We have more bad news on the cyber breach front. Voter data on 198 million United States citizens was improperly stored and made freely available on the internet to anyone with bad intentions for an astounding 12 days. The information includes birth dates, home addresses, telephone numbers, political views, suspected religious affiliations, ethnicity, and where the individual stood on topics like gun control, the right to abortion and even stem cell research. All signs point to the fact that there has never been a data breach this big.
Why does this matter? This type of data can easily be used for nefarious purposes-whether it's identity fraud, harassment, or intimidation of people who hold an opposing political view. Worst of all, once the bad guys have accessed this data, they can send highly personalized phishing attacks to you and make them look like totally legitimate emails.
You should always treat any email you receive at your office or home with a substantial...
Surely you haven't forgotten the worldwide epidemic that was last month's WannaCry cyberattack. What you may not know is that the attack was mild compared to what it could have been. It was essentially just a warning shot. Luckily, Microsoft recognized this and has reacted accordingly.
Earlier this week, Microsoft released a number of critical security patches in an effort to block future similar attacks. The big deal here is that they have not only released these updates for actively supported operating systems like Windows 10, 8.1, and 7 as automatic downloads, but they have also made them available as manual downloads for older systems, including Windows XP. The company cited an "elevated risk for destructive cyberattacks" by government organizations and copycats as the reasoning behind this unprecedented release.
No matter what version of Windows you are running, installing these security updates should be at the very top of your to-do list. Failure to...
While we obviously don't condone disobeying traffic laws, we understand that it's an inevitable part of life. We'd probably be more surprised if you have never received some type of traffic violation. That being said, everyone needs to be on the alert for fake emails that look like they are from the local police department or DMV, claiming you have an outstanding traffic violation.
These emails falsely state that you have outstanding traffic violations and if you don't pay a fine, your license will be revoked. This scam is going on in New York and will likely spread to other states soon. These emails contain links or attachments that have malware embedded, and can cause huge problems if clicked on.
Traffic citations will never be emailed with links or attachments in them, and if you receive something like this, don't click! You should immediately report the scam to the local police department.
And remember...just a little cyber education...
You may have seen this story all over the news the past few days, or maybe you saw our security alert from Friday afternoon. Criminal hackers have released a new strain of ransomware called "Wanna Cry" (or WCry), that spreads itself automatically across all workstations in a network, and this new strain is causing nothing short of global pandemonium. Everyone from Fedex to Nissan to Russian Banks to Chinese gas stations to British hospitals are being affected. If someone accidentally opened one of these phishing email attachments, they might infect not only their own workstation, but immediately infect everyone else's computers, too. Needless to say, the bad guys continue to figure out new and creative ways to cause electronic pain and suffering for the rest of us.
What to do? Make sure your systems are updated. Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it and...
There's a new ransomware in town... well, it's worldwide at this point. It's called WCry, but is also known as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. Several Spanish ulitilty companies and at least 40 hospitals in the United Kingdom were all but shut down today by WCry, with many more incidents being reported across the world. As of this publishing, over 57,000 WCry infections have been detected, and that number is expected to climb.
It's important that you make serious efforts to mitigate this threat before this monstrosity attacks your business. We recommend starting by applying the patches found in this Microsoft Security Bulletin (MS17-010). This security update gives a thorough list of Common Vulnerabilities and Exposures (CVEs) that could be exploited.
We also recommend that you refer to this article for more information on WCry as this worldwide cyber attack continues.
Staying on top of the cybersecurity landscape is like squeezing a balloon...when you squeeze (figure out) one part, another part pops up. Here are just a few of the major ways we see the cyber world changing right before our eyes.
1. Expanded Threat Landscape: There are more and more politically motivated attacks. Mobile devices are becoming more and more of a target. Internet of Things (IoT) device manufacturers are not doing a good job on the security side of the devices. Software is everywhere now, not just on websites, browsers, and operating systems. The exploding number of cloud-based apps has greatly increased the attack surface. In other words, the ways the hackers can attack and are attacking are multiplying exponentially.
2. Hackers are More Sophisticated: Hackers have adapted to take advantage of all new attack vectors such as IoT devices and cloud storage. There is now a very liquid currency (virtual currencies such as...
Cybersecurity is of special importance to CPAs since they handle enormous amounts of very sensitive client data on a regular basis, and a breach can be devastating to both a practice and its clients. CLICK HERE for a free white paper on how cybersecurity affects these accounting firms.
One of Birmingham's premier accounting firms, Warren Averett, recently became a member of the ThreatAdvice platform. Dana Schmidt, Warren Averett's Director of Professional Development, said this about the cybersecurity tool: "The ThreatAdvice cybersecurity education platform is a new and exciting way for the CPA's of Alabama to learn about the imminent cyber risks for all businesses, and also to earn continuing professional education credits while doing so."
Within the ThreatAdvice...
An individual or group going by the name "thedarkoverlord" has posted much of the upcoming season of the Netflix original series Orange is the New Black online as punishment for Netflix not paying a ransom demand made by the group. The episodes were apparently stolen from a post-production company, along with episodes from dozens of other TV programs on Netflix and other networks. On April 29, after Netflix failed to comply with the ransom demands, the darkoverlord posted links on Twitter to many of the episodes.
Whoever is behind this has breached many other networks over the past year, apparently by exploiting common vulnerabilities in their websites. In each case, the hackers have posted proof of the breach to GitHub and then attempted to extort payment in bitcoin from the victims by threatening to dump customer data and other information if they fail to comply.
Takeaways from this:
1. Criminals will stop at nothing in exploiting...
When famous people die, the scammers come out of the woodwork to use that event to phish gullible people. Take for instance, the death of former Patriots player Aaron Hernandez several days ago. Scammers immediately sent false links to people via social media and other means, trying to get them to click on a supposed story about Hernandez. However, the link to the story was actually a link leading to compromised websites or to malicious software, and many unsuspecting folks let their curiosity get the best of them...which, of course, led to malware being installed on their devices.
Always keep in mind that celebrity deaths such as Prince, Robin Williams, and Michael Jackson will lead to the bad guys trying to use the death to their nefarious advantage. These tricks are actually used in many big news stories such as plane crashes, crazy political stories, or other sensational news stories. Of course, all it takes is one click to do damage, so be very careful before...
Unfortunately, many company directors of today continue to feel that cybersecurity is an I.T. issue, and is a subject that doesn't need their attention. Well, to put it simply...that is very far from the truth. From a regulatory and legal standpoint, Boards are being held liable for cyber breaches at an increasing rate, and it is extremely important for all Boards to be engaged in cybersecurity discussions and decisions. Cybersecurity must be a "top down" issue, and boards and senior management must be engaged BEFORE a breach occurs.
Here are a few ways that directors can and should be involved within their enterprises in terms of cybersecurity:
1. Firmly accept the responsibility for cybersecurity - It is NOT just an I.T. issue. Give it significant time and resources.
2. Set expectations for management and others - Every single person in the organization must clearly understand the significance of the cyber issue and their role, and...
850 CORPORATE PKWY SUITE 110
BIRMINGHAM, AL, 35242