Scam of the day – August 16, 2017 – Hackers targeting hotel Wi-Fi

The security company Bitdefender has identified new tactics being used by a notorious hacking group known as DarkHotel to hack into the computers of hotel guests.  DarkHotel has been operating for about ten years now and until recently had been specifically targeting business travelers in order to gain access to their companies’ computers and the data contained therein. Recently , however, DarkHotel has expanded its targets to include political figures, as well.  DarkHotel has exploited vulnerabilities in hotel Wi-Fi to achieve its attacks.

A key element in the success of DarkHotel has been their successful use of spear phishing emails that have been used to lure unsuspecting victims into clicking on links and downloading malware.

TIPS

Whether you are a high profile business person, a politician or a regular citizen, spear phishing is one of the biggest threats to your security and well being.  Spear phishing emails or text messages are personally crafted emails or text messages that have been created using information about you, your job, your interests and other aspects of your life to lure you into clicking on a link and downloading malware.  Most of the major data breaches as well as personal data breaches have been initiated through phishing so the lesson is clear.  Trust me, you can’t trust anyone.  Never click on links in emails or text messages unless you have absolutely confirmed that they are legitimate.

Scam of the day – December 18, 2015 – Congress close to passing cybersecurity legislation

For years Congress has been debating much needed cybersecurity legislation without much success.   Now it appears that a cybersecurity bill that includes provisions previously approved by the House of Representatives and the Senate will be included in the omnibus spending bill which is close to passage and needed to maintain the funding of the federal government.  The essence of the cybersecurity proposal is the sharing of information by businesses and the federal government about technical aspects of cyberthreats such as hacking attacks and malware.  Much of the opposition by businesses to this type of legislation over the years has been the concern of businesses that such sharing could make them vulnerable to lawsuits.  In response to this concern, the new proposed legislation provides for protection from certain types of lawsuits, such as lawsuits based upon violations of electronic privacy protections. Meanwhile there continues to be opposition to the proposed law, deemed “The Cybersecurity Act of 2015” by some privacy advocates who believe the proposed law does not do enough to protect personal information when data is shared pursuant to the newly proposed law.  However, supporters of the bill, including President Obama have said that the protections of corporations from liability in data sharing will only apply if the companies remove personal information when sharing cyberthreat information.

TIPS

I believe that this law is a major step forward in the battle against cybercrime and will help enable companies and the federal government do a better job in fighting the numerous cyberthreats faced by the government and private industry today.  It should also be noted that these threats come not just from cybercriminals and identity thieves, but also from foreign governments and terrorist groups such as ISIS.  It is expected that this law will be passed before the end of the year.  I will keep you updated as to the bill’s progress.