCT-RT), and the second Security, Stability and Resiliency Review Team (SSR2-RT). Both final reports identified and reinforced the need for additional tools to help measure and combat DNS abuse. Also, during this timeframe, the GAC, along with the At-Large Advisory Committee and the Security and Stability Advisory Committee, issued their own respective communiques and formal advice to the ICANN Board reiterating or reinforcing past statements, and providing support for recommendations in the various Review Team reports. Most recently, the SSAC issued SAC 115 titled “SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS.” These ICANN community group inputs have been instrumental in bringing additional focus and/or clarity to the topic of DNS abuse, and have encouraged ICANN and its gTLD registries and registrars to look for improved mechanisms to address the types of abuse within our respective remits.
During 2020 and 2021, ICANN’s gTLD contracted parties have been constructively engaged with other parts of the ICANN community, and with ICANN Org, to advance improved understanding on the topic of DNS security threats, and to identify new and improved mechanisms to enhance the security, stability and resiliency of the domain name registration and resolution systems. Collectively, the registries and registrars have engaged with nearly all groups represented in the ICANN community, and we have produced important documents related to DNS abuse definitions, registry actions, registrar abuse reporting, domain generating algorithms, and trusted notifiers. These all represent significant steps forward in framing the context of the roles, responsibilities and capabilities of ICANN’s gTLD contracted parties, and, consistent with our Letter of Intent commitments, Verisign has been an important contributor, along with our partners, in these Contracted Party House initiatives.
In addition, the gTLD contracted parties and ICANN Organization continue to engage constructively on a number of fronts, including upcoming work on standardized registry reporting, which will help result in better data on abuse mitigation practices that will help to inform community work, future reviews, and provide better visibility into the DNS security landscape.
It is important to note that groups outside of ICANN’s immediate multi-stakeholder community have contributed significantly to the topic of DNS abuse mitigation:
Internet & Jurisdiction Policy Network
The Internet & Jurisdiction Policy Network is a multi-stakeholder organization addressing the tension between the cross-border internet and national jurisdictions. Its secretariat facilitates a global policy process engaging over 400 key entities from governments, the world’s largest internet companies, technical operators, civil society groups, academia and international organizations from over 70 countries. The I&JP has been instrumental in developing multi-stakeholder inputs on issues such as trusted notifier, and Verisign has been a long-time contributor to that work since the I&JP’s founding in 2012.
DNS Abuse Institute
The DNS Abuse Institute was formed in 2021 to develop “outcomes-based initiatives that will create recommended practices, foster collaboration and develop industry-shared solutions to combat the five areas of DNS Abuse: malware, botnets, phishing, pharming, and related spam.” The Institute was created by Public Interest Registry, the registry operator for the .org TLD.
Global Cyber Alliance
The Global Cyber Alliance is a nonprofit organization dedicated to making the internet a safer place by reducing cyber risk. The GCA builds programs, tools and partnerships to sustain a trustworthy internet to enable social and economic progress for all.
ECO “topDNS” DNS Abuse Initiative
Eco is the largest association of the internet industry in Europe. Eco is a long-standing advocate of an “Internet with Responsibility” and of self-regulatory approaches, such as the DNS Abuse Framework. The eco “topDNS” initiative will help bring together stakeholders with an interest in combating and mitigating DNS security threats, and Verisign is a supporter of this new effort.
Other Community Groups
Verisign contributes to the anti-abuse, technical and policy communities: We continuously engage with ICANN and an array of other industry partners to help ensure the continued safe and secure operation of the DNS. For example, Verisign is actively engaged in anti-abuse, technical and policy communities such as the Anti-Phishing and Messaging, Malware and Mobile Anti-Abuse Working Groups, FIRST and the Internet Engineering Task Force.
As a leader in the domain name industry and DNS ecosystem, Verisign supports and has contributed to the cross-community efforts enumerated above. In addition, Verisign also engages directly by:
An important concept and approach for mitigating illegal and abusive activity online is the ability to engage with and rely upon third-party “trusted notifiers” to identify and report such incidents at the appropriate level in the DNS ecosystem. Verisign has supported and been engaged in the good work of the Internet & Jurisdiction Policy Network since its inception, and we’re encouraged by its recent progress on trusted notifier framing. As mentioned earlier, there are some key questions to be addressed as we consider the viability of engaging trusted notifiers or building trusting notifier entities, to help mitigate illegal and abusive online activity.
Verisign’s recent experience with the U.S. government (NTIA and FDA) in combating illegal online opioid sales has been very helpful in illuminating a possible approach for third-party trusted notifier engagement. As noted, we have also benefited from direct engagement with the Internet Watch Foundation and law enforcement in combating CSAM. These recent examples of third-party engagement have underscored the value of a well-formed and executed notification regime, supported by clear expectations, due diligence and due process.
Discussions around trusted notifiers and an appropriate framework for engagement are under way, and Verisign recently engaged with other registries and registrars to lead the development of such a framework for further discussion within the ICANN community. We have significant expertise and experience as an infrastructure provider within our areas of technical, legal and contractual responsibility, and we are aggressive in protecting our operations from bad actors. But in matters related to illegal or abusive content, we need and value contributions from third parties to appropriately identify such behavior when supported by necessary evidence and due diligence. Precisely how such third-party notifications can be formalized and supported at scale is an open question, but one that requires further exploration and work. Verisign is committed to continuing to contribute to these ongoing discussions as we work to mitigate illegal and abusive threats to the security, stability and resiliency of the internet.
Over the last several years, DNS abuse and DNS-related security threat mitigation has been a very important topic of discussion in and around the ICANN community. In cooperation with ICANN, contracted parties, and other groups within the ICANN community, the DNS ecosystem including Verisign has been constructively engaged in developing a common understanding and practical work to advance these efforts, with a goal of meaningfully reducing the level and impact of malicious activity in the DNS. In addition to its contractual compliance functions, ICANN’s contributions have been important in helping to advance this important work and it continues to have a critical coordination and facilitation function that brings the ICANN community together on this important topic. The ICANN community’s recent focus on DNS abuse has been helpful, significant progress has been made, and more work is needed to ensure continued progress in mitigating DNS security threats. As we look ahead to 2022, we are committed to collaborating constructively with ICANN and the ICANN community to deliver on these important goals.
The post Ongoing Community Work to Mitigate Domain Name System Security Threats appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2021 closed with 364.6 million domain name registrations across all top-level domains, a decrease of 2.7 million domain name registrations, or 0.7%, compared to the second quarter of 2021.1,2 Domain name registrations have decreased by 6.1 million, or 1.6%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the third quarter of 2021, including:
The Domain Name Industry Brief this quarter also includes an overview of the ongoing community work to mitigate DNS security threats.
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q3 2021 The Domain Name Industry Brief: 364.6 Million Domain Name Registrations in the Third Quarter of 2021 appeared first on Verisign Blog.
It’s a long-standing question. Can Apple Macs get viruses?
While Apple does go to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. So what does Apple provide in terms of antivirus protection? Let’s take a look along with some signs that your Mac may be hacked and how you can protect yourself from further threats beyond viruses, like identity theft.
Whether hackers physically sneak it onto your device or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, viruses and malware can create problems for you in a few ways:
Some possible signs of hacking software on your Mac include:
Is your device operating more slowly, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your device’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your computer to run hot or even overheat.
If you find apps you haven’t downloaded, along with messages and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your computer to send messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your computer may have been hacked.
Macs contain several built-in features that help protect them from viruses:
Similarly, all apps that wish to be sold on the Apple App Store must go through Apple’s App Review. While not strictly a review for malware, security matters are considered in the process. Per Apple, “We review all apps and app updates submitted to the App Store in an effort to determine whether they are reliable, perform as expected, respect user privacy, and are free of objectionable content.”
There are a couple reasons why Mac users may want to consider additional protection in addition to the antivirus protection that Mac provides out of the box:
In all, Macs are like any other connected device. They’re susceptible to threats and vulnerabilities as well. Looking more broadly, there’s the wider world of threats on the internet, such as phishing attacks, malicious links and downloads, prying eyes on public Wi-Fi, data breaches, identity theft, and so on. It’s for this reason Mac users may think about bolstering their defenses further with online protection software.
Staying safer online follows a simple recipe:
Reading between the lines, that recipe can take a bit of work. However, comprehensive online protection can take care of it for you. In particular, McAfee Total Protection includes an exclusive Protection Score, which checks to see how safe you are online, identifies gaps, and then offers personalized guidance, and helping you know exactly how safe you are.
An important part of this score is privacy and security, which is backed by a VPN that turns on automatically when you’re on an unsecure network and personal information monitoring to help protect you from identity theft—good examples that illustrate how staying safe online requires more than just antivirus.
So, Macs can get viruses and are subject to threats just like any other computer. While Macs have strong protections built into them, they may not offer the full breadth of protection you want, particularly in terms of online identity theft and the ability to protect you from the latest malware threats. Consider the threats you want to keep clear of and then take a look at your options that’ll help keep you safe.
The post Can Apple Macs get Viruses? appeared first on McAfee Blog.
Authored by Oliver Devane and Vallabh Chole
Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously blogged about how to change desktop browser settings to stop malicious notifications. This blog focuses on Chrome notifications on Android mobile devices such as phones and tablets, and how McAfee Mobile Security protects users from malicious sites leveraging these notifications.
Most users are unaware of the source of these notifications. Permission is granted when a user clicks ‘Allow’ on a prompt within Android Chrome.
Many malicious websites use language and images like the one above that entice the user to click ‘Allow’ such as ‘Just one more step! Click “Allow” to continue. Once allow is clicked, the website is added to a site permissions list, which will enable it to send notifications.
The notifications will look like a usual Android notification which you will be used to seeing such as you have a new WhatsApp message or email. To identify the source of the notification, we need to look for the application name which is like the one highlighted in the red box below.
The image above shows the notification came from Chrome and it is from the website premiumbros[.]com. This is something you should pay attention to as it will be needed when you want to stop annoying notifications.
Some notifications like the ones in this blog are malicious as they attempt to trick users into believing that their mobile device is infected with a virus and some action is required. When the users click the notification, Chrome will load a website which will present them with a fake warning like the example below:
Clicking either Cancel or Update Now on the above website will result in the same behavior. The browser will redirect the user to a google play store app so that they can download and install it.
The malicious websites will flood your phone with several notifications. The screenshot below shows an example of this:
You may ask yourself, why do malicious actors try to get me to install a google play application? The people behind these scams receive a commission when these applications are installed on devices. They rely on deceptive tactics to trick users into installing them to maximize profits.
To remove a website’s notification permission, you need to change a Chrome setting.
1- Find out the name of the website which is sending these notifications. This can be done by looking at the notification and noting down the name of the website. If we use this blog as an example, it would be premiumbros[.]com
2- Open the Chrome browser app which can be found by performing the following search:
3- Click the three … on the top right hand of the application
4- Scroll down and click on settings
5- Click on Notifications
6- Scroll down until you find the website which you identified in step 1
7- Pres the blue radio button so it turns grey
8- Notifications will now be disabled for that website. If you want to block multiple websites, click the radio button for them as well.
McAfee customers who have McAfee Mobile Security are protected against these malicious websites as long as they enable the ‘Safe Browsing’ feature within the application.
Upon trying to access a malicious website such as the one in the blog it will be blocked as shown in the image below:
Please read this guide on enabling the Safe Browsing feature within the Mobile Security Application.
The post Why Am I Getting All These Notifications on my Phone? appeared first on McAfee Blog.
You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. It’s unlikely that everyday people, such as yourself, will be targeted by a ransomware scheme, so you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being very easy to install and use, you can indeed experience these three everyday benefits to keep your browsing activities safe from eavesdroppers seeking to profit from your online comings and goings.
The most widely known benefit of a VPN for daily use is to safeguard your device when it’s connected to a public Wi-Fi network. Coffee shops, libraries, hotels, transportation hubs, and other public places often provide courtesy internet service to visitors. Shifty characters often lurk on unprotected networks to lift personally identifiable information (PII) from people handling sensitive emails, making banking transactions, or shopping online. Public Wi-Fi eavesdroppers can lift credit card numbers, addresses, birthdays, and Social Insurance Numbers.
When you connect to public Wi-Fi that doesn’t have a lock icon, that’s a sign that you should toggle on your VPN. Also, even if you’re required to enter a password, be wary of any network you share with strangers.
A VPN can also hide your location data. How does this help you protect your browsing history? First, when you scramble your location, you’re likely to confuse ad networks trying to send you targeted ads. This will free your social media feeds and search engines from targeted ads that often are so accurate they seem like an invasion of privacy.
Second, hiding your location can protect you from cybercriminals looking to mine PII. VPNs make it impossible for criminals to discover your IP address. (The internet protocol address is what ties your device to a specific local network.) When they’re visible, criminals can trace IP addresses to reveal home addresses, full names, and phone numbers: all of which are key pieces of PII that, in the wrong hands, can jeopardize your identity.
While Canada and the European Union don’t allow ISPs (internet service providers) to even collect the browsing data of their customers, keep in mind that in some countries, like the U.S., ISPs can collect, store, share, and/or sell customer data. While advertisers are often the buyers of customer data, in the case of a breach, the more places your PII lives, the more likely it may be involved in a security incident. The goal is to limit the extent and number of places where your browsing history is stored.
VPNs can scramble your online movements to the point where not even ISPs can track it. Plus, when you log out, your device doesn’t keep a record of what you did while connected to the VPN. Incognito mode on your internet browser hides your IP address, but the websites you visit still collect cookies and store data about your online whereabouts, meaning that it’s not truly private browsing.
McAfee Safe Connect VPN encrypts your online activity to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once with bank-grade Wi-Fi encryption. Feel more confident whenever you hop on the internet across all your connected devices with just one quick and easy step.
The post Why Everyone Needs a VPN appeared first on McAfee Blog.
The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the Ukraine invasion, stating, “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.”
Along with this statement, the White House published a fact sheet outlining the new and ongoing steps the government is taking to protect its infrastructure and technologies, along with steps that private businesses can take to protect themselves from attacks as well.
Of course, any successful attack on government operations and the operations of private businesses could potentially affect households as well—such as in the case of data breaches where data or information is stolen from a system, often the personal data and information of individuals.
Word of potential attacks understandably leaves people feeling uncertain and may further leave them wondering if there’s anything they can do to protect themselves. With regards to data breaches and the cases of identity theft that typically follow, there are several steps people can take to keep safer online.
Let’s break down what a data breach looks like, how it can affect you, and what you can do in advance of a breach to protect yourself.
We’ve certainly seen data breaches make the news over the years, which are often (but not always) associated with malicious hackers or hacker organizations. A quick list of some of the largest and most impactful breaches we’ve seen in recent years:
Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location.
What differs with the White House warning is who may end up being behind these potential attacks—a nation-state rather than what are financially motivated hackers or hacking groups. (Some research indicates that nearly 90% of breaches are about the money.) However, the result is the same. Your personal information winds up loose in the world and possibly in the hands of a bad actor.
The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.
Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:
As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.)
The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.
With this information in hand, a crook can commit several types of identity crimes—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get an ID issued in your name as well.
Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or another gain.
The succinct answer is to sign up for an identity protection service. It can monitor dozens of types of personal information and then alert you if any of them are possibly being misused, so you can address any issues right away before they become a potentially much bigger problem.
Further, pairing identity protection with online protection software can protect you even more. With an all-up view of your overall online security—how well you’re protecting yourself and your identity online—it can guide you through steps that can shore up your protection and make you safer still.
When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps.
Given the possibility that your password may be in the hands of a bad actor, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
As outlined above, identity protection like ours can monitor a broad set of your personal information and provide you guidance for making it more secure, in addition to getting help from a professional recovery specialist.
For an even closer look at identity theft, we have two articles that can help guide the way if you think you’re a victim, each featuring a series of straightforward steps you can take to set matters right:
No matter how uncertain news of possible cyberattacks may any of us feel, you can take steps to set some of that uncertainty aside. An identity protection service is a strong first move against possible identity theft, as is pairing it with online protection software that keeps you safer online overall. Likewise, knowing the signs of possible identity theft and what you can do to address it right away offer further assurance still—like having the services of a professional recovery specialist to help.
In all, there’s no need to leave yourself wondering at the news from the White House. As an individual, you have it in your power to make yourself and your family safer than they are now.
The post White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe appeared first on McAfee Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2021 closed with 341.7 million domain name registrations across all top-level domains, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021.1,2 Domain name registrations have increased by 1.6 million, or 0.5%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2021, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021 appeared first on Verisign Blog.
Whether you think you might have a virus on your computer or devices, or just want to keep them running smoothly, it’s easy to do a virus scan. How to check for viruses depends on the software and device you have, so we’ll go through everything you need to know to run a scan effectively and keep your computers, phones and tablets in tip-top shape.
First, let’s cover a few of the telltale signs your device might have a virus. Is your computer or device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Or maybe, you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are all examples of signs that you may have a virus, but don’t get too worried yet, because many of these issues can be resolved with a virus scan.
Each antivirus program works a little differently, but in general the software will look for known malware that meets a specific set of characteristics. It may also look for variants of these known threats that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, it removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.
The process of checking for viruses depends on the device type and its operating system. Check out these tips to help you scan your computers, phones and tablets.
If you use Windows 10, go into “Settings” and look for the “Updates & Security” tab. From there you can locate a “Scan Now” button.
Of course, many people have invested in more robust antivirus software that has a high accuracy rate and causes less drain on their system resources, such as McAfee Total Protection. To learn how to run a virus scan using your particular antivirus software, search the software’s help menu or look online for instructions.
Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. There are some free antivirus applications available online, but we recommend investing in trusted software that can protect you from a variety of threats. Downloading free software and free online virus scans can be risky, since cybercriminals know that this is a good way to spread malware.
Whichever program you choose, follow their step-by-step instructions on how to perform a virus scan, either by searching under “help” or looking it up on their website.
Yes, you can get a virus on your phone or tablet, although they are less common than on computers. However, the wider category of mobile malware is on the rise and your device can get infected if you download a risky app, click on an attachment in a text message, visit a dangerous webpage, or connect to another device that has malware on it.
Fortunately, you can protect your devices with mobile security software. It doesn’t usually come installed, so you will have to download an application and follow the instructions.
Because the Android platform is an open operating system, there are a number of antivirus products for Android devices, that allows you to do a virus scan.
Apple devices are a little different because they have a closed operating system that doesn’t allow third parties to see their code. Although Apple has taken other security precautions to reduce malware risks, such as only allowing the installation of apps from Apple’s official app store, these measures aren’t the same as an antivirus program.
For more robust protection on your Apple devices, you can install mobile security software to protect the private data you have stored on your phone or tablet, such as contacts, photos and messages.
If safeguarding all your computers and devices individually sounds overwhelming, you can opt for a comprehensive security product that protects computers, smartphones and tablets from a central control center, making virus prevention a breeze.
New online threats emerge every day, putting our personal information, money and devices at risk. In the first quarter of 2019 alone McAfee detected 504 new threats per minute, as cybercriminals employed new tactics. That’s why it is essential to stay ahead of these threats by using security software that is constantly monitoring and checking for new known threats, while safeguarding all of your sensitive information. Virus scans are an essential part of this process when it comes to identifying and removing dangerous code.
Most antivirus products are regularly scanning your computer or device in the background, so you will only need to start a manual scan if you notice something suspicious, like crashes or excessive pop-ups. You can also program regular scans on your schedule.
Of course, the best protection is to avoid getting infected in the first place. Here are a few smart tips to sidestep viruses and other malware:
The post How To Do A Virus Scan appeared first on McAfee Blog.
Sometimes in order to move forward effectively, it’s good to take stock of where we’ve been. In this blog, we’ll review a concept that has been foundational to networking and cybersecurity from the beginning: the session. Why focus on the session? As the philosophy of Zero Trust is adopted more broadly in the security industry, it’s important to understand the building blocks of access. The session is a fundamental component of access to any resource.
To get things started, let’s start with a definition. A simple definition of a session might be: “a period of time devoted to a particular activity.” Not so bad, but the complexity for internet and network security springs from scoping the “particular activity.”
The internet exists on top of a standardized suite of protocols that govern how data can be transmitted or exchanged between different entities. This suite, now generally referred to as the TCP/IP stack, is comprised of four distinct layers that delineate how data flows between networked resources. This is where the scoping of a session becomes obscure. The “particular activity” could refer to the network layer, which is responsible for establishing communications between the actual physical networks. Or, perhaps the activity refers to the Internet layer, which ensures the packets of data reach their destinations across network boundaries. The activity could also be the transport layer, responsible for the reliability of end-to-end communication across the network. It could also be referencing the application layer, the highest layer of the TCP/IP stack, which is responsible for the interface and protocols used by applications and users. For the familiar, these layers were originally defined in the OSI model.
This layering framework works well for establishing the distinct session types and how we can begin to protect them. However, the rise of cloud-based services means we must now also look at how sessions are defined in relation to the cloud — especially as we look to provide security and access controls. At the application layer, we now have client devices with web browsers and applications that communicate to a cloud service. Additionally, cloud services can be one or a combination of SaaS, PaaS and IaaS, each defining their own session and thus access.
With all the different classes of sessions, there are different mechanisms and protocols by which authentication and authorization are employed to eventually provide that access. All sessions use some type of account or credential to authenticate and evaluate a set of variables to determine authorization or access. Some of these variables may also be similar across different sessions. For example, an enterprise may evaluate the device’s security posture (e.g. it is running the latest OS patches) as a variable to grant access at both the network and application layer. Similarly, the same username and password may be used across different session layers.
However, each layer might also use distinct and specific variables to evaluate the appropriate access level. For instance, the network interface layer may want to ensure cryptographic compliance of the network interfaces. A cloud service may evaluate geographical or regional compliance. The common practice today is to have every session layer act alone to make its own access decision.
Let’s take a step back and review.
Now, let’s explore something new: what if the variables and access evaluation outcomes were shared seamlessly across session layers?
What if recent network context and activity were used to inform cloud access decisions? Or, recent user access decisions across the network layers be used to inform cloud application controls? Think about the enhanced resilience provided if network-based risk signal like packet information could be appropriately mapped and shared with the cloud application layer. Sharing information across session boundaries provides more robust fulfillment of Zero Trust principles by striving to evaluate security context as holistically as possible at the time of access.
In order to build a future where security decisions are informed by broader and continuous context, we’ll need tools and protocols that help us bridge tools and map data across them. To provide improved access and security, both the bridge and the correct mapping must be in place. It’s one thing to get the data transferred to another tool, it’s quite another to map that data into relevance for the new tool. For example, how do we map a privileged application credential to a device? And, then how do we map relevant context across systems?
The good news is that work is starting to enable a future where regardless of session definition, security context can be mapped and shared. Protocols such as the Shared Signals and Events and the Open Policy Agent are evolving to enable timely and dynamic signal sharing between tools, but they are nascent and broader adoption is required. Cisco has already contributed a technical reference architecture as a guide for Shared Signals and Events. We hope that by accelerating the adoption of these standards the industry gets one step closer to actively sharing relevant security context across OSI layers. While the road ahead won’t be easy, we think the sharing signals will make for a more resilient and robust security future.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
At Cisco Duo, we continually strive to enhance our products to make it easy for security practitioners to apply access policies based on the principles of zero trust. This blog highlights how Duo is achieving that goal by simplifying user and administrator experience and supporting data sovereignty requirements for customers around the world. Read on to get an overview of what we have been delivering to our customers in those areas in the past few months.
Duo strives to make secure access frictionless for employees while reducing the administrative burden on IT (Information Technology) and helpdesk teams. This is made possible thanks to the strong relationship between our customers and our user research team. The insights we gained helped us implement some exciting enhancements to Duo Single Sign-On (SSO) and Device Trust capabilities.
Duo SSO unifies identities across systems and reduces the number of credentials a user must remember and enter to gain access to resources. Active Directory (AD) is the most popular authentication source connected to Duo SSO, accounting for almost 80% of all setups. To make Duo’s integration with AD even easier to implement, we have introduced Duo SSO support for multiple Active Directory forests for organizations that have users in multiple domains. Additionally, we added the Expired Password Resets feature in Duo SSO. It provides an easy experience for users to quickly reset their expired Active Directory password, log into their application, and carry on with their day. Continuing the theme of self service, we introduced a hosted device management portal – a highly requested feature from customers. Now administrators no longer need to host and manage the portal, and end users can login with Duo SSO to manage their authentication devices (e.g.: TouchID, security keys, mobile phone etc.) without needing to open IT helpdesk tickets.
We are also simplifying the administrator experience. We have made it easy for administrators to configure Duo SSO with Microsoft 365 using an out of the box integration. Duo SSO layers Duo’s strong authentication and flexible policy engine on top of Microsoft 365 logins. Further, we have heard from many customers that they want to deliver a seamless on-brand login experience for their workforce. To support this, we have made custom branding so simple that administrators can quickly customize their end-user authentication experience from the settings page in the Duo Admin Panel.
Device Trust is a critical capability required to enable secure access for the modern workforce from any location. We have made it easy for organizations to adopt device trust and distinguish between managed and unmanaged devices. Organizations can enforce a Trusted Endpoint policy to allow access only from managed devices for critical applications. We have eliminated the requirement to deploy and manage device certificates to enforce this policy. Device Health application now checks the managed status of a device. This lowers administrative overhead while enabling organizations to achieve a better balance between security and usability. We have also added out-of-box integrations with unified endpoint management solutions such as Active Directory domain-joined devices, Microsoft Intune, Jamf Pro and VMware Workspace ONE. For organizations that have deployed a solution that is not listed above, Duo provides a Device API that works with any enterprise device management system.
To support our growing customer base around the world, Duo expanded its data center presence to Australia, Singapore, and Japan in September last year. And now Duo is thrilled to announce the launch of the two new data centers in the UK and India. Both the new and existing data centers will allow customers to meet all local requirements, all while maintaining ISO27001 and SOC2 compliance and a 99.999% service availability goal.
The launch of the new data centers is the backbone of Duo’s international expansion strategy. In the last two years, Duo has met key international growth milestones and completed the C5 attestation (Germany), AgID certification (Italy) and IRAP assessment (Australia) – all of which demonstrate that Duo meets the mandatory baseline standards for use by the public sector in the countries listed above. Check out this Privacy Data Sheet to learn more about Cisco Duo’s commitment to our customer’s data privacy and data sovereignty.
That is a summary of what we have been up to here at Cisco Duo in the past few months. But we are not done yet! Stay tuned for more exciting announcements at RSA Conference 2022 next week. Visit us at our booth at RSAC 2022 and World of solutions at Cisco Live 2022.
In the meanwhile, check out this on-demand #CiscoChat panel discussion with real-world security practitioners on how they have implemented secure access best practices for hybrid work using Duo. And if you do not want to wait, sign-up for a 30 day trial and experience how Duo can simplify secure access for your workforce.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.
The Costa Rican publication CRprensa.com reports that affected systems at the Costa Rican Social Security Fund (CCSS) were taken offline on the morning of May 31, but that the extent of the breach was still unclear. The CCSS is responsible for Costa Rica’s public health sector, and worker and employer contributions are mandated by law.
A hand-written sign posted outside a public health center in Costa Rica today explained that all systems are down until further notice (thanks to @Xyb3rb3nd3r for sharing this photo).
A hand-written notice posted outside a public health clinic today in Costa Rica warned of system outages due to a cyberattack on the nation’s healthcare systems. The message reads: “Dear Users: We would like to inform you that due a problem related to the information systems of the institution, we are unable to expend any medicine prescriptions today until further notice. Thank you for your understanding- The pharmacy.”
Esteban Jimenez, founder of the Costa Rican cybersecurity consultancy ATTI Cyber, told KrebsOnSecurity the CCSS suffered a cyber attack that compromised the Unique Digital Medical File (EDUS) and the National Prescriptions System for the public pharmacies, and as a result medical centers have turned to paper forms and manual contingencies.
“Many smaller health centers located in rural areas have been forced to close due to not having the required equipment or communication with their respective central health areas and the National Retirement Fund (IVM) was completely blocked,” Jimenez said. “Taking into account that salaries of around fifty thousand employees and deposits for retired citizens were due today, so now the payments are in danger.”
Jimenez said the head of the CCSS has addressed the local media, confirming that the Hive ransomware was deployed on at least 30 out of 1,500 government servers, and that any estimation of time to recovery remains unknown. He added that many printers within the government agency this morning began churning out copies of the Hive ransom note.
Printers at the Costa Rican government health ministry went crazy this morning after the Hive ransomware group attacked. Image: Esteban Jimenez.
“HIVE has not yet released their ransom fee but attacks are expected to follow, other organizations are trying to get a hold on the emergency declaration to obtain additional funds to purchase new pieces of infrastructure, improve their backup structure amongst others,” Jimenez said.
A copy of the ransom note left behind by the intruders and subsequently uploaded to Virustotal.com indicates the CCSS intrusion was the work of Hive, which typically demands payment for a digital key needed to unlock files and servers compromised by the group’s ransomware.
A HIVE ransomware chat page for a specific victim (redacted).
On May 8, President Chaves used his first day in office to declare a national state of emergency after the Conti ransomware group threatened to publish gigabytes of sensitive data stolen from Costa Rica’s Ministry of Finance and other government agencies. Conti initially demanded $10 million, and later doubled the amount when Costa Rica refused to pay. On May 20, Conti leaked more than 670 gigabytes of data taken from Costa Rican government servers.
As CyberScoop reported on May 17, Chaves told local media he believed that collaborators within Costa Rica were helping Conti extort the government. Chaves offered no information to support this claim, but the timeline of Conti’s descent on Costa Rica is worth examining.
Most of Conti’s public communications about the Costa Rica attack have very clearly assigned credit for the intrusion to an individual or group calling itself “unc1756.” In March 2022, a new user by the same name registered on the Russian language crime forum Exploit.
A message Conti posted to its dark web blog on May 20.
On the evening of April 18, Costa Rica’s Ministry of Finance disclosed the Conti intrusion via Twitter. Earlier that same day, the user unc1756 posted a help wanted ad on Exploit saying they were looking to buy access to “special networks” in Costa Rica.
“By special networks I mean something like Haciendas,” unc1756 wrote on Exploit. Costa Rica’s Ministry of Finance is known in Spanish as the “Ministerio Hacienda de Costa Rica.” Unc1756 said they would pay $USD 500 or more for such access, and would work only with Russian-speaking people.
Experts say there are clues to suggest Conti and Hive are working together in their attacks on Costa Rica, and that the intrusions are tied to a rebranding effort by Conti. Shortly after Russia invaded Ukraine at the end of February, Conti declared its full support, aligning itself directly with Russia and against anyone who would stand against the motherland.
Conti’s threatening message this week regarding international interference in Ukraine.
Conti quickly deleted the declaration from its website, but the damage had already been done, and any favor or esteem that Conti had earned among the Ukrainian cybercriminal underground effectively evaporated overnight.
Shortly thereafter, a Ukrainian security expert leaked many months worth of internal chat records between Conti personnel as they plotted and executed attacks against hundreds of victim organizations. Those candid messages exposed what it’s like to work for Conti, how they undermined the security of their targets, as well as how the group’s leaders strategized for the upper hand in ransom negotiations.
But Conti’s declaration of solidarity with the Kremlin also made it increasingly ineffective as an instrument of financial extortion. According to cyber intelligence firm ADVIntel, Conti’s alliance with the Russian state soon left it largely unable to receive ransom payments because victim companies are being advised that paying a Conti ransom demand could mean violating U.S. economic sanctions on Russia.
“Conti as a brand became associated with the Russian state — a state that is currently undergoing extreme sanctions,” ADVIntel wrote in a lengthy analysis (PDF). “In the eyes of the state, each ransom payment going to Conti may have potentially gone to an individual under sanction, turning simple data extortion into a violation of OFAC regulation and sanction policies against Russia.”
Conti is by far the most aggressive and profitable ransomware group in operation today. Image: Chainalysis
ADVIntel says it first learned of Conti’s intrusion into Costa Rican government systems on April 14, and that it has seen internal Conti communications indicating that getting paid in the Costa Rica attack was not the goal.
Rather, ADVIntel argues, Conti was simply using it as a way to appear publicly that it was still operating as the world’s most lucrative ransomware collective, when in reality the core Conti leadership was busy dismantling the crime group and folding themselves and top affiliates into other ransomware groups that are already on friendly terms with Conti.
“The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived,” ADVIntel concluded.
ADVIntel says Conti’s leaders and core affiliates are dispersing to several Conti-loyal crime collectives that use either ransomware lockers or strictly engage in data theft for ransom, including AlphV/BlackCat, AvosLocker, BlackByte, HelloKitty, Hive, and Karakurt.
Still, Hive appears to be perhaps the biggest beneficiary of any attrition from Conti: Twice over the past week, both Conti and Hive claimed responsibility for hacking the same companies. When the discrepancy was called out on Twitter, Hive updated its website to claim it was not affiliated with Conti.
Conti and Hive’s Costa Rican exploits mark the latest in a string of recent cyberattacks against government targets across Latin America. Around the same time it hacked Costa Rica in April, Conti announced it had hacked Peru’s National Directorate of Intelligence, threatening to publish sensitive stolen data if the government did not pay a ransom.
But Conti and Hive are not alone in targeting Latin American victims of late. According to data gathered from the victim shaming blogs maintained by multiple ransomware groups, over the past 90 days ransom actors have hacked and sought to extort 15 government agencies in Brazil, nine in Argentina, six in Colombia, four in Ecuador and three in Chile.
A recent report (PDF) by the Inter-American Development Bank suggests many Latin American countries lack the technical expertise or cybercrime laws to deal with today’s threats and threat actors.
“This study shows that the Latin American and Caribbean (LAC) region is not sufficiently prepared to handle cyberattacks,” the IADB document explains. “Only 7 of the 32 countries studied have a critical infrastructure protection plan, while 20 have established cybersecurity incident response teams, often called CERTs or CSIRTs. This limits their ability to identify and respond to attacks.”
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.
In a statement about the changes, Deputy Attorney General Lisa O. Monaco said the DOJ “has never been interested in prosecuting good-faith computer security research as a crime,” and that the new guidelines “promote cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”
What constitutes “good faith security research?” The DOJ’s new policy (PDF) borrows language from a Library of Congress rulemaking (PDF) on the Digital Millennium Copyright Act (DMCA), a similarly controversial law that criminalizes production and dissemination of technologies or services designed to circumvent measures that control access to copyrighted works. According to the government, good faith security research means:
“…accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”
“Security research not conducted in good faith — for example, for the purpose of discovering security holes in devices, machines, or services in order to extort the owners of such devices, machines, or services — might be called ‘research,’ but is not in good faith.”
The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v. United States (PDF), a case involving a former police sergeant in Florida who was convicted of CFAA violations after a friend paid him to use police resources to look up information on a private citizen.
But in an opinion authored by Justice Amy Coney Barrett, the Supreme Court held that the CFAA does not apply to a person who obtains electronic information that they are otherwise authorized to access and then misuses that information.
Orin Kerr, a law professor at University of California, Berkeley, said the DOJ’s updated policy was expected given the Supreme Court ruling in the Van Buren case. Kerr noted that while the new policy says one measure of “good faith” involves researchers taking steps to prevent harm to third parties, what exactly those steps might constitute is another matter.
“The DOJ is making clear they’re not going to prosecute good faith security researchers, but be really careful before you rely on that,” Kerr said. “First, because you could still get sued [civilly, by the party to whom the vulnerability is being reported], but also the line as to what is legitimate security research and what isn’t is still murky.”
Kerr said the new policy also gives CFAA defendants no additional cause for action.
“A lawyer for the defendant can make the pitch that something is good faith security research, but it’s not enforceable,” Kerr said. “Meaning, if the DOJ does bring a CFAA charge, the defendant can’t move to dismiss it on the grounds that it’s good faith security research.”
Kerr added that he can’t think of a CFAA case where this policy would have made a substantive difference.
“I don’t think the DOJ is giving up much, but there’s a lot of hacking that could be covered under good faith security research that they’re saying they won’t prosecute, and it will be interesting to see what happens there,” he said.
The new policy also clarifies other types of potential CFAA violations that are not to be charged. Most of these include violations of a technology provider’s terms of service, and here the DOJ says “violating an access restriction contained in a term of service are not themselves sufficient to warrant federal criminal charges.” Some examples include:
-Embellishing an online dating profile contrary to the terms of service of the dating website;
-Creating fictional accounts on hiring, housing, or rental websites;
-Using a pseudonym on a social networking site that prohibits them;
-Checking sports scores or paying bills at work.
Kerr’s warning about the dangers that security researchers face from civil prosecution is well-founded. KrebsOnSecurity regularly hears from security researchers seeking advice on how to handle reporting a security vulnerability or data exposure. In most of these cases, the researcher isn’t worried that the government is going to come after them: It’s that they’re going to get sued by the company responsible for the security vulnerability or data leak.
Often these conversations center around the researcher’s desire to weigh the rewards of gaining recognition for their discoveries with the risk of being targeted with costly civil lawsuits. And almost just as often, the source of the researcher’s unease is that they recognize they might have taken their discovery just a tad too far.
Here’s a common example: A researcher finds a vulnerability in a website that allows them to individually retrieve every customer record in a database. But instead of simply polling a few records that could be used as a proof-of-concept and shared with the vulnerable website, the researcher decides to download every single file on the server.
Not infrequently, there is also concern because at some point the researcher suspected that their automated activities might have actually caused stability or uptime issues with certain services they were testing. Here, the researcher is usually concerned about approaching the vulnerable website or vendor because they worry their activities may already have been identified internally as some sort of external cyberattack.
What do I take away from these conversations? Some of the most trusted and feared security researchers in the industry today gained that esteem not by constantly taking things to extremes and skirting the law, but rather by publicly exercising restraint in the use of their powers and knowledge — and by being effective at communicating their findings in a way that maximizes the help and minimizes the potential harm.
If you believe you’ve discovered a security vulnerability or data exposure, try to consider first how you might defend your actions to the vulnerable website or vendor before embarking on any automated or semi-automated activity that the organization might reasonably misconstrue as a cyberattack. In other words, try as best you can to minimize the potential harm to the vulnerable site or vendor in question, and don’t go further than you need to prove your point.
Eighty-one percent of organizations told Gartner they have a multi-cloud strategy. As more organizations subscribe to cloud offerings for everything from hosted data centers to enterprise applications, the topology of the typical IT environment grows increasingly complex.
Now add the proliferation of hybrid work environments, the rapid ascendance of Internet of Things (IoT) devices, and an increasingly sophisticated and malicious cyber threat landscape, and it becomes immediately clear that protecting the integrity of your IT ecosystem is now a next-level problem.
In an unpredictable world, organizations everywhere are investing in initiatives that will infuse resilience into every aspect of their business, from finance to supply chains. To protect those investments, we believe they also need to invest in security resilience — the ability to protect your business against threats and disruption, and to respond to changes confidently so you can emerge even stronger.
This requires a next-level solution.
That’s why we’re building the Cisco Security Cloud — a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. This cloud-native service is aimed at helping you protect users, devices and applications across your entire ecosystem. It will be a comprehensive, integrated set of services designed to scale with your business.
The Cisco Security Cloud will directly address these challenges by bringing together the depth and breadth of the Cisco security portfolio, and is:
We have been on this journey for years. We at Cisco Secure have been delivering key components of this security cloud, and those solutions already protect 840,000 networks, 67 million mailboxes and 87 million endpoints for customers the world over.
And today at the RSA Conference, we’re taking the next step by announcing our latest innovations addressing four key areas:
Today we are announcing Cisco’s turnkey Secure Access Service Edge (SASE) offering, Cisco+ Secure Connect Now, to simplify how organizations connect and protect users, devices, data, and applications, anywhere. Built on the Meraki platform, and available as a subscription, it unifies security and networking operations, as well as client connectivity and visibility into a single cloud-native solution, that can be set up in minutes.
Cisco is continuing to build out continuous trusted access solutions that that constantly verify user and device identity, device posture, vulnerabilities, and indicators of compromise. To evaluate risk after authentication, location information is critical, but we think GPS data is too intrusive. So today we are introducing a new patent-pending Wi-Fi Fingerprint capability (available in Public Preview this summer) to understand user location without compromising location privacy. We are also announcing new Session Trust Analysis capabilities to evaluate risk after login by using open standards for shared signals and events. We will unveil the first integration of this technology with a demo of Duo MFA and Box this week.
As organizations become more interconnected as ecosystems, and attacks become more sophisticated and personalized, it is no longer adequate to evaluate risk and threats generically across the industry. Organizations need deeper levels of advice and expertise. We are excited to launch the new Talos Intelligence On-Demand service, available now, offering custom research on the threat landscape unique to each organization. Talos Intelligence on Demand can assist with custom research, and brief our customers on the unique risks, threats, and mitigation strategies for their organizations.
Simplification is critical to driving better security efficacy. To that end, we are excited to announce the new Cisco Secure Client (available this summer), combining AnyConnect, Secure Endpoint, and Umbrella, to simplify how administrators and users manage endpoints. This follows the launch of the new cloud-delivered Secure Firewall Management Center, which unifies management for both cloud and on-premise firewalls.
There is more work to be done, of course, and today’s announcements at the RSA Conference are the latest advances in support of this vision. We will continue working on all aspects of the Security Cloud to improve our customers’ security resilience in the face of unprecedented change and increasing threats. Because next-level problems deserve next-level solutions.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
If your PC runs on Windows 10, you’re in very good company. The Microsoft operating system is the most widely used OS in the world. Many Windows 10 users have also been upgraded to Windows 11 through a rollout that began in 2021. Microsoft plans to complete the Windows update by mid-2022.
Unfortunately, its success as a widely used operating system makes Windows attractive to hackers. And if malicious software like malware can make a home in Windows, there are a lot of targets. So, this might raise the question of how best to protect your Windows 10 or 11 device.
Should you just use Windows Defender — Microsoft’s free version of antivirus software — or buy additional protection?
Read on to learn what Microsoft Defender covers and how additional virus protection can secure all of your connected devices.
For years, Microsoft has offered anti-malware protection, but the current version provides effective security against viruses. Windows Defender is a free antivirus tool that’s built into the Windows operating system.
While it’s considered one of the best free antivirus software programs, it doesn’t have any extra features that might come with paid security software. If you’re just looking for good antivirus software, though, Windows Defender can get the job done.
If you’re not using third-party antivirus protection, you’ll want to make sure that your Windows Defender antivirus coverage is working on your computer. Here’s how to check:
To make sure your Windows security is running, follow these steps:
With built-in coverage, you may wonder if you should invest in paid antivirus software. The answer is, of course, yes! It can be a good idea to get another antivirus solution because blocking malware and viruses should just be one part of your threat protection.
Today’s cybercriminals are using elaborate ruses to try to access your personal information, such as your bank and credit card numbers. And some of their scams might even target your devices with risky apps or links on social media.
As they always say, it’s better to be safe than sorry! Having another antivirus program can make sure you have real-time protection and access to the latest security features.
There are a lot of antivirus protection programs out there, but they aren’t all created equal. When looking for the best antivirus software for your needs, here are some things to consider for your devices running on Windows 10 or 11.
If you have a Windows PC, use an iPhone, and your tablet runs on Chrome, it helps to have an antivirus app that works across multiple operating systems. The good news is that McAfee Total Protection is compatible with Windows, Mac, iOS, and Android devices, so you can continue enjoying all of your different devices without losing protection.
For greater cybersecurity, antivirus software should defend against a variety of online threats like viruses, spyware, and ransomware. And that’s exactly what you get with McAfee Total Protection. Our antivirus software can also help you avoid phishing attacks, which are fake messages to trick you into providing information or clicking a malicious link. The software will give you a warning when it recognizes a risky link, website, or file.
Functionality is another thing you’ll want to consider when looking for antivirus software. If the program isn’t easy to use to begin with — especially if you want to easily manage multiple devices — what good will it do you?
But you don’t have to worry with McAfee Total Protection, which allows you to connect and manage all of your computers and mobile devices from one single dashboard.
To keep your devices free from online threats like malware, good antivirus software will scan your files for threats. McAfee Total Protection provides 24/7 protection with real-time, on-demand, and scheduled scanning of files and applications.
McAfee Total Protection was developed with an understanding of how cybercriminals operate. Scammers may use a variety of tactics to try to steal your personal information, so our all-in-one protection also includes:
Using Microsoft’s built-in antivirus software can protect your Windows devices from viruses and malware. But to really keep your network and all of your devices secure, it’s good to rely on comprehensive protection like McAfee Total Protection. With services like identity monitoring, safe browsing, and a secure VPN, you can enjoy the internet without worry.
The post Does Windows 10 or 11 Need Antivirus Software? appeared first on McAfee Blog.
Security that is hard to deploy and complex to manage needs to become a distant memory if businesses are to be resilient through times of uncertainty. Even something as critical as a firewall, the sentinel in the security stack, can often require a lengthy setup, ongoing maintenance, and disjointed management. Over the long run, these additional costs accrue and can have a negative impact on security programs. When budgets are constrained, these effects can be exacerbated and become a barrier to providing the level of security organizations need to protect the integrity of their business.
At Cisco we have a rich history overcoming this challenge with Cisco Secure Firewall. Forrester Consulting recently conducted an independent analysis of organizations using Secure Firewall. The study showed that customers realized a 195% in total ROI when managing their firewall fleet through Cisco Secure Firewall Management Center (FMC). Improvements to security workflows through the FMC, which include deploying, managing, and updating policy, were the largest contributing factor to the tune of $18.6 million in total benefits achieved. The Forrester study states that “organizations reduced network operation work streams by up to 95%. Thanks to the latest features of Cisco Secure Firewall and the ease of management via Firewall Management Center.”
We are not done. Today we boost productivity even further, with the new cloud-delivered version of FMC within the Cisco Defense Orchestrator (CDO) platform. This leap brings all the features from FMC into the cloud and consolidates firewall management. Organizations save time, increase security, and gain a positive ROI. With cloud-delivered FMC, manually managing updates is a thing of the past. An agile delivery of updates is built in to ensure uptime, so you can focus on your most important priorities — protecting the integrity of the business with increased firewall capabilities. The CDO platform unifies the lifecycle of policy management across multiple Cisco security solutions in our cloud. By bringing the FMC experience directly into CDO, end users enjoy the same look, functionality, and workflow as on-premises and virtual versions of Firewall Management Center. Without the usual learning curve within a new “experience,” migration to the cloud is simplified. Organizations can now propel cloud-first strategies and enable the rapid delivery of firewall services no matter where your network may roam.
“Moving FMC into CDO isn’t just about cost savings for today and powering security resilience with flexibility and choice. We are also putting a firm foot into the near future for SASE and achieving unified policy across the multienvironment IT.”– Justin Buchanan, Sr. Director Product Management, Cisco Secure
Traditionally, customers have deployed FMC as a physical or virtual appliance. Now in addition to cost savings, security resilience is driving an increased need for hybrid multicloud deployments. Leveraging public cloud infrastructures, organizations are becoming more cost efficient — cloud-delivered applications reduce change management and operational overhead. But they are also ensuring organizations have the agility required to deploy network security workloads where and how they want to remain agile and adapt to uncertainty.
Hybrid work and business continuity is made possible within the CDO platform. A cloud-based and centralized platform unifies firewall management across the Cisco Secure and Meraki portfolio and provides the foundation to unify policy across the distributed network all within a platform that is built to drive increased ROI and preserve the user experience. IT can control and manage firewall policy from anywhere along with a low-touch provisioning and onboarding process for branch and firewall deployments. The cloud-delivered FMC integrates with Cisco Secure Analytics & Logging, and, as a result, enhanced data retention and meeting stringent compliance requirements has never been easier. Whether you are part of a smaller organization or a larger enterprise, you control how many Cisco Secure Firewalls are managed through the cloud-delivered FMC, and easily scale that number. So, when it comes to simplicity at scale, CDO is your answer.
To learn more about Cisco Secure Firewall Management Center, visit our product page and read the entire Forrester report here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 