Adam Tyler

About Adam Tyler

Adam leads the charge promoting innovation in technology at CSID. His expertise spans far across the security landscape, including identity protection and fraud detection, cyber security trends, hacking and attack methods. Adam is passionate about teaching companies and consumers how to take control of their information and privacy. Adam is based out of CSID’s UK office and is an internationally known speaker on matters of cyber security, identity theft, fraud detection and identity protection.

The Latest in PII Values on the Dark Web

By | April 17th, 2017|The Dark Web|

CSIDEvery day, cyber criminals of varying skill levels and capabilities buy and sell stolen consumer and business credentials on the dark web. While once perceived to be an inaccessible, mysterious place, the dark web of today is very much within reach. Less technical, younger individuals can access the dark web and participate in underground commerce with just a few clicks.

The dark web now resembles, in many ways, any other commercialized online marketplace. There are banner ads, social media pages, and even user-friendly YouTube tutorials to help guide criminals in their pursuits. Without much effort or technical skill, cyber criminals can access personally identifiable information (PII), popular user accounts, and malware kits to more easily orchestrate attacks.

I’ve enjoyed the opportunity to shed light on these underground marketplaces at conferences like South by Southwest. One exercise I like to run through with attendees is to have them guess the going rate for different pieces of PII. It often shocks people that even high-value information and accounts are selling for cheap across the dark web. For instance, Social Security numbers, email accounts like Gmail and Yahoo, Uber accounts and Netflix accounts being sold on the dark web for around $1.

While it is a somewhat scary reality, consumers and businesses can take steps to significantly reduce the risk that their information ends up on the dark web. By creating long, strong, and unique passwords across accounts, taking advantage of software updates as they are available across all devices, and enlisting the help of a third-party monitoring service, consumers and businesses can stay one step ahead of these growing threats.

Does the price of PII surprise you? Join the conversation on Facebook, Twitter, or LinkedIn.

 

2017: The Evolution of the Password, IoT Threats and Other Predictions

By | December 27th, 2016|Online Safety|

CSIDFor both consumers and businesses, 2016 was a big year for cybersecurity. As we predicted at the beginning of the year, large-scale breaches continued to dominate the headlines and the Internet of Things (IoT) became a growing source of security concerns. But as the year comes to a close, it’s time to look to the future. Here are the trends we predict will shape the cybersecurity industry during the year ahead:

Consumer Password Practices: Same Problems, New Solutions
Poor password use continues to plague consumers, leaving them vulnerable to attack. With the volume of breaches increasing, it will be more important than ever for consumers to use long, strong and unique passwords across accounts. If any of your passwords made it on to last year’s list of “Worst Passwords,” you should take care to update now. Consumer adoption of biometric authentication will also increase, not only across traditional financial accounts, but other apps as well, as we saw with Google’s Trust API earlier this year.

IoT Threats Will Begin To Take Shape
IoT threats, once somewhat abstract, will start to become very real as more devices are connected and as consumers and businesses start to participate in the resulting connected ecosystems. Recent DDoS attacks in 2016 showed us that the IoT is, and will continue to be, a valuable tool and target for cyber criminals. The security industry, businesses and consumers will need to come to together to tackle IoT security – from education to product development.

BYOD Brings News Era of Workplace Threats
With evolving workplace cultures – including a rise in work from home and bring your own device (BYOD) policies – we’ll start to see a new era of threats facing businesses. Companies will need to prioritize building a BYOD policy in partnership with IT, risk management, and legal counsel. They’ll also need to educate employees on security best practices, like creating strong passwords and updating the software on their devices, to ensure all employees understand their role in protecting the business.

Hollywoodization of the Hacker Brings Mainstream Awareness
With shows like Mr. Robot gaining mainstream, loyal followings, we’ll see a new level of fascination with hacker culture and cybersecurity, especially from younger individuals, who are more digitally connected than any previous generation. Consumer interest in cybersecurity, along with attacks in the headlines, will drive popularity of these shows and start to blend entertainment with education.

Ransomware Will Threaten Hospitals And Other Enterprises
Hospitals and other healthcare organizations will be among the most vulnerable for attack, as moves to digital – including the shift to electronic health records (EHR) and launch of mobile applications – will introduce valuable targets for cyber criminals.

Have your own 2017 security predictions to share? Weigh in with us on FacebookTwitter and LinkedIn.

Virtual Reality: Real-World Security Concerns

By | December 1st, 2016|Industry News|

CSIDRecent advancements in virtual reality (VR) have ushered in one of the most exciting times in technology, with consumers and businesses alike realizing VR’s potential for transforming and enhancing experiences. VR has proven to be so much more than a vehicle for gaming. We’re still in the early stages of understanding the full implications of VR, but exciting progress has already been made in verticals spanning from entertainment to education, and even the medical field. Early studies have shown it has helped paraplegics regain body functions, treat PTSD and anxiety attacks, test car safety, and so much more.

With VR picking up steam and quickly making its way from research labs to consumers’ living rooms, it’s more important than ever for consumers to be aware of the unique threats that may be associated with VR.

Physical Risk: Blended Realities
Virtual reality simulated experiences can create a degree of realism that may cause a user to become so deeply immersed in that experience that they become less aware of their surroundings. The nature of current VR headsets is such that users cannot see anything around them. VR experiences that require movement – like simulating the motion of swinging a tennis racket for example – could cause danger or harm to the user if they are not in an open space, clear of other individuals or structures.

Digital Risks: Privacy and Identity Theft
Like any technology that collects user information, including payment, account, and personal details, VR will continue to be a valuable target for cyber criminals. Pressures to bring the technology to market quickly may also cause developers to overlook critical security and privacy considerations. Other security risks may emerge when the devices are in use, as users may unknowingly express information related to their location or identity which may be recorded by a third party and used for marketing or if it falls into the wrong hands, identity theft.

Many predict that hackers will use tried and true hacks in new ways, leveraging VR to have users, “unwittingly deploy a Trojan” or “leak their password with just a wave of a hand,” for example. Phishing could also be executed via “fake virtual objects,” a duping method believed to already be in use by hackers.

Securing VR will take collaboration from the public and private sectors and a commitment from technology developers to create more secure devices. However, users should be aware of their own responsibility in protecting themselves. Be careful to use long, strong and unique passwords for VR-associated accounts, vet third party vendors, and ensure all of your devices have the latest software.

Have other VR security considerations to share? Weigh in with us on Facebook, Twitter and LinkedIn.

The Hollywoodization of the Hacker: Lessons From Mr. Robot

By | November 10th, 2016|Online Safety|

CSIDCurrent shows like Silicon Valley and Mr. Robot and movies like Blackhat have brought hackers into the ranks of pop culture’s most popular protagonists. Until recently, hackers in movies have largely been represented as zany sidekicks or mysterious recluses. But now hackers, and especially vigilante white-hat hackers, are being portrayed like real life, albeit unlikely, superheroes. With audiences so invested in their digital lives, it is easy to see why this shift has occurred. Especially among the younger crowd, who are more digitally active than any previous generation, it makes sense that those with the ability to directly impact digital spaces have become the subject of fascination. TechCrunch argues that these stories have also become popular because viewers are more educated and curious about cybersecurity: “They are finally starting to understand that cyberattacks are real threats and that cybersecurity matters.”

Mr. Robot has been a particularly good example of this change in how Hollywood writers represent hackers. It’s unlike many of the movies and television shows that came before it because of its realism. The main character, Elliot, is a cyber security professional by day and vigilante hacker by night. He exploits his targets using the same methods we’re seeing today, like DDoS attacks, tapping into unsecured Wi-Fi networks, and social engineering where hackers trick victims into sharing their personal information. Elliot joins a group of vigilante hackers called “fsociety,” many of whom are in their early to mid-20s. fsociety’s age range matches the real life trend of hackers getting younger and younger, especially as executing attacks no longer requires years of experience or an advanced technical background. Our CIO, Adam Tyler, will be speaking more on that topic at SXSW this year.

To mitigate the risk and consequences of attacks like those seen in Mr. Robot, here are some of the security measures you can implement:

  • Use strong passwords. Hackers can crack a weak password in minutes. Strong passwords are at least 12 characters long, are comprised of a cryptic combination of letters and numbers, and do not include any words found in a common dictionary.
  • Avoid unsecured Wi-Fi networks. Unsecured Wi-Fi connections, like those in airports and coffee shops, leave users wide open to a variety of man-in-the middle Hackers can capture Internet history tracking data, insert themselves into communications between systems and people, and track keystrokes. This is why users should avoid unsecured Wi-Fi wherever possible. Some great alternatives for connecting to the Internet on the go are secured personal hotspots, or a Virtual Private Network (VPN).
  • Practice good social media habits. Even seemingly innocuous information found on social networking sites, like your pet’s name or high school mascot, can be used by criminals to gain access into your accounts, as these often serve as the answers to popular password-reset questions. Check your privacy settings to make sure you’re not over-sharing information on social media.

Do you watch Mr. Robot or any other show featuring hackers? Tell us your thoughts over on Twitter, Facebook, and LinkedIn.

 

Macs Under Attack: Why We Can’t Take Security for Granted

By | September 1st, 2016|Industry News|

CSIDIn January, we shared predictions about the trends that would dominate the cybersecurity space in 2016. Among those was a prediction that Apple devices would no longer be “immune” to attack and as they gained popularity, would become a more desirable target than ever for cyber criminals. Once seemingly impossible to penetrate, we’re already seeing a number of attacks against Apple in just the last two months that suggest this is no longer the case.

Users were urged to updated their devices in late July, when news broke around new research identifying security holes in Apple’s desktop and mobile operating systems that could allow malware to be sent via iMessage – similar to what we saw last year with the Stagefright bug on Android devices. By creating malware formatted as a TIFF file, hackers could send an image to a target over iMessage and execute malicious code on the device – giving the attacker access to both the device’s memory and any stored passwords. The same attack could be delivered by email, or by directing the user to a browser that contains the malware-infected image. The good news? Apple addressed these vulnerabilities with the release of iOS 9.3.3 for mobile and El Capitan 10.11.6 for OS X.

Just last week, we saw what could be another pivotal moment in Apple security: the first remote jailbreak exploit. Human rights activist Ahmed Mansoor, from the United Arab Emirates, received a suspicious text with a link that, if clicked, would have jailbroken his phone and infected it with malware. Had this been successful, the attacker would have been able to log encrypted messages, secretly activating the phone’s microphone and tracking its movements. This attack exposed three vulnerabilities in Apple’s iOS that, when combined, could lead to the jailbreak of an iOS device, which until now, has never been thought to be possible. Again, Apple released patches for the vulnerabilities with the release of iOS 9.3.5 last week.

Attacks against Apple show no sign of slowing. That said, if there is one take away from the above, it’s that Apple is offering consumers the opportunity to stay secure with every software update they release. It’s therefore our responsibility to take advantage of these updates, and take control of our own security.

Join the conversation and stay up to date on the latest cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

Here’s the Going Rate for Your Accounts on the Dark Web

By | August 4th, 2016|The Dark Web|

CSIDLast year, I took the stage at South by Southwest and walked audience members through a live demonstration of dark web marketplaces in a session called “Digital Identities: Modern Underground Currencies.” We kicked off with a game of “Price (of Pii) is Right,” where I gave the audience an opportunity to guess how much personally identifiable information was selling for across the dark web. As I revealed the answers, the feeling of shock was palpable.

Credentials for an Uber account? That will set you back $1.49. 20k Avios air miles? A mere $10.

The reality is, many high value accounts are selling for cheap across the dark web. Just this past week, a company called LogDog released a report that revealed just how inexpensive these credentials are being sold for:

  • Email accounts like Gmail and Yahoo:Around $1 (70 cents to $1.20)
  • Amazon accounts:Around $1 (though this ranges from 70 cents up to $6, depending on the account balance and country)
  • Uber accounts:$1-$2
  • Netflix accounts:$1-$2
  • Social Security numbers:About $1

While you may not feel especially threatened by the idea of someone using your Netflix account to stream movies, the real danger here is due to password reuse. Sixty-one percent of people admit to reusing the same password across multiple websites, and hackers have caught on. So while you may not mind if a hacker accesses one of your perceived lower value accounts, they are more than likely to use those same login credentials on your bank website, or to access your medical insurance.

It’s imperative that consumers create long, strong and unique passwords across their accounts, as hacks show no sign of slowing and cyber criminals are younger and less sophisticated than ever. If you’re interested in the creation and evolution of hacker identities, be sure to stay tuned to the blog next week for information on how to help my session make the stage at SXSW 2017.

Do these prices surprise you? We’d love to hear what you think. Join in the conversation on FacebookTwitter or LinkedIn.

National Internet Safety Month: Gaming and Hacking

By | June 10th, 2016|Online Safety|

CSIDJune is National Internet Safety Month, which began in 2005 in order to raise awareness around the need for online safety, especially among children and teens. In honor of Internet Safety Month, let’s hone in on the gaming industry, one area in particular that has caused a huge growth in the popularity of hacking.

More than ever before, we’re seeing less skilled, younger individuals getting involved in cybercrime. Attacks no longer require years of experience and an advanced technical background. Tools to carry out sophisticated attacks are now easily assessable, easy-to-use and affordable on the dark web. Just three years ago, a majority of cybercriminals were in their late teens or early twenties. Now, we’re talking about nine and 10-year olds, which are being introduced to hacking at an early age. How are youngsters hearing about the dark web, then? One answer: video games.

Popular games are attracting a younger and younger demographic. When kids sit down to play a game, everyone gets competitive. Some have started to hack accounts in order to come out on top. This is where kids begin to be exposed to the illegal world of the dark web. Take Distributed Denial of Service (DDoS) booting services, which have grown in popularity. These DDoS services allow an individual to take control of another individual’s IP address to knock them out of a computer game. And, it doesn’t stop there.

Before gaming gets out of hand, parents need to play an active role in their child’s online safety. First, they need to start thinking about technology or the Internet as a place that’s integrated with our daily lives, not a separate world. Stay up-to-date on the latest technology your child engages with, like gaming consoles or a hot new app. For some of these video games, the age requirement is 18 years and old, where young children are being exposed to potentially harmful environments. Parents should be held accountable for keeping their children safe.

If kids are gaming maliciously, parents must be on the lookout and be willing to start conversations around the real consequences of criminal activity. That’s where we can truly begin cutting down on cybercrime among the younger generation. Want to join in on the gaming conversation? Share your thoughts on Facebook, Twitter and LinkedIn.

2016: Mobile, IoT Threats on the Horizon

By | December 21st, 2015|Industry News|

Cybersecurity TrendsLast week we recapped the big happenings of 2015 for CSID. This week, we’re switching gears to look ahead to 2016 and the trends we expect to dominate in the year to come.

All eyes on mobile
The rise of mobile payments (and recent participation from major players like Apple, Android and financial institutions like Chase), has made mobile a more attractive target than ever for cyber criminals. We expect that fragmentation, especially within the Android ecosystem, will exacerbate the problem, as different manufacturers are running multiple versions with no agreed-upon update system. This is an increasing problem particularly in the developing world where consumers are using older devices that are no longer supported by the manufacturer and as a result, no longer receive the critical patches and updates to address security flaws.

Additionally, as we look to the future, mobile attacks will be simpler than ever to implement. Just one example of this that we saw in 2015: the iOS text crash, where victims were infected just by opening a multimedia message (MMS). In 2016, we’ll see a rise in these simply orchestrated, yet impactful attacks on mobile devices.

Macs no longer immune to attack
While once seemingly impossible to penetrate, Macs will become the victim of increased focus from cyber criminals as they continue to gain popularity.

A recent report from Bit9 and Carbon Black states that 2015 was the most “prolific year for Mac malware in history.” Specifically, the report suggests that the OSX malware during this past year was a staggering five times more prevalent than the past five years combined.

It’s clear that Mac OSX is now a platform that we need to be concerned about. We’re no longer living in days where we can opt out of OSX updates and not worry about the materials we download. We’ll need to exercise increased caution across all of our devices in 2016.

The dark web as marketplace of ideas will exacerbate attack reach and impact
More than ever, we’ll see cyber criminals using the dark web to share tips and tricks amongst each other, making advanced threats and attacks more accessible to general users. With this, we’ll also see a rise in younger, less experienced, and non-traditional cyber criminals orchestrating attacks. The National Crime Agency recently reported that the average age of a cyber criminal has dropped to just 17 years old.

Malvertising and drive-by downloads will increasingly deceive users
We’ll see a rise in malvertising on legitimate, credible sites – like Forbes, BBC, and other top tier sites – that are sourced by external adware networks.

Malvertising, which takes the shape of seemingly innocuous ads on the internet, will infect users’ devices if clicked. What’s more, drive-by-downloads, which require a user to just visit a website to infect their device, will grow in popularity and be spread through MMS.

Internet of Things players will need to prioritize security
We’re seeing the Internet of Things (IoT) continue to gain momentum as more and more connected devices are brought to market. In 2016, developers will need to make security a priority. Even seemingly benign devices (like your connected refrigerator or thermostat) can serve as a pathway into your most sensitive information.

Vulnerabilities in in-car entertainment systems earlier this year demonstrated how hackers could, somewhat easily, take control of the car’s steering, brakes, and other vital features. In 2016, we’ll see an increasing focus on the security of the IoT, which may cause a shift in priorities at the product development level.

Keep an eye out for these trends in our “click-to-reveal” series on Twitter and stay up to date with the latest CSID news by following us on Facebook and LinkedIn.

Ransomware in Review

By | November 24th, 2015|Business Security, Malware and Scams|

RansomwareOne of the scariest cyber security trends of 2015 was the evolution and uptick of ransomware attacks. Ransomware is a type of malware that, once installed on user’s device, will block access to the device until a ransom is paid to the cyber criminal to unlock and remove the malware. The FBI recently reported that Cryptowall, a popular strain of ransomware, netted cyber criminals more than $18 million between 2014 and 2015.

It is true that ransomware campaigns have continuously netted their owners large amounts of profit, and have become highly attractive to the fraud community. However, this rise in prominence has also led to an increase in focus by the anti-virus industry, whose job it is to mitigate the major threats seen in the underground world.

This is why ransomware has evolved drastically over the past 12 to 18 months. Cyber criminals have realized that that the security industry is capable of developing various countermeasures to software-based threats, so simply locking devices for a ransom is easily mitigated and prevented. As a result, cyber criminals have taken ransomware a step further and moved to file encryption, which is much more difficult to resolve via anti-virus software. By implementing file encryption, cyber criminals can ensure that users cannot simply apply a patch and undo the damage done to their device. Affected users are forced to deal directly with the cyber criminal if they have any desire to recover the encrypted information, increasing the probability of an affected user paying the ransom rather than going to a security vendor for help.

Countermeasures to this new approach to ransomware are in the works. Businesses can focus on monitoring network traffic to identify anomalous requests or physical devices to identify suspicious activities on devices, activities like file system access and injection into remote processes. However, these countermeasures are a product of businesses catching up to the cyber criminals. The underground community will always be coming up with new ideas and attack methodologies. They innovate at a faster pace than the business world and are constantly focused on designing new methods to steal anything that can be sold or used for financial gain. It’s up to businesses and consumers to understand these issues and utilize the best tools available to secure themselves and their devices.

As always, let us know your thoughts on FacebookTwitter or LinkedIn.

Securing All the Things: IoT Myths and Realities

By | September 4th, 2015|Uncategorized|

IoTThe Internet of Things isn’t a new concept – but it’s certainly one that has gained momentum, particularly within the last year. Recently, we’ve seen more and more connected devices come to market. While connecting our world may bring added convenience to our everyday lives, it’s important to question what we may be sacrificing from a security perspective.

Back in April, news broke around a software glitch that enabled hackers to take control of a Jeep Cherokee while on the road. Cybersecurity experts Charlie Miller and Chris Valasek, working from laptop computers at home, were able to break into the Jeep’s electronics through the entertainment system. The experts were then able to change the speed of the vehicle, alter its braking capability, and manipulate both the radio and windshield wipers. The two described the hack as “fairly easy” and “a weekend project.”

It was recently discovered that not even Tesla Motors is immune to being hacked. This, again, was an attack orchestrated through the car’s entertainment system, though it took closer to a year to pull off. Researchers were able to apply the emergency hand brake, remotely lock and unlock the car, and control the touch screen displays. There is good news – Tesla has already developed a fix, which has been sent to all of the affected vehicles.

Something rarely discussed that warrants consideration from both security professionals and consumers alike is the danger brought on by seemingly innocuous connected products (think: “smart fridge” or “connected toaster”). While the thought of a hacker gaining control of a refrigerator is perhaps less daunting than the idea of them taking control of your steering wheel while on the highway, the reality that these products may serve as a gateway to more sensitive information is something that cannot be ignored.

Just a few weeks ago, a team of hackers uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that showed it could be exploited to steal Gmail users’ login credentials. What’s most concerning about this is hackers were able to access a sensitive network, containing users personally identifiable information, through hacking into the refrigerator.

There has been a lot of fear around smart medical devices – but this is one area that may be considered more IoT “myth” than “reality.” Most medical devices don’t currently appear to be connected to the Internet, but rather through Bluetooth. Additionally, because most medical appliances are smaller scale, it’s virtually impossible to integrate a mobile phone connection into devices of this size. Consumer fears around having cellular waves inside the human body have also kept these devices from operating on a mobile phone connection.

Fears around connected smart watches may also be considered an IoT “myth,” at least at this stage, as most are not directly connected to the Internet. That being said, last month HP did discover some major areas for concern, finding that most smart watches did not have two-factor authentication, were vulnerable for man-in-the-middle attacks, and had poor firmware updates.

It’s an interesting debate – and one that will undoubtedly continue as more companies introduce products to compete in this space. What do you think about security risks with the Internet of Things? Weigh in with us on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Load More Posts