For being locked down do to this Pandemic there is certainly a lot of technology in the news this week. So let’s get into it. President Trump issued an Executive Order to protect our Electric Grid from using equipment not manufactured in the US, Microsoft Teams is under attack, Phishing and Ransomware are in the News and What will Post-COVID Business look like? So sit back and listen in.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine Generated Transcript:
Craig Peterson: Hey everybody, welcome Craig Peterson here on WGAN. It is quite a week. I just can’t believe how fast time is going. So many people are at home with nothing much to do, they’re watching Netflix, et cetera, and I am busier than ever just trying to help people out and I’m going to be doing more free training and stuff over the next couple of weeks.
Now I’ve just been so, so busy. I don’t know if you’ve heard any of my features here on the radio station. They’re supposed to have started airing, I guess we’ll see if they do air, but I’m putting together these kinds of filler things that are a couple of minutes long.
The whole idea behind them is to really help. People with just various technology issues. You know, me, I’m focusing on security because that is what seems to be lacking the most, and especially when we’re seeing what we’re seeing right [00:01:00] now, which is all kinds of people. Just getting everything stolen from them. It Is crazy what’s happening.
You know, we’re all working at home right now to some degree. Many of us, obviously you still have to go in and. You know, in foodservice and manufacturing, et cetera. But even with that, the bosses aren’t necessarily all there. Some people are getting sick and are staying at home for very good reasons.
I think we’ll see more of that in the future. Someone gets sick instead of the old American worth work ethic of going in and getting everybody else sick. I think we’re going to see a lot more of the, Hey, I’m going to stay home because I’m not feeling well. This is going to be interesting because so many companies have these sick policies, sick day policies that I’ve never liked particularly.
I think some of those will change too, but what is going to happen here in our post-COVID world, right? We’ve got this COVID-19 of [00:02:00] course the Wuhan virus causes the disease. it’s also called, what is it, C O V I D SARS-2? Remember SAR. SARS had a much, much higher death rate than COVID-19 is turning out to have.
But there are many, many people that have this. And we’ve seen some statistics now coming out saying that even people that are staying home, this one hospital this week did some, a little bit of research and found that 60% of their patients had quarantined in themselves at home. Now that tells you something too.
We, we still don’t know enough about this whole WuHan virus and the diseases that it might cause. Some of the symptoms we kind of know, obviously when it comes to respiratory problems, is an acute respiratory disease, which is what SARS is. Yeah, we know the basics of that, but man, the stuff we’ve been hearing about people having circulation problems, having legs amputated, even people who are [00:03:00] in good shape, you know, I hate to see it, but I can understand a diabetic having problems, right.
And maybe ultimately having a leg amputated because of circulatory problems that come with diabetes or circulatory problems that come with being morbidly obese or even just obese. Those all kind of make sense to me, but. I don’t know there’s just so much we don’t know.
One of the things we’re trying to figure out is what does the business looks like? What is going to happen? And there’s a great article that came out in the computer world just this last week that is talking about telecommuting. I think it’s really kind of an interesting thing because what we’re talking about is a disease that’s going to be affecting us probably for the next 18 months to two years now.
I don’t mean like the whole country or world is shut down for that period of time. Obviously that would be catastrophic to everyone. We would have people dying of starvation if that were to happen, but what I’m talking about is really kind of like what happened with the Spanish flu. You know, every last one of us has had that flu that happened in 1918 and unless you’ve been an absolute hermit that I’ve never had any food, you didn’t grow, et cetera, right?
It just sticks around. And that’s going to happen with his WuHan virus. Well, it is going to be around forever, frankly, now that it’s been thrust upon us, however, that came to be. Depending on whether or not we’ve got a vaccine. We’ve got some really good treatment when they’re in place.
That’s really going to be the point where we try and get back to usual. I don’t know. It’s so many businesses are doing layoffs. One of my sons. His boss was just furloughed and a couple of his team members were furloughed. He’s [00:05:00] kind of low end to management. He has a team that he supervises, and so the supervisor, one of the supervisors of the team supervisors got laid off.
So when the business gets back going again, are they still going to have that extra layer of management in the middle? I don’t think so. And some of these team members that were laid off are not necessary, you know, not, not talking about my son here, but just in general. But some of these team members that have been laid off in businesses are not necessarily the best of employees.
So what does that mean? The owners and executives and businesses are going to have to find themselves running businesses in very different ways. I talked this week a little bit with Matt. Of course, I’m on the radio pretty much every morning during the week on different stations, but I was talking about what is [00:06:00] happening.
What are we looking at? Where’s this going? And one of the things that came up was, Hey, listen, we have these executives at the C-level. We have all of these people down, the front end, is that going to change the way most businesses work? And obviously I think the answer to that is yes, right? Absolutely.
Yes. The vast majority of the burden to put together these new businesses and new operations is going to fall to the people in information technology. That’s exactly what we are doing. So we’ve got to have it, executives, starting to talk about what does the business look like going forward? What should they be doing?
How can they have an infrastructure that works for the employees and that is safe and secure because the bad guys have [00:07:00] redoubled their efforts and there are so many opportunities to them now because there are fewer eyes watching everything? Right now. Working from home is a term. That many people are using.
And frankly, if you want to guarantee that the business change is going to fail, maybe you just call it working from home. Telecommuting on a corporate basis can work, but that’s not everybody. That’s not where we’re all going to be here when we’re talking about these multibillion-dollar companies.
Barely any of them had true corporate work at home or telecommuting pre-COVID-19 now, some of them did in some cases, but frankly, the big distinction between work from home and corporate telecommuting is that [00:08:00] they thought work at home was an occasional thing for convenience. So, or you’re not feeling well today. There’s a blizzard, there’s a big storm out there, or there’s a power outage at the main office because they’re, they’re doing some construction. Some businesses also said, Hey, listen, every Friday during the summer, you know, you want to stay home once a month or whatever, just go ahead and do it and work from home.
That’s not corporate telecommuting. Telecommuting is where the employee or the contractor, these people who are working on a gig basis are based at the remote location full time. Now I’ve talked a bit about the gig economy. And gig workers before on this show, and I’ve talked about it many times on, on the radio and TV, but in case you don’t know what that is, the gig economy is a major change.
We started to see a few years ago where people, particularly businesses, were looking and saying, Hey, listen, we don’t need to have all of these people on the payroll. Because in reality, this job is part-time. So why would we pay someone full time when it’s a part-time job? And why would I have one person working at it when I could have three, four, or five people working at it when necessary.
So all of a sudden there’s an uptick in my business. Instead of having to try and find someone else, hire someone else, bring them in or, or turn down the work because I can’t possibly handle it because I only have this one person who was part-time before. What we ended up doing is saying, Hey, How bout we just find people to do this one narrow thing, and the more narrowly the task can be defined, the better of the businesses because the cost goes down.
[00:10:00] The more complex a task is, the more expensive it is. And you look at something like Amazon Mechanical Turk in case you’re not familiar with that service. Amazon has, there are people who maybe some of you guys are doing this, who sit there and do very small, very narrow tasks for typically a fixed price.
So it might be, get me the phone number and name of this doctor in this town. And you’re paid a penny or whatever, 5 cents for doing that very, very narrow task. So they can go ahead and they have someone else saying, find me the name of all of the doctors that meet this criterion in this town and get me their names, their phone numbers, and their addresses.
Much, much cheaper to break all of that down to the business. So they’re looking at things like Mechanical Turk, but they’re also looking at sites like Fiverr, which I’ve [00:11:00] used before as well. F I V E R R.com and if you go to fiverr.com in fact, let me go there right now while we’re talking, you can find people to do almost.
Anything for you. It says right on their homepage here, find the perfect freelance services for your business. And most of these are very narrow tasks. And their original idea is you, you know, five bucks, they discharged five bucks for it. And, you know, isn’t that. or more reasonable thing than having to have an employee and having to have all of the expenses involved.
All right, so I’ll stick around. I wanted to finish this up here. A little bit of wandering and meandering as we’re talking about. What does the post-WuHan virus world look like in the business space? You’re listening to Craig Peterson, on W G A N and online at Craig Peterson dot com.
Craig Peterson: Hi guys. Craig Peterson here on WGAN and of course online at craigpeterson.com. We were talking before the break, a little bit about the post-Covid 19 world. And I started talking about the gig economy and what it really is, what does it really mean to us? And I was just talking about a website called fiverr.com which kind of defined the whole gig economy for a while, frankly, for a number of years.
And now there are more sites out there as well. But really Fiverr is the place to go online. So they have things like design a logo. Customize your WordPress website, doing voiceover whiteboard work for people. SEO, which is search engine optimization, illustration, translation, data entry. Those are kind [00:01:00] of their top categories, and you can go there.
You can find what people are doing, what they’re offering, what’s the best thing for you, for your business? What might you want to consider? If it is really quite good and there are a lot of true experts that are making there. Their talents available to businesses now it’s not just five bucks to do something.
Some of these are a lot more expensive and some go on an hourly basis and, and I’ve used a number of other websites in the past in order to get people to hire people to do things. Upwork is one of the other big ones. U P W O R K.com. Check that one out as well. Whether you’re looking for help or you want to provide help and sell some help.
But upwork.com is another good one that I’ve used. And in both cases, I can go and post something and say, Hey, this is what I’m interested in. Having done and people will bid on it [00:02:00] for you. Now, a little inside tip here you might not be aware of in that is if you want people to bid on it, they have to be aware of it, and the only way they’re going to be aware of it usually is if you reach out to them. So you have to do a bunch of studying and research and advance so that you know who looks like they might fit for you, and then you have to send them an invite directly because most of these people, especially the good ones, are not sitting there just waiting for a general. Query to come in, Hey, I need somebody to do a logo.
Now they don’t pay attention to that because they are in demand. So you have to find the people that you want to do. For instance, your logo, whatever the work is. So you’ll go online, you’ll look around, you’ll look at their samples, they’ve posted, you’ll find a few people, and I’ve found usually in order to find somebody that’s good. I have to reach out to as many as 50 five [00:03:00] zero people on these websites to get the attention of somebody I really want.
So if you are top-rated, it’s phenomenal. They have ratings like at Upwork they have really great ratings and stuff for who some of the better people are. It really helps you with your decision. So when we’re talking about the future, it’s not just telecommuting.
Or you might have lost your job. So what do you do now? I know, for instance, one of our listeners here, Linda, she reached out to me and I helped her with some, or actually one of my techs helped her out with some of the problems she was having. because she has lost her business actually, I think it was, and she’s trying to start another one by doing website evaluation.
You know, that’s a perfect opportunity for somebody. To go to Fiverr or Upwork and see if they can’t dig up a little bit of work as well. Now when you’re first starting out, you’re going to have to look at [00:04:00] those main feeds and you’re going to have to comb through them and approach people. And you’d probably have to do stuff for really cheap until you develop a reputation.
Cause you have to have people giving you those five-star reviews. But it’s going to take a little bit of time. Now, one of the big questions that come up is payroll taxes. And when we’re talking about the gig economy, the IRS has a set of standards that are in place that help you evaluate whether someone should be treated as a contractor or if they should be treated as an employee.
And there’s quite a bit of IRS case law if you want to call it that, IRS rules and regulations that have come out of the IRS courts that are paid by the IRS and judges work for the IRS and they get to decide what’s right or wrong with you, right? But, there have been a lot of cases that say, Hey, listen to, here’s where the line is drawn between a [00:05:00] contractor that you can pay 1099 and somebody who’s W2.
And that line that we’re talking about is, is not just, Hey, they’re working at home. Yeah. They’re working from home. Well, do you supervise them? Do you give them the work that needs to be done? Are you setting deadlines? Are you telling them what equipment or software to use? You know, you need to talk to your attorneys, reach out to your accountant to figure out what all of those rules are and how they apply to you.
But it, this adds yet another little twist to it. You know, it’s one thing if you have just this limited task and you hire them once to do the task, like, okay, I need a logo design, or I need to have this changed on my website, or. Whatever it might be, and that’s all well and good and that probably fits the contractor definition.
Probably don’t even have to 1099 them if you’re using one of these sites like Fiverr or [00:06:00] Upwork because they’re going to take care of it for you. Some of these sites will do tax withholdings for people and there’s a lot of things they’ll do, but where they are living also now. Will it affect your payroll taxes?
So let’s say that you’re going to keep people on as employees and your businesses in New Hampshire, but they’re living or switch it around here cause it doesn’t work for New Hampshire. Right? But let’s say they’re living in a different state with a different tax jurisdiction. And you are your businesses in a state that has income tax provisions.
I know in the Northeast we have some agreements between the States because of, of course, New Hampshire has no income tax and they’re the ones that are always used for these things. But, there was an agreement between the state saying, Hey, listen, if they live in mass, you have to pay mass taxes. If you live in New Hampshire and you work in mass, you have to pay mass taxes.
If you never ever stepped foot in mass, you have to pay mass. No, you don’t. But did you see what happened in New York where? The governor of New York has come out and said, Oh yeah, by the way, all of you people that volunteered your time, if you stayed in New York for more than two weeks, you need to pay us income tax even though you were a volunteer.
It just gets crazy. Right? So how do you keep track of all these jurisdictions? And if you’re hiring people that live in some other state, they’re in Illinois, they’re in California, they’re in one of these blue States that has crazy regulations and high taxes. Now you have to worry about all of that sort of stuff.
Okay. It is really going to be difficult. The employee’s home is in Atlanta. The company needs to treat that is an Atlanta office or Bureau in every way. If what’s the legal [00:08:00] nexus? I’ve seen cases where just having a phone number from a state was enough to say, yeah, you are a resident of that state. It’s really kind of crazy and not just a resident. I’m talking about businesses here. You have a business nexus there, so you have an Atlanta phone number and you don’t have an office there, et cetera, but somebody answers that phone. Even if it’s not in Georgia, you could get nailed you. Do you see what I’m talking about?
This is absolutely going to be a huge, huge different corporate telecommuting is going to just drive us all crazy. Frankly, and in some states, you have not just the state tax, but you have a County tax, you have a city tax, all kinds of different local taxes at different percentages. I remember I had some stuff going on in Washington state, and it was different [00:09:00] tax rates, even for sales tax.
You’ve been on the County, you were in. It, it kind of gets crazy. So, you’re going to have to change their tax status if they’re doing a hundred percent of their work in that other jurisdiction. And I think that’s going to end up being a problem for a lot of people. So keep, keep an eye on that one is, well, ultimately this is going to lead to I think, nothing but confusion. Anyways, we’ll move on to another topic when we get back enough about all of the taxes and things you’re going to have to worry about with people working from home. But boy, there are a lot, no time to let your guard down because of Corona fraud. Is a huge threat. And what’s we’ll talk about what those real-world threats are.
So stick around. We’ll be right back. You’re listening to Craig Peterson on WGAN online, Craig peterson.com
Craig Peterson: Hello everybody. Welcome back. Craig Peterson here, WGAN, and of course online at craigpeterson.com. Talking a little bit, of course, it is hard to avoid this, how it got into the post-COVID world out there. What does it really mean? We’re just talking. In the above telecommuting and how it’s really going to cause some stresses on businesses.
And you know, we’ve already talked in weeks past about how it’s going to help businesses with a number of different things, including helping them with their ability to cut costs on, on travel and office space, et cetera. But there are a lot of other things to consider as you just went over. Oh, now we got to talk about what is happening to us at our homes and our businesses from, of course, the security side, because it’s no time to let your guard down.
Coronavirus fraud is a huge threat and it’s been growing. We’re seeing constant warnings about it from the FBI and from. These are various security companies that are out there. Certainly, we’re getting all kinds of alerts from Microsoft and from also the Cisco people, but the scammers, the bad guys out there are just constantly reusing old ways of hacking us.
And they’re using scams that they’ve used forever as well. And that’s part of the reason why I always talk about making sure you stay up to date. It’s more important to stay up to date right today than it ever has been before. And scammers are rehashing. Some of these campaigns, kind of like the, remember the Nigerian [00:02:00] scams way back when?
Some of those are back now in a bit of a different way. So we’ve got countries now, and of course, our States are starting to try and get a little bit back to normal here that got some paths to recovery. And in many cases, they’re trying to get rid of some of these lockdown restrictions. But meanwhile, the crisis has brought out the worst in these con artists out there.
And there’s a great article by Ammar over at, we live security talking about some of this thing because. Really, they’re exploiting every trick in their book when it comes to trying to defraud people. They’ve been trying to impersonate legitimate sources of information on a pandemic. We’ve talked about that where they’ll send out an email saying, click here to look at this map of the pandemic, and there might be ads on that or might even be worse. Various types of spyware, obviously the that they’re trying to put on there, but they’re trying to defraud people and they’ve got also these fraudulent online marketplaces set up where they’re offering deals on everything from hand sanitizer through toilet paper, eh, some of the masks and things.
In fact, we just saw it was like a, what was it, $250 million, or maybe it was $25 million, refund from the Chinese for some state that had ordered some of these N95 masks that, that did not meet the standards. So. The scams are everywhere, and as I said, States are getting nailed in this as well.
And the most popular, by the way, COVID 19 map. If you really want to see what’s going on, you should go to Johns Hopkins University and there’s a professor over there by the name of Lauren Gardner at civil and systems engineering, a professor who’s working with some of her graduate students. To keep this up to date.
So you can go there right now. and it says it’s Coronavirus dot EDU, which is, of course, John Hopkins University, which is one of these teaching universities, that is a teaching hospital, but they’re showing how many deaths globally, more than a quarter-million. Oh, almost what is getting close to 80,000 deaths in the United States.
I also saw some really interesting numbers that were published this week in a scientific journal about how, you know, we’re, we’re looking at these number of deaths and we say, okay, 80,000 deaths, which is always horrific, but a. Normal flu year would get us what, 40,000 to [00:05:00] maybe 80,000 right? We had a really bad flu year a couple of years ago, but they delved into the statistics behind it.
Now, this is where it’s really kind of gets interesting because when you look at those statistics behind the normal. Flu, the flu pandemic, I guess they really are. it turns out that the statistics are heavily inflated and they, it’s done because we don’t track flu deaths like we’re tracking the COVID 19 nowhere near as much detail.
People that might have died of bacterial pneumonia in years past who were to be counted as a flu death. Now that is a bit of a problem. Right? So what do you do when you have these bad statistics? They’re saying that some of these years where we reported 20,000 or more flu deaths, [00:06:00] actually may have been a thousand deaths in reality.
So, Right. Any, anyway, so I’m kind of rambling a little bit here, but that brought it up when I was looking at this Johns Hopkins map here in front of me, how many people have died? How many people have recovered? It turns out that at this point that this COVID 19 flu is definitely more fatal. Then the normal flu season and the article I was reading in the journal were saying it could be as much as 44 times more fatal than an average flu year.
Now that’s really bad, isn’t it? When you get right down to it, 44 times more fatal. but we don’t know yet. Right. That’s kind of a bottom line on all of this. We just really don’t know and we’re not going to know for a while.
Anyways, back to it. [00:07:00] These maps, and I’m looking at a picture of one right now that was in, we live security.com, which is a map. It looks a lot like the John Hopkins map, and it probably is actually, and on top of that, it’s got an ad for, you might need disposable coveralls with a hood protective suit. Now. Is this good? Is this not a good suit? They say, click on that to see it on Amazon. And Amazon certainly could have these for, for sale, but are they really sending you to Amazon or are they sending you to some other site out there?
Right. What are they doing? They’ve got a live chat. They’ve set up. It’s, it’s really kind of amazing what the bad guys have done. They put a lot of work into this. The world health organization. you know, I don’t know, the bigger, the higher up a government or non-governmental entity is in the food chain, [00:08:00] the less I like them, but they do have their own dashboard showing you what they think is going on.
With the Coronavirus, so you’ll find them at who dot I N T, which is the world health organization international, and they’ve got a big warning right on their homepage. Beware of criminals pretending to be the world health organization. they will, they’re saying they will never, they, the world health organization will never ask for your username or password to access safety information.
They’ll never send email attachments you didn’t ask for. They’ll never ask you to visit a link outside of. Who dot I. N. T. They’ll never charge money to apply for a job, register for a conference, or reserve a hotel, and they’ll never conduct lotteries or offer prizes, grants, certificates, or funding through email.
So that gives you an idea of the scams that are being pulled [00:09:00] right now when it comes to the world health organization. So don’t let your guard down everybody, these emails that are going out are a real problem. They’ve got fake one-stop shops for all of your pandemic needs. That’s a problem as well.
Just just be very careful where you go. I’m looking at some emails as well. They’ve got tricks and there are many of them are the same old tricks they’ve always been using. Don’t fall for the tricks. All right. Stick around. When we get back, we’re moving on again. We’re going to talk about this new executive order from President Trump.
Is it going to make us safer? You’re listening to Craig Peterson here on WGAN and online Craig peterson.com.
Craig Peterson: Hello everybody. Welcome back Craig Peterson here. You can find me on pretty much any podcast platform that’s out there. One of the easiest ways is to go to Craig peterson.com/whatever your favorite podcast mechanism is. iTunes is kind of the 500-pound gorilla. They’re not the 800 anymore. They’re just 500 and you can get there by Craigpeterson.com/itunes. Craig peterson.com/spotify Craig peterson.com/tunein whatever your favorite might be, you’ll find me right there.
So let’s get into our next kind of controversial topic. And this has to do with President Trump’s ban. Now it went into effect on May 1st, so it’s been around for a couple of weeks.
It seemed to be something that was released kind of at the spur of the moment. And it has to do with cybersecurity and the critical infrastructure. Now, you probably know that I ran for a couple of years, the FBI’s InfraGard webinar training programs, and we did a whole bunch of training on critical infrastructure stuff.
That’s really kind of the mandate for InfraGard, but critical infrastructure. Now, just look at all of the jobs with Colvid 19 that were considered critical. The critical infrastructure really encompasses most of the economy nowadays. Even law offices are considered critical infrastructure. He said with a chuckle.
Now that can be a problem. It can be good. It can be bad. It really kind of all depends, right? But bottom line, when I’m talking about critical infrastructure, I’m talking about the infrastructure that literally runs the country. There’s one of the most overused words in the English language, literally, but in this case, [00:02:00] it really does.
We’re talking about the infrastructure that controls our electric grid, the infrastructure that controls our telephones, our smart devices. Obviously the infrastructure that controls the internet, the infrastructure that controls our sewage systems, our water systems, the whole electric grid, all the way up to our houses.
That is the major part of critical infrastructure. Obviously our roads are considered critical infrastructure and the bridges and, and all of the ways of maintaining them. That’s all pretty darn critical because without those commerce comes to a slowdown, dramatic and maybe a grinding halt and people die.
Think about what happens if a whole region loses power, which happened here, went back in Oh four, I guess, and I think that was the most recent time. It happened in a very big way in, [00:03:00] was it 86 up in Quebec? And the one in Quebec was because of a bit of solar activity and the one here, you know, I’ve seen attributed to a bunch of things.
The most recent one was that. Our power outage was probably done because of a probe into our electric grid, looking to see if they could potentially hack it and it ended up tripping one of these sites, one of these major sites that are used for distributing electricity, and then that tripped another, tripped to another, tripped to another and before we know it, we had a major cascade failure.
So all of that stuff is very, very critical. If, if you’ve been in a hospital, you know how much they eat electricity. Now, hospitals, of course, have generators for the most part, and that’s an important thing for them to have, right? You want to be able to have power if the power [00:04:00] goes out.
So, okay, I get that, and that’s a very good thing. But at some point, if you don’t have access to, let’s say, the diesel to run the generators, or maybe they’re natural gas generators and you can’t run those. What ultimately can you trust if you’re a hospital. Because if the whole region loses power, so let’s say New England, we lost power in all of the new England states, including New York State, New York City, maybe New Jersey.
So we’re talking about a five-hour car ride in order to get beyond where this particular power outage occurred. That means even people that have generators are going to run out of fuel because they, the gas stations aren’t going to work. Most of them don’t have. Pumps. So the trucks can’t really deliver it cause the gas station doesn’t have electricity.
They can’t be on, they just don’t know what’s happening. So they’re going to have to send trucks to New Jersey or someplace to try and pick up diesel. And if it’s even broader to say we had another Carrington event, like what happened in the mid 18 hundreds where there was a major solar flare that knocked out everything in the country.
Now back in the mid 18 hundreds that weren’t such a big deal. Today it would be huge. So between those two, obviously having a more localized power failure is better. How about the sewage where it all backs up maybe into the streets? How about the water supply where we just can’t get water. Because it shut down.
So many of these devices are now part of our internet of things, and that’s a real problem. So President Trump signed this executive order that prohibits operators of the United States power grid to buy and to install any electrical equipment that has been manufactured outside of the US they’re even going so far as to provide funding and finances to remove some of this equipment from our electrical infrastructure.
You probably already know that we are not allowing these Chinese firms to build our new five G infrastructure or any of the equipment that’s in it either. Then here’s the code from the order. I further find that unrestricted acquisition or use in the United States of the bulk power system, electric equipment designed, developed, manufactured, or supplied by persons owned by controlled by or subject to the jurisdiction or direction of foreign adversaries augments the ability of the foreign adversaries to create an exploit vulnerabilities in bulk power system, electric equipment with potentially catastrophic effect.
I think he’s right. We’re seeing these power grids, water grids, et cetera, being attacked. And much of it’s coming through the internet of things like keep warning people about, it’s, it’s really, it’s just absolutely amazing. So let’s go back. I went and checked in the news, cause I had heard about what had happened over in Israel. And this is May 7th okay, so this week, this is very, very recent.
Israel is blaming the US for Iran causing a widespread cyberattack on Israeli water and sewage facilities during April. This was a report that came out from Fox News on Thursday, and according to the report, [00:08:00] Iran used American servers to hack into the facilities. A
I’ve talked about this now for 20 years, and, this whole part of it just really bothers me.
They used American servers. Most of the time when the bad guys are using American servers using American computers, what they’ve actually done is they have compromised a server.
20 years ago we were talking about how Al Qaeda was videotaping the beheading of Americans and distributing them worldwide using American servers.
Isn’t that amazing? It’s shocking. It shouldn’t be shocking anyways to all of us, but that’s what they were doing. They were using servers that they had hijacked. Now here we are 20 years later and Iran is using these servers to attack. [00:09:00] We know that our servers here, our desktops are being used, they’re being compromised and then use to do denial of service attacks.
Many other types of attacks out there. So it looks like President Trump might have been a little bit ahead of the game here. I’m looking at, the article here that I’m seeing on the Jerusalem Post. Prime minister Benjamin Netanyahu addressed the issue at last year’s cyber tech conference in Televiv saying that Iran is attacking Israel on a daily basis.
We monitor it and prevent it every day. They are threatening and other ways. What is important is that every country can be attacked and each country needs a combination of defense and attack capabilities. Israel has such an ability. So think that through a little bit. I know here in the US we have the ability to attack back, no question about that.
Now, I also found [00:10:00] online over at, Analytics India magazine online, and this is from a couple of weeks back, three weeks ago, cyberattacks on the critical infrastructure of India is a worrying trend. So let’s see, we’ve got the US that we know has had the critic, our critical infrastructure tack.
We know your Iran appears to be responsible for Israeli. Critical infrastructure attacks, and according to the prime minister, they’re being attacked daily. We’ve got India, and here’s another one. This is the Czech Republic. This is just a quick search that I did online to find out who’s been attacked lately.
And this is from April 20th so what about three weeks ago? Attempted cyber attacks against several hospitals and an airport in the Czech Republic show. The coronavirus pandemic has not slowed down the West digital adversaries. So the leaders over in the Czech Republic are saying that they were able to stop these attacks, but they’re getting more highly sophisticated attacks all of the time.
Czech’s top cybersecurity agency has warned, expected imminent serious cyberattacks against us healthcare sector aimed at disabling computers and destroying data. So in many cases, it’s ransomware. In fact, that’s the number one threat right now against our businesses in the US, it’s still ransomware.
Can you believe it? It is still ransomware. We are still not protecting ourselves and our business. It just drives me nuts. And that’s our, we’ll do some more training about this in the next few weeks here. This is particularly problematic right now because we’re, we are in the middle of a pandemic. We do have hospitals trying to treat patients and they are under attack and they are getting ransomware and some of these big ransomware bad guys out there.
I’ve said, Oh, no, no, no, we’re not. Going to, Hey, if we do take control accidentally of the hospital’s computers, we’re just going to release it right away. We’re not going to hold them ransom, and yet they have been, so be very careful. Everybody, this is, this is not going away anytime soon. They are going to continue to attack us.
So when we get back, let’s talk about something fun here. Let’s talk about what the James Dyson Foundation is doing for our kids. You’re listening to Craig Peterson here on W G A N and online CraigPeterson.com/subscribe make sure you get my weekly newsletter so you keep on top of all of these new stories for the week, and I’ll be on with Matt Wednesday at seven 30.
Craig Peterson: Hey everybody, welcome back. Craig Peterson here on WGAN. I’m on every Saturday from one til three and I am so grateful you guys have joined me today and all of the people that have been signing up today from my newsletter, by the way, when you sign up, I’ve got. Three little special surprises that only don’t even mention when you sign up.
So we’ll be getting those over the course of the next week or so. Some really great tip sheets, some tools that you can use in order to help make sure your home and your business is properly secured. And hopefully by now. they’ve started running my little features and those are going to be fantastic.
I’m trying to generate a couple of weeks so we can put them up and keep them fresh. But it, it kinda goes into some details of, you know what you should do. So let me, I’m going to put one in here right now. Play one of these features. This one’s on passwords. Just give an idea of what these are so you can kind of keep an eye, an ear out for them.
I was going to say an eye, but it’s obviously an ear. Have you ever heard the term poned? While you might have been poned? Hi, this is Craig Peterson here with a security blink about something known as powning. Poned means that your account has been the victim of a data breach. Your username and password have been stolen from a third party.
Now there’s an easy way to find out if your account login has been stolen. Troy hunt started and still maintained a website called have I been postponed? He’s collected the records of almost 10 billion user accounts from the dark web. Think about that for a minute. If you have an online user account, the odds are that your account data is online, out in the dark web, and the bad guys are using the same information they’re finding on the dark web to send you phishing emails recently that’s included scareware emails that are threatening to release some information about you.
If you don’t pay a Bitcoin ransom to prove their point, they’re including your email address and password they found online. I’m contacted by listeners every week because these emails truly are scary, but are best ignored. How do you find out if you’ve been a victim of a data breach? Although it’s safe to assume that you have been, you can just go online to have I been poned.com.
Troy will let you enter your email address and he will search his database to see if your account information has been stolen. So what should you do? Get one password. It’s the best password manager I’ve ever found. Use it to automatically generate a new password for you. For every online account, you have.
One password will also automatically check to see if your account is listed on have I been pwned. To find out more about pwned accounts and password management and to find out how best to use them. Visit Craig peterson.com/compromised. So that’s what we’re doing, putting them out. I think that sounds pretty good.
I heard it sounds really good. I’m thinking of the future ones, I’m going to do it a little bit less scripted. It just sounds too highly produced. I don’t know what you guys think. Let me know. Just email firstname.lastname@example.org I love to get a little bit of feedback from you. Well, let’s get into our friend here, James Dyson.
Now, in case you don’t know who this is, James Dyson, that’s spelled D. Y. S. O. N. He’s a British inventor, and you probably know him best via his vacuum, the Dyson vacuum. It’s really kind of a cool thing. Definitely overkill, but this thing works on the principle of cyclonic separation. And they used some of the similar technology too that Dyson did in order to make some very cool bladeless of fans that you can get.
I really liked these things. They’re absolutely amazing. He has designed a whole bunch of things. I’m looking right now at his Wikipedia page, and of course, they’ve got a picture of his bagless Dyson vacuum cleaner, which is really what got him into most homes, most people to understand, but he has been very, very big in inventing things over the years.
I like his air blade hand dryer, which you will see at many bathrooms, probably more of them as you go forward. It does use ultraviolet light in order to clean the air. It doesn’t spray it all around. I do not like and I have never liked the air dryers and bathrooms. It makes the spread of germs inevitable.
It is a very, very bad idea and yet. So many people just think it’s fantastic, right? So much easier. We don’t have, to use paper towels, which are frankly much better. They spread the disease a lot less. So the Dyson air blade is a very, very cool, hand dryers, kind of like a squeegee. Air to remove water rather than trying to just blow it all away or evaporated with heat very fast drying, a lot less energy and safer too for us in this COVID-19 day.
Anyways, let’s get into what he’s done right now. He’s trying to encourage kids to do a little bit of experimentation. He has this fantastic PDF that you can download by going to the James Dyson Foundation website that you can just search for online, James Dyson, DYSON foundation. Now a few, our parent, [00:06:00] grandparent, if you’re homeschooling because there’s no more school for the year, or you’re homeschooling because it’s just a great thing to do.
You’re gonna want to check this out. It would have been handy when my wife and I were homeschooling all of our kids as well, but he’s got these challenge cards is what he’s calling them, and there are a total of 22 science challenges and 22 engineering challenges. Yeah. It’s just so cool. One of these, the first one reminds me of when I was a kid, cause I remember doing this in school and this is how to get an egg to fit into a bottle without breaking it.
Now, back then when I was in school, of course, it was a milk bottle, but what they’re doing is they want you to get a glass bottle that has a mouth that smaller than the egg. You’re going to put that egg into a glass of vinegar and make sure it’s completely covered. So within two days, that egg is going to be very rubbery.
Do you remember doing this? You guys ever done this? Then you heat the bottle in hot water. Obviously make sure that you remember a taut, okay. Use a tea towel and your handle it, and then rest the egg on the neck of the bottle. You don’t want to put it so the narrow end is down over the mouth of the bottle.
Then as the Air inside cools down, it’s going to contract. Right. Expand contract, right as you heat and cool. So. The bottle is going to contract a little bit. The air is going to contract a lot. And you’re going to have a vacuum inside this bottle, so it’s going to suck the egg inside. So cool. And then the card goes into some detail.
How does it work? It talks about the protein and what kind of acid is in the vinegar and what ends up happening. It actually [00:08:00] changes the chemical compound of the egg, which is what makes it rubbery. They’ve got this underwater volcano thing, which is so cool. This is a colorful underwater volcano that you can make very simple, again, ping pong balls and making them float using a hairdryer.
It talks about the Bernoulli Bernoulli effect, which is, you remember I first learned about when I was starting to work on these new hard drives that had just come out and how har, how the heads floated using. Bernoulli a fact, a balloon, kebabs. Can you put a skewer into a balloon without popping it?
So they explain how that works, what to do, what not to do. Liquid densities, just a whole ton of them. A geodesic dome is their first engineering challenge. Let me see if I can pull that up on my screen because this is pretty cool to make. Make sure you grab this, send it to your kids, grandkids. Use it yourself.
Measuring the speed of light weather balloon. How to make a paperclip float. Yeah. Surface tension. Right. Skipped, fire extinguisher, scared pepper, dancing raisins that so many cool things. A lava lamp. I’ve always thought those were the coolest things. Did you know that some of the best random number generators out there right now are actually using lava lamps?
A whole bunch of them. The visible link and then the Geodesic dome is you’re using these jelly sweets and cocktail sticks and putting them all together. And how is it done? Talks about Buckminster fuller. I just love this stuff. I don’t know about you guys, but it’s so simple. Marble runs the kids can make, and it’s where marble is running down the outside of a box and how you guided spaghetti bridges.
See, all of these are cheap, strong as this drinking [00:10:00] straw. Not the crappy paper ones, but a real drinking straw. Electric motors. Yeah. Anyhow, check it out online. Of course, there’s a link to it as well @craigpeterson.com you can go there. You can see all of this week’s articles, and if you are a subscriber to my email list.
You will already have it in your mailbox, should have gone out to this morning. So double-check your email. If you did not get it, just send me an email to email@example.com that’s Peterson with an S O N.com and just ME. Right. Me, it’s me and Craig peterson.com and I’ll be glad to double-check as to why you didn’t get it.
Hopefully, I didn’t get caught in a spam box somewhere cause we send out thousands of these things every week. And you never know if someone, if people don’t open them, I don’t know if he knew how this works, but if people don’t open them, like on Gmail, Google mail, if they’re not, people don’t open them.
They assume, Oh, nobody’s interested in this. And so it gets a lower priority until all of a sudden Google thinks, Oh well. This must be spam because people aren’t opening it. So make sure you open it and download any graphics that are in there. Cause that tells Google and everybody else that, Hey, you care about this email.
If you turn off the remote images, which is what I normally do personally. but when I get a newsletter, I always make sure to turn it back on. so if you got the images, then Google or AOL or Hotmail or office who 65 whatever you’re using will know that it is a good email. It’s valid. All right. Stick around.
When we get back, we’re moving to be on we’re going to talk a little bit about Microsoft teams and some phishing that’s been going on. You’re listening to Craig Peterson here on W G A N.
Craig Peterson: Hello everybody. Welcome back. Craig Peterson here on WGAN online and craigpeterson.com.
We’ve been covering a lot of stuff this show today. We just talked about these challenge cards and if you’re interested, if you didn’t get that URL, I’m going to give it to you again. I love these things are great for your kids, grandkids coming over for the day, whatever it might be.
Go online and go to either look for James Dyson’s foundation or just go to my website craigpeterson.com. You’ll find it there under the radio show, but the James Dyson Foundation is who published these things they’re absolutely phenomenal. We also talked about President Trump’s executive order banning foreign electrical equipment from getting into our grid. Looks like they’re trying to remove equipment that’s already there. After the attacks that have been mounted all around the world against different [00:01:00] countries is no time to let your guard down.
We’ve got Corona fraud in a very, very big way still, so we talked about some of that, what that’s all about, and telecommuting in a post-COVID 19 world, what does that look like? How is that going to affect our businesses, our lives, our jobs, et cetera? So if you missed any of that, you can just go online to Craig peterson.com check the podcast and you can listen to it right there. I’ve also been trying to put them up over on YouTube and put them up on Facebook from time to time.
I’m going to get better about that. I absolutely have to because we’ve got to get this message out to everybody, and if you have shared my newsletter with friends or some of these webinars I did. Two dozen over the course of a couple of weeks if you shared any of them. I just want to thank you guys so much for doing that.
This is such an important thing for me to get the word out. That’s what I’ve been trying to do for. Decades now because I got nailed as a small business owner by one of these pieces of nasty where there was out circulating at the time, and I really don’t want it to happen to you or anybody else. And it really upsets me when I see some of these advertisers who are deceiving people.
Just this week I broke down one of these ads I was hearing for VPNs. And every word they were saying was correct. But if you get into like the legal definition, if you’re sworn in, it’s the truth, the whole truth and nothing but the truth, right? It’s not what it’s supposed to be. What does that mean? Well, the truth, you know?
Okay. So did you rob that store? No. Okay. That’s the truth of the whole truth might be, no, I did not Rob that store, but I heard Jane robbed the store, or I know Jane robbed this store or that would be the whole truth. So they, they’re talking about their VPN product. And they’re talking about how it can keep your data away from prying eyes.
Well, yeah, it’s kind of true, but it also exposes you to even more prying eyes. You see what I’m talking about when I say not the whole truth. So that’s why I’ve been doing all of these free little training and also been doing lots of stuff for some of the paid courses and training too, because we’ve got to help people understand, and that leads us to what we’re going to talk about right now, which is Microsoft teams.
And now Microsoft teams are not bad. It’s software that you can get as part of your now called, [00:04:00] Microsoft three 65 subscriptions, which can be good, right? And teams are what you need in order to have collaborative work and to be able to do collaborative work. But just as a quick word of warning, the only collaboration system out there right now that has full-audibility and all of the features that are required by some of the more advanced regulations is WebEx teams.
But anyways, on all of these fronts from the Microsoft teams through, you might be using Slack, which is another very popular one, and even WebEx, but we’re seeing a whole lot of phishing emails, and there’s a warning that just came out here this last week that. People, particularly people who are working in industries such as energy, retail, and hospitality.
There are some hackers out there right now that are attacking people specifically pretending they are from Microsoft teams. So they’re trying to steal the access credentials of employees who are working from home. And what we’ve been finding is that many of the people who are working from home right now are.
You know, they’re, they’re not being supervised by the security people. They’re using a home computer. It may or may not be up to date. It may or may not have reasonable security precautions on it. It can be a real problem. And when they are getting an email like this, if you ever get an email that looks like it’s from Microsoft or looks like it from a vendor that you’ve been using.
If you’re in the office, you might lean over to somebody else and say, what do you think of this email? Do you think this is legitimate? Or you might report it to your people, your security people, et cetera. But we’re finding with people working from home that they’re not double-checking it. And so they’re clicking on a [00:06:00] link.
They think, Oh my gosh, I’m not using Microsoft teams properly, or I mess something up and there’s something I have to do. I got to recover this. I got to figure this out. And in fact, what it is, is that the bad guys out there that are trying to hack you realize what it is that you’re trying to do, which is get, just get my work done, right?
Just get the software working. So they have been directing attacks to the people. That is a little bit more ignorant in some of these ways. All right. Now at this point, it looks like most of these attacks are not highly targeted. In other words, it’s not spearphishing. So it goes right back to what I was talking about earlier.
Those emails that we were getting from the Nigerian Prince, right? They are general. So they’re unlikely to mention your username and Microsoft teams, even your company. They are just generic and they can be sent to anybody. And so the hackers have taken a list of different companies and what businesses they’re in and have been trying to direct them to those businesses.
Now, the URLs that are in these, oftentimes we’re finding that they. Are using multiple levels of URL redirect, and the idea behind that is to throw off these malicious link detection tools that are out there and to hide the actual URL of the final domain that’s being used to host the ultimate attack.
Isn’t this something. These people are doing. So I did some training here on using Cisco Umbrella, which is a product that we sell, but you can buy directly from Cisco. It is specifically designed to help prevent these types of attacks, and I think it’s really important that everybody use that installs it right.
Get the free version if that is what you need. If you’re a business, you should talk with me because there are special business levels that are not offered on the umbrella website, but special business versions that allow a lot more tracking and a lot more granular control. But make sure you have this in place because even with the multiple redirects, the odds are high that Cisco umbrella is going to be able to attack that.
All right. So one message is impersonating the notification that’s received when a coworker is trying to connect with you or contact you via teams. The other one is claiming that the recipient has a file waiting for them on Microsoft teams, and the email footer even has legitimate links to. The Microsoft websites, you know, Microsoft teams, application downloads, et cetera.
And in one of the attacks, these phishing emails containing a link to a document hosted on a site used by an email marketing company. So we have to be very, very careful. And especially now we’re, we’re working more at home. We are going to be continuing to work more at home, move most of us anyway, and we are using these collaboration tools and maybe you don’t have access to your normal texts of people that you would text support people that you would have access to.
So double-check all of that. Well, when we come back, we’re going to talk about the biggest threat. To the small, medium enterprise space. You’re a small business, your small office, your home office, what it is, what those numbers look like, and what you can do about it. And we will be back in just a couple of minutes here.
This is Craig Peterson, you are listening to me on W G A N or online at Craig, Peterson.com stick around. We’ll be right back.
Hey, welcome back everybody. Craig Peterson here. So glad to have you guys. I really enjoy helping out and I love getting those emails you guys send to me. You’re so kind. They’re just on some of the compliments and some of your suggestions. It’s just fantastic and you can reach me directly. By sending an email to firstname.lastname@example.org now, I get a lot of emails, particularly lately, so if it takes me a little bit to get back to you, I apologize in advance, but we do try and get back to all of the people who reach out, but you know, that’s not always possible.
Just a matter of life, I guess, in this day and age. All right, so let’s move on to our next topic for today, and that has to do with the biggest threat out there right now for the small business space. And I was looking at some numbers here during the break. I’m trying to [00:01:00] figure out, so, so what is.
Going on. We, we’ve talked a lot about phishing. We talked about what was just happening here in some of the online space. Things you need to look out for and what, what we’re really talking about here when we call talk about small business, the biggest threat is. Ransomware to realize that. How long has ransomware been along?
Been around? Excuse me. How long has it been out there? How long has it been attacking us? We have some statistics out there. I’m looking at right now from health net security saying that 46% are small, medium businesses have been targeted by ransomware, and 73% have. Paid the ransom. Now, paying the ransom can be cheap.
It can be expensive. It really depends. Of course, the FBI suggests you don’t pay a ransom because of two reasons. One, it doesn’t guarantee you’ll get your data [00:02:00] back. In fact, half of the time when a Ransom’s paid all of the data is not. Recovered. And the other reason is it shows the bad guys who will pay ransoms, which means, Hey, listen, guys, you guys are paying a ransom.
Maybe we should go after you again because unfortunately, many of the businesses that have been hit by this stuff don’t properly update. their security and those are the companies that ended up coming to me. Right? They should have come before the ransomware hit, not after the ransomware hit and not after they had a second problem.
You know, if, if you’ve got somebody who’s providing you with its services. And you have been, you know, ransomed. Don’t go back to them to try and fix the problem. It’s like, well, who was it Einstein that said that the same thinking that created a problem cannot solve the problem. And we’ve seen that again and again and again, but paying the ransoms.
Here’s what it costs right now. 43% of SMBs said they’ve paid between 10,000 and 50,000 to ransomware attackers. 13% said they were forced to pay more than $100,000 now, I can guarantee you any SMB out there, well, if you’re like 500 employees. Huh? It’s going to cost you more than a hundred thousand. But, uh, you know, if you are a company that has less than a hundred employees, it’s not going to cost you more than that.
Not even close to it, but paying the ransom doesn’t guarantee anything. If you are a bigger company, we’re seeing the average cost of one of these attacks being over a million dollars, because if you’re trying to recover, you’re trying to do the. Great. You got to notify all of your customers, your customers, find out that you’ve been hacked and that you had ransomware, you had the lost business while you were down.
You [00:04:00] have a lost reputation after you get back. Okay. It’s just absolutely amazing. Now. Businesses that are in the B to B space like mine, right? I’m, I’m a business to business. In other words, my services, my security services, the hardware, everything. We’re selling to businesses. I really don’t deal with consumers, although we’ve certainly helped a lot of consumers out there, listen to the radio show, but the businesses that are in the B2B space are.
Saying that about 80% of them, this is self-evaluation. 80% of them are prepared for an attack to some degree or another. They’ve at least taken some preparatory steps. People, these businesses that are selling to individuals. In other words, B to C, business to consumer, it’s about 20% less. All right? It’s crazy.
28% of SMBs admitted that they do not have a plan to mitigate a ransomware attack. So it’s very important to get all of this stuff together because the bad guys are coming after us. You’ve got to have a plan. You’ve got to prevent the attack. So what do you do? Since ransomware. It is right now really the top threat it gets in via phishing attacks.
It gets in a lot of different means, but it’s really a saran somewhere. That’s the bottom line. I would suggest something here because I know you guys. It is so frustrating trying to do updates. It’s even more frustrating when you install an update and it breaks something. Right. And frankly, the update thing comes up in the middle of doing something.
You say, Oh, I’ll do this later. So you put it off. Hopefully, you’re running the pro version of Microsoft Windows, not the home version that doesn’t let you do much of them put off. And then they’d remind you the next day, Oh, I gotta do this. I gotta remember to do [00:06:00] this. And then you delay it. And in my training, I talk about what the best delays are to use, depending on what kind of business you are, but you gotta kind of figure that out.
What are the best delays, uh, between the time Microsoft tells you that you should do it and, and when you absolutely need to do it? So you’re sitting there and saying, ah, last time I did this, I had problems and took me a day to recover and I lost all of that work and I don’t really know what I’m doing right.
I don’t know if I should legitimately install it or not. Right? Have you guys had those questions? Yeah, I bet you have. Send me an email email@example.com if you’ve ever had any of those types of questions go through your mind because I think it’s normal. Those are the same questions that go through my mind, my team’s mind.
So what we end up doing, of course, is doing a bunch of online research, at least we understand a little bit about what needs to [00:07:00] be done and how to do that sort of evaluation, right? We’re kind of security professionals, so I get it, right? You’re sitting there wondering, what should I do? So because of that, let me tell you the secret.
Cause it really is a secret. Obviously try and stay up to date. Obviously have windows defender turned on and UpToDate, as UpToDate as you can get it, but I mentioned it in the last segment and if you want more details, go back to the last segment. You can find that firstname.lastname@example.org under my radio show.
But listen to what I had to say there because probably the best thing you can do. It installs and uses Umbrella. Cisco umbrella is available for free. There are home versions, there are family versions, there are paid versions. They do not sell any of the, you know, the real business versions on their website, and you can always email email@example.com if you have some questions about which one’s best for you.
But what we deal with typically is the enterprise versions. I’m even using the enterprise umbrella. That my company sells at my house, right. In order to protect everything appropriately. But what happens with ransomware is it has to call home. Usually, when malware gets onto your computer and it establishes a foothold, one of the first things that do is call home.
So it calls home and says, okay, I’ve got this computer. What do you want me to do? And the more modern ransomware will give lists of the files that you have on your computer. He liked that. And so it asks, Hey, listen, the files on your computer are this, that, and the other thing. So a bad guy, I’ll look at the names of the files on your computer, and if it’s interesting, they’ll get on your computer.
They’ll poke around a little bit. And that’s why there’s such a variant in how much the ransom is. Sometimes they’ll demand multimillion-dollar ransoms for the data if they think that you might be worth it. If you are a town, for instance, you’re a city like Atlanta. Look at this. They’ve been ransomed what, two or three times we know of.
So the first thing it tries to do is call home. The first thing some of this phishing email does is try and get you to one of these sites where you can get the ransomware. Umbrella, Cisco Umbrella is designed to stop both. It’s available for free. Install it. Now I have a course on it and I may be giving that course again.
An absolutely free course. We’ll see soon, so I’ll make sure on my email list so you get it, Craig peterson.com/subscribe.
Craig Peterson: Hey, welcome back everybody. Craig Peterson here. Hard to believe the time is almost up, but you know, because that’s the way that goes sometimes, but don’t fret. I’ll be back on Wednesday morning at about seven 34 and I hope to see you then. So let’s get down to our last articles here of the day. I want to just do a little follow up, to my last. Segment.
I want to put a little warning out there. There is a new piece of ransomware out there that people are able to buy and use. Out on the dark web. It’s called Lockbit and it is kind of revolutionary in the way it works. I described how it works in the last segment there. There’s a lot more detail.
Obviously I’m not going to go into that with you guys here, but it, it does, it lets them in and it lets them, uh, look at your data and if you don’t pay up, by the way. To get your data back, they will threaten to release it on to the wide internet. And many times they often do. And that might be worse for you than paying the ransom.
You know, kind of depends on what the value is of some of the data that you have. Right? And if you’re in a regulated industry, it could cost you your whole business. Now in certain regulated industries, like in defense department, subcontractors, even. There is substantial jail time. So it’s wow, a lot to think about.
So let’s get into the last couple of articles here. One is Google play, the Google play store, and this article came out from RS technical last week. Dan Goodwin wrote it, and it’s talking about how Google play has been spreading advanced malware. [00:02:00] Four years now, we’ve talked before about hundreds of apps that have been taken down from the Google play store because they have been in fact, causing some serious problems.
In this case, researchers from a security firm called Kaspersky labs. Now, I mentioned Kaspersky, they’re not bad. Okay? They have antivirus software, which you know, I think is it. Yeah, I’m pretty much absolutely useless in this day and age. In fact, I think it really is. A lot of people agree with me and Kaspersky’s lab is over in Russia, which is why our state department is kind of a little iffy with it.
Our of the federal government, not sure it was the state department involved here, but they’re kind of iffy about it. Because it is in Russia and Russia is kind of an enemy of ours, therefore we shouldn’t trust it. So Kaspersky labs software is something you shouldn’t be using. [00:03:00] But I used it many years ago and I was pretty impressed.
This is when they first started, I don’t know when was that? 10 15 maybe longer years ago. They had some stuff out for Linux and they were the only ones. So. You know, it was kind of the, I kind of have to use them, but Kaspersky is saying that they have found malicious apps from the same advanced group that seeded Google’s official marketplace for at least the last four years.
Now, Google removed some of the recent versions of the malware. After Kaspersky reported them and Google looked at them and said, Oh, wait a minute. Yeah, these are bad. There’s another security firm known as Dr. Webb that also reported them, but it’s not clear what really prompted the move here. Because third party markets have had for a long time these backdoor apps, and that’s why again and again and again, I warned people never, ever route your device.
People love to do that. I had fun doing that 10 years ago. I think. Just so I could get in and say, wow, this is an actual terminal unit shell. Wow, this is great. And poked around and I thought it was really neat. But the problem with rooting and part of the reason a lot of people do it is so they can avoid the official stores.
While in the case of the Google play store, which is the official store for your Android apps, it turns out there were command and control. Uh, domains that were set up that have been used in some of these applications in the Google play store to spread malware. Okay. It goes on Ocean Lotus. Sea Lotus, there’s a whole bunch of other ones.
So they’re just been repeatedly bypassing Google security checks. They know what Google does. Just in trying to keep malicious apps out of the place store. [00:05:00] In one method, they submitted, a very basic version of an app that was just benign. Yeah. It really was a desktop screen thingy, you know, the people liked, and then after the app was accepted, they had a patch that was submitted and the patch had the backdoor in it.
They had another approach which required almost no permissions during installation, and then, later on, requested them dynamically using some code that was hidden inside another executable file that was part of the whole application that you downloaded. And then one of the more reason apps posed as a web browser cleaner.
So you gotta be very, very careful. These guys are very clever. You know, you, it’s bad enough to use the Google play store and get an infected app or much less frequently using the Apple store and [00:06:00] getting infected. Apple is much better about keeping some of the malware out, but it still happens, but it’s much better to get apps from there.
The official stores where at least they’re trying to do some of the blocks, then it is. To route your phone and go to these unofficial stores. Now, for those of you who like to run some of the code that isn’t fully approved by Apple, there is a new feature coming out in, I’m not sure. I think it’s the next minor version of the iOS operating system, but it might be the next major version. What it does is it lets you run the non-approved app, so it has, and even more special lockdown container so that you can start putting apps on that are not part of Apple’s app store. So that’s going to be interesting as well. But that should remove the need in almost all cases to root your device.
And if you are an application developer, it is not expensive. It’s like a hundred bucks to become an Apple developer. You can have signed keys, you can release hundreds. I think used to be like a thousand but as at least a hundred copies of your app out there for testing. Before you hit any limits at all.
So, you know, think twice about it. And if somebody says, Hey, try my app. Be very, very cautious. If it really is their app, okay, fine. But if it’s a potential bad guy, don’t run the app. Now, we also have another little warning here from Microsoft about some hidden malware in this case. They’re talking about hidden malware that’s hidden in pirated movie files.
So what these bad guys are doing right now is so many people are sharing movie files, right? So they’ll. Oh, they’ll rip a DVD or Blu-ray, and then they will put it up on a torrent site or some other website and share it. Well, in this case, what’s happening? Is there some malicious visual basic script that’s put into zip files that are posing as downloads, and there’s two specifically.
That has been found. One is for John Wick three and the other is for contagion, but it’s also in some other popular movies, but those are the two we founded in the most. And Microsoft researchers are now detecting an active malware campaign. So the attackers are embedding this malicious payroll payload, I should say, into the files that are bundled.
With these pirated films, so you download it. You might have an MP four or MOV or whatever the format is that the movie was ripped in, and then there might be some other files. You know, that might be a JPEG of the snapshot of the [00:09:00] cover. There might be a text file and on the info file, a zip file, all these different types of files that are in there.
So be very careful. Right now. It’s really unclear who is behind this campaign. And it began to appear on April 11th according to cyber scoop. And Microsoft says the use of Tor downloads is consistent with observations that indicate attackers are reusing old techniques to take advantage of the Coronavirus pandemic.
So again, I, it’s. Right? It’s the same old thing. I think sometimes I feel like a broken record. I know many of you have never heard these warnings before, and a couple of you guys know better and still are, still are doing things you shouldn’t be doing. So I know I’m not a broken record here. But it seems a focus with this is in the distribution in Spanish, in Spanish speaking countries like Mexico and Chile, [00:10:00] and the attackers don’t seem to be hitting us. Film pirates. With this campaign, but there are other campaigns out there where the bad guys are doing exactly that. They are trying to spread it and they are putting it into tor file.
So be very, very careful out there. It’s kind of like rooting your phone. You just never know. What you’re going to be doing. So I started out the show today. We talked about some Coronavirus fraud that’s going on. We’ve got stimulus fraud. We’ve got these tracker apps that are trying to convince you to click as it’s going to show you what the spread is.
There’s an account takeover fraud I talked about last week that requires cashing out the victim’s account through this mule system. You’ll find that on my website as well. At Craig peterson.com/subscribe so you get all of this stuff every week of fraudulent credit card accounts. You’re going to search [00:11:00] online loan application fraud, social engineering messages from your bank, deep social engineering.
Really is hitting the United States. So we talked about all that stuff today. We also talked about James Dyson. I love this. He is providing challenge cards for your kids, your grandkids, your school class, whatever it might be, whether you’re homeschooling or teaching that at a regular school. Right? You’ll find it at the James Dyson Foundation, D Y S O N James Dyson foundation challenge cards.
Look it up. The great to have your parents, grandparents, great grandparents who might have kids coming over for the day of the weekend, stimulate their mind, get them involved in these science projects. There are 44 of them. They’re all kind of based around engineering, getting kids to think, but it’s fun stuff.
Making a volcano, Having an egg sucks into a bottle, just all kinds of [00:12:00] really cool stuff that’s going to be great for your kids and grandkids. And then I got more training coming up, so make sure you know about it. And the only way to find out when I’m doing it, cause I’m starting to do some popup trainings when there is something hitting the news.
Plus I’ve got some other courses and stuff I’ve been putting together. I’m going to be releasing. So to find out about those, you have to go to Craig Peterson dot com slash subscribe Craig peterson.com/subscribe and then I’ll be letting you know every week you’ll be getting my newsletter about all the latest.
You’ll find out about all of the training I’m doing, the free tutorials, et cetera, et cetera. Anyways, have a great week and we’ll be back on Wednesday morning, seven 34 with Matt Gangnon as we talk about the latest tech next week. Take care of everybody, but listen to Craig, Peterson on W G A N.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: