November 2023 Edition
EXECUTIVE SUMMARY: History holds a thousand lessons and Maureen The Clean is getting on her soapbox to educate us about the fate of the city of Troy and its link to a kind of cyber threat. Jake The Pedantic boldly touts his acquaintance with 'John The Ripper' without explaining how he expanded his social circle without leaving his mom's basement. But he doesn't stop there, he name drops Snipr, Hydra, Prime Killer and more! Meanwhile, Samuel The Harangued almost reaches the end of his rope with Aunt Mabry and her social media quiz obsession.
Follow Us On Social Media For Weekly Cyber Safety Tips
Know Your Cyber Threats
Maureen The Clean
Trojan Horse Attacks
An age old trick made famous by the destruction of the city of Troy. Pose as something good and deliver a devastating payload. We all download lots of apps, trial games, game mods, software upgrades, software trials and more. Everyone of these is an opportunity for an attacker to hide a malicious payload posing as a legitimate software program
How do software Trojans work? Trojan horse attacks are not like viruses, where they can replicate themselves to other machines - though they can be used to deliver a virus as a payload. Trojan horse attacks need a human to be induced into believing they are downloading a legitimate piece of software. They can trick humans using marketing emails, internet ads, chat group postings, social engineering and more to get them to click a link and download the software. Once on a victim's machine, the Trojan will also install malicious software that can take any and all actions on that machine including dropping ransomware, crypto-miners, viruses, info stealers, keyloggers and more.
What damage can they cause? The fate of the city of Troy is a perfect historical metaphor for how devastating the impact can be - loss of device functionality, loss of private data, use of the device to attack others and more!
Read about how a hacker group named 'Transparent Tribe' is using fake Android apps to deliver Trojans that allow them to take control of the device.
If you find your devices running slower or changed settings or unusual activity on your device, it may be worthwhile to scan your device with a reputable Trojan scanner.
Know the source of your apps! Download apps only from trusted app stores and not from links provided in emails, social media, chat forums, messaging apps, etc. Yes, even reputable app stores have been found harboring apps with Trojans but once there are a few reports, reputable app stores will clean them up. Remember, this is a risk reduction game and no one strategy provides 100% protection.
Trojans often need to communicate back to their 'Command and Control' servers. Investing in a whole home Intelligent Digital Safety solution will bring advanced threat intelligence to bolster your cyber defenses and help block those communications
'I Know John The Ripper, Do You?'
Jake The Pedantic
'Make sure your passwords are complex. Make sure you do not reuse passwords.' We keep hearing this advice ad nauseam from everyone and every company where we have an online account of some kind. But why exactly do passwords need to be complex? Also, what IS a complex password? And why can't we reuse our passwords?
Why complex passwords? The reason is simple - there are free, easily available, highly effective, open-source password cracking tools. One popular tool is called 'John The Ripper'. This tool is so effective that it any password - complex or not - can be cracked in 31 seconds or less if it is 7 characters or less!! So, given enough time, any password can be cracked. But the power of mathematics plays in your favor - with a complex password of 11 characters or more, it will take 34 years or more to crack your password!
What is a complex password anyway?
A complex password is a combination of uppercase and lowercase letters along with numbers and symbols.
Should not use common language words in the password that can be guessed by cracking tools that leverage language dictionaries
Should not contain your birthday or wedding day or other life event days that could be determined from public records or social media histories.
So, why can't we reuse passwords if they are complex? Simple again - guessing one password could open doors to multiple online accounts. And guess what? There are free, highly effective, open source credential stuffing tools such as Snipr, Hydra, PrimeKiller, STORM and Account Reaper that will automate this process for hackers and try out the same password on multiple common sites.
Aaargghh! with Samuel the Harangued
Social Media Quizzes And Games
Oh - those fun quizzes and games that pop up on our social media feeds! They get us to reveal details such as our mother's maiden name, the color of our first car, city where we were born, the place where we met our significant other and more. Pause for a moment and ponder where else you have revealed that information. Very often, these are questions we have given to our banks or other online accounts as verification questions for password resets or second factor of authentication. Fake social media accounts are created by hackers and scammers to run such quizzes, surveys and games all the time to garner these crucial details. Remember, the fake accounts will be notified of which individuals responded on these quizzes or surveys or games by the social media platform. The next step will be to look for those individuals in past data breaches to see where they have accounts and what their passwords were. And we wonder why identitity theft is so rampant!
Hackers are posting customer details online while router maker Plume has yet to confirm a breach. Hackers claim that they have over 8.5 million users and company staff records including device details, user id, cards, IP addresses and more.
Google is suing malware makers who scammed victims with a fake version of Google's AI engine Bard. Sounds great but they don't know who or how many people are behind the scam. Why sue people when you don't know who they are?
Holidays mean increased online shopping. Many smaller vendors and mom and pop businesses with an online presence do not have good protection on their sites against malicious actors who install card skimmers.