"Whether you work for local law enforcement, a utility provider, a hospital, or a small or large company, you need to protect your critical infrastructure against cyber infiltration. The threat that cybercriminals pose to public entities and private businesses is substantial. A single intrusion could mean economic loss, bankruptcy, and in some cases, loss of human life."
Deputy Attorney General Rod Rosenstein
Cyber crime is one of the greatest threats facing our country, and has enormous implications for our national security, economic prosperity, and public safety. The range of threats and the challenges they present for law enforcement expand just as rapidly as technology evolves.
In Rhode Island, the United States Attorney’s Office, and federal and state law enforcement have teamed up to investigate cyber crimes, and to educate the public and businesses on ways to help avoid becoming a victim of a cybercrime and what to if they become victimized.
If you believe you, your family or your company are a victim of a cybercrime, or are interested in learning more about protecting yourself or your company from cybercrimes, please contact:
Rhode Island Fusion Center: (401) 444-1117
Rhode Island State Police Joint Cyber Task Force: (401) 444-1718 or (401) 444-1710.
FBI Cyber Division CYWATCH 24/7 support: 1-855-292-3937 or email CyWatch to report intrusions firstname.lastname@example.org
United States Secret Service, Providence Resident Agency 24hr: (401) 331-6456
United States Attorney’s Office (401) 709-5042
Online Reporting & Resources
To report internet fraud/phishing: http://www.ic3.gov/default.aspx
DHS cybersecurity resources and information: http://www.dhs.gov/topic/cybersecurity
To access cyber threat information in the National Cyber Awareness System go to the US Computer Emergency Readiness Team (US CERT): https://www.us-cert.gov/ncas
To join FBI Infragard: https://www.infragard.org/
Membership includes receiving emails concerning Cyber Threat Updates
Quarterly meetings with a Cyber Focus
General questions relative to connecting to federal resources or joining FBI Infragard contact Brian Pires at the U.S. Attorney’s Office at (401) 709-5042.
Information and links that provide important information and guidance on helping to avoid becoming a victim of cyber crime and answers to some frequently asked quetions
Cybersecurity 101: What You Can Do at Home
DO NOT IGNORE SECURITY UPDATES
Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
USE TWO-FACTOR AUTHENTICATION
Use a username and password (something you know) and another form of identification (something you have) such as an RSA generated security code, a USB security key, voice ID, facial recognition, iris recognition or fingerprint scanning.
DON’T CLICK ON LINKS IN EMAILS AND WHEN IN DOUBT, THROW IT OUT
Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
PROTECT ALL DEVICES THAT CONNECT TO THE INTERNET
Along with computers, smart phones, gaming systems, and other web-enabled devices need protection from viruses and malware.
Expert tips on how to protect your personal information online
10 Tips to Stay Cyber Safe While Travelling
Information and photos to assist users in detecting ATM skimmers, gas pump skimmers and other related fraud devices.
Three Ways to Thwart Hackers' Attempts at Persuasion
4 Ways to Protect Against the Very Real Threat of Ransomware
A Proactive Approach To Incident Response: 7 Benefits
Cybersecurity 101: What the Average Business User Can Do
How to Protect Yourself from Macro-based Malware
My anti-virus is up to date so I am protected, right?
7 common cyber security myths debunked
5 Email Security Tips to Combat Macro-Enabled Ransomware
Cybercriminals are increasingly looking to macro variants, leaving organizations to defend against advanced tactics like macro-based malware attacks any way they can.
Email clients and web browsers top the list of applications used to trigger the ransomware payload. It’s critical that organizations get a handle on their email traffic if they are going to protect against phishing and spearphishing attacks. The big problem, however, is that the ransomware threat extends well beyond the email traffic itself to encompass any file with macros – that is, embedded scripts that contain programming code.
Here are five recommendations designed to help stop weaponized attachments and macro-enabled malware delivered via email
1. Disable Macros
2. Use only essential applications
3. Enable email attachment sandboxing
4. Neutralize active code at the gateway
5. Train and educate your workforce
For more information on the five recomendations above clink the link below:
10 Important Cyber Security Tips for Small Business Owners
By Ahmad Hamidi March 10, 2017 in isBuzznews
(Excerpts) Small businesses are generally not well secured due to being labeled as small businesses, but their security threats are not necessarily small. On any given day, they can fell to the hacking, malware, ransomware and data breaches due to their cheap and dated protection. But with the few steps, you can avoid such cyber security risks. If you think that your small business is not vulnerable to cybercrimes like big corporations, you need to think again. 43 % of cyber-attacks target the small businesses!
Here are simple yet efficient cyber security tips for the small business owners to minimize the risks of hacking, malware, and ransomware.
Use Strong Passwords:
You must use strong passwords composed of numerals, alphabets and characters. If your passwords are strong, it is a tough job for someone to crack it. Encourage your employees and users to create strong passwords.
Minimize the Number of Password Attempts:
A hacker will try all of the passwords randomly till they successfully open up your account. It means that your account is not safe even with a 6 digit pin creating a million unique possibilities.
Remember, a password cracking software can guess your codes in minutes. So, you must limit the number of attempts at all stages of your authentication process. This point is as useful as creating strong password for your system.
Choose Your Password Manager Software Wisely:
Password manager tool creates strong passwords and remembers them for you. This is why many businesses prefer using password manager software. If you are considering the same, you have to think many times because of the various concerns. For example, your all passwords are stored in its database, meaning a hacker can get all if he goes for just one.
Prefer On-Screen Keyboard to Feed Sensitive Information:
Nowadays, hackers are so sophisticated that they can record your keystrokes with the help of keylogging software, especially when you are using shared networks. What you can do to avoid your information leaking to other ends is that by using virtual or on screen keyboard, keylogging software can’t keep the track of the on screen keyboard being operating with the mouse clicks.
Be Careful About Backups:
What about your data backup? While data backups are essential to effective security, mismanagement and mishandling of backups can make them vulnerable to the theft. For example, if you choose cloud storage, your data is stored at remote location. Any negligence means that someone can gain access to your data easily. Therefore, you must encrypt and password-protect your documents before storing them on the cloud or remote server. You must go extra mile to encrypt your sensitive data. In this way, you can have a peace of mind knowing that you have an extra layer of protection for the remotely secured documents.
Educate Employees About Cyber Security
When security breaches are more common than you think, it is good to educate your employees about cyber security before you have any breach. Here are the few strategies to keep in mind to train your employees in cyber security:
•Train everyone—from top to the bottom
•Conduct seminars frequently
•Tell them how to recognize the attack
•Regularly test your employee’s IT security knowledge
•Make clear your policies about hacking, data breaching and use of devices in your organization.
•Identify the inside threat in your company
Avoid Storing the Customer’s CVV Number
Getting the customer’s card details, with customer’s consent, can help you make the future checkouts convenient. On the flip side, this practice makes your customers data exposed to the hackers.
Control Physical Access to Systems and Network Components:
Don’t permit outsider or unauthorized person to use your system. If it is required, in the case of technician from another firm, provide them the general PC or have someone to supervise them during the tasks. Lock your computer up after leaving them and insist your staff to do so. Apart from that, you have to monitor the personal devices of the employees.
Update Your Software Regularly:
Never ignore the pop up messages on your screen which remind you about upgrading your software. Allowing software updates is one of the most important things you can do with your computer security. If you don’t, your computer is vulnerable to malware and hacking. Software vendors release software updates to address the security risks in their existing products that could be exposed to the hackers anytime. They generally contain vulnerabilities fixes and product enhancement.
Secure Your Networks:
Make sure your Wi-Fi network is hidden and secure to avoid the unauthorized access. And here are the ways to do that:
•Hide your Service Set Identifier available in wireless access point and router.
•Encrypt your wireless access point
•Disable access from the outside network
•Scan your network regularly
Cyber Smarts Cybersecurity Awareness Program for Middle and High School Students
What is Cyber Smarts?
Students helping students to stay safe while:
• Using Social Media
• Sending Texts and Emails
• Downloading from the Web
• Shopping on the Internet
Why Cyber Smarts?
• Online predators are savvy and troll the Web
• Online shopping is not without risk
• Cyber bullying has real world implications
• What you post on the web never goes away
To bring the Cyber Smarts program to your community please contact Brian Pires at
Federal Trade Commission (FTC) Video Data Breach Response
TC Video The NIST Cybersecurity Framework and the FTC
Cybersecurity is a shared responsibility. Please find resources and tips so we can each do our part to keep the Internet safe.
Top 20 Critical Security Controls for Effective Cyber Defense
With data breaches increasing, more than ever organizations have to ensure that they have all necessary security controls in place to keep their data safe. As a response to growing security threats, the SANS Institute, together with the Center for Internet Security (CIS) and other organizations, developed the 20 Critical Security Controls (CSC) for Effective Cyber Defense. The CIS CSC provides IT pros with a prioritized, focused set of actions to help them stop some of the most dangerous cyber-attacks.
#1. Inventory of Authorized and Unauthorized Devices.
Organizations must actively manage all the hardware devices on the network, so that only authorized devices are given access and unauthorized devices can be quickly identified and disconnected before they inflict any harm.
Why is this critical? Attackers are continuously scanning the address space of organizations, waiting for new and unprotected systems to be attached to the network. This control is especially critical for organizations that allow BYOD, since hackers are specifically looking for devices that come and go off of the enterprise’s network.
#2. Inventory of Authorized and Unauthorized Software.
Organizations must actively manage all software on the network, so only authorized software is installed. Security measures like application whitelisting can enable organizations to quickly find unauthorized software before it has been installed.
Why is this critical? Attackers look for vulnerable versions of software that can be remotely exploited. They can distribute hostile web pages, media files and other content, or use zero-day exploits that take advantage of unknown vulnerabilities. Therefore, proper knowledge of what software has been deployed in your organization is essential for data security and privacy.
#3. Secure Configurations for Hardware and Software.
Companies need to establish, implement and manage the security configuration of laptops, servers and workstations. Companies have to follow strict configuration management and implement change control processes to prevent attackers from exploiting vulnerable services and settings.
Why is this critical? Manufacturers and resellers design the default configurations of operating systems and applications for ease of deployment and use, not strong security. Open services and ports, as well as default accounts or passwords, can be exploitable in their default state, so companies have to develop configuration settings with good security properties.
#4. Continuous Vulnerability Assessment and Remediation.
Organizations need to continuously acquire, assess and take action on new information (e.g.,software updates, patches, security advisories and threat bulletins) to identify and remediate vulnerabilities attackers could otherwise use to penetrate their networks.
Why is this critical? As soon as researchers report new vulnerabilities, a race starts among all relevant parties: Culprits strive to use the vulnerability for an attack, vendors deploy patches or updates, and defenders start performing risk assessments or regression testing. Attackers have access to the same information everyone else, and can take advantage of gaps between the appearance of new knowledge and remediation.
#5. Controlled Use of Administrative Privileges.
This control requires companies to use automated tools to monitor user behavior and keep track of how administrative privileges are assigned and used in order to prevent unauthorized access to critical systems.
Why is this critical? The misuse of administrative privileges is a primary method for attackers to spread inside an enterprise. To gain administrative credentials, they can use phishing techniques, crack or guess the password for an administrative user, or elevate the privileges of a normal user account into an administrative account. If organizations do not have resources to monitor what’s going on in their IT environments, it is easier for attackers to gain full control of their systems.
#6. Maintenance, Monitoring, and Analysis of Audit Logs.
Organizations need to collect, manage and analyze event logs to detect aberrant activities and investigate security incidents.
Why is this critical? Lack of security logging and analysis enables attackers to hide their location and activities in the network. Even if the victim organization knows which systems have been compromised, without complete logging records, it will be difficult for them to understand what an attacker has done so far and respond effectively to the security incident.
#7. Email and Web Browser Protections.
Organizations need to ensure that only fully supported web browsers and email clients are used in the organization in order to minimize their attack surface.
Why is this critical? Web browsers and email clients are very common points of entry for hackers because of their high technical complexity and flexibility. They can create content and spoof users into taking actions that can introduce malicious code and lead to loss of valuable data.
#8. Malware Defenses.
Organizations need to make sure they can control the installation and execution of malicious code at multiple points in the enterprise. This control recommends using automated tools to continuously monitor workstations, servers and mobile devices with anti-virus, anti-spyware, personal firewalls and host-based IPS functionality.
Why is this critical? Modern malware can be fast-moving and fast-changing, and it can enter through any number of points. Therefore, malware defenses must be able to operate in this dynamic environment through large-scale automation, updating and integration with processes like incident response.
#9. Limitation and Control of Network Ports, Protocols, and Services.
Organizations must track and manage the use of ports, protocols and services on network devices to minimize the windows of vulnerability available to attackers.
Why is this critical? Attackers search for remotely accessible network services that are vulnerable for exploitation. Common examples include poorly configured web servers, mail servers, and file and print services, as well as domain name system (DNS) servers that are installed by default on a variety of devices. Therefore, it is critical to make sure that only ports, protocols, and services with a validated business need are running on each system.
#10. Data Recovery Capability.
Companies need to ensure that critical systems and data are properly backed up on at least a weekly basis. They also need to have a proven methodology for timely data recovery.
Why is this critical? Attackers often make significant changes to data, configurations and software. Without reliable backup and recovery, it is difficult for organizations to recover from an attack.
#11. Secure Configurations for Network Devices.
Organizations must establish, implement and actively manage the security configuration of network infrastructure devices, such as routers, firewalls and switches.
Why is this critical? Just as with operating systems and applications (see Critical Security Control 3), the default configurations for network infrastructure devices are geared for ease of deployment, not security. In addition, network devices often become less securely configured over time. Attackers exploit these configuration flaws to gain access to networks or use a compromised machine to pose as a trusted system.
#12. Boundary Defense.
Organizations need to detect and correct the flow of information between networks of different trust levels, with a focus on data that could damage security. The best defense is technologies that provide deep visibility and control over data flow across the environment, such as intrusion detection and intrusion prevention systems.
Why is this critical? Culprits often use configuration and architectural weaknesses on perimeter systems, network devices and internet-accessing client machines to gain initial access into an organization’s network.
#13. Data Protection.
Organizations must use appropriate processes and tools to mitigate the risk of data exfiltration and ensure the integrity of sensitive information. Data protection is best achieved through the combination of encryption, integrity protection and data loss prevention techniques.
Why is this critical? While many data leaks are deliberate theft, other instances of data loss or damage are the result of poor security practices or human errors. To minimize these risks, organizations need to implement solutions that can help detect data exfiltration and mitigate the effects of data compromise.
#14. Controlled Access Based on the Need to Know.
Organizations need to be able to track, control and secure access to their critical assets, and easily determine which people, computers or applications have a right to access these assets.
Why is this critical? Some organizations do not carefully identify and separate their most critical assets from less sensitive data, and users have access to more sensitive data than they need to do their jobs. As a result, it is easier for a malicious insider — or an attacker or malware that takes over their account — to steal important information or disrupt operations.
#15. Wireless Access Control.
Organizations need to have processes and tools in place to track and control the use of wireless local area networks (LANs), access points and wireless client systems. They need to conduct network vulnerability scanning tools and ensure that all wireless devices connected to the network match an authorized configuration and security profile.
Why is this critical? Wireless devices are a convenient vector for attackers to maintain long-term access into the IT environment, since they do not require direct physical connection. For example, wireless clients used by employees as they travel are infected on a regular basis and later used as back doors when they are reconnected to the organization’s network.
#16. Account Monitoring and Control.
It is critical for organizations to actively manage the lifecycle of user accounts (creation, use and deletion) to minimize opportunities for attackers to leverage them. All system accounts need to be regularly reviewed, and accounts of former contractors and employees should be disabled as soon as the person leaves the company.
Why is this critical? Attackers frequently exploit inactive user accounts to gain legitimate access to an organization’s systems and data, which makes detection of the attack more difficult.
#17. Security Skills Assessment and Appropriate Training to Fill Gaps.
Organizations have to identify the specific knowledge and skills they need to strengthen security. This requires developing and executing a plan to identify gaps and fix them through policy, planning and training programs.
Why is this critical? It is tempting to think of cyber defense as primarily a technical challenge. However, employee actions are also critical to the success of a security program. Attackers often use the human factor to plan exploitations, for example, by carefully crafting phishing messages that look like normal emails, or working within the time window of patching or log review.
#18. Application Software Security.
Organizations must manage the security lifecycle of all software they use in order to detect and correct security weaknesses. In particular, they must regularly check that they use only the most current versions of each application and that all the relevant patches are installed promptly.
Why is this critical? Attackers often take advantage of vulnerabilities in web-based applications and other software. They can inject specific exploits, including buffer overflows, SQL injection attacks, cross-site scripting and click-jacking of code, to gain control over vulnerable machines.
#19. Incident Response and Management.
Organizations need to develop and implement proper incident response, which includes plans, defined roles, training, management oversight and other measures that will help them discover attacks and contain damage more effectively.
Why is this critical? Security incidents are now a normal part of our daily life. Even large and well-funded enterprises struggle to keep up with the evolving cyber threat landscape. Sadly, in most cases, the chance of a successful cyber-attack is not “if” but “when.” Without an incident response plan, an organization may not discover an attack until it inflicts serious harm, or be able to eradicate the attacker’s presence and restore the integrity of the network and systems.
#20. Penetration Tests and Red Team Exercises.
The final control requires organizations to assess the overall strength of their defenses (the technology, the processes and the people) by conducting regular external and internal penetration tests. This will enable them to identify vulnerabilities and attack vectors that can be used to exploit systems.
Why is this critical? Attackers can exploit the gap between good defensive intentions and their implementation, such as the time window between the announcement of a vulnerability, the availability of a vendor patch and patch installation. In a complex environment where technology is constantly evolving, organizations should periodically test their defenses to identify gaps and fix them before an attack occurs.