Cybersecurity in the News with Graham Cluley

Twenty years ago, cybersecurity was something that only nerds talked about. Now cybersecurity has gone mainstream. Listen in as we talk about common scams, the recent Twitter hack, and organized crime with Graham Cluley from The Smashing Security Podcast.

Graham Cluley has been working in the computer security industry since the early 1990's. He was in senior roles with Sophos and McAfee. In 2011, he was inducted into the Infosecurity Europe Hall of Fame. Graham runs his own award-winning computer security blog and hosts the Smashing Security Podcast which has been a successful cybersecurity podcast since 2016.

Join us as we discuss cybersecurity threats both past and present and learn more about how to protect yourself, your business, and your loved ones.

Show Notes:

• [1:00] - Graham shares how he started in the cybersecurity business as a poor college student who created Shareware games. Someone sent him a package with a job offer with an anti-virus company.
• [2:46] - When Graham began working, there were about 200 new computer viruses per month and had to send out anti-virus updates through the mail on a floppy disk.
• [3:27] - Today there are literally hundreds of thousands of new pieces of malware being written everyday. In the blink of an eye there's more than one new piece of malware released.
• [4:01] - We see much more organized crime and state sponsored cybercrime these days.
• [5:59] - Back in the day, hackers tended to be young people writing malware to show off. But now, malware is harder to detect because they don't want to be detected.
• [7:45] - Graham shares a story about The New York Times being targeted and hacked. Hackers were able to see articles and information as they were being drafted, including information on secret informants.
• [9:05] - Don't be too complacent and assume that you won't ever be targeted due to lack of interest in your company. Hackers may not be interested in your company, but may be interested in your suppliers or customers.
• [10:35] - Business email compromise scams are when hackers get into a business email account and can see correspondence. They then can jump into the thread and can pose as an employee or contractor to receive funds. Businesses have lost millions to this scam.
• [11:50] - You can have all the defenses in place, all the layers of security, and all the patches in place, but you can't patch the human brain.
• [13:40] - Email compromise scams are very simple but successful and a huge threat.
• [14:51] - Have a procedure set up where it is okay to say no to senior management so when a scam email comes through suggesting a break to a rule, an employee can say no and avoid a problem.
• [16:31] - Graham and Chris discuss the recent bitcoin Twitter hack, which included big name accounts like Barack Obama and Bill Gates.
• [18:39] - The Twitter hackers social engineered people by emailing them posing as a Twitter IT department member. They convinced them to type their information into a fake site that appeared to be Twitter and while doing so, the hackers gained access to their real accounts.
• [20:19] - Similar to the recent Twitter hacks, scammers have been known to pose as your bank and gain access to your accounts.
• [22:28] - The saddest part about cybercrime is the effect it has had on average people becoming petrified of learning new technology.
• [23:44] - Graham recommends products like iPads or Chromebooks for basic computer use because they are more locked down. Although there are still risks, these are great options.
• [25:21] - Because of new Covid-19 websites, anti-virus companies were being notified of suspicious behavior because the websites were so new.
• [27:32] - Short Twitter names are more likely to be targeted than the more difficult long ones.
• [28:48] - Graham explains the problem of organized cybercrime that produces targeted attacks through malware designed to steal data from their targeted company.
• [30:32] - Garmin was targeted by an organized cybercrime entity called Evil Corp and they were ransomed for ten million dollars.
• [32:05] - Evil Corp is led by Maksim V. Yakubets in Russia.
• [35:40] - VPN companies can be created and run by organized cybercrime entities.
• [36:31] - There are situations where using a VPN is fine, such as using one to access streaming content.
• [38:40] - If you're in your home and you trust your internet service provider, you won't need to use a VPN.
• [39:33] - Graham says to stay abreast of security news and listen to Smashing Security. It is a lighthearted take on cybersecurity.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Graham Cluley Web Page
• Smashing Security Podcast
• Graham Cluley on Twitter
• Graham Cluley on YouTube
• Graham Cluley - Naked Security by Sophos
• Infosecurity Europe Hall of Fame