Call Us: 555-555-1234

BASIC COMPUTER SECURITY TIPS


The Taxonomy of a compromised computer:

(what the malicious actors will do once they control your computer)

 

When someone hacks your computer it means they have remote access to your computer, where they can retrieve passwords, information about you and information on your program files etc. They usually hack people's computers through the use of browser, link, attachment, scanning or social engineering. Once inside they are able to view what you are doing on your computer and they can use your computer as a bot system, harvest your data, or if you really unlucky lock your system files up with ransomware.


  • Botnet
  • Proxy
  • DDOS
  • Harvest your Data
  • Bitcoin mining
  • Ransomeware

 

The basic use can be classified into three (3) categories:

 

  1. Botnet: 

A botnet is a network of compromised third-party computers running software robots (bots). These bots can be remotely controlled – initially by the actual attacker, and subsequently by a party who pays the attacker for use of the botnet – for any number of unauthorized or illegal activities

  • Distributed denial of service attacks (DDoS) Malicious actors are elevating their crimes by now compromising of web servers as opposed to web-servers because they are always on a carry more bandwidth. With DDOS there are basically two types of attacks, Network Attack (Bandwidth depletion) or an Application Attack (Resource Depletion)

 

  • Spam: There is a correlation between botnets and spam. Including spam attacks involving the further distribution and installation of malware on other information systems.

 

  • Bitcoin mining: they want to hijack the processing power of your computer to create more bitcoins.  The malicious actors are now using hijacked computer and servers to do this illegally through botnets.

 

  • A proxy server is computer that functions as an intermediary between a web browser (such as Internet Explorer) and the Internet. Allows you to bounce your web traffic between different servers. Some Proxy servers help improve web performance by storing a copy of frequently used webpages. Others like Squid proxy do not store information.

2.     Harvest your data:

Instantly gaining access to a huge part of his online life.   Information on your online services, passwords, email accounts and other items such as:  

  • Identity theft: Employees like remote access because it gives them access to work files, programs and networks, enabling them to work from home or while traveling. However, they must be aware that if their remote login credentials are compromised, malicious actors will be able to login and have access to a massive amount of data. A wide range of sensitive information such as names, addresses, dates of birth, social security numbers, driver’s license numbers, credit card and bank account numbers can be found within a targeted organization’s computer system, which can be used to commit crimes such as identity theft. Malicious actors will use any information they can gather for financial gain.

 

  • Hi-jacked Bank Accounts: Vulnerabilities in the implementation and usage of remote access software facilitates massive financial losses to our business’s infrastructure, with malicious actors utilizing varying levels of sophistication to steal credentials and passwords in order to hi-jack or create banking sessions to steal money from the account of the targeted business. These types of attacks have led to millions of dollars in unauthorized electronic financial transactions being sent to banking systems in Hong Kong, China, and other foreign countries.

 

  • Intellectual Property Theft: Unauthorized remote access to business’s databases can also lead to theft of intellectual property, which could include anything from trade secrets to proprietary products. Intellectual property theft costs U.S. businesses billions of dollars each year with overseas companies taking this information and using it to build cheaper and less expensive versions of products without the cost of research and development. This causes significant job losses in the United States. The loss or compromise of data can result in an array of impacts to your organization, including financial penalties, fines and even loss of consumer loyalty and confidence.

 

  • Stolen Credit Cards: Credit card point of sale systems of small to mid-sized businesses are being targeted and compromised at an alarming rate. Compromised card holder data is costing businesses in the United States millions of dollars in fraudulent transactions, regulatory fines, and investigation and recovery fees. Point of sale integrators frequently use weak and/or default passwords on point of sale terminals allowing malicious actors to brute-force or successfully guess remote access into the system. Once inside they install malware specifically designed to steal payment card data from that system.
  • Espionage Malware can be and has been used to gain access to or spy on business and government operations and gather information that could be critical to business operations or national security.
  • If it’s a server they install a simple logging program and watch as all the traffic flies passed in clear text, most will be HTTP traffic, unsecured, plain text details which can be easily read.  

3.     Ransomware/Crytolocker:

 

  • The owner will be asked to pay a ransom for the “key” used to encrypt their data, and which is often required to reverse that process and restore the data. Such attacks, not only deny the user/owner access to their own data, but harm the confidentiality and integrity of that data by the attacker’s unauthorized access to it and encryption of it.
  • Encrypts any network drive that is mapped to the system.
  • Primarily an email based attack vector.

COMPUTER SECURITY BASICS:


 

  • If infected disconnect from the Internet.  Depending on the type of infection the malicious actor may have access to your computer and could be trying to exfiltrate your personal data.
  • Image your system from clean environment. Imaging the drive while it’s still clean. This, combined with regular backups of your everyday data, will let you restore your computer quickly
  • Back-up back up regularly so that if they (files) are infected you may have an uninfected set to restore.
  • Use Linux CD/USB drive to log in the internet (liveCD)
  • Limit the use of JavaScript (unfortunately it’s needed for features on most sites)
  • Use a strong password and mult-factor dual band authentication
  • Sandbox your browser, operating system when possible
  • Use proxy DNS-filter out web page request at DNS 
  • Enforce strong password policy–multifactor authentication something you know/have/are
  • Regularly update/ if you installed, update it.
  • Expire your old data / if you no longer need it, get rid of it!  Encrypt sensitive data
  • Educate yourself & staff on network and device security
  • Limit access to confidential information / Utilize Checks & Balances System
  • Ensure data is stored (in the cyber & physical realms) securely
  • Note strange occurrences & report them
  • Do not send work e-mail to personal accounts - only secure transmissions
  • Don’t open web based emails on work machines.
  • Don’t log on to work machine or email from home machine
  • Standard rule on Applications, if you didn’t go looking for it, don’t download it

A system (or disk) image is a complete copy of a hard disk partition. That image is contained in a single file. Providing that you imaged your system (usually C:) drive, it contains the boot files, operating system, programs and user data. If you run into problems that you can't fix, or your computer's been rendered unbootable, you can restore the image and your computer will revert back to how it was when the image was created.
A backup is usually a copy of important files such as documents, e-mails, photos, and music etc saved to an external hard drive, memory stick, or CD etc. An image file can sometimes be classed as a backup because it's usually possible to extract individual files and folders from it.
A system image is likely to be bigger than a recovery disk because it also contains all the extra programs you installed and also your data files.
What do we use then?
If you are creating a system image, then be sure to exclude your personal data files in your system image as it will just make the process take more time. Usually, it is best to create a system image of your OS, software installation, drivers and whatnot, but without your personal data. For personal data, do more regular backups, since you will not be creating a system image everyday, while your documents and other personal data get changes and new additions almost every hour.

Tools

See public sites that support 2-factor authentication
Domain Dossier: Investigate domains and IP addresses. Get registrant information, DNS records, and more-all in one report. 
Browser Mirror: See what your browser reveals about you.
Ping: See if a host is reachable.
Traceroute: Trace the network path from this server to another.
NsLookup: Look up various domain resource records with this version of the classic NsLookup utility.
AutoWhois: Get Whois records automatically for domains worldwide.
TcpQuery: Grab a web page, look up a domain, and more.
AnalyzePath: Do a simple, graphical traceroute.

knowbe4.com or wombatsecurity.com for training and phishing tests. 
BURP Proxy, , Google Directives, Nmap, and Goofile to learn more about the c&c endpoints in question. Gather all the information you can to fortify your firewall.


 

Computer security resources and references:


 

Free Cyber Security on line training: