CloudOgre

844-OGRE-NOW

How Hackers Exploit Public Information to Impersonate Government Agencies

by

In the evolving landscape of cybercrime, hackers continuously refine their techniques to exploit vulnerabilities and deceive individuals. One particularly insidious method gaining traction involves the use of publicly available information to social engineer attacks, often by impersonating legitimate government agencies. This tactic preys on the inherent trust that individuals and businesses place in official institutions, making it alarmingly effective. A recent example includes hackers spoofing the United States Patent and Trademark Office (USPTO) telephone number to defraud patent applicants.

Understanding the Tactic

Social Engineering Defined

Social engineering attacks manipulate individuals into divulging confidential information or performing actions that compromise security. These attacks often involve psychological manipulation, leveraging human trust and the perceived legitimacy of the attacker’s identity.

The Role of Public Information

Hackers utilize publicly available information to craft convincing narratives. This information might include phone numbers, email addresses, and even details about ongoing transactions or processes. Government agencies, with their extensive online presence and numerous interactions with the public, are particularly vulnerable to such exploitation.

Case Study: USPTO Spoofing Scams

The Scam Unveiled

In recent incidents, hackers have been spoofing the USPTO’s telephone number to target patent applicants. These scammers call applicants, informing them that a fee related to their patent application did not go through. They then request payment via credit card or wire transfer to rectify the supposed issue. Given the importance and complexity of patent applications, many victims comply without hesitation.

Execution of the Scam

  1. Research and Preparation: Hackers gather detailed information about the USPTO and its interactions with patent applicants. This includes understanding the typical processes, timelines, and fee structures.
  2. Spoofing the Number: Using readily available tools, hackers spoof the USPTO’s official phone number, making the call appear legitimate on the recipient’s caller ID.
  3. Crafting the Narrative: During the call, scammers use industry-specific jargon and reference actual aspects of the patent application process. This makes the request for payment seem authentic and urgent.
  4. Extracting Payment: Victims, eager to resolve the issue and avoid delays in their patent process, provide their credit card information or wire funds directly to the scammers.

Preventive Measures

For Individuals and Businesses

  1. Verify Directly: Always verify requests for payments or sensitive information directly with the government agency using official contact information from their website.
  2. Be Skeptical of Urgency: Scammers often create a sense of urgency to bypass rational scrutiny. Take a moment to question the legitimacy of urgent requests.
  3. Educate and Train: Regular training on recognizing social engineering attacks can empower individuals to spot and avoid such scams.

For Government Agencies

  1. Public Awareness Campaigns: Agencies should proactively inform the public about common scams and how to recognize them.
  2. Enhanced Security Measures: Implementing more robust verification processes for sensitive transactions can help reduce the risk of fraud.
  3. Monitoring and Response: Actively monitor for signs of spoofing and other fraudulent activities, and respond swiftly to protect the public.

Conclusion

The exploitation of publicly available information by hackers to impersonate government agencies is a growing threat. By understanding the tactics used and implementing preventive measures, both individuals and institutions can better protect themselves against these sophisticated social engineering attacks. Remaining vigilant and informed is crucial in the ongoing battle against cybercrime.

When Cybersecurity gets Physical

by

Knuckle Up! Guard your space and be digitally safe 

Shoulder surfing is often overlooked. Pun intended!

Keeping safe digitally requires physical protections. The cloud is a physical place, servers in data centers, not some magical mist out in the ether. In fact, the physical nature of the cloud is so important that we provide low latency connections direct to cloud providers like AWS and Microsoft. Edge computing is bringing storage and processing closer to places where it’s needed much like CDN (Content Delivery Networks) and caching which brings content like webpages and videos to you faster.  

Data center location is not the only thing to be aware of in your cybersecurity strategy. Users are both your greatest ally and adversary. Keeping your end user aware of his or her surroundings and the impact it can have on organizational health is crucial. Making sure they know the impact of their safety on others including compliance is crucial. Leaving behind wallets, purses, and phones can expose sensitive company data which could be prevent through mindful awareness.  

Today, we discuss a lot about oversharing on social media because knowledge is power. Sharing on social media can give the bad guys the info they need to successfully commit a crime like a home break in when you’ve posted about your vacation. Shoulder surfing and tailgating are issues that are frequently overlooked and can have negative impacts like fines, reputational damage, and worse. In fact, the goal of Security Awareness Training is to highlight the little things and how impactful they can be, not to scare end users. Keeping folks safe in day to day life keeps business safe. 

Texting and Walking – Sounds silly but this is a big problem. Living in your phone leaves you vulnerable in the real world. Can you believe that in 2017 nearly 6,000 people died from texting and walking. This also makes you a potential target of would be wrongdoers, robbers, purse snatchers, etc. Making eye contact with a thief is one of the best deterrents from the crime. Walking on the other side of the street, repositioning your purse, tucking in your jewelry… all of those work but only if you’re paying enough attention to be aware of the potential threat.  

Screen Position & Voice Volume – Whether you’re talking too loudly on the phone while discussing sensitive data or have your screen positioned in a way that others can see, inadvertently exposing data is not cool! Have you ever heard your dentist speaking to another client or saw banking information on a screen that you shouldn’t be able to view? If you have, you’ve witnessed one of cybersecurity’s biggest party fouls. *When aging people tend to use larger font to see text and have the volume higher on phones during conversation. Just because you can’t see or hear it well doesn’t mean others can not. Basically, Yes! I can hear you when your phone isn’t on ‘speaker’ but the volume is all the way up… I hear it loud and clear and can make out every word without having superhuman hearing abilities.  

Image result for mantrap security
Use of Mantraps are crucial to restricting access to important areas.

Shoulder Surfing and Tailgating – Ever cheat on a test by looking over a classmate’s shoulder? Ever follow someone in the turnstile at the subway to get the 2-for1 special? These are prime examples of shoulder surfing and tailgating, giving unauthorized people access to data or areas they don’t have the permission to obtain. In data centers, government buildings, and other sensitive sites, mantraps are used to prevent tailgating by making sure only one person has access at a time. Sound proofing and sound masking helps muffle sounds so unauthorized users can’t hear sensitive data.  

Sound like overkill? Probably not if you knew the fines for not being compliant with HIPAA, DFS 500, SOX, SAE, etc. Those fines can absolutely crush a small business. Keeping files secured safely and backed up is just as important as someone being able to see a screen where sensitive information is displayed. I’m shocked how many banks, doctors, and dentist offices I walk by and can see information that I should not see. To report a violation or learn more about that process you can visit the Department of Health and Human Services.  

Three factor authentication requires something you know, something you have, and something you are. What you know can be a password. What you are can be biometric like a fingerprint or retina scan. What you have can be a key, fob, or phone. Passwords should always be complex and kept secret. Unless you’re in a James Bond movie carrying a suitcase handcuffed to your wrist, something you have and something you are should be kept separate. Together, these three can be used to not only secure files digitally but to secure locations like a data center or office.  

Be aware of your physical surroundings, whether planning out a data center strategy or walking to your car, it is important to be mindful of your environments including any possible threats. The old school methods are tried and true. Don’t let people into buildings that you don’t know. Make sure nobody is looking over your shoulder when you’re accessing sensitive information, in fact, don’t even do it unless you’re in a safe place   Be aware of your physical surroundings, whether planning out a data center strategy or walking to your car, it is important to be mindful of your environments including any possible threats. The old school methods are tried and true. Don’t let people into buildings that you don’t know. Make sure nobody is looking over your shoulder when you’re accessing sensitive information, in fact, don’t even do it unless you’re in a safe place   

Three Reasons To Consider Internet for Your WAN

by

When designing your multi site WAN, bandwidth is a powerful tool. The more you have available the better you are. Having access is the long pole in the tent. 

Circuits are composed of loops and ports so it’s important to know within what POPs carriers have their facilities, as well as, what company owns and operates the last mile access in the area. That’s not so hard when you have one or two sites but designing a network over a large domestic or international expanse increases that complexity exponentially.

7 Layers of the OSI Model
7 Layers of the OSI Model courtesy of Webopedia Angie Beal

Using layer 3… plain ole internet service… can be very cost effective, secure, and efficient if implemented and managed properly. Here are three reasons some of our customers have been moving away from older network design.

COST

Traditionally, point to point connections had distance sensitive pricing but that traditional TDM network has become flat. Peering agreements are an expense for carriers and that cost is built into your price of the internet circuit. Carriers don’t pay peering costs for layer 2 connections on their own network. That makes design via MAN segments a sound strategy for regionally clustered office deployments with latency sensitive requirements. Going layer 3 makes the carrier diversity a non-issue with TCO flattening out over time for less latency sensitive applications like voice and basic web conferencing.

SECURITY

Cloud based VPN concentrators from Azure, AWS, and Google Cloud are very effective at securing data. (Click here to learn more about AWS EC2 VPC limits) The availability of bandwidth makes cloud providers much more popular driving down the cost of functionality of all sorts with the *aaS service model more attractive than ever. Running your data through a cloud based VPN concentrator can be a cost effective way to securely flatten out your network. If you’re connecting market data terminals and exchanges we need to have a different conversation. Sure connecting via layer 1 or 2 is more secure but if that’s your concern, new compliance requirements will also ‘suggest’ you encrypt that data as well. Device Management platforms are sufficient for mobile data but that’s outside the gate. 

Transport vs Tunnel Mode Encryption
Transport vs Tunnel Mode Encryption

VOICE 

Back in the day people used T1s to connect offices together so their phones could communicate. That changeover to MPLS which allowed for quality of service for voice calls with lower latency than internet. Today thats basically unnecessary. There is so much bandwidth available that VoIP providers and customers just go over the internet. We host whole phone systems in the cloud… not just use a cloud based phone provider, now we can even put the whole phone system in AWS or Azure and connect via SIP trunks. This was seen as an impossibility as recently as within the current decade. Voip was a dirty word just a few years back now everyone wants a soft phone and hardly anyone picks up their desk phone.

In sum, the things you need to consider are your a) budget, your b) latency sensitive applications (voice being the most commonly used) along with their level of sensitivity, and c) your security requirements. With that said, the long pole in the tent is still access. Geography will impact your decisions at a level that is out of your control but within management. If you need help, you can always get an Ogre in your inbox to help provide guidance. Contact CloudOgre 

What is GPS Spoofing – Security Vulnerability Threatens Personal Safety

by


GPS Spoofing

 

GPS spoofing can probably make your self driving car go right off the cliff! What is GPS Spoofing? Its when the GPS information going to you device does not reflect your current location because its been hacked and given the wrong info. 

Picture you’re this, you’re at work in the middle of an important meeting and get a call from the landline at your house. You’re thinking, “how can this be?”. After all, you live alone and haven’t given anyone your landline number because you only got it because it came with your cable bundle. You answer the call and its a robocall from whatever the latest scam is. For a brief second that telephone number spoof caused chaos. 

 

Imagine if the spoof wasn’t focused on your phone and was instead focused on your GPS. The potential chaos is enormous. Whether redirecting customers to competitors, causing maritime traffic on shipping routes, accidents in self driving vehicles, or any of a wide variety of technology issues for systems reliant upon GPS. Today, more and more systems are reliant upon GPS and these are physical systems that dictate basic logistical functions so this is likely the to be the security vulnerability with the greatest danger to your physical well being. 

Back in July the Department of Homeland Security reported that our power grid had been infiltrated by state sponsored actors showing their advanced capabilities to gain access to  mission critical infrastructure systems. GPS Spoofing adds a new layer of danger. GPS receivers are able to access the Global Positioning System which uses DOD satellites to provide information. Those receivers are vulnerable to attack.

GPS Spoofing

The Wall Street Journal’s Adam Janofsky published an article yesterday claiming that with a $223 device, a team from Microsoft Research and the University of Electronic Science and Technology of China were able to redirect 40 drivers, sending them to destinations of the hacker’s choice. 95% of people followed the route to a place they did not want to go.

This ability, as you can imagine, that GPS Spoofing provides hackers doesn’t have an easy solution and hackers are continuing to develop their attacks as we patch vulnerabilities. The Department of Homeland Security has produced an unclassified document that shows organizations and individuals and organizations 22 specific recommendations to protect themselves from GPS Spoofing. 

Some of their recommendations are to obscure antennas, provide decoy antennas, introduce redundancy, practice good cyber hygiene, use whitelists, and enhance anti jam capabilities. The report is pretty in-depth and is recommended if you want to learn more information on GPS Spoofing.  

GPS Spoofing

GPS Spoofing

If you’re worried about employees and/or contractors engaging in GPS Spoofing to fool your timecard and telemetry systems adding billing dollars onto your bottom line, its a real concern. This shows that cyber security is a concern that has wide stretching implications that all of the departments across your organization should weigh in on to develop the right strategy to protect your organization. 

So, the next time you hop into an Uber or Lyft, make sure your driver is taking you directly to your destination and not GPS Spoofing you to add a few dollars onto your fare. 

FBI says VPNFilter fix Reset Router is still a Cyber Security Threat

by

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.

The F.B.I. Public Service Announcementon May 25thasking citizens to reset their home and small office routers due to a cybersecurity threat called VPNFilter created by a group called Fancy Bear. Unfortunately, resetting your router or NAS device won’t be enough to eliminate the VPNFilter cyber threat. Yes, storage devices were impacted as well. You’ll need to follow the steps laid out below.

Step1:

Check out the list of devices effected by VPNFilter, as per Symantec. If you have one of these routers, you’ll want to reset your router immediately.

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

Step 2:

Once you’ve identified the router you have and have reset it, you’ll want to update your firmware to the latest version. Going the extra mile to confirm that the update contained a fix for the VPNFilter is essential, as is, making sure the firmware was successfully updated. VPN is a Virtual Private Network or an encrypted tunnel that runs over the public internet to allow for secure communication between two devices.

Step 3:

Since the malware is persistent you’ll want to monitor your system to ensure phases 2 and 3 aren’t completed. To do that you’ll want to change passwords and monitor outgoing activities from any critical systems. That means your social media, VoIP system, banking or email. Essentially, anything that can be accessed via a web browser.

Step 4:

Buy a new router because sometimes if you buy cheap you buy twice. Here is a good example. Out of the millions of routers out there its estimated that 500k to one million routers have been affected. From an IT professional’s perspective, none of those are awesome routers and there are many other more secure options. The CloudOgre network hardware pageis a good resource to learn more.

Step 5:

If you’re running a growing business that relies on VPN capabilities for site to site connectivity, you may want to consider moving to layer 2 connectivity. Layer 2 connectivity like point to point connections, Ethernet private lines, mesh networks, etc. are typically less expensive from carriers because they don’t have to pay switching costs. Basically, site to site connectivity is cheaper for carriers to deploy so it’s less expensive as a monthly cost, more secure since it’s happening at the data link layer, and much easier to manage. Looking for additional detail on best practices for your wide area network?

Our question to ponder here is, as threats continue to develop on the internet so does reliance on its ubiquitous nature so how does this impact the end-user’s expectation? Furthermore, how does this impact the perception of SD-WAN and similar technologies that shape and secure traffic over the public internet? If you’re interested in keeping the conversation going just follow us on Facebook,LinkedIn, and Twitter.

 

 

 

Want an ogre in your inbox?

1615 S Congress Ave, Suite #103
Delray Beach FL 33445
↑ Top of Page