Data Privacy Day (DPD) is an international effort held annually on January 28 to create awareness around the importance of privacy and protecting personal information. SiteLock has committed to being a DPD Champion to acknowledge and bring attention to the value and importance of privacy. This year, Data Privacy Day is all about respecting privacy, safeguarding data and enabling trust.
With cyber attacks and data breaches on the rise, privacy and security compliances are more important than ever. What are compliances? Generally, they’re laws designed to protect private consumer and company data from being stolen and exposed.
Privacy and security compliances span across many industries – education, government, health and high-tech like cloud and SaaS. You may have even heard of a few of them, like HIPAA or SOC.
Neill Feather, president of SiteLock, recently wrote an article highlighting the top 3 privacy and security laws that you should know, along with some tips to help organizations improve website compliance. You can read it on Govloop by clicking here.
As technology continues to evolve, web security threats are on the rise with an estimated 160,000 samples of malware detected around the world each day. Unfortunately, 70% of these attacks are targeted at small businesses and other particular industries (e.g. retail, healthcare and hospitality).
Fortunately, web security has come a long way in just a few years. Thanks to national events like Data Privacy Day (DpD) which bring together privacy professionals, law enforcement and industry leaders alike, fostered communication helps to ensure the long-term viability of our digital ecosystem.
In what we can only hope is a sign of things to come, law enforcement around the world showed unprecedented cooperation in shutting the shades on a gang responsible for creating and sharing a nasty piece of malware that was spreading rapidly around the world.
The malware is known as Blackshades, and was allegedly created by a 24-year-old Swedish man who ran his malware operation like a legitimate business. The entrepreneur was very committed to making his malware as popular as possible, hiring a marketing director, customer service representatives, and a customer service manager.
His Blackshades creation is not one piece of malware but more of a collection, with the most dangerous being the Blackshades RAT, or Remote Access Trojan. RATs are particularly dangerous because as the name suggests, they allow the hackers to maintain remote control over the Trojan while it’s on an infected computer.
And according to an FBI statement, those capabilities were impressive. “After installing the RAT on a victim’s computer, a user of the RAT had free rein to, among other things, access and view documents, photographs and other files on the victim’s computer, record all of the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim – all of which could be done without the victim’s knowledge.”
The Blackshades kit was widely available and costing as little as just $40. Which might explain why the FBI estimated that it was purchased thousands of times, used in hundreds of countries, and infected more than a million computers worldwide.
One of those victims was Cassidy Wolf, Miss Teen USA 2013. The 19-year-old was targeted in a sextortion case by a 20-year-old from California. This hacker was one of the many who purchased and used Blackshades, and once he had infected the computer of the beauty queen he notified her that he had taken control of her camera, had used her webcam to take a series of compromising photographs of her, and would publish those photos unless she provided him with more photos and videos.
The victim wisely opted instead to go to the police and the hacker was recently sentenced to 18 months in jail. Investigators said that this one amateur hacker, who was studying computer science and went to the same high school as the victim, had more than 150 computers under his control using Blackshades when he was arrested.
In order to reign in the spread of the malware, which was ideally suited as a business espionage tool, the FBI enlisted the help of law enforcement in 18 countries. In a coordinated series of raids, 40 FBI field offices conducted around 100 interviews, more than 300 searches, seized nearly 2,000 web domains, and made nearly 100 arrests.
So how do you know if your computers have been infected by the Blackshades RAT? Blackshades is only known to infect Windows computers and the FBI suggests you keep an eye out for the following tell-tale signs:
- Mouse cursor moves erratically with no input from user
- Web camera light (if equipped) unexpectedly turns on when web camera is not in use
- Monitor turns off while in use
- Usernames and passwords for online accounts have been compromised
- Unauthorized logins to bank accounts or unauthorized money transfers
- Text-based chat window appears on your computer’s desktop unexpectedly
- Computer files become encrypted and ransom demand is made to unlock files.
In case you need reminding, malware is getting more sophisticated and the people behind it more determined. Constant vigilance, and the best security tools, are your best defense against an unpleasant infestation.
Google Author: Neal O’Farrell
Of all the threats that could be stalking your business daily, it is most unpleasant to think about the fact that the biggest threat could already be inside your walls, maybe even on your payroll. Unfortunately there’s plenty of evidence to suggest that the biggest source and cause of security incidents is the humble employee.
The good news is that few of these incidents are deliberate attacks or frauds by your most trusted insiders. Instead they tend to be innocent mistakes which could easily be avoided but which are quickly taken advantage of by hackers.
You probably already know that October is National Cyber Security Awareness Month, right? Of course every month should be cyber security awareness month because these days no business can afford to let its guard down. Not for a moment.
But because businesses and consumers are often too busy to think about security when it matters most, a national celebration was created as a reminder. And we’re celebrating NCSAM by sharing with you some of the most basic security options that are available to any small business.