By BONNIE J. GORDON
Los Alamos Daily Post
bjgordon@ladailypost.com
Attack Research of Los Alamos may have a scary name and a scary logo featuring a jackal, but don’t worry, these cyber experts are wearing the white hats.
Zac Hogan, a security technician at Attack Research, gave a presentation at the Los Alamos Chamber of Commerce Business Breakfast via Zoom Feb. 17 on how businesses and individuals can avoid cyberattacks and keep their data safe. Attack Research Principal Researcher David Sayre also was on hand to field questions.
“We research all types of attacks and we even come up with new ones,” Hogan said. “We are on the lookout in our personal lives as well as business.”
Types of cybercrime include the following, he said.
- Phishing Emails
- Virus Dissemination
- Cyber Extortion
- Identity Theft
- Credit Card Fraud
- Who are hackers and why might they target you?
“The hacking world is filled with curiosity seekers as well as black hat actors who mean harm,” Hogan said. “No matter what the intention, a hack is still an attack. Money is the motivation for most bad actors, but people also hack for other reasons, such as notoriety, competition with other hackers, political motivations and just to see if they can do it.”
Hogan outlined the types of cyberattacks businesses or individuals might encounter.
Phishing: These are usually emails such as the famous money requests from African princes, but they can be much more sophisticated, Hogan said. He gave an example of tricky links that promise rewards for clicking and phony notices from the IRS or a company one does business with such as Amazon.
“Think before you click!” Hogan reminded the audience.
Malware: Malware is intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms and Trojan viruses.
Ransomware: Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. School districts in New Mexico have recently been targeted by this form of cyberattack. The Albuquerque schools were attacked in January, causing schools to be closed for two days. Following simple rules, like keeping your computer and software up to date are one way to avoid ransomware attacks. Watch out for phishing schemes and don’t download apps that might be dodgy, Hogan said.
Password Attack: Start by eliminating rookie mistakes like putting your password on a sticky note on your screen where anyone walking by can see it, Hogan said.
“I’ve seen some really bad passwords,” he said. “I’ve seen people use 1,2,3,4,5,6 or their email address. Practice good password hygiene. Don’t use the same one over and over. Don’t use things that might be picked up from social media like your pet’s name or kid’s birthday.”
Hogan advised using auto-generated passwords and storing passwords in a password “vault”. A vault is a service provided by password management companies where passwords can be safely stored. But don’t forget to memorize your vault password, Hogan said. Using two-factor authentication where you verify your password with a code in an email or text is another safeguard.
“If the worst happens, you’ll be okay if you’re prepared with a disaster plan,” Hogan said. “Backups, backups, backups are key. It’s safest to have multiple backups, physical and in the cloud. Switch to spare equipment while you rebuild.”
“How often you back up depends on how often your data changes,” Sayre said. “It may be once a day or once an hour. Personal data probably doesn’t need backups so often.”
When asked about phishing schemes, Sayre said that one trick hackers employ is using services to make emails look like they are coming from a trusted source. Another is to disguise executable files as folder icons.
“Watch out for times of day when you’re tired and less aware,” Sayre warned. “Never send passwords or account information by email and never trust links to log into your account!”
Visit Attack Research online at attackresearch.com.
