CISA, Cyber aware

    • 474 posts
    January 20, 2022 9:05 AM EST

    Hei folks

     

    Mikel here.

    I have recently been updated by CISA and so i would pass on the information update.

     

    This may or may not be relevant to you, depending on how you see your site or its size in members or location of site (country)

     

    But this may be of help to someone.

    Due to the Russian Government / Military
    (NOT Russian civilians) massing troops on the border with Ukraine and threatening invasion and sanctioning government sponsored cyber crime / attacks on other countries and businesses, social networks.

     

    CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

    01/18/2022 08:51 AM EST

     

    Original release date: January 18, 2022

    In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to: 

    • Reduce the likelihood of a damaging cyber intrusion, 
    • Detect a potential intrusion, 
    • Ensure the organization is prepared to respond if an intrusion occurs, and 
    • Maximize the organization’s resilience to a destructive cyber incident.

    CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.

     

    many thanks

    mikel.

    • 97 posts
    January 23, 2022 2:27 PM EST

    Thank you, Mikel!

    I have had a significant increase in activity this past week from those countries.  I've been checking IP's and email addresses and banning those that were on the blacklists.

    ~T.

    • 474 posts
    January 25, 2022 6:10 AM EST

    Hei Tiffany

     

    You are very welcome.

     

    mikel.

    • 97 posts
    January 29, 2022 12:10 PM EST

    Well, my spam log browser activity is increasing and VERY concerning. 

     

    Question ~

     

    How do I address the SE email system?  I can see that I have an excessive amount of emails going out, which I presume are for email verification from these spam emails, but what is bothering me, is how do I know that's all that it is?  How do I view where these emails are actually going?

     

    Is there a way for me to know where these emails are going and those that are coming back undeliverable?  When I had vBulletin, I always got bounce back email alerts through my website email address?  Is this an email setting from the email I'm using, or is this a function setting of Social Engine that I should address, so I can see what's going on with emails.  Sorry to sound like such a novice, but this area is not my wheel house.

     

    Thanks for any thoughts or direction. ~T.

    • 474 posts
    January 30, 2022 9:24 AM EST

    Hei Tiffany.

     

    about email banning.
    Try this method. Ive mentioned this before.
    Part of the problem is, a single user can create and send many many many emails, but they will all come from the same IP. (example, i had one IP address sending 147 different emails addresses. i simply blocked the ip and never got any spam emails from that ip again)
    So instead of blocking emails, block the IP. This will cut the amount of email verification work.

    So after a few days you will see a huge drop in spam emails and negative sign in attempts made by none members( these are automated computer sign in attempts). also the amount of emails sent to verify emails will also drop.

     

    Yes you may block another user with the same ip address, but the chances of it actually affecting your membership numbers is to teeny tiny to be a concern. Since most ip addresses are usually shared between 1 and 5 people. 

     

    Also, check your SEO.
    all search enquiries use SEO to find social sites, gaming sites and others. This is a good thing, but also a bad thing because it can single your site out from others and so you start to get more spammers. Remember, most of these spam emails are generated and sent by computers and not by people.

    So you could try rewording your [ key word search ]

     

    When i search [ friends realm ] i also see [ friend realms ] [ friend realm ] another very popular social and gaming sites. This also could be the problem. Similar site and social names, this will get people accessing your site instead of another site by mistake. ive seen several sites with copycat site names and then they wonder why they getting more spam and negative member signin reports on their spam and banning list.

    This is also a high volume spam search technique, the more popular a site or site name is, the more of a target it becomes.
    You could think about creating a more unique site name, with a more local language key word search.

     

    Another thing to try is making your site [ invite only ] but this means you need to encourage friends and local people to be more active.

    You can, If SNS have it, a plugin that allows [ mobile phone number ] authentication, sign in / sign up instead of email signup verification.

     

    something to think about.

    mikel.

    • 97 posts
    January 30, 2022 10:00 AM EST

    Hi Mikel,

     

    I'm now doing both blocking of emails and IP addresses; appreciate your direction.  I don't even have to put these through an email/IP spam checker anymore because they are so obvious.  I have one spam email that showed up a few days ago (using the name bob and some gibberish) and "bob" has been the most persistent log in out of all of them.  Almost 100% of these spammers are gmail addresses, except for "bob" and "bob's" email IP is from a US north eastern state.  

     

    I just realized this is an indexed thread (I had to remove most of my response ^-^).....in response to your other thoughts, I do understand what you are referring too with domain names and searches and will keep those ideas under my hat. I was actually looking at SEO and Meta tagging yesterday.  I do have a SEO plugin by SNS.

     

    I'm not opposed to "invite only" option either.  The only challenge with that, is most of my friends don't list their email addresses on other websites to send them invites, (of course I have their cell numbers) so like you were saying, the mobile number invite makes more sense, but SE doesn't have that option.  I'll look around for a plugin for mobile phone invite; maybe SNS has one? ~T.

     

    • 474 posts
    January 31, 2022 6:28 AM EST

    Hei Tiffany.

    Happy to be of help.

     

    Just as a note.

    The Mobile Phone number signup / signin is a plugin.
    What this does is replace the need for email signup / sign in.. Members sign up with their mobile phone number and login with their number.
    this is a better tool to have and prevents email spammers.

    It is a great tool to have as an option.

     

    mikel.

     

    I think SNS have this but its better to check with them because you will need to have it work on your Mobile APP also.

    • 97 posts
    January 31, 2022 10:34 AM EST

    Hey Mikel,

     

    Where or how to find this mobile sign-up plugin ....... show me the way  I couldn't find it on SNS plugins, unless it's a feature embedded in another plugin that I missed?

     

    ~T.

    • 474 posts
    January 31, 2022 12:47 PM EST

    Hei Tiffany

     

    I was thinking Sns had a plugin, Il have a look at other devs, someone must have one, ive seen plugins on devs own websites that havent been advertised on SE Stores. its been a standard plugin for other social sites for a couple of years that i have seen.

     

    mikel.

    • 97 posts
    January 31, 2022 1:39 PM EST

    Mikel,

    GREAT!!  Thank you for looking.  I'll keep looking too.  This would be SOOOO helpful to have this plugin! ~T.

    • 2 posts
    February 9, 2022 9:17 AM EST

    Thanks for sharing Mikel, glad to be aware of this.

    • 97 posts
    February 22, 2022 9:21 PM EST

    Hey y'all!  I think this is what we were looking for; a mobile sign-up plugin?  SNS has loaded up this plugin on my website.  I haven't worked with it yet to be able to comment but maybe this is what we were needing?  ~T.

    (OTP) One Time Password, SMS Mobile Verification & Safe Login

    • 474 posts
    February 24, 2022 8:50 AM EST

    Hei folks.

    Mikel here.

    Cyber security update.

     

    New Sandworm Malware Cyclops Blink Replaces VPNFilter

    02/23/2022 10:00 AM EST

     

    Original release date: February 23, 2022

    The United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory (CSA) reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink. Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers and network-attached storage devices.

    CISA encourages users and administrators to review joint CSA: New Sandworm Malware Cyclops Blink Replaces VPNFilter for additional technical details and mitigations.

    • 474 posts
    February 27, 2022 10:55 AM EST

    Hei Folks

    New Update.

     

    I know these updates may seem not important to you personally, but i know that SE / SNS have members that are in Ukraine or have business links to the Ukraine. Since this is all connected to the US and other Nations it is wise to be aware. The Russian Government (NOT Russian civilians) are also targeting the US with similar attacks.

     

    CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine

    Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats. 

    CISA recommends organizations review Destructive Malware Targeting Organizations in Ukraine and Shields Up Technical Guidance webpage for more information.

     

    Mikel.

    • 97 posts
    February 27, 2022 2:20 PM EST

    Thank you, Mikel for your Cyber update; watchful and aware more then ever! ~T.

    • 474 posts
    March 17, 2022 9:03 AM EDT

    Hello Folks

    CISA Update.
    Please check your systems or ask your Hosting Company to check Server Systems.
    You may be only a small network or a large network, the effects of not taking action can still be devastating.

     

    Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

    03/15/2022 10:00 AM EDT

     

    Original release date: March 15, 2022

    CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat. 

    CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.

    This product is provided subject to this Notification and this Privacy & Use policy.

     

    Many Thanks

    mikel.