Identity Theft and RansomWare are growing problems.

Identity thieves bypass security questions to access Experian credit reports

When I read this article, I thought if people you don't know, already have your name, address, SSN and birthdate, perhaps you have another problem other than your credit report being accessed illegally.  But then, this information is all over the place, in offices, firms and online.

There is no telling how many places your name, address, SSN and birthdate are stored on the internet.  These key pieces of data are in multiple databases related to insurance, credit cards, banks, etc., etc.  Many of these sites have already been breached, hacked, stolen!

After a tip from a Telegram user who frequented identity theft channels, Brian Krebs tested and confirmed that anyone who knew your name, address, social security number (SSN), and birthday could view your full credit report at Experian.

Protect yourself and please read;

Identity thieves bypass security questions to access Experian credit reports

Ransomware has now become a problem for everyone, and not just tech

Ransomware attacks have rumbled on for years and show no signs of slowing down. It's time we faced the threat head on.

In 2022, ransomware affected

    - 1981 schools

    - 290 hospitals

    - 105 local governments

    - 44 universities and colleges

Researchers suggest that much of the rise in reported ransomware attacks against local governments can be linked to a single incident in Miller County, Arkansas, where one compromised mainframe resulted in malware being spread to endpoints in 55 different counties. 

The above figures are for the public sector only.  The private sector isn't required to publicly disclose malware attacks so the full damage caused by malware isn't known.

Ransomware and Cyber Crime are threats to everyone.  To protect against these threats, companies and individuals should apply security patches and updates as soon as available to prevent criminals from attacking known vulnerabilities and delivering their malware payload.

MFA should be imperative for all accounts in the event a username or password is stolen.  Multi Factor Authentication makes it harder to abuse compromised accounts.

I see data backups not being taken seriously.  There should be multiple and redundant backups with some form of storing a backup offline in case of attack.

Of the local government agencies hit with ransomware in 2022, only one organization is known to have paid a ransom, which amounted to $500,000. The largest ransom demand made by attackers against a government entity demanded $5 million -- which wasn't paid. 

Education remains a key target for cyber criminal ransomware groups, the number of schools affected by attackers almost doubled in a year. In 2021, ransomware reached a combined total of 1,043 schools, while the number hit in 2022 was 1,981.

According to Emsisoft, at least three victims paid a ransom demand for a decryption key, with one known to have cost $400,000.

Hospitals have long been a target for ransomware attacks.  Hospitals need their systems to be operating to treat patients but many hospital networks still rely on old, often unsupported software. 

The attacks continued in 2022, with 25 incidents against hospitals and multi-hospital health systems, impacting patient care at up to 290 hospitals, 

for further info, please read;

Ransomware has now become a problem for everyone, and not just tech

The ransomware problem isn't going away, and these grim figures prove it

The real cost of ransomware is even bigger than we realised

Ransomware attacks are often talked about in terms of the financial cost. But in reality, these incidents can have a much bigger impact.

On this day in history, Jan. 9, 2007, Steve Jobs introduced the Apple iPhone to the world at Macworld in San Francisco

On this day in history, Jan. 9, 2007, Steve Jobs introduced the Apple iPhone to the world at Macworld in San Francisco

January 9, 2007 - Apple Introduces iPhone

iPhone, a crappy device?

Not everyone was a fan however.  This review from the AJC Business section, June 2007.  (previously published 11/17/15, DforceATL-iPhone post

The iPhone was made available to the U.S. consumer on June 29, 2007 to much fanfare but not everyone was impressed.  An article in the AJC Atlanta Journal Constitution opined that it was too trendy and consumer would not shell out the dough for the pricey novelty.  LOL, see AJC Tech writer's review below.

A Breach at LastPass Has Password Lessons for Us All, Who is using your Home WIFI, Patch Tuesday

 

LastPass Password Manager suffers a Breach.

I always hear gripes about passwords, their complexity and the need to change.  This is not a subject to be taken lightly.  A password is all that stands between your personal/financial info and bad guys trying to steal your info or monies.

Everyone needs some system to record these keys and protect this information.  I personally use a contact located in an Outlook PST file that is password protected.  You could also use an Excel spreadsheet to record your passwords and then password protect it.  However, this is another password you need to remember.  Also, there are utilities available for purchase that will break Excel password protection.

Some people use the password managers built into browsers.  These too are vulnerable and if anyone knows your login password, they can expose your saved passwords in a browser.  please see my prior post from 2019 about this,  Browser Password Security

So what is one to do?  Many have paid for online password managers such as LastPass.  LastPass is an online password manager with a personal Premium version available for $3/month billed annually.

There have been many online credit card, bank, credit union as well as other breaches of user information.  Why would an online password manager be any different?  It's not, LastPass has been breached exposing tens of millions of customer credentials and keys.

In other words, the hackers hit the lottery.  From an article on the NY Times;

When you use a password manager like LastPass or 1Password, it stores a list containing all of the user names and passwords for the sites and apps you use, including banking, health care, email and social networking accounts. It keeps track of that list, called the vault, in its online cloud so you have easy access to your passwords from any device. LastPass said hackers had stolen copies of the list of user names and passwords of every customer from the company’s servers.

If you are a LastPass customer, please read the article in the link below to determine what steps you need to take to safeguard your valuable information.

LastPass Hack-NY Times

Keeping your Home WIFI/internet connection secure.

If the above doesn't shake you, there is more good news.

You need to keep your home internet connection secured.  There are courses available online that teaches how to expose and connect to WIFI networks.  These are the ones that can be seen via available networks.  Has anyone watched the TV series, Mr. Robot?  In the series, the main character/hacker uses Kali Linux to break into networks and computers to fight big (overreaching industry).

Kali Linux is a hacker's dream OS and is loaded with tools for breaching systems.

Anytime you are in public and connect to a Mall's WIFI or any guest WIFI, be aware that all your info is being transmitted without encryption including user name and password.  So don't access bank or credit card info while using these networks.  I get dragged to Perimeter mall by Boss Lady and I am usually stuck outside the coffee bar at Nordstrom's waiting. I have witnessed many times the same 2 characters armed with a notebook and an external WIFI adapter which is needed by Kali to intercept internet traffic.  The internal WIFI adapters built into computers aren't any good for hacking.

With that warning said, back to your home internet, please see the info in the following link;

How To Tell If Someone Is Using Your WiFi, And How Remove Them (msn.com)

FYI, Next Tuesday is Microsoft Patch Tuesday.