Compiled and
Modified by Flicker from
https://www.ready.gov/cyber-incident
Often times, we may not realize that
our actions online might put us, our
families, and even our country at
risk. Learning about the dangers
online and taking action to protect
ourselves is the first step in
making the Internet a safer place
for everyone. Cybersecurity is a
shared responsibility and we each
have a role to play.
Cybersecurity
involves preventing, detecting, and
responding to cyber incidents.
Unlike physical threats that prompt
immediate action–like stop, drop,
and roll in the event of a
fire–cyber threats are often
difficult to identify and
comprehend. Among these dangers are
viruses erasing entire computer
systems, intruders breaking into
computer systems and altering files,
intruders using your computer or
device to harm others, or intruders
stealing confidential information.
The spectrum of cyber risks is
limitless. Threats, some more
serious and sophisticated than
others, can have wide-ranging
effects on the individual,
community, organizational, and
national level. These risks include:
-
Organized cybercrime,
state-sponsored hackers, and
cyber espionage can pose
national security risks to our
country.
-
Transportation, power, and
other services may be disrupted
by large scale cyber incidents.
The extent of the disruption is
highly uncertain as it will be
determined by many unknown
factors such as the target and
size of the incident.
-
Vulnerability to data breach
and loss increases if an
organization’s network is
compromised. Information about a
company, its employees, and its
customers could be at risk.
-
Individually-owned devices
such as computers, tablets,
mobile phones, and gaming
systems that connect to the
Internet are vulnerable to
intrusion. Personal information
may be at risk without proper
security.
Before
a Cyber Incident
You can increase your chances of
avoiding cyber risks by setting
up the proper controls. The
following are things you can do
to protect yourself, your
family, and your property before
a cyber incident occurs.
-
Only connect to the
Internet over secure,
password- protected
networks.
-
Patch you operating system with the latest
Windows Updates using Windows Update!
-
Do not click on links or
pop-ups, open attachments
(especially compressed or
zipped files) or respond to emails from
strangers.
-
Beware of emails
–
Ransomware is frequently delivered
through phishing emails and exploits unpatched
vulnerabilities in software.
-
Phishing
emails are crafted to appear as though they have
been sent from a legitimate organization or
known individual.These emails often
entice users to click on a
link or open an attachment
containing malicious code.
After the code is run, your
computer may become infected
with malware.
-
Always enter a URL by
hand instead of following
links if you are unsure of
the sender.
-
Do not respond to online
requests for Personally
Identifiable Information
(PII); most organizations –
banks, universities,
companies, etc. – do not ask
for your personal
information over the
Internet.
-
Limit who you are
sharing information with by
reviewing the privacy
settings on your social
media accounts.
-
Trust your gut; if you
think an offer is too good
to be true, then it probably
is.
-
Password protect all
devices that connect to the
Internet and user accounts.
-
Do not use the same
password twice; choose a
password that means
something to you and you
only; change your passwords
on a regular basis.
-
If you see something
suspicious, report it to the
proper authorities.
-
Be suspicious of
unsolicited phone call,
visits, or Email messages
from individuals asking
about employees or other
internal information
-
Avoid providing personal information
or information about your organization,
including its structure or networks, unless
you are certain of a person's authority to
have the information.
-
Be cautious about sending sensitive
information over the Internet before checking a website's
security. (See
Protecting Your Privacy
- https://www.us-cert.gov/ncas/tips/ST04-013
)
-
The extent, nature, and
timing of cyber incidents
are impossible to predict.
There may or may not be any
warning. Some cyber
incidents take a long time
(weeks, months or years) to
be discovered and
identified. Familiarize
yourself with the types of
threats and protective
measures you can take by:
-
Signing up for the
United States Computer
Emergency Readiness Team
(US-CERT) mailing list to
receive the latest
cybersecurity information
directly to your inbox.
Written for home and
business users, alerts
provide timely information
about current security
issues and vulnerabilities.
Sign up here.
-
Becoming a Friend
of the Department of
Homeland Security’s
Stop.Think.Connect. Campaign
and receive a monthly
newsletter with
cybersecurity current events
and tips.
Sign up here.
During
a Cyber Incident
Immediate Actions
-
Check to make sure the
software on all of your
systems is up-to-date.
-
Run a scan to make sure
your system is not infected
or acting suspiciously.
-
If you find a problem,
disconnect your device from
the Internet and perform a
full system restore.
-
Report the incident.
Your local police, or
federal agencies, may be
able to provide assistance
and investigate the
incident. A cyber incident
may be reported at various
stages even when complete
information may not be
available. The list of key
federal points of contact:
At Home
-
Disconnect your device
(computer, gaming system,
tablet, etc.) from the
Internet. By removing the
Internet connection, you
prevent malicious actors
from being able to access
your computer and perform
tasks such as locating
personal data, manipulating
or deleting files, or using
your device to harm others.
-
If you have anti-virus
software installed on your
computer, update the virus
definitions (if possible),
and perform a manual scan of
your entire system. Install
all of the appropriate
patches to fix known
vulnerabilities.
At Work
-
If you have access to an
IT department, contact them
immediately. The sooner they
can investigate and clean
your computer, the less
damage to your computer and
other computers on the
network.
-
If you believe you might
have revealed sensitive
information about your
organization, report it to
the appropriate people
within the organization,
including network
administrators. They can be
alert for any suspicious or
unusual activity.
At a Public Place (library,
school, etc.)
-
Immediately inform a
librarian, teacher, or
manager in charge. If they
have access to an IT
department, contact them
immediately.
If you believe your
Personally Identifiable
Information (PII) is
compromised:
-
Immediately change all
passwords; financial
passwords first. If you used
the same password for
multiple resources, make
sure to change it for each
account, and do not use that
password in the future.
-
If you believe the
compromise was caused by
malicious code, disconnect
your computer from the
Internet.
-
Restart your computer in
safe mode and perform a full
system restore.
-
Contact companies,
including banks, where you
have accounts as well as
credit reporting companies.
-
Close any accounts that
may have been compromised.
Watch for any unexplainable
or unauthorized charges to
your accounts.
-
File a report with the
local police so there is an
official record of the
incident.
-
Report online crime or
fraud to your local United
States Secret Service (USSS)
Electronic Crimes Task Force
or the
Internet Crime Complaint
Center.
-
Report identity theft to
the
Federal Trade Commission.
-
If your PII was
compromised, consider other
information that may be at
risk. Depending what
information was stolen, you
may need to contact other
agencies; for example, if
someone has gained access to
your Social Security number,
contact the Social Security
Administration. You should
also contact the Department
of Motor Vehicles if your
driver's license or car
registration has been
stolen.
-
For further information
on preventing and
identifying threats, visit
US-CERT’s
Alerts and Tips page.
After
a Cyber Incident
-
File a report with the
local police so there is an
official record of the
incident.
-
Report online crime or
fraud to your local United
States Secret Service (USSS)
Electronic Crimes Task Force
or the
Internet Crime Complaint
Center.
-
Report identity theft to
the
Federal Trade Commission.
-
If your PII was
compromised, consider other
information that may be at
risk. Depending what
information was stolen, you
may need to contact other
agencies; for example, if
someone has gained access to
your Social Security number,
contact the Social Security
Administration. You should
also contact the Department
of Motor Vehicles if your
driver's license or car
registration has been
stolen.
-
For further information
on preventing and
identifying threats, visit
US-CERT’s
Alerts
and Tips page.
Report Threats
and Crime to The
FBI
General
Public
Members of the
public can
report
violations of
U.S. federal law
or suspected
terrorism or
criminal
activity as
follows:
Contact The FBI
online
Contact us via
telephone or
mail
-
Contact
your
local FBI
office
or
closest
international
office 24
hours a day,
seven days a
week.
-
Call
1-800-CALLFBI
(225-5324)
for the
Major Case
Contact
Center
-
Call
(866)
720-5721 to
report
fraud,
waste, and
abuse
involving
disaster
relief to
the National
Center for
Disaster
Fraud or
write to
NCDF, Baton
Rouge, LA
70821-4909.
|
----------------------------------------------------------------------------------------------------------------------
Stolen NSA (National Security Agency)
Hacking Tools Made Freely Available on The
Internet!
Eternal Blue with
DoublePulsar Payload Exploitation (SMBv1)
infects Thousands with
"WannaCry"
Ransomware - More Waves of Attacks Expected!
“WannaCry”
Ransomware has affected FedEx,
thousands of Hospitals and Hospital
Emergency Rooms in the US, Great
Britain’s NHS (National Health Service), as
well as Railroads, Police Stations, 85% of the computers at the
Spanish Telecom firm Telefonics, and many others
including The United States, Russia, Germany,
Turkey, Italy, Philippines and Vietnam, India
and Scotland and over 150 other counties in less
than 24 hours.
"WannaCry" Ransomware, turned loose on
the Internet by a group called “The Shadow
Brokers”, unleashed a horde of Windows
hacking tools and exploits allegedly purported
to be stolen from the NSA (National Security
Agency) that works on almost all versions of
Windows.
The Hacking tools are purported to have belonged
to "Equation Group", an elite cyber attack unit
linked to The National Security Agency (NSA).
The Archive that contained the tools can be
unecypted
Now, the Shadow Brokers group published a new
117.9 MB of encrypted archive via its new blog
post, while another source has uploaded
the unlocked archive to GitHub and listed all
the files contained in the dump which now
includes 23 new hacking tools.
Continued Beloww...
"WannaCry" Ransomware is spread by
taking advantage of a Windows vulnerability that
Microsoft released a security patch for in
March. But computers and networks that haven't
updated their systems are at risk.
Once
infected with the "WannaCry"
Ransomware, victims
are asked to pay a ransom in order to remove the
infection from their PC’s or their PC’s will
remain unusable, and their files permanently
locked.
Affected
machines have a number of hours to pay the hacker,
and every few hours the ransom goes up. Paying
the ransom is not a guarantee that you will get
you files back from the hacker who launched the
tool.
The
group released over 100 MB of stolen
Hacker Tools with code names suchs as Double
Pulsar, EmeraldThread, OddJob,
EternalSynergy, EternalRomance,
EnglishMansDentist, EasyBee, EducatedScholar,
FuzzBunch, EmphasisMine, EskimoRoll,
EclipsedWing, EsteemAudit, MofConfig,
ErraticGopher, EwokFrenzy, ZippyBeer,
ExplodingCan, and the tools work against almost all versions of
Windows except Windows 10 and Server 2016.
The Microsoft Security Team
discovered that most of the vulnerabilities that
the hacking tools exploited had already been
patched by a recent “Patch Tuesday Update”.
“Most of the exploits that were disclosed
fall into vulnerabilities that are already
patched in our supported products. Customers
still running prior versions of these products
are encouraged to upgrade to a supported
offering,” Microsoft Security Team said in a
blog post..
Most of the exploits that were disclosed
fall into vulnerabilities that are already
patched in our supported products. Below is a
list of exploits that are confirmed as already
addressed by an update. We encourage customers
to ensure their computers are up-to-date.
Of the three remaining exploits, “EnglishmanDentist”,
“EsteemAudit”, and “ExplodingCan”,
none reproduces on supported platforms, which
means that customers running Windows 7 and more
recent versions of Windows or Exchange 2010 and
newer versions of Exchange are not at risk.
Customers still running prior versions of these
products are encouraged to upgrade to a
supported operating system.
|