Cybersecurity Climate Only Getting Worse

The heat is rising fast in the cybersecurity world. At a recent conference in Phoenix, AZ, we saw how the industry’s top hackers and defense experts team up to fight an ever-increasing number of invasion attempts from bad actors around the world. Visiting a cybersecurity war room really opened our eyes.

We were ushered into a huge room, full of screens that hackers and defenders used to monitor traffic. This link, which shows the origins of constant firewall attacks from all around the world, made a huge impression on me. The attacks were detected because they had an invalid format or invalid character. It meant that the hackers probably forgot to change the language they were using to launch the attack.

My takeaway is that if hackers get smarter or pay more attention to details, they can become more lethal. They can use AI (artificial intelligence) to eliminate the need to know English, and that’s scary. For example, as we saw, they can use Chat GPT to create malware with a specific task. It’s only going to get worse as we hit the holiday shopping season.

Helping a client deal with an email hack brought home all the dangers. They thought they had an email hack, which resulted in emails going to their contacts under the guise of coming from them about file sharing in Dropbox. They thought they had it fixed, but the same problem cropped up two weeks later. It had a link to click (always a danger sign when the recipient “trusts” the sender).

As we got into the process of fixing the hack, it involved an apple.com account with a reference to Dropbox. Our efforts were hampered by the difficulty we had getting into accounts to verify that the hackers were using Dropbox to launch bogus email.

Our client could have just ignored the problem, or they could have sent an email to their entire contact list to warn them not to open emails with the Dropbox reference. But my preference and theirs was to get to the root of the problem. You have to know where all the dots and connections are so that you can get ahead of the hackers and shut them out.

We can help you stay secure by auditing your cybersecurity practices and implementing programs to strengthen your defenses. Call us – 973-433-6676 – or email us to discuss your cybersecurity and gain more peace of mind.

Rule Your Email

We recently had to help a client resolve a rules-based email hack. It seems that hackers were able to change the rules in the email system to forward email to their own site and respond – and they could activate or deactivate the rule at will.

The problem showed up when our client’s clients were flooded with messages about sharing files. The client normally does share files – and so do we; it was the volume that grabbed their attention. Fortunately for everyone in this email chain, we were one of those who got caught up in the problem, and that helped us understand what was going on.

The hackers changed the rules for handling emails. They were able to intercept emails and then send new messages to the original senders with a request to share files. The requests, of course, looked like they were coming from our client. Sharing those files gave the hackers access to the computer systems of anyone who responded to that request.

We were able to go in and fix the rules that affected our client’s system. It wasn’t particularly difficult to do once we identified the problem. But what can you do solve the problem and/or prevent it? The answers won’t surprise you.

  1. Everyone who uses email should make sure you have strong, secure passwords for your email – and for your network, too. We find that in most cases, our clients who get hacked have simple passwords that are easy for hackers to figure out. So, the best thing you can do before anything else is to change your email password and make sure it’s strong – upper and lower case letters, numbers and special characters.
  2. Make sure your anti-virus and malware software is up to date and running
  3. If you see something that looks just the slightest bit out of order – different writing or phrasing or spelling mistakes – don’t click on a link. Don’t reply to the email, either. If you have a question, pick up the phone. Alexander Graham Bell invented the telephone in 1876, and the cell phone was introduced April 3, 1973. Telephones in any technology are proven to connect – and with rare exceptions, they’re private connections
  4. Forward the suspicious email to your IT provider. Those of us in the business share a lot of knowledge, and we have a good chance of determining if the request to share is legitimate or where there could be problems
  5. Call us to look at your email setup and see what rules might have been placed on your account without you knowing it. Even if you’ve changed your password, hackers still have ways of planting malware. We can see if you have malware or a virus and help you get rid of it.

In the final analysis, it’s up to you to rule your email inbox. We can help. Call us – 973-433-6676 – or mail us if you have any questions or need help.