Has your interest and concern for cybersecurity sparked yet? These visual real-time threat maps may widen your perspective and maybe even drop your jaw. Every second, someone or some organization is being attacked from hackers worldwide. Attacks don’t just happen in or from the U.S. and sometimes we are not the victims. Want to see who is attacking who? What industries are the most targeted? What types of attacks are occurring most frequently? There are many threat maps out there by great cybersecurity organizations, but I will list my top 5 threat maps below and a brief overview of what each offers.

Kaspersky

First on the list and my favorite, Kaspersky Lab has the most interactive and visually appealing real-time map. The map provides you with options to select the type of On-Access Scan, manually spin the globe to view and select any country in the world, or if that’s too much eye candy for you, the option to toggle to a flat map view. It also provides statistics on attacks, data sources, and recent buzz feeds on cyberattacks. Their data is based on their anti-virus/malware and scanning services at Kaspersky Lab.

FireEye

Although not as visually appealing as Kaspersky’s or most others, it is very simple and clean. I provides real-time data on the top 5 industries being attacked in the past 30 days, the type of attacks, and current number of attacks. Not too much going on in this map, but it is easy on the eyes to see who the attackers are and who is getting attacked.

Norse

My second favorite is probably Norse Corp’s map, IPViking. It includes detailed information about live attacks that show the timestamp, attacker’s organization, location, IP address, and the target’s (victim) location, service, and port number. Various other information includes attack targets, attack origins, and attack types which shows you the most frequent type in a transparent bar graph style.

Arbor Networks Digital Attack Map

Unlike the others, this map allows you to travel back in time to see a history of attacks up to four years. This map is a history book compared to others, but it provides you with options to choose three types of attacks, filter attacks by color, bandwidth, shape, and other historical data. This map can be an eyesore for some as it is hard to see the attack lines and who is attacking who. With the correct filters, it can be simplified. Their data is provided by 270+ Internet Service Provider customers worldwide.

ThreatCloud

Definitely a favorite for it’s simplicity and visual appeal. ThreatCloud’s site provides you with the option to filter the top target of attacks by country and view it’s average infection rate, most frequent attack source, and the type of attack. It also displays a real-time chart that displays the time, type of attack, source, and target of the attacks.

Has your perspective widen a bit or your jaw still dropped? When you visually see how many attacks happen every second of the day, it’s not wonder why Cybersecurity is a growing occupation. Cyberattacks happen everyday and it is important that people take preventative measures to protect their assets and organizations to properly secure themselves to mitigate daily cyberattacks.

Sources
Kaspersky – Cyberthreat Real-Time Map
FireEye – Cyber Threat Map
Norse – IPViking Cyberthreat Map
Arbor Networks Digital Attack Map
ThreatCloud – Live Cyber Attack Threat Map

What is SSL/TLS?

Have you ever wondered if the information you exchange over the web is secure? When you visit a website, you start the communication between your computer’s web browser and the web server the site is hosted on. You want to ensure that this webserver is guarding and encrypting your important personal information.

Brief History

Secure Socket Layer (SSL) was created in 1994 by Netscape and was succeeded by Transport Layer Security (TLS) in 1999. We are currently at TLS 1.3 which is was published in August 2018. Although most sites are still utilizing TLS 1.2, TLS 1.3 utilizes stronger message authentication and key-material generation and other encryption algorithms which boosts security, performance, and privacy over it’s predecessor (SSL).

How does it work?

Simply put, the webserver issues a SSL/TLS certificate which acts like a drivers license. You don’t own this drivers license certificate though, the web server does. Once issued to you, it is used to grant you permission (or authenticate your session) to enter their website. All communication with the site is encrypted to protect your personal information. You will most likely notice a site is secured when the padlock icon appears in your web browsers address bar.

This process is called a “handshake.” To provide confidentiality of data exchanged through the handshake, the user and the webserver agree an encryption algorithm and shared secret key is to be used for one session only. Any communication exchanged is encrypted and ensures the data exchanged remains private even if it is intercepted. For example, imagine two business men in black suits. One is a dealer (webserver) and the other is the buyer (user). The buyer visits the dealer who gives him a code-locked briefcase (protected information) and a temporary code (certificate) to unlock it. Only the buyer and dealer knows this temporary code. The buyer unlocks the briefcase with the temporary key and adds more information, exchanges data, etc…then locks the briefcase (encryption) and gives it back to the dealer. Once the dealer receives the locked briefcase and processes the new information received, the deal is terminated when the buyer agrees (website is closed or computer is turned off, session ends). The code for the code-locked briefcase changes thus ensuring the data exchanged is secured. Every time the buyer visits the dealer, he is issued a new temporary code to review or make changes to the data exchanged.

Why it matters?

When you exchange your private information over the web, don’t you want to ensure that it is secured? TLS encrypts information you exchange over the web, thus protecting you, your information, and your identity by preventing cyber attackers from spying on your logins, credit card data, and personal data.

Next time you visit a website even if it looks trustworthy, verify that it is utilizing TLS 1.2 or TLS 1.3. You can do this by checking if there is a padlock icon on your web browser address bar. Depending on your web browser, click on the padlock and click on “more information” to view what version of TLS the webserver is utilizing to encrypt your data.

Sources:
TheSSLStore.com – What is an SSL/TLS Certificate?
IBM – How SSL and TLS provide authentication
Internet Society – TLS Basics
Kinsta – An Overview of TLS 1.3 – Faster and More Secure

The release of 5G is drawing near. This new airwave technology (new to the public) is promised to provide “supercharged speeds” faster than it’s lightning predecessor, the 4G. New technology such as self-driving cars and virtual reality will be able to utilize it’s low latency to bring a smooth experience and seamless entertainment to consumers. Most importantly, it promises to protect consumers against International Mobile Subscriber Identity (IMSI) catchers, but recent research has identified a security vulnerability.

Before we start, here is this weeks decipher:

• Authentication and Key Agreement (AKA) – the method of how phones communicate with cellular networks securely.
• International Mobile Subscriber Identity (IMSI) catchers – Devices that pretend to be cell towers to spy on calls, messages, and call location details by intercepting phone signals. The FBI and police officers use a similar surveillance technology called “Stingray”.
• Latency – the delay time and response before a transfer of data begins following instructions for transfer.
• Backwards compatibility – a piece of hardware or software that is capable of working with older pieces of hardware or software without modification.

Researches from Technical University in Berlin, ETH Zurich and SINTEF Digital Norway discovered an AKA vulnerability that poses privacy threats to the new high-speed protocol “5G”, months before it is deployed for public use. This also affects 3G and 4G cellular networks as well through it’s backwards compatibility. The vulnerability allows IMSI catchers to trick AKA’s into thinking the connection is secure and providing sensitive data. This opens up many privacy threats as it can be used to provide data and location on political figures, threaten U.S. national and economic security, or spying on you!

There is still yet time and room for improvement for this new airwave technology. Third Generation Partnership Project (3GPP) and GSM Association (GSMA) have acknowledged the findings and have taken action to improve 5G security protocols. Until further proof from 3GPP, IMSI catcher attacks are still possible against upgraded 5G-AKA protocols.

Before your next device purchase supporting 5G, consider and research if this threat has been remedied. This blog is not to sway you from any future purchases, but to keep you informed and aware of any vulnerabilities you might be exposed to, if not already exposed by the world wide web. This technology is much needed yes, but we should consider any privacy and security concerns that may jeopardize ourselves and our nation before prematurely releasing new technology to the public. Let’s protect everyone by not providing cyber attackers with more tools to do their worse.

Sources:
5G Network Security Flaw Discovered! FaceTime Disabled – ThreatWire
Research Paper on New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols
ZDNet – New security flaw impacts 5G, 4G, and 3G
cnet – Security flaw allows for spying over 5G, researchers warn
cnet – Homeland Security has detected phone spying devices in DC

As requested by ctrlf4blog, I will cover two important questions:

1. How does an individual get hacked?
2. What are some simple actions you can take to increase your security?

A few important keywords deciphered to clear up the fog (metaphorically blogging):

• User – we refer a person who use computers as a user.
• Cyber Attack – an act or acts of attempted theft methodically organized to steal a person’s or people’s valuables.
• Hack – the tool used in the act to steal a person’s or people’s valuables.
• Hacked – when the person’s or people’s valuables have been stolen.
• Asset – for short, we will use this word to describe a person’s valuables, sensitive data, private information, financial information, and secrets.
• VPN (Virtual Private Network) – an application that encrypts all your data before putting it on the internet and protecting that data from being read or modified by unauthorized and unintended individuals.
• Malware – evil software installed on a computer system(s) that is intended to damage, steal, disrupt, or gain unauthorized access assets.
• Cookie – a small file created when browsing to a website that stores the user’s data to identify who they are when visiting a website. Cookies are stored on a user’s computer.

There are numerous ways an individual can get hacked that would probably require a whole article written on this. I’ve listed a few credible and detailed sources below for interested readers. I will cover the top 12 most common and effective hacking techniques. These hacks are common, because they work against the “common” people. With the right education, even common people can be turned into smart people.

Top 12 Most Common Hacks and How to Prevent Them

• Fake Wireless Access Point (WAP)
  • Description: occurs when a person connects to a fake wireless network located in a public area such as coffee shops, hotels, or airports.
  • How it happens: when the connection is made, the hacker monitors and changes the internet connection to steal valuable assets from people.
  • Simple preventative actions: best method is to never connect to an unsecured wifi network that is not password protected. Always verify that the wireless network you are accessing is a trusted sourced by asking the employee behind the counter for the wifi network name and password. A recommended option is to use a VPN to encrypt your data.
     
• Bait and Switch
  • Description: also known as “Click Bait”, occurs when a person clicks on a fake ad that directs the person to malicious sites.
  • How it happens: when the malicious site is visited, the hacker can automatically upload malware to the person’s system and enforce clickjacking or browser locking (described below in Browser Locker and Clickjacking/UI Redress).
  • Simple preventative actions: don’t click on ads you don’t trust and use a secure browser with an ad-blocker program. Some anti-virus software support opening browsers in a secured state that blocks ad. Some VPN features like NordVPN’s Cybersec blocks site redirection to malicious sites.
     
• Credential Re-use
  • Description: when a person uses the same login and password (referred to as credentials) across multiple sites.
  • How it happens:  in the event of data breach’s on one of those multiple sites, the password is re-used across the multiple sites and possibly others to access a person’s assets.
  • Simple preventative actions: best practice is to not use the same password for multiple sites, sometimes even variations of the same password doesn’t help. Another good practice is to change your passwords frequently to something that wasn’t previously used or currently used on another website.
     
• Browser Locker
  • Description: also known as ransomware, is an annoyingly malicious popup that appears on an individuals screen and prevents the user from performing any actions. This action holds the users computer hostage and provides a fake link to tech support link.
  • How it happens: an average user that doesn’t know what to do unknowingly clicks the link which then demands the user for payment to remove the virus. The users assets are compromised and the computer is still locked.
  • Simple preventative actions: purchase anti-virus software that blocks browsing to malicious sites. A Ctrl+Alt+Del to end the browsers task or an Alt+F4 can usually force close the window. Some VPN features like NordVPN’s Cybersec blocks site redirection to malicious sites.
     
• Macro Malware in Documents
  • Description: an insidious malware that runs a macro when opening many documents such as those that end  in .doc or .pdf. Usually the document will prompt the user if they want to run the macro.
  • How it happens: If the user authorizes the macro to run on the document, the macro will run a hack that opens numerous vulnerabilities in your system, putting you at the hacker’s mercy and allowing them to control your computer.
  • Simple preventative actions: Never open documents from non-trusted sources. If it is a trusted source, ask what the macro is and what it does and if there’s supposed to be a macro. Anti-virus software’s usually have features that detect infected documents and prevents users from opening them.
     
• Cookie Theft / Sidejacking / Session Hijacking
  • Description: cookies identify who you are on a website and keeps track of when users login and logout of their accounts. Whenever a user logs in to their account, the websites sends them a cookie (creates a cookie) usually through a secure connection to authenticate the user so they can stay logged in to the website without immediately getting logged off.
  • How it happens: because cookies are like an ID card that badges you into a secure location, a hacker can steal this ID card (cookie) and exploit this through an insecure connection to change a number of settings to hijack your account and pretend to be you.
  • Simple preventative actions: Accessing sites through a VPN connection is a safe method, but also ensuring that you are visiting and entering data on a secured website (HTTPS and not HTTP) that you trust will prevent cookie thefts. Keep in mind, HTTPS, although considered secure, could be a website that has been hacked or fake, so be wary and only provide information to trusted sources. Setting your browser to clear your cookies after every session will help to prevent cookie theft as well.
     
• Internet of Things (IoT) Attacks
  • Description: Smart devices such as wireless cameras and security alarm systems are vulnerable to cyber attacks as they do not have strong security features. Factory default passwords are usually the same and unchanged by users, meaning anyone can login to them.
  • How it happens: hackers from anywhere around the world can hack into the smart device and disable the security alarm system to break into your home. They can also use these devices to launch orchestrated attacks on targeted servers known as Botnets.
  • Simple preventative actions: Always change the factory default password when configuring your smart device. Some VPN services support smart devices, however encrypting the connection means that even you will not be able to access and communicate with the device from the internet.
     
• Distributed Denial of Service (DDoS) Attacks
  • Description: Although it doesn’t target or hurt the individual affected, it occurs when your system’s bandwidth is stolen to send numerous requests to the intended target to for shut the target’s servers down.
  • How it happens: the hacker infects multiple users computers with malware that can be achieved through any of the 12 listed attacks and more. Your system then becomes a small part of an army of bots (botnet) that the hacker can call upon at anytime to participate in an attack.
  • Simple preventative actions: having Anti-Virus/Anti-Malware software installed can prevent you from getting infected by these bots, recruiting your devices into this bot army. Some VPN such as NordVPN’s Cybersec feature blocks your computer from connecting to botnet commands and control servers.
     
• Phishing
  • Description: targets the user, not the machine by tricking users through convincing emails, messages, or ads.
  • How it happens: convinced user’s provide the credentials needed to access the user’s assets, giving hackers the key to the lock.
  • Simple preventative actions: Never provide your login ID or password to anyone over the internet. This information should only be provided to trusted individuals face to face. If you aren’t expecting a file from someone, don’t download it until you can verify it is 100% safe.
     
• Clickjacking/UI Redress
  • Description: occurs when malicious or compromised websites are implemented with an invisible frame over the website being viewed. This invisible frame has invisible buttons over existing buttons and tracks your mouse cursor.
  • How it happens: when the user clicks on a button, the invisible button they cannot see is executing another action that the user isn’t aware of, such as unlocking your camera, microphone, or agreeing to a purchase.
  • Simple preventative actions: always use a secure browser with built-an adblocker or script-blocker plugin. Some Anti-Virus software’s block ad’s that have been identified for clickjacking.
     
• Man-in-the-Middle (MITM) Attacks
  • Description: occurs when a hacker invisibly inserts themselves between a user and the server the user is communicating with. Can occur when connected to fake WAP’s.
  • How it happens: The hacker can clone your communication, gaining access to all your assets. In the event of a financial transaction, you may see your money purchasing a product, but the hacker may have modified the transaction to send money into his account.
  • Simple preventative actions: use secure and encrypted connections such as VPN’s to ncrypt sensitive data over the internet. This prevents hackers from modifying the data. When making purchases, always verify your transactions processed as intended through your bank and the seller’s website.

Sources:
NordVPN – Hacking
Malwarebytes – Hacker
Rapid7 – Types of Attacks
Pixel Privacy – Have you been hacked?
WhatIsMyIpAddress – I’ve been hacked! What do I do?