November 12, 2017

Cyber Attacks & Ransomware: Is There No End?


It is hard to not worry about the safety of our inner-connected world. Malware, ransomware, hackers, phishing, trolls....the list of people and organizations who want to make our life difficult, dangerous, and expensive seems to grow as quickly as algae in a backyard swimming pool. On average, there are 244 new cyber threats a day. I am a humble example, as my post of a few months ago made clear when a hacker broke into my computer.

Your patient information from your health insurer, or financial details ripped from your credit card company are fair game. Disabling a hospital's admittance system for an entire country happened this past summer. And, don't even get me started on Equifax. Making money off my private information, giving me no way to "opt out," and then losing it all. Enough!

If you follow even the most basic of common sense steps, the odds of your home computer becoming someone else's to control are increasingly possible. Those who decided to hack into my computer found nothing of interest unless they love scrolling through tens of thousands of photos of our vacations. Passwords are not stored there, nor is any critical personal information. 

If someone held my files for ransom, I'd simply use that as an excuse to get a new computer. They'd never get a penny (or Bitcoin) from me. So, I assume the reason for all the malware stuffed into my system was to seize control of my computer and use it to send out attacks to others. Scary stuff.

That should really be one of our biggest concerns: that our computers can be used to infect others. My system (and yours) could be used to send out millions of e-mails in giant phishing waves or denial of service attacks on businesses or governments. We would be part of the problem, but completely oblivious. 

Personally, I  upgraded to a more secure router to add a little more protection. . I discontinued the automatic printer ink monitoring service offered by a certain company. Allowing them to enter my home system to read ink levels on a printer seemed too risky in today's environment. I change passwords on a regular basis. I added a new malware protection software program. Even so, I know I am not safe. Maybe changing to Apple products would help, but even Macs are now being hacked; read about the Fruitfly malware or realize that viruses can breach the Apple defenses. Own a computer and you are vulnerable.

Actually, my biggest fear is much more global. Everything in our daily lives is linked to computer systems. The news reports make it quite clear none of them is secure enough to stop a dedicated attack. The havoc that is possible if businesses or hospitals, air transport systems or government agencies are compromised is serious. 

What keeps me up at night is the very real likelihood of a successful breach of the systems that control our electric grids, water treatment plants, or oil pipelines. If (or when) this happens, we will have crossed the line from irritating, embarrassing, and expensive, to life-threatening.

There is absolutely nothing I can do about this type of attack on our way of life. I have to believe others, smarter than I, are dedicating serious time and effort to making these events stay where they belong: in a fiction novel. 

It is impossible to disconnect from our interconnected world. What I must do is be aware of what is happening, protect my little corner of the world the best that I can, and then lead my life as I choose. The benefits of having the Internet and all it brings still outweigh the risks.

What about you? Have you done anything to protect yourself as best you can? Have you altered how you use computers? What happens when you find out a company that holds your credit card info has been hacked? What was your reaction to the Equifax disaster? What can you do about it? 

This is one area where, literally, we are all in this together. Let's share and discuss.


Note: As I write this a new ransomware attack, Bad Rabbit, has targeted Russia, Ukraine, was well as other eastern European countries, Japan, and the U.S. There really is no end in sight.



22 comments:

  1. I agree. About the big picture..grids, stock markets, nuclear power plants etc. and sooner or later something will happen.
    I only have an iPad which I hear is a bit safer, but I'm not sure about that either.
    I stay villigant checking my bank accounts, credit cards etc. I don't use ATMs. I don't use debit cards.
    With Equifax, I did freezes on all three credit unions and am considering a monitoring system, but through AAA or my personal credit union I bank with not lifelock or the one offered by Equifax.
    I don't put passwords on my iPad. I don't answer phone calls from unknown numbers. If it's important, they'll leave a message.
    I don't respond to any pop ups about "I have a virus" or anything to do with my credit cards. I call the number on the back of my card. I always call the official number I have and not anything through an email.
    I also did a phone verify text request with a code for social security.
    But all in all, there's not much you can do, but be vigilant and check accounts often. I am amazed that our big corporations and the government do not have really secure foolproof systems. I would think it would be their top priority

    ReplyDelete
    Replies
    1. You are taking all the steps any of us could to help secure our personal data. The really scary problem is when a large company is hacked and our info is stolen and then used, maybe years from now. Stolen identity can take years to correct and make life a mess.

      Personally, I'd rather the government spent more on cyber security and less on pouring endless dollars into something like the 16 year long, no-win Afgan war. A trillion here, a trillion there...that's real money!

      Delete
    2. Agree, but war makes money for lots of people, unfortunately.....contractors, arms dealers etc.

      Delete
  2. Thanks, Bob, for expressing so well the concerns we should have about our internet security. Personally, I'm hoping that the Chromebook I now use, which has no internal hard-drive memory, helps prevent an invasion. Our VISA card has been hacked five times with bogus charges but our bank seems excellent at catching the events while notifying us about them and forcing us to change our cc accounts. We do the best we can without obsessing about the risk and we get an email/text for every use of our debit and charge cards.

    ReplyDelete
    Replies
    1. 5 times on the Visa card? Wow, that has to be quite annoying.

      That's a good point about the Chromebook. Without an internal hard drive there wouldn't be much to steal or use as a weapon against others.

      Delete
  3. To be honest, my online life is an open book. I take most of the basic steps with passwords, etc. but I don't think I could sleep at night if I let myself be stressed out by the possibilities. We were hit in the equifax debacle but no real harm was done, as far as we know. I feel sorry for these trolls who have no life other than trying to ruin complete strangers lives. It's really sad.
    b

    ReplyDelete
    Replies
    1. I did leave Facebook (again!) but that was less about security and more about my distaste with their openness to accepting money from those out to harm us or just plain evil people.

      Of course, I am still on Twitter which does the same thing, so go figure.

      Delete
    2. Funny because I am easing out of twitter altogether.

      Delete
  4. Important topic, Bob. I have taken several steps over the years which have helped me sleep a little better, despite the dangers.

    1. I froze my credit with all three credit companies. No one can open a credit account in my name without a PIN, which I keep in a secure location. It has not interfered with any of my financial transactions and I feel safer. Make sure your elderly relatives are protected also.

    2. I use Apple products. You are correct when you say they are not free from hacking, but Apple is very strict with the security of their operating systems and app developers when it comes to security. Like your networked print ink monitor, you can and should shut off some features that are convenient, but increase vulnerability. I also have two computers, one which is used for managing my financial and other sensitive information and with which I never "surf the web," or check email. I only visit secure websites with it, and only a handful of those. My other computer has no sensitive data stored on it and that is the machine I use to cruise the internet (like here).

    3. I use a VPN (Virtual Private Network) Many of these are available, ranging from free to 50 bucks a year or so and are installed simply on both desktop machines and phones. It allows two-way encryption of data when using wi-fi. I never use public wi-fi without my VPN turned on. It is better to never use public wi-fi at all and use your cell phone as an internet connection if you need one. My iPad has a cellular connection so I don't need to use public wi-fi, but I still keep my VPN turned on.

    4. Back-up. I back up all of my data on my desktop and iphone. I use Apple's "Time Machine," which is included in the operating system and backs up my data every hour or so to an external hard drive. Other similar options are available for non-Apple users. I also backup my data once a month to an additional hard drive that I then disconnect from the machine. That way if I get compromised, I can restore from a "clean copy" later. I also pay $3.95 per month for an automatic back-up to a "cloud service," so if my computer and drives are stolen or destroyed I still have my data.

    5. I use a simple, inexpensive network traffic monitoring program ( I use "Little Snitch") that will monitor and block any unusual network activity (incoming or outgoing) on my computer until I give it permission to happen.

    6. Make sure your computer "Firewall" is turned on. I have been surprised by the number of my friends that are surfing the web with the firewall shut off. Sometimes installation of software requires that you shut it off during install, and I think many people forget to turn it back on. I check it at least once per week.

    Those are a sample of some of my actions. There are more, and I encourage everyone to visit some of the online sites that outline suggestions for increasing your security (with your VPN turned on, of course!)

    Good luck to everyone. It is a jungle out there!

    Rick In Oregon

    ReplyDelete
    Replies
    1. You are the second or third person who uses separate computers for financial work but no web surfing or email reading. I think that is a great idea. We have a laptop that gets very little use. It would be simple for me dedicate it to financial stuff only.

      I have added PIN verification to sites that offer it. With a one-time code sent to my cell phone when I want to access the site, that is an extra level of security I appreciate.

      I have two external backup drives but I keep them connected all the time. Your point #4 about having one of them disconnected except when updating is an idea I hadn't thought of but makes perfect sense. I do back up this blog to the Google Cloud on a very regular basis so I can restore it and not lose much.

      Delete
  5. My former employer didn't do anything to train us on how to avoid phishing attacks. Instead they just ran some security scan once a week that rarely found anything. There is a lot more companies can do to protect our data, but it seems to conflict with their profits or they just don't care.

    For myself I do not do any transactions with the smart phone. Public wifi security is non-existent and any signal sent thru the air can be jacked, even your car remote and garage door opener. On my PC a good router is essential and personally I run Linux. With a good backup I can reinstall my system and be back up and running in a few hours.

    ReplyDelete
    Replies
    1. I imagine most companies with any kind of critical data have become much more security aware because the headlines, but, I am sure smaller companies just can't afford more than the basics. Luckily, they are rarely the targets of serious hackers.

      Delete
  6. You asked the question Bob and the answer is: There is no end.

    I have security software, firewall, and use 2 step authentication whenever any vendor has it available. I do, however, keep my data and documents in the cloud and password protect any documents that have anything sensitive. I have to hope that the organizations that run these things (Apple and Microsoft are 2 big ones) know what they are doing but I don't kid myself that they can't be hacked. Would it be more secure if I kept everything on my local hard drives? Maybe but then they wouldn't be secure at all in the case of theft or if they were destroyed by fire (so I'd need to keep off-site copies that could also be stolen).

    Unless you go back to paper and pen there's only so much you can do. Plus the major attacks these days are through phishing where the computer user clicks accept on a link and activates the malware themselves. Do what you can to be careful, be wary of anything unsolicited, and understand that the benefits of computers and connectivity come with an inevitable cost. That applies to just about everything -- cars crash, houses have electrical fires, basements flood, but I still own a car, use electricity, and have piped running water in my house. Benefits and cost.

    ReplyDelete
    Replies
    1. How true: benefits and costs. The analysis strongly favors benefits but this is a constantly evolving battle. And, I agree with you that there is no end to this threat. The box has been opened and it will not be closed again, certainly not in our lifetime.

      Delete
  7. :). Keep cash. Use propane. Store food for winter (or summer in your case). Have a well. Board a horse in the back yard. Plant your own food. Live close to your family. Welcome to my Amish world! I am semi prepared for a grid failure- my son in law and son (both work different types of this industry) made sure of that. We monitor our bank accounts and brokerage accounts carefully- almost daily. We do not answer weird phone numbers or emails from people we do not know. We do use Facebook to communicate often, but never put anything financial on it. None of us use anything financial on our phones. It is never ending, might as well be plan for the worst and enjoy the best. Personally, I worry more about the crazy development of AI by unscrupulous people....and so do my family members.

    ReplyDelete
    Replies
    1. Driverless 18 wheel truck might keep me off the Interstates, too. That is truly scary.

      One thing about owning an RV...we had a "spare" self-contained home that could operate without being connected to the grid...a generator, water pump, propane, etc. Sometimes I think that was a mistake for exactly these reasons.

      Delete
  8. Beyond taking the usual precautions, I just hope enough other people worry about it, so I don't have to.

    ReplyDelete
    Replies
    1. Our worrying about it won't help. Our being vigilant might.

      Delete
  9. There is way too much worrying going on here. :)

    Yeah there are bad guys out there and we need to take reasonable care to prevent them from harming us, but to give all the advantages up that the Internet provides is not the answer. It is still more likely that you will be struck by lightning than seriously harmed by Internet hacks.

    ReplyDelete
    Replies
    1. I'm not sure that is true anymore. A hacker may not break into my life but by stealing all my personal data from someone else, it would feel like a lightening strike.

      Delete
  10. I do not have a home computer and I no longer have a smart phone...just a $20 Total Wireless flip phone, and I buy the $25 prepaid talk and text only each month. I access my facebook acct, and this website, during my break at work, on the library (which is located next door to my work) computer. I do not bank on line. I have a kid in college. I have a separate bank acct, that I physically take a check to, and put $25 a week in that acct which is connected to my only debit card. He can buy food at Aldi and get a little gas. Anything else he needs, he can work for....my debit card was hacked in Virginia, twice, last year (I have not been to Virginia since 2010) and that is why I do not have one for my main bank acct. I do not use an ATM. I do have auto draft for my car/house insurance, and for my mortgage, which makes me nervous, but the ins company and mortgage company insisted. I use a local bank for my mortgage, so I can run down the street if there is an issue (I am aware most folks cannot do this..my house has a mortgage that was $37,000. It is small, in a very small, rural, cheap (read poor) town. My mother, in 2000, was a victim of Identity theft. A person hit her car, intentionally, got her personal information from accident report, and opened accts. That person was caught and convicted. Our state now does not put everything on accident reports. I realize I am at the mercy of hackers regarding medical records. I have never bought anything on-line except for an airline ticket in 2011 (which I ultimately ended up not using). I only pay with a check for my car payment, food and stuff at Walmart (which they give it back to you) and Dollar General, and pay cash for everything else. I use the thrift store a lot. I have run into a major issue with a hotel before because I wanted to pay cash, and they wanted a debit card and my kid had the only debit card I have (and that bank acct did not have the money for a hotel room)...I realize I do not travel a lot, except a little for work and that is paid for by work, though, and this has not been a major deal to me. I do keep paper copies of everything. I do have six months of food storage of rice and beans, canned vegetables, and a solar oven. I keep a 14 day supply of fresh water that I rotate. My house is heavily shaded by large trees, and small, so even if the electric goes down, I can function. I live in the deep South so I am used to heat. If power went out in the winter in my all electric house, I have a thermal sleeping bag, rated to 10 degrees, and lots of thermals. This is the deep South, so I think I would be ok. We cannot prepare for everything. I drive a lil Toyota Yaris. I hope to be able to continue my uncomplicated life.

    ReplyDelete
    Replies
    1. I meant to say that Walmart gives you your check back.

      Delete

Inappropriate comments will be deleted