NATIONAL SECURITY INCLUDES PROTECTING VULNERABLE POPULATIONS
For security professionals, I believe that helping increase cyber security awareness, especially in vulnerable populations like the elderly and our veterans, is of the utmost importance.?It’s not simply a matter of protecting those most vulnerable from theft, it’s also a matter of our nation’s security and stability.
It’s been reported on numerous occasions from a variety of sources that North Korea, one of the nation states that is particularly aggressive toward other nations, funds most of its weapons development programs from stolen assets including crypto currency and bank fraud. This disturbing trend is only getting worse. As North Korea develops nuclear and missile programs that threaten neighboring states, it is more important that ever to help those vulnerable populations in the US and other developed nations protect themselves from stolen assets.
Often people who are older and especially our veterans are using outdated software, unpatched systems and older equipment which allows bad actors to compromise their critical systems and steal assets that ultimately end up funding a nation state which can lead to conflict and destabilization. As security professionals, it’s not just the financial loss that needs to be considered, but the threat to global stability.
According to Hyung-Jin Kim of the Associated Press “North Korean hackers have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years, more than half of it this year alone, South Korea’s spy agency” This means that this alarming trend is accelerating and with more and more people investing in crypto currency and other alternative assets, coupled with more online mechanisms to transfer money like Zelle, Paypal and others, a more sophisticated means of stealing money isn’t necessary.
Often the elderly and veterans are using outdated phones and old computer equipment and with Microsoft constantly moving and changing things in their user interface, it is common for users to forget to update their systems. Sometimes, I swear “big tech” gets paid to change and move things which were perfectly fine in their old location.?These changes wreak havoc for less savvy users, which leads to compromise which might ultimately threatened global stability. ?
Only 16% of the users have updated to Windows 11 and many are on older, unpatched versions of Windows 10 which still accounts for almost 40% of the endpoints. ?Older and less savvy users find patching and updating Windows 10 challenging as often auto-updates are not applied. This makes compromising a system easier than ever for bad actors, wishing to steal funds for their nation state. Most Windows home computers are in some state of patch deficiency which makes theft and compromise a far easier task for those wishing to steal assets.
Additionally, almost no one I know updates their 2003 Belkin router firmware leaving most home networks very vulnerable. In addition to poorly patched routers, an array of IoT devices which are not built for easy firmware updates allows for another vector of attack and compromise. Those nifty IoT devices are usually the last on the list to be updated properly.
Finally, the phone, is ever increasingly becoming a source of banking and crypto applications as more institutions move to app based solutions. This vector is becoming a key way bad actors steal assets. Whether it’s apps that have vulnerabilities in the stores or phones running outdated OS (most Android phones are running software that is 2-4 years old without security updates) the phone is quickly becoming the preferred way assets are stolen. Online banks and investment firms are moving much of their functionality to apps, which is convenient but allows for unpatched and unsecured hardware to be a key vector for stealing money and other assets.
WHAT CAN SECURITY PROFESSIONALS DO TO HELP WITH THIS PROBLEM?
First, ensure that computers at those most vulnerable populations are updated with the latest security patches. When visiting a friend or relative, hop on their computer and do a windows update.?Second, if you have time, ensure that routers are given the latest patches.?Finally, help those that have aging phone hardware to protect their devices by installing anti-malware code from a reputable vendor.
Finally, educate as often as possible, those in vulnerable populations about phishing attacks through email and more recently text messages. This latest vector of attack is becoming increasingly popular, and the latest crop of malware can be installed remotely via a link in a text message. ?Responding to unsolicited text messages and clicking on links from what appears to be legitimate vendors is the #1 way that exploits are provisioned to unsuspecting mobile targets.?
It appears that social engineering is the newest vector to gain access to financial systems. I have been inundated with a variety of unsolicited text messages like “Hey Jordan this is Brianna are you still selling your house on Oak Street” or even better “Sally, this is Susan are you still available for dinner Tuesday night” for fun occasionally I will answer them, and the dialog is often the same “Oh, I am sorry I must have the wrong number. What’s your name…” and they then try to build a connection to gain information.?Aging populations and veterans make easy targets for these sorts of attacks as many people, in a post covid world are lonely and looking for interaction. ?Some help with social engineering wouldn’t hurt, alerting victims to the latest scams and how to handle unsolicited texts and emails.
·?????Update Windows and Other Operating Systems
领英推荐
·?????Update Firmware on Routers and IoT Devices
·?????Install Security Tools That Protect Phones and Home Computers
·?????Educate on Phishing Techniques and Social Engineering
?
MICHIGAN RESIDENTS HAVE A FREE TOOL
Michigan is very progressive in this area and should be applauded.?For Michigan residents there is a free client based on the Zimperium IPS system that can be used to check links and protect against malware and other exploits on your mobile device. This software client is free for all Michigan residents but isn’t well known, so spreading the word is important. Maybe we could all do our friends and relatives a small favor by taking 10 minutes to install this or other software and discussing the latest phishing vectors.
Perhaps other states will join in this effort to protect our communities and our vulnerable populations from theft and harassment. As a resident of Michigan, I use the client, called Michigan Secure to protect my device and I encourage anyone who is a resident of Michigan to adopt this security tool on all Android and IOS devices.
If one is outside of Michigan, there are plenty of paid and free tools that will help ensure that vulnerable populations don’t fall victim to exploits on unpatched and orphaned operating systems. I personally like Malwarebytes but there are a host of options available to security professionals to help vulnerable populations protect their assets and data.
CYBER SECURITY IS EVERYONES CONCERN
While it might not seem like a matter of national security to help your neighbor or relative prevent compromise, realize that there are numerous bad actors that would love to leverage their assets to fund their efforts. Please take a moment and help those that don’t understand the dangers of an increasingly connected world.
One last request…please tell them that NO LEGITAMATE BUSINESS GETS PAID IN GIFT CARDS!
Eric Marchewitz is a security solutions architect, recovering CISSP and AWS Cloud Practitioner. His career in information security has spanned 23 years, working for companies such as PGP Security, Cisco Systems and Check Point. Most recently he is a Field Solutions Architect for CDW Corporation. This article doesn’t not reflect the views of CDW and is for information purposes only and should not be considered professional advice. No warranty of the information contained within is given.