Stop Think Connect

Online child predation rising during COVID lockdown

I attended (remotely) a Council of Europe cybercrime webinar on the impact of COVID on cybercrime last week. One of the most disturbing criminal activities discussed was the rise in reports of online predation.

The National Center for Missing and Exploited Children (NCMEC) has received 4.2 million reports in April. That’s up 2 million from March 2020 and nearly 3 million from April 2019. (Forbes, 9 May 2020).

This is not surprising - nearly everyone who is connected is spending more time on the Internet - but it's still terrifying.

Look to the many government agencies have parental guidelines to help identify child abuse, exploitation or grooming.

The US FBI (https://www.fbi.gov/investigate/violent-crime/cac) has information about grooming, trafficking, sextortion and other abuses. In the UK, the NCA (https://nationalcrimeagency.gov.uk/what-we-do/crime-threats/child-sexual-abuse-and-exploitation) offers similar information

The US DHA (https://www.dhs.gov/blog/2011/08/09/protect-your-kids-cyber-predators) shares tips for parents. I also found a helpful guidelines report from UK West Midlands (https://www.local.gov.uk/sites/default/files/documents/safeguarding-children-and-c8c.pdf). And you'll find additional information at Stop.Think.Connect Parent and Educator resources (https://www.cisa.gov/publication/stopthinkconnect-parent-and-educator-resources).

 


Clever Malware Names: Feeding the Propensity to Ignore Systemic Issues

Charlie_Brown_FootBallMy patience with naming malware as if they were Marvel super heroes or X-Men is at an end. Slammer, Sasser, Flame, BlackEnergy. Instead of naming malware in ways that flatter or aggrandize the attackers, please let's use names that call attention to the systemic problem rather than the clever, tricksy software. For example,

WORM:Win32/TriedToWinAnIpodFromAControlSystem.A

TROJ:Win32/Surfed4PornFromARootAccount.C

WORM:Win32/ConnectedMyInfectedDeviceToIndustrialNetwork.A!sys

I was reminded yesterday of the Sun Tzu quote, 

"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

We're succumbing in nearly every battle, and increasingly it's not only because we don't know the enemy but that we don't know ourselves, or more accurately, that we are unwilling to admit to the myriad of ways that we fail to rigorously implement the most obvious, commonly known, widely recommended security measures.

Certain attacks of the weaponized malware kind can be contained or mitigated by isolating or restricting access from critical networks, by compartmentalizing services, by hardening administrative systems, or by prohibiting users from connecting general purpose clients or devices from critical business or infrastructure networks. These measures also protect against the affects of user who disregard or overlook recommended secure behaviors. 

A typical conversation that follows a successful exploit begins with, "have you read about the BurntUmberGoat attack against the Berzerkestan SCADA network?"

Name malware by the failure they exploit and your conversation now begins, "have you read about the Surfed4PornFromARootAccount MITB attack against the First Bank of Glovania?" 

Changing the naming convention may not alter the attack surface but it might make conversations a bit more educational. There may even be a shame factor to exploit here.

It's embarrassing enough for most folks to have an IT guy tell you, "Your computer was infected with BurntUmberGoat" in front of your office mates.

It's quite a bit different to have her say, "Your computer was infected with Surfed4PornFromARootAccount".