Boo! ๐ Halloween may not be here yet, but weโre kicking off the spooky vibes early! Donna and David dive into the eerie world of cybersecurity, where the tricks are plentiful, and the treats are hard to find. From scary ransomware attacks to the horrifying reality of business email compromises, the internet is scarier than a haunted house with no exit. Grab your digital pumpkin spice latte, because we’re about to unravel some terrifying myths that will make you think twice before you click on anything!
In this episode:
Halloween Comes Early This Year – Ep 478
Todayโs Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
Halloween Comes Early This Year
[06:45]When looking for topics for this week’s episode there were a few articles that were haunting enough to be saved for our Halloween episode. They show why weโre constantly on edge about cyber threats. When you are aware of what is happening every single day it is really hard to relax.
So this year we are doing an early Halloween episode!
5 Myths debunked in a single story
Fortinet confirms data breach after allegedly refusing to pay ransom | TechRadar
They had a ransomware attack and they decided not to pay. They say it was no big deal what was taken but the criminals are exposing the data as they had threatened.
- Myth #1 – Everything is in the cloud, so we donโt have to worry!
- Myth #2 – Azure and SharePoint are invincible!
- Myth #3 – AWS will keep us safe!
- Myth #4 – Companies always notify you of a breach!
- Myth #5 – Just refuse to pay the ransom!
The criminal element always says we can trust them to not release data when you pay the ransom. Yeah, honest criminals. But, even more concerning are the less than honest stories we tell ourselves and each other!
For only $20 they could have wreaked havoc on the entire internet
[18:22]For Just $20, Researchers Seize Part of Internet Infrastructure
This one is so very terrifying of how lucky we are researchers are the ones who found it instead of criminals!
This involves a WHOIS server which is like DNS but not. Hereโs the difference: DNS is like the phone book that connects you to a website, while WHOIS tells you who owns that website. You use the DNS server to ask where on the internet can I find helpmewithhipaa.com and go to our front door. You ask the WHOIS server who owns this property so you can get info on who lives there like the technical and administrative contacts , when did we buy it, how many years have we paid the rent in advance and who manages the property along with the same DNS information.
A lot of security tools use the WHOIS servers. For example, when there is a domain name that reports that it is very new there are extra checks that take place to determine it is legit. Another thing is when tools verify a domain name they may pull the contact info there and send an email for confirmation that it is legit.
What researchers learned was that the server that lists the property owners for mobile optimized sites using the .mobi domain names changed its address a few years ago. It was known as whois.dotmobiregistry.net but now changed its name to whois.nic.mobi. That has been years. You would think that is no big deal if it has been working all this time. But wait – thereโs more!
They found out that the original name ownership had expired and anyone could now buy it. They paid a whopping $20 to own whois.dotmobiregistry.net and set up a server to see what would happen. The internet systems are supposed to automatically update themselves when servers disappear to stop using them.
In a couple of hours they found over 76,000 unique IP addresses sending queries to the fake server! In about two days that number had blown up to over 2.5 million queries from 135,000 unique systems worldwide. Two days!
These were major domain registrars, websites, mail servers, even a government and military one along with a ton of universities from around the world. The worst part was even security sites were hitting the server and treating it like it was a trusted authority for information!
If someone had found this they would have been able to deliver so much malicious content around the world in a very short amount of time. They could have just hung out there and monitored traffic for a while and gotten themselves a treasure trove of information.
There were many more issues happening. They are so terrifying we arenโt even going to go through them.
How do you know when not to click? NEVER
[28:12]Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks
This one is the scariest one of all! Yes, worse than the other one because it is actively being used on a large scale by the criminals right now.
When you go to a website you send a request using HTTPS which means Hypertext Transfer Protocol Secure – you all know about typing it but it actually is a transport protocol you are asking the server to do for you. You think you just type that one line but there is really a lot that happens behind the scenes. Cybercriminals figured out how to hijack your web requests before you even see the page. Itโs like sending you to the right restaurant, but swapping out the food with something poisoned.
When you click a link in an email it goes to the legitimate website. But when it goes there it is asking that site to redirect to their bad site plus include your email address for the bad site to use.
That means you will click the link that is actually legit with a bunch of gibberish after it that you never do understand anyway. It will actually go to the legitimate site. But when it gets there the site will be told to automatically refresh itself and switch to another site. The malicious site pops up asking for your login credentials and your email address is already prefilled.
Seriously, never trust a link. If you want to be safe, type the website URL yourself. Think of it like avoiding dark alleysโjust take the main street. Plus MFA, 2FA, whatever you call it, just do it.
[35:14]Oh but then there is the story about the nasty new android threat that can steal your MFA codes but looks like a legit banking application. This Nasty Android Threat Can Steal Your 2FA Security Codes
Please donโt download apps unless you are sure they are legit! Even if an app promises the digital equivalent of free candy, rememberโitโs probably filled with malware, razor blades, and a splash of chemical weapons for fun. For now this one has been spreading in Asia and hit all the stan countries but it is growing.
With cybercriminals exploiting every vulnerability they can, sometimes it feels like our digital world is a ticking time bomb… And then something like this pops up, and you realize… ITโS ALIVE!!!
As we wrap up this spooky special, remember: the internet is a lot like Halloweenโitโs all fun and games until a data breach jumps out from behind the bushes! Whether it’s ransomware or those creepy phishing attempts, staying vigilant is your best defense against the things that go bump in the cyber-night. Remember: keep your security tight, your MFA on, and always check under the bed for lurking threats. Happy early Halloween, and may your digital life remain scare-free!
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
