With Valentine’s Day just around the corner, love is in the air and those who currently lack a significant other may decide to join a dating website to meet new relationship prospects. Unfortunately, there are plenty of scam artists who target dating site users and try to swindle money from them by exploiting their desire for companionship. The FBI calls these types of online encounters Romance Scams and reported that, in 2016, victims of this type of scam lost over $230 million.
In August 2017, the NJCCIC published the blog post Hackers Are Circumventing 2FA and Here's What You Can Do About It to alert members of emerging social engineering campaigns targeting mobile phone carriers. In these campaigns, hackers called the carriers and impersonated the targeted victim when speaking to customer service representatives. They would then try to convince the representatives to port the victim’s phone number to a new phone. If the scheme worked and the representative ported the number to a phone within the hacker’s possession, the hacker could then use it to circumvent SMS-based two-factor authentication (2FA) enabled on the targeted victim’s online accounts. Fortunately, major US mobile phone carriers have recently implemented an additional security control that their customers can use to secure their accounts. Read our blog to find out more.
According to the Women’s Society of Cyberjutsu (WSC), women comprise 50 percent of professional occupations in the U.S. and only 11 percent of the information security workforce. Here at the NJCCIC, women contribute to the success of all bureaus, including Partnerships, Cyber Threat Intelligence and Analysis, Security Engineering and Cyber Operations, and Governance Risk and Compliance through various roles including Cyber Threat Intelligence Analysts, Cyber Liaison Officers, and Incident Reporting and Response Specialists.
As we usher in a new year, the NJCCIC is reflecting on the incidents of the past year and providing its predictions for the year ahead. We expect this year's major themes will be ransomware, mobile malware, exploitation of known vulnerabilities, rise in targeting of IoT devices, exploitation of unsecured cloud databases, and cryptocurrency mining.
To say that 2017 has been a busy year for cybersecurity professionals would be an understatement. From devastating data breaches to crippling ransomware incidents, every week that passed revealed new threats, attack vectors, exploits, and vulnerabilities. It quickly became evident that no person, organization, or sector is immune to the impact of cyber threats. As we prepare for the challenges that 2018 will bring to network defense initiatives, it’s important to reflect on some of this year’s biggest cybersecurity incidents and highlight the lessons learned from each one.
“Our Uber driver told us to turn off the Bluetooth and WiFi on our phones while we’re out here this week. He said not to connect to anything or we’ll be hacked.” Two women shared this with me as the three of us waited to ride the SlotZilla Zipline in downtown Las Vegas late Friday night. I told them I was in town attending DEFCON and that their driver gave them good advice.
Americans are inundated daily with scam calls and many may not know there are options available that help reduce the chance of receiving or answering a fraudulent phone call. This blog highlights one analyst's frustrations in receiving several of these nuisance calls every day and her effort to stop them by exploring various options provided by major US cell phone carriers.
Time synchronization is not something many people may consider to be a critical component of a properly functioning enterprise; however, it is vital for managing, securing, debugging, and investigating security incidents on a network. Desynchronized timekeeping across distributed servers in a corporate network can cause serious headaches for IT staff trying to diagnose network issues or investigators trying to get to the bottom of a data breach.
With Black Friday, Cyber Monday, and the rest of the holiday shopping season upon us, the NJCCIC compiled the following tips and best practices to help all of our members stay safe in stores and online. The holiday shopping season is one of the most attractive times of the year for money-hungry criminals and fraudsters to take advantage of eager shoppers and unsuspecting victims.
“I can’t believe this many people want to hack into computers,” the elderly woman said to her friend as they tried to navigate past the throng of DEFCON attendees at Bally’s Las Vegas Hotel and Casino, “there’s something wrong with that.” I heard this comment in passing and nodded slightly in subtle agreement.
Over the weekend, an “augmented reality” game called Pokémon GO took America’s mobile phone users by storm and soared in popularity practically overnight. Created by video game giant, Nintendo, and mobile game developer, Niantic, the Pokémon GO game app became an instant hit on both the Android and iOS platforms as people downloaded it in record numbers. Its usage quickly surpassed that of the popular dating app, Tinder, and social media platforms such as Instagram, Facebook, and Snapchat.
One year ago today, Governor Christie signed Executive Order 178 establishing our State’s Information Sharing and Analysis Organization (ISAO), the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Our goal has always been to elevate the barriers to entry for those seeking to nefariously exploit New Jersey’s cyberspace. We do this by promoting statewide awareness of cyber threats and the adoption of best practices.
Given the steady uptick in ransomware across the country, and right here in our State, we simply cannot overstate the importance of maintaining good backups that are stored offline (physically off of the network) and regularly tested to ensure you can fully recover in the event of a data loss incident. But what, specifically, does that mean to you and how do you go about implementing a sound data backup and recovery strategy?
The US Government is currently drafting a 'green paper' in preparation of presenting a formal policy on the Internet of Things (IoT), acknowledging the highly insecure technologies that have hit the market in recent years. Demonstrating the growth of this market, the research and consulting firm Gartner, Inc. forecasts that 6.4 billion connected devices will be in use worldwide in 2016, increasing to 20.8 billion by 2020.
The first-ever power outage caused by a cyber attack occurred in Ukraine on December 23, 2015, causing many to reevaluate the risk to critical infrastructure and ask, could this happen in the United States and what can be done to prevent it?
Imagine you wake up one day to find that your company’s website no longer displays your logo, products, or contact information. Instead of providing an online presence for your business, your website is now promoting a hacking group or terrorist organization. Your customers are angry and your employees are confused.
Disclaimer: If technical jargon makes you queasy, proceed with caution!
When downloading new software or updating existing software, how do you ensure that what you are installing is safe, unaltered, and from a reputable source? The simple answer is to compare the checksum of the file you downloaded to the hash of the original source file.