By now most of you have heard of the #wannacry variant of
ransomware, or at the very least you have heard of ransomware? Ransomware is a
malicious computer program that encrypts a user’s computer and then offers to
restore your files if you pay a ransom. Generally, the ransom is to an
off-shore email account and payment is preferred in bitcoins. The solution to
ransomware in general is to keep your anti-virus software up to date and be
careful about downloading or opening random files that are emailed to you.
This post is not about ransomware, but about something that
really makes a security professional “want to cry.” Those of us in the profession
know that user education can stop most potential attacks, but user education is
also one of the hardest items to make happen, even in a small organization.
Today’s topic is: DO NOT USE THE SAME PASSWORD FOR MULTIPLE SITES!
I have a current investigation on my desk with 47 victims,
multiple stolen credit cards used to make online purchases of electronics. I
will change the names and some of the data, because sharing information during
an investigation is really, really frowned upon. Just ask James Comey.
The fraud was perpetrated by foreign nationals using all the
regular hacker methods, but the one common item… victim after victim admitted
to using the same password across multiple shopping sites and then compounding
the problem by saving the credit card information online to make purchasing
easier in the future.
Problem… It allows bad guys to make fraudulent purchases
with your information much easier too and the take away from this particular
case?
Don’t reuse passwords across sites and if you are feeling
particularly security minded don’t save card information either.
No comments:
Post a Comment