(Pt. 2): How Are Cyber Attackers Accessing Our Data?

 
Ep-10-Flyer.jpg

About this episode

OCTOBER 11, 2019

Many small and medium-sized businesses believe they aren't a target for a cyber attack simply because they think they don't have anything an attacker would want. But, that's just the opposite. With October as national cybersecurity awareness month, we are dedicating a three-part series to the why’s, how’s, and what’s of cybersecurity for small and medium-sized businesses. In this episode of the GEEK FREAKS PODCAST, Ron, Nick, and Thony share their insight on the different ways that cyber attackers are accessing our data. Part 3 is up next week: What Should You Do to Fight Back Against Cyber Attacks?



MEET THE GEEK FREAKS


Ron.jpg

RON HARRIS

VICE PRESIDENT

  • 15 years in the industry.
  • Enjoys spending time with his family, riding his Harley, and finding time to sleep.
  • Fun fact: Ron broke both of his arms.
  • He's a simple person, enjoys work, but also enjoys being alone reading a book or learning something new. Loves candy DOTs!

Nick.jpg

Nick Broshear

PROJECT LEAD

  • Associates degree in Network systems administration from DeVry University
  • Certified in 3CX, IT Glue
  • Experience with networking, phone systems, Active Directory, Linux, web hosting, DNS, SQL, computer repair, Office 365, SharePoint Online, and AWS.
  • Likes Movies/TV shows, videogames, boating, fishing, shooting, riding his motorcycle.

Thony.jpg

Thony Ling

PROJECT LEAD

  • Bachelor’s in Network and Communication Management.
  • Certified in CCNA, 3CX Intermediate Certified Engineer
  • Likes snowboarding, cooking, and DIY projects at home.
  • Member of the Michigan Army National Guard as a Nodal Network Systems Supervisor.
  • Enjoys attending Monster Jam monster truck events every year with his son and wife!

VIEW TRANSCRIPT >

Transcript Episode #10

How Are Cyber Attackers Accessing Our Data?

Ron (00:00)

Welcome to the Geek Freaks Podcast. Before we get started, make sure to hit the subscribe button on Spotify, Apple podcast, Google podcast, Breaker, Castbox, Stitcher, and all other platforms you may be tuning in from. In the spirit of national cybersecurity awareness month, we have split the first three episodes for the month of October into a three part series. Last week our project leads Nick and Thony and I discussed why attackers are targeting small, medium businesses. Now we're moving on to the whys. So here's part two of cybersecurity series. How are cyber attackers accessing our data?

Music: (00:32)

[Intro music]

Ron (00:41)

so let's talk about ... Okay, so before we get down that rabbit hole, let's talk about how, how are these people getting to us? We know why they're getting to us, but how are they getting to us? Bueller.

Thony (00:55)

They're just finding holes in, let's say, software, right? So if you're not updating your windows operating system, and maybe you have an outdated windows operating systems like windows seven and there's, there's holes in these operating systems that they're using to, to access into the systems. And this is why updates are pushed out on a weekly basis. It's cause these software companies, um, you know, when they develop software and nothing's perfect when it's first developed, there's always gonna be changes. There's always going to be open doors that, you know, they just haven't found yet. And when they do find them, they send the updates out to close these open doors. So these attackers, they use these, uh, open doors in order to gain in the system, gain access into the system. That's how they're, you know, getting into your files and locking them.

Ron (01:43)

So I think a lot of, if, if you had to boil it down to the nitty gritty, a lot of it, it's coming through via email, right? Because that's how we all do business these days. So we're getting our pants phished off us every day. I don't really get so much of it because we've tuned down a lot of things in ours, but it's outdated software. It's outdated equipment. It's firewalls that you purchased from Best Buy that have no type of detection into it, or maybe it does, it's just not set up correctly. Yeah. Right. That's the other Avenue. But I think emails and our documents that we use on a day to day basis are kind of what's really allowing them the keys to the castle per say, like think about the phishing attacks like some, some of them are really good.

Nick (02:25)

Yeah, I'll agree with that. And then like some of the ones I've seen, like it's a deal that it's, you click on this and then it's, Oh we know you have Office 365, so then we made this page, it looks like Office 365 login here to see that document. And that's not actually Office 365 they're logging into.

Thony (02:39)

their login makes you verify your credentials.

Nick (02:41)

Yeah. And you're handing over your credentials to that said person, which, which when everybody's like, well how do they know where it's at? And it's like all they have to do is look up your records to see where that's at for one and two, the way they got your email, it could be that they sent that originally to some big corporation that had like your domain in it. So then they're like, Oh, that company exists. Let's go check them out.

Ron (03:05)

Well, and I think it goes to show like the information that they're using to attack us with is not hard to find. No at all. No. You check your A-records. You know what system you're in. So now we can fit them.

Nick (03:15)

MX records.

Ron (03:16)

Yeah, there we go. Sorry. ARECS are for websites. That's my bed. That's on me. Okay.

Thony (03:22)

Mr. DNS over here.

Ron (03:23)

Yeah. DNS Broshear. Dominique. Nicolas Samuel Broshear. Um, but it's not hard to find. You look at those records. Oh, they're in Office 365. Oh, they're in Gmail. Let's send them this. And half the time, as long as it has some type of, you know, half-ass image to it, people are gonna log into it and you're not gonna know. Right. As providers, we don't know until it's too late. We don't know. I mean, now we do, we put it in those rules for Azure and stuff, but we did a little bit of preemptive strike there, but most people aren't gonna know that they've been phished. I guess the only other phishing thing that goes around that we've seen several times is that damn wire transfer.

Nick (04:03)

Well you have that one or it's, it's them trying to play as the CEO and it's, Hey, I'm in a meeting, can you do this for me real quick? And then it comes back with go buy me some gift cards and scratch off the back and send me a picture.

Ron (04:17)

Which is wild to think that people fall for that because that seems so Oh nuts. Yeah. Like, Hey Tony, I'm in a meeting right now, Bill and I need you to go get some scratchies and it is so put those codes.

Nick (04:29)

Well, but the thing is is like for that to work that back of my head says that request has happened before.

Ron (04:35)

Oh yeah, I know. I get it. It just seems wild to think like you would get that email from me and be like, well that seems weird. I should probably have that conversation before I go buy some iTunes gift cards here.

Thony (04:46)

Right.

Ron (04:47)

But again, not perfect. My father fell for a similar scam. You know what I mean? It's just if they create urgency and a sense of urgency and power via this email to the point where it tickles you in the right spot, you're just going to do it. And I know that that's human nature though. We shouldn't get those emails in the first place. Sometimes they get through a, we had that one lady got phished because they used LinkedIn when she updated her title and then they found out who the CEO was spoof the email address and sent the wire transfer email and it was minutes away from happening until somebody stepped in and was like, yeah that's not right you shouldn't be doing that. Like it's crazy because they know all this stuff. All this information about you is out there and I think it goes even further. Like if you wanna put your tinfoil hat on again, like people need to change their challenge passwords. Right? So think about like your, your challenge passwords that you put in when you forgot your password. Like mine are very complicated because I'm always scared that somebody answers my questions cause they were all pretty pretty stupid.

Nick (05:47)

Well usually for those it's somebody that knows you. Um, so I feel like a lot of the challenge questions are like, where were you born, where did you grow up, where, uh, where'd go to school and dah, dah, dah, dah, dah dah.

Thony (05:59)

But you think about it, that information is out in social media.

Nick (06:02)

It is to a degree. Is that, yeah, that is true. But I also feel like, you know, people that grew up with you or your family would probably know those answers. Like lickety split. Like you just ask the question and they go, yep, I know what you put in for that.

Ron (06:16)

There was a case somewhere and I forgive me cause I don't, I can't remember the exact news article, but it was um, it was prevalent in high school and these kids would talk to each other and ask them like they try, they attempt the challenge passwords and then he would social engineer his way back in, talk to the girl and get their information, essentially lock them out of their Facebook and then extort them for things. And that went on for years and he got went by it successfully because there was no real crime committed and then he crossed the line. Obviously, it's doing a lot of jail time, but that goes to show like you're dumb enough, not dumb enough. You're in your everyday life. Somebody can ask you like, Hey, what's your dog's name? And I will tell you.

Nick (06:58)

I think the word you were looking for is gullible.

Ron (07:00)

Gullible. Yep. Because we don't care. It just, it doesn't seem relevant.

Nick (07:04)

Seems like the moment it seems like irrelevant data that you're handing over, when does it turn? It's actually very relevant data.

Thony (07:10)

Before social media and all that, that's information that we would share with people that we've talked to. Right. And on a daily basis. And it's just you just trying to get people to know you and stuff like that. And now we use that same information to kind of secure our, our cyber lives. So how does that play out for us? It doesn't.

Ron (07:28)

It doesn't play out good.

Thony (07:30)

So that's why it's, you know, we got to train these users to use information other than known information to secure themselves.

Ron (07:36)

So like the questions are always basic, right? And I don't think they've really changed. Who was your best friend growing up? What street did you grow up on? So now like my best friend's name is his full name. Uh, the street I grew up on is with the, that street. Like I've changed things because, and I don't have Facebook. So a lot of that stuff is really, if you come up to me, Nick, and you're like, what street did you grow up on? And I'll tell you. And then you'll be like, what's your best friend's name? Like, it's not out there. So I don't really have to fear it. But there's a lot of like, this goes back to even though we think it's for business, it's also happening to us on our, like the individual people and their daily lives, whether it's us as adults our children, like we all have to be very mindful with our data in some form or fashion because it's going to, it can come back and bite us in the ass if we don't even take care of it on that type of level.

Thony (08:20)

Oh yeah.

Ron (08:22)

Um, the other thing I wanted to mention too before we get into Nicks favorite thing about physical attacks. Do you guys remember when we started talking about ransomware? Like when CryptoLocker came out and it was running on the macros, so it would say enable these macros and you would enable it and you'd give it access to run the macro, which was essentially CryptoLocker.

Thony (08:40)

Okay. Yeah.

Ron (08:41)

Like that goes back to the healthy habits of updates, right? Because that was fixed in a lot of office updates numerous times in numerous levels, but yet people still didn't do it and people would still enable that, those macros macros and get it.

Nick (08:56)

Well, the other part about it, I think that how many people have actually built macros and they actually just have it enabled because they actually use macros. I'm sure there's some either accounting people out there, so yeah, like Excel that they have macros that automatically run with their documents. So they kind of wouldn't be able to stop that.

Thony (09:13)

I can't remember what other macros named. Can you name them? What kind of macro you built?

Ron (09:19)

Well, the one that it came on was that this was it. So it's when they made the extension change from a dot X L XLS to XLS X. So they would send a ---- file that would say you need to enable this macro to view this new format type. And they would enable it because that's what the instruction said. And then bingo bango you're in trouble.

Thony (09:39)

Yeah.

Ron (09:40)

So I mean it's more of that right, is doing the right thing, being cautious. Especially for if when you get stuff from people you don't know or like unexpected documents. Like if Nick just sent me a PDF and it was like, I need your W2's, I'd be like, Nick, why do you need my W2's? You know what I mean? But we don't even think like that. We're like, yeah. [inaudible] W2's I have no idea why you would need that. But you're from a W2's bub and then gotcha.

Thony (10:04)

I know somebody who that happened to.

Ron (10:06)

The W2 one?

Thony (10:07)

Yeah. Phishing email. It was apparently the CEO asked for the W2's for all the employees information was sent.

Ron (10:15)

Oh, that's a good one. Not encrypted?

Thony (10:18)

Nope.

Ron (10:19)

Nasty. Cause that's social. That's address. That's a lot. That's a lot. Yeah.

Thony (10:26)

And then one other one was, uh, [inaudible] employees, emails, fish. And we'll say to, Hey, I need you to change my accounting information from my paychecks to this account and stat.

Ron (10:38)

Hmm.

Thony (10:39)

Payroll. HR did it. Low and behold, that one check, which was a substantial amount went somewhere else.

Ron (10:47)

And that's the, I think other thing that people need to know and recognize is they can't get it back.

*Thony (10:52)

No.

Ron (10:52)

She gone.

Thony (10:53)

It's gone.

Ron (10:54)

Same thing. So I want to talk about the physical attacks because I think this is a new thing, right? So whether it's a man in the middle attack or like a USB attack, like it's happening now. Like everything you see on the TV shows is now happening to us. I don't know if it's happened too much, but it's out there. Right. That's how some of these, um, was it stuffs X, the one we used to take down the Iran nuclear program that was passed through a USB. We gave them a USB with a virus on it. They put the USB in and it went into their nuclear program and just caused hell. And now from there it spread out into the wild. So now people have copies of it, which is basically just a virus to do bad things. But we created, the government created it. So that's like that is your spy movie in in a nutshell as a physical attack.

Nick (11:47)

Yeah, pretty much. It's, it's, it's a lot of that, that either you have the right credentials over, right. Correct. Looking credentials, um, as one way to do it. Cause when you think about it, how hard is it to fake a badge? Like, like a normal employee badge? I'm not saying like it has to be like a specific ID or anybody. Just an employee badge.

Ron (12:07)

Probably not hard when you got yahoos posting it on Instagram and LinkedIn and being like first day at Omega. Woo.

Thony: (12:13)

Well it's not just that. It's like you think about people who have to wear badges on a daily basis. What are they doing when they go to lunch? They don't take it off.

Nick: (12:20)

Yeah. I mean I was at you and I that we were out to lunch at one day and we ran into that guy I used to know because it ---

Ron: (12:26)

Woah hey no free ads.

Nick: (12:28)

I wasn't going to say it. I was just going to say, yeah, he had his badge right on him. Just hanging off that.

Ron: (12:32)

Luis, you gotta beat that out. You gotta hit that with a beat.

Nick: (12:35)

You could have, you could just basically either from a distance, if you have a good enough camera or as you're walking by, just take a picture of it and there you've got the basic format and you're able to walk up and go, yeah, I work here and do whatever you want.

Ron: (12:48)

But the problem is, is those opening doors so you can't get in.

Nick: (12:52)

Well yeah, for ones like that I'm just like...

Ron: (12:54)

Yeah, you can't get in the building if you don't have your badge.

Nick: (12:56)

Well there are ones that, well you could go in the front door though and if you have it on you, it just looks like, you know, every business pretty much has a front door open for a clientele to come in or anything like that. And with, with that badge, it would just give you access to basically anywhere in the building that is free to roam. And that, yeah, you wouldn't be able to get into like locked doors. But when you think about it, how many doors aren't locked in a facility?

Ron: (13:22)

Well think about it this way. Even if the damn door is locked, you just wait around, you've got your badge on like you're smoking a ciggie but somebody opens that door. You just slide in behind them. Yeah, how's it going?

Thony: (13:30)

That's what I was going to get to is.

Nick: (13:32)

Yeah, there is that.

Thony: (13:34)

They'll make a copy of the badge. They'll do reconnaissance on the building. Right. To see, okay, is there a smoking point? Do people hang outside to smoke? And they'll, you know, wait, if someone's out there smoking and they'll just walk up and wait till that person opens the door, walk right in with them. That person doesn't question anything.

Ron: (13:50)

When you think about some of the larger corporations too, like it would be weird if just some random guy was in here. We're only 16 people, right? So if some dudes like, Hey, what's up? I'm like, Oh yeah, what's up with you? But a company that has a few hundred employees.

Nick: (14:05)

Or a few thousand.

Ron: (14:05)

Or a few thousand employees, you could just be another face in the building and nobody would know necessarily.

Nick: (14:11)

And I'm sure the first question could be, Hey, when did you start? And all you have to do is roll from there.

Ron: (14:16)

That would be an interesting experiment, but you probably get arrested. But I did like, you know what I mean? You walk into the local large grocery store chain have on your, like even at Tarjay you were wearing khaki pants and a red shirt on his, he needs that damn Tarjay name badge, which you can make.

Nick: (14:31)

Ah there's an easier way. All you have to do is walk in in a suit and a tie in a clipboard and you look like an inspection manager. Trust me, I've had that happen before just cause I walked in with a suit.

Ron: (14:41)

And you had a clipboard?

Nick: (14:42)

No, I didn't have the clipboard but they still thought I worked there.

Ron: (14:45)

Elite hacker, Nick Broshear, DNS, Nick Broshear, everything. So yeah, I don't know mean the, the like so how do you protect yourself from a physical attack? I mean we'll talk about that in a minute, but that goes back to like always being diligent to what you're doing in some form or fashion. Like if I get up from my desk, you guys could walk right into my office and jump on my computer. Most of the time I lock it. Sometimes I don't. I know there's people in this room right now, he's standing over there who doesn't? He's right there. He leaves for the weekend and his computer is still logged in.

Thony: (15:21)

That's good to know.

Luis: (15:23)

I was editing a video.

Ron: (15:28)

Sure. Tell the elite hackers or Luis Sanchez and they're in our system. They're like, we have a mixed environment to not in that way. But like we have Macs, we have servers, we have windows machines. Like you have to make sure your protections get across all devices. So we rolled out Sentinel One and our Macs didn't get it automatically. And somebody's Mac wasn't here for awhile. So when they rolled up they didn't have antivirus that ain't good either.

Thony: (15:54)

No.

Ron: (15:56)

So it's, it's all kinds of issues. I mean, physical threats I think are a lot lower on the totem pole if you kind of went through like even, I think traditional viruses are changing now, right? So they're file lists, they are executable lists, they are grandma going to Facebook and being like, Oh yeah, of course I love Keds. I want a new pair of Keds and they click on the ad and it's a bullshit ad and all of a sudden they got CryptoLocker or the FBI one. Did you ever see that one?

Nick: (16:21)

No, I don't think.

Ron: (16:22)

Oh it is hilarious. It would grab your, you would give it rights, right? So it's a, yeah, this needs writes to loadsies. You say, yep, sure load whatever and it would grab your turn on your webcam and put your face in there and be like, we're sending this information to the FBI because you were on an adult website, blah blah blah. You could have been like on Facebook like doing nothing crazy and all of a sudden it's like it's sending you to the FBI and people would pay the, the scratchers on it like go get the gift cards and do all this and all you had to do the ...part. All you had to do was close the browser.

Nick: (16:51)

Yeah, I've seen those before that like it just like all of a sudden you get that call of, I don't know, there's all kinds of ads popped up on my computer. I don't know what to do with it. And it's literally whatever website they went to activated all kinds of tabs, all kinds of popups. And it's just if you close the browser, it's all gone cause it's nothing that installed. It's just all a website triggered items. But it's that flashy clicky kind of stuff that makes everybody panic.

Ron: (17:18)

Well and I think that's the scary part of it is you don't know like think of like a, uh, my dad's just turned 60. He just got a computer for the first time a couple of years ago. He got an iPad and anything pops up on his computer. He, he'll call me or text me because he just, he's never been into that weird place of the internet before. Like where I clicked on the wrong thing and all of a sudden I've got all these pop-ups. I don't know what to do, whether it's, you know, bad stuff or good stuff, it just happens. And I think the older generation isn't really trained for it because they have to deal with it on a daily basis. Like my son knows how to work an iPad probably better than my father does and my son's only been around for two years. You know what I mean?

Thony: (17:57)

Yeah.

Ron: (17:58)

It's just weird to think and I don't know. I think if you had to ask me and we can put her tinfoil hats on for this. I don't think there's a a hundred percent foolproof way to protect anybody or anything.

Nick: (18:11)

Well that was like when we were out at Glue X, the whole, there was that one guy that went up on stage and he, he was talking about like the your biggest vulnerability and it's never going away is the user in the chair.

Ron: (18:23)

Oh yeah. 100%

Nick: (18:25)

So no matter what you put it, like I remember him saying that like no matter what you put in place, you're always going to have that user in the chair. That's a risk.

Ron: (18:33)

Well, think about the, the tone of the phishing emails. They're aggressive. They swear they're quick. I need you to do this now. I need you to do this right for me right now. Right now. Right now. Right now some people panic, right?

Nick: (18:44)

Yeah.

Ron: (18:44)

And then we see popups and we're like, Oh yeah, I want those Keds or those air force ones. I want those. So you click on the damn ad because you're curious. You're frustrated, you're, you're running short on time, whatever the case is, they're preying on the human emotion for us to do something because they know we will do something and it's not close the window and walk away. It's just not.

Nick: (19:04)

Well and it's, it's, it's one of those that they'll know, they know you'll do something if they make it like limited time, like you have to act on it now because it's that they, their weight, they're trying to do like a knee jerk reaction. Like, like if I tell you this has to be instant, I'm going to get you to do it because you don't have any time to actually assess the situation or think about it. It's just do it now.

Thony: (19:26)

Yeah. The way they word it as well. You know, it makes you think, if I don't do this because of what they just said,

Nick: (19:32)

There's going to be consequences.

Thony: (19:33)

Yeah. And that's the last thing you want on your yourself.

Ron: (19:37)

So, well, let's talk about the fun part. Fighting back.

Music: (19:44)

[Outro music]



SUBSCRIBE.png

WHEN-ITS-TIME-FOR-NEW-TECH.png

BLOG-NEW-CTA.png

LISTEN ON:

Spotify
SPOTIFY

Apple Podcasts
APPLE PODCASTS

Google Podcasts
GOOGLE PODCASTS

Stitcher
STITCHER

Castbox
CASTBOX

Radio Public
RADIO PUBLIC

Pocket Casts
POCKET CASTS

Overcast
OVERCAST

Breaker
BREAKER

Tune In
TUNE IN

iHeartRadio
IHEARTRADIO

Pandora
PANDORA

 
Square Studio Dev