Are any of you members of a community group? I’m not because there simply isn’t one worth going to in my area but I’d quite happily get involved if there was. I went along to a popular village community meeting, which took place in a village church and boasted a turn out of over 100 people. As you would expect for this sort of meet up, under 40’s were lacking representation and I was there to facilitate a cyber crime session so wondered how receptive the audience would be.
Generation Neutral Cyber Concerns
The initial talk gave an outline of the threats of cyber crime, emerging patterns, prevention and reporting advice. Then came the Q&A and despite expecting a tumbleweed moment, to my delight the questions flooded in. Each question posed had a technical element, which came as a pleasant surprise as clearly the older generation in this village had a grasp of digital. They asked about antivirus, protection in an OS X environment and guidance on the latest password advice. It was extremely encouraging to see so many people in the community showed an interest in fraud and cyber crime prevention. It challenged the stereotype of the older generation not having a clue about the internet and made me reflect on how entwined all our lives are with the internet and world of digital devices.
I decided to stay for the remainder of the meeting and listen to the chair and others go through the schedule. They talked about planning applications, summer parties, fund raising and local clean ups. It was very impressive to see such an engaged and active group. It somehow felt very old fashioned yet this was in stark contrast to the technical questions asked of me earlier following the crime talk.
It then dawned on me. Every fund raiser, every membership query and every petition was orchestrated via the medium of electronic mail. Surveys were being done online and one lady even spoke about her desire to establish a Facebook page to promote the good work they were doing. It was whole heartedly encouraged by the rest of the group. It was pleasing for me to see how the plethora of services available online were being used to promote the good work of such a traditional village community.
To top it all off the vicar chimed in with a story about nearly falling foul of a PayPal phishing email. The audience gasped and shook their heads and they nearly all seemed to have similar stories.
It is fair to say some of the older members of the community were far more aware and cautious than a lot of the younger people I work with. How encouraging.
If you’re anything like me and enjoy running Parallels on a Mac Book to operate your Virtual Machines then it can be infuriating when some VM builds refuse to run.
This recently happened to me whilst trying to fire up a Windows 7 Professional VMWare build in Parallels; it just simply wouldn’t convert. My easy fix when this happens is to fire up the VM in VirtualBox. I use VirtualBox because it’s free for Mac OS X (unlike VMWare Fusion) and tends to convert VMWare files quite well.
However, the default network settings for Win 7 on VirtualBox are NAT. This is great if all you want to do is load up Win 7 Pro on a Mac and get on the internet. If you want to start talking to this machine from Kali running on Parallels then sadly it’s not going to happen.
The IP address given to the Win 7 machine is 10.0.2.15 and is on a different subnet to the Kali Linux machine running in Parallels.
I initially got some strange results from nmap scans pointed towards the Win 7 IP address from the Linux machine, however could not replicate them. Either way, no useful communication could be had between the two VM’s.
After a great deal of fruitless searching the internet I stumbled across the simplest of solutions.
This is what to do to get both machines on the same subnet, able to access the internet through the host and talking to each other. Simply change the network settings on the VirtualBox Win 7 installation to Bridged Adaptor using vnic0 as follows:
A further ipconfig command should provide you with an IP address in the same subnet as the Kali Linux machine. From here you should have no problem doing whatever it is you need to do.
Let me know if you have any similar tips for people paying for Parallels but filling the gaps by running a free version of VirtualBox on Mac OS X.
Ransomware has been lingering around since the 90’s but its proliferation in recent years means that more and more small businesses, charities and schools are being hit. It’s no coincidence that the explosion of ransomware began with the Bitcoin boom in 2009; a decentralised currency with minimum fees and steeped in apparent anonymity was always going to be a big hit for online baddies.
The Problem With Ransomware
Small business, charities and schools seem to get hit twice when it comes to ransomware attacks and are the ones that suffer the most too. Let me explain. A typical victim company will have somewhere between one and ten computers operating on a network, sharing folders and having quite open access policies between users. They may have paid for a simple network, printer and mobile device setup a couple of years back but never considered taking out any sort of ongoing security and maintenance service. Or maybe that service wasn’t offered. We all see high street IT companies advertising services for local business but how many of them revisit their customers following the initial installation? Maybe their customers don’t feel they need to pay or maybe they are only interested in the one job and moving on. I don’t know but what is apparent is there seems to be a raft of vulnerable businesses out there that could really benefit from a knock on the door by an IT guy.
What about staff training? Every single ransomware attack that I have known to hit a small business, charity or school (I could abbreviate that to SBCS like they do for SMB’s but I think that’s already taken for Single Byte Character Set!) started with a member of staff double-clicking an e-mail attachment they shouldn’t have. Most of the cases involve mass mail campaigns and no specific information is offered up to the victim about the sender or the content of the attachment yet they go on to click and infect anyway. Why? Because they don’t know what they don’t know. I’m pretty sure a quick chat about the risks of this behaviour would soon make staff think twice but until they have that chat how are they to know any different?
Then there are the targeted emails that make specific reference to the recipient, purport to be the supplier or the infection is wholly brought about through unauthorised access to the system without even thinking about emails. How can you defend against these types of ransomware infections? I would say again that training is key. Do your staff know to check the domain of the email sender against the genuine one or know how to check email headers and file extensions when receiving emails purporting to be known customers or suppliers but carrying unexpected attachments? Probably not would be my guess. A business runs on people and people tend to be the weakest link in the chain when it comes to cyber security.
Too Late For Prevention
So, the system’s infected and all files to do with recent quotes, emails and payroll are encrypted and you’re being asked to shell out 4 BTC to someone with a snazzy cyber name and a dodgy looking email address. Well firstly, avoid paying a penny if you can because all that happens is the job of being a ransomware distributor becomes more lucrative and similar businesses will be increasingly targeted. This is due to ransomware more recently being offered up as “as a service”. There are also cases of ransomware victims being let off the hook if they agree to continue to spread the malware for a cut of the profits.
So, a decision is made not to pay but what do you do then? This is the point at which I believe a lot of these businesses get hit twice. A ransomware attack has encrypted critical files and prevented sales reps from bringing in new business, prevented staff getting paid and caused suppliers to chase up emails about unpaid invoices.
First of all check out www.nomoreransom.org – a great resource offering up decryption keys for quite a few popular variants of ransomware and since it’s well funded by Europol and industry partners it does provide sound advice and gets updated often enough to provide the odd success story.
No decryption key available for your ransomware infection? Well this is when backups play a part. Let’s hope you’ve been backing up your data regularly and storing that data off the network to prevent encryption of cloud and attached storage backups. Let’s hope you’ve clocked the ransomware before you’re next backup schedule actually overwrites your data with fresh encrypted data (it has happened).
Whatever the situation with backup, it’s usually the case for small business that services of an IT tech have to be called upon. Companies of the size I’m talking about can’t afford and often don’t need a permanent IT guy working for them. So when something like ransomware breaks it doesn’t just cost that company lost business and time but also money in the form of a hefty invoice from their local IT firm. The saddest cases are those where no viable backups exist and the business essential pays an IT tech to attend, assess the situation as dire and then simply wipe all drives and do fresh installs of software. That leaves the company out of pocket in a big way and suffering the burden of losing all information to do with the day to day running of that company.
You only have to do a quick internet search to find a plethora of good advice about prevention out there. However, there are plenty of small businesses that feel they cannot justify the expenditure of having fancy backup systems in place, which come with ongoing IT support. They’re happy to have a quick chat with staff about the dangers of clicking spurious looking email attachments but feel they can’t afford to send staff on full away days or training events. With this in mind maybe it’s worth considering changing the message. I suggest the key prevention messages change from, “Here are your 5 star bullet proof tips to evade ransomware” (which are all great but clearly not being followed by all) to “Here are some simple, free things you can do to help avoid becoming a victim.”
I’m thinking about things like encouraging carpet cleaning companies to simply save their regular customer details spreadsheet to a USB stick once in a while or asking the local hardware store to tell their staff to avoid opening unexpected attachment in email. If the local social club just updated their antivirus once a week then that would help too. For all those small businesses, charities and schools out there we should encourage prevention through baby steps rather than scare them with the 5 star gold standard.
The full house of backup, updated antivirus, training and a promotion of culture change would of course always be the preferred option but I’d rather something got done than nothing.
Cyber crime is on the increase and has been for some time. Of course, the effectiveness of the police to correctly label a crime as cyber has improved but it is doubtful this alone can account for what we’re seeing. There is a real and substantial increase in crime being committed online or facilitated in some way by our ever more intrinsically digital lives.
What do most people think of when they hear the term ‘cyber crime’? Well that depends on who most people are, how they use the internet and where they believe the threat of crime is coming from.
Take the retired teacher who occasionally uses the Internet to do banking, email distant friends and seek out the cheapest car insurance. Ask that person what they think cyber crime is and they will inevitable talk to you about the dodgy phishing emails they receive and how they are worried about fraud. They will likely tell you of the time they nearly clicked on an email link thinking it was the ‘tax man’. Or the time someone called from their internet service provider to advise them their router was faulty in order to convince them to install TeamViewer to allow remote access.
Then think of that retired teacher’s daughter who has two children, one in high school and one in primary school. They both have a tablet and smart phone each and do their homework on the family laptop. The kids come home and tell her all about how someone came into school from the police and gave them loads of advice about staying safe online. They reel off their new knowledge and impress their parents but what does this all mean to Mum & Dad? It means the next friend request to come from an older looking male means smart phones are being confiscated and access to the internet limited. These children are children born into an online world and they will go online whether their parents say they can or not. Now they just won’t say anything next time they are being bullied or asked to perform a ‘special dance’ in return for the prize of a new smart phone.
What about the boy living across the road who you rarely see? Sometimes he’s up all night, judging by the flickering light of his computer screen that can be seen from outside. He’s your local cyber criminal. He began in school by being the smart ass who shoulder surfed a few passwords and sent hilarious emails to teachers from unwitting fellow student’s accounts. He got bored of that, watched a few YouTube videos and now he sits there scanning for vulnerabilities on local school websites. He commits DDoS attacks against local businesses using free stressor tools just for the hell of it. After doing that a few times he gains enough kudos to join an ‘elite’ hacking squad of like minded individuals. He is now the big man revered by his peers and hated by his victims for the loss of business, damage to reputation and outright nuisance he causes. All the while he is ignorant to the fact that despite never being in trouble ever in his life he is committing offences each night that can bring a maximum sentence of ten years in prison and what a shock that is for him when the police come knocking.
Despite all he has learned the youthful cyber criminal fails to put his skills and knowledge to good use. He could have told his Dad to backup his business data and update antivirus but he didn’t. His Dad runs a well respected car sales company in town. A couple of days ago a member of staff double clicked an attachment in an innocent looking email and now access to payroll, quotes, orders and customer contact information is denied. Ransomware has taken over the network of three computers and the local IT company can do no better than wipe all drives and start again. No backup, no data and a bill for IT that they can ill afford hits the company hard. Fortunately, the organised crime group behind this spree of offending failed to profit on this occasion.
Cyber crime is a problem for not just one type of person or business but a problem for all. For those of us who understand the threats and know how to mitigate in some small way against them we need to share this knowledge. The criminals have evolved but you have to consider how the public are more exposed than ever due to the increasingly seamless integration of the internet into all our lives.