Oddbean new post about | logout
657d6ebf | 1 years ago (raw) | export | reply | flag 
 #CyberSecurityAwarenessMonth 

Information stealers have lead to some pretty significant breaches in recent years.

In most cases, once you realize you've been had, its already too late.

Avoiding information stealers is, as always, sticky business. Most of the time they are delivered through Malicious search engine ads, SEO poisoning, phishing e-mails, download links via social media, youtube, etc.

The best advice I can offer is always download software from the official source. An ISO image sent to you in an e-mail isn't an official source. 

If friends send you links to sketchy looking sites, reach out them to make sure they actually sent you that message/attachment.

A lot of information stealers bank on you saving your credentials and session cookies to your browser indefinitely, and are designed to steal not only your passwords, but your session cookies as well. Even if I don't have your password, even if you have two-factor authentication turned on, If I have an active, valid session token, for all intents and purposes I can become you and access everything on your account.

It might be slightly inconvenient, but consider setting your browser to delete your cookies and browser history when the browser windows are closed.

to that effect: shut down your PC when you're not using it. Its not the 90s or early 2000s anymore. Just about every modern PC has an SSD, and will boot in like 10 seconds. 

Use a password manager that is not the integrated one that comes with the browser. I use KeePassXC, since its free and runs on all of the major desktop operating systems, but some others swear by bitwarden. 

If its a company-issued laptop, keep it stowed when not in use, and ensure it is shut down, not on standby/hibernate. You might be tek saavy, but your kid wants 200 vbucks, and the comment on a youtube video told them to download a vbucks generator (totally_legit_not_an_infostealer.exe) to get 200 vbucks for free.

If you suddenly observe a burst of traffic to discord or telegram and you or others in your household don't use either of those services, you need to find out why. There are a lot of infostealers that use both services to upload stolen data.

good luck
Taggart :donor: | 1 years ago (raw) | root | parent | reply | flag 
 @e9f3e988 May I just add: use an adblocker everywhere

We're seeing so much malvertising and SEO poisoning-related stealer activity, it's essentially criminal negligence to not deploy browser-based ad blocking to your users at this point.
657d6ebf | 1 years ago (raw) | root | parent | reply | flag 
 Other good advice I've seen offered: Use Adblockers

There are a lot of people out there who are trying to guilt you into accepting ads in order to deliver you content. That its their business model, and how you get things for free.

But then you tell them how its their ad delivery networks that are delivering malware and fake updates then they just shrug. The fact is, if you end up the victim of an infostealer, or ransomware, or whatever, that they won't care, help you, or say sorry. Use adblocking software.

uBlock origin is considered the most trustworthy adblocking software on the planet, and it works for firefox, and chrome-based browsers (yes, that includes microsoft edge): https://ublockorigin.com/

You might want to access the Filter Lists settings and enable some of the other filters as well -- such as annoyances, malware protection, and multi-purpose categories. I generally enable everything except the international options.