Tech Friday with Dave Hatter - October 16th 2020 - SPONSORED BY INTRUST IT


October is National Cybersecurity Awareness Month

  • Motto: “Do Your Part. #BeCyberSmart.”
  • Held every October, now in it's 17th year

Notes

  • Artificial Intelligence and Machine Learning generate very realistic images of people that don't exist
    • The new websitethispersondoesnotexist.comis yet another reason that you can't believe your eyes
    • The site uses artificial intelligence (AI) and Machine Learning (ML) to endlessly generate "photos" of people that don't actually exist
    • Nvidia is behind the technology that makes this possible
    • Philip Wang, an Uber software engineer and creator of the website, said the site can "dream up a random face every two seconds."
    • It works by analyzing a huge volume of human face photos in order to generate the very realistic fakes
    • "Most people do not understand how good AIs will be at synthesizing images in the future" - Wang
    • Experts have raised serious concerns about potential use of this technology by trolls and sock puppets for impersonation
    • Some have pointed out that the technology is not yet perfect. For example, Bellingcat researcher Aric Toler said he was able to spot discrepancies in some of the generated images
    • The techniques used by this technology are similar to those used to create deepfakes
    • See for yourself here:http://www.thispersondoesnotexist.com.
  • Microsoft Fixes 87 bugs in October 2020 Patch Tuesday
    • For the October 2020PatchTuesdayMicrosoft fixed 87 vulnerabilities in Microsoft products. 12 classified Critical, 74 classified Important and 1 as Moderate
    • This is the smallest number of fixes in several months
    • This includes fixes for six publicly disclosed vulnerabilities that Microsoft has said are not being exploited yet
    • There are no zero-day flaws corrected in this batch of updates, but there are several vulnerabilities that can be exploited remotely
    • The patches cover a wide array of Microsoft products
    • Microsoft indicated that users should install these security updates as soon as possible
    • Some of the more dangerous vulnerabilities patched include:
      • A flaw that allows attackers to send specially crafted emails that can execute commands when opened in the Microsoft Outlook software.
      • A flaw that allows attackers to send specially crafted ICMPv6 packets to a remote Windows computer that allows the attacker to execute commands. It was discovered by Microsoft engineers and has a severity of 9.8 out of 10
      • A flaw that can be exploited for remote code execution by tricking a user into visiting a malicious website
    • View the full list is available here:https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct
    • Other important updates include:
      • Adobe released a critical update for Adobe Flash Player
      • Apple released updates for macOS, tvOS, and watchOS
  • Cyberattacks are skyrocketing, make your home network more secure
    • More people are working remotely in less secure environments, making them easy targets
    • CrowdStrike recently reported their customers’ networks have seen more intrusion attempts within the first half of 2020 than in all of 2019
    • CrowdStrike's threat-hunting team detected and blocked roughly 41,000 potential intrusions. In 2019, the same team investigated 35,000 intrusions over 12 months. This is a 154% increase in cyberattacks
    • CrowdStrike suggested the primary cause for the dramatic increase is people working remotely
    • They also indicated that the growing availability of ransomware-as-a-service RaaS is leading to more attacks, and ransoms have risen substantially
    • Bitdefender's Mid-Year Threat Landscape Report 2020 claimed a 715% year-on-year increase in attacks
    • Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020 according to Coalition, one of North America's the largest cyber insurance providers
    • Ransomware claims have ranged in size from $1,000 to over $2,000,000 per incident
    • Extortion, release of exfiltrated information, has been added to ransomware as an additional incentive to pay
    • FBI Deputy Assistant Director Tonya Ugoretz speaking in an online panel hosted by the Aspen Institute recently said the number of Internet crime related reports has quadrupled compared to months before the pandemic
    • "The FBI has an Internet Crime Complaint Center, the IC3, which is our main ingest point. Sadly the IC3 has been incredibly busy over the past few months," Ugoretz said
    • Ugoretz said "Whereas they might typically receive 1,000 complaints a day through their internet portal, they're now receiving something like 3,000 - 4,000 complaints a day not all of those are COVID-related, but a good number of those are.
    • "They really run the gamut. Everything from setting up fraudulent internet domains [...], we've seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion, etc.. So pretty much, sadly, anything you can think of. Cyber-criminals are quite creative" Ugoretz said
    • Tips to stay safe:
      • Install Software patches & firmware updates regularly
      • Enable Multi-Factor Authentication (MFA) everywhere
      • Use Anti-Malware / Endpoint protection
      • Use a strong, unique password for each account
      • Use a Password Manager to manage strong, unique passwords for each account
      • Use a firewall
      • Use a Virtual Private Network (VPN) 
      • Avoid Public Wi-Fi
      • Change the default settings on devices, especially the default password
      • Don't download "free" software you have not vetted
      • Use Encryption (at rest and in motion)
      • Backup data regularly and verify the backup integrity
      • Take a Zero Trust stance
      • SETA (Security, Education, Training and Awareness)
      • Be skeptical
      • Remember, just because you're paranoid doesn't mean they're not out to get you