Login
Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.
One reader’s copy of their Equifax Breach Settlement letter. They received a check for $6.97.
In 2017, Equifax disclosed a massive, extended data breach that led to the theft of Social Security Numbers, dates of birth, addresses and other personal information on nearly 150 million people. Following a public breach response perhaps best described as a giant dumpster fire, the big-three consumer credit reporting bureau was quickly hit with nearly two dozen class-action lawsuits.
In exchange for resolving all outstanding class action claims against it, Equifax in 2019 agreed to a settlement that includes up to $425 million to help people affected by the breach.
Affected consumers were eligible to apply for at least three years of credit monitoring via all three major bureaus simultaneously, including Equifax, Experian and TransUnion. Or, if you didn’t want to take advantage of the credit monitoring offers, you could opt for a cash payment of up to $125.
The settlement also offered reimbursement for the time you may have spent remedying identity theft or misuse of your personal information caused by the breach, or purchasing credit monitoring or credit reports. This was capped at 20 total hours at $25 per hour ($500), with total cash reimbursement payments not to exceed $20,000 per consumer.
Those who did file a claim probably started receiving emails or other communications earlier this year from the Equifax Breach Settlement Fund, which has been messaging class participants about methods of collecting their payments.
How much each recipient receives appears to vary quite a bit, but probably most people will have earned a payment on the smaller end of that $125 scale — like less than $10. Those who received higher amounts likely spent more time documenting actual losses and/or explaining how the breach affected them personally.
So far this week, KrebsOnSecurity has received at least 20 messages from readers seeking more information about these notices. Some readers shared copies of letters they got in the mail along with a paper check from the Equifax Breach Settlement Fund (see screenshot above).
Others said they got emails from the Equifax Breach Settlement domain that looked like an animated greeting card offering instructions on how to redeem a virtual prepaid card.
If you received one of these settlement emails and are wary about clicking the included links (good for you, by the way), copy the redemption code and paste it into the search box at myprepaidcenter.com/redeem. Successfully completing the card application requires accepting a prepaid MasterCard agreement (PDF).
The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number.
But be aware that phishers and other scammers are likely to take advantage of increased public awareness of the payouts to snooker people. Tim Helming, security evangelist at DomainTools.com, today flagged several new domains that mimic the name of the real Equifax Breach Settlement website and do not appear to be defensively registered by Equifax, including equifaxbreechsettlement[.]com, equifaxbreachsettlementbreach[.]com, and equifaxsettlements[.]co.
In February 2020, the U.S. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.
Equifax surpassed Wall Street’s expectations in its most recent quarterly earnings: The company reported revenues of $1.24 billion for the quarter ending September 2022.
Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit.
Americans currently have no legal right to opt out of this data collection and trade. But you can and also should freeze your credit, which by the way can make your credit profile less profitable for companies like Equifax — because they make money every time some potential creditor wants a peek inside your financial life. Also, it’s probably a good idea to freeze the credit of your children and/or dependents as well. It’s free on both counts.
Learning environments are not what they used to be, and as educational institutions deploy new technology to facilitate a safe and effective remote learning environment, their cyber vulnerabilities also increase. Canadian schools especially have seen a rise in ransomware attacks with the transition to online learning, opening the door for hackers to exploit student data and sabotage academic research. To combat the rising cybersecurity concerns, educators need to implement new measures to uphold secure and efficient distance learning environments without allowing student data and privacy to hang in the balance.
Limiting disruptions remains a high priority for educators as they discover how to manage their remote classrooms. Although many teachers are familiar with supplemental technologies such as tablets and online programs, it’s another matter entirely to be completely dependent on them to support a fully virtual classroom. When investing in online learning tools, educational institutions should not allow their concern for efficiency to overshadow an equally important requirement: safety.
The education sector has seen its fair share of cybersecurity attacks since the widespread shift to remote classrooms. According to Microsoft, the global education industry has the most malware attacks, even more than prominent industries such as business, finance, and healthcare. K-12 schools especially have experienced an uptick in ransomware and Distributed Denial of Service (DDoS). Many Canadian schools are experiencing cyber security incidents, damaging the integrity of their student data and privacy. With hackers consistently seeking to take advantage of the vulnerabilities in new technology, this prompts further discussion into why education is such a highly targeted industry.
The rapid shift to remote learning is an obvious culprit for the increasing threat level, but higher education institutions were already vulnerable before the pandemic. Many students simply lack the proper security awareness when using their online devices. In Morphisec’s CyberSecurity Threat Index, more than 30% of higher education breaches were caused by students falling victim to email scams, misusing social media, or other careless online activities. Budgetary constraints are also to blame for increasing online attacks, as many schools lack adequate funding to support a robust cybersecurity infrastructure. Cybercriminals recognize the vast amount of student data that schools have on record, and this incentivizes them further to infiltrate their systems.
Many of the new remote learning technologies introduced during the pandemic have exposed the risks associated with a lack of stringent security measures. For example, until recently, Agora’s video conferencing software exhibited a vulnerability that would have allowed hackers to spy on video and audio calls. With a growing number of students accessing remote learning technologies through their schools’ networks, it’s especially critical for schools to re-evaluate their security protocols to safeguard their students.
Schools at all levels need to proactively secure their digital technologies and safeguard their students’ data integrity. With the right approach, students and educators can mitigate the risks of cyber threats. Here are four critical cybersecurity steps that schools should take immediately:
It only takes one person to allow a hacker to infiltrate a school system. Digital security training is a must to ensure that students and faculty can recognize and take the appropriate action for suspicious activities like phishing emails. For example, a common cyber threat is when hackers pose as school officials asking for important information such as tax information or identification information.
Since many of the learning technologies on the market are new to students and staff, it’s especially critical to understand the implications of a security breach and the necessary steps to mitigate risks.
2.User Access Control
The principle of “least privilege” can also help avoid a cyber attack. This principle only allows users access to data and systems on a need-to-know basis and can mitigate data breaches that occur via unauthorized or unnecessary access. Hackers often try to infiltrate lower-level devices and accounts as a way to gain access to higher-value accounts and systems. Schools can take action by optimizing a list of what users have access to, which functions they have access to, and why. Ensuring that users have access to only what they need will limit attacks to smaller areas of the system and help protect the security ecosystem as a whole.
An often overlooked but critical cybersecurity protocol is having a robust password management policy. These policies must also be in accordance with provincial and territorial legislation, which set guidelines and rules that govern how students and faculty use their devices and online learning technologies. Password management policies that encourage strong passwords and multi-factor authentication are essential to prevent password sharing and unrestricted access.
Third-party technology vendors have become an integral component of distance learning, but they are also a vulnerability. Educational institutions need to ensure that they are properly managing their technology vendors so their students’ safety is prioritized above all else. Undergoing a thorough vetting process to evaluate third-party technology, as well as vendors’ terms and conditions, will help identify any security gaps that can create greater issues down the road.
The ascendance of distance learning during the pandemic has given educators, students, and parents new insights into both the opportunities and challenges of not being in a physical classroom. One of the most critical is the importance of creating safe and secure virtual environments to ensure that students are safe. Despite the benefits that education technology provides, without proper training or technical safeguards in place, schools and students are left vulnerable to the dangers of external threats. By enhancing awareness of cyber threats and implementing a strong security strategy, educators and parents can start creating safer learning environments for students to thrive.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Prioritizing Security in a Remote Learning Environment appeared first on McAfee Blogs.
Distance and hybrid learning environments are now the norm, and it remains to be seen if or when this will change. To adapt, many schools have adopted new software to support remote classroom management.
One such platform is Netop Vision Pro, a student monitoring system that helps teachers facilitate remote learning. The software allows teachers to perform tasks remotely on students’ computers, such as locking their devices, blocking web access, remotely controlling their desktops, running applications, and sharing documents. However, the McAfee Advanced Threat Research (ATR) team recently discovered multiple vulnerabilities with Netop Vision Pro that could be exploited by a hacker to gain full control over students’ computers.
Let’s dive into these vulnerabilities and unpack how you can help protect your students in the virtual classroom.
Just like a school science project, our researchers created a simulation to test their hypothesis regarding the potential software bugs. The McAfee ATR team set up the Netop software to mimic a virtual classroom with four devices on a local network. Three devices were appointed as students, and one was designated as the teacher. During the setup, the team noticed that there were different permission levels between student profiles and teacher profiles. They decided to see what would happen if they targeted a student profile, since this would likely be the avenue a hacker would take since they could cause more damage. With their experiment set up, it was time for our researchers to get inside the mind of a cybercriminal.
While observing the virtual classroom, the ATR team discovered that all network traffic — including sensitive information like Windows credentials — was unencrypted with no option to turn encryption on during configuration. They also noticed that a student connecting to a classroom would unknowingly begin sending screenshots to the teacher.
Furthermore, the ATR team noticed that teachers would send students a network packet (a small segment of internet data) prompting them to connect to the classroom. With this information, the team was able to disguise themselves as a teacher by modifying their code. From there, they explored how a hacker could take advantage of the compromised connection.
The McAfee ATR team turned their attention to Netop Vision Pro’s chat function, which allows teachers to send messages or files to a student’s computer, as well as delete files. Any files sent by a teacher are stored in a “work directory,” which the student can open from an instant message (IM) window. Based on the team’s discovery that a hacker could disguise themselves as a teacher, it became clear that hackers could also use this functionality to overwrite existing files or entice an unsuspecting student to click on a malicious file.
Of course, remote learning software is necessary right now to ensure that our children stay on top of their studies. However, it’s important that we educate ourselves on these platforms to help protect our students’ privacy. While the Netop Vision Pro student screen shares may seem like a viable option for holding students accountable in the virtual classroom, it could allow a hacker to spy on the contents of the students’ devices. While the functionality allows teachers to monitor their students in real-time, it also puts their privacy at risk.
If a hacker is able to impersonate a teacher with modified code, they could also send malicious files that contain malware or other phishing links to a student’s computer. Netop Vision Pro student profiles also broadcast their presence on the network every few seconds, allowing an attacker to scale their attacks to an entire school system.
Finally, if a hacker is able to gain full control over all target systems using the vulnerable software, they can equally bridge the gap from a virtual attack to the physical environment. The hacker could enable webcams and microphones on the target system, allowing them to physically observe your child and their surrounding environment.
Our researchers reported all vulnerabilities discovered to Netop and heard back from the company shortly after. In the latest software release 9.7.2, Netop has addressed many of the issues the McAfee ATR team discovered. Students can no longer overwrite system files, which could be used take control of the student machine. Additionally, Windows credentials are now encrypted when being sent over the network. Netop also told McAfee that they have plans to implement full network encryption in a future update, which will prevent an attacker from easily monitoring student’s screens and prevent them from being able to emulate a teacher.
While Netop works to remedy these issues internally, there are some critical steps parents can take to help protect and empower your children in the virtual classroom. Check out the following tips to bring you and your family peace of mind while using third-party education platforms:
If your student is required to use Netop Vision Pro or other third-party software while distance learning, have them use this technology on a device strictly used for educational purposes. If the software contains any bugs, this prevents other important accounts used for online banking, emails, remote work, etc. from becoming vulnerable to the software risks.
It’s important to keep in mind that Netop Vision Pro was never intended to be internet-facing or taken off a school network. Let’s look at this scenario through the eyes of a hacker: they will likely try to take advantage of these vulnerabilities by delivering a malicious payload (parts of cyberattacks that can cause harm) or phishing attempts. To protect your students from these threats, utilize a comprehensive security solution like McAfee® Total Protection, which helps defend your entire family from the latest threats and malware while providing safe web browsing.
Educators want to keep their students’ best interest and safety in mind, so talk to your child’s teacher or principal if you ever have concerns regarding the software they are using for distance learning. If your student is required to use Netop, ensure that the teacher or principal is aware of the vulnerabilities listed above so they can be sure to administer the necessary software updates to keep your child and their classmates safe.
A simple yet affective way to prevent hackers from spying on you and your family is to use a webcam cover for when class is not in session. Instruct your student to place a cover over their camera when they are not using it to bring you and your student greater peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Keep Remote Classes Safe and in Session: What You Need to Know About Netop Vision Pro appeared first on McAfee Blogs.
FreshRSS 