Copyrighted Material
Total Page:16
File Type:pdf, Size:1020Kb
Index Numbers Android devices, security compared to iPhones, 209–212 2016 presidential election, 15, 107–108 Angelova, Barb, 49 2017 Verizon Data Breach Investigations AnnualCreditReport.com, 139 Report, 92 Anthem, breach in 2015, 26 419 scams, 55 Anti-Phishing Working Group, incident 4Chan, whaling, 37 response, 98 antimalware software, 88 A antivirus software, 87–88 access security, local fi le storage, 163 cryptomining malware, 43 actions (attack chains), 69 detecting phishing attack, 96 active duty alerts, military identity importance of updating, 78 theft, 119 local fi le storage, 162 activity notices, 177, 189 myth vs. fact, 88, 194 ad blocking extensions, 189–190 protecting computers, 199 ad injectors, 78 protecting information when Adobe Flash, security issues, 190 traveling, 243 adversaries spyware, 47 caught, 17–21 Apple ID, value of login credentials, compared to source of breaches, 92 25 motives, 13 Apple, Koobface gift card scam, 51 nation-state attackers, 14–16 AppleCare, phishing, 209 profi le of, 12–13 applications, protecting computers, advertisements, malware 199 infections from,COPYRIGHTED 77 APT1 MATERIAL(nation-state hacking adware, 43, 47–48 group), 14–15 Google Play store, 208 Ashley Madison, blackmail, 8 airplanes, security ATIS (Alliance for Telecommunications vulnerabilities, 238–239 Industry Solutions), 60 Alliance for Telecommunications ATMs, credit card skimmers, 142 Industry Solutions (ATIS), 60 attack chains, 66–68 alternative fi nancial services (AFS), 145 attack methods. See also attack vectors Amazon Alexa, privacy concerns, 231 adware, 47–48 Amazon Echo, privacy concerns, 231 banking information, 24 Amero, Julie, 47–48 charity scams, 58 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225151 111/22/20181/22/2018 44:48:00:48:00 PPMM 252 Index clone phishing, 39–40 attacks computing resources, 27 cryptojacking, 194–196 distributed denial-of-service (DDoS), 19 timing, 4 email compromise, 38–39 authentication email phishing, 34–35 IoT devices, 232 email scams, 3 phone numbers, 60 fear tactics, 33 two-factor, 5, 25 government agency authentication apps impersonation, 52–53 two-factor authentication, 85 grandparent scam, 53 compared to text-based identity theft, 108–110 authentication, 207 Internet of Things (IoT), 27–28 authorization, breaches, 8 job scams, 56–58 auto-connecting, protecting information online dating scams, 54–56 when traveling, 243 personally identifi able automated hacking software, 4 information (PII), 26 spear phishing, 35 phishing vectors, 33 automated tools, searching databases, pretexting, 42–43 83 ransomware, 44–46 automatic updates, 85, 88 robocalling scams, 58–61 avionics systems, scamming, 50 vulnerabilities, 238–239 scareware, 47 SMS phishing, 41–42 B social engineering, 32–33 Babayan, Vachik, 23 spear phishing, 35–37 back doors, credentials, 25 spyware, 46–47 BackBlaze, 164 technical support scams, 51–52 backing up data, 89–90 Trojans, 48 cloud storage, 160–161, 163–164 utility bill scams, 54 fi le protection, 165 virtual kidnapping, 53–54 incident response, 97, 99 voice phishing, 40–41 local fi le storage, 163 whaling, 37–38 mobile devices, 213 attack targets, 23 myth vs. fact, 89 path of least resistance, 24 protecting computers, 200 social media, 171–172 when traveling, 247 Twitter, 172–173 Baker, Stephen, 55 attack vectors. See also attack methods bank account credentials, 25, 73–74 cryptomining, 195 bank account verifi cation, 112 email, 72–73 BankBot, 48 freeware, 78 banking apps, 147 phone calls, 75–76 banking Trojans, 48 software, 78 Google Play store, 208 text messages, 41–42, 73–75 Baratov, Karim, 18–19 URLs, 76 Barclays, 18 USB drives, 71–72, 78–79 Berkeley Open Infrastructure for website links, 76 Network Computing (BOINC), 198 websites, 76–78 Better Business Bureau (BBB), voice Wi-Fi, 79–80 phishing, 40–41 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225252 111/22/20181/22/2018 44:48:00:48:00 PPMM Index 253 Betz-Hamilton, Axton, identity theft, C 126 cable modems, updating, 84–85 biometrics, risks, 212 caller ID, spoofi ng, 76 Bitcoin, cryptomining, 196 Cambridge Analytica, 173–174 Bitdefender Mobile Security, 214 cameras, remote operation, 46 black market, medical Campaign for a Commercial Free information value, 26 Childhood (CCFC), 132 black-hat hackers, 14, 24 candy drops, USB keys, 78–79 blackmail, breaches and, 8 Carder ’ s Paradise, 25 blockchains, 43 personally identifi able information, 26 BOINC (Berkeley Open Infrastructure for Carleton University, 185 Network Computing), 198 Carnegie Melon CyLab study, 127 botmasters, 28 catphishing, 50, 54–56 botnets, 72 DDoS attacks, 28 CCFC (Campaign for a Commercial Free Childhood), 132 Google Play store, 208 IoT devices, 228 Center for Digital Democracy (CDD), 132 IoTroop, 28 password attacks, 31 charity scams, 58 resources, 13 chat features (online gaming), 130–131 terrorist organizations, 17 ChexSystems, 112, 113 bots, Twitter and, 172–173 child predators, 130 breaches, 17–21 children alerts, 188 identity theft, 125–129, 133 CloudPets, 133 online activity, 129–131 compared to cyberattacks and private information, 128–129 hacks, 8 smart toys, 131–135 Deep Root Analytics, 176 Social Security numbers, 128 Dropbox, 180 Children ’ s Online Privacy Protection Act Equifax, 66 (COPPA), 132 Experian, 109 chip-based security, 148 identity theft, 108–109 Christiano, James "Jamie," 59–60 LifeLock, 111 Chrysler vehicles, Uconnect LinkedIn, 180–181 vulnerabilities, 227 mixing personal and work Clapper, James, 17 passwords, 93 click fraud apps, Google Play store, 208 password changing, 188 Clinton, Hillary, 107 password reuse, 179–180 clone phishing, 39–40 reused credentials, 83 cloud storage, 159–165 source of compared to adversaries, 92 CloudPets, data breach, 133 Spiral Toys, 133 Cobalt Gypsy, 169–170 Twitter, 173 Coinhive, 197 Yahoo, 152–153 Collins, Arran, 53–54 Brennen, John, 17 command and control apps British Airways, 18 attack chains, 69 browser-setting hijackers, 78 Google Play store, 208 browsers, ad-blocking extensions, 47 computer accounts, individual for burner phones, 248 children, 135 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225353 111/22/20181/22/2018 44:48:00:48:00 PPMM 254 Index computers credit reports cryptocurrency mining, children, 127–128 symptoms, 193–195 credit freezes, 112 donating CPU capacity, 198 fraud alerts, 97, 111 protecting, 198–201 security freeze, 109 computing resources, 27–28 criminal organizations, 16 consumer databases, personally Crypto Sheriff tool, ransomware, identifi able information, 26 101 Consumer Watchdog, 154 cryptocurrencies, 18–19 Consumers Union, 132 mining, 28 COPPA (Children ’ s Online Privacy Monero, 197 Protection Act), 132 ransomware payments, 45 Corbin, Jane, 38 cryptocurrency mining CPU usage Bitcoin, 196 cryptocurrency mining, 193–195 Coinhive, 197 donating capacity, 198 computer hijacking, symptoms, monitoring, 200 193–195 Crackas with Attitude, 17 critical industrial processes, 197 Craigslist, 19 websites, opt-in, 196–197 job scams, 56–58 cryptographic algorithms credentials. See also cracking, 28 passwords; usernames hashing passwords, 180–181 compromising accounts, 25 cryptojacking, 194–196 duplicate, 86 Google Play store, 208 email compromise incident malware, 43–44 response, 102 protecting computers, 200 incident response, 97, 100 cryptomining malware, 43–44. See also Internet of Things (IoT), 27 cryptocurrency mining Kronos Trojan, 48 Cyber Security Intelligence Department PayPal, 25 (United Airlines), 239 phishing attacks, 25 cyber weapons, NSA, 16 reselling, 25 cyber-enabled fi nancial fraud, 20–21 Reset Password links, 39 cyberattackers reused, 83 profi le, 12–13 spyware, 46–47 reasons for success, 7 stuffi ng, 181–182 targets, 13 texts as security attack vector, 73 terrorist organizations, 17 updating, importance of, 74–75 cyberattacks, compared to breaches credit and hacks, 8 freezing, 97 cybercrime organizations, 16 protecting, 112–113 Cybercriminal Code of Ethics, 7 credit card skimmers, 23, 142, 144–145 cybercriminal organizations, avoiding, 148 characteristics, 13 credit cards cyberhygenic practices, 7 fraud, 141–143 attack chains, 68–70 identity theft insurance, 112 importance of, 84 when traveling, 246 passwords, 182–184 Credit Karma, 111 risk assessment, 92 MMcDonough559610_bindex.inddcDonough559610_bindex.indd 225454 111/22/20181/22/2018 44:48:00:48:00 PPMM Index 255 cybersecurity protecting money, 146–149 risk assessment, 92 robocalling, 61 smart toys, 133 social media protection, 176–178 two-factor authentication, 85–86 D using voicemail, 76 Dark Web, 14 whitelisting phone numbers, 58–59 Carder ’ s Paradise, 25 delivery (attack chains), 69 identity theft, 109 Dell, Alexa, 173 password databases, 25 Democratic National Convention (DNC), personally identifi able information, 26 attacks on, 15 ransomware payments, 45 Department of Defense, phishing data. See fi les tweets, 172–173 data breaches Department of Homeland Security, 20 automated hacking software, 4 Department of Justice, 21 credentials, 25 Department of the Treasury, 20 identity theft, 108–109 reporting IRS impersonation scams, 141 LifeLock, 111 devices statistics, 6 disconnecting after an attack, 96, 98 Yahoo, 152–153 email privacy, 157 data brokers, 175 IoT, 232–238 data mining, social media, 173–176 protecting when traveling, 243 data protection, social media, 176–178 ransomware incident response, 100 databases, exposed, 25 scanning for malware, 99 Davis, Debbie, 23 secure for banking, 147 Davis, Todd, 111 updating, 84–85 DDoS. See distributed