loader from loading.io

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

Craig Peterson - America's Leading CyberSecurity Strategist

Release Date: 10/15/2021

Did Your Computer Have Did Your Computer Have "Intel Inside"? It Won't For long!

Craig Peterson - America's Leading CyberSecurity Strategist

Did Your Computer Have "Intel Inside"? It Won't For long! We're going to talk a little bit about shopping right now. Then we'll get into our chip crunch, and why Intel is being left on the side of the computer road. [Following is an automated transcript.] [00:00:16] There's lots of fun stuff to do. And it's kind of fun getting out of the house. Isn't it getting out, going out, going around? There's a, an outlet store close by where I live and it's kind of one of these outdoor. Outlet things. And it was fun. Just walking around, enjoying the little bit of fresh air, no matter what the weather...

info_outline
Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? show art Do You Think There's Nothing You Can Do to Keep the Bad Guys Out?

Craig Peterson - America's Leading CyberSecurity Strategist

Do You Think There's Nothing You Can Do to Keep the Bad Guys Out? What a week. The FBI got hacked. Homeland security supposedly is sending out emails about hackers in your network. This is what we're going to talk about to start with today. What are these new emails, and how are they trying to con you? [Automated Transcript Follows] This is a little bit concerning. We know that the FBI's email system got hacked. And for everyone sitting there saying, well, gee, if the FBI gets hacked, there's no way my business can survive an attack. Remember that the FBI is a huge, huge target. They have so...

info_outline
Is Your Firewall Actually Protecting You? What Should You Be Doing? show art Is Your Firewall Actually Protecting You? What Should You Be Doing?

Craig Peterson - America's Leading CyberSecurity Strategist

Is Your Firewall Actually Protecting You? What Should You Be Doing? New stats are out this week. So what's the number one vector of attack against us? Our Firewalls. And they're failing. So, what's going on. And what can you do about it? [Automated transcript follows] [00:00:16] And of course, I'm always talking about cyber security, because if you ask me that is one of the biggest problems we have in business. [00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it's almost impossible to find them in the cyber security space as well. And it's been hard for years. So I try to...

info_outline
You Know How To Use Fake Email Addresses to Stay Safe? show art You Know How To Use Fake Email Addresses to Stay Safe?

Craig Peterson - America's Leading CyberSecurity Strategist

If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had...

info_outline
How Ransomware, Trojanware, and Adware Hurt You show art How Ransomware, Trojanware, and Adware Hurt You

Craig Peterson - America's Leading CyberSecurity Strategist

How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now...

info_outline
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? show art How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

Craig Peterson - America's Leading CyberSecurity Strategist

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New...

info_outline
What Happened With Facebook's Outage? When Will It Happen Again? show art What Happened With Facebook's Outage? When Will It Happen Again?

Craig Peterson - America's Leading CyberSecurity Strategist

What Happened With Facebook's Outage? When Will It Happen Again? Facebook had a huge outage all of its properties. So why did it happen? How did it happen? And what's going to happen in the future? The frankly, some of this technology just isn't that stable. And I'm going to explain why right now! [Automated transcript follows] [00:00:20] I've already talked about it a little bit this morning on the show, but Facebook was. Facebook was down a lot. Facebook too was down a long time. And Mr. Zuckerberg has now lost about $7 billion because of how long it was down. And Craig Peterson joins us now...

info_outline
Could Using the Right Multi-Factor Authentication Save You? show art Could Using the Right Multi-Factor Authentication Save You?

Craig Peterson - America's Leading CyberSecurity Strategist

Could Using the Right Multi-Factor Authentication Save You? I had a good friend who, this week, had his life's work stolen from him. Yeah. And you know what caused it? It was his password. Now, you know what you're supposed to be doing? I'm going to tell you exactly what to do right now. Let's get right down to the whole problem with passwords. I'm going to tell you a little bit about my friend this week. He has been building a business for. Maybe going on 10 years now, and this business relies on advertising. Most companies do so in some way; we need to have new customers. There's always some...

info_outline
Are You Using Encrypted Email Yet? Here's How! show art Are You Using Encrypted Email Yet? Here's How!

Craig Peterson - America's Leading CyberSecurity Strategist

Are You Using Encrypted Email Yet? Here's How! Security emails aren't something that most people think much about. Yet, they're becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff? [Automated transcript] Email is something that's been around now for quite a while. It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email...

info_outline
Do You Know How to Identify a Fake Web Page? - Whole Show show art Do You Know How to Identify a Fake Web Page? - Whole Show

Craig Peterson - America's Leading CyberSecurity Strategist

Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post...

info_outline
 
More Episodes

How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?

We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA.

[Following is an automated transcript]

This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man.

[00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out.

[00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall.

[00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the.

[00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end.

[00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user.

[00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom.

[00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack.

[00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%.

[00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the.

[00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints.

[00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right?

[00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned.

[00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things.

[00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running.

[00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software.

[00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself.

[00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock.

[00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now.

[00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news.

[00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in.

[00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys.

[00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions.

[00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out.

[00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop.

[00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with.

[00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around.

[00:11:25] We'll

[00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message.

[00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are.

[00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall.

[00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from.

[00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay.

[00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know.

[00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found.

[00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years.

[00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff.

[00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine.

[00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information.

[00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay.

[00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera.

[00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network.

[00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised.

[00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about.

[00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment.

[00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured.

[00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military.

[00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with.

[00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this.

[00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around.

[00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from?

[00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at.

[00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush.

[00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state.

[00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%.

[00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's Microsoft digital defense report, and they're highlighting the trends in the nation state threat cyber activity hybrid workforce security. Disinformation and your internet of things, operational technology and supply chain security.

[00:23:35] In other words, the whole gambit before, before all of this, now the data is also showing that the Russian nation state attacks are increasingly effective, calming from about a 21% successful compromise rate last year to 32%. So basically 50% better this year at effectiveness there, Russians are also targeting more government agencies for intelligence gathering.

[00:24:10] So that jumped from 3% of their victims last year to 53%. This. And the Russian nation state actors are primarily targeting guests who us, right? The United States, Ukraine and the United Kingdom. Now this is all according to the Microsoft data. So why has Russia been attacking us? Why is China been attacking us and why the change this.

[00:24:38] Well, Russia has been attacking us primarily to rent some us it's a cash cow for them just like oil and gas. They are making crazy money. Now that president Biden has made us dependent on foreign oil supplies. It's just insanity and even dependent on. Gas coming from other places. Well guess where the number one source of gases now for Europe and oil it's Russia.

[00:25:08] So we are no longer going to be selling to Europe. Russia is so they're going to be making a lot of money off of. But before then they were actually counted on ransomware to help fund the Russian federal government, as well as of course, these Russian oligarchs, these people who are incredibly rich that have a substantial influence on the government.

[00:25:33] Don't if you're wondering who they might be, just think of people like, oh, I don't know. Bill gates and, uh, w who are on the, some of the other big guys, you know, Tim cook, uh, Amazon's Jeff bayzos Elon Musk, right? Those are by my definition and looking it up in the dictionary, they are all a. They get exemptions to laws.

[00:25:58] They get laws passed that, protect them. In fact, most of regulations actually protect these big companies and hurt small companies. So I would call them oligarchs and that's the same sort of thing in Russia in Russia. Okay. They probably have a little bit more underhanded stuff than these guys here do, but that's what Russia has been.

[00:26:21] China has been continually going after our national secrets, national defense, the largest database of DNA of Americans DNA, of course, is that unique key. If you will building block for all of us, that's what DNA is. And the largest database of all of that uniquely identifying information is in. China stole from the office of personnel management records of a federal employees, their secret clearance, all of their background check information who was spoken with, what did they have to say?

[00:27:03] And on and on. So China has been interested in infiltrating our businesses that provide things to the military and the military themselves and the federal state, and even the local governments that's who they've been targeting. And that's why there's 8% number might seem small. Although, as I just mentioned this year, Russia moved, moved dramatically.

[00:27:30] They used to be about 3% of their attacks or against the government agencies. And now it's 53%. So Russia. And China are going after our national secrets and they can use them in a cold war, which as I've said, I think the first shots of the third world war have been fired. And frankly, they're all cyber, it's all online and Russia.

[00:27:57] Isn't the only nation state actor who's changing its approaches here as espionage is the most common goal amongst all nation state groups as of this year. Tivity of hackers reveals different motivations in Iran, which quadrupled its targeting of Israel. Surprise, surprise. Over the last year. And Iran has been launching destructive attacks, things that will destroy power, power plants, et cetera, and North Korea, which is targeting cryptocurrency companies for profit.

[00:28:29] So they're stealing these various crypto coins again, funding their government. So it's, it's a problem. Absolute problem. Government sectors are some of the most targeted 48%. These NGOs non-government organizations that act kind of a quasi government functions and think tanks are 31%. Uh, and Microsoft, by the way, has been alerting customers of nation, state attack, attack attempts.

[00:29:01] Guess how many this year that they had to warn about 20,500 times in the past three years. So that's a lot and Microsoft is not a company that's been out there at the front lines. It never has been it's in behind. So to have them come out and say, this is. And okay, by the way, your stolen username and password run for a buck per thousand, and it's only gonna take you hundreds of hours to get it all cleared up.

[00:29:32] Isn't that nice spear fishing for a hire can cost a hundred to a thousand dollars per successful account takeover and denial of service attacks are cheap from protected sites, roughly $300. Per month. And if you want to be ransomware king, it's only going to cost you 66 bucks upfront 30% of the profit.

[00:29:54] Okay. Craziness. Hey, visit me online. Sign up Craig, peter.com/subscribe.

[00:30:03] I had an interesting mastermind meeting this week. There's six of us. We're all business owners and it opened my eyes pretty dramatically because one of the members got hacked, but that's not what I really want to emphasize.

[00:30:20] This whole cybersecurity thing gets pretty complicated, pretty quickly. And a friend of mine who is in one of my mastermind groups had a real problem. And the here's here's what went on. We'll call him Walt for back of a letter, lack of a better name since that is his name.

[00:30:40] And he doesn't mind me sharing this with you. Walt has a very small business that he and his wife run, and they have a couple of contractors that help out with some things, but his business is very reliant on advertising and primarily what he does is Facebook advertising. Now I've been talking for two years, I think in this mastermind group about cyber security and the fact that everyone needs good cyber security.

[00:31:13] And he always just kind of pole hum to, uh, wow. You know, and it's just too complicated for me. I got to thinking for a, you know, a bit, really a few weeks, what does he mean to complicated? Cause there's some basic things you can do. So this week on Tuesday, I was on our mastermind groups meeting and I explained, okay, so here's what happened to Walt.

[00:31:42] He had $40,000 stolen, which by the way, it's a lot of money for a teeny tiny husband wife company. And. Uh, well, here's what we did. He, we helped them. We got the FBI involved and, you know, with our direct ties, cause we work with them on certain types of cases and he got back every dime, which is just totally unheard of.

[00:32:06] But um, without going into all of the details there, I spent a problem. 1520 minutes with the whole group and the mastermind explaining the basics of cyber security. And that really kind of woke me up, frankly, because of their responses. Now these are all small business owners and so they're making pretty decent money.

[00:32:31] In fact, every one of them and they all have some contractors and some employees all except for Walt and his wife, they had just have contractors and. I had two completely different responses from two members of this group that no. Let me tell you this was really eye opening for me. And this is why you might've heard me in the first segment talking about this, but this is why I have really changed my view of this stuff, this cybersecurity stuff, because I explained.

[00:33:08] If you're using things like Norton antivirus or McAfee, antivirus, or really any of them, even the built-in Microsoft defender this year, those standard antivirus system. I have only been able to catch about 30% of the malware out there, 30%, you know, that's like having a house and you've got a security guard posted out front.

[00:33:39] He's armed, he's ready to fight. And yet all of your windows are open and all of your doors are unlocked. And all someone has to do is crawl in the side window because that guy that's posted up front, he's not going to be able to stop. So 30% effectiveness. And of course, Walt had all of the basic stuff.

[00:33:59] He thought he was good enough. It's not worth spending time or money doing any of this. And of course it turned out to be well worth the time and money if he had done it. But he has a friend who has contacts and, and made things happen for him. So I guess he's kind of, kind of lucky in that regard, but I explained that and I said, do you know the, the way you.

[00:34:21] To go. If you're a small business, it's about $997 a month for a small business, with a handful of employees to get the type of security you really need. There's going to catch. 90 something 98%. Maybe if, if things go well of the stuff going on, in other words, you don't just have an armed guard at the front door.

[00:34:46] You've got all the windows closed and blocked and the doors closed and locked as well. So yeah, somebody can still get in, but they got to really want to get in and risk getting caught. So that's kind of the analogy that I used now. One of the members of my. Of my mastermind thought, well, okay. Cause you're just being Frank with me.

[00:35:09] Right? We're all friends. She said, well, initially I thought, oh Craig, I'm going to have to have you help out with stuff here. Cause my, you know, I'm concerned about my security. I make some good money. Uh, she's the one that has employee. She has a million dollar plus a year business and she wants to keep it safe.

[00:35:26] But then she. Uh, you know, but, but you know, you were talking about all of this Norton and stuff and that it doesn't work. So I, I just, I don't have any hope. And that's when the another member jumped in and this other member said, well, Uh, oh, that's not what I got at all. I got the, the normal off the shelf stuff that you buy that you're going to get from Amazon, or you're going to get from PC connection or wherever that stuff is not going to work, but there is stuff that does, but it's only professional stuff.

[00:36:02] You can only get it from professionals that are trained in certified. Which is the right message. Right. That was the message I was trying to relay. Yeah. Don't try and do it yourself because you can't even get the right tools that you need. That is frankly a problem. So that really got me to think. In, in a very big way, because here are two people that have heard me talk about cybersecurity and their eyes probably glazed over, but now their eyes, I know at least one of these ladies definitely glazed over.

[00:36:36] So I've come to the realization that sometimes I. A little too deep into things. And although I can explain it quite well to many people, sometimes people glaze over and I get emails from you guys saying kind of the same thing. I really appreciate it. I don't understand a lot of what you're saying, Craig, but thanks for being there.

[00:36:59] Listen to you every week here on the radio. Uh, then that's good. That's reassuring, but now I've come to realize a few things. One is. The I've got to be a lot clearer in my messaging, because even when talking to my friends, it is a little bit overwhelming for them sometimes. Right. And then the next thing is everybody needs help because you're being lied to.

[00:37:29] Right. How are people getting ransomware? If the stuff that they're buying work. Maybe it's just me, but I think there's a disconnect there. So a lot of you guys have gone out and you've hired people and I want to spend just a few minutes right now, going through some red flags that you need to be looking out for in vendor security assessment.

[00:37:56] Now I'm putting one together. As well, right yet another one. Uh, and what I'm trying to do is help you out, right? This is not as sales tool. It is trying to help you figure out where you're at. I'm putting together a webinar that I'm going to be holding these what I'm calling bootcamps, where I go through and show you exactly how to do the basic steps that you need to do in order to be safe on.

[00:38:25] Okay. If an online, all that means is your, is plugged in, right. Okay. It doesn't mean you're going out and doing a lot of stuff out there on the internet just means it's connected. So those are going to be coming out. I will send an email out as soon as all of that. Stuff's ready. Cause. Absolutely free. And these assessments, I have the basic one that you can do yourself.

[00:38:47] It's a self-assessment. And then I have the more advanced ones that I do that are five grand. Okay. So you've got to be a decent sized business for this to make sense where we look for all of the security problem. On all of your computers and your networks, and then give you a list of things you need to do and how to do them.

[00:39:10] Okay. So it's well worth it for them, but if you're a very small company and you're trying to do some of this yourself, I want to help you. So that's what these boot camps are going to be all over. And also what the scorecard is going to be all about. So that's coming up, but here are some good red flags and an assessment.

[00:39:30] I found this again on dark reading. This is kind of an insider website for those of us in the cybersecurity business, but, um, How can you verify the information that vendors are giving you about their own cybersecurity posture? We've heard in the news and I've talked about them all year, this year, and for years past.

[00:39:56] That are we're vendors can be our worst nightmare because some of these hacks come in through our vendors. So you've got yourself, a cybersecurity company. How do you know if they are really telling you the truth? And man, is that hard for you to know? Right. You're going to ask him questions and the salesmen are going to say, oh yeah, yeah, yeah.

[00:40:21] That's why we don't have salesmen. Right. We have engineers. You talk to me, you might talk to my son or my daughter, people who have been doing this with me, who I have trained and helped out. So this guy who wrote the article and there's this on attributed, I don't see an attribution on here on this page.

[00:40:41] I definitely want to give him, probably I heard is John Babinec wrote this thing and he is a principle threat hunters. What he calls himself over at net and rich. So he says, here's what you got to do. And if you're trying to be cost-effective, he puts it in. What I call an ed month clause. And one of these days I'll tell you that story, but he calls it a validity check question so that an honest vendor would tell you, no, they don't do X and give you a good reason why they don't like it's not cost effective.

[00:41:17] It's outside of a reasonable risk model. Does that make sense to you? So when you're trying to evaluate a vendor, who's going to be doing your cyber security put in one of these validity checks put in one of these questions. It doesn't really matter to you, but it's something that would be very hard for one of these cybersecurity companies to do.

[00:41:42] And maybe it doesn't fit the risk model that you have. I think it's just absolutely brilliant. Probably one of the better ways when you're trying to evaluate an MSSP as cybersecurity managed or otherwise provider stick in something like that. So you have a red flag that just stands out for you. All right.

[00:42:04] Make sure you are registered online. Craig Peter sohn.com/subscribe. So you can find out about all of these trainings coming up.

[00:42:17] If you've never heard of the Carrington event, I really hope, frankly, I really, really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the Sun.

[00:42:34] Solar storms are something that happens really kind of all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle.

[00:42:59] You see what happens is that the sun charges, the atmosphere. You see that if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and kind of getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get.

[00:43:24] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the battle. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago.

[00:43:47] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are.

[00:44:20] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change.

[00:44:49] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth, long, long.

[00:45:15] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. If there's other things too, for instance, eruption can spew all to hold a lot of carbon dioxide.

[00:45:40] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, uh, you know, come on, people. Really, and now we're seeing that in, uh, this last year we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls.

[00:46:12] Uh, we also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020.

[00:46:34] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Well, something called a coronal mass ejection. This is seriously charged particles. That tend to be very, very directional. So when, when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere.

[00:47:02] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very, very close shave that we had most newspapers didn't mention it, but this could have been.

[00:47:33] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these, these solar flares, if you will, are very, very extreme, they CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere.

[00:48:02] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this call back, uh, hit with an E and yeah, here we go. And March 13th, 1989.

[00:48:33] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is, uh, looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes.

[00:48:57] Of this solar storm. Now they, these storms that I said are quite directional, depending on where it hits and when it hits things can get very, very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cue. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the equals.

[00:49:35] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this, this 11 year cycle and possibly another bigger cycle too, that we don't really know much about.

[00:50:07] But when this hit us back in the 1850s, what we saw was a, uh, a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that.

[00:50:34] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here, knocked out Quebec, uh, electric. Nine hour blackout on Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale.

[00:51:13] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that that would be just terrible and we would also lose internet connectivity.

[00:51:39] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power.

[00:52:07] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass.

[00:52:32] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components.

[00:52:59] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared, everything. Of course, you're listening to Craig Peterson, cybersecurity strategist.

[00:53:28] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes.

[00:53:39] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go.

[00:53:55] Google's web browser. Right? It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people kind of leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really, really bad and they have finally completely and totally shot it in the head.

[00:54:29] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded.

[00:54:52] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome.

[00:55:22] Is they released it so they could track you, how does Google make its money? Well, it makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is kind of a standard browser, which is a great.

[00:55:43] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. Well, there is what is being called here in Forbes magazine, a shocking new tracking admission from.

[00:56:05] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely.

[00:56:31] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use. The reality is the Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your.

[00:57:09] Well, that's not true with Chrome. In fact, it's not protecting you from tracking and Dave up data harvesting. And what Google has done is they've said, okay, well, we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically.

[00:57:34] You they'd be able to put you in a bucket. So they'd say, okay, well you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you like dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you.

[00:58:04] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. Well, it's the same thing. Right. And in fact, it's easier for Google to put you in a bucket then to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you.

[00:58:28] It's easier for them to not have to kind of reverse engineer all of the data the Google has gathered in instead of. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding.

[00:58:54] It's really what's going on out there. Uh, they are trying to figure out what they should do, why they should do it, how they should do it, but it's, it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time.

[00:59:16] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, right. Nobody agrees on everything. Here's a quote from them.

[00:59:38] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Uh, Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being.

[01:00:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No, no. The answer is 100% of what you do is probably being tracked in some way online.

[01:00:41] Even these VPN servers and systems that say that they don't do log. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking, uh, guess what they handed over the IP addresses of some of the users to a foreign government.

[01:01:10] So how can you do that? If you're not logging, if you're not tracking. Yeah, right. They are. And the same thing is true for every paid VPN service I can think of. Right. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy and.

[01:01:38] Their flagship browser is totally into it. Right? Well, it's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, you know, the buckets that I mentioned, isn't realistic, frankly. Uh, Google's privacy sandbox is supposed to Fitbit fix it.

[01:02:00] I should say. The, the whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google's not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others.

[01:02:27] I do use Firefox and I use. Which is a fast web browser, that some pretty good shape. Hey, if you sign up for my show's weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using.

[01:02:52] Sign up right now. Craig peterson.com.

[01:02:57] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers again.

[01:03:14] The reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering.

[01:03:23] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time.

[01:03:51] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are.

[01:04:17] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or a windows or tablet, whatever, and you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files.

[01:04:47] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that. Not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can, we can document that pretty easily, even in things like Microsoft.

[01:05:18] Well, the verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you, uh, yeah. I'm I'm I might've misspoken. Right. Uh, let me see, what does it say? It says, um, users of Azure cloud competing service.

[01:05:48] So that's their cloud. Microsoft's big cloud. Okay. Um, their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that sort of exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customers data.

[01:06:24] Completely exposed. Okay guys. So this, this, this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, right. Nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB.

[01:06:59] Okay. Well, I'm actually familiar with that one and let's see what small companies let's see here. Um, some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Hmm. Let me see. Could any of these people like maybe, maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, right.

[01:07:26] About our health and social security numbers and account numbers and credit cards. Names addresses. Right, right. That's again, why I got so upset when these places absolutely insist on taking my social security number, right? It, it, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security.

[01:07:53] And the law even said it could not be used for anything other than social security. And then the government started expanding it. Right. And the IRS started using it. To track all of our income and you know, that's one thing right there, the government computers, they gotta be secure. Right. All of these breaches we hear about that.

[01:08:12] Can't be true. Uh, so how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead.

[01:08:36] That's being used to track me. Is it this isn't a socialist country like China is, or the Soviet union was right. It's not socially. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information?

[01:09:00] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, I guess. You missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private.

[01:09:35] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys?

[01:09:54] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database, uh, 3,300 customers looks like some of them are actually kind of big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that that might be yeah, yeah, yeah, yeah.

[01:10:22] Y. Why are we trusting these companies? You know it, if you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also, if, if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information.

[01:10:52] Does that make sense too? Did I say that right? You don't need the information and, and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers.

[01:11:16] And maybe, maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Um, yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through, uh, this database hack or a vulnerability anyways.

[01:11:47] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time, uh, consumers are the people I help the most, you know, I wish I got a dime for every time I answered a question.

[01:12:09] Just email [email protected] [email protected] and stick around.

[01:12:18] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. Uh, there are some other parts of the world that are doing a lot more.

[01:12:34] Australia has, I don't know. I think that they went over the deep end. The much, the same thing is true right next door to them.

[01:12:45] And I am looking at a report of what they are doing with this new app. Uh, you might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. Uh, it wasn't terribly successful. Some states put some things in place.

[01:13:13] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? So, you know, good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown.

[01:13:39] They have COVID quarantine orders. Now I think if you are sick, you should stay on. I've always felt that I, you know, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home.

[01:14:04] You don't want to get everybody else in the office, sick and spread things around. Right. Doesn't that just kind of make sense. Well, they now in Australia, don't trust people to stay home, to get moving. Remember China, they were, they were taking welders and we're going into apartments in anybody that tested positive.

[01:14:22] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada.

[01:14:47] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the course now inflated prices for the hotel, because they're a special quarantine hotel.

[01:15:14] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you know, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you and. They have pretty hefty find.

[01:15:36] Well, what Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location.

[01:16:15] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check.

[01:16:43] Very very intrusive. Okay. Here's another one. This is a, an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic.

[01:17:10] So there you go. People nothing to worry about. It's just a trial. Uh, it will go away. Uh, just like, uh, for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. Right. And we all know that world war one isn't over yet.

[01:17:34] Right. So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has, uh, China and Russia have some interesting things going on.

[01:17:55] First of all, Russia is no longer saw. Country, they kind of are. They kind of aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics.

[01:18:23] Not so much on history, not so much on, on politics. Right. But definitely heavy on the, on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. Well, according to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays.

[01:18:53] Okay. So basically what they're doing, I reverse that what they're doing is they're only allowing the kids three hours of gaming per week. In other words, they can play between eight and 9:00 PM, Friday, Saturday, and Sundays. I think that might overload some gaming servers. Coke gaming addiction has affected studies and normal lives.

[01:19:13] And many parents have become miserable. That's China's press and public administration. Sedna state. Okay. Um, there's going to be some relief during the school holidays. Children will be allowed 60 minutes per day for gaming, uh, hard to say how China plans didn't force it, but they have their ways, right.

[01:19:35] Uh, identity cards. By the way required for playing online. They've got a facial recognition system introduced in July by 10 cent. Remember all of the uproar around 10 cent and their apps and president Trump trying to get them blocked here in the U S well, yeah, there you go. Facial recognition bill right into the app, and it's proven effective at catching children pretending to be adults in order to get around government gaming curves.

[01:20:05] So this goes on and on and, and Korea as well, South Korea has had some very big problems. You might remember it was headlines just a few years ago of some of these south Korean kids dying because they were playing video games for days straight with no sleep, no real food. Right. Just taking all of these so-called energy.

[01:20:31] And will literally gave me in themselves to death. So South Korea passed a law that prevented young people from playing online video games late at night. So that was introduced back in 2011 and it's targeted at players 16 around. And south Korean miners were prevented from playing online PC games between midnight and six, 8:00 AM.

[01:20:57] Now South Korea has scrapped that law. Interesting. So they're saying it's out of respect for younger citizens, right? They're going to abolish this law, replace it by. Permit system that allows players to request a permit per game and play during self-assigned hours that their parents will sign off on.

[01:21:21] This is in an article from GameSpot, by the way, a gamespot.com. You might remember them too, the whole Robin hood scandal. But, uh, I think it's an interesting question. When my kids were young lo those many years ago, I got this box that the, you took the TV wire, you ran it into the box and you could program.

[01:21:47] So that each kid had their own code and you could specify how much time the kid could watch TV or how much time or, or when they could watch TV and how much time cumulative the kids could have. And it actually worked pretty well. And the kids certainly complained a lot about it. And a couple of them tried to work the way around it kind of hard to when the plug is inside the box, but.

[01:22:13] Yeah, ingenuity as they are. They, they were able to do that. They cut the wire off and put a, another power connector on the end of the TV wire. Anyhow, uh, Microsoft, we've been talking about them a lot. This show. I do not like Microsoft, you know, that already the windows 11 is coming out and we talked about.

[01:22:37] Before, because windows 11 is plying. Microsoft is planning on requiring you to have a very modern computer. You need to have a TPM in it, which is this special security module. You need to have a certain speed, et cetera, but the TPM is a big thing. That's going to make it. So most of your computers won't work.

[01:23:03] Tons of pushback on that. I can see what Microsoft is trying to do it. They really would love to have a clean operating system that really wasn't getting hacked all the time. Right. And this will help it won't solve their problem, but it will help. So that they're going to be doing now is they're going to over the course of months, starting October 5th.

[01:23:28] They're going to release windows 11 to certain people, kind of one at a time type approach. So they're not going to force everyone to upgrade. They're not going to offer it to everyone. And Microsoft is going to offer a preview of the Android apps in the Microsoft store for windows insiders in the months ahead.

[01:23:52] But they're planning on having a phased rollout through winter. Date, and you're not going to see it most likely when it starts to roll out, but you will be seen and to end with the stringent system requirement, apparently what they're going to do is not auto update your computer if it's not new enough.

[01:24:13] And if it doesn't have a TPM, but you can manually install windows 11, at least that's what they're doing right now. Well, that's it for today. We had some more stuff I didn't get to, but we always have more every week. And I try to keep you up to date. We do trainings, visit me online so you can find out about all of this stuff.

[01:24:35] The trainings, most of them are absolutely free. Craig peterson.com/subscribe. Craig peterson.com.