Category Archives: Hacks

Holiday Scams to Watch for This Season

The holidays are roaring down on us, and we’re all looking to get the best deals as we shop online and explore cyber sales. Here at DSA Technologies, we want to help you avoid that “Nightmare Before Christmas” that could arise from a stolen card number or hacked personal data as a result of online shopping. We’ve all heard it. If it seems too good to be true, it probably is. There are many websites that offer as much as 60, 70, even 80% off during this time of year. Don’t be the one that enters your payment information to capture a quick special and find out days, weeks, possibly even months later that you’ve been phished. How can you make sure you’re as safe as possible? As we get ready for Cyber Monday specials and online shopping throughout the month of December, there are several tips we can offer for businesses and individuals alike.

The golden rule? Be careful what you click on
Make sure the site you are entering your personal information has HTTPS. It’s important to see the “S” after HTTP, but that still does not mean you’re out of the woods. According to research from Venafi, the number of typosquatting domains (which is a bait-and-switch lookalike URL) is 400% greater than the number of authentic retail domains. That’s right, the bad guys are coming up with “fake” domains that look like the real domain of vendors like Facebook, PayPal, Amazon, and many others. Be careful what you type, and make sure you see the correct URL when you’re going to a website.

Bogus Shipping Notices 
Households receive a deluge of packages as the holidays get closer. A message from UPS, FedEx, or Amazon that notifies you that there is a missing or delayed package can be easily glanced over and taken for granted. Most of the time the message will include a link for easy access. Don’t click on this link. It may take you to a bogus website or better yet, download a virus directly onto your computer. If you are expecting a package, go to the vendor’s website by typing in the correct URL and tracking your package from there.

Phishing Emails
This is getting to be one of the most common scamming attempts. It is any email with a link designed to get you to enter your personal information. You might see that this is a letter from Santa or a prize that you’ve won, encouraging you to click on a gift card offer or discount. Remember this saying: “just don’t click!”

Phone Scams
Phone scammers figure most people are going to be home over the holidays, and they double their efforts during this time. The short story is, they are trying to get your personal information over the phone. They can pretend to be any number of vendors, bank tellers, computer repair advisors, or support technicians. The solution is pretty simple: don’t give personal information to any caller you didn’t initiate a conversation with.

This is getting to be one of the most common scamming attempts. It is any email with a link designed to get you to enter your personal information. You might see that this is a letter from Santa or a prize that you’ve won, encouraging you to click on a gift card offer or discount. Remember this saying: “just don’t click!”

Phone Scams
Phone scammers figure most people are going to be home over the holidays, and they double their efforts during this time. The short story is, they are trying to get your personal information over the phone. They can pretend to be any number of vendors, bank tellers, computer repair advisors, or support technicians. The solution is pretty simple: don’t give personal information to any caller you didn’t initiate a conversation with.

Relatives in Distress
This tactic is commonly known as “Virtual Kidnapping Ransom Scam.” It can begin with a phone call saying your family member is being held captive or in trouble with the law in another country. The caller might allege that a child or grandchild has been kidnapped with someone screaming or yelling in the background. They will typically provide instructions to ensure a safe return of the family member. They will ask you for money and give you directions on who and where to wire the money. If this happens to you, take a deep breath and realize this could be a scam. Ask to talk to your family members being held, and if they don’t let you speak to them, ask them to identify your family members. Attempt to call or text your family members. To prepare for an event like this, have code words that can be used so you know it actually is a real event. Call your local law enforcement as soon as possible.

Fake Charities

Possibly one of the most unfortunate scams out there, fake charity requests can be heartbreaking. This may be a fake GoFundMe account for what you think is a good cause, a social media thread, or an email chain. They may be impersonating someone you know or a friend of a friend. They might impersonate a legitimate charity on the phone. If you receive a phone call, the best thing to do is tell the caller you will call them back. Wherever you see the request, be sure to look up the correct charity and call them to see if they contacted you, or have outreach campaigns in progress. It may take you a little more time, but remember, it’s better to be safe than sorry. We hope these simple tips can ensure your holiday stays merry and bright!

IT Security Vulnerabilities that Can Lead to an Inside Job

Vlad de Ramos, a 22 year veteran at IT Management and IT Security, guest blog writer today, giving us some practical advice on IT Security Vulnerabilities.  What a timely piece of writing.  So many industries are facing security issues today both external and internal.  Vlad will cover how to take steps to guard your business from all fronts.  Please help me welcome Vlad to TheDigitalAgeBlog.

Data breach can happen to anyone and IT security failures are not only damaging and costly for businesses, but customers would suffer as well, and people lose their jobs too.

In a study conducted by Scott & Scott, LLP, researchers found that 85 percent of businesses suffered a breach in their data security. Despite the prevalence, about 46 percent did not employ encryption solutions following the IT security failure. About 74 percent of the companies surveyed report losing customers, while others faced potential lawsuits (59 percent) and fines (33 percent).

It’s not enough that you guard your business against outside threats. There are many dangers inside the organization that should be managed before they can cost your leadership team their jobs and the business its integrity.

Companies who take IT security seriously should guard their business against all fronts. Unfortunately, many companies admit that they are still lacking in terms of securing safety from the inside. And one of the reasons many organizations fail to set up effective safeguards is because they are in denial about the magnitude of IT security threats stemming from an inside job.

Here are some of the reasons your employees can contribute to IT security failures.

Inside Insider Jobs

There are a variety of reasons a company’s very own employees can take part in inside jobs such as financial gain, desire for power and recognition, revenge on a co-worker or boss, and response to blackmail from inside and outside the organization.

Some employees are lured into inside jobs due to their loyalty to some people in the organization or to colleagues who recently left on not-so-good terms, while others do it for personal and political beliefs.

There are also insider jobs that are linked to activist groups and organized crimes. In a 2012 report by Carnegie Mellon University’s CERT (computer emergency readiness team) Insider Threat Center, researchers found that out of 150 cases of IT security failures analyzed, about 16 percent were linked to organized crime.

According to a psychologist, Monica Whitty, from the University of Leicester, employees who “willingly” assist in IT security attacks may be suffering from one or more of the following conditions: narcissism, psychopathy, and Machiavellianism, which is defined as the “the employment of cunning and duplicity in statecraft or in general conduct”.

In a 2013 study by Centre for the Protection of National Infrastructure (CPNI), findings showed that people who engage in insider attacks might have two or more of the following qualities: low self-esteem, lack of ethics, immaturity, tendency to fantasize, impulsiveness, lack of conscientiousness, instability, and manipulativeness.

Regarding work behaviors, the CPNI study found that insiders often engage in unusual copying jobs such creating copies of sensitive materials beyond what is necessary and removing protective markings on documents when creating their own copies. Insiders also often engage in usual IT activities such as searching for keywords in a company-sensitive database.

Management Vulnerabilities

Motivations and unusual behaviors are just one side of the story.

The lack of an effective IT security protocol opens up vulnerabilities within the organization that employees can use. Some of these include:

  • Administrator and other privileged access that aren’t monitored.
  • Unattended company devices such as USB’s and laptops.
  • Hard drives that weren’t properly disposed.

But even with an advanced security practice, human error can still pose a threat. Most of the time these are innocent mistakes due to the lack of knowledge in IT security. These include improper file transfers, illegal uploads and downloads, as well as using personal devices in the workplace for business purposes.

In other cases they are intentional because of management issues. Disgruntled, burned out, and dissatisfied employees can turn to accomplices. The Verizon Data Breach Report 2016 have found that employees transferred data via USB before they left the company. Companies who have fraud detection were able to weed out the employees who provided information in weeks, but those who don’t identified them in months or years.

Secure Your Posts

Don’t just look for loopholes in the IT infrastructure. In ensuring the safety of your business and customers, you also have to analyze the status of the people within your organization. Ensure the security of all your posts by looking not just outside in but also inside out.
Please feel free to comment on Vlad’s post.

Vlad de Ramos has been in the IT industry for more than 22 years, focusing on IT Management, Infrastructure Design and IT Security. He is a certified information security professional, a certified ethical hacker, a forensics investigator, and a certified information systems auditor. Vlad joins to help increase knowledge on IT security awareness in the Philippines. Outside the IT field, he is a professional business and life coach, a teacher, and a change manager.



White House Releases Color-Coded Scale for Cybersecurity Threats

cyber-threat-scale2On Tuesday (July 26, 2016) the Obama administration released a framework for handling cyberattacks. The Presidential Policy Directive (PPD) on United States Cyber Incident Coordination is a new plan anticipated to create a precise standard of when and how government agencies handle incidents. At the start of his administration, President Obama made it clear that cyberattacks pose a grave threat to the economic and national security of the United States. Previous to the PPD, the Cybersecurity National Action plan was a policy based on three strategic pillars:

  • Raising the level of cybersecurity in both the short and long-term in our public, private and consumer sectors
  • Taking steps to prevent, disrupt and interfere with cyberattacks aimed at the United States
  • Responding effectively to and recovering from cyberattacks

Presidential Policy Directive on US Cyber Incident Coordination

While the Obama Administration has made progress on the three pillars, the country has been faced with managing increasingly significant cyber incidents. Since 2006, cyberattacks against the US Government are up 1,300 percent. Breaches such as the attack by Russian hackers on the Office of Personnel Management where a reported 5.6 million Americans’ personally identifiable information were stolen. In late June, the Democratic National Convention (DNC) was hacked and included files from the 2012 Benghazi attack, the U.S. military intervention in Libya, and the Clinton email server controversy. Most recently, the Federal Department Insurance Corporation (FDIC) cover-up of their data breaches in 2010, 2011, and 2013 was exposed.


According to their website, the PPD is intended to build on the lessons learned from these hacks and institutionalize our cyber incident coordination efforts in numerous aspects, including:

  • Establishing clear principles that will govern the Federal government’s activities on cyber incident response
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

Included in the PPD, is the “Cyber Incident Severity Schema” which will unify how the federal government will respond to cyberattacks against both the government and private American companies.


The schema, shown above, ranges from white to black, with green, yellow, orange, and red falling in between. While the scale is somewhat vague and has a lot of unanswered questions, it’s intended to ensure that the agencies involved in cybersecurity respond to threats with the same level of urgency and investment. Anything above the dotted line, separating orange and yellow, indicates a significant cyber incident that will trigger a coordinated response from government agencies.

Cybersecurity continues to be a growing concern for the US Government, and high-profile hacks have led to serious consequences for the parties involved. While it’s too early to gauge the success of the PPD, we have to hope that it will be a huge step in securing the personally identifiable information of our citizens and our most valuable data from the persistent threat of data breaches. Web Hosting $3.95



Over 1000 Wendy’s Restaurants Hit by Credit Card Hackers


The Popular fast-food restaurant chain Wendy’s on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country.

The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers’ credit and debit card information.

The data breach is more than three times bigger than initially thought.

The original data breach was believed to have affected “fewer than 300” of its 5,144 franchised locations in the United States when the malware was discovered in May.

The Malware had been installed on Point-of-Sale (POS) systems in the affected restaurants and was able to obtain cardholder’s name, payment card number, expiration date, service code, cardholder verification value, among other data.

The data breach began in fall 2015 and discovered in February this year, and the company went public with in May.  Just last month, Wendy’s said the company learned of a second malware variant that had infected its systems and disabled it from all locations.

The company is now offering one year of “complimentary” fraud protection services to affected customers.

Wendy’s has blamed a third-party for the cyber attack, saying a “service provider” had its remote access credentials compromised that allowed attackers to deploy malware remotely to some franchisees’ POS systems.

Once identified, the US burger chain found a method of disabling the malware and has done so at all affected locations. Customers can see the list of affected locations through Wendy’s website.

So, if you have used your debit or credit card at Wendy’s restaurant early this year, you are advised to keep a close eye on your bank account statements.


5 Ways to Keep your Domain Name Safe from Being Hacked


The proliferation in the number of people using the internet had led to a significant number of new websites and blogs popping up every day. The huge platform for sharing views and personal opinion about anything or host content that one deems suitable to share, casual users today have understood how good a business owning a website or even a personal blog can be.

However, although many people easily set up their own website or blog, there are hardly any who are knowledgeable enough in protecting their domains from hackers once they become the legal registrants of domains. Today, we discuss this issue to help owners of personal blogs and small websites.

How to protect your domain from hackers

The following methods can be used to protect your domain from the attacks of hackers:

1. Activity alerts

This is similar to receiving notifications about your Facebook activity. Whenever an activity is performed using your domain account, you can get a notification. Many good domain registrars provide this feature free of cost. This is a good way to keep track of any unauthorized activity on your domain account.

2. Make sure writeable and executable files and directories are not in web root

Not doing so basically means that any unauthorized user can access readable and/or writeable directories or archives. This is as easy as it can get for hackers to exploit non-secured scripts to run or place data on your web hosting account.

3. Keep your domain locked

Enabling your domain registrar’s lock is a simple yet effective way to prevent illicit third-party domain transfer request. Such domain transfer requests are frequently used to steal domains. Simply enabling domain registrar lock can prevent your domain from falling prey to this malicious practice.

4. Do away with unwanted Directories, Scripts, and Subdomains

It is a common mistake by website owners to leave old and less used directories and scripts on their website. The gravity of this mistake cannot be emphasized on enough. This is because hackers can use this information for the purpose of hacking into your website. Therefore, it is important that you routinely chunk out files and directories that you no longer need or use.

5. Use strong and complex passwords

All accounts that require security are secured by passwords, but users can be so naïve as to use passwords that can be guessed easily to protect their sensitive information. This is a textbook mistake, one which hackers never get tired of exploiting. Always, ALWAYS, use passwords that are a combination of letters and numbers and are not short in length. Also, make it a practice not to use common English words as your passwords, for there are a lot of password cracking tools that crack passwords quickly because the password includes common words.


A lot of people are victimized by hackers by stealing or hacking their domain names. It is most important to pay close attention to your domain’s security, especially when your blog or website becomes really popular. With the help of this article and perhaps a little more research on the matter, you will be much more secure than you previously were (if not using these methods already) against hackers.

Warning to HR Directors of Phishing Scam Seeking Employee W-2’s


Peyton SmithWritten by:  Peyton Smith
Shareholder, Litigation Section, Labor & Employment Practice Group at Munsch Hardt Kopf & Harr PC

I was contacted this week by the Director of Human Resources for a technology client with a request for immediate assistance tied to a data breach that has unfortunately, becoming alarmingly too frequent during the first three months of 2016.   She had received an email from the President of her company at the end of her workday, noting that their senior leadership was working on salary, bonus and budget forecasting for their company and requesting that she send to him the W-2’s for key company personnel via PDF.  The email was written in his typical conversational style and was signed in the manner in which he signed all his internal emails.  Further, his reply email listed a return email address to his direct email account.  Before she sent the information or replied, she confirmed the email and signature block and verified with a Vice-President that she could forward the requested information.  Upon review of the email and messaging, the Vice-President authorized the production of the requested information and employee W-2’s. Feeling well protected, the HR Director sent the email and W-2’s requested.

The email was unfortunately a scam with a hacker who had copied the President’s email signature block, matched his communication and signature style, word-for-word, including creating a “ghost” over his correct email address to cloak the email address to appear to be for the intended recipient.  My client was fortunate since they caught the data breach quickly but the information was now in the hands of someone outside the company who clearly had less than honorable ideas with what to do with the information they had gathered. Furthermore, hundreds of employees now had their W-2 information, including their name, address, social security numbers and other confidential information, taken by a skilled hacker.

In addressing this issue with my client in recent days, we learned that this current phishing scam is incredibly popular right now.  The FBI and local law enforcement advised us that there have been more than 700 reported similar cases of hackers fraudulently securing employee W-2 information in the month of March 2016 alone. The hackers appear to be targeting companies with less than 3,000 employees and the email requesting W-2 and similar employee information is nearly always directed to the human resources contact at the targeted company. The IRS has recently released an alert warning employers of this scam and to alert them to be increasingly vigilant in protecting company and employee information.  (See  the following link as to the latest alert:   “This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

If you have not yet done so, employers are strongly encouraged to implement a proactive plan to decrease the risk of unauthorized disclosure of such information.  Each state has different requirements for employee protection and penalties which might be levied against employers for failing to implement appropriate safeguards for protecting employee confidential information, as well as the notice requirements in the event a data breach occurs.  In the event that a data breach occurs and confidential employee information has been accessed by unauthorized parties, employers should immediately address the issue with more aggressive internal safeguards, contact legal counsel regarding how best to strategically address internal and external legal ramifications of the breach, notify law enforcement (local and the FBI’s Cyber Crimes Division), and inform the IRS of the fraudulent access to employee social security numbers.  Simultaneously, employers have a duty to promptly inform employees of the breach and what increased protections have been put in place to decrease the risk of future data breaches.

In light of these concerns and the increased risk of hacking personal information, employers are also encouraged to review current insurance policies and to consider whether to purchase cyber insurance coverage. Additional security software for utilization by the human resources and accounting department might be a wise and worthy investment to consider as a deterrent to hacking vulnerability.  With the increased efforts of hackers seeking W-2 and other personal employee information, prudent employers will partner with their legal counsel to address such concerns prior to being a hacking victim.  When considering best practices in protecting employee information, employers should follow the adage  “the best defense is a good offense”.

Peyton N. Smith is a Shareholder in the Labor & Employment and Business Litigation practice groups at Munsch Hardt Kopf & Harr, P.C. and is based in the firm’s Austin office.

No Matter Your Industry, It’s Time to Take Cybersecurity Seriously

Robert_HerjavecShark on ABC’s Shark Tank, Founder of Herjavec Group, Bestselling Author of You Don’t Have to Be a Shark


We’re seeing more breaches, more endpoints, more technology, more connectivity. The key word is MORE. Given this level of interactivity, cybersecurity has experienced a surge over the past five years and shows no signs of slowing down

Here are the top cybersecurity topics you should be speaking with your executive and IT teams about to support your emergency preparedness planning.

1. Ransomware: Holding your information hostage

Ransomware is a malicious software that allows hackers to access a company’s computers, encrypt information, and then demand payment in order to decrypt it. Vulnerabilities are often exploited in third-party software including Microsoft Office, Adobe and various graphic files. McAfee Labs reported 58% growth year over year in ransomware in Q2 2015 (~ 4 million samples). Herjavec Group does not advocate for paying out or negotiating during a ransomware attack. It is recommended that all organizations have an asset back-up strategy in the event they need to recover critical information.

Ask yourself: what is our asset back-up strategy? When was the last time we classified our assets or did an inventory of our critical information? Do our employees know what to do in the event their system is compromised?

2. Mobile Malware: Take control of your mobile devices.

Multiple best of breed vendors have reported an uptick in mobile malware as part of their 2016 predictions reports. Herjavec Group is focusing on the prevalence of these issues across Android devices in particular. The attack surface is growing as more individuals and corporate customers are adopting Android technology. Unfortunately in many instances, this operating system requires carrier updates in order to issue a new release. The lengthy lifecycle of each release provides ample opportunity for hackers to exploit existing vulnerabilities before the update occurs. To mitigate the risk, it is recommended that individuals ensure their mobile devices are up to date with the latest available operating systems information and files.

Ask yourself: do we understand the scope of the endpoints connected to our network? What is our BYOD policy and how do we ensure updates are pushed across our team?

3. Cloud: Is it time to move?

Moving assets and technologies to the cloud presents a scalable, cost-effective solution offering improved visibility, and the opportunity for proactive analysis. Unfortunately many organizations are challenged to advance cloud-based projects due to concerns over control, regulatory compliance, and overall security. To manage risk, we recommend developing a benchmark to measure cloud application usage on a regular basis (ex: track progress against risk targets, report cloud trust ratings quarterly, report new cloud services in use monthly). Herjavec Group offers various cloud consulting services including vulnerability assessments, web application testing, and penetration tests.

Ask yourself: Do you know what cloud technologies are being used in your environment? Do you know what good looks like? What metrics do you use to measure security and efficiency in the cloud? How frequently are you circulating these metrics?

4. Employee Awareness: Your employees are your biggest threat.

Spending on security technology is not sufficient as many reports indicate that employees and not firewalls are the No. 1 threat vector today. Organizations must consider how they are protecting their employees’ endpoints when they leave the corporate environment for business travel or to return home. It is anticipated that home networks will become targeted as hackers attempt to infiltrate corporate data being worked on remotely. You must also evaluate what training and awareness programs you offer to ensure your employees are invested in the protection of your organization’s vital assets. Herjavec Group can provide an outline of appropriate educational materials for your team or help administer a cybersecurity awareness seminar for your organization.

Ask yourself: when was the last time your team underwent security training? What access do your employees have to the internet within the workplace or from their connected mobile devices? What restrictions are in place?

In light of the dynamic and ever evolving cybersecurity landscape, it’s highly recommended that organizations have a security framework in place. When things go wrong, there is a tendency to panic and act irrationally. Developing a security framework and ensuring it’s communicated to all of the appropriate stakeholders within your organization can help maintain the sense of calm required to get your business back to standard operations as efficiently as possible. Here are the questions that need to be addressed by your Security Framework:

  • What happens when you hit the panic button (ie: will it work, who do you escalate to? What’s the disaster recovery plan?)
  • How many risks are being taken to run tech operations (ie: layers of security control, are all systems protected equally?)
  • Where and what is your sensitive data (ie: can you identify what has been lost in the event of a breach? Back up and recovery plans?)
  • Visit for more information on recommended cybersecurity discussion topics or to review Herjavec Group’s Ten Point Plan for security preparedness.

    To your success,

1-800 FLOWERS warns that hacker may have stolen customers’ personal info

Online florist failed to nip hackers in the bud


1-800 FLOWERS has begun sending out data breach letters notifying customers that a hacker might have stolen their personal information.

In a letter sent by the New York-based flower and gift retailer to the California Department of Justice, 1-800 FLOWERS explains that it was first alerted to the incident back in February when customers began complaining of an issue on its website.

“Our customer service team received reports on Feb. 15, 2016 from several customers indicating that they were unable to complete their online orders. Our operations team initiated an investigation and identified signs of unauthorized access to the network that operates our e-commerce platform.”

Bibi Brown, vice president of customer experience for 1-800 FLOWERS goes on to explain the team has since determined that during a 33-hour period between February 15 and February 17, an unauthorized third party might have gained access to customers’ orders, which commonly include their personal information such as their name, address, email address, and payment card data.


At this time, the floral retailer has not provided information on how the attacker might have succeeded in breaching its system. 1-800 FLOWERS has also not confirmed that any specific order information was affected.

There’s cause for some optimism, however.

Joseph Pititto, the company’s senior vice president, investor relations, told in an email that he has received no reports that any of the affected information has been incorporated into any sort of attack or other malicious campaign.

In this particular incident, it appears the worst case scenario would involve some compromised payment cards.

With that in mind, if you attempted to make a purchase with 1-800 FLOWERS during the affected 33-hour period, please take care to watch your credit transaction history carefully.

If you spot any suspicious charges, you should notify your bank or your card provider immediately. They can help you contest the charges, and in incidents such as these, they will be happy to send you a new card.

APTs – Understanding the Ghost in the Machine

One of the biggest threats to all businesses is an APT attack. This means that the attacker has gathered enough sensitive information, weighed out all the possible outcomes, and is ready to attack at a moment’s notice. APT (Advanced Persistent Threat) is a form of cyber attack in which the attacker gains access to a network and finds a way to remain there hidden for a long time. Virtually undetected gathering information and waiting to attack. It is usually not an easy process to do, in a usual hack, the intruder will want to get in and get out as fast as possible with whatever data they can get. With an APT attack, the intruder wants to get in and stay in without being detected.
Once the attacker is in, there are many of things they can do to damage your internal network. Some of the most common ones are spear fishing attacks(sending false emails internally to try and wire money or get information) and social engineering attempts to get actual full network access. With this access, the attacker will try and set up a back door to come in and out when they please.

Now these APT attacks are hard to identify upfront and usually companies do not detect until the intruder is already on the inside. The most common way to detect an APT attack is to monitor the outgoing data with your IDS (intrusion detection system). This will catch the culprit if they are trying to send out any data prematurely. Below are some clear cut signs that you may be a victim of an APT attack.

  • Unexpected information flows inbound or outbound
  • Finding of backdoor Trojans
  • Increased activity with information movement or logins late at night
  • Detecting unexpected data packets or toolkits

There are several ways to limit the threat of an APT attack. As a security team you need to sit down with your manager and discuss which approach you would like to take.

  • Eliminate Low-hanging fruit vulnerabilities
  • Ensure end users do not have admin access to reduce social engineering attacks
  • Effective use web and email reporting to consistently scan the network for anomalies
  • Implement SIEM capabilities

Lastly one of the most important steps you can take is to understand that not all threats can be stopped, and the best way to prepare is to have a fast turnaround time as far as remediating the active threats once they do occur. Insuring that it is always aware of any threats, then have the ability to respond second is key. When you are reacting learn to make it as fast as possible to eliminate as much of the damage to you internal networks. Overall an APT prevention measure should be in your information security plan.

Data Breach at UC Berkeley Impacts 80,000

It’s a New Year !!!


Roughly 80,000 people might have been impacted by cyber attack that hit a UC Berkeley system containing Social Security and bank account numbers, the university warns.

UC Berkeley officials are sending alert notices to current and former faculty, staff, students and vendors after discovering that one of the university’s systems had been breached, but say that there’s no evidence that any personal information has been accessed, acquired, or used following the attack.

However, the university has decided to inform users who are possibly impacted by the breach to stay alert on any misuse of their information and to enroll into a credit protection service the campus is offering free of charge.

Authorities, including the FBI, have already been notified about the incident.

According to a post from Janet Gilmore, Public affairs at UC Berkeley, the attack occurred in late December 2015, when an unauthorized user gained access to portions of computers that are part of the Berkeley Financial System (BFS). The attacker(s) leveraged a security vulnerability that UC Berkeley was in the process of patching, Gilmore states.

The blog post explains that the BFS is a software application used for the management of financial operations such as purchasing and most non-salary payments. Of the 80,000 potentially impacted people, 57,000 are current and former students, about 18,800 are former and current employees, including student workers, and 10,300 are vendors who do business with the campus.

Due to the fact that some individuals belong into more than one category, the breach impacted more than 80,000 entries, and Gilmore explains that this includes approximately 50 percent of current students and 65 percent of active employees. She also explains that many of the people impacted by the breach include individuals who received payments from UC Berkeley through electronic fund transfers.

“For students, this often involved financial aid awards that they elected to receive by electronic fund transfer. For many faculty and staff, this involved reimbursements, such as work-related travel reimbursements. Vendors whose Social Security numbers or personal bank account numbers were in the system in order for payment to be issued are also potentially impacted,” Gilmore says.

UC Berkeley learned of the potential unauthorized access to data within 24 hours of its occurrence, and Gilmore notes that officials took prompt action by removing all potentially impacted servers from the network, thus preventing further access to them. Furthermore, the campus hired a computer investigation firm to assist with the investigation.

Last month, University of Virginia’s HR system was breached and attackers managed to access sensitive information, including W-2s and banking details of University employees. Also in January, a hacker proclaiming allegiance to the Islamic State jihadist group infiltrated the internal network of one of China’s top universities.