åThis week we look at the ways to feed your computer, especially when they’re hungry. Check out the video and then the rest of this article!
Micro-Chips
When talking about microchips, they are identified as the silicon material electronics that perform functions on a motherboard inside various devices, from laptops to IoT devices to our cars. However, several years ago, an interesting story came out of Bloomberg regarding the Supermicro motherboards where there was a tiny chip on board that the Chinese were using to connect wirelessly and have data sent back to them. Unfortunately, this was untrue. However, there was a colleague of mine who did a presentation at DEFCON at the ICS village back in 2019.
https://twitter.com/montaelkins/status/1158395449595662341
He took a Cisco firewall and added a microchip to it. After researching it and studying it, he was able to solder a microchip on the board that, when powered up, would send configuration and user account information back to his C2 server. He even brought the board itself to DEFCON and, after his presentation, challenged everybody to see if they could find the microchip. Nobody could, and when he did show it to us, it just looked like any other microchip that should be on the board. He did a great job soldering it in there and programming it. In the comments section below, I will provide the link for the tweet that shows the DEFCON talk and read more about it there.
(Fish) Phish Sticks
When talking about fish sticks and fishing, folks know that cybercriminals work their way into organizations via the user and phishing emails. Organizations can conduct phishing assessments to try and make sure that users are aware of what the cybercriminals are doing to gain access to the organization’s environment. When it comes to social engineering, there are three questions I always review first:
- Is the email unexpected?
- Is this person a stranger or unknown to me?
- Are they asking me to do something immediately with a sense of urgency or initiating a knee-jerk emotional response.
If answering yes to any of these questions, then take the extra time to make sure and verify the user the email. These three questions are the starting point for ensuring a user doesn’t get successfully phished.
Cookies
Ah, cookies. Those wonderful little text files on our computer track login information and information about us when we visit websites. They were designed originally to be something worthwhile. Like all tools and features, it is used for wrongdoing. GDPR requirements enforced the need for organizations and users to be aware that there are cookies and what they do when one visits their website. There is the option of specifying what kind of cookies you want, which many users just want to get to the website. They don’t want to be worrying about what cookies and how much information it stores. Just show me the information on the webpage! And so many people don’t realize the potential dangers of cookies on their systems. Some ways to protect users are ad blockers, which are plugins for browsers to restrict the saved information. Additionally, browsers can protect your privacy like DuckDuckGo or Brave. These can help reduce your digital footprint and help protect you against cookies and malware attacks.
Computer Food for Thought
So while your computer may not ask you to feed them, users want to make sure they give it a healthy dose of antimalware or EDR / Endpoint detection and response. Ensure the operating systems are up to date, including all software loaded. So, in the end, make sure to patch and keep your computer well-fed with software updates!
Post in the comments