It seems that everything relies on computers and the internet now — communication (email, cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system?
Cybersecurity involves protecting that information by preventing, detecting, and responding to attacks.
Protect Your Data - Back it Up
Businesses create and manage a large amount of data and electronic information. Some of that data is essential to daily operations and business survival. Vital information can be lost due to hacking, human error or hardware failure resulting in significant business disruption. Would you know what to do if your information technology stopped working? This is when having a plan for data backup and recovery will come in handy. To develop your data backup plan, you should:
Identify what data to backup;
Implement hardware and software procedures;
Schedule and conduct backups; and
Periodically check data to ensure it has been accurately backed up.
Data backup and recovery is an integral part of the business continuity planfor IT disaster preparedness. Data on network servers, wireless devices, laptop and desktop computers should be backed up along with hard copy records and other information. Tapes, cartridges and large capacity USB drives with integrated data backup software are effective means for business backup.
Taking steps to secure your business’ vital information is also a great way to increase community resilience in times of disaster. Follow @ERCG_info onTwitter [click here] for all things disaster preparedness!
Protecting your Personal Information with P4s$w0rds!
From email and banking to social media and mobile apps, the average user has a long list of passwords…and the list keeps getting longer. While keeping track of numerous account logins can be tedious, think of the implications if a cybercriminal gains access to your email, financial information, social security number, or even your medical records.
Passwords are the most common means of authentication in the cyber world, but if you don't make strong passwords or keep them confidential, they're almost as ineffective as not having any password at all.
Follow the tips below from the Stop.Think.Connect. Campaign to make your passwords stronger and help keep them secure:
Don't use words that can be found in any dictionary of any language; use a combination of upper and lowercase letters, numbers, and symbols.
Don't use passwords that are based on personal information or that can be easily accessed or guessed, i.e. birthday, names of pets, or favorite movies and books that can be found by a quick search on social networking sites.
Use passphrases ("Thispasswdis4myemail!") when you can and develop a mnemonic device for remembering complex passwords. If necessary, write down your password and store it in a safe place away from your computer.
Use different passwords for different accounts and be sure to change them regularly.
Update patches and antivirus software, do not install software from untrusted sources, and don’t visit dubious websites that might infect your computer to avoid malware that logs keystrokes.
Make sure account login pages use encryption including a URL that has a padlock icon and begins with "https:" instead of "http:". Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
Lookout for Online Deals—and Scams
Steals, deals, and bargain prices are becoming a part of the holiday season—and more and more people are going online to find them.
Cyber shopping provides a golden opportunity for scammers and spammers looking to take advantage of the higher than normal amount of people shopping online. Hackers use tactics like preying on popular keyword searches, such as “jewelry” or “flat screen TV,” to lure unsuspecting shoppers to malicious websites.
The Department of Homeland Security’s Stop.Think.Connect.™ Campaign offers the following tips to help safeguard your personal information and transactions throughout the holiday season:
Keep your computer, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.
Pay attention to website URLs. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Also look in the address box for the "s" in https:// before any transaction. That “s” tells you that the site is taking extra measures to help secure your information.
Beware of deals that sound too good to be true. Use caution when opening email attachments and do not follow unsolicited web links in email messages. Pay special attention to extremely low prices on hard-to-get items.
Use a credit card. There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection when using your debit card.
Keep a record of your order. Retain all documentation from the order in the event your purchase does not ship or if there are unauthorized charges on your bill.
Check your statements. Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.
Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise
The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.
FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.
Safety tips to protect your mobile device:
When purchasing a smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
Review and understand the permissions you are giving when you download applications.
Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
Be aware of applications that enable geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can also be used by malicious actors, raising concerns of assisting a possible stalker and/or burglaries.
Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime an application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
Smartphones require updates to run applications and firmware. If users neglect this, it increases the risk of having their device hacked or compromised.
Avoid clicking on or otherwise downloading software or links from unknown sources.
Use the same precautions on your mobile phone as you would on your computer when using the Internet.
If you have been a victim of an Internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov
IC3 2011 Internet Crime Report Released - More Than 300,000 Complaints of Online Criminal Activity Reported in 2011
The Internet Crime Complaint Center (IC3) today released the 2011 Internet Crime Report—an overview of the latest data and trends of online criminal activity. According to the report, 2011 marked the third year in a row that the IC3 received more than 300,000 complaints. The 314,246 complaints represent a 3.4 percent increase over 2010. The reported dollar loss was $485.3 million. As more Internet crimes are reported, IC3 can better assist law enforcement in the apprehension and prosecution of those responsible for perpetrating Internet crimes.
In 2011, IC3 received and processed, on average, more than 26,000 complaints per month. The most common complaints received in 2011 included FBI-related scams—schemes in which a criminal poses as the FBI to defraud victims—identity theft, and advance-fee fraud. The report also lists states with the top complaints, and provides loss and complaint statistics organized by state. It describes complaints by type, demographics, and state.
“This report is a testament to the work we do every day at IC3, which is ensuring our system is used to alert authorities of suspected criminal and civil violations,” said National White Collar Crime (NW3C) Center Director Don Brackman. “Each year we work to provide information that can link individuals and groups to these crimes for better outcomes and prosecution of cases.”
Acting Assistant Director of the FBI’s Cyber Division Michael Welch said, “Internet crime is a growing problem that affects computer users around the world and causes significant financial losses. The IC3 is an efficient mechanism for the public to report suspicious e-mail activity, fraudulent websites, and Internet crimes. These reports help law enforcement make connections between cases and identify criminals.”
IC3 is a partnership between the Federal Bureau of Investigation, the NW3C, and the Bureau of Justice Assistance. Since its start in 2000, IC3 has become a mainstay for victims reporting Internet crime and a way for law enforcement to be alerted of such crimes. IC3’s service to the law enforcement community includes federal, state, tribal, local, and international agencies that are combating Internet crime.
Malware Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections
Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms. Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product.
If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary while abroad.
Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office and promptly report it to the IC3’s website at www.IC3.gov.
The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.
How to Protect Your Computer
The same advice parents might deliver to young drivers on their first solo journey applies to everyone who wants to navigate safely online. A special agent in our Cyber Division offered the following:
- "Don't drive in bad neighborhoods."
- "If you don't lock your car, it's vulnerable; if you don't secure your computer, it's vulnerable."
- "Reduce your vulnerability, and you reduce the threat."
Below are some key steps to protecting your computer from intrusion:
- Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.
- Install or Update Your Antivirus Software:Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users' knowledge. Most types of antivirus software can be set up to update automatically.
- Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It's like buying groceries—shop where you trust.
- Keep Your Operating System Up to Date:Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
- Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don't know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.
- Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being "always on" renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker's connection—be it spyware or a botnet that employs your computer's resources to reach out to other unwitting users.