Fortunately GlassWire 2.1.158 now detects RDP connections in real-time. Just install GlassWire’s latest version, then GlassWire will alert you instantly if your PC is connected to remotely.
If you don’t plan to use RDP on your PC or server you can also disable it. Go to the search bar in Windows and look for “remote settings” then open the window. Remote desktop should be switched to “off” if you aren’t using this feature.
If you do have to use RDP and have no choice UC Berkley has a list of best practices on how to secure RDP. Also, go to the top left GlassWire menu and choose settings/security to turn this RDP connection feature on, or off.
Did you know there is a type of hacking that can take over an entire website without encountering it directly?
DNS hijacking is dangerous because it can siphon your visitors, incoming emails, and other services before they reach your network.
DNS stands for “Domain Name System”. A good way to think about a DNS is like an online phone book, or collection of phone books. The DNS essentially provides a series of tools a browser checks, before it finally reveals the location of the server that hosts the website the user seeks to visit.
In other words, DNS is your name in the massive universe that is the Internet. It helps people find you.
How DNS Hijacking Works
DNS hijacking can subvert the resolution of Domain Name System (DNS) queries. It is often done by using malware to override a computer’s TCP/IP configuration. Then, it redirects the rogue DNS server to the control of a cyber attacker.
Another method of DNS hijacking is to modify the behavior of a trusted DNS server which then makes it not comply with internet standards.
DNS hijacking is used for both malicious purposes, such as phishing and spear phishing, or for self-serving purposes of the ISP (internet service provider) and public router-based online DNS server providers.
When used for malicious purposes, hackers can travel upstream in the digital lines of communication to build false entries, which then point visitors intending to visit a website to a false destination.
While a website typically identifies a website by its .com or .net address, the DNS must also translate the fully qualified domain name into an IP address. During this exchange of information, redirects can harm a website.
How to Protect Yourself from DNS Hijacks
Part of the problem with DNS hijacking is the hacking attempt is often difficult to detect, then combat. This type of hijacking has witnessed a bit of a reemergence of late which is unfortunate as many thought it was a thing of the past.
● Installing the updates and security patches as soon as they become available.
● Avoiding clicking on suspicious links in emails or on social media.
● Avoiding sending or receiving personal information on public Wi-Fi.
● Leaving websites immediately that seem untrustworthy.
● Exercising caution with Wi-Fi networks that don’t start with a terms of service before browsing the web.
Furthermore, one can protect their router by making sure the default admin username and password for the router is changed.
Improve Your DNS Security
Though some of the more basic forms of DNS hijacking are avoidable, there are other kinds that are more difficult to detect. For example, there is little you can do about a website that becomes compromised.
Consequently, there are additional measures you can take to protect your personal information. It includes the ability to implement Domain Name System Security Extensions (DNSSEC) on all your devices.
The security program allows domain owners to monitor traffic on their own domains, and therefore check for suspicious activity. A DNSSEC also presents control over registering domain zones and enabling DNS resolvers.
Change the DNS Server
Another security measure is to change the default DNS server. Computers and routers, by default, connect to the global DNS service related to the local internet service provider (ISP). A third-party DNS server, meanwhile, can take over responsibilities for routing.
Google DNS and OpenDNS are two third-party DNS routing providers, and free of charge to use. If you select another alternative make sure it is from a reputable company or nonprofit organization, because allowing control to the wrong DNS server could actually expose you to more threats, not fewer.
How do you protect mobile devices? Have you ever considered anything like a Firewall for your Android device? This should be a first line of defense any time you go online.
Virtual Private Networks (VPNs) are software applications that encrypt web traffic, keeping your data private when connected to a network. The VPN connection takes place through an encrypted “tunnel” to ensure secure web browsing, and helps with DNS hijacking protection.
A VPN serves as a tunnel between your ISP and the host, where the information between the two endpoints cannot get hacked or stolen. A VPN is similar to third-party DNS providers.
A word of caution: not all commercial VPNs are created equal. The unfortunate misconception is that they’re all the same, but some VPNs are more effective than others. The best VPNs should have stellar reputation (which is easily discoverable online with a little searching), definitive no-logging policy, and no trace of government ties or state ownership. You should also remain aware that some VPN providers will log your browsing habits, filter network traffic, and block certain websites.
OpenVPN has one of the better reputations on the market. L2TP/IPSec is another common configuration that some invest in. There are other ways you can stop recording network activity.
Cross-Site Scripting (XSS)
When a local network gets infiltrated there are several noticeable differences. Web pages will load slower, and have a different looking presentation. It may even include replacing a popular website, such as Amazon or Google, with a fake, look-alike page.
Along with DNS hijacking, cross-site scripting (XSS) is another type of attack that is common with DNS hijacking. XSS enables criminals to obtain private information through a web browsing session.
Therefore, vigilance is crucial. Users should remain mindful of what URL the browser is pointing toward. If the domain portion of the address (which contains .net, or .com) looks unfamiliar then you need to immediately shut down the browser and double check the DNS settings.
A Final Thought
Lastly, you can get further confirmation that the website is legitimate by making sure it has a valid secure sockets layer (SSL) certificate. The SSL is indicated by the green “lock” icon in the address bar. Never enter personal information or credit card numbers to a website missing an SSL.
Are you a victim of this data hog? Sam Bocetta puts the word out about a new type of data hog and how to spot it. Sam Bocetta is a former naval contractor and security analyst. He’s now (mostly) retired and spends his days reading the classics and fly fishing with his grandkids. Sam can be reached on Linkedin: https://www.linkedin.com/in/sambocetta/
The Ultimate Secret Data Hog – Cryptomining Malware Malware development, like many non-malicious types of software, is subject to certain trends that are impacted by a variety of external factors outside the tech industry.
Ransomware, for example, was the cyber bogeyman of 2017 and 2018 for the following reasons:
Spectacular attacks on high-value targets.
News media headlines.
The modernization of traditional crimes such as hijacking, extortion and ransom.
Availability of leaked cyber warfare weapons and techniques developed by American intelligence agencies.
The use of cryptocurrencies to deliver ransom payments.
In early 2019, ransomware has thankfully lost some of its shine thanks
to law enforcement intervention, prosecution and reaction by the
information security community; in other words, this particular malware
threat is on a downtrend cycle.
As can be expected, a new threat has emerged to take ransomware’s spot
on the malware scoreboard, and it goes by the names of cryptojacking or
crypto mining malware.
Speaking of IT trends, let’s talk about Bitcoin trading: despite
cryptocurrencies having endured more than a year of bear market
conditions, they are still being bought, sold, exchanged, and mined for
In the case of Bitcoin, the most valuable digital currency in the world,
the market cap of $60 billion is sizable enough to ignore that it has
plunged from an all-time high near $20,000 in late 2017 to around $3,500
and lower in early 2019. Some investors remain hopeful that a rally
similar to the one experienced in 2017 could materialize this year, and
miners are holding even greater hopes.
As volatile as the cryptocurrency markets are, they present significant
opportunities for profit, especially for those who engage in mining of
tokens. In essence, mining entails putting considerable processing power
and bandwidth to work on behalf of the blockchain that supports
cryptocurrencies such as Bitcoin, Ethereum, Monero, Stellar, and many
The blockchain is a decentralized and distributed ledger where
transactions are verified and cleared through very complex cryptographic
calculation; miners who perform this service can present the blockchain
with “proof-of-work” performed in exchange for the potential of earning
a few tokens.
Cryptocurrency mining is not a “get rich quick” scheme by any means.
With valuable tokens such as bitcoin, the barriers to entry include
powerful hardware with efficient cooling systems,
electricity, and broadband connections. These factors are combined into
rigs that feature plenty of hash power and are fully dedicated to
blockchain mining work.
It should be noted that hash power can be distributed in a manner
somewhat similar to the distributed ledger of blockchain networks, which
means that a single computing device can generate some hash power to
contribute towards a mining operation.
IMAGE: Mining Rig
In the early days of Bitcoin mining, some individuals were able to mine a
few tokens by means of running mining software on their laptops; once
greed kicked in and blockchain transactions became increasingly
difficult because of market volatility, mining cartels emerged.
By the time malicious hackers and cybercrime groups latched onto digital currencies, the development of cryptojacking
was imminent. With cryptojacking, hackers inject malicious code into
computing devices for the purpose of stealing hash power, meaning
processing power, bandwidth and electricity, all with the goal of
surreptitiously mining tokens.
Bitcoin is not a popular cryptocurrency among cryptojacking attackers; privacy tokens such as Cardano and Monero are preferred.
How Cryptojacking Malware Works
To a certain extent, crypto mining malware shares many of the
characteristics of legacy spyware in the sense that injection may take
place through click-and-bait strategies or Trojan horse attacks; in
other words, victims often believed that they were installing software
or executing code that was not malicious.
In some cases, remote code injection of cryptojacking malware may be
conducted through old-school network intrusion, which is often a more
sophisticated and aggressive approach since it may involve defeating a
The most common types of cryptojacking target personal computing devices
such as desktops, laptops, tablets, and smartphones. It is not
unreasonable to think that smart home appliances like the Samsung Family
Hub refrigerators could be next since they are equipped with a
motherboard running Android and many connectivity services. These
devices can be infected with in-script cryptojacking code or through
As can be expected, cryptojacking attacks against business targets tend
to be more powerful while at the same time being stealthier. A
sophisticated cybercrime group targeting office networks or enterprise
data centers may forego browser extensions and go with rootkits, remote
code execution, and virtual machine hijacking. The most trailblazing and
brazen attacks may utilize social engineering to gain credentials and set up fake intranet pages.
Once installed, cryptojacking malware will transform GPU and CPU
resources into hash power to conduct transaction verification. According
to a report published by a respected information security firm, 37
percent of corporate networks were impacted by cryptojacking activity in 2018.
More than 20 percent of business IT security departments are detecting
cryptojacking attempts on a weekly basis. Companies that implement
“bring your own device” policies are at greater risk.
The first line of defense against cryptojacking involves monitoring network connections between devices and the internet.
Network monitoring is a security strategy widely used in the enterprise world, but it is also available on a personal computing level with smart firewall apps that notify users of suspicious activity, intrusions, high CPU usage, and unusual data. It is important to note that cryptojacking crews will not ignore mobile devices since they are powerful enough to generate hash power and contribute to their wicked trade.
Aside from monitoring and detection, cryptojacking can also be prevented with safe computing practices such as the use of virtual private networking technology. It is not unreasonable to think of public Wi-Fi hotspots being taken over by hackers for the purpose of distributing mining malware.
To this effect, always protect your computer by using standard security measures when accessing public networks: firewall protection (such as GlassWire), antivirus scanners, and any no-logging VPN service. This is especially when connecting to an enterprise network using your personal computing device, so as to avoid exposing the entire network to remote attack.