What a busy busy week in the world of technology. We are going to hit several topics today. Business Email Compromise attacks are running rampant through business. Failure to update older technology is putting businesses at risk. Facial recognition technology is being used but the issue is privacy and how to protect it. Will hit Ransomware, Employee Training, Regulatory Compliance, Online job postings and what precipitated the most expensive divorce. It is going to be a busy show — so stay tuned.
For more tech tips, news, and updates visit – CraigPeterson.com
I’ve got some free online privacy training coming up.
I have been teaching courses on security for the FBI InfraGard’s program. And now I’ll share some of the step-by-step tips and tricks that we all can use to keep ourselves and our information safe online. And it won’t cost you a dime.
Automated Machine Generated Transcript:
Hey, hello, everybody, Craig Peterson here. Thanks for joining me, whether you are online listening to me on a streaming service, or listening on the radio on my website, kind of everywhere, we are going to be talking about most businesses now what’s happening to them? How are they attacking to new statistics out, we’ll be talking about how to keep some of your legacy software safe. If you’re using Windows seven, or if you’re using an older version of the software, because you haven’t been keeping it up to date, which is like what all of us right? We’re going to talk about what you can do some effectiveness, concerns about privacy, limited facial recognition, adoption, what’s going on there. We talked a bit about that last weekend, downtime and costs. If they have gone up here. ransomware attacks are hitting businesses and individuals even harder than at any point in the past. So what’s that all about? What are the simple things you can do to help protect yourself against it? We’re going to talk about some employee training you need to do if you are a business person, regulatory compliance, what’s the perception? What’s the reality, we’ve seen a lot of businesses that are doing what we’ve been calling pencil whipping some of these forums that are trying to figure out whether or not they have complied with some of the laws, rules, and regulations. We’re going to also talk about the Jeff Bezos phone hack today, and about a warning coming out from the FBI about job searches online. So a lot to talk about today. And we are going to start out with half of the organization’s worldwide were successfully finished in 2019. But can’t even talk right now. This is something that’s very concerning. Now. It isn’t as bad as it used to be phishing attacks used to be almost 100% effective. Of course, these are the types of attacks where someone sends an email. And the email is trying to get you to help this Prince in Nigeria, or whatever it might be. Those are phishing attacks, I’ve gotten a lot more sophisticated to the point where they are today, where we warn people to not even put information about who the employees are even physical access or addresses of the businesses, if they are not, obviously a walk-in type store because that is being used online by the bad guys. They go to your website, they figure out who the CEO is, who the CFO is, whatever information they might need. And then they use that now to go after you and go after you in a very bad way, frankly, because we are falling prey to it. And we’re going to be talking more a little bit later on a couple more segments about what is the cost to businesses right now. Some of the phishing attacks, because you remember, they will use phishing for a number of different reasons, not the least of which is to get you to install malware on your computer. You know, unbeknownst to you, right? It’s not as though you purposely are selling malware. But we’re going to talk about that here in just a few minutes. There is a number of companies out there that do various types of simulated phishing attacks. And the idea behind these is that they will go ahead and send your employees emails that are based upon the latest phishing attacks, right, the type of phishing attacks that have been going on for the most part, and they will record whether or not each employee has clicked on a link that they shouldn’t have clicked on. So obviously, when they click on it, it goes through the software that’s tracking them and knows what they did. And you know, now they’re in trouble, right? Because they did what they shouldn’t have done and they will usually have some remedial training for these people to help to build awareness, help them understand what it is really what’s going on what they should be doing what they maybe shouldn’t be doing. All of that stuff pulled together. Well, one of the companies that does this fishing susceptibility testing along with the security awareness training is called proof point. And they take a look at all of their numbers and try and roll them together. So this report that I’m looking at right now is examining global data from nearly 50 million simulated phishing attacks that were sent by proof point customers over a one year period. And they also did third party survey responses for more than 600 information security professionals in all of the major countries out there, not some of the small ones. And they put this all together. So basically, it’s 3500 working adults who are sitting paid for that part.
Now, here’s what they found. Here are the tips for you. If you are a business person if you’re responsible for it within an organization number one here in the Help Desk security article is effective security awareness training, must focus on the issues and behaviors that matter most in organizations’ mission. Obviously, that’s kind of corporate-speak, right? But he’s saying that really what we have to do is look at what our assets are, what our mission is, as a company, and you know, value those what is the value of those, what should we be doing, when it comes to our data, the things that we if we lost, we would go out of business or we might get fined, that might come after us, etc, etc. So he goes on to say we recommend taking a people-centric approach to cybersecurity by blending organizational-wide awareness training initiatives, targeted threat driven education. The goal is to empower users to recognize and report attacks again, oh my gosh, you know, this is the sort of thing that you get from a PR agency, right? I doubt the guy actually said that. But it really is about people. We have various types of automation. If you have the basic stuff like you’ve got antivirus, and you’ve been listening to my show for a while, you know, anti-virus is zero percent effective against the latest types of attacks. And it is not effective at all. antivirus software in this day and age is pretty much useless.
Now, you should be using it as part of a bigger stack of security software and procedures and things. But bottom line, it’s just not that useful. And they’re also saying that end-user email reporting is critical. They’re showing that the number of reported email messages jumped significantly last year. And that’s a really big jump at about 67%. So make sure if anyone in your organization has any questions about an email, they’re thinking it might be a fake, it might be, you know, a problem phishing, etc, that they forwarded to you. Now we’ll go a step further because of my company mainstream, we go ahead and work with the FBI and state investigators. When there are serious problems. Obviously, we will work with the company to it’s not as though we’re going to squeal on them. But we haven’t covered numerous foreign government and also organized crime hacks into businesses. So if you’re not reporting it, nobody’s going to know and nothing can be done about it. So here are the key takeaways from this last year. More than half it’s 55%. I’ve surveyed organizations dealt with at least one successful phishing attack in 2019. That’s a very big deal. That’s a very scary thing, frankly. And info security professionals have reported a high frequency of social engineering attempts across all kinds of different methods. 88% reported spear-phishing attacks, 86 business email compromised attacks, those are the ones that are hurting our businesses most and those are the type of things where they’re faking that they’re a vendor or they’re the owner and they’re asking people to wire money around. So be very, very careful. smishing is fairly new, but 84% of the businesses are saying that they had SMS and text phishing attacks that’s way up. 83% said fishing which is voice fishing, and 81% reported malicious USB drops isn’t That’s something 65% of the surveyed infosec professionals said that their organization experienced a ransomware infection in 2019. That is high, high high. Now, you know, the FBI advises to never pay a ransom. But a third of all organizations opted to pay the ransom. And we’ve seen that even in cities that have been attacked by ransom, or that they did pay ransoms. 32% did not have those who negotiated with attackers 9% were hit with follow up ransom demand, and 22% never got access to their data, even after paying the ransom. So keep that in mind. And the other statistic that I’ve seen before from the FBI says that even if you pay a ransom, the odds are only 50% that you’ll get all of your data back. Remember, these guys aren’t writing great software. In fact, most of them aren’t even writing this software at all. And what that ultimately means is it buggy? What do they really care as long as they get some payments right? organizations are benefiting from the consequent model. 63% of organizations take corrective action with users who repeatedly make mistakes. So I think that’s an important thing. Many working adults fail to follow cybersecurity best practices. 45% admit to password reuse, which is one of the biggest sins, frankly, that you can commit is reusing passwords on multiple sites, more than 50% do not password protect home networks. And 90% said they use employer-issued devices for personal activities. These are all things they shouldn’t be doing. In addition, 32% of working adults were unfamiliar with VPN services. One of my pieces of training was about VPNs. You might find it I think it’s still up on YouTube. But how VPN services are in some cases worse than not using a VPN at all, you’ve got to be careful because some of these VPN services that are out there, they’re actually having new use their service so they can track you online, sell your information. So the VPN service is only charging a few bucks a month, or heaven forbid, free. You really have to wonder just how good is it. So follow those practices need to understand the common cybersecurity terms. I don’t maybe I should do a little training on that one too so that people know what’s up. And Millennials are continuing to underperform other age groups in fundamental fishing, and when ransomware awareness, so stick around when we come back, we’re going to talk about keeping your legacy software safe. Are you still using Windows seven, eight or maybe something else? It’s kind of old. Stick around. We’ll be right back. You’re listening to Craig Peterson on WGAN.
Hey, welcome back, everybody, Craig Peterson here. If you have a computer that’s been around for a few years, have you stopped and had a close look to see if it’s reached its end of life. Now I’m not talking about the hardware is about to fail or fall apart. You know, that’s something I think you can deal with and everybody knows to deal with. And more importantly, if the hardware falls apart and stops working, you have to deal with it. But what about the software that’s on your computer? What about the software that is, has been installed and it has been there for who knows how long? When was the last time you actually updated it I walk into customers’ new customers all of the time, and they are running really old software? And man, I can’t tell you how many times I’ve walked into a place and they’ve got a database. It’s Microsoft SQL Server, server, and they have just got a development version there. They’re in. In fact, they bought the software. And the software vendor gave them a free development version of SQL Server. Even though it’s in production, even though they’re supposed to be paying for a full license, I see it all the time. And then because they don’t have a full license, in fact, they don’t even have a legal license to use it in the business environment. The next problem happens, which is they’ve never updated SQL Server. We used to see this all the time with Windows where people were using a hacked version of Microsoft Windows, versions of Windows that were never licensed, never licensed properly. We don’t see that as much anymore. But what we are seeing is software that’s passed the end of life including windows As of mid-January January 14, 2020, Windows seven Microsoft is no longer supported for security updates, at least unless you pay Microsoft a small boatload full of money. They are providing it, but they are charging money for it. And now the last subscription I saw for security updates for Windows seven was about $80,000 a year. Now, I don’t know about you, but I think that’s a little bit pricey. So now you end up with the problem of Okay, so I am running old software, maybe even Windows XP, we see that all the time in the manufacturing business, where they’re controlling systems and control systems running XP. So what do you do now? Because if you upgrade your base operating system, that means there is software that you’re running that may not work with the new version of Windows. And frankly, that’s probably the number one reason we see from people who don’t upgrade and don’t want to upgrade because it’s could end up being a very bad thing for them a lot of pain, right? Well, Windows seven is already past its support window. And we’re Windows Server 2008 will officially be ended just this past week. So if you’re running Windows Server, which a lot of businesses are, right, you’re using Active Directory server as much as I don’t like it. Most of our customers use it because there’s not really a whole lot of other options for them. But it’s really significant here that these older operating systems are no longer going to get routine security updates and patches going forward. Windows seven, believe it or not, is 10 years old now. And it’s still in style. It still works. And according to StatCounter, Windows seven is still deployed on one out of every four Windows machines. So That means you are probably like everybody else out there and is still running Windows seven or some of your machines. And part of the reason for that may be because you’re concerned about doing the upgrade, right, and update. So we’re going to talk a little bit about that some things that you can do. But first of all, I want to give you a couple of warnings, because I think I might have to get you out of that feeling of invulnerability that you might have Windows 720 19, there were more than 1000 vulnerabilities that were found over 1000 in just 2019. ingest windows seven alone. So businesses are facing a very real security risk by using any of these products after their security updates pass.
But you know, can you migrate? Yeah, obviously the answers. Yes. Can you do it quickly? Well, Not necessarily quickly, and certainly not immediately for most people. So most businesses are finding they’re using the sound supported software for months, years or even decades later. And Kaspersky research, which is a Russian company that does all kinds of stuff when it comes to security, they got some pretty decent security software. But the problem you and I think you might find with their security software is it’s from Russia, and the US, the federal government has come out and said, Don’t use Kaspersky. So I can see that I can see why they’re saying that but they’re reporting that 40% of very small businesses, so 40% of businesses under about 10 employees, and about 48% of small and mid-sized businesses. So the bigger businesses that should have the ability to do upgrades are still using unsupported software and software that’s approaching the end of support. So you got to be very, very careful, okay. And if you’re a manufacturing company, or you have industrial control systems, you might have an H HVAC and an air conditioning system in your building that is hooked up to your network connection, so that the technicians can get in remotely to look for problems, maybe the systems call home, to let them know that, you know, your coolant pressures too low or whatever the problem might be. Those types of systems can be some of the worst to some of those, as I mentioned, before, we’re finding we’re still running Windows XP. And that is way, way out of date. So you know, have a look at all of those to man, we could go on for a long time about the problems that we’ve seen, and some of the problems that you need to take care of. But when we’re talking about 24 seven operations, so we’re moving on to the next level. Business kind of manufacturing or maybe you have a help desk where people call it 24/7. And those systems are up and online the whole time, it becomes even more important becomes even more critical. If a new vulnerability is discovered, I really have to emphasize here you have to take extra precautions. So what do you do in the meantime to protect yourself, here are some tips for those of us that are still running older software? And as I said, we’re talking about what 50 60% of us frankly, our and a third of us are running unsupported versions of Windows. Number one you could do is buy extended support. Now, this is probably the least attractive option for companies that don’t have a lot of cash lying around but it is the most secure. If you’re an enterprise customer, you which means, by the way, you have to use any enterprise versions of Windows, not the stuff you got when you bought your laptop from staples or, or just from regular old Dell, okay? But enterprise customers can pay Microsoft for extended support through January 2023. Now, it’s very expensive. Okay, so the price is going up every year. So be very careful with it. We’re talking about million dollars worth of expensive, okay, so very, very big deal. If you’re still running Windows XP, the cost for extended support for an organization with 10,000 plus machines leveled out at just under $2 million a year. real money. It’s crazy money. So that’s probably out of the question for most of us. So next up, here’s what I’ve done for a lot of customers and I can help you with this if you need this as well. But there are ways to isolate both older machines from your regular network and I’m not just talking about going ahead and doing some network segmentation. I’m talking about having special internal firewalls to isolate these machines, okay, old decommissioned and non-supported operating systems and software that cannot be patched, have to be isolated. Obviously, you also would need to limit user access to the machines and limit what they are doing on those machines and try and keep them safe. And watch for what is called out of band fixes. Some vendors may still issue critical fixes, but you know, keep an eye on it. It could be dangerous. All right sticking around. We’re going to talk about this new facial recognition technology that London is adopting. I talked about it this week, a little bit on my radio and TV appearances. But we’re going to get into a little bit more because it is coming here to the US as well. Stick around you’re listening to Craig Peterson WGAN Online.
Welcome, everybody. Craig Peterson here and online at Craig Peterson dot com. If you haven’t already, make sure you sign up for my email comes out every week on Saturday mornings typically is when we get it all done on time so that it’s out for the show. But I do go through some of the most important articles for the week, a lot of security stuff including what the number one patch that you need to make to your systems. So that comes out at least monthly, my newsletter and these patches are patches to software that is attacking right then and there in the wild. In other words, it isn’t just patched for the sake of patching. It’s this is a serious problem. And if you don’t deal with this problem right away, you could become a victim. So you’ve got to really kind of keep an eye on that. That is part of my newsletter that comes out and you can get that by just going to Craig peterson.com slash subscribe. Well, we’re going to talk right now about the effectiveness and privacy here live and limiting facial recognition adoption. This is something we talked about a little bit about last week as well. Of course, we talked about this company that’s out there doing facial recognition stuff that’s really kind of scares me, because they went and they crawled all of the public photos they could find from sites like Twitter and Facebook and some of these photo-sharing sites. They pulled them all together, 3 billion of them, and they put them into a database, the company’s called clear view, and they recorded where they got those photos from, and then they’ve been offering it right now. To the police, obviously they had ideas about offering it to other people is, you know, ultimately, but the police have access to it. And that’s been a problem. because nothing’s 100% plus at where do we draw? At what point? Do we draw a line saying, hey, my privacy extends even to those things that I posted online? This is a fine line. It’s a real problem. And as we’ve talked about before on my show, ultimately, the law, legs far behind the technology, technology comes up with something new. And then the rules or regulations, follow the laws, which are all coming out well after the fact. Now, sometimes, they try and pass laws beforehand. And that ends up being a problem because we don’t know what all the problems are going to be. So it’s a catch 20 too, right? You can’t, you shouldn’t really put the laws in place until we have the real problems. And then you’re not going to see the real problems with the laws until they’re in place. So we’re talking about something like this. That’s not a perfect technology. How far can they go? Now we know that if you are arrested, and they can take your picture, and your fingerprints, I’ve been doing that for a very long time. There have been a number of court cases about whether or not they can take your DNA. And of course, it doesn’t have to be blood anymore. They can just do a mouth swab. They can get your DNA even from your hair, and know a few mixed results there. I know, basically, from everything I’ve read, the courts have come down on the side of if you are arrested and convicted, then they’ll grab your DNA, and that’s been used to solve some crimes. And in fact, facial recognition has been used to solve some crimes. as well. But should we have the privacy in our papers basically in our documents? And they argue many times police in court, hey, listen, if you’re out on a public roadway, you have no expectation of privacy. And, you know, I frankly, I don’t disagree with that. I don’t think you do have an expectation of privacy. But should it be legal for the police to be tracking you your license plate, taking pictures of you as you go through intersections? Again, where’s that line drawn? And when we’re talking about the facial recognition databases, these things are often wrong. They’ve got a success rate of less than 70%. But what is going to happen when their success rate is 99% that they are showing accurately, who you are 99% of the time.
Now, the next problem with companies like ClearView AI as far as I’m concerned government agencies is how safe is our data in their hands. When you get to the databases that hold the images, they are going to ultimately have vulnerabilities. So our, you know, our biometric information, our pictures, all the way through our fingerprint, Iris scans, the way we walk our pace, the way we speak. All of that’s biometrics. Now, if you lose your password, you can reset your password and have a new one. If you lose the pin for your ATM card, you can go ahead and get a new one, right? It’s pretty simple to do. But what happens if the government the state government or federal government has your photo and it’s stolen, you cannot change your face. You can not change your biometrics at all. So is there any way for us to be able to trust that our privacy is going to be protected? And the answer is frankly, no. And is there any way we can stop the distribution of our facial data? Some states sell all of the driver’s license data. Most states, I think now to whoever will pay for it. So the answer to that question, is there any way we can prevent the distribution of official data? The answer to that is frankly, no. And when we consider the damage that the leak of these types of databases could cause, cause it is freak, it’s just, it’s overwhelming. It’s overwhelming to me. It’s overwhelming to you. And I think we’ve got to be a lot more careful. Now. I mentioned this database company called Clearview AI. That scrubbed the internet found all 3 billion pictures pulled them in, kept track of where it saw the pictures. This is a big problem. But they say hey, listen because they’re getting sued right now. It’s okay so somebody by the name of great Graham Cluley he went to clear view an eyes website and had a look around and what they found is that you can have your photo removed. Yes, yes indeed. Now, they never asked you for permission to use your photo for their app that they’re selling to the FBI homeland security agencies all around the world. No, no, no. All you have to do to have your photo removed from Clearview AI is are you ready? Um, this is straight from like a screenshot from their website. You can send an email to privacy dash requests at clear view.ai. And then you just submit a name a headshot, a photo of a government-issued ID to facilitate the processing of your request. Well, what if you’re concerned about this company’s clear view to AI, losing your data in the first place? Do you really want to send them a picture of your passport or your driver’s license, which now most driver’s licenses are federally compliant? Is that really what you want to do? Well, I think it’s a real problem. Twitter has sent a cease and desist letter to them. Saying that clear view AI violated the policies over at Twitter, demanding any collected data be deleted. I would expect that Facebook is probably going to do something similar, as will these other websites that are out there where they have been scraped and They obviously the website had to find out about it. And now we’re seeing London’s Metropolitan Police Service, starting to use live facial recognition technology to scan public areas for suspected criminals. They’ve been trialing this technology for two years. And they’re going to have this up and running by February 2020 going to be linked to a database of suspects. So, again, this is a problem. Facial recognition technology is just not accurate. What can you do? Well, I think we should all be sending letters to our representatives in Congress in our statehouses, and letters complaining to Twitter and Facebook, about companies like ClearView AI, you’ll find this articles or articles about it up on my website at Craig Peterson, calm and of course, listening to me on WGAN, stick around with me Get back we’re going to talk about the costs of ransomware in q4 2019 and today.
Hey, welcome back, everybody, Craig Peters on here and WGAN online course at Craig Peterson dot com. That’s Peterson. With n Oh, well, we know what downtime is right? businesses have it. And it can really cause havoc, especially a long amount of downtime. When businesses get hit with a major outage, and it can be caused by a fire flooding the major server crash when they’re hit with that sort of thing. It can be devastating. And most frankly, businesses are out of business within six months, with small-medium businesses, basically the larger ones. Well, by law because of Sarbanes Oxley, they have to be able to get back online if they’re publicly traded within four hours. Now, a lot of businesses don’t do that. Although they shouldn’t be doing it and You know, frankly my business we are set up to be able to get back online pretty darn quickly, because you just can’t afford the bad PR the bad customer relationship and the lack of sales that come in because you’re down, right? Nobody can get it anything. Well, there are new and more sophisticated ransomware attacks that are really hitting businesses today and everything from large companies to little guys from state governments to the federal government. And some of these are considered to be the deep pocket target. Now you and I, we can get hit with ransomware. And to us, a $500 ransom might be real money. What is it half of the American households could not come up with $500 for an emergency expense and two, right. So I’m not saying that it wouldn’t be devastating to get ransomware if you are a small office, Home Office, Or if the if it’s your basically just your home computers. But ransomware costs now have more than doubled in the fourth quarter of 2019. According to the latest statistics, so the average ransomware payment has doubled. It is now at almost $85,000. That’s in one quarter. So in the third quarter of 2019, the average ransom payment was about 41,000. That’s the third quarter. So let’s see what the third quarter last year September. Let’s see November or October, November, December is the fourth quarter. And so it would be September, August in July. So July, August, September, the average payment for ransomware was 41,000. And then, in October, November, December, there we go. It’s $4,000 that is absolutely huge. So I did a little bit of digging to try and figure out why did it surge so much? Well, apparently it’s because they are using some ransomware software. It’s called RealLoc. And I always have a hard time with this one, so doing co key B and they are going after the enterprise space. Now enterprise space typically means a medium or large business, as opposed to a small business. But in this space, criminals can really exhort extort serious money, deep pockets for seven-figure ransom payouts. So here is a quote, researchers some cover were saying q4 ransomware actors also began exfiltrating data from victims and threatening its release if the rain Sim was not paid. So it’s not just ransomware getting onto your computer and encrypting your files and saying, Hey, listen, if you want your data back, you’re going to have to pay us, which as you already know, you usually don’t get your data back, right. But they are saying, we have your data, and we’re going to let it go. And there’s a big case about this late last year, and the chairman of the company was but this company had had its data stolen, and it there was an extortion angle on it. They’re trying to get money from the company, saying, hey, if you don’t pay us all of this ransom, we’re going to release the data. And the company said, Okay, well do it because we’re not going to pay that ransom. And the bad guys did release it. Okay.
Now there’s third-party claims over the data breaches now that start to come in. But let’s break down some of these costs. So if and then I’ll get into what you can Due to help prevent some of these problems, but the cost ransomware attacks can vary. Obviously, if you’re going to pay a ransom, there’s one cost, right? Then the remediation which can be very expensive, if you get hit by ransomware remediation companies can cost you in the hundreds of thousands of dollars, then that’s frankly, where you bring us in and we have a couple of people with their fire jumpers certified over at Main stream.net it can easily cost you $100,000 to try and get all of that stuff all your data back, right, get back in business, but all the hardware devices you’re gonna have to do upgrade so all of this stuff you’ve been dragging your feet on you probably gonna have to do so it couldn’t be quarter of a million up to two or $3 million for bigger company. Now there are also some other costs, besides the lost revenue from downtime because now you might have a bad reputation out there. Brand damage can occur here if the business interruption severe enough. If your clients are noticing that you can’t do business if you are a provider upstream-downstream, it can be very, very bad. Now in addition to the ransomware payments skyrocketing according to threat post calm, the average downtime that a ransomware attack causes for a company also increased from 12.1 days in the third quarter to 16.2 days in the fourth quarter. That is absolutely nuts. Now, we have been doing a lot of remediation really for businesses. And one of the things we do for the bigger businesses if they are a public company or their division of a publicly-traded company is we put in equipment on-site for them. So that if their main servers go down, the new, the other equipment, our equipment that’s on-site can take over and it can take over in a matter of minutes. So there’s like almost no downtime, the only thing that might be lost is 15 minutes or 30 minutes, whatever it was since the last snapshot was taken and pushed to us. And then we push that data. Sometimes we do it through leased lines sometimes to do it through the public Internet. We push that data to our data center. And then it’s encrypted while it is over the customer site and before it gets sent to us. So it’s encrypted as it goes over the by the public Internet or some form of a leased line. It’s encrypted when we get here so that we can now sneakernet if we have to, right. So the building, let’s say it burns down, we can immediately recover. And then we take that data and we say snapshot it. And we keep snapshots for a year or more sometimes depends. public companies need to keep seven years of some of these snapshots like the email of the working files, especially companies that are manufacturing something where you have to keep it in, in some cases indefinitely. Like we did some stuff for saffron, which makes blades for jet turbans. And they have to keep their data for a minimum of I think it’s, is it 20 years, you know, whatever the service life is of the engine those blades are put into. So that’s what we do for publicly traded companies. Now that’s not cheap. But they don’t, you know, it just blows my mind how many of these companies that can afford it just aren’t doing it? So when you look at these statistics and say that we’re talking about 16.2 days of downtime if you get hit with ransomware how much revenue is that to them? Especially those companies that are making hundreds of thousands of dollars a day, they’re going to lose that revenue because their manufacturing lines going to be down or their sales are departments going to be offline or their shipping or warehouse or maybe everything which is, which has happened to another division of a public company that we did the work for 25 years. Okay. So very, very, very expensive. And the third Post article goes on to say that this increase from 12 days of downtime to over 16 days of downtime was linked to a higher prevalence of ransomware attacks against these bigger companies, the larger enterprises, which are often left scrambling to try and get their systems back up for weeks. Now, again, that’s something we’ve been doing forever and that’s something You need to be doing if you’re just a small company, having an offsite backup is critical. Having multiple generations of backup is critical. Because what happens if your systems are corrupted because ransomware has come in, has taken them over. And now your backup and backup backs up the encrypted data. So now you don’t even have the data before the ransomware hits. Now you’re completely stuck, right? Because your computer is encrypted, your data is encrypted on your computer. And your data is encrypted in your backup because you just backed up or just as bad or maybe even worse is your backing your systems up to a locally attached disk, right. You plug in one of those nice little USB drives. Guess what the ransomware is doing? It is encrypting that backup drive and it’s also spreading to your Active Directory server and Your business, and it’s spreading to all of the other computers in your business. It does this normally anything it can see any shares any mounts, it’s going to encrypt. And that’s why it takes so long. And that’s why for our clients that need higher availability, because you are required to have a full disaster recovery plan in place if you’re a publicly-traded company or division of a publicly-traded company, and you have to be back on in four hours. That’s why we have equipment sitting there on-site with multiple generations of backups, in case something like this happens in case it gets through. Okay, so nowadays, we’ve got some working descriptors that are pretty good for some of the ransoms that happen. So you have about a 2010 to 20% chance that the data that has been encrypted will be you’ll be able to decrypt it Cisco Talos per usual is one of the lead investigators, researchers and all of this. Those are the guys that we use Cisco talus guys. They’re just absolutely amazing. They’re the ones that back us up. RDP Remote Desktop protocol compromises people misusing VPN. It just goes on and on my brain spins when I think about all of this, but the costs have doubled in q4. So make sure you are doing the right thing. You have good backups, you have multiple generations, that at least one generation is stored off-site, if not multiple generations. And if you aren’t doing that, or if you’re, you know, ISP MSP isn’t doing it for you. It’s time to change because the costs are going way up. You’re listening to Craig Peterson, stick around. We’ll be back here after the top of the hour with more about fishing. What’s been going on?
Hello everybody, Craig Peterson here. Welcome back. I am on WGAN radio and many other stations actually throughout New England but I’m glad you’re joining me right now. Also, of course online, your favorite streaming site and Craig Peterson dot com. Well, today we’ve already talked about most businesses are attacked by business email compromised last year and what that means what are the new types of spear-phishing scams going on? You guys are learning a lot from some of these, just that the terms if you understand the terms you are ahead of almost everybody else out there. We talked about keeping legacy software safe that things like Windows seven, heaven forbid Windows XP or now windows eight is also legacy no longer supported with software patches. We also talk before the top of the hour concerns about effectiveness of some privacy when it comes to facial recognition software. Should we be doing more about that there’s a lot of concerns about the adoption and then downtime and costs have doubled in the last quarter? So q3 versus q4 2019. They doubled when it comes to ransomware attacks a very big deal. And it’s interesting how they’re doing it. I just got a text from my son and my son is as well as a couple of other family members. Somebody who works with me in the business. It’s, you know, mainstream is kind of a family business. We’ve had many people over the years working for us. Now we’ve got about 60 different people who are working in different parts of the company. But when it comes right down to it, it really is kind of a family business. So he just sent me a message that he saw an app News. And of course, as usual, this is really a link to another, another website because Apple doesn’t really publish news themselves. But this is from ZDnet. This just happened on Wednesday this week, a contractor suffered a ransomware infection. Now we have here in New Hampshire, a lot of God contractors, well, actually mostly subcontractors, but we have primary contractors as well. And I know some of you guys are listening here on the show, because I hear from you, right, I know that who you’re working for and what you’re doing. And I think that’s really cool. I love it. But the problem is how do you guys deal with your IT people if they are not competent? How do you as a business person, any business person deal with it? Yeah, how do you even know if they’re competent? At least if you’re listening to the show, which obviously is right now. But at least you know the terms and you have an understanding of what should be happening. Well, this is a very big sub-cut or a contractor to the Department of Defense. It’s called electronic warfare associate ew way. And it’s a 40-year-old electronics company, well known US government contractor, and it got nailed by one of these ransomware infections we were talking about in the last segment today. Not a good thing, frankly. And we have seen all kinds of activity right now. You know, I feel sorry for these guys. They obviously did not know what they were doing and that and I can say that unilaterally. If you get ransomware it’s your fault. Because in this day and age, there are so many great tools. They’re not the ones you get from staples, the not the tools you’re going to get from your break-fix computer shop that They have no idea how to protect you. None at all. Frankly, they’ve been lying to you. And that really bothers me too. Because I hear from my customers saying, well, I spoke with so and so. And this is what they said, well, they may not think it’s a lie, okay, maybe calling them a liar is a little too strong, but they don’t know what they’re talking about. And yet they speak with absolute authority, as though they really know when they this is really the right thing to do. And don’t listen to some guy on the radio, you know, or don’t listen to that new company that came in and did a cyber health analysis for us, or network security assessment. Now, ignore those people because you know, we’ve had a relationship for the last 510 2030 years. Well, apparently, I’m guessing something like that must have happened with this company.
Go right now. In fact, I’ve got a screenshot in front of me It looks like they fixed some of this. But the website for this company is ewe tech.com. And if you do a Google search for them, or if you didn’t want a little earlier in the week, you found out that something was really weird because all of the Google search results looking for e. w. a tch.com. Come back with a jibberish. And it’s jibberish because everything has been encrypted by ransomware. Now, there is a security researcher out there who goes unnamed in this article from ZDnet and it is saying that several of the NWA websites appear to have been impacted, such as sites for the wi government systems IE wi technologies, simplicity key homeland protection Institute and we don’t really know at this point how much of the company’s internal network was encrypted during the incident. But, man, this is a big deal. And by the way, even though it’s obvious that at least these websites of theirs have been encrypted, they have not issued any public statement about the incident. According to this article, this article, as I said is from Wednesday, Thursday this week, apparently, an NWA spokesperson hung up the phone earlier when Zd net reached out for comment about the security breach. This is a well-known supplier of electronic equipment to the US government. Now we have clients who make small things. You know, they make things like parts, they make wiring harnesses, they make power supplies, they make just all kinds of very basic things. And you look at it even screws right fasteners, and you look at ina say, Well, what does that matter? Well, Not a company that’s making all these big electronic things for the government. But really what some of these bad guys are trying to do with ransomware is to fold, they still have the old motive of holding your data ransom. And it can be done two ways now, because the ransoming of the data, in this day and age, is also been done by saying, Hey, we grabbed all of your data before we encrypted it, or maybe we just grabbed all of your data, and we are going to release it to the general public. And the less you pay us a ransom. So they’re making a ton of money off of this. And it looks like according to this unnamed security researcher, that’s the relax dealer update. Now that is exactly one of the things that I was talking about earlier in the show, and we put up an article about that as well on my website, that is two that are being used right now that are not regular ransomware strains. And they’re using it to target attacks on bigger companies that have deeper pockets. Very, very interesting. So keep an eye on this, this is, this is a bad thing, obviously. And it’s bad because it can hit any of us. And ultimately, it is going to come around and hit you. Because you look at the stats we’re talking about that just came out, where more than half of the companies were hit last year. And this is self-reported, okay, half of the companies admitted to it. So they had to first acknowledge or even know that they had been hacked, and most companies don’t even know that they’ve been hacked, the smaller ones, and frankly, even the bigger ones. Look at some of these hacks and major corporations that didn’t find out for six months or more. And all the way through. They have to admit that they were hacked when they knew they were hacked. So we had all of this up. And it’s a very scary world out there. And if I, you know, if I was somebody who had a fiduciary responsibility, if I was sitting on a board and advisory board or a full board member in some company, and I did not know what security really was, and I did not know exactly what was going on, and I was sitting there looking at Oh, well, we have a chief information security officer CISO or our Chief Technology officers, officers taking care of that or my budget for this is huge. I’m sure I’m fine or even worse, a plain ostrich and sticking the head in the sand and just hoping nothing happens. And I gotta tell you from surveys I’ve seen here’s another thing that I think you want to know if you have any responsibility for your business owner. If if you’re the regular old office manager who’s been signed security for the company making sure the antivirus is updated. You already know that that’s not good enough, right? The antivirus just doesn’t work against any of the modern threat, none of them. Okay. And you’re sitting there thinking that everything’s taken care of and you have not brought in a temporary board member advisory board members, someone to have a serious look at your security. Man, you’ve got some serious problems, very serious problems, because this is absolutely huge. And, you know, when it comes to the FBI and some of the other training I do for the infragard and for businesses in general, you know, I’m seeing this everyday people who have the titles, who have the certificates who have completed these programs I’m seeing all the time, and I’ve seen hundreds and hundreds of these people who are heavily relied on the Yet don’t really know what they’re doing. That’s a real problem. Now it’s one thing if you tell the boss Hey, listen, I don’t really know what I’m doing. But I’m learning this and I think we are making the right progress that that’s one thing, but to say, yeah, we are all set. And then as he as a pistol-whipping the forums, right, just check, checking pencil whipping all the way down, checking off everything. Yeah, that’s good. That’s kind of the outcome. And a man. I’ve seen so many businesses doing that, too. So if you are a business owner, if you are sea level, if you are on board, even if you’re on like me, Board of volunteer organizations, you have a responsibility, and you got to take care of that. No, well, anyways, out of time for now. We’ll be right back and I’m going to talk about training employees to spot yet another emerging threat, something that’s really going to nail us. You’re listening to Craig Peterson on WGAN.
Hey, what a fast-moving day today I’ll be having a great day, whatever it may be listening to me on Saturday or any day during the week, a lot of people tend to listen when they’re driving around other people when they are at the gym. And, you know, I just totally appreciate everybody being with us. And that’s why we try and keep you up to date. We’ve got some amazing pieces of training coming up. So I want to make sure that you are aware of them. I’ve been posting and doing a few Facebook Lives, like when I appear on the radio, some of my segments are showing up now over on Facebook and also on YouTube, both of those live channels, so you can listen in and comment. And when I run them live, what I’m doing is I’m actually, Of course, recording them when I’m on the air and then later on in the day. I will run them as live and I will be live there. So I’ll usually post articles in there that I’m referring to, as I’m on the air. And I’m answering questions from people who might have questions as that air lives. So it airs, live airs, there we go. And the idea is that, frankly, it’s even better in some ways and listening to me on the radio, because now you have the opportunity to interact and get some behind the scenes stuff that I just can’t share when I’m on the radio. So the best way to find those Well, I have links on my newsletter, right at the bottom to my social media channels. And of course, you’ll find those easily by just going to Craig peterson.com slash subscribe, and you’ll see them all right there. So let’s get into our next article of the week, and that is a new emerging threat. I’ve talked on the show before about some of the problems that we’re starting to see with deep fakes. I don’t know if you saw the newest star latest Star Wars movie I suspect a lot of you guys did. Because frankly, you know, we’re all kind of sci-fi geeks. I think on this side of, if you’re a tech geek here, you got to be some sort of a sci-fi geek. And as a sci-fi geek, I went, and I saw it and I liked it right. And, man, I remember standing in line when the first Star Wars movie came out. I remember the first Star Trek movie coming out to standing in line all by myself, because No, none of my friends wanted to see it. Or actually, I think one of my friends came with me. And we saw the original Star Wars movie. It was really, really cool. So this was the end of what a 30 year. Man hasn’t been that long. When did that come out? So it would have been around 1980 I think so man, a 40 year long the story arc, which I really enjoyed. I enjoyed it a lot, but in That movie, Carrie Fisher played a fairly major role. You might remember her from the original movies. This was Princess Leia and Princess Leia, ie in this case, Carrie Fisher was still alive, an older woman and she died before they even started filming this thing. And so you look at a new think Well, okay, so maybe what they did is they took some stuff off the cutting room floor from the other movies. Well, wait a minute. Now this she’s older, right? She’s an older Carrie Fisher. And so these movies that they had on the cutting room floor, most of them she was pretty darn young, so those wouldn’t work. And then I realized, wait a minute now because I saw a couple of little errors and it really, I said wait a minute. This is obviously a deep fake. And what they had done is completely computer-generated The character, and it looked like Carrie Fisher, and they computer generated the voice as well it so it sounded like Carrie Fisher Well, it was computer augmented and any rate, this is a huge breakthrough. We’ve talked about it what’s going to happen when they have our president on. On TV, they’re showing a video of him saying that the missiles are flying in five minutes, kind of like Ronald Reagan did right during that microphone test back in the day. What’s going to happen? How are you going to know if it’s legitimate or not? And with more and more money being spent, look at what’s happening right now with Bloomberg who’s looking to spend a billion dollars on TV ads, and where he’s been running ads, he’s actually been rather successful. So what’s gonna happen if he starts I’m like, I’m not saying that Bloomberg is going to do this, but if some candidate who has plenty of money to spend starts just Generating fake videos. Now we already know about a lot of fake stuff, right? Do you remember Paul Ryan pushing old people off of the cliff in their wheelchairs? Right. And that was, obviously satire. Some people actually didn’t think it was they thought he would really do that. But you know, frankly, it’s satire. So it is what it is. But what’s going to happen when this is now deep fake, and it’s the norm and we don’t know what’s what? Well, let’s move this to the next level because we’ve never talked about this before. And I thought that this was an interesting idea. And this is by Ian Croxton, and he’s over at dark reading. But cybercriminals are now starting to use deep fakes. You know what a business email compromise I hope because we’ve certainly talked about it enough on the show before and usually what happens is a bad guy goes ahead and does research on a business. Find out who this CEO is where the CFO is, right? We, you know, the scoop. And then they find out maybe when they’re out of town, who their suppliers are, who their customers are, and then they start sending these emails directed at employees to get them to do something they should never do.
Obviously a problem, right? You don’t, you just don’t want that to happen, but it does happen. Now what they’re doing with some of the phishing scams, where they’re using voice mail and even phone calls, is they’re using computer-generated voices, but not just voices, but the voices of the boss. Take me for example, I have thousands of hours of video and audio recordings that are available publicly on the internet. So it’s easy to get a fix on me in my face. It’s easy to get a fix on my voice. And to computer-generated stuff, right? That does not make sense to you. It’s very, very easy to do all of that stuff in this day and age. So the concern now is that deep fake fraud is going to be hitting us in a bigger way. And it’s going to be devastating for businesses. We talked about this next, this next one here last year, but a top executive at an energy company was revealed to have been conned into paying 200,000 pounds by scammers using artificial intelligence to replicate his boss’s voice. So this guy answered a telephone call. He believed it to be from the German parent company. The request was for him to transfer funds which he dutifully sent to what he presumed was this parent company. In the end, the funds were actually being stolen by sophisticated criminals at the forefront of what I said last year was going to be a frightening New Age of deep fake fraud. And that’s what Ian is bringing up here again. And I’m glad he is he’s only what about how far behind us as eight months behind us, but this is going to be a very, very big deal. There’s an example of a journalist and you can find these things out on YouTube, who paid 550 bucks to develop his own deep fake and he took the face of Lieutenant Commander Data from Star Trek next generation and put it over Zuckerberg Facebook two weeks to develop the video. You can find it online very easily. Just search for Lieutenant Commander data Mark Zuckerberg deep think, and you’ll find it. So deep fakes are going to thrive in the modern workplace. There’s no request, employees want to do what they’re supposed to do they want to please their bosses. So we need a new era of employee security training. Frankly, a deep fake detection challenge was announced by Facebook here recently. There’s work going on which is a lot of work going on. But I want to make sure you guys all tell your co-workers to keep an eye out for deep fakes. Because you might think the calls coming from the boss and it isn’t just going to be the boss’s phone numbers showing up on the caller ID now, it’s going to be the boss’s phone number and it’s going to sound like the boss. And that’s where it gets to be a real problem. All right, stick around. When we come back, we’re going to talk about how you as a business and a consumer are going to have to weather this storm. That hasn’t happened because of GDPR CCPA, or PDPA and more stick around. We’ll be right back.
Hello, everybody, welcome back. Craig Peters on here on WGAN online as well, of course, at Craig Peterson calm. You know, consumers are always looking for protection and we have various consumer protection agencies out there. And Congress is trying to do something to protect our privacy. The big questions to me are, where are the lines? Is Congress really going to help us or hurt us? Right? All of the normal things you would expect me to question Congress and these laws, rules, and regulations. GDPR came out a couple of years ago over in the European Union, and it was designed to help protect not just the data but the identity of citizens of the European Union. GDPR, By the way, stands for the general data protection regulation. It gave them a bunch of rights, including the right to know what data the company was keeping about them keeping on them. It also gave them the right to be forgotten that if you saw something you didn’t like on Google results or some other website, you could request that data be taken down, and they had to take it down. Now I kind of like this, because of some of the warnings have given my kids I can see it happening. But I like it when you’ve got people in their teens and 20s posting stupid stuff online, right, the silly things that kids do in college and before, and it’s online, and it lives forever. And now you are looking for a job. The first thing that employers going to do is do a Google search for you. And once they’ve done that Google search, guess what comes up those videos those photos of you doing things and, and also, you know, some of this stuff that you had posted some of the stuff you had written some of the tweets that you put out. So how does that all work? How are you going to get rid of it if you don’t have the right to be forgotten? And there are obviously multiple sides to that one, but I kind of like that. Well, if you are a business person, your business has a responsibility now to comply with these laws. And what a lot of businesses in the US did is they said, oh, we’re not gonna be able to comply with all the GDPR rules and regulations. So we are just going to block access to anyone coming from the European Union. And they did that and some of them It took months to get their systems rewritten and designed so that they could handle those new rules and regulations from the European Union.
Well, that’s all well and good. But now you can’t just do that kind of blocking anymore. Because those types of rules and regulations are nowhere in the United States. As of January 1, 2020, our friends in California have a new log in live should say in place. It’s called the California Consumer Privacy Act. That’s the CCP a. And that act is basically doing the same thing that is being done in the European Union. And if you think you’re compliant, or you’re not going to have to comply with this, I’m going to go through some stats I think might really surprise you. California also has something called the PD pa which is the personal data protection act is not California, I mean, Singapore, okay. So there is a growing set of rights Relations. There are regulations in most states to some degree. states like New York and Massachusetts, and obviously California has laws that are much more restrictive about personal information. And there are more and more than coming online. So it frankly, is a very big deal. But here’s what people are starting to realize. There was a there’s a company out there called Capgemini. And there was some research published last fall by Capgemini. And they found that only 28% of firms that must comply with the European regulations, were actually in compliance. So about a quarter of the firms as of last year in the United States that were required to be compliant with the European Union were actually compliant. So that means 75% percent of businesses here in the United States that have customers or even people visiting their websites from the European Union. 75% of those businesses are not compliant. And yet, at the same time, there was the research that was done of companies asking them, are you compliant with the European rule rules? And 78% said, Yes, we’re confident that we are compliant, even though an actual audit showed the exact opposite that 75 almost 75% it was actually what 72% were actually compliant. So more than 18 months into the California regulation, how many of our companies that have people visiting our websites from California or the have customers who are based in California, how many of us are compliant? It’s not as though this came out of nowhere this rule, this regulation has been in place now, for over a year. It’s just that as of January 2020, this regulation has some serious teeth to it. Now, we got a call from another company, who is based in New York, and has some of their work workers out in California, and definitely has customers in California. So they absolutely have a legal Nexus to California. And they said, Hey, we want to make sure that we’re compliant with this new California consumer data or Privacy Act.
So we put together a proposal for them. And just to examine everything now they have some of their own systems, some of their own software, that they’re keeping customer data. And everything else. And it’s basically it’s going to cost them 30 to $50,000. Just to have us do a deep dive for them. Now, this is a bigger company, they have some of the money to do it. Well, frankly, they have all of the money to do it, and they should be doing it. At this point, I don’t know if they’re going to do it or not. But that 30 to $50,000 is just to look at their existing systems, and tell them what they need to do. So this growing set of regulations in California, and regulations that are growing nationwide because the federal government is looking to take those California regulations and put them in place. So this growing set of regulations. Well, I think crucial to consumers, and something that businesses should have been doing a couple of years ago because of GDPR. The European regulations Something businesses should have been doing anyway is not going to be cheap. It is just not cheap. And then if companies are found to be out of compliance, Wow, now it’s really not cheap. Because if you are out of compliance penalties upwards of 4% of annual global revenue. So the 12 major fines that are been handed down since this European regulation went into effect in May 2018 are almost $400 million spent on fines alone. So the cost of compliance is very big, but the cost of non-compliance is even bigger. So the truth is that privacy is almost dead. So we’ve thrown our hands up. We know our private information is out there. And this is the government’s response. Try and get control of it. And if you are a business, make sure you do at least two of these three steps and I can send them to you. Just email me at Craig Peterson calm. I’ll be glad to do this for you. One, identify your sensitive data to know who has access to it and who has access to it, and implement controls over the access and make sure you keep them updated. So there you go. You’ll find a little more about this online at Craig Peterson. Calm on all always more than glad to send you guys more information. You know, I don’t charge for any of that stuff. Right? And you just email me at Craig Peterson calm. I’ll be glad to get back to you. All right, Take care, everybody. We got oh man, only one more segment we’re going to talk about the Jeff Bezos hack and online employment scams. talking fast next time, stick around
Hello, welcome back. Craig Peterson here listening to me on WGAN or online, your favorite streaming app, whatever that might be. I’m kind of everywhere. I’ve been doing this for a long time. Hey, we’re going to talk right now about our friend Jeff Bezos says his stock has been kind of interesting this week. Well with the whole coronavirus and everything going on. Plus, it turns out I don’t know if you heard Amazon was able to secure some warehouse space down there in New York. So is obvious that ao sees district is not going to benefit from those jobs because she made sure that they couldn’t get in there, but they did manage to get in. Well, Jeff Bezos had a very public divorce happen. You might remember this. Of course, he is the richest man in history. And his ex-wife walked away with billions Now this story gets kind of interesting when you turn the time back because what we just found out here in the last week is that Jeff Bezos, his iPhone was apparently hacked. Now I can hear you saying I’m Craig iPhones hacked. I thought you said iPhones were impenetrable. Well, obviously, nothing’s impenetrable. If it has a plug or any sort of a wire, it can probably be broken into right. That’s kind of the bottom line. But in this case, this backstory is interesting as to what happened here. It wasn’t iOS. It wasn’t the iPhones operating system that appears to have been the problem. It appears to be an application that Jeff Bezos was running on his phone. And it might be an app that you use. And I am a little concerned that, you know, if you’re using it, you could be in trouble. But at the same time, I think they probably have the vulnerability that was used. We remember Jeff Bezos bought the Washington Post. It, of course, is a fish wrapper down in Washington DC. It had had it had a just an amazing past some of the things that they’ve exposed on both sides of the aisle, but primarily, they’ve always been a little left-wing. And now, for the last two, what 20 years they will basically since Ronald Reagan, they’ve been extremely left-wing. And Jeff Bezos bought this paper. And one of the journalists that wrote for The Washington Post name was Jamal Khashoggi. Now, this guy, Jamal Khashoggi was, by all reports, not a good guy. And he was of you know, this whole dispute he was involved with between Israel and the Arabs and, and the attacks that were going on over there, that very well, let’s just say he’s an interesting character, right? That’s just kind of trying to put it a nicely interesting character. Now, you might also remember that he got some sort of an invitation to a Saudi embassy. And apparently, while he was there, there are recordings that were leaked of him being murdered. And apparently he had been dismembered and his body disposed of it, just a horrific, horrific story. Now, the Washington Post had decided that since just Jamal Khashoggi was a journalist of theirs, that they had to do something and so they did. They really criticized heavily the Saudi royal family, and in particular, they ended up criticizing the Crown Prince of Saudi Arabia.
Now, this is a very interesting problem here because Khashoggi wrote articles for Jeff Bezos, this paper with titles like Saudi Arabia wasn’t always this repressive. Now it’s unbearable. Another one Saudi Arabia’s Crown Prince already controls the nation’s media. Now he’s squeezing it even further. Apparently the Saudi leadership ended up bribing Twitter employees to find out who some of the tweets were coming from that were anti, the Saudi Arabian government. And, and we know that it has been very repressive over the years. I guess we can chalk that up to another country, I’ll never be allowed to go to right after the criticisms. But against this whole backdrop of the murder of Khashoggi and the not obviously not slandering, I don’t think because I think they were right. Saudi Arabia, billionaire Jeff Bezos accepted an invitation to this dinner party in Hollywood, which was attended by Saudi Crown Prince Mohammed bin Solomon, as well as some friends. So apparently, Bezos was at this party on April 4, 2018. And Bezos and the Saudi Prince made a key exchange at dinner. And that’s where the problems apparently started. Because Bezos has an iPhone x. That wasn’t the problem. The problem was apparently WhatsApp. Now I’ve got a well so add that there are denials all over the place here about the Saudis been involved in this. There are denials about WhatsApp being the source of this problem, but I’m reporting here, what’s in the news right now and then The explanations I’m reading from a technical standpoint are reasonable. So I, I’m repeating them because they do make sense to me. So apparently on May 1, so about a month after exchanging these keys with WhatsApp, the Crown Prince is sent a message to Jeff Bezos, his phone through WhatsApp, and the message apparently is an encrypted video file. And it’s later established according to secure World Expo com. It’s later established with reasonable certainty that the videos downloader infects Mr. Bezos, his phone with malicious code. Now, there’s a lot more evidence as referred to in this article. But basically what happened is that the record showed when they went back and looked at the phone and they looked at the data utilization Through the vendor of the data for his iPhone increased by almost immediately by more than about 30,000%. absolutely crazy. So all of a sudden, his iPhone started sending data out. Well, it wasn’t the iPhone per se, it was the WhatsApp app. And it was sending it out and just crazy amounts of data being stolen from it within hours of that video message being received from the Crown Prince. Now, experts are saying that the most likely explanation for this data being taken out was the use of mobile spyware. Then there are some out there, there’s NSL groups Pegasus, or the hacking teams Galileo, but we’re talking about more than six gigabytes worth of data that was removed. One wasn’t removed. It was sent from his phone So the allegations go on and on here. But basically, what apparently happened is they got a hold of Jeff Bezos, his videos and photos. And, man they’re all of a sudden there’s this online campaign against Jeff Bezos and October 2018. And Top trending hashtag it isn’t Saudi Twitter is boycott Amazon. A single photograph is texted to Bezos from the Crown Prince’s WhatsApp account with an image of a woman resembling the woman with whom Bezos is having an affair, months before the affair was publicly known. So the Daily Beast in February 2019 ran this article how the Saudis made Jeff Bezos public enemy number one. So basically what happened here is is what tap was having It was then used to embarrass him and start the rumors, or at least more rumors about him having an affair, which ultimately led to Jeff Bezos, his divorce. And that ended up costing him I’m trying to remember now, but it was, it was in the 10s of billions of dollars. don’t remember the exact number. Now, if your WhatsApp users are going to happen to you, I can say, generally speaking, Whatsapp is considered to be safe. Personally, if I have and I had an iPhone, which I do, I would use messages from Apple. Much, much safer than almost any third-party app out there. There are a couple of companies that I trust silence one of them, but I would use I message the hands down before I would use WhatsApp no question about it. And you know, it doesn’t mean that your iPhone is not 100% safe or the It’s Android is 100% hackable. But in both cases, you got to be careful. One more thing to warn everybody about and this is unemployment scams, according to the FBI are on excuse me, employment scams, according to the FBI are on the rise. And they’re saying that the average victims losing $3,000. Here’s what’s happening. People are hearing that it’s a great job market. So they’re going online. They’re looking for new jobs, looking to see Am I being paid enough? What’s going on? Well, these cybercriminals are getting people to apply for non-existent jobs, and getting their personal information like social security numbers, home addresses, and then on top of it all, having them send money to the criminals, which is absolutely amazing. Big, big fraud out there going on. Right now there. The FBI knows about 50 15,000 incidents that account for more than $45 million in losses so be very, very k very careful online. If you’re interested in a job, I can send you a document here that we have called guidelines for a safe job search. Obviously you can look for that online too, but guidelines for safe job search, just email me me me at Craig Peterson calm. I’ll be glad to forward that along. The FBI statement says applicants are contacted by email to conduct an interview using a telephone application. According to victims, cybercriminals impersonate personnel from different departments including recruiters, talent acquisition, human resources, and department managers. So there you go. By the way work at home jobs that pay high initial salaries for inexperienced workers is another sign to question the job posting is if that shouldn’t be obvious to everybody. So today we have been busy, I’ve given you tips and solutions to solve a bunch of security and other problems we talked about today. Email compromises going on legacy software, save the privacy on facial recognition, systems, downtime and cost doubling on ransomware. So what you can do to protect yourself, we’ve covered all of that and of course more, and you can find it. You can just go online, you’ll see it posted on my website at Craig Peterson, calm. You can follow me on Facebook. I have just tons of great stuff up there every week. But by all means, make sure you subscribe to my newsletter. To get all of this every week. Craig Peterson calm, slash subscribe. I don’t sell it. I’m not going to harass you. I’m going to give you good great information and training. Have a great week and we’ll see you online Craig Peterson dot com.
Transcribed by https://otter.ai
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: