Tips

Have you received this new type of RDP (remote desktop) blackmail email?

Did you receive this threatening email?

Recently a member of our team found a threatening message in her personal email account spam folder.

The email said:

“I installed a software on the adult videos (pornographic material) web-site and do you know what, you visited this website to have fun (you know what I mean).  While you were viewing videos, your web browser began working as a Remote Desktop that has a keylogger which gave me accessibility to your display and also cam.”

The scammer then asks for payment via Bitcoin to avoid posting of an embarrassing video.

KrebsonSecurity reports that this type of sextortion email can seem realistic because the sender will sometimes use a real password that you may have used in the past on one of your email accounts.

But how did they get a legitimate email address and password if the threat isn’t real? 

It appears the scammer finds emails/passwords related to different recent data breaches, then sends the password associated with the email and the data breach.

For example, if your email address was part of the Yahoo!, Marriott, or Equifax data breaches then the password you used for those services is probably out there on the web.  To see if your email address has been part of any recent data breaches check out haveibeenpwned.com

If you received this type of email there are a few things you can do. 

  1.  Change any logon/passwords associated with the password that was shown in the email if you haven’t already.
  2. Report the message as spam.
  3. Don’t pay.  There is no video of you anywhere.

Are you still feeling paranoid that there could be a real RDP connection to your PC that is watching and recording everything you do in real-time?  It’s easy to check just to be safe.  Download and install GlassWire, then go to the top left GlassWire menu and choose “settings” then “security”. 

Detect Windows RDP connections in real-time with GlassWire.

Now switch on GlassWire’s RDP connection alert.  From here forward, when your PC has an RDP connection GlassWire will alert you.

You can also see if your PC received an RDP connection while you were away.  Just check GlassWire’s alerts screen or graph to see your PCs idle network activity.  Or, you can turn on GlassWire’s “Block all” firewall mode when you’re away from your PC to avoid any connections while you aren’t using your computer.

Laptop Magazine also has a great article on how to disable RDP on all different versions of Windows.

(Download GlassWire Now)

Security

How to detect RDP connections to your PC, with GlassWire!

RDP (remote desktop connection) is a way for people to fully control their PC or server remotely. Unfortunately this technology is now being used as an attack vector on Windows PCs and servers.

Bleeping Computer reports that right this minute a botnet is trying to hack millions of PCs with RDP enabled.

Fortunately GlassWire 2.1.158 now detects RDP connections in real-time. Just install GlassWire’s latest version, then GlassWire will alert you instantly if your PC is connected to remotely.

If you don’t plan to use RDP on your PC or server you can also disable it. Go to the search bar in Windows and look for “remote settings” then open the window.  Remote desktop should be switched to “off” if you aren’t using this feature. 

If you do have to use RDP and have no choice UC Berkley has a list of best practices on how to secure RDP.  Also, go to the top left GlassWire menu and choose settings/security to turn this RDP connection feature on, or off.

Get GlassWire 2.1.158Change list

Security

DNS Hijacking: How To Stop It

Did you know there is a type of hacking that can take over an entire website without encountering it directly?

DNS hijacking is dangerous because it can siphon your visitors, incoming emails, and other services before they reach your network.

DNS stands for “Domain Name System”. A good way to think about a DNS is like an online phone book, or collection of phone books. The DNS essentially provides a series of tools a browser checks, before it finally reveals the location of the server that hosts the website the user seeks to visit.

In other words, DNS is your name in the massive universe that is the Internet. It helps people find you.

How DNS Hijacking Works

DNS hijacking can subvert the resolution of Domain Name System (DNS) queries. It is often done by using malware to override a computer’s TCP/IP configuration. Then, it redirects the rogue DNS server to the control of a cyber attacker.

Another method of DNS hijacking is to modify the behavior of a trusted DNS server which then makes it not comply with internet standards.

DNS hijacking is used for both malicious purposes, such as phishing and spear phishing, or for self-serving purposes of the ISP (internet service provider) and public router-based online DNS server providers.

When used for malicious purposes, hackers can travel upstream in the digital lines of communication to build false entries, which then point visitors intending to visit a website to a false destination.

While a website typically identifies a website by its .com or .net address, the DNS must also translate the fully qualified domain name into an IP address. During this exchange of information, redirects can harm a website.

How to Protect Yourself from DNS Hijacks

Part of the problem with DNS hijacking is the hacking attempt is often difficult to detect, then combat. This type of hijacking has witnessed a bit of a reemergence of late which is unfortunate as many thought it was a thing of the past.

The good news is that while preventing some DNS hijacking is challenging, it is not impossible to stay away from. The techniques you can use to guard against DNS hijacking is comparable to other kinds of cyber attacks.

Basic preventive measures include:

●      Using well regarded security software.

●      Installing the updates and security patches as soon as they become available.

●      Avoiding clicking on suspicious links in emails or on social media.

●      Avoiding sending or receiving personal information on public Wi-Fi.

●      Leaving websites immediately that seem untrustworthy.

●      Exercising caution with Wi-Fi networks that don’t start with a terms of service before browsing the web.

Furthermore, one can protect their router by making sure the default admin username and password for the router is changed.

Improve Your DNS Security

Though some of the more basic forms of DNS hijacking are avoidable, there are other kinds that are more difficult to detect. For example, there is little you can do about a website that becomes compromised.

Consequently, there are additional measures you can take to protect your personal information. It includes the ability to implement Domain Name System Security Extensions (DNSSEC) on all your devices.

The security program allows domain owners to monitor traffic on their own domains, and therefore check for suspicious activity. A DNSSEC also presents control over registering domain zones and enabling DNS resolvers.

Change the DNS Server

Another security measure is to change the default DNS server. Computers and routers, by default, connect to the global DNS service related to the local internet service provider (ISP). A third-party DNS server, meanwhile, can take over responsibilities for routing.

Google DNS and OpenDNS are two third-party DNS routing providers, and free of charge to use. If you select another alternative make sure it is from a reputable company or nonprofit organization, because allowing control to the wrong DNS server could actually expose you to more threats, not fewer.

How do you protect mobile devices? Have you ever considered anything like a Firewall for your Android device? This should be a first line of defense any time you go online.

Encrypted Connections

Virtual Private Networks (VPNs) are software applications that encrypt web traffic, keeping your data private when connected to a network. The VPN connection takes place through an encrypted “tunnel” to ensure secure web browsing, and helps with DNS hijacking protection.

A VPN serves as a tunnel between your ISP and the host, where the information between the two endpoints cannot get hacked or stolen. A VPN is similar to third-party DNS providers.

A word of caution: not all commercial VPNs are created equal. The unfortunate misconception is that they’re all the same, but some VPNs are more effective than others. The best VPNs should have stellar reputation (which is easily discoverable online with a little searching), definitive no-logging policy, and no trace of government ties or state ownership. You should also remain aware that some VPN providers will log your browsing habits, filter network traffic, and block certain websites.

OpenVPN has one of the better reputations on the market. L2TP/IPSec is another common configuration that some invest in. There are other ways you can stop recording network activity.

Cross-Site Scripting (XSS)

When a local network gets infiltrated there are several noticeable differences. Web pages will load slower, and have a different looking presentation. It may even include replacing a popular website, such as Amazon or Google, with a fake, look-alike page.

Along with DNS hijacking, cross-site scripting (XSS) is another type of attack that is common with DNS hijacking. XSS enables criminals to obtain private information through a web browsing session.

Therefore, vigilance is crucial. Users should remain mindful of what URL the browser is pointing toward. If the domain portion of the address (which contains .net, or .com) looks unfamiliar then you need to immediately shut down the browser and double check the DNS settings.

A Final Thought

Lastly, you can get further confirmation that the website is legitimate by making sure it has a valid secure sockets layer (SSL) certificate. The SSL is indicated by the green “lock” icon in the address bar. Never enter personal information or credit card numbers to a website missing an SSL.

Recent Entries