Monthly Archives: May 2018

RISING SHIELD AGAINST RANSOMWARE ATTACKS



IN BRIEF: Both Atlanta’s network and Roseburg schools suffered with Ransomware attacks recently. These are two examples among many ransomware attacks facing organisations across the globe. This writing will provide three basics advise on how individual and organisations can fight against ransomware attacks.
--------------------------------------------

Early this year 2018, Secureworks published a report titled “SamSam Ransomware Campaigns,” which noted that the recent attacks involving SamSam have been opportunistic, lucrative and impacted a wide range of organizations.

On March 22 this year (2018), The city of Atlanta (GA) employees were ordered to turn off their computers to stop a virus from spreading through the network and encrypting data. A cybercriminal group demanded that the city pay it about $51,000 in bitcoins — a crypto currency that allows for anonymous transactions online.

Federal agents advise the city not to pay ransomware because paying will not be an assurance of the solution to the city’s problem – The city then refuses to pay ransom to cybercriminals.



Following the attack, the city hired Secureworks, a Dell subsidiary, who has emerged as an early authority on the cyber-criminal group, “Gold Lowell.” That group is being blamed for a rash of cyber-attacks involving a variant of SamSam, the type of ransomware that struck Atlanta.


The total cost of the attack has yet to be calculated. But emergency contracts posted on the city’s procurement website have a combined not-to-exceed amount of about $5 million – Said Chief Operating Officer, Richard Cox.

The City is ongoing recovery from a ransomware cyber-attack – the municipal court is the only department whose computers haven’t been brought back online. “We are in testing right now,” Cox said, adding that he expects them to be operational in about 10 days.


The other accident took place in ROSEBURG, Ore – The Roseburg Public School's computer system suffered a ransomware attack happened earlier this month, freezing access to the district's email system, website and business and accounting software.

District officials say employee information was not accessed, but they don't know how much data they'll be able to get back.

"They don't hold out a lot of hope that they will be able to prosecute them, and they made it very clear to us that they couldn't help us recover our data," said Gerry Washburn, the Roseburg Schools Superintendent.

The FBI advised the district not to pay the ransom to recover the data. The district regained access to its email this week and plans to have to website back up as early as next week.

The Federal Bureau of Investigation (FBI) is now investigating the incident.



ADVISE: IMPROVING CYBERSECURITY.

There are number of things one can put in place in the name of improving cybersecurity – I will emphasize on three among many as follows.

Regularly update your operating system

Your operating system or OS is central command for your desktop, laptop, or smartphone. It’s the Captain Kirk of your devices. Unsurprisingly, it’s a prime target for hackers. Access to your OS means cyberthieves “have the conn” to your computer. They can download, install, and otherwise exploit your workstations. Taking control is how hackers steal your data.

Regularly updating your OS applies critical security fixes to your Windows, Mac, or Linux software. Make your work life easier by setting up automatic updates to your OS. With this simple adjustment to your work habits, you’ll “boldly go where no one has gone before” with your cybersecurity skills.

Get antivirus software – From reputable sources.

You can do the most to protect your employer by installing antivirus software, which protects work devices from phishing emails, spyware, botnets, and other harmful malware. But first, talk to your employer about getting comprehensive cybersecurity solution. For your personal devices, consider getting your own antivirus software. Most major antivirus brands offer free downloads of basic plans.

Just like any of your work projects, cybersecurity is a team effort that needs everyone to contribute. These five cybersecurity tips for the workplace are just a jumping-off point for your overall improvement. You now have the basics covered. Expand your cybersecurity arsenal with additional cybersecurity tips and online resources. Make sure you’re doing your part and everyone at work will benefit



Back up your data regularly

Ransomware is on the rise, affecting businesses of every size and type. Enterprising cybercriminals hack into computers, encrypt the data inside, and hold it for ransom. It’s a lucrative practice that costs employers millions every year. But regularly backing up your employer’s data takes away the profit incentive.

Use both a physical and cloud-based drive for backups. If one drive is hacked, you’ll have the other available. Most backups to the cloud sync your data automatically and let you choose which folders to upload. Talk with your employer about which files need to be backed up and which can remain locally stored. Set up a regular maintenance schedule to review your backup plans.


MAABARA YA UCHUNGUZI WA MAKOSA YA DIGITALI



KWA UFUPI: Andiko hili litaangazia walau kwa mukhtasari mambo muhimu ya kuzingatia wakati wa kuanzisha/ Kujenga maabara ya uchunguzi wa makossa ya digitali itakayo weza kufanikisha uchunguzi wa makossa hayo.
-------------------------------------------

Maabara ya uchunguzi wa makossa ya digitali situ inahitajika katika ngazi ya kitaifa bali pia makampuni yanaweza kuwa nayo ili kuweza kutafuta majibu ya uhalifu mtandao unaoweza kujitokeza.

Mataifa mengi yamejielekeza kwenye kujenga na kuongezea nguvu/uwezo  maabara maalum za uchunguzi ma makossa ya digitali – Nilipata kuzungumzia kwenye andiko linalosomeka “EGYPT LAUNCHES NEWDIGITAL FORENSICS LAB”  hatua ya Nchi ya misri kuzindua maabara ya kisasa ya uchunguzi wa makossa ya digitali.


Hii ni kutokana na ukuaji wa ufanyikaji wa makossa hayo yanayo hitaji umakini wa hali ya juu kuweza kuyachunguza na kupata majibu stahiki. Swali kuu ni ufahamu kiasi gani wahusika wako nao wa kujua mambo yanayo takiwa kuzingatiwa wakati wa kuazisha maabara hizi?



Mambo yafuatayo ni kwa uchache tu kati ya mengi ya kuzingatia wakati wa kuanzisha maabara maalum yenye kazi ya uchunguzi wa kitaalam wa makossa ya digitali.

ENEO – Physical location: Umakini unahitajika wakati wa kuchagua eneo maabara hii malum itawekwa. Eneo lazima liwe karibu na huduma muhimu za dharura, uwepo wa umeme, eneo liwe na udhibiti wa kutoruhusu mtu yoyote kuingia kwenye maabara kirahisi.

Aidha, maabara ya uchunguzi wa makossa ya digitali inakua na sehemu mbili za kufanyia uchunguzi – Moja inakua imeunganishwa na mtandao, ambayo itatumika kufanyia tafiti mbali mbali na mambo mengine yatakayo hitaji mtandao; ya pili inakua haiunganishi na mtandao ambayo kimsingi ndio inatumika kufanyia uchunguzi wa makossa ya digitali.



Kadhalika, Lazima papatikane eneo la wazi ndani ambalo litatoa huduma ya mahojiano na washukiwa wakati wa uchunguzi na pia kutumika kwa ajili ya kufanya mijadala/vikao kwa wachunguzi.

USANIDI WA JUMLA – General configuration: Maabara inapaswa kua na Vifaa vinavyotumia kutunza umeme wakati wa dharura za kukatika umeme yaani UPS, huduma ya mtandao, program muhimu za kuwezesha uchunguzi (Software), maeneo salama ya kuhifadhi vielelezo (Safe locker), mashelfu ya kuhifadhia vifaa vingine pamoja na mashelfu ya kuweka vitabu vya rejea katika maabara.

Aidha, Vifaa kama computer ya uchunguzi (Forensics tower), Printa, nyaya (Cables) mbali mbali muhimu, drive za ziada (Additional hard drives), pamoja na vifaa/ nyenzo nyingine muhumu zitakazo weza kutoa msaada kulingana na aina ya uchunguzi maabara inafanya.


Programu Muhimu – Software:Maambara ya uchunguzi inatarajiwa kuwa na programu kama vile, Window OS,Linux / Unix / Mac OS X / iMac operating system, EnCase, FTK na program nyingine za kusaidia uchunguzi mfano R-drive, SafeBack na nyinginezo zitakazo weza kutoa msaada wa kupatikana majibu ya uchunguzi wa makossa ya digitali kilingana na ina ya uchunguzi unao tarajia kufanya.

Mapendekezo ya ulizi – Physical security:Inashauriwa maabara kua na mlango mmoja tu wa kuingilia na kutokea, kutokufunguliwa kwa madirisha ya maabara, kua na kitabu (Log book) / mfumo wa kugundua kila anaeingia katika maabara ikiwezekana papatikane mfumo/kifaa kitakacho weza kutoa tahadhari kwa atakae ingia kinyemela (intrusion alarm system).


Aidha, kabati (Locker) za kuhifadhia vidhibiti (evidences) zinapaswa kuwepo maeneo yasiyo ingilika kirahisi na wasio husika (restricted area, only accessible to lab personnel) na ungalizi wa karibu sanjari na kufunga makabati (Lockers) wakati hayatumiki.

FACEBOOK REMOVES MALICIOUS ACCOUNTS



IN BRIEF: Facebook Inc has removed several malicious accounts and pages that advertised and sold social security numbers, addresses, phone numbers, and alleged credit card numbers of dozens of people and it will continue to do it if so needed.
----------------------------------------

Facebook spokesman assured to remove Posts containing information like social security numbers or credit card information on Facebook when Facebook becomes aware of it.

Facebook has also deleted almost 120 private discussion groups of more than 300,000 members, after being alerted by a report from journalist Brian Krebs that the groups flagrantly promoted a host of illicit activities, including spamming, wire fraud, account takeovers, and phony tax refunds.

The biggest collection of groups banned were those promoting the sale and use of stolen credit and debit card accounts, and the next largest collection of groups included those facilitating takeovers for online accounts such Amazon, Google, Netflix, and PayPal.

A Google search still pulls up a few public Facebook posts that offer to sell personal details including credit card numbers.


Hackers have advertised databases of private information on the social platform and that Facebook has held stolen identities and social security numbers for years.

It is reported, at least some of the data in these posts appeared real and it was confirmed the first four digits of the social security numbers, names, addresses, and dates of birth for four people whose data appears in a post from July 2014.

Tech companies are under intense scrutiny about how they protect customer data after Facebook was embroiled in a huge scandal where millions of users’ data were improperly accessed by a political consultancy.

KEEP PERSONAL INFORMATION SAFE ON SOCIAL MEDIA


The big question most people asks – Who is responsible to protect one’s privacy? It should be known that everyone is responsible to protect his/her own privacy.

How do you do that? 
Treat the “about me” fields as optional.
Know the people you friend.
Become a master of privacy settings.
Create strong, private passwords.
Create and use an “off-limits” list.
Always log out when you’re done.
Limit/ deny access to third-part applications.
Get Alerts on Suspicious Activity. 




FACEBOOK F8 DEVELOPER CONFERENCE

It is shaping up to be the biggest Facebook event ever, with 5,000 developers flying in from around the world. They will hear exciting news about the company's plans to advance on many fronts, from artificial intelligence to virtual reality.

They'll also get the chance to interact with the senior team, and to find out how they can profit from this very powerful platform.


Last year, Mark Zuckerberg filled his F8 keynote speech with cool demos about augmented reality – This year's F8, he said he is going to share more about the work Facebook is doing to keep people safe, and to keep building services to help individuals connect in more meaningful ways.