Tech Friday with Dave Hatter- March 6th 2020 - SPONSORED BY INTRUST IT


  • Hackers target kids for identity theft:
    • Hackers covet minor's information because it's"clean", and they can often use it for long periods of time without being detected
    • “This (stealing children’s IDs) has been around for quite a while, but there has been a slight resurgence recently,” said Brad Messner from Seton Hill University
    • The identity of roughly 1 million US children is stolen each year according to Patrick Juola from Duquesne
    • Clean social security numbers of kids from two and younger "is the number one seller on the dark web" - John Sphon Exela CEO
    • “The children are vulnerable because they have a blank slate,” Juola said. “You can make up a computer identity and there is no information to contradict it."
    • Children’s social security numbers are attractive because “the kids have a higher credit rating than the adults and are not monitored regularly” - Brad Messner
    • Over time, identity thieves can use the information to develop a fake persona and use it in a variety of fraudulent ways
    • In addition to checking your credit report regularly, you should check your childrens' as well
    • Considering freezing your kids' credit
    • If you don't have the time and/or discipline to check regularly, consider using an identity theft monitoring service
    • Scan the Dark Web to see if your children's information shows up:https://www.experian.com/consumer-products/free-dark-web-email-scan.html
    • Be judicious in what information you share about your children and who you share with
  • Android "security" app booted from Google Play Store has over 1 billion downloads:
    • Google recently ejected 600 apps from the Play Store including one known as Clean Master
    • Clean Master has more than1 billion downloads making it of Android’s most downloaded apps ever
    • Clean Master claimed to be an antivirus application that also supported private browsing
    • Despite being kicked to the curb, it's highly likely that it's still on millions of phones
    • The app was created by Cheetah Mobile, a Chinese company. A large amount of Cheetah Mobile’s revenue came from Google-hosted services
    • Gabi Cirlig, a cybersecurity researcher at White Ops, gave Google evidence that the app was tons of data
    • The data collected by Clean Master included very detailed information such as visited websites, search queries and Wi-Fi access points
    • Cheetah claims they collect users’ data to protect them
    • Three other Cheetah products: CM Browser, CM Launcher and Security Master have been doing similar things according to Cirlig
    • “Technically speaking, they have a privacy policy that covers kind of everything and gives them a blank check to exfiltrate everything,” says Cirlig
    • If you're not paying with money, you're paying with data, you're the product, NOT the customer
    • Carefully vet very app before you download it
  • A new phishing email has a "password" protected file as bait:
    • Palo Alto Networks' Unit 42 research team discovered a new phishing campaign that uses a number of tricks to gain remote access to victim's systems
    • Targets get an email asking them to open a "password-protected" attachment claiming to contain personal information
    • The actual language of the email may vary, but many of the emails are financial in nature
    • "Unlocking" the document will enable macros, which ultimately uses PowerShell to install a remote access tool (RAT)
    • The RAT is NetSupport Manger, a legitimate form of remote access control software often used for remote IT help
    • At this point, it's unclear exactly what the attackers are tying to accomplish, theories include information theft, or "lurking" to understand a victim's habits which could lead to a later attack using that information
    • Installing NetSupport Manager is especially devious because it is a legitimate remote support tool and endpoint protection (anti-virus) software will ignore it
    • Being wary of any emails related to financial information and NOT clicking on links and attachments in an email until you have verified the legitimacy of the email is always good advice
    • Additionally, disabling macros will block the attack