Hackers: The Cybersecurity Super Heroes We Need

Archive for Hacking

Hackers: The Cybersecurity Super Heroes We Need

By Della Wyler
Wednesday, October 14th, 2020

The limitless expansion in technological advances is a double-edged sword. Whereas we can achieve more in our daily life and handle our responsibilities with ease, we are now more vulnerable to cybercrime attacks. Whether it is your phone, computer, or tablet, we are all susceptible to becoming victimized by cybercriminals. Since the beginning of the pandemic the rise in cybercrime has been astonishing. It has been reported that attacks on banking systems rose by 238% and cloud-based attacks rose to 630% just between January-April of this year alone. Hacking is described as the attempt to exploit a computer system or a private network. To put it simply; hacking is the unauthorized access to private data with the intention to use the data for illicit purposes. Now more than ever we (businesses and individuals) need to make cybersecurity and the prevention of cybercrimes a priority.

Common Types of Hackers and Hacking Techniques

Based on the intentions of the hackers they are typically categorized as either White Hat or Black Hat hackers. However, there are many different types of hackers that don’t necessarily fall within that “white or black” description. Below are some of the most common types of hackers:

Black Hat (crackers) – Hacking with the intention to gain unauthorized access to a system or data to harm operations or ransack private data.

White Hat – Hackers with the purpose of discovering vulnerabilities in current systems and safeguarding from future threats – with the owner’s knowledge.

Grey Hat – These hackers typically are a blend of both black/white hat hackers. They purposefully, but without malicious intent, exploit security weaknesses without the knowledge of the owners. The goal for these hackers is to gain appreciation and hopefully a fee for their discoveries. They are not to be confused with Ethical Hackers (White Hats) as their actions are illegal.

Red Hat – These hackers are the vigilantes of hacking. Red Hats seek to disarm and destroy Black Hats. Rather than notifying the appropriate channels, Red Hats look to launch aggressive attacks against Black Hats in the hopes of destroying their computers and resources.

Blue Hat – These hackers typically are an outside computer system security consulting firm and are invited by Microsoft to discover vulnerabilities in their Windows system and fix the weaknesses.

Green Hat – Typically describes someone who is new to hacking with very limited experience or knowledge of technology and hacking.

The Cybersecurity Super Heroes We Need

 

 

 

 

 

The only thing that ties all these hackers together is the fact that vulnerabilities in systems were exposed, regardless of the hacker’s intentions. The most common techniques that hackers use to achieve their goals are social engineering & phishing, malware-injecting devices, missing security patches, cracking passwords, and Distributed Denial-of-Service (DDoS).

  • Social engineering & phishing is the attempt to get you to share personal information, usually by impersonating a trusted source. Emails are a leading culprit when it comes to phishing and socially engineered attacks.
  • Malware-injecting devices is the use of physical plugins (compromised USB cord, USB device, mouse cords, etc) to infiltrate the hardware system and sneak malware onto the device.
  • Missing security patches is when the hacker takes advantage of outdated security software in the system. 18% of all network vulnerabilities are caused by unpatched applications.
  • Cracking passwords utilizes spyware, usually “keylogging”, that monitors every keystroke made on that device, then the program surmises the possible password combinations that are used.
  • Distributed Denial-of-Service (DDoS) is the hacking technique aimed at taking down websites. This prevents the user from accessing or delivering their service. DoS attacks inundate the target’s server with massive inflation in traffic resulting in an overloaded server.

What Has Hacking Cost Us and How to Prevent Attacks

In 2020 a report showed that out of the 4,000 confirmed breaches, hacking was responsible for more than half of them. It is currently anticipated that 33 billion private records will be stolen by 2023. With hacker attacks occurring on average every 39 seconds, it is not difficult to see the alarming rate of concern rising amongst the public. With the surge of cybercrime, private and public enterprises are driving up their IT budgets to try and counteract cyberattacks. Reports indicate that the global spending for cybersecurity services will reach beyond $1 trillion, by 2021.Hacker

Some of the most common pitfalls that can make you an easy target for hackers include:

  • Not password protecting your personal Wi-Fi or using a public Wi-Fi
  • Not automatically updating software
  • Clicking links from questionable email sources
  • Simple or the re-using of passwords
  • Not using an anti-virus software
  • Not utilizing a multi-factor authentication

The easiest remedies to avoid a hacker attack:

  • Updating software frequently- this keeps hackers from being able to access your computer through outdated programs which can be easily exploited
  • Keep the most up-to-date security programs, including anti-malware software to protect your data
  • Destroy all personal data on any hardware system you plan on letting go
  • Create difficult passwords and authentication hints
  • Keep sensitive data off the cloud
  • Disable connections when you aren’t using them
  • Utilize multi-factor authentication when you can
  • Sign up for account alerts

By taking these extra little steps you could potentially be saving your private data from a hacker with malicious intent.

Certified Ethical Hackers (White Hats)

Certified Ethical Hackers  are qualified IT professionals that demonstrate knowledge in accessing computer systems and looking for weaknesses and vulnerabilities that might be targeted by outside sources with malevolent intent. Certified Ethical Hackers are the crème de la crème in the eyes of IT decision makers as they can typically save companies not only financially, but also, potential reputable harm, or discord amongst the daily operations. With over 40% of IT decision makers claiming difficulties in finding the right cybersecurity candidate now is the time to look into becoming certified. With a higher than average growth rate of 31%, according to the U.S. Bureau of Labor Statistics, and the alarming rate at which cybercrime is rising, this IT position provides job security as well as the immense ability to grow. The typical Certified Ethical Hacker salary starts in the low $90k range but with additional certifications that pay scale substantially rises. Now is the time to invest into a position that not only challenges you but also provides you with security—no pun intended.

 

If you are interested in learning how to become a Certified Ethical Hacker click here.

If you are interested in other cybersecurity certifications click here.

Categories : Careers in IT, Hacking, IT Certifications, IT Security, Uncategorized

Cybersecurity Threats – Phishing and Data Breaches and Hacking, OH MY!

By Della Wyler
Wednesday, September 30th, 2020

Bigger cybersecurity risks are looming…

It is only fitting that National Cybersecurity Awareness Month happens to be the same month as Halloween. Truth be told, there is nothing more terrifying than the elaborate cybersecurity risks created daily to wreak havoc on the public. According to the FBI, efforts to monitor trending scams such as Phishing, Data Breaches, and Hacking are at an all time high.

In the latest report, the FBI has claimed that cybercrime has reached a total loss of $10.2 billion dollars, in America alone. The projected cost of cybercrime is expected to reach in excess of $6 trillion dollars worldwide, by 2021. For organizations and individuals alike, the costs associated with cybercrime is vast and one of the greatest threats lurking around the corner.

Go Phish

Cybersecurity Threats Phishing With the spread of the pandemic a lot of businesses, as well as individuals, have had to migrate offsite and create a new “work/school” environment becoming almost completely dependent on technology. The extra time spent online has created larger areas for possible exploitation and targeting by cyber criminals. Current trends show that cybercrimes have become increasingly more socially engineered and geared to using human interaction to obtain or compromise information on individuals or organizations.  Phishing is one of the most common attacks and is a form of a socially engineered attack. Phishing typically uses email or malicious websites to gather personal data by presenting itself as a trustworthy source. These attacks typically look legitimate and will pose as a reputable company/person you might be familiar with. Some ways to protect yourself from Phishing include utilizing spam filters but it is always best to add more lines of protection. Some more protective steps include:

  • Protect your cellular data by updating its software automatically
  • Apply multi-factor authentication
  • Utilizing a security software on your computer, and update automatically
  • Backing up all your data

The typical Phishing email contains suspicious sender addresses, generic greetings, spoofed web links, suspicious attachments, and questionable misspellings and inconsistent formats. The easiest way to avoid Phishing attacks, is when in doubt—throw it out.

The Data has been Breached

What does Adobe, eBay, Netflix, and Facebook all have in common? They have all been a part of major data breaches within the 21st century. Data breaches include, either intentionally or unintentionally, the release of private confidential information within an untrusted environment. The most notable data breach involved Equifax releasing the Social Security numbers, birth dates, home addresses, tax ID numbers, and driver’s license information of nearly 150 million people in 2017. Within the last two years there have been over 2.1 billion people affected by data breaches. Some of the most common risks associated with data breaches include:

  • Reputational harm
  • Financial loss
  • Operations shutdown
  • Legal action

Whereas companies are fighting tooth and nail to combat data breaches they cannot keep up with the willpower of the cybercriminals and sometimes the sheer accidental data breach from internal sources. If you suspect that you have been a part of a data breach, there are steps you can take to secure your information as much as possible.

  1. Get confirmation of the breach and if your information was exposed
  2. Find out the type of data that was exposed
  3. Reach out to the company and see what help they can/will provide
  4. Update all login and security information on all sites
  5. After determining what type of data was stolen, reach out to the appropriate companies (example: credit cards) and inform them that your data was compromised
  6. Monitor all activity on accounts and new accounts meticulously
  7. File taxes early

There is no 100% safeguard way to eliminate your exposure to data breaches. However, there are legitimate companies that will monitor all of your data activity and make you alert if there is a potential concern.

The Hack Attack

It is projected that in 2023, 33 billion records would be stolen by cybercriminals.  Annually, Americans are losing $15 billion dollars just from identity theft alone. Cybersecurity ThreatsReports have shown that out of the 4,000 confirmed breaches this year more than half of them were caused by hackers. On average a hacker attack occurs every 39 seconds. We generally assume all hackers are bad, right? Wrong… There are good hackers and bad hackers. This is the “Black Hat vs White Hat” saloon shootout scenario, the Black Hats are the bad guys and the White Hats are the good guys. Certified Ethical Hackers  (White Hat), are the ultimate security professionals in combating and exploiting vulnerabilities and weaknesses throughout various systems before a Black Hat hacker can infiltrate their systems. Some ways to counteract the hacking attempts on your privacy would include:

  • Updating software frequently- this keeps hackers from being able to access your computer through outdated programs which can be easily exploited
  • Keep the most up-to-date security programs, including anti-malware software to protect your data
  • Destroy all personal data on any hardware system you plan on letting go
  • Create difficult passwords and authentication hints
  • Keep sensitive data off the cloud

Companies are painfully aware of the need to create infrastructures that not only protect customers privacy but also are proactive in defending against all incoming future cybersecurity risks. According to reports, worldwide spending for cyber security defenses will reach $170.4 billion by 2022. Companies are seeking highly qualified candidates in various fields of cyber security in order to guard themselves from external and internal cybersecurity risks. Certified Ethical Hackers (CEH) typically make around $105,000 a year and are highly sought after, especially with hacking and phishing making up 85% of cybercrimes. The Certified Information Systems Security Manger (CISSM) certification is the top credential for IT professionals to have in their arsenal to fight cybercriminals. Certified Information Systems Security Managers develop, manage, and oversee information security systems in enterprise-level applications while developing best security practices for organizations to abide by. The typical salary for a CISSM candidate is around $110,000 a year and has no fear of lack of job security. Companies understand that it is easier to prepare for cyber attacks than to repair from cyber attacks. They are investing into their cyber security defenses and now is the time to look into a new job or a new and improved job in cyber security.

Categories : Careers in IT, CompTIA, Hacking, IT Certifications, IT Security

Terrifying Cyber Crime Statistics

By Della Wyler
Wednesday, September 25th, 2019

#1 | 780,000 records were lost per day in 2017

According to McAfee’s Economic Impact of Cyber Crime (February 2018) cyber criminals adapt at a fast pace. The scale of malicious activity across the internet is quite astounding. The figures are frightening on a monthly or yearly scale, let alone daily! Cyber criminals are constantly finding new technologies to target victims. With the introduction of Bitcoin, payment and transfers to/from cyber criminals is untraceable.

McAfee reports that one of the major internet service providers (ISP) sees 80 billion malicious scans a day

#2 | Over 24,000 malicious mobile apps are blocked daily

Symantec’s Internet Security Threat Report details that lifestyle apps are the main targets. The majority of these apps leak phone numbers. Further sensitive information like device location is also being made accessible. It would be completely impossible to monitor or check each of these apps for vulnerability issues. It’s essentially an open ticket for cyber criminals to do their worst.

In the first quarter of 2018, Google Play had over 3.8 million apps on their store.

#3 | Microsoft Office file formats are the most used file extensions

In the top 10 most malicious file extensions, Microsoft Office took the number 1 spot. Emails are a common way for cyber criminals to attack their victims. Emails are used on a daily basis around the world. If you see an email containing a .doc or .xls file extension, most users would relate it to Microsoft. Microsoft being a reputable company means people are more likely to open an attachment.

According to Cisco’s 2018 Annual Cybersecurity Report, 38% were Office formats

#4 | The U.S., U.K., & China are more vulnerable to Smart Home attacks

The majority of smart home devices are connected via an external network. If the router you’re using doesn’t have decent security protection, you could be opening up your home to a cyber attack. With smart home devices becoming more prevalent, criminals are finding new ways to exploit vulnerabilities.

According to Trend Micro, The U.S., accounted for 28% of smart home device incidents. The U.K. and China followed with 7% each

#5 | 21% of files aren’t protected

Varonis’s 2018 Global Data Risk Report is quite terrifying. 6.2 billion files were analysed. These files contained credit card information, health records, etc. 21% of these files were open for global access. Furthermore, 41% of companies have more than 1000 sensitive files open to everyone.

#6 | Healthcare industry ransomware attacks will quadruple

By 2020, CSO Online predicts ransomware attacks will be quadruple. The healthcare industry gets attacked more than most industries. Thankfully not all attacks will be successful. Healthcare industries should not give into demands and ensure their data is safe and backed up. Phishing emails are particularly common and often where cyber attacks originate from.

#7 | Cyber Crime to cost $6 trillion by 2021

In the 2017 Official Annual Cybercrime Report, it’s estimated that cyber crime will cost $6 trillion annually by 2021. In 2015, that figure was $3 trillion.

Cyber crime is now becoming more profitable than the global trade of illegal drugs!

#8 | 30% of phishing emails in the U.S. are opened

That’s almost one-third of all emails, according to Verizon’s 2018 Data Breach Investigations Report. Phishing emails no longer take the same approach they used to. Do you remember seeing an email from your bank, Apple, PayPal etc. asking for sensitive information? With the figures that high, it’s no wonder cyber criminals are preying on email victims.

So many of us receive these emails each day and 12% are clicking on the links/attachments contained within them

#9 | 58% of U.K. businesses sought cyber security advice

The Cybersecurity Breaches Survey 2017 shows U.K. businesses are more aware of cyber issues. However, it also shows that a large percentage of businesses aren’t seeking any advice or potentially protecting themselves from threats.

79% of medium firms sought advice whereas only 50% of micro firms did

#10 | 300 billion passwords worldwide by 2020

It may seem like passwords are dying, due to encryption etc. but according to Cybersecurity Media, they’re not. It’s predicted that 300 billion passwords will be used by 2020. That takes into account humans and machines! That’s an awful lot of passwords, all of which require cybersecurity protection. If not, that’s 300 billion potential threats, worldwide.

#11 | French president Emmanuel Macron emails hacked

Yes, even a president can get hacked! In 2017 Emmanuel Macron’s emails were hacked. His emails were posted online just days before he was due to go head to head against his opponent. 9GB worth of data was posted to Pastebin. Macron’s campaign confirmed it had been hacked.

#12 | More than 60% of fraud originates from mobile devices

The world has gone mobile, and so have fraudsters. 60% of fraud comes from mobile devices; of that figure, 80% comes from mobile apps. Once a cyber criminal has access to your mobile, it can access your mobile banking app and initiate multiple levels of cyber crime. Fraudulent transactions are now over double the value of real transactions.

#13 | 2.53 million fall victim to cyber crime in UAE

In 2016, Norton by Symantec reported over 2.5 million people were victims of cyber crime in UAE. Despite reports stating that awareness of cyber crime was high, people are still engaging in online behaviour that is deemed as risky. People know they should be aware of links and protect their information. 70% of those people still click on information that they aren’t 100% sure of. Millennial’s seem to be the most affected group of people.

53% of millennial’s experienced cyber crime in the last year

#14 | Netherlands have the lowest cyber crime rate

In 2015, Symantec reported the Netherlands as having the lowest cyber crime rate. Only 14% of the population were affected. Although 14% is still high, compared to other countries, it wasn’t! Indonesia, for example, was subject to the highest cyber crime rate in the world.

59% of the population fell victim to cyber crime

#15 | Personal data sells for as little as $0.20

Have you ever thought how much your personal data is worth to you? Well, to some, it could sell for as little as $0.20, up to $15. Credit card information and account information can be accessed and purchased much more easily than you might think. The value of information is dependent on the type of details included. For example, credit card details are more valuable than other information. As well as this, it’s also dependent on how easy it would be to resell the information. If it’s too difficult, the value of personal data decreases.

#16 | Japanese exchange lost $530 million due to hacking

Coincheck is one of the biggest Bitcoin and cryptocurrency exchanges in Asia. In January 2018 it reported that it had lost $530 million due to hacking. Due to the incident, Coincheck seized and stopped all sales and withdrawals of it’s cryptocurrency at the time. The cryptocurrency used for the exchange was called NEM. Coincheck deal with other cryptocurrencies too.

#17 | In 2016, Adware affected 75% of organisations

Cisco investigated 130 organisations in it’s Cisco 2017 Annual Cybersecurity Report. It found that 75% of companies were affected by adware. Adware in itself is a nuisance, but it can also facilitate further malware or virus attacks. Adware presents itself in the form of advertisements. Whether you’re using your device on or off the internet, adverts can be displayed. Often if you’re trying to perform an internet search, the results direct you to other websites or marketing pop-ups to obtain your personal data.

#18 | Average ransomware demand is $1,077

Although not every ransomware demand is paid, the average demand value is $1,077. Since the last report, this shows an increase of around 266%! When victims are faced with a ransom amount, they often pay up. We rely on the internet for daily activities, for personal and work. We rely on the internet to connect our devices, and even our homes with the introduction of smart home products.

Demands are significantly increasing because we’re so reliant on the internet. As ransomware attacks increase, we can expect the demand values to increase as well

#19 | China have the most malware in the world

Over 55% of China’s computers are infected with malware. Since 2014, that figure increased by nearly 30% more! Even with people being more and more aware about cyber crime, it’s clear to see it doesn’t stop attackers. Taiwan follow closely with 49% of their computers being infected. Of all the malware across the world, Trojans were the cause of the most infection. Trojan’s are malicious programs that provide a back-door kind of entry to computers.

Once hacked, attackers can access personal information, passwords, and infect other devices connected to the same network

#20 | 90% of hackers use encryption

Encryption is a process which involves encoding a message, information, or program. Encryption allows only authorised people to access it. For example, a document that may be readable in normal circumstances would appear completely illegible when encrypted. In order to access encrypted information, it must be decoded first. Hackers are of course aware of how best to hide their tracks. 90% of them use encrypted traffic to disguise what they’re doing. If we, as users, used encryption to the same level, it would be much more difficult for cyber crime to take place.

#21 | Companies take over 6 months to notice a data breach

For me, this is one of the most terrifying statistics. Research suggests that most businesses take up to 197 days to notice breach of their data. ZDNet reports finance firms can take an average of 98 days! Due to the amount of time it takes for companies to realise a data breach, attackers are able to obtain even more information. Think about it, imagine what a cyber criminal can obtain over a 6 month period. Certain industries are of course more vulnerable to attacks, due to the data they hold.

83% of finance companies incur over 50 attacks per month. Once data has been stolen, it gets sold on the black market

 

Source: Original report can be found on VPN Geeks.

Categories : Careers in IT, Hacking, IT Security

The Best Cybersecurity and Information Security Certifications

By Della Wyler
Monday, October 1st, 2018

Information Security CertificationsLet’s begin with “Information Security” and “Cybersecurity”.  There are two expressions that people often use somewhat interchangeably. They are not quite the same though, as we have already explained in one or our previous blog posts. In any case, both have – naturally – the security aspect in common. This means, that if you are planning for a professional career in this field, not only are your knowledge and skill set of particular importance, but also are your reputable credentials, such as, Cybersecurity and Information Security Certifications.

Let us have a look at some of the best information security certifications to boost your career as an information security professional.

 

Information Security Certifications

Certified Penetration Testing Engineer (C)PTE)

The Certified Penetration Testing Engineer certification constitutes an upgrade to the Certified Ethical Hacker/CEH. The Techsherpas certification course is based on proven, hands-on penetration testing methods and the Five Key Elements of Pen Testing:

  • Information Gathering
  • Scanning
  • Enumeration
  • Exploitation
  • Reporting

CISM: Certified Information Security Manager

The certification as a CISM/Certified Information Security Manager demonstrates your proficient knowledge and skill set in the field of Information Security Management, such as:

  • Threat analysis and risks
  • Risk and incident management
  • IS security strategy/frameworks
  • Security programs and CISO roles
  • Creation of policies for audit and risk management, compliance and awareness
  • DR and BCP development/deployment/maintenance

 

CompTIA Security+

With Information Security Certifications like CompTIA Security+ you demonstrate the necessary computer security skills to successfully perform your duties in a wide range of IT security-related roles. Such skills are, for example:

  • Identification of the fundamental computer security concepts
  • Identification of (potential) security threats
  • Data management and application
  • Host security management
  • Network security implementation
  • Identification/implementation of access control
  • Identification/implementation of account management security measures
  • Identification/implementation of compliance and operational security measures
  • Certificate and risk management
  • Troubleshooting and management of security incidents.
  • Business continuity and disaster recovery planning

 

CISSO: Certified Information Systems Security Officer

A Certified Information Systems Security Officer (CISSO) demonstrates proficiency in the knowledge and skill set (including industry best practices) that characterize the work of a security manager/security officer, such as:

  • Expertise regarding the in-depth theory of core security concepts, practices, monitoring and compliance
  • Use of a risk-based approach
  • Ability to implement and maintain cost-effective security controls

The CISSO certification training also covers the exam objectives of the CISSP: Certified Information Systems Security Professional

 

C)IHE: Certified Incident Handling Engineer

The Certified Incident Handling Engineer (C)IHE) is directed toward IT professionals, such as incident handlers, system administrators and general security engineers. The training, which also covers the GCIH- GIAC Certified Incident Handler, teaches students:

  • Planning, creation and utilization of systems for attack prevention, detection and response
  • Step-by-step approaches as used by hackers worldwide
  • Identification of the latest attack vectors and implementation of safeguarding measures
  • Incident handling procedures
  • Strategies for each type of attack
  • Recovery measures after an attack

 

Have a look at our public training schedule to find out more about how we can support you to achieve the Cybersecurity and Information Security Certification that is best for your career plans.

 

 

 

Sources:
https://www.businessnewsdaily.com/10708-information-security-certifications.html
https://en.wikipedia.org/wiki/List_of_computer_security_certifications
https://www.darkreading.com/risk/10-security-certifications-to-boost-your-career/d/d-id/1322449?image_number=3
https://techsherpas.com/it-training/cihe-certified-incident-handling-engineer-on-demand

Categories : Careers in IT, CompTIA, Hacking, IT Certifications, IT Security, Training & Education
Tags : , ,

Safety and Security Measures You Should Follow

By Della Wyler
Monday, April 9th, 2018

Security is important, especially with computers, internet, and personal information.  Here’s a few cybersecurity tips to keep yourself safe.

Follow These Cybersecurity Tips for Safe Computer Access

Make use of passwords and PINs

Your passwords and PINs are an imperative line of defense, not only for your devices, but especially for your online “existence” – your social media profiles, online-shop accounts and access to your online-banking.

In other words: When your device offers you the option to use are protective password or PIN (personal identification number) in order to access it, then do make use of it. (The access to your various online profiles is usually password-protected as a rule, anyway.)

Avoid easy guesses

Don’t use PINs like 1234 or your birthday – those are combinations that other people often try first to get unauthorized access.

The same goes for passwords: Neither your own name, nor your partner’s or your children’s names are a difficult leap – and would-be hackers know that, too – so it’s better if you stay clear of such password choices.

Make your passwords more complex (and therefore more difficult to guess or hack) by making them at least eight digits and a combination of letters, numbers, and where applicable, even symbols. When you set up an online-profile, the provider often gives you a guideline regarding the minimum security requirements for your password choice.

Don’t use the same password every time

Make sure not to use the same password all over your various accounts, especially not in combination with the same username or email-address. The reason is a simple one: In case one of your accounts should get hacked after all, you don’t want the hackers to have access to your other accounts as well!

Keep changing your passwords periodically

For similar reasons, it is a good idea to change a once determined password after a while, so that even if your account had been compromised at one point, maybe without your noticing, the hacked password will not work for unauthorized people’s future use.

Organize your passwords and keep them safe

It’s obvious that all these different passwords and user names need some organization as well as safekeeping. You might want to write them down somewhere, but if you do, keep them away from open display and if possible not in direct vicinity to your computer. One way to do this electronically is using a special password-manager software (that can even create unique and elaborate passwords for you).

Make sure to log out of your accounts when you leave, especially on computers that are not yours

Many online-shops provide the option to stay logged in your profile with them, so that you are not automatically logged-out once you check out and leave the shop. This is usually done by checking a little box where you log into your account (e.g. “Keep me signed in”).

While this can be a handy little option to use on your personal device in order to do some quick shopping without having to go through the log-in process, you should definitely not use this option on a public computer, or any computer that other people might have access to. This is one of the basic steps to protect your profiles and accounts – so basic, that the providers of this option usually expressly advise against staying logged-in themselves.

 

Sources:

https://fieldguide.gizmodo.com/18-ways-to-make-your-online-accounts-more-secure-1793250264

https://support.google.com/accounts/answer/32040?hl=en

https://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/

 

 

Categories : Hacking, IT Security
Tags :

Hackers Always Hack: A Career in IT Security

By Della Wyler
Monday, October 23rd, 2017

When it comes to knowing which career to go into in our fast-paced world, consider the growing field of IT security. Demand is at an all-time high to protect your financial assets, health records, and other private documents.

Planning A Lucrative Career In IT Security

One need look no further than the Equifax data breach of 143 million Americans, which pales at the 3 billion accounts hacked at Yahoo. However, the Equifax breach was quite startling since the breach was from one of the nation’s largest credit reporting agencies. An organization of this caliber should have a solid security infrastructure in place. Finding out that that’s not really the case makes consumers nervous. It leads you to believe that there must be numerous other security weaknesses throughout our economy.

Plan Your Successful Future

As a result, a career in IT security will be in strong demand into the foreseeable future. Hackers always hack, which translates into job security for the IT professional. Data experts are confident that the demand for this skill will last a lifetime as it protects (like in the Equifax breach) people’s names, Social Security numbers, addresses, birth dates, driver’s license numbers, credit card numbers, and other personal information.

Achieve Financial Success In IT Security

Private and public entities, including the military, will pay top dollar for skilled IT professionals who truly can keep the organization safe. The cost to keep business data safe is paramount to every business.

Ransomware is malicious software from cryptovirology that can publish others’ data or block access to it unless a ransom is paid with no guarantee that the data will be unlocked. Even saying the word ransomware frightens any c-level executive, as it can bring a business to its knees. IT security in the military has obvious life and safety repercussions in a real sense.

The Future Of IT Security

Businesses that don’t invest in IT professionals will run into trouble at some point. The question is when. Viruses come in many forms including boot sector, direct action, polymorphic, multipartite, file infector, web scripting, and browser hijackers. All it takes is one significant outage to significantly impact the business bottom line.

A Solid Investment In Your Future

Russia’s potential influence on our recent presidential election is another example of the need for additional IT security personnel. As long as there are bad people willing to use their keyboard for malice, jobs for IT security professionals are recession proof. Sadly, it seems that the bad apples are on a global scale, providing confidence that a career in IT security is a solid investment.

Source:

https://www.forbes.com/sites/laurencebradford/2017/02/27/how-to-start-a-lucrative-career-in-cybersecurity/#4b662391066d

Categories : Careers in IT, Hacking
Tags :

Qualified IT Security Professionals Needed – IT Security Certifications can help

By Della Wyler
Thursday, November 21st, 2013

With IT security threats increasing and the number of qualified IT security personnel decreasing, organizations, both public and private, are facing a serious problem. Countless organizations are realizing they need more IT security man power to handle the growing number of threats that can harm their business and their valued customers. The small number of IT security staff is just not cutting it these days, and because of this, IT security is the fastest growing field in IT. Data from Indeed, a popular job site, showed help ads for security professionals increased by 100% during the past five years.  So do you think investing in IT security education is a good idea right now? I would think yes! Not only would a career in IT security provide job security, but the pay isn’t too shabby either. The average salary of a Security Specialist or Network Administrator is almost $94,000. Be the solution organizations are looking for by getting qualified in IT security.

Getting qualified for an IT Security Career

Pursuing a career in IT security is an excellent path to travel down, when deciding how you want to create job and financial stability. So where should you begin? There are several ways that you can build your resume to showcase your IT security skills. What can you do to land the security job you are looking for? What will help you stand out from the group?

1)      Know IT Security – Be knowledgeable on the subject. Read about IT security news and events both historical and current. Follow the trending topics. There are plenty out there, as you can’t turn on the TV without hearing about some IT security threat. These threats are even making great story plots for Hollywood.

2)      Obtain Security Certifications – Having a solid foundation, understanding, and skillset is also crucial to successful deployment of IT security practices. It’s these skills that save organizations money and hassles, and also give them peace of mind. Certification and specialized training are excellent ways to get those skills and build the knowledge of a highly respected IT security professional. There are various certifications you can get, which we will discuss in more detail.

3)      Hands-On Experience – Set-up your own “working lab”. Take things apart, and put them back together. Hack into your system, and then create security features to prevent those break ins. Hands-on experience is always best. Experience allows you to put your skills and knowledge to use. Get in an entry-level position as soon as possible, or volunteer. Experience is developed by working through the problems.

Security Certifications

When it comes to IT security there are several certifications that are worth looking into and obtaining. Depending on your level of IT experience, you will want to start with more entry-level certifications, and build up to the more advanced ones as you feel more comfortable, gain more experience, and are ready to advance your IT security career.

CompTIA Security+

CompTIA Security+ is an international, vendor-neutral certification. It is an entry/foundation –level certification that demonstrates competency in:

  • Network security
  • Compliance and operational security
  • Threats and vulnerabilities
  • Application, data and host security
  • Access control and identity management
  • Cryptography

CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents; it       ensures that security personnel are anticipating security risks and guarding against them. Candidate job roles include security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator, and network administrator. Kick start your IT security career – start training for your CompTIA Security+ certification.

Certified Ethical Hacker (CEH)

Certified ethical hackers aka “Whitehats” are those highly skilled IT professionals that have the ability to beat hackers at their own game by uncovering systems’ weaknesses and vulnerabilities. By revealing these vulnerabilities and identifying the access points, these can be addressed before the “bad guys” have the opportunity to penetrate the system and create havoc on the company as well as its customers. The CEH credential is an intermediate certification, and demonstrates competency in:

  • foot-printing and reconnaissance,
  • scanning networks, enumeration
  • system hacking
  • Trojans
  • worms and viruses
  • sniffers
  • denial of service attacks
  • social engineering
  • session hijacking
  • hacking webservers, wireless networks and web applications
  • SQL injection
  • Cryptography
  • penetration testing
  • and evading IDS, firewalls, and honeypots

Those with a CEH certification are good candidates for the following positions: Network Testing, Systems Analyst Specialist, Information Technology Security Specialist, IT Vulnerability Specialist, and Tester/Ethical Hacker. To kick-off your IT security career, and start training for your Certified Ethical Hacker certification click here.

Certified Information Systems Security Professional (CISSP)

For those IT professionals that are serious about a career in IT security the Certified Information Systems Security Professional (CISSP) is a must. These IT professionals possess expert knowledge and technical skills necessary to develop, guide, and then manage security standards, policies, and procedures within their organizations. This is an advanced vendor-neutral IT security credential that is recognized world-wide, and demonstrates competency in:

  • Access Control
  • Application Development Security
  • Business Continuity and Disaster Recovery Planning
  • Cryptography
  • Information Security Governance and Risk Management
  • Legal Regulations
  • Compliance and Investigations
  • Operations Security
  • Physical Environmental Security
  • Security Architecture and Design and Telecommunications and Network Security

The CISSP certification is meant for experienced IT professionals and offers three concentrations for targeted areas:

  • CISSP Architecture
  • Engineering
  • Management

Those with a CISSP certification are good candidates for the following positions: Senior Analyst, IT Security Threat & Vulnerability Director, Principal Security Strategist, and Network Engineer. To advance your career in IT security, start training for your Certified Information System Security Professional (CISSP) certification.

Certified Penetration Testing Engineer (CPTE)

Another certification based around ethical hacking, Certified Penetration Engineer (CPTE) specializes in penetrating systems – they learn how to locate a system’s vulnerabilities and exploit a system’s weakness, which allows them to create safeguards against the real threats. The CPTE certification demonstrates competence in several area of penetration testing:

  • Information Gathering
  • Scanning
  • Enumeration
  • Exploitation
  • Reporting

Through utilizing and mastering these important techniques, penetration engineers are able to discover the latest vulnerabilities, threats, and techniques blackhat hackers are using today. To build a career with a focus penetration testing, start training for your Certified Penetration Testing Engineer (CPTE) certification..

Job Security through IT Security

IT Security threats are everyday occurrences that organizations world-wide, both private and public, need to be aware of and face head-on. They need to be pro-active in preventing breaches and penetration of their valuable and confidential systems. These are real threats that can be devastating to any organization, big or small. This is the reason the need for IT security professionals is increasing on a daily basis, with no sign of slowing. The world needs more, many more, qualified IT professionals to handle the growing threat. Get knowledgeable in the IT security world. Know the threats that are out there. Even better, get certified! Contact TechSherpas to start your journey of a successful career in IT security.

Categories : CompTIA, Hacking, IT Certifications, IT Security, Training & Education
Tags : , , ,

Hackers make History and Hollywood

By Della Wyler
Friday, June 28th, 2013

“Uh-uh. You didn’t say the magic word!” The skill of hacking has definitely made a place for itself in Hollywood. You may recall Lex’s hacking skills got Jurassic Park back on track after dinosaurs wreaked havoc on a secluded island. Then there was Stanley Jobson (Hugh Jackman) who stole $9.5 billion from a secret government slush fund, codenamed Swordfish, for a high tech robber villain. And you can’t talk about hacking and not mention the Matrix trilogy (1999), Tron (1982), or The Girl with the Dragon Tattoo (2009).  Even President Obama made a recent comment that the manhunt for 29 year old hacker, Edward Snowden will make for a good movie someday. The Best Hacking movies, are exciting, and although they can seem like a bit of a stretch from reality, there is some truth behind these plots.Code 2600 is a documentary film worth watching because it is both accurate and entertaining, and will open your eyes to the truth about hacking.

 

The terms hacker and hacking typically carry a negative connotation and as they are commonly associated with the skill of unlawfully breaking into computer systems. But not all hackers are bad. In fact, hackers have the ability to diagnose security flaws. Crackers, on the other hand, use their hacking skills for malicious gain, stealing private information and sometimes large amounts of money. Crackers are hackers who have gone to the dark side. The White Hat versus the Black Hat….the good versus the evil.

The Infamous Crackers aka the Black Hat Bad Guys

Since the development of computer technology there have been a number of notorious hackers that have created real-life dramas, off the big screen, and no doubt have provided inspiration for big Hollywood directors. Here is a list of the some of the most infamous real life black haters that give hackers a bad rep. Some of them are now respectable White Hat hackers!

  • Kevin Mitnick – Kevin Mitnick started out just wanting a free ride on the bus, starting his hacking career at the age of 12. Mitnick went on to become the most wanted computer hackers in the country, known primarily for his hack into Digital Equipment Corporation’s network to steal their software. It may have been his first notable break-in, but Mitnick went on to other big targets, including cell phone giants Nokia and Motorola. After hacking into fellow hacker Tsutomu Shimomura’s computer, Mitnick was tracked down by Shimomura and the FBI in 1995.Today, Mitnick has served a five-year sentence and come clean, but he continues to profit off his former title, authoring books and working as a security consultant. The movie Takedown (2000) is based on Kevin’s capture.
  • Kevin Poulsen (aka Dark Dante) – Today, Kevin Poulsen is an editor at tech-savvy Wired magazine, but back in the 1980s, he phone-phreaking hack. Poulsen rigged s Los Angeles radio station phone line to allow only him to get through and win a trip to Hawaii and a Porsche. Dark Dante’s more serious targets included his break-in to the FBI’s database which led to his 1991 arrest and five years prison time. Since then, he’s gone respectable using his power for good by racking sex offenders on MySpace.
  • Gary McKinnon – Conspiracy-theorist McKinnon broke into computers at the U.S. Department of Defense, Army, Navy, Air Force and NASA sometime in 2001 and 2002. McKinnon believed the U.S. government was hiding alien technology that could solve the global energy crisis. The U.S. government claims McKinnon’s hack job cost them significant amounts of money to fix.
  • Robert Tappan Morris – Back in 1988, while a graduate student at Cornell University, Morris created the first worm and released it on the Internet. He claimed it was all an experiment gone awry, a test to see how big the then-new Internet was. The worm turned out to be more than a test: it replicated quickly, slowing computers to the point of non-functionality and virtually crippling the Internet. He was eventually fined and sentenced to three years probation. Since then, he’s earned his Ph.D. from Harvard and made millions designing software. Today, he’s a computer science professor at MIT.
  • Jonathan James – Infamous by the age of 16, this kid was charged for hacking into NASA and the Department of Defense computer systems, stealing information and causing serious downtime while the security breaches has to be addressed. This would cost tens of thousands of dollars. He basically informed NASA and DOD that their systems had weaknesses, which was the defense his father was using. The judge didn’t buy it, and he was sentenced as a juvenile, and received 6 months in juvenile institution. Trouble seemed to follow him, as he was later associated with the TJX scandal (listed below). He committed suicide after his suspected involvement in this case.
  • Albert “segvec” Gonzalez – This is the guy that was responsible for the TJX hacking scandal of 2009, in which a group of hackers stole 36 million credit card numbers.  He was an informant to the secret service providing information on other credit cards thieves! TJX spent over $170 million responding to the attack, and Albert was sentenced to 20 years in prison, which is the longest sentence handed down to a convicted hacker in the US.
  • 23 (1998) – The movie’s plot is based on the true story of a group of young computer hackers from Hannover, Germany. In the late 1980s the orphaned Karl Koch invests his heritage in a flat and a home computer. At first he dials up to bulletin boards to discuss conspiracy theories inspired by his favorite novel, R.A. Wilson’s “Illuminatus”, but soon he and his friend David start breaking into government and military computers. Pepe, one of Karl’s rather criminal acquaintances senses that there is money in computer cracking.

The Famous Hackers aka the White Hat Good Guys

When you take a look at the computer technology and hacker movies, you will notice that the majority of hackers are in fact, good guys. These are the guys that give hackers a good name. Although they may have gotten into a little trouble here and there, by forgetting about the ethics of hacking, White Hat hackers have really contributed to improvements in technology security.  Hackers, can build a career around their skill and become IT Security Professionals through certification. These IT security gurus are important members of successful organizations, and are in high demand these days as security crime and threat is on the rise. Here are a few White Hat hackers whose discoveries changed the world of technology as we know it.

  • Bill Gates – At 14 years old, he dialed into a nationwide computer network, uploaded a virus he had created causing the entire network to crash. That boy was Bill Gates, founder of Microsoft.
  • Steve Wozniak – He and Steve Jobs got their start building blue boxes, a device that could bypass traditional telephone switch mechanisms in order to make free long-distance calls. Wozniak and Jobs built these boxes together and ended up selling them to their college classmates. From there, they progressed to bigger and better ideas so users could make free long distance calls. The money helped start up Apple computers and now, we have iPhones as a result. The movie, Pirates of Silicon Valley (1999), is based on the young founders of Apple. Also Stan Jobson (Hugh Jackman’s character in Swordfish) is named after Steve Jobs. He’s modeled after the cool computer geniuses of William Gibson’s cyberpunk novels.
  • Joanna Rutkowska – This Polish researcher has made it an obsession to figure out how stealth malware, such as rootkits, can be so well hidden in software and hardware that few are ever likely to find it. Her “Blue Pill” attack against Microsoft’s Vista kernel protection mechanism, which brought a crowded room of security geeks at Black Hat to a standing ovation in 2006, was just her first revelation publicly to show how easy it is for dangerous code to hide in plain sight.
  • Mark Maiffret – Once the bad boy ‘Chameleon’ in hacking group “‘Rhino9,” Maiffret luckily realized his hacking skills could be put to use in protecting Windows-based computers when, at age 17, he turned over a new leaf to co-found eEye Digital Security in 1997. Maiffret also played a role in zeroing in on the infamous “Code Red” worm in 2001, which exploded across the Internet ravaging Microsoft-based computers.
  • Zane Lackey – This co-author of “Hacking Exposed: Web 2.0″ and contributing editor to “Hacking VoIP” and “Mobile Application Security” digs into flaws in mobile and VoIP systems. In the past, some of his public talks and demos about compromising VoIP systems have been so detailed that chief information security officers at major corporations said they couldn’t advocate investing in VoIP until the issues raised were addressed by vendors.
  • Tim Berners-Lee – Tim is credited as the brilliant mind behind the creation of the World Wide Web–not to be confused as the creator of the Internet, which he isn’t. He is the creator of the actual system that we all use to navigate the Internet in order to access particular files, folders, and websites. He got his start with electronics at a relatively young age. When he was a student at Oxford University, Berners-Lee managed to build a computer from scratch using a soldering iron, TTL gates, an M6800 processor, and parts from an old television.

Hacking –  Career vs. Jail Time

 

Hacking not only makes exciting crime dramas, but can also earn someone a good honest living, or it can earn someone some jail time, depending on the route taken. White hacking can help prevent the black hacking so hacking is an important topic to understand, learn, and get certified, if you want to pursue a career in hacking or IT security. To learn more about how to become a White Hat hacker, visit our IT Security Certification & Course pages for classes near you. Who knows…maybe your skills will go down in history and make the big screen one day!

Which one of these people/stories would make the best Hollywood film? Do you think Edward Snowden will make it to the big screen? What is your favorite hacker movie?

Categories : Hacking, IT Security, Technology
Tags : , , , , ,

About TechSherpas 365

TechSherpas 365 is a Microsoft Gold Partner for learning solutions. This represents the highest level of competence and expertise with Microsoft technologies.

Contact Us

10213 Wilsky Blvd.
Tampa, FL 33625

 866.704.9244
 info@techsherpas.com