FBI Shuts Down Denial Of Service Attacks – Supreme Court Ruling Will Affect Every Business and more Today on TTWCP Radio Show: [04-06-19]
Cloud and Cloud computing is in the news and we’ll talk about what is going on and what to expect
Do you sell things online off a website? If so, you have to listen in to find out what the IRS is doing, right now, it’s going to drive you crazy.
It’s update time! Microsoft is out with their April update, known as 1903 or 19h1. It has some nice Windows Update policy features.
What are Cybercriminals up to now? They are using new tactics that bypass traditional email security, So listen in to find out more
It’s bad enough that cybercriminals are attacking us and stealing out information but now these Bad guys are stealing money right out of bank accounts.
Do you know what a Denial-of-Service or a Distributed Denial-of-Service attacks are? Well, the FBI and Secret Service trying to shut down criminal organizations who are using them in a big way, we’ll talk about what they are doing today.
Are you a C-level executive? It is time to remove your cybersecurity blinders — Cybersecurity is no longer an IT problem it is a boardroom level problem and scary one when you get right down to it. Cybercriminals are using brand impersonation now and it’s it costing companies a lot of money
- Windows 10 April 2019 Update Introduces a New Windows Update Policy
- Latest Tactics Used By Cybercriminals To Bypass Traditional Email Security
- Cloud Adoption On The Rise, It Pros Unsure Of Risk
- The US Has Stepped Up Its Tax Game. You Will Want To Read This If You’re Selling Online
- Most IT And Security Professionals Feel Vulnerable To Insider Threats
- Silence Of The Wans: FBI DDoS-For-Hire Takedowns Slash Web Flood Attacks ‘By 11%’
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment; it might contain errors.
Airing date: 04/06/2019
FBI Shuts Down Denial Of Service Attacks – Supreme Court Ruling Will Affect Every Business
Craig Peterson 0:00
Hey, hello, everybody, Craig Peterson here. And it looks like my math was wrong. You know, last week I said, I thought we were coming up to the 1,000th week of being on the air. Actually, we weren’t coming up on it, it was the 1000th week. So this is our One Thousand and One weeks of broadcasting, and this week, we’re going to have a few different radio appearances, as I usually do all be on with Jack Heath on Monday, but because I’m going to be busy this week, as well, actually, I guess, this week? No, I’m not going to be on with Jack on Monday. But I am going to be on on other stations Tuesday and Wednesday. Okay. So anyhow, we passed 1000 weeks, you can do the math, that’s a lot of years on the air. I don’t know if that makes me old. It’s certainly kind that makes me feel old. But you guys, man, I appreciate you. I appreciate everyone who listens, and everyone who subscribes to my podcast. And you can do that quite easily by going to http://CraigPeterson.com/iTunes. Leave a comment. Hopefully, I’ve earned a five star from you guys. And that’ll help get the show out so more people are aware of it.
So let’s get right into the articles this week. as is true every week, I send these things out on Saturday morning. So you should get my show notes-newsletter, and that’ll keep you up to date. Let you know about the latest security problems that have arisen this last week and other things in the tech biz and tech world that I think are interesting. So number one this week is from Infosecurity Magazine. And it’s talking about cloud and cloud computing, we’ll get to that in a few minutes. The U.S, man, if you have a website, if you’re selling things online, you got to hear what the IRS is doing right now.
And man, the internet tax stuff, it’s going to drive you crazy. There is a new update here for Windows coming on. Well, it’s the April update. And it’s known as version 1903 or 19h1.
But it’s going to have a new Windows Update policy. And it’s going to let you if you are a big organization that is using the group policy editor, basically, you have an Active Directory server and you have group policies for your various accounts.
Excuse me, this, the policy is supposed to allow you now to specify deadlines for automatic updates, and restarts. Now if you don’t have the Windows 10 professional, you’re kind of stuck as it is right now because you can not, I repeat, can not specify when you want updates to be applied and how long you might want to wait. And we’ve certainly talked about that on the show before. But it’s going to give IT admins a lot more control, especially when managing larger fleets really of devices, number of Windows devices, so it should be pretty good. And I have some details on where you’ll find it in the menus there on my website at http://CraigPeterson.com. And Softpedia has really quite a nice little thing about the whole thing. But basically, you as an admin can set a deadline for installing updates as high as 30 days. Usually, I recommend about seven days, five to seven days, because that lets you get past the initial problems that often accompany these updates from our friends at Microsoft. And the auto reboot can be anywhere from zero to seven days following that.
Now, this feature is something that was available only in the pro
version. And now it’s available across the board if you are using group policies, okay? The latest tactics used by cybercriminals will talk about this. And this is bypassing traditional email security.
And where do most IT professionals feel vulnerable when it comes to bad guys and attacks and stealing our information, stealing money literally right out of bank accounts. Well, we’ll talk about that too. But first, I want to get to an article I love the title of this. This is out of the UK, it’s from The Register. It’s called Silence of the WANs, which I thought was just very clever. The FBI has been working hard to shut down criminal organizations, so has the Secret Service. I’ve talked with both of them before about what they’re doing and how effective they have been. And one of the problems we talked about in my cybersecurity course, was something called a denial of service attack and distributed denial of service attack. And we talked about how to prevent them, how to stop them, and how to make your life so much easier. And we, of course, concluded that class, it’s not open, you can’t get into it right now, because I’m not conducting it right now. But denial of service attacks is absolutely huge. And the FBI just busted a massive attack and network about two weeks ago.
And this was just amazing. Because the traffic loads plummeted after the FBI took these guys out. And some of them were right here in the US. You think most of the time that there may be in Russia or, you know, some Eastern European country, maybe India, you know, the normal places these things come from. But the December of 2018, the FBI really started pushing trying to figure out who was running the distributed denial of service attacks. Now, here’s what how a DOS works, the denial of service attack.
Someone, usually it’s either a competitor or more often, it’s someone that disagrees with your company. So a company that maybe has some sort of a political stance or donated to a charity that somebody doesn’t like, they will start sending dozens, hundreds, thousands of requests to a web server, this is just a simple explanation, okay. So they’ll send all of these to the web server, the web server becomes overloaded. It may crash or may not crash doesn’t really matter. But because it has so many requests coming in, it cannot serve the normal users. So, people who are coming to your website to find out more about you may be to place an order, maybe to get some of the information that you’re providing, they cannot get there because of the denial of service attack that’s going on. Well, there is a worse type of denial of service attack, and it’s called a distributed denial of service attack. Because bottom line, if there’s only one machine that’s attacking you, it’s pretty darn easy to put a filter in place to block that machine from getting to you. That makes sense, right? Well, if you have 100, or thousand machines that are all sending data to you becomes much more difficult to stop. And that’s the whole idea behind distributed denial of service attacks.
So they FBI worked with a mitigation provider called Nexusguard. And they’ve been tracking this stuff. And they’re saying both the overall number of attacks and the volume of the data fired at the targets to overwhelm them is down and it’s measurably down because the FBI wiped out 15 of these denials of service mercenary sites. Some of them are run in America, some of them are run overseas, but they allowed people to purchase the temporary use of the massive button that’s of compromised devices. Right? Isn’t that what I’m always warning you guys about? That’s part of the reason you got to keep his machine safe. Because millions of machines have been compromised. They have remote controllers on them. The owners of the machines just aren’t aware of this because they’re not paying any attention to security. And then they hire your machine now to use to attack a third party. They use your machine to mine for Bitcoin to make money for them. They use your machine to distribute kiddie porn, pictures and videos of Americans being beheaded. Okay, how many times we have to talk about this everybody? So these massive botnets were in turn commanded to create massive loads of network traffic and targeted websites and different types of services, which ultimately overload them and knock some offline.
Now, it seems according to The Register that these 15 denial-of-service groups were so prolific that simply taking them offline has caused a noticeable drop in global activity for the entire fourth quarter of 2018. We’re talking about an estimate from the FBI of more than 300,000 attacks over the last five years from these guys. And Nexusguard is saying the number of attacks fell by 11%. And the size of each attack, which is the low directed at the target took a nosedive with the average rate dropping 85% and the maximum size down 24% from a year previous to that. So that’s really good. The huge dip and attacks may not last, because it’s so easy to set up a botnet because so many people haven’t properly secured their computers, okay. And somebody else is going to come along and take over, fill in that void. There’s going to be nude and distributed denial of services for higher services popping up.
Many of these Internet of Things (IoT) devices are now being used for botnets. So you’re smart light there on the factory floor that isn’t properly secured, are not only being used to attack you and get the information from your servers. But they’re also being used now too, to a direct these denial-of-service attacks. The number of these IoT devices that are used in the amplification attacks, which is a specific type, but they were up over 3,000% from last year and their accounting for more than half of all the taxing in the last quarter of 2018. So again, you know, we covered this in detail in the DIY cybersecurity, make sure you segment your network, if you have IoT devices, make sure they cannot get out of your network, except to the control nodes, the legitimate ones, right?
The ones that are for the manufacturer to make sure they get security upgrades. And make sure you do the security updates, make sure they get the security updates, make sure it’s all working. Because it’s no longer you buy a light bulb from the local Home Depot store for a buck and plug it in. And you don’t ever look at that light bulb again until it burns out.
Now with the Internet of Things who the smart bulbs in the smart everything, you know, thermostats, any of this stuff, those smart devices now are your responsibility. It’s just like a friend of mine, who we’ve been providing DNS services to for 20 years, probably 15, 20 years, well, more than 20 years. And he called us up he says, Hey, listen, why aren’t you guys providing DNS for us anymore, you know, from my little network. And we were and we dug into it. And we found out guess what?
His home address block that was assigned to him by in this case he has Comcast was used to access the dark web. Yeah, pretty big deal.
And so now he’s running around trying to figure out why now we have automatic systems in place that saw, wait a minute, the side dark web block. So all of our stuff worked perfectly. It was great. And that’s how we protect our customer’s websites. And that’s how we set up the networks for all of our customers. Just automatic. If it’s not automatic. It’s not going to happen, right? So we had automatically blocked him now he’s trying to figure out why what IoT device, what light switch whatever, went out to the dark web, and was being used as a tor exit point, even. It’s crazy. It’s crazy what’s happening. So make sure you know what you’re doing, find some good courses, whether they’re mine or somebody else’s, and understand how to do this. And I have free master classes that we’re offering from time to time, make sure you’re on my email list, http://CraigPeterson.com/subscribe. That way, you’ll get my show notes, you’ll also get some of the more urgent alerts that come out. And I’ll let you know about the free master classes and other training that I’m doing. Okay. So http://CraigPeterson.com/subscribe, and keep listening to this radio show. Because I do get stuff out here. Although, you know, when you talk about master classes, they can go easily an hour, hour and a half or even longer, you know, the courses can take you six weeks to get through. But you know, stay up to date, do the right thing.
Now, let’s talk about the number one problem that IT security professionals are looking at right now. 91%, this is according to Insider Threats, 91% of it and security professionals feel vulnerable to insider threats. And 75% believe the biggest risks lie in cloud applications like popular file storage, email solutions. You know, we talked about them before, they’re worried about the Dropbox, Gmail, Google Drive, OneDrive. All of those things, right. So it is very, very concerning to IT professionals. And it’s, you know, 91% of them being worried about the insider threats is huge. And that’s why again, I have included in the DIY cybersecurity course, a whole set of policies and procedures that can go into the HR manuals as well as things that you should be doing in your business. Now BetterCloud surveyed nearly 500 IT network security professionals, and you can find this online. It’s called The State of Insider Threats in the Digital Workspace 2019. So here are the key findings amongst again IT network security professionals, nearly all of them surveyed, 91%, feel vulnerable to insider threats. And that means things like people opening an email clicking on the wrong link, maybe doing something malicious because I got fired they got a bad review. Right. Those are all insider threats. 62% of them believe the biggest security threat comes from the well-meaning but negligent end user. That number fits in with other stats I’ve seen solids probably pretty legit. 75% believe the biggest risks lie in cloud storage and email solutions, which is really big. And I’m going to talk about an email security article here in a minute and about how the cybercriminals are changing their tactics. 46% of IT leaders which means, you know, the IT managers and above believe that the rise of software-as-a-service applications makes them the most vulnerable. And man, I’m seeing that all of the time, especially in regulated industries. And we’re helping out some of these health care providers and legal and public companies. Man, they’re using SaaS, software as a service. In other words, caught applications like that going on style, and they’re not checking them. We’ve even done audits on restaurant chains, just small local chains, and found incredible liability that they’re facing. 40% of them believe they’re most vulnerable to exposure of confidential business information. That’s financial information, customer list, personally identifiable information. And only 26% of C level executives say they’ve invested enough to mitigate the risk of insider threats, versus 44% of IT managers.
So in other words, the C level executives are running around with blinders on. Kind of scary isn’t it when you get right down to it. So let’s get into the latest tactics that are being used by the cybercriminals to bypass email security. And I’ve got this article up again on http://CraigPeterson.com and this is from Industry News. And they’re saying that cybercriminals are using brand impersonation now in 83% of spear phishing attacks. Now, remember, these types of phishing attacks against businesses called business email compromise is kind of a general term to cover most of them. 83% of the time, this is what’s used, and it’s already accounting for about a little more than $12 billion worth of stolen funds, not wasted time, not cost to recovery, right. $12 billion in stolen funds. In the last couple of years according to the FBI, on the worldwide statistics. It is huge.
One in three of the spear phishing attacks is launched from Gmail accounts.
20% of them occur on Tuesdays. About 20% on Wednesday, 20% on Thursday, and it drops off to 5% on the weekends, with the slightly lower numbers on Mondays and Fridays. So no big surprise there. I’ve had people contact me, just texting me, you know, my 855-385-5553 number about these extortion scams. I’ve gotten one or two of them myself. And I know you guys have gotten them because you’ve contacted me, you’ve texted me about it. And and I’ve gone back and forth to kind of explain what’s going on. But still sextortion scams, these are a form of blackmail. And right now it’s making up about 10% of all spear phishing attacks. And it’s expected to increase even more because it is on an increasing line right now. And employees are also twice as likely to be the target of blackmail, than of a business email compromise. So, that’s a change from last year. And this is from a report released by Barracuda and it’s called Spearphishing Top Threats and Trends if you want to look it out. And they looked at about 360,000 spear phishing emails.
So let’s get some closer look here. Impersonating Microsoft is one of the more common techniques used by hackers to try and take over accounts, financial institutions. Impersonating nearly one in five attacks. Finance department employees are heavily targeted in obviously banks and other financial institutions as well. Majority of subject lines on sextortion emails contain some form of security alert attackers often include victims email address or password. Subject lines on more than 70% of the business email compromise attacks are trying to establish rapport, sense of urgency. Scammers are using name spoofing techniques, which they’ve used for years, changing the display name on Gmail and other employee accounts to make it look like it’s coming from a company employee. So here’s the top subject lines and number the two top 54% say security alert and 34% say change password. Okay. Very big deal. You’ll see this article up on my website. And we’ll have to try and do a master class on this one because I think this is important for people. I’m going to set these two aside and I’ll let you know any anyone who’s on my email list. I’ll let you know about it. These are always free, will do a deeper dive into it.
Make sure you subscribe http://CraigPeterson.com/subscribe if you haven’t already. The US according to Forbes magazine has stepped up its tax collections here. And if you’re selling software in the US, you’ve got a whole new problem coming your way, you know that we’ve had for a long time now, protection from the federal government saying the local authorities state and local cannot tax internet sales. And it has expanded a bit you’ve had massive companies like Amazon, who said yeah, we’ll pay sales tax, state and local. And if you ask me, the reason they’re doing that is to stomp the little guy into the ground. And the reason I say that is Amazon can deal with it. There are estimated to be over 9,000 different tax regulating entities in the United States. 9,000 of them. You have to comply with all of these 9000 across the board. How can you use a small business so that you can’t, right? Amazon can. Well, there are going to be companies that are popping up there already are a few of them out there right now that are trying to take care of this problem for you where they’ll collect all of the taxes.
And what it is resulting in, however, is many businesses is saying listen with all the European Union rules. They’ve got their GAFA rules are cooking up right now> GAFA, gaffer standing for Google, Apple, Facebook, and Amazon tax.
It’s a kind of a VAT tax and supply, it’s not supply driven. It’s crazy. But there is a decision from the Supreme Court last year about a dispute between Wayfair now this is that online furniture company and the State of South Dakota and South Dakota wanted to collect taxes and Wayfair said no don’t need to sell the Supreme Court overturned a law on not taxing companies with no physical presence in the taxing state. Because that legally is called legal nexus. So if you had operations in New Hampshire, you had to, well New Hampshire is a bad example, because we have no income tax. And we have no sales tax. Okay. But let’s say you’re in Massachusetts, which is a terrible state when it comes to taxes. You’re in Massachusetts, if you sell something to someone in Mass., you have to click Mass. taxes. And if you sell something to someone in another state, you didn’t necessarily have to collect the tax as well. Now you are going to. Any company selling online, this is more than just software companies, it’s going to hit businesses across the board. And it’s going to hit you hard.
Okay. South Dakota, has rules that say if you have more than 200, individual sales, or more than a hundred thousand revenues, there are other states that say more than 100 sales, or 50,000 in revenue, some of them have 4.7%, some of them have as much as 13.5%, and the thresholds for spending in the state span from 100,000 and $500,000. And there might be 100 transactions a year it might be 500 and might be 2000 transactions a year. Whoa, okay. This is going to be a huge burden. 52 new tax codes on the individual states plus sir taxes that are introduced by counties, by cities, not just in the US, but 30 countries in Europe, along with Australia, Japan, South Africa, South Korea, Norway, India, the list just goes on and on. Hundreds of countries. More than a hundred out there. And US states have highlighted software in SaaS products as explicitly liable for sales tax. So remember too that we’re talking about different taxes and different tax rates. You look in Massachusetts, they have a different tax rate for different types of IT services, they have different rates for software as a service in different categories, this is going to be a nightmare. So there’s companies out there like Avalara and TaxJar that will outsource and take care of a lot of this stuff for you. Many companies are saying “forget about it.” I know companies in Canada that are just pulling their hair out just dealing with Canadian tax codes.
And many of them are just saying forget it, I’ll just wait for the bill to come from the tax collector basically. So rather than charging you the appropriate sales tax, they fill out the state’s forms that cross your fingers that they collected enough from you that they had enough in revenue to pay that state sales taxes.
This is why the federal government passed a law saying no internet sales taxes because it will be a nightmare. Now, it is going to help local small businesses because now they’re going to compete on a more even footing where they have to collect the sales tax. So do the bigger companies, right? And so to the people, even small guys who are selling online, and it’s going to help companies like eBay and Amazon, where you just sell your product on one of those sites veil worry about all of the sales tax and collecting that. And they’ll take their cut and just pass it back to you. So yeah, well, this is going to be big. It’s in. You heard it here first. Thank you, Supreme Court.
Anyhow, I hope you enjoyed today’s show. You can read all of these articles plus the ones I missed today, including cloud adoption and what IT pros are concerned about. This 2019 state of enterprise cloud container adoption security that was published here recently, all of that in this morning’s newsletter. If you didn’t get it, make sure you get the future ones. http://CraigPeterson.com/subscribe, and I will keep you up to date and you can find out about this and, of course, a whole lot more. I have now thousands of articles I published up there my website, because we’re over a thousand shows right now was this show 1001 weekly.
This is week 1001, not show 1001. Man, that’s a lot of the time on the air. Anyhow, thanks for listening. Make sure you subscribe, http://CraigPeterson.com/subscribe and have a great week. Talk to you next week. Bye-bye