Okay, so I have learned that a VPN will not help me. It is a privacy, not protection, device.
If am using a PC and a Wi-Fi network with my Norton 360 and its firewall, am I reasonably safe? Is there anything I can do to become safer?
Can you use your phone as a hotspot? Will that help?
How do people prevent intrusions while using a Wi-Fi?
As an aside, I tend to work with Excel a lot and occasionally watch Mynda Treacy on YouTube for some Excel pointers. She had a very similar, though more severe, experience a year ago. She does a wonderful job in discussing her ordeal in this following YouTube:
Some routers come with free firewall/antivirus protection if enabled within the router. (ASUS for instance has TrendMicro Security within and can be enabled) Check your router settings.
Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
Motherboard
ASUS ROG Maximus VI Formula
Memory
32.0 GB of I forget and the box is in storage.
Graphics Card(s)
Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
Sound Card
Onboard
Monitor(s) Displays
4 x LG 23MP75 - 2 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
Screen Resolution
All over the place
Hard Drives
Too many to list.
OS on Samsung 1TB 870 QVO SATA
PSU
Silverstone 1500
Case
NZXT Phantom 820 Full-Tower Case
Cooling
Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
This tutorial will show you how to change your DNS Server address and enable DNS over HTTPS (DoH) in Windows 11. A DNS (Domain Name System) server is the service that makes it possible for you to open a web browser, type a domain name and load your favorite websites. DNS over HTTPS (DoH), or...
www.elevenforum.com
and set all the browsers on every system to use only HTTPS.
This tutorial will show you how to turn on or off secure DNS in Microsoft Edge for your account or all users in Windows 10 and Windows 11. The Microsoft Edge web browser is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and...
www.elevenforum.com
most other browser can be setup the same with HTTPS.
also a last point.
in edge and other browsers you can anonymise WebRTC. this can also be disabled if required.
Ever wonder how to disable RTC on Edge? In this article, we'll show you how to disable WebRTC on Microsoft Edge to ensure your privacy.
veilock.com
and finally in FireFox you can do all the above and then containerise sites which sandboxes them from any other within the browser connection with everything else you are doing. its just another layer of privacy and basic security.
all the above make it far harder for anyone to read anything you are doing even if the connections are intercepted.
i would also get every member of the group to virus and malware check their own systems as well.
best of luck, Steve ..
Outside of Steves suggestions re WiFi, I can only suggest a super strong password for your WiFi Network.
At least 12 characters (or more) and include a mix of uppercase and lowercase letters, numbers, and special characters (! @#$&^%)
There are On-Line Password Generators & a great group called Sordum makes and updates a PC APP that is free.
Sordum Random Password Generator is a portable freeware Application to generate most secure Password with one click,you can customize your passwords easily.
www.sordum.org
Edit: I think my WiFi password is 24 or 32 characters long. One or the other.
Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
Motherboard
ASUS ROG Maximus VI Formula
Memory
32.0 GB of I forget and the box is in storage.
Graphics Card(s)
Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
Sound Card
Onboard
Monitor(s) Displays
4 x LG 23MP75 - 2 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
Screen Resolution
All over the place
Hard Drives
Too many to list.
OS on Samsung 1TB 870 QVO SATA
PSU
Silverstone 1500
Case
NZXT Phantom 820 Full-Tower Case
Cooling
Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
I don't know if it makes sense being a small group, but you always have the option to hire a security consulting company. They could do a risk assessment and recommend options that make sense for your size to reduce your attack surface/risk profile. Also being small this shouldn't be cost prohibitive and frankly threat actors target groups of all sizes often in an automated fashion. Smaller groups often = low/no budget dedicated to security and hence making you easier targets for quick profit.
You can also take a look at NIST CSF which is a cyber security framework. AKA do these things to reduce your risk profile. There are obvious controls that won't likely make sense for your size but others will. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf honestly something like chatgpt can also help be a security consult sort of as long as you know how to ask.
Actually the problem is worse, they are stealing sessions, even removing cache and cookies might not prevent the issue. Just the fact that the browser/Windows is logged into the account suffices. Limiting scripting capabilities might help.
The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines.
Here you can find our most popular projects: we are mainly focused on developing cybersecurity and SaaS products, but we have also developed services of general use that solve common problems.
As far as I know there is no security product, which prevents stealing sessions, because it is too complex. But it can be mitigated, as you mentioned, the problem starts with clicking on a link. Using a safe DNS can block many malware. I block 95% TLDs, like in this chart, I block 8 of them, that alone limits the risk. I prefer downloading the document instead of opening it online, since it bypasses security.
You can also use a different DNS in different browsers/Windows. Blocking social media also helps a lot.
I have 2 browsers, where I block all the internet and I allow only the dedicated service, like FB and Youtube.
I would agree there isn't a security product for this specific problem, but it does tend to fall into endpoint protection products as sessions are made possible typically by session cookies or acces tokens stored locally on a system. Threat actors know where these are stored and can get to them through local malware or in some cases malicious javascript if the session cookie doesn't implement best practices for protecting the cookie
This tutorial will show you how to change your DNS Server address and enable DNS over HTTPS (DoH) in Windows 11. A DNS (Domain Name System) server is the service that makes it possible for you to open a web browser, type a domain name and load your favorite websites. DNS over HTTPS (DoH), or...
www.elevenforum.com
and set all the browsers on every system to use only HTTPS.
This tutorial will show you how to turn on or off secure DNS in Microsoft Edge for your account or all users in Windows 10 and Windows 11. The Microsoft Edge web browser is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and...
www.elevenforum.com
most other browser can be setup the same with HTTPS.
also a last point.
in edge and other browsers you can anonymise WebRTC. this can also be disabled if required.
Ever wonder how to disable RTC on Edge? In this article, we'll show you how to disable WebRTC on Microsoft Edge to ensure your privacy.
veilock.com
and finally in FireFox you can do all the above and then containerise sites which sandboxes them from any other within the browser connection with everything else you are doing. its just another layer of privacy and basic security.
all the above make it far harder for anyone to read anything you are doing even if the connections are intercepted.
i would also get every member of the group to virus and malware check their own systems as well.
best of luck, Steve ..
Outside of Steves suggestions re WiFi, I can only suggest a super strong password for your WiFi Network.
At least 12 characters (or more) and include a mix of uppercase and lowercase letters, numbers, and special characters (! @#$&^%)
There are On-Line Password Generators & a great group called Sordum makes and updates a PC APP that is free.
Sordum Random Password Generator is a portable freeware Application to generate most secure Password with one click,you can customize your passwords easily.
www.sordum.org
Edit: I think my WiFi password is 24 or 32 characters long. One or the other.
Hopefully, the insecure SMS is not included as MFA. eSIM helps a lot though.
Actually the problem is worse, they are stealing sessions, even removing cache and cookies might not prevent the issue. Just the fact that the browser/Windows is logged into the account suffices. Limiting scripting capabilities might help.
The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines.
Here you can find our most popular projects: we are mainly focused on developing cybersecurity and SaaS products, but we have also developed services of general use that solve common problems.
www.novirusthanks.com
As far as I know there is no security product, which prevents stealing sessions, because it is too complex. But it can be mitigated, as you mentioned, the problem starts with clicking on a link. Using a safe DNS can block many malware. I block 95% TLDs, like in this chart, I block 8 of them, that alone limits the risk. I prefer downloading the document instead of opening it online, since it bypasses security.
You can also use a different DNS in different browsers/Windows. Blocking social media also helps a lot.
I have 2 browsers, where I block all the internet and I allow only the dedicated service, like FB and Youtube.
I will read these articles. When I read "powershell," however, I grow cautious because I don't have the chops (yet) for powershell.
How are average users like myself or Mynda Treacy (see earlier YouTube) supposed to function in the wild? Working on a pc, Mac, or iPad is now commonplace, yet we seem vulnerable.
I would agree there isn't a security product for this specific problem, but it does tend to fall into endpoint protection products as sessions are made possible typically by session cookies or acces tokens stored locally on a system. Threat actors know where these are stored and can get to them through local malware or in some cases malicious javascript if the session cookie doesn't implement best practices for protecting the cookie
Yes, this seems frustrating. Working in the wild (not at home) is common in today's environment. Yet it seems that we are vulnerable to different threat actors without much defense. Mynda Treacy (see earlier YouTube) is still not completely sure how she was hacked. And you are correct in that I do not know how Jeff was hacked. All I do know is that problem occurred when he was using Wi-Fi at a colleague's office. We discovered that another entity had accessed his Microsoft 365 account at that time and sent emails to others.
Since there isn't a security product to guard against this specific problem, I am uneasy about using Wi-Fi in the wild. I thank you for your help and guidance over the past several posts.
I want to thank everyone for commenting. As evidenced by my comments, I am not a technical person. I am an older and general computer user who can usually get by with a little help from his friends.
During the weekend, I will read through many of the articles and links provided.
It seems as though the average user is at risk when using their pc, Mac, or iPad in the wild. There are no solid solutions to prevent bad stuff.
When I saw Mynda Treacy's YouTube (see earlier post) a year ago, I thought to myself that she was very unfortunate but that the problem is rare. Now that Jeff had something seemingly similar, I am worried and cautious.
I am not an expert either, my "skill" is copy/paste, but it is not that hard once you understand basics. Like malware does not magically infect PC, when you click on the link, it all involves scripts. Disable or limit scripting and it will most likely fail or even better use DNS to block those links in the first place, it can prevent downloading a malicious payload in the background. I use DNS as AV. I have not used AV since XP and I buy everything online, I do not even use cash for a decade. Malware works like ABCD, break the chain and it will fail. I disable every "feature" I can find, in my browser all sites permissions are denied, like notifications used to scam or iframe docs scripts.
11 has already disabled one scripting capability by default, VBS, but you can disable WSH completely.
That is what tools like Hard_Configurator (free) and SysHardener (paid) try to do. I try to mimic it like:
That is not really an issue, since all traffic is encrypted, but when you use VPN, it adds another level of encryption.
But I would probably add a firewall to make sure that unencrypted connections are blocked, including insecure DNS.
I block TCP port 80 and UDP port 53 to prevent it, though some documents/webpages can still need the insecure HTTP.
I want to thank everyone for commenting. As evidenced by my comments, I am not a technical person. I am an older and general computer user who can usually get by with a little help from his friends.
During the weekend, I will read through many of the articles and links provided.
It seems as though the average user is at risk when using their pc, Mac, or iPad in the wild. There are no solid solutions to prevent bad stuff.
When I saw Mynda Treacy's YouTube (see earlier post) a year ago, I thought to myself that she was very unfortunate but that the problem is rare. Now that Jeff had something seemingly similar, I am worried and cautious.
to be honest i think someone on this campus was sniffing your WiFi and struck lucky.
if you had been using encrypted DNS with encrypted HTTPS the chances of them getting the required data to 'hack' anything would have been far less as all the connections would have been unreadable to the hacker.
thats how i have read this, so it looks likely to have been more like a drive by then a direct personal assault on your systems.
best of luck, Steve ..
We checked for unauthorized access to his account for the prior seven days of his meeting and found nothing. We found access during his meeting, and emails were sent during his meeting. Emails were not sent out prior to his meeting. And there have been no issues since we blocked, signed him, unblocked, and provided a new password.
His Mac seems fine now. And we do know that the hacker tried again later in the day without success because their cookie was cooked.
Again, although he was using a Mac, I began this thread because I want to ensure that this does not happen to me. Most of our small group of about a dozen people use PCs.
As stated before, I do not know the method of attack. We just know that an attack took place. Similarly, Mynda does not know with certainty how she was attacked.
From your posts and embedded links, I know have great expertise about this topic. So I am not disagreeing with you. Instead, I am merely repeating my observations.
I sincerely appreciate your input and offer to assist with Plan 2.
I am not an expert either, my "skill" is copy/paste, but it is not that hard once you understand basics. Like malware does not magically infect PC, when you click on the link, it all involves scripts. Disable or limit scripting and it will most likely fail or even better use DNS to block those links in the first place, it can prevent downloading a malicious payload in the background. I use DNS as AV. I have not used AV since XP and I buy everything online, I do not even use cash for a decade. Malware works like ABCD, break the chain and it will fail. I disable every "feature" I can find, in my browser all sites permissions are denied, like notifications used to scam or iframe docs scripts.
11 has already disabled one scripting capability by default, VBS, but you can disable WSH completely.
That is what tools like Hard_Configurator (free) and SysHardener (paid) try to do. I try to mimic it like:
That is not really an issue, since all traffic is encrypted, but when you use VPN, it adds another level of encryption.
But I would probably add a firewall to make sure that unencrypted connections are blocked, including insecure DNS.
I block TCP port 80 and UDP port 53 to prevent it, though some documents/webpages can still need the insecure HTTP.
Looks like I found a kindred spirit on with skills in copy and paste.
I doubt he clicked on any links. They had a meeting, which included a Teams meeting. I don't think he did a lot on the internet aside from that.
If there was malware installed on his computer, then i would expect the problem to be continuing. It isn't. It seems dead in its tracks. And the hacker did try again a few hours later without success. Its cookies were cooked, and it was no longer granted access to Microsoft 365.
As I mentioned to others. I have no clue how this happened. I just know that it did happen.
From others in this thread, a VPN is only a privacy device, not a protection device.
As of this evening, I am now using an encrypted DNS connection. I need to do more reading and understanding to follow some of the other suggestions in this thread.
to be honest i think someone on this campus was sniffing your WiFi and struck lucky.
if you had been using encrypted DNS with encrypted HTTPS the chances of them getting the required data to 'hack' anything would have been far less as all the connections would have been unreadable to the hacker.
thats how i have read this, so it looks likely to have been more like a drive by then a direct personal assault on your systems.
best of luck, Steve ..
You could very well be right. Why was he chosen? Was he the only one chosen? I don't know the answer to either of those questions.
As of tonight, I began using an encrypted DNS.
To be honest, I am not sure how an encrypted DNS would have helped in this situation. Using my naive understanding, I visualize the hacker as reaching into the drive where the cookies are stored, grabbing the Office cookie, and then accessing the person's Office account to begin spraying emails far and wide. The hacker did a bit more, though, because it knew enough to customize the email with our organization's title. Once it entered the user's portal, it would know the organization's title.
