The Kavalan Cyber Safety Newsletter

Cyber security and cyber hygiene spoken simple

(This newsletter contains links to external websites. Please review their terms of use and privacy policies before using those websites.)

November 2023 Edition

EXECUTIVE SUMMARY: History holds a thousand lessons and Maureen The Clean is getting on her soapbox to educate us about the fate of the city of Troy and its link to a kind of cyber threat. Jake The Pedantic boldly touts his acquaintance with 'John The Ripper' without explaining how he expanded his social circle without leaving his mom's basement. But he doesn't stop there, he name drops Snipr, Hydra, Prime Killer and more! Meanwhile, Samuel The Harangued almost reaches the end of his rope with Aunt Mabry and her social media quiz obsession.
Follow Us On Social Media For Weekly Cyber Safety Tips

Know Your Cyber Threats


Maureen The Clean

Trojan Horse Attacks

An age old trick made famous by the destruction of the city of Troy. Pose as something good and deliver a devastating payload. We all download lots of apps, trial games, game mods, software upgrades, software trials and more. Everyone of these is an opportunity for an attacker to hide a malicious payload posing as a legitimate software program

How do software Trojans work? Trojan horse attacks are not like viruses, where they can replicate themselves to other machines - though they can be used to deliver a virus as a payload. Trojan horse attacks need a human to be induced into believing they are downloading a legitimate piece of software. They can trick humans using marketing emails, internet ads, chat group postings, social engineering and more to get them to click a link and download the software. Once on a victim's machine, the Trojan will also install malicious software that can take any and all actions on that machine including dropping ransomware, crypto-miners, viruses, info stealers, keyloggers and more.

What damage can they cause? The fate of the city of Troy is a perfect historical metaphor for how devastating the impact can be - loss of device functionality, loss of private data, use of the device to attack others and more!

Read about how a hacker group named 'Transparent Tribe' is using fake Android apps to deliver Trojans that allow them to take control of the device.

Read about Transparent Tribe's Trojan

How to Protect Yourself?

Here are 3 things you can do to reduce your risk:
  • If you find your devices running slower or changed settings or unusual activity on your device, it may be worthwhile to scan your device with a reputable Trojan scanner.
  • Know the source of your apps! Download apps only from trusted app stores and not  from links provided in emails, social media, chat forums, messaging apps, etc. Yes, even reputable app stores have been found harboring apps with Trojans but once there are a few reports, reputable app stores will clean them up. Remember, this is a risk reduction game and no one strategy provides 100% protection.
  • Trojans often need to communicate back to their 'Command and Control' servers. Investing in a whole home Intelligent Digital Safety solution will bring advanced threat intelligence to bolster your cyber defenses and help block those communications

'I Know John The Ripper, Do You?'


Jake The Pedantic

'Make sure your passwords are complex. Make sure you do not reuse passwords.' We keep hearing this advice ad nauseam from everyone and every company where we have an online account of some kind. But why exactly do passwords need to be complex? Also, what IS a complex password? And why can't we reuse our passwords?

Why complex passwords? The reason is simple - there are free, easily available, highly effective, open-source password cracking tools. One popular tool is called 'John The Ripper'. This tool is so effective that it any password - complex or not - can be cracked in 31 seconds or less if it is 7 characters or less!!  So, given enough time, any password can be cracked. But the power of mathematics plays in your favor - with a complex password of 11 characters or more, it will take 34 years or more to crack your password!

What is a complex password anyway?

So, why can't we reuse passwords if they are complex? Simple again - guessing one password could open doors to multiple online accounts. And guess what? There are free, highly effective, open source credential stuffing tools such as Snipr, Hydra, PrimeKiller, STORM and Account Reaper that will automate this process for hackers and try out the same password on multiple common sites.

Aaargghh! with Samuel the Harangued

Social Media Quizzes And Games

Oh - those fun quizzes and games that pop up on our social media feeds! They get us to reveal details such as our mother's maiden name, the color of our first car, city where we were born, the place where we met our significant other and more. Pause for a moment and ponder where else you have revealed that information. Very often, these are questions we have given to our banks or other online accounts as verification questions for password resets or second factor of authentication. Fake social media accounts are created by hackers and scammers to run such quizzes, surveys and games all the time to garner these crucial details. Remember, the fake accounts will be notified of which individuals responded on these quizzes or surveys or games by the social media platform. The next step will be to look for those individuals in past data breaches to see where they have accounts and what their passwords were. And we wonder why identitity theft is so rampant!

read the FCC's Warning on these scams

Threats and Breaches

Hackers are posting customer details online while router maker Plume has yet to confirm a breach. Hackers claim that they have over 8.5 million users and company staff records including device details, user id, cards, IP addresses and more.

Plume router maker data breach

Google is suing malware makers who scammed victims with a fake version of Google's AI engine Bard. Sounds great but they don't know who or how many people are behind the scam. Why sue people when you don't know who they are?

Google suing AI scammers

Holidays mean increased online shopping. Many smaller vendors and mom and pop businesses with an online presence do not have good protection on their sites against malicious actors who install card skimmers.

Card skimming on the rise