Supervisor Johnson Warns of Spying through Android Based Flashlight Apps

Lake Havasu City, AZ – Supervisor Buster Johnson would like to warn the public of a new cyber threat affecting mobile devices.  According to a threat assessment report done by SnoopWall, an international counter surveillance security software company, the top 10 free flashlight apps in Android’s Google Play store contain malware that allow hackers to spy and gather personal information.  “Nearly half a billion installations of these apps have occurred causing major concern,” Supervisor Johnson, 1st Vice Chairman of the National Association of Counties Cyber Security Task Force Team, stated.  “While these apps may be a great convenience for users who need to find their house keys in the dark, they are posing a great security threat to every user who installs them,” Johnson continued. According to the report, users who install these apps are unknowingly giving hacker’s permission to locate them through GPS, read their personal information stored on the device, view personal photos and videos and even gain access to their financial information.  “Users who have installed the flashlight app and do mobile banking through their device are at a greater risk for exposure because of the vulnerability found in these apps,” Johnson said.  According to SnoopWall CEO, Gary Miliefsky, the average size of a flashlight app should be no more than 72 kilobytes.  The size of these flashlight apps are ranging anywhere from 1.2 to 5 megabytes.  “These hackers are embedding more code than necessary into these popular apps which allows them to collect personal data and spy on the cell phone user,” Johnson said. While the report done by SnoopWall focused on the top 10 Android apps, it did mention that Windows and Apple iOS users should still remain cautious when downloading third party apps. The following are ways users can increase their privacy and security to avoid some of these vulnerabilities on their mobile device: Disable your GPS at all times except in an emergency or when needed for navigation purposes; Disable the NFC (Near Field Communications) or on Apple devices, iBeacon, permanently (http://support.apple.com/kb/HT6048); Disable Bluetooth at all times except when needed to make hands-free calls Verify apps behavior and privacy risk BEFORE installing – do some research and ask the questions “why does this app need GPS, MICROPHONE, WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they want to invade your privacy. Find an alternative before installing risky apps. To read the full report done by SnoopWall, please visit: http://www.snoopwall.com/threat-reports-10-01-2014/

Cyber Security Tip #6

Cyber Security Tip #6: Encrypt Your Data With major data breaches being reported all too frequently, organizations are now placing increased emphasis on security of personal, private and sensitive information. One method of increasing security is through data encryption. Encryption is the process of scrambling a message or data so that no one but the sender and the intended recipient can read it. Encryption solutions generally encompass two types: hardware and software. Examples of hardware encryption include a pre-encrypted USB device or hard drive; software encryption consists of a program installed on a machine that encrypts some or all of the data on the system. A variety of encryption tools are available on online. It is important to note that any solution you implement should be compliant with accepted industry standards. It is recommended that you should minimally employ a 128-bit Advanced Encryption Standard (AES) solution. For more information on data encryption, please check out the Multi-State Information Sharing and Analysis Center website at:http://msisac.cisecurity.org/newsletters/documents/2012-09MSISAC.pdf

Cyber Security Tip #5

Cyber Security Tip #5: Protecting Yourself on a Public Computer If you access the Internet from a shared computer, make sure you don’t leave anything behind Being able to access the Internet from different locations — the library, a computer lab at school, an Internet cafe — is a great convenience, but it can also pose a security risk to personal information. If you do access the Internet from a shared computer, here are a few things you need to remember. 1. Don’t check the “remember my password” box. 2. When you’re done, make sure you log off completely by clicking the “log off” button before you walk away. 3. If possible, clear the browser cache and history. 4. Never leave the computer unattended while you’re logged in. 5. Trash all documents you used, and empty the recycle bin.

Cyber Security Tip #4

Cyber Security Tip #4: Five cyber security tips everyone should be aware of. 1. If you don’t understand the warning message, say no. It’s easier to go back and say yes if you need to than be sorry and have to rebuild your machine. 2. Certificates: If you don’t understand a website certificate message, say no. It is easier to go back and say yes if you need to than be sorry and have to rebuild your credit. 3. Antivirus: Running antivirus does not slow your computer down nearly as much as a virus does. 4. Back-up: Backing up your data may seem like a waste of time — er, until you spill coffee all over your laptop. 5. Passwords: Writing down your password around your desk is about as secure as leaving a $20 bill lying on the dashboard of your car. How well do you trust anyone these days?

Cyber Security Tip #3

Cyber Security Tip #3: Protect Your Children Online It is important to talk to your children about online safety and let them know that you can be approached with questions about behaviors or problems that they may encounter when online. Parents can teach their children how to safely use a computer and the Internet. The Multi-State Information Sharing and Analysis Center listed some simple steps that parents can take to help reduce security risk to children. They are: • Keep your computer in a central and open location in your home and be aware of other computers your child may be using. • Discuss and set guidelines and rules for computer use with your child. Post these rules by the computer as a reminder. • Use the Internet with your child. Familiarize yourself with your child’s online activities and maintain a dialogue with your child about what applications they are using. • Implement parental control tools that are provided by some Internet Service Providers and available for purchase as separate software packages. • Consider using software that allows you to monitor your child’s e-mail and Web traffic.

Cyber Security Tip #2

Today’s cyber security tip is: Don’t get phished!  The most common and easily detected cyber-crime is phishing. Phishing is a malicious attempt by hackers to acquire sensitive information, such as passwords and credit card numbers, through electronic media. Hackers often pretend to represent a bank or other trusted source in order to lure victims into disclosing information the hacker can then use to access their finances.   Always think before you click on a link or attachment in an email, even if it’s from somebody you know.  Look for oddly spelled words and strange attachments.  Even if it’s from someone you know, ask yourself: ‘Would they really send this?’

Johnson Warns of Malware Software That Could Be Lying Dormant on Thousands of Computers

Lake Havasu City, AZ – Supervisor Buster Johnson would like to make the public aware of two malicious software schemes that have already stolen over $100 million from individuals and businesses worldwide. Johnson, who sits as one of the Vice-Chairs for the National Association of Counties (NACo) Cyber Security Task Force, is urging computer users to take the required steps necessary to protect themselves from these malicious software programs. “These programs have the power to drain an individual’s bank account without them even knowing it,” Johnson said. The U.S. Justice Department has announced that anywhere between 500,000 and 1 million machines worldwide were affected by the virus’s known as Gameover Zeus which steals banking passwords and Crytolocker, which encrypts files and blackmails the users for their release. The Gameover Zeus software has seen the most activity in the United States by hitting over 13% of all computers in the nation. According to the FBI, this software is highly sophisticated. The malware can disguise unapproved payments that are made making an individual think that everything is normal by keeping track of account balances and automatically correcting the numbers on the balances to hide its tracks. “People need to be aware of this dangerous malware. It not only can hide its tracks, but also once installed on a computer, this software has the ability to evade anti-virus software,” Johnson stated. According to the The U.S. Department of Homeland Security (DHS), Gameover Zeus infects a user’s machine when they open a PDF or click on a link sent to them in an email. An international police effort led by the FBI and security giant Symantec was able to shut down the malicious software this week, but officials with the FBI are still warning users to take steps to protect their systems. The FBI is reporting that users have two weeks to clean up their hard drives and install anti-virus software before the Russian-led band of hackers responsible for Gameover Zeus will be able to make their network operational again. According to officials with the FBI, this malware has been so difficult to shut down because it uses peer-to-peer software, meaning that even if the main server is shut down, infected computers can continue to communicate with one another and continue operating. The Crytolocker software, thought to be linked to Gameover Zeus, is also affecting thousands of Americans and businesses nationwide. According to the FBI, this malware often comes into effect if the user is not a ‘viable’ victim for Gameover Zeus and the network cannot access their financial details. “Crytolocker locks your computer, encrypts files and demands a ransom for them to be unlocked,” Johnson explained. DHS has set up a website to help victims remove the malware, www.us-cert.gov/gameoverzeus. From that website, computer users can download tailored anti-virus software which has been provided for free. Experts have also warned users to back-up all valuable data and to ensure that all operating systems have the latest updates installed. Many of those whose computers have … Continue Reading →

New Tech Support Scams Attacking Netflix & Gmail Users

Lake Havasu City, AZ – Supervisor Buster Johnson would like to make the public aware of a new growing trend that has been surfacing more frequently on the internet. “Tech support scams from the outside may look very legit. With these scams, individuals claim to be computer techs associated with well-known companies like Google and Netflix,” Supervisor Johnson stated. In the past few days users of both Netflix and Gmail have reported their accounts being hacked with this particular type of scam. “Tech support scams first surfaced in 2008 and have become one of the most popular types of phishing attacks on the internet today. With over 40 million Netflix users and over 140 million Gmail accounts worldwide, hackers have moved on from attacking small, not well known websites to largely populist ones,” Johnson continued. When it comes to tech support scams like the recent ones reported by Netflix users, individuals are informed that unusual activity has been detected on their account and asked to a call a support line. While users believe they are calling the real support line for Netflix, what they are really calling is a 1-800 number that directs them to a call center in India where hackers are trained to trick users into giving them access to their computer by downloading software aimed at getting rid of the virus they claim has attacked one’s computer system. The scammers will not only steal sensitive files from their computer, but swindle them out of $400 to “fix” the hacking problem. “Our personal computers are becoming the storing house of all our sensitive information. Individuals now a day store mostly everything on their personal computer from banking information to copies of tax returns that contain one’s social security number,” Johnson said. “It is important folks are aware of these types of scams so they don’t fall victim to them,” Johnson continued. If confronted with a similar message when trying to log into one’s Gmail or Netflix account, both companies are urging users to check the web address. In the case of Netflix the user was actually redirected to a website url of www.netflix.afta3.com. If one feels they may have already become victim of such a scam, the following steps should be taken: • Revoke remote access by shutting down your computer. That should cut the remote session and kick them out of your PC. • Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes Anti-Malware to quickly identify and remove threats. • Change all your passwords ###

Johnson Concerned About Security on New Internet Ready Appliances

Lake Havasu City, AZ – In what is being called the new Internet of Things (IoT) market, consumers are seeing new internet ready appliances coming out from different manufactures at an extremely fast pace. The International Data Corporation (IDC) expects IoT technology and services spending to generate global revenues of $8.9 trillion by 2020. Supervisor Buster Johnson is concerned that this new technology may lead to more cyber security breaches. “This is getting a little scary with all the things that are becoming subject to hacking,” Supervisor Johnson stated. Johnson, who is one of the First Vice Presidents of the National Association of Counties (NACo) Cyber Security Task Force, has seen the IoT market take off over the past five years with the invention of products such as the Nest and Kwikset’s new Kevo product. “This new technology is going to change our everyday lives. With technology that will let us unlock our front door with our cell phone to refrigerators that keep track of inventory, someday soon nearly every appliance in our homes will come equipped with a computer chip. This new technology may be more convenient but at the same time it leaves us all vulnerable to cyber-attacks,” Johnson explained. The first major cyber-attack to be reported on internet ready appliances occurred late last year. According to researchers at Proofpoint, a provider of cloud-based solutions for threat protection, hackers broke into more than 100,000 everyday consumer gadgets between December 23, 2013 and January 6, 2014, such as home networking routers, connected multi-media centers, televisions, and at least one refrigerator. “Hackers are using these connected appliances as a new way to send malicious emails to enterprises and individuals worldwide,” Johnson stated. One of the newest IoT gadgets on the market today is Kwikset’s new Kevo bluetooth electronic deadbolt lock that can open one’s front door by using an app on the user’s iPhone. “You use to know when someone broke into your home because they would usually kick in the door. With this new technology, an intruder could be in your home and you may never know,” Johnson ended. ###