Tuesday, June 30, 2015

Cybersecurity & Civic Hacking # 4: Malware

Nobody in NE Wisconsin wants malware on their computer or smartphone. But how much do you know about malware, and what can YOU do to prevent it from hurting YOU?

In this week's 'Cybersecurity & Civic Hacking' post, the Bloomberg article, “The Hunt for the Financial Industry's Most-Wanted Hacker,” says the malware known as ZeuS and its rogue creator have been at the cutting edge of cyber-crime for nearly a decade. ZeuS is thought to be responsible for the theft of hundreds of millions of dollars from people and businesses who do online banking.
“...“fliime” was the name used by somebody who went on the online forum Techsupportguy.com on October 11, 2006, at 2:24 a.m., saying he’d found some bad code on his sister’s computer...Fliime probably didn’t realize this was history in the making. But the malicious program that had burrowed into the PC was a new breed, capable of vacuuming up more user logins and website passwords in one day than competing malware did in weeks...the malware and its offspring became juggernauts of cyber bank robbery—turning millions of computers into global networks of zombie machines...Conservative estimates of their haul reach well into hundreds of millions of dollars...the mystery coder gave his product a name with staying power; he called it ZeuS...this ZeuS fathered powerful descendants—and became a case study of the modern cybercrime industry. This is the story of a nasty piece of code, and the hunt for its creator...
ZeuS infected all types of computers
The ZeuS article makes computer malware sound pretty bad, but does it really affect regular people in our area? You might wonder, “How is malware directly and indirectly affecting people in NE Wisconsin in 2015?” Here are a few ways it's affecting us:

  • My son has removed ZeuS malware from his customers’ computers when providing in-home service for consumers (not businesses). He has also removed thousands of other malware programs from customers’ computers. It's impossible to say how many problems those thousands of malware programs caused other than making the computers annoying or impossible to use.
  • CryptoLocker ransomware recently encrypted the files on the business software at a local auto repair shop which services my car. The owner of the shop paid Russian cybercriminals to get back his customer files -- he had no other choice. I got an email today from the auto repair shop and immediately deleted it. I had no way of knowing if it actually was from the shop or if it came from a cyberciminal because of the Cryptolocker episode at the shop.
  • I had fraudulent charges on my credit card recently for several hundred dollars to Google and Facebook. I had to fill out credit card fraud report forms and get a new charge card, dealing with associated hassles for auto-payments that had been set up on the previous card number for recurring charges. At some point, malware was probably responsible for my card’s information being available for fraudulent use.
  • My sister had fraudulent charges on her credit card at a store 250 miles away from her. She went through the same hassles I did.
  • All of us pay the cost of the credit card fraud caused by malware. The financial services company build the cost of that fraud into their operating expenses.
  • New credit cards are being issued for everyone in the US this summer / fall with a new microchip to combat credit card fraud caused by malware and other factors. (Note the chip on the left side of the card just above the card number.)
  • Government agencies and cybercriminals use malware to intercept and store your online activities and electronic communications.
  • Hearing about malware problems makes you concerned about the dangers of using computers and modern electronics. But it also makes you feel helpless to improve the situation
    or do anything about the mess you’re in or might end up in.

You CAN do something about the malware mess -- support the proposed NE Wisconsin cybersecurity initiative and encourage others to support it!

How will a collaborative regional cybersecurity initiative greatly reduce the impact of malware on your life and the life of other NE Wisconsin residents and organizations?

A new NE Wisconsin College Cybersecurity Program will provide the following improvements regarding malware in our region:
  • Courses at the NE Wisconsin colleges involved with the regional cybersecurity initiative will teach (and research) how all sorts of malware work, how to detect the malware, how to minimize it’s impact on your computers, smartphones and other electronic devices, and what to do when malware does affect you.
  • A feature of the cybersecurity initiative will be auditing and certifying the expertise and performance level of NE Wisconsin cybersecurity companies, including customer reviews. You’ll know how well these local companies will deal with malware before you pay for their services.
  • Students will learn about malware in the wild by doing real-life security audits for individuals and businesses as part of their degree program.
  • Some of the students who graduate in this program will work for or start up NE Wisconsin cybersecurity companies, keeping their malware expertise in the region.
  • NE Wisconsin residents will be able to take some of the courses during evenings or weekends to learn how to deal with malware.
  • Instructors will collaborate with civic hackers in the NE Wisconsin Cyber Defense Force (CDF) and instructors in cybersecurity programs at other colleges, as well as cybersecurity professionals in companies and agencies around the world, to ensure NE Wisconsin knows the best way to deal with malware.
Civic hacking in NE Wisconsin, in collaboration with the colleges’ regional cybersecurity program, will help reduce our malware problems through:
  • CDF weekly workshops to scan devices for malware.
  • CDF weekly info sessions about malware and recent cybersecurity developments.
  • CDF blog posts analyzing impact of new malware or recent malware articles.
  • CDF hotline to answer your questions about malware.
  • Assistance with personal cybersecurity audits.
  • Having tech-inclined residents of NE Wisconsin join CDF, then learn the basics of malware and cybersecurity, choose their own niche of cybersecurity to specialize in, and maybe come a ninja civic hacker in that niche.
In future blog posts, I’ll take a look at specific types of malware, like ransomware, trojans, and APTs (advanced persistent threats).


DHMN Civic Hacks posts about 'Cybersecurity & Civic Hacking':
C&CH # 01: "Cybersecurity: A New Horizon For Civic Hacking?"
C&CH # 02: “Cybersecurity & Civic Hacking # 2: Public Wi-Fi
C&CH # 03: "Cybersecurity & CH # 3: The Right Person / Topics Of Interest"
C&CH # 04: This post, published June 30, 2015
C&CH # 05: “Cybersecurity & CH # 5: Even Cybersecurity Companies Get Hacked!
C&CH # 06: "Cybersecurity & CH # 6: How Cybersecure Is Your Car?"
C&CH # 07: "Cybersecurity & CH # 7: Data Breaches"
C&CH # 08: "Cybersecurity & CH # 8: Hype or Reality?"


1 comment:

  1. Unauthorized individuals gain access to your computers or servers (often due to inadequate firewalls or weak passwords) and steal or corrupt data by using malicious software programs known as malware.