T-Mobile Breach

T-Mobile Breach

Image from depositphotos.com

The T-Mobile data breach is scary because so much is unknown, but what little information is available tells us that the worst kind of personal data has been leaked for a lot of people. What’s more, it is difficult to know if your data was in the breach. But you do not need to panic.

You can gain piece of mind by taking a few safety measures that will be effective regardless of how bad this situation becomes.

What Do We Know So Far?

A quick review of the situation is as follows: T-Mobile suffered a massive breach but tried to keep it quite until it was revealed by an article from VICE. T-Mobile acknowledge the breach but the extent of it is not certain, the company has not been forthcoming with its information. However, it is estimated that millions of people’s data has been exposed and it is some of the worst kinds of personal information to lose. This data reportedly includes social security numbers, phone numbers, names, physical addresses, and driver license information.

There are many articles that will give you a litany of security measures that you can take (signing up for an account with the social security administration, changing the two-factor authentication on all of your accounts, etc.). But there are a couple of comparatively quick actions specific to this breach that you can take right now that will address the heart of the problem.

What To Do?

Secure your T-Mobile account, put a freeze on your credit (even if you don’t have an account with T-Mobile, you are in danger if you ever let them run a credit check on you), and then seek out good security education.

Right now would be a good time to get one of the many free password managers, but if you are not interested you can skip to the next paragraph. Bitwarden is widely considered the most convenient while still very secure. A password manager will automatically (no effort on your part) log your credentials whenever you log into an account and save them locally. This last part is important because it means that the company does not have its clients’ credentials in a central database and therefore if the company Bitwarden were breached, your credentials would still be safe. Finally, and most importantly for our purposes here, Bitwarden will suggest and save passwords that are random and unique. You will see why that is so important in a moment.

Your T-Mobile Account

You want to secure your T-Mobile account if you have one by changing your password and added in a passcode (or changing that too if you have one). Log into your T-Mobile account before a hacker can and change the password to something unique.

While you are logged into your account, take advantage of a special function in T-Mobile that lets you set up a unique passcode. If you want to reset your password in the future, you will need to passcode, so make sure you save it to your password manager. This simple act will prevent many of the most widespread scams, which often rely on people pretending to be you and trying to reset your password. But that is beyond the scope of this article.

Your Credit

Next, put a freeze on your credit. When someone steals your identity, you can eventually get your money and accounts back, but your credit can be irreparably damaged. A freeze on your credit will keep it safe and prevent hackers from opening new lines of credit in your name. Go to the three big credit agencies (Experian, Equifax, and TransUnion) and there is an option on each of their websites to freeze your credit. And of course, you could just call them too.

Your Education

The best measure you can take to stay safe is to obtain quality security education for you and your colleagues to be aware of the tactics that are out there. You should consider making your business networks more secure by reaching out to Cyber Security Crusaders for assessment services with actionable steps. Just go to cybersecuritycrusaders.io to contact us or learn more.

Bonus Suggestion

If you feel like putting in a little extra effort, you can also change the password on any other accounts where you used that same password. If you don’t want to try to remember each of those accounts, you can just look up which of those other accounts (where you used the same password) were also exposed in data breaches. Find those accounts by searching your password on data breach websites like Leakpeek.com and Dehashed.com. The results will show any accounts that were exposed in a data breach that used that same password. Look in those results for your accounts and go change your password (preferably choose a unique password so you don’t have to do this step again if those sites get breached again).

How Ethical Hacking can Save Your Business From Cyber Criminals?

How Ethical Hacking can Save Your Business From Cyber Criminals?

We often hear the word “Hacker” in terms of a bad actor who breaks/breaches into a system or network and tries to compromise important data by stealing it to exploit and damage an organization’s or an individual’s reputation and assets. This, of course, is the dark side of the term “Hacking,” but it depends on the Hacker whether he uses it for criminal purposes – such as exploiting vulnerabilities to damage one’s reputation and assets, or for good, e.g., assessing the infrastructure for security loopholes and suggesting appropriate remediation steps. Let us dive into what Ethical Hacking is, what an Ethical Hacker does, and why an organization needs one.

What is Ethical Hacking?

An ethical hacker exploits vulnerabilities and weaknesses in the IT infrastructure ethically. By ethically, we mean receiving permission/consent from the organization or individual to exploit vulnerabilities, keeping in mind the company’s SOPs (Standard Operating Procedures). Vulnerabilities are exploited, and then countermeasures are suggested to the organization so that it can apply proper mitigation techniques to protect the organization’s assets, services, or reputation. The Ethical hacking process of assessing the company’s overall security posture by bypassing the IT infrastructure includes, but is not limited to, LAN, WAN, wireless network, cloud network, mobile and web applications, database management systems, Active Directory, endpoints, and security controls. The process also involves varying hacking techniques such as Man-in-the-Middle attacks, DOS, DDOS, exploitation of weak encryption algorithms, outdated application versions, phishing attacks, Advanced Persistent Threats. These techniques bypass security parameters and exploit vulnerabilities in the system, network, or application in the same way a threat actor would.

There is a famous saying “To beat a hacker, you have to think like one “

Ethical Hackers possess the skills and the mindset to keeps them one step ahead of the adversary or a hacker. That means they will find vulnerabilities and provide necessary countermeasures before some other threat actor tries to exploit them.

The Five Phases of Hacking

There is a systematic process through which a Hacker can achieve his objective more effectively and efficiently. The 5 Phases of Ethical Hacking are:

  1. Reconnaissance: The Reconnaissance phase, also known as information gathering or footprinting, is the initial and most important step in hacking. In this, we try to gather as much information as possible about the target. We usually gather information regarding the host, network, and the people involved in our target.
  2. Scanning: Scanning involves multiple aspects such as port scanning, scanning for vulnerabilities on the target, usually done using automated tools or network mapping such as connectivity of hosts in a network, topology diagram creation with the help of available information.
  3. Gaining Access: In this phase, the Hacker breaks into the system by exploiting any vulnerability found in the previous phase. The Hacker will then try to elevate his privileges to an administrator so that he can install malicious software either pivot into other systems on the network or change any configuration he might need to steal or hide data depending on the motive of the Hacker.
  4. Maintaining Access: Once the Hacker has gained access, he might need to persist access to the system or network to carry out any malicious activities until he has achieved the desired objective. Maintaining access is achieved by installing rootkits, backdoors, trojans, or other malicious files.
  5. Clearing Tracks: When the Hacker has achieved his desired intent, he then tries to erase the digital footprint he might have left during any malicious activity. Clearing tracks is necessary so that, upon investigation, the tracks do not lead to him. The process involves clearing system, application, audit, and security logs, changing registry files, or uninstalling malicious programs involved during hacking.

Types of Hackers

Hackers 2d illustration icons
Picture by Roman Wolter

So now that we know what Ethical hackers are and how they operate, it’s time we categorize the types of hackers. This categorization is based on the motives and aims of the Hacker. Although hackers can be categorized into many types, we will discuss some of the types here.

Black Hat Hacker: Black Hat hackers are the bad guys who hack for personal, financial, or political gains. They are highly skilled individuals having sound knowledge about computer programs and exploitation techniques based on different infrastructures. These hackers tend to bypass complex security solutions and controls.

White Hat Hacker, a.k.a Ethical Hackers: White Hat hackers also referred to as the good guys because they know how black hats operate and have the necessary skill sets to identify, prevent hacks and deploy countermeasures against critical vulnerabilities that cause severe damage to the organization’s assets, services, and reputation.

Grey Hat Hacker: These hackers violate ethical standards and rules, but they do not have malicious intent. Grey hat hackers break into a system without the user’s or organization’s permission and may sometimes report to the organization by charging a small fee.

Red Hat Hacker: Red Hat Hackers actually chase the black hats by shutting them down so that they may not cause further damage to an organization. They use the same tools and techniques that the black hats use.

Why Do I Need An Ethical Hacker?

Whether you are a small, mid-sized, or large business, there is always a chance of getting breached by a threat actor or Hacker as almost all businesses use some kind of IT infrastructure to provide services to the customers, be it on a small or large scale. IT infrastructure includes computers, Laptops, Servers, Printers, Switches, Wireless routers, etc. These all are at high risk of getting breached at some point in time by hackers or adversaries. The attacks and breaches are becoming more advanced and powerful as technology is evolving. Some of the most common cyber-attacks that most organizations face are:

Security Breach
  • Ransomware
  • Phishing
  • DDoS Attacks
  • Man-in-the-Middle Attacks
  • Data leakage
  • Insider Threats

So considering the above facts, an Ethical hacker is a must for organizations who want to protect their business from attacks and breaches in order to maintain a reputation in the market. Hiring an ethical hacker for your business will ensure acceptable levels of risk associated with breaches and attacks. Here is how an ethical hacker will help protect your business. An ethical hacker will use different tools and techniques, such as running scans for open or unused ports and identifying vulnerabilities in operating systems, system configurations, software versions, services, etc. He will sometimes perform a penetration test that lies under ethical hacking and aims to penetrate a particular network or system to identify security loopholes. After discovering a security flaw or vulnerability, he will suggest countermeasures and remediation steps for it.

Hiring an Ethical Hacker

Cybersecurity Icons Set minimal outline bitcoin crypto cybersecurity fingerprint phishing ddos attack security icons cyber
Picture by Artem Demidenko

Hiring an Ethical Hacker for any business is very important. An Ethical hacker with the right mindset and approach will serve as a great defender for your organization. Ethical Hackers should have strong technical knowledge, including the latest security trends, advanced persistent threats, complex attack scenarios, the risks associated with different security breaches, information security management frameworks, and standards. They should also be well-versed in reverse engineering techniques, scripting, identification of vulnerabilities, and how to exploit them to propose countermeasures before an adversary takes advantage and breaches the perimeter. Security certifications prove the ability of an ethical hacker to deal with complex scenarios. Certifications such as CEH (Certified Ethical Hacker), LPT (Licensed Penetration Tester), OSCP (Offensive Security Certified Professional), and GPEN(GIAC Penetration Tester) are the most in-demand and prestigious security certifications across the globe.

If you are a business owner and constantly increasing your business by launching new products or services, upgrading your infrastructure, or getting ready to meet compliance requirements, then we suggest you opt for VAPT (Vulnerability Assessment and Penetration Testing ) services multiple times a year. VAPT is a very strenuous task and requires a lot of critical thinking and resources. It may seem like overkill, but you’ll thank us! Hiring an ethical hacker can end up saving you a great deal of pain, time, and money from an actual hacker attack. If you have questions on hiring an ethical hacker or would like to move forward with Vulnerability assessment and/or Penetration testing, then Cybersecurity Crusaders can take care of your organization’s security posture and ensure that your business remains protected against evolving and advanced security threats. Avoid your company being the next target of Cyber Criminals – contact Cybersecurity Crusaders.