Today’s threat landscape is constantly changing and evolving as are the tactics, techniques, and procedures (TTP’s) or our adversaries. The number of cyber attackers and data breaches is growing every day, and has increased significantly in the last few years, both in magnitude, and scope. As more and more people are putting their personal lives online, it is becoming easier, and cheaper for cyber criminals to hack into online accounts, computers, networks, and mobile devices; which in turn can grant these hackers access to your personal data.

The ultimate goal of Cybersecurity is to protect and Confidentiality, Integrity, and Availability (CIA) of computer systems and data. Whenever a system or network is hacked, data in one form or another is leaked, an account is hijacked, credentials stolen, it is almost guaranteed that one of these fundamental principles has been violated. Many times, cyberattacks remain undetected, sometimes taking weeks, months, or in some cases years before you realize what has happened. However, there are some tell tale signs to look out for that might indicate that you or your systems/networks may have been compromised, and it can save you some time and money if spotted early enough.

We’re going to provide you with a few clear signs that you can use in order to identify whether you have been hacked, and how to possibly remediate these issues.

Unwanted Browser Toolbars & Extensions

One of the most common signs of compromise is a new, mysterious browser toolbar or extension with a name that indicates it is meant to assist you. If you do not remember downloading that toolbar/extension, or do not recognize the name of the vendor it is supposedly from, it’s time to uninstall it.

How to remediate?

Fortunately, most browsers allow us to easily review and remove or activate toolbars or extensions. If the toolbar or extension is not listed there, then check to see if the browser has the option to reset itself back to its default state.

In the future, be sure to double check that when installing some applications or programs that there are no unwanted toolbars being installed as “shareware”, also be sure to read the licensing agreement, as these will typically contain whether a toolbar will be installed or not.

Random or Constant Pop-Ups

Browsing one of your favorite websites and getting hit with pop-ups that you typically would not see on that site? That’s an obvious sign that you have been compromised. These pop-ups can also come in the form of fake antivirus messages, and fake protection alerts. Many websites, both legitimate and malicious can bypass a browsers ad or pop-up blocker, so this is not a viable source of determining whether you were actually compromised or not.

How to remediate?

As with the solution above, many times pop-ups are caused by a malicious browser toolbar that was unwittingly installed, or browser add-on/extension. Simply looking in the browsers settings, you can identify whether there is an unwanted toolbar, add-on or extension installed.

Internet Searches Being Redirected

Typing in a website to search for and noticing it’s being redirected? A common way to verify this is to look at the address bar for the URL, if it does not exactly match the website for which you’re searching, then it’s more than likely being redirected by a hacker. The hacker gets paid every time someone clicks to visit a website. 

How to remediate?

Once again, this is primarily due to the installation of malicious and unwanted toolbars and browser extensions/add ons. Again, simply searching for these can be a way to fix this issue, or resetting the browser to its default settings.

Ransomware Message

By far one of the worst messages you can get on their computer is one telling them that all of their data has been encrypted, and in order to get it back they have to pay a ransom to decrypt it. Ransomware is a huge market for cyber criminals, in the last 3 years ransomware has caused over $20 billion worth of damage to corporations with ransom demands reaching upwards of $100,000, mostly in the form of Bitcoin.

Unfortunately, paying the ransom often does not result in the data being fully decrypted, or an actual working system. These programs as with any software, contain bugs and unlocking the encrypted data is not as easy as inputting the decryption key. The best way to prevent ransomware is to only download software from trusted sources, and always, always keep full backups.

Strange Mouse Movements and Clicks

If your mouse pointer is moving across the screen and you didn’t do it, it’s a guarantee of one thing, and ghosts is not the answer, you’ve been hacked! Though sometimes this can be from hardware technical issues. If the pointer is jumping all over the screen and not doing anything on the screen, then it’s more than likely a technical glitch. However, if the pointer is making clear movements and taking actions to click on certain links or parts of the browser, then it is more than likely because of a hacker.

How to remediate?

This is where you will most likely need to call in digital forensics professionals to assist in figuring out how the attackers got in to begin with. But you can also do something to learn what the attackers are after. Take a few minutes and observe what it is they are doing and what they may be after. If they start getting too close to something you don’t want them getting access to, turn off the computer, and/or disconnect it from the network.

Be sure to check us out next week in order to read Part 2 of the How To Tell If I Have Been Hacked blog post.

It should come as no surprise that things have changed again. Many of you have already heard about the roll out of the Cybersecurity Maturity Model Certification (CMMC) over the next 5 years and hopefully have started working towards the required level of certification for your organization. But have you heard about the CMMC Interim Rule? 

The CMMC Interim Rule includes a new DoD methodology for NIST 800-171 starting November 30, 2020. The Interim Rule adds DFARS 252.204-7019 and 252.204-7020 and allows for a scoring methodology (Basic, Medium, High). This new methodology requires all DoD contractors and sub-contractors to complete a NIST 800-171 self-assessment and receive a score through the Supplier Performance Risk System (SPRS). 

A Basis Assessment is a self-assessment completed by the contractor, while the Medium and High Assessments are to be completed by the Government. The Government will select contractors for Medium or High review based on the nature of the program.

Please note all self-assessments completed by contractors are given a Basic score, in order to achieve a Medium or High score the assessment must be reviewed by the government. 

Contracting Officers are required to verify the offeror has a current NIST  800-171 DoD Assessment on record prior to contract aware or the exercise of an option.

Certain aspects of the interim rule may change with the issuance of a final rule and additional guidance. Until then, DoD contractors should make plans to implement the new Assessment requirement quickly, and should carefully review all DoD solicitations and contract modifications to understand whether or not the new rule impacts them.

What does this mean for you? It is time for you dust off your POAM and SSP, create an account with SPRS, and go through the self-assessment process.

To find out more about or vulnerability assessment and vulnerability management services, or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

As we have all been faced with challenges during the COVID-19 pandemic, the way we do business has changed dramatically, with many of us working from home. This has presented hackers with new tactics, and opportunities to cast a wider net on their attacks. IT security has always been important, and during these times that importance is even greater. 

In an ideal world, most companies would have some form of plan or policy on how to securely make the transition from employees working on-site to working from home. Unfortunately, many of us made the transition with little to no time to plan. Now that the dust has settled a bit, although the future is still uncertain when and if we will go back to doing business the way we used to, it is a good time to confirm that employees working remotely are doing so as securely as possible.

Tips on working securely from home

---

Acceptable Use

Employees should follow the same policies and procedures as if they were working in the office.

Only use company set up email, messaging, storage, etc when doing work for the company.

Home Office

If possible, have a private area set up to work. This space should send a clear signal to you that it’s time to focus. To avoid burnout, try to stay away from your workspace when you’re not working, unless absolutely necessary.

Secure Remote Connection

Connection to the office should only be made using a secure VPN (Virtual Private Network).

Password Security

Passwords used should be unique and no less than 12 characters on all devices being used, the longer the better.

End-Point Protection and Patching

Employees using a personal computer/laptop should make sure there is up to date anti-virus software installed and the operating system is up to date with updates/patches, including 3^rd party software, downloaded and installed on regular basis.

Wi-Fi Security

If using a wireless connection, make sure the connection is encrypted and the wireless password is strong.

Confirm that the login and password for the router (usually provided by the ISP, Internet Service Provider) has been changed. Most personal routers still have the default login and password which is not only weak, but also known across the Internet and easily searchable online.

User Awareness

Lock your computer/laptop screen when you walk away or are finished working.

Stay vigilant when it comes to phishing emails.  Phishing emails are up 667% and according to Google 81 million phishing emails containing malware are being sent each day. Verify, Verify, verify before providing personal information or doing a financial transaction.

Notify your IT company IMMEDIATELY if you possibly clicked on or downloaded something suspicious.  The quicker they can run mitigation the better.

As many of you are aware hacking is big business costing many businesses a ton of money. 

Many hackers are employed just like we are. They are given quotas to meet, deadlines, and are expected to perform in order to keep their job.

Let’s make it hard for them to stay employed! 

SME is here to assist in any way that we can.  If you have any questions about working securely from home or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Stay Safe, Healthy, and Sane!

Use a Security Application

This can be in the form of an antivirus, anti-malware, or firewall application. These applications come in both free and paid versions. This can be a confusing process but by looking at reviews and comparing these tools to find the right one for your specific needs. Some companies will even include all of these tools in one standalone application.

Don’t Click on Just Anything

Be cognizant of what it is that you are trying to access online. Many of the attacks we see and hear about in the news started off with someone clicking on a link they thought was legit but was in reality a malicious link or email attachment that unknowingly installed software.

Learning what the tell-tale signs of phishing sites and malicious URL’s is a very valuable skill for every online user to have. Instead of immediately clicking on the link, ask yourself, “Am I expecting this email from so-and-so? Did I sign up for this?”. Another trick we call can do is to hover over the link (not clicking it) and see if the URL is taking you to a legit website, or if the URL is a confusingly long and obfuscated, seemingly random string of characters; if so then you can probably guess that it is not something you want to click on.

Also, to cover our previous point of using security applications, there are some anti-malware and applications that offer real-time scanning and browser protection that warns or advises users that the link or website they are attempting to visit may contain malicious content. These tools can further protect you from downloading ransomware, adware, or trojan horses from infecting your device.

The Password is Strong with This One

123456, password, iloveyou

Recognize any of those? If so then they may just be one of your passwords, and if they are then you may want to check and see if you’ve been pwnded. Not all hackers are like the ones you see in the movies, they don’t’ all wear black hoodies, slam back energy drinks, or listen to techno music while they take down the Gibson. However, all hackers LOVE easy to guess passwords! One of the most common entry points for cyber-attacks is a weak password that you are using to try and secure your online account.

Here is a short list of the 30 most commonly used passwords of 2020

Using one password decently strong for every account is a dangerous game to play with your online security, using one weak password for your accounts, you may as well just leave the door wide open. Point of this? Use strong passwords! Strong passwords can be difficult to remember, sure. However, there are smart people who have thought of this already and offer solutions for us. Password managers like LastPass and BitWarden both offer free and premium solutions for not only generating extremely strong passwords, but storing them for you as well, better yet, they even offer plugins that will auto-inject these passwords into your online accounts so you don’t have to copy and paste them yourself. Another, easier to remember solution is to use passphrases instead of passwords. Using multiple words strung together to create a phrase adds variation to the password, this way you can still remember multiple passwords easily and are still getting strong passwords that protects your accounts.

History

Since its inception in 2004 Cybersecurity Awareness Month has had one main goal: making Americans safer and more secure online. Launched as a collaborative effort by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) C.A.M strives to increase the importance of cybersecurity across our Nation, attempting to ensure that as many Americans have the resources needed in order to practice their own cyber hygiene at home, or in a corporate environment.

Now, 16 years later Cybersecurity Awareness Month has grown into somewhat of a grassroots campaign, with massive efforts being led by the participation of many large companies in the industry, as well as government agencies all in an attempt to engage their customers, employees, college campuses, and the general public with the idea that every digital user should have some idea of how to be safe and secure while using the Internet.

169 million personal records from financial, business, education, healthcare, and public sectors were exposed in 2015

If You Connect It, Protect It

In order to keep yourself safe online, any device that you are using in order to access content from the Internet needs to be protected. This can be as simple as keeping the device up to date with the current software updates available, knowing exactly what it is that you are trying to access online, or ensuring that you are using strong password for every online account.

In order to understand how important Cybersecurity Awareness is, you must first understand that you are a target, you have something that online criminals want, whether it be personal/private information in the form of your date of birth, your mother’s maiden name, or even your healthcare records and credit/debit card information. Threat actors will attempt to use this data in order to try and steal something from you or break into your accounts.