How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why?
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's...