Tuesday, July 28, 2020

Cyber Threats 2020

The Workers' Compensation Hotseat will address cybersecurity in "Cybersecurity Threats: What You Can't See Can Hurt You." Registration is now open for this 08/06/20 12:00 PM webinar. In the planning stages for this one, there was anticipation of the Workers' Compensation Institute's annual Workers' Compensation Educational Conference (WCEC) in August. That was to include a cybersecurity program of epic magnitude, with an eye to IT professionals and to us common business folk who need both awareness and preparedness.  

The WCEC has been postponed until 2021, but the Cybersecurity Forum 2020 will be September 15-17 via Internet. It is recommended for all. We announced cybersecurity as an issue for 2020, see Cybersecurity 2020 (November 2019), Cybersecurity, 2020's Hot Topic (January 2020), and Cybersecurity 2020 Again (April 2020). Suffice it to say that this is an important topic, a personal and professional threat, and should be of concern to us all. 


"The hits just keep coming." I have a vague recollection of hearing that on the radio years ago, perhaps from Casey Kasem, American Bandstand, or some similar venue. Of course, the phrase is a touch point in movies like The Boondock Saints and A Few Good Men. I have heard it uttered by lawyers in earnest, jest, and sarcasm. It has become a reference to a difficult position in which one feels that the piling on continues. 

The phrase came to me recently as I noticed interesting articles in the news. The New York Times announced A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam. Like you, I immediately thought of Kimberly George, Bob Wilson, and Rafael Gonzalez. These are among the Twitter VIPs in our world. Thankfully none of these high-profile industry scions was actually hacked, it was just a bunch of people I don't know (who is this fellow Kanye anyway?). Whew!

As that story developed, however, more came to light. The fact that Twitter accounts were breached and hacked was troubling. That money was stolen through trickery and deceit was troubling. Perhaps we are all becoming a bit too calloused to the next announcement of computer-related thievery and tomfoolery? But, then the other shoe dropped. 

The "Attackers" according to Twitter (reported by National Public Radio, NPR) accomplished their trickery and deceit by "manipulat(ing) a small number of (Twitter) employees." By using those individuals on the inside of Twitter, the "attackers" were able to breach security and undertake theft and deceit. They stole data, changed user passwords, and sent tweets. They successfully duped a tech-savvy, security-focused, social media empire. NPR reported that Twitter thereafter admitted, "we're embarrassed." One might find that an understatement. 

Like many malware attacks, the failure at Twitter came through the actions of humans. Do you have any humans working at your business?

Another story also made the news recently. This one involves a Chinese bank that requires tax payments to be processed using particular software. Fox Business reports that a "new type of malware, which they called 'GoldenSpy,'” is part of this software. It has the ability to “conduct remote code execution and exfiltration activities on the victim’s network” (meaning it can cause your computer to undertake activities and can send your data to others). An infected software you are forced to use?

This is not the first time we have learned of technology designed for nefarious purposes. Hardwired Hacking discussed that potential in November 2018. Coincidentally, the allegations there were also associated with a Chinese company. There, chips included in large computers were allegedly capable of quietly and persistently sharing data without the user's knowledge. 

There are a variety of hackers out there in cyberspace. One of the more notorious recently surfaced again in a disabling of GPS and personal fitness programs offered by Garmin. According to the Daily Mail, programs were interrupted for about five days through malwear in an attempt to extort ransom. The article explains, in a new twist, that because the alleged hackers in this instance are the subject of U.S. sanctions, paying a ransom could be a violation of those sanctions. The victim company essentially runs a risk of regulatory difficulties if it gives in and pays the ransom. 

Data breaches have affected law firms, doctor's offices, and many other small businesses. These stories illustrate that illegal activity can impact a business, its customers, or its subscribers. There is the potential for illicit attacks to affect other businesses that are interacting with the target as well, which has been seen in multiple attack situations in which hackers gained access to large data holders such as Target through an ancillary source

Thus, your network is only as secure as you and your connections make it. You may be a target, or be affected because of your connection to a target. You could experience the unavailability of your Fitbit, or perhaps your own Fitbit might become a passive carrier of someone's bad actions. There are a multitude of various impacts that hackers and malware could have for you, your business, and your customers. And, through it all, there is the risk of direct financial loss or even liability to your connections. 

The fact is, that hacking and data theft are lucrative. We know that because the theft and attacks continue. Are you ready to confront the challenges? Will you be proactive now or wait until your data, or that of a client, is compromised? With the upcoming Hotseat (register here) and WCI Forum, you have the chance to learn how much you do not know about technology. You can evaluate the risk to your livelihood. Make plans to tune in for these exceptional education opportunities.