Kim Jong-un Leaves Tiny Footprints on U.S. Cyberattacks


Many security experts agree that North Korean (NK) leader Kim Jong-un has been very busy–not just trading Twitter barbs with Donald Trump either. There have been curious cyberattacks in the U.S. and abroad, leaving tiny cyber footprints in Kim’s shoe size.

The most recent attack installs spyware on mobile devices used by NK defectors and the people alleged to have helped them. The anti-virus firm McAfee backed up this assertion after analyzing files from attacks by NK-linked SunTeam cybercrime group. Since it’s believed that little happens in NK without Kim knowing about it, well–below are two of their more infamous hacks involving the US. You be the judge.

Some cyber experts feel Kim was behind the far-reaching and notorious hack in 2017 called WannaCry. The ransomware wreaked havoc in over 150 countries. It took captive countless computer systems full of critical data worldwide. Much of the stolen data placed a vice-grip on the healthcare industry in the U.S. and abroad. Incredibly, tools for the ransomware hack were stolen from the National Security Agency and then published worldwide for hackers to see. The group known for the theft, called “Shadow Brokers,” is believed to have ties to Russian intelligence.

Did Kim take advantage of the information for his own use? The goal of WannaCry was clearly financial, with information captors demanding $300-$600 in Bitcoin ransom for each victim. Maybe not considered a dictator’s ransom, but multiply that worldwide…estimated damage of $53 billion. It’s speculated that the many sanctions placed on NK over the years have negatively affected their economy, leaving ransomware a practical motive for Kim.

October 2014 saw the NK cyberattack against Sony Pictures. The “Guardians of Peace” hacker group famously jacked countless documents from Sony Pictures. The movie The Interview was on the verge of being released by the studio when the hack happened. The dark comedy took aim at Kim, centering on an assassination plot toward the leader.

The stolen documents were used as leverage to prevent the movie release. They allegedly contained highly confidential and compromising information on studio executives. Over the following weeks, large amounts of the stolen data were posted online, exposing Sony Pictures to a public relations nightmare and further cyber vulnerabilities.

Kim insisted he had no prior knowledge of the attack, suggesting loyal hacktivists supporting him and his regime may have been responsible. Time will tell as the tiny footprints continue to be tracked.

Sometimes there is little you can do to protect information. But there are always some ways to lower the risk:

– Backup important data and systems. If ransomware strikes, it will be possible to quickly restore it from a recent backup.

– Limit what information is posted online. Even if all account settings are at the most secure level, all information posted on the Internet should be considered available to the world.

– Implement cybersecurity tools such as firewalls, intrusion prevention and detection devices, and anti-malware and anti-virus software at a minimum. Keep everything up-to-date.

– Train staff and others on cybersecurity essentials such as how to identify a phishing email message and how to limit their exposure on social media. Phishing is still how many attacks succeed, including WannaCry. Social media profiles are a treasure trove of information for W-2 theft and business email compromise (BEC) attacks.

Many attacks don’t target a specific group, industry, or organization. So, just because yours may be small, if the objective is cash then the size of the organization doesn’t matter. All the attackers want is an opening and those can be found using many methods. Two big ones are unpatched and outdated systems and phishing. Stay on top of these and you can prevent your organization from getting stepped on by any sized footprints.

© Copyright 2018 Stickley on Security

Significant Jump in Credit Card Phishing Scams in 2017

A startling increase in phishing scams that specifically target retailers, financial institutions, and online payment systems, was reported by Kaspersky Labs for last year. The study tracked phishing from the end of 2016 to mid-October 2017 from everywhere in the world where they have customers. It found that in 2017, the total number of phishing attacks overall using online payments was 15.31%. Compared to 7.08% in 2015, that’s an increase of 34.33%. Quite a change, so what gives?

Kaspersky finds a drastic surge in purchases made on mobile devices, in particular…smartphones. Overall last year, 44.6% of website visits on mobile devices were done on smartphones. In fact, smartphone purchases made up 26% of the overall shopping revenue.

Study authors believe that increased phishing attempts go hand-in-hand with our smartphone society. Their report also finds that historically huge shopping days like Black Friday and Cyber Monday are extra-ripe for phishing. According to news from Tech Crunch, on 2017’s Black Friday, $5.03B in online sales were posted. Nearly three billion of that total was done using mobile devices. Looking at it another way, more than 50% of online sales were made using mobile devices.

Phishers bombard devices with fast-paced, non-stop spam offering incredible deals. Too many shoppers react to a great sale and not to common sense. That translates to little or no concern about the offer being legitimate and phisher’s count on that. Human reaction and emotion is often their best friend and a very lucrative friend at that.

It’s important to make sure to stop and evaluate the site and the deal before entering any payment or other personal information into a website. If the deal sounds too good to be true, it is. Instead of clicking links or attachments received in spam email, go directly to the shop’s website and make the purchase there. If the store isn’t so well known, or is completely unfamiliar to you, do some independent research on it first to make sure it’s not a fake.

Kaspersky’s study finds an overall increase in online banking led to a spike in phishing. Just two years ago, online banking made up 17.45% of overall financial phishing. 2017 saw that number jump to 24.47%. Phishers are big on sending email spam that duplicates financial and merchant websites. This leaves many users with little doubt it’s the real deal. In goes your bank account or credit card information and out goes your money. Maybe the thought of a phisher looking to separate you from your money isn’t all that worrisome to consumers. It appears that great offers and quick convenience, however, are.

© Copyright 2018 Stickley on Security

Putting Together a Great Wedding on a Budget

Before discussion about a ceremony or reception even begins, it’s smart for couples to have a frank talk about money issues in general. Share financial information such as current spending, savings, investment and credit status. While this conversation may not seem terribly romantic, honesty about respective finances is the first step to responsible financial planning and compatibility.

Once you’ve chosen a desired wedding date, set a savings target with a realistic budget. If you want to get married fairly soon, realize you’ll have less time to build a wedding fund. Start by making a general list (https://www.theknot.com/wedding-budget/start) of everything you might want in a wedding, and then adjust your vision to what will be in the bank by your desired date.

As the numbers start looking real to you, determine what can be purchased or done inexpensively and others that will require professional help. Take a look at the guest list and see if you can make some cuts. Consider a handheld music player hooked up to a great speaker system instead of a live band. Are you content with your brother’s photo and video skills, or is it a better idea to hire a professional team?

Consider off-dates, off-times and off-venues. Though wedding season is more year-round than it’s ever been, wedding prices still tend to be highest throughout the warm months. Explore winter dates and more obscure venues. Take City Hall, for example. Depending on the municipality, you can either schedule ahead or show up with local license and ceremonial fees as the only costs involved. There’s no need for expensive wardrobe or other trappings. What about having the wedding at home? It’s free space and, depending on the talents of friends and family, homemade food and decorations can also keep expenses to a minimum. But remember that the home or property owner may need a special insurance rider to cover any potential damage or liability, particularly if liquor is being served.

And finally, consider a “surprise” wedding. Planning a party or gathering where a wedding breaks out can provide money-saving advantages to guests and bridal party alike. Having a wedding at a party – especially a regular holiday party you host where family and friends already know to gather – requires little more than a legal officiant and whatever food, beverage, entertainment and insurance costs you need to consider. An unannounced wedding eliminates all pre-wedding costs related to invitations, showers and parties, and you can give your guests a break on gifts.

Bottom line: Flashy weddings aren’t worth jeopardizing your finances for years to come. Make creative, affordable wedding planning part of your love story.

Renting A Car Can Put Your Data At Risk

An innocent car rental can identify who we are, where we go, and who our cell phone contacts are. Who would think programming your “infotainment” preferences into your rental car dashboard could reveal so much about you? Privacy International (PI) knows and they’re hoping to do something about it.

PI, a UK-based firm, recently released a report called Connected Cars: What Happens To Our Data On Rental Cars? It’s declares an all-out information war with car rental titans. PI found that no rental car or car sharing company has a policy about deleting or protecting your infotainment information.

According to Millie Graham Wood of PI, “…internet-connected cars know our current location, patterns of movement, connect to our smartphones to download our contacts and messages, may collect our browsing habits and know our music taste. The volume of data collected by infotainment systems and telematics units is growing.”

A main focus of PI is getting rental agencies to have one easy button to push that deletes any and all information the car collects. The Federal Trade Commission (FTC) is also on board, suggesting ways rental car customers can protect their infotainment and cell phone data.

Don’t use the built-in USB ports to charge cell phones and other devices. Doing that can permanently puts information held on those devices into the dashboard, making it easily accessible to info hackers. The FTC suggests using chargers that inserts into the vehicle’s cigarette lighters to power-up.

Limit dashboard requests for access to different information. They suggest limiting access only to what you choose to use. If you’re just programming music preferences, deny any requests to collect contacts or data from other connected devices, for example.

Take time to delete all collected data before returning your rental car. Check the infotainment menu to see what other devices have been connected. If you need help, check the car manual, research it on the Internet before returning the vehicle, or ask the rental company how to delete it.

© Copyright 2018 Stickley on Security

Dating Apps A Perfect Match For Hackers

Dating app users are now looking for long-term love and not just for quick hook-ups anymore. One look at the Sunday New York Times Wedding section finds online dating apps like Tinder and Bumble increasingly responsible for many a “happy ever after.” Tinder alone has an estimated 50 million users worldwide–but don’t book the chapel yet. Research by Kaspersky Labs shows that hackers have no heart for online love lookers.

Personal–sometimes very personal information is up for grabs by hacks on dating apps–including photos, messaging conversations, names, passwords, and location of the app users. Hackers can often use this data for nefarious deeds from installing ransomware to stalking. With a full information profile on sale online for around $50, hackers make quick cash with no threat of being caught.

Chat bots are also rife on dating sites. Research showed that 70,000 of the “women” (fembots) chatting with men on the infamous Ashley Madison site were actually fembots rather than the real deal. Since the “cheater” site was famously hacked in 2015, exposing the data of 34,000 clients, they had even more explaining to do.

Dating apps are relatively easy to hack. You too can learn how by watching a YouTube video. With inept cyber security, dating apps and the people who use them leave an easy trail for hackers to follow. The rampant lack of data encryption, including photos posted by dating hopefuls, can be stolen and manipulated in real time. For those still using unsecured or free WiFi for dating, always remember a few things:

– Just because a WiFi connection point has a password, it doesn’t mean it’s secure. Your data may still be passing to strangers. It’s best to avoid these and do your swiping from home.

– Create a separate email account used for dating sites only and use a completely unique and strong password that is difficult to crack.

– Always turn off all location settings.

– Don’t give out every detail about yourself on your dating profile. Use discretion and put up only what is necessary. Anything posted on the Internet, whether secured on your account or otherwise, should be considered open and available to everyone, including hackers.

The alarming success of hackers and dating apps prompted Tinder to state “Like every other technology company, we are constantly improving our defenses in the battle against malicious hackers…our desktop and mobile web platforms already encrypt profile images, and we are working towards encrypting images on our app experience as well.”

That’s a start.

© Copyright 2018 Stickley on Security

Getting Paid For Your Passion

Flip through the cable channels these days and you’re bound to see shows about people who have turned a hobby into a business. Whether it’s making cupcakes, being a personal organizer/de-clutterer, or “picking” antiques, these jobs all became moneymakers after starting as fun activities. While you may not get your own TV show, there’s no reason why you can’t create a financially successful venture out of what you love to do.

Think Expansively

If you are attracted to the idea of turning a passion into a business, think not just of a typical definition of “hobby,” but of all your skills. One way to investigate this is to think of what your friends or family typically ask you for help with that they don’t like to do or don’t know how to do. Or what you like to do that others might find tedious, like party-planning or troubleshooting computer problems. Making a list of these types of strengths can help you identify marketable talents.

Will it Stay Fun?

What you don’t want to do is take an enjoyable activity in your life and turn it into drudgery. This is one reason why it’s important that you:

Don’t Quit Your Day Job

There’s nothing wrong with starting out small. By easing into your potential business, you avoid blowing a lot of money early and you give yourself time to assess the viability of your gambit in a measured way.

Find a “Focus Group”

Wondering if there is a market for your wares? Get exposure the old-fashioned way by displaying your offerings in public. For example, if you are a photographer, think about purchasing a booth at a festival or fair to show off your work. Or donate your goods or services as part of a non-profit event. Online marketing is important, but pounding the pavement can help get the word-of-mouth rolling.

Research the Market/Competition

Business school professors talk a lot of “relevant differentiation.” Put more simply, you need to figure out what is going to set apart your business. It’s very hard to succeed in establishing a personal business these days just by offering the lowest prices, so look for what you can offer customers that others can’t.

Wear Your Fun Hat AND Your Business Hat

Even though the activities associated with your enterprise can feel more like a pastime, you need to avoid letting your expenses and time swerve into unproductive efforts. Keep records of your hours, your costs and your sales to judge how to optimize your resources.

Really Reach Out With Your Outreach

One of the huge advantages you have now in starting a business is the dramatic leveling of the playing field that has happened because of the internet. Whether it is through your own web page or via Etsy, Craiglist or Facebook, it is vital to use as many outlets as possible to reach potential customers. One method a lot of hobby-to-business entrepreneurs have enjoyed success with is positioning themselves as an expert in their chosen field. This can be done by authoring how-to articles on sites like about.com or ehow.com, or by creating a blog about your topic of expertise.

Reputation Matters

In this computer age word gets around fast, good or bad. Set yourself apart by providing exemplary service. If you aren’t feeling motivated to provide great customer care, maybe your chosen endeavor isn’t meant to be a business.

Know the Tax Consequences

It’s never a good idea to try to “hide” any income you are making. Consult with a tax professional for advice on how to best report your expenses and profits. Also ask about the best strategies for eventually picking a legal entity for your business.

Always Keep Learning and Evolving

The best way to limit your business is to only think short-term. Tastes change, as do ways of doing business. If you are not staying up on the latest trends in your field and looking for ways to capitalize on them, you will eventually fall behind the competition.

The old saying advises to “do what you love and you’ll never work another day in your life.” While even the most fun careers will sometimes feel like work, creating a business you truly love can help you create your most fulfilling life possible.