http://CyberIDGuard.com Page 1 of 15 ©2016 Cyber ID Guard LLC

What’s Up with Malware?

What hackers, world governments, and Anti-Virus companies don’t want you to know...

A White Paper from

http://CyberIDGuard.com Page 2 of 15 ©2016 Cyber ID Guard LLC

Table of Contents

Introduction... what the heck just happened? 3 What is Malware? 4 What is a Keylogger? 6 Why is your Keyboard at risk? 8 What you can do about Malware 9 About Cyber ID Guard LLC 14

http://CyberIDGuard.com Page 3 of 15 ©2016 Cyber ID Guard LLC

Introduction... what the heck just happened? Malware is something you probably already own. Although you may not know you have it, more than likely it is alive and well deep, deep inside your computer, iPad, or mobile phone. It’s lying in wait. You will trigger it into action. The hacker that put it on your computer knows this. If you are like the vast majority of people on the planet with an electronic device, you do not have a clue of the risk you face. Hackers are counting on that fact, and once they have captured your information, that packet will become an item for sale on the hacker’s market. And you will get a call from your credit card company or bank asking if you bought a musical instrument in Tennessee, even though you live in Florida. “I don’t even play a musical instrument, and I have not been to Tennessee since the 1990s” you may tell the fraud agent at the credit card company. Such is life in the internet world. Have you seen the news lately? Just about every day there is a new story about a breach at a major corporation, a big box retailer, a state or local government agency, an educational institution or a large health care provider. What about the stories that do not make it to the news wires? That is the crux of what we are about. Regular folks talking about an irregular risk. Is getting hacked the “new normal”? We don’t think so. We think there are things you can do to protect yourself and your family. The first thing to do is learn about what is going on around you, and how to take action to mitigate the risk of Keylogging Identity Theft.

http://CyberIDGuard.com Page 4 of 15 ©2016 Cyber ID Guard LLC

What is Malware? The easiest way to find out about malware is to search for it on Google. Make no mistake, it is already searching for you. A recent search for the term “malware” returned over 26 million hits. Yet why are so many people unaware of the scourge of the internet? One theory that has been bandied about is the antivirus companies, worldwide government agencies, internet influencers, and of course, cyber criminals, don’t want you to know. They all have motives that indicate suppressing knowledge of this insidious risk benefits them. As far as the antivirus companies are concerned, if consumers knew that a great deal of malware escapes the effectiveness of antivirus software, perhaps their sales may suffer. In a recent report1, Let’s take government agencies next. Ask Edward Snowden. Are agencies really installing spyware on our devices? Is this the precursor to George Orwell’s 1984? Will all the spying on citizens lead to predictive modeling like we saw in Minority Report? Or perhaps internet influencers - large advertisers, organizations that deliver traffic, and others that use personal information to serve ads, reroute traffic, and otherwise manipulate marketing communications in their favor - are the ones with a vested interest in piercing the veil of your private data. 1 Wang, Abigail. “Is Antivirus Software Ineffective?”. SecurityWatch. Accessed on June 15, 2014. http://securitywatch.pcmag.com/security/323973-is-antivirus-software-ineffective 2 Kessler, Topher. “Malware detection is a losing battle”. MacIssues. Accessed on June 15, 2014. http://www.macissues.com/2014/05/08/malware-detection-is-a-losing-battle/

“most of the newly detected malware went undetected by nearly half of the antivirus vendors. After two months, one third of the antivirus scanners still failed to detect many of the malware samples. The malware that Lastline Labs dubbed "least likely to be detected" indeed went undetected by the majority of antivirus scanners for months, or was never detected at all. This malware is probably the advanced kind created and exploited by

http://CyberIDGuard.com Page 5 of 15 ©2016 Cyber ID Guard LLC

Whatever the reason, there is an undercurrent of stolen or compromised data circulating in the electronic underworld. And it’s all for sale to the highest bidding thief. Let’s take a look at an obvious popular source, Wikipedia, for a definition. Normally, as a researcher, I would not rely heavily on Wikipedia, but when I see an entry that is well-documented, I am a bit more at ease with this as a source. Here is a screen shot of what you will find:

In short, anything that lands and sticks in your computer that can potentially harm, disrupt processes, initiate a process or capture information from that device is malware. There are many forms and many delivery mechanisms for malware - and cyber criminals are creating more as we speak. It is common knowledge in the internet security industry that more malware is

http://CyberIDGuard.com Page 6 of 15 ©2016 Cyber ID Guard LLC

created each month than antivirus software can find and eliminate, and this is happening at an increasing rate.2

➜ ➜ ➜ ➜ ➜

What is a Keylogger? A keylogger, (aka: keystroke logging; keylogging), tracks the strokes on a keyboard without the knowledge of the user. This information is then collected and used to access private accounts or collect personal information. Keyloggers can be software, hardware, or external monitoring such as acoustic analysis or electromagnetic emissions. We will concentrate on software-based keyloggers. That is what we as consumers are up against in our daily lives. According to Symantec, a leading internet security software company, these malicious applications use the target computer’s operating system in various ways, including:

• imitating a virtual machine (hypervisor-based or virtual machine manager)

• acting as the keyboard driver (kernel-based) • using the application programming interface to watch keyboard strokes

(API-based) • recording information submitted on web-based forms (Form Grabber

based)

2 Kessler, Topher. “Malware detection is a losing battle”. MacIssues. Accessed on June 15, 2014. http://www.macissues.com/2014/05/08/malware-detection-is-a-losing-battle/

“The amount of malware that security companies are seeing come out every year is increasing exponentially, and with only a few such companies matched against the ever-increasing hacking and malware communities, there is almost no way for them to keep up with identifying malware and creating effective definitions against it.”

http://CyberIDGuard.com Page 7 of 15 ©2016 Cyber ID Guard LLC

• capturing network traffic associated with HTTP POST events to steal passwords (Packet analyzers)3

The Oxford Dictionary adds this: ➜

Oxford has a couple of other good observations:

As you can see, this is not a run-of-the-mill issue that should be brushed aside, stuck on the back burner, chuckled at in a commercial with a funny voice, or otherwise ignored. This is reality, and chances are you either know someone who, or have been personally affected by, this wave of cyber crime.

3“What is a Keylogger?”. pctools by Symantec. Accessed on June 15, 2014. http://www.pctools.com/security-news/what-is-a-keylogger/

http://CyberIDGuard.com Page 8 of 15 ©2016 Cyber ID Guard LLC

Why is your Keyboard at risk? Your primary means of communicating in the cyber world revolves around the use of a keyboard. While companies and organizations that are getting attacked, hacked and infiltrated are all over the news, your personal keyboard most likely did not make the news reports today. Small potatoes. When a $0.00 balance shows up in your bank or brokerage account, your small potato just got sliced, diced and swallowed by a thief. That is not insignificant. That is all too real to many, many people - and the numbers are growing. In fact, malware is breaking all records at the time of writing of this white paper, according to a recent report4: ➜ ➜ ➜ ➜

Any form of malware puts your device at risk. Trojans are by far the most widely spread malware, accounting for the bulk of threats and infections.5

4 “Malware Breaks All Records in Q1 2014”. info security magazine. Accessed on June 15, 2014 http://www.infosecurity-magazine.com/view/38631/malware-breaks-all-records-in-q1-2014 5 “PandaLabs Quarterly Report January-March 2014”. pandasecurity.com. Accessed on June 15, 2014 http://press.pandasecurity.com/wp-content/uploads/2014/05/Quaterly-PandaLabs-Report_Q1.pdf

“So far in 2014, trojans are still the malware most commonly used by cybercriminals to infect users. According to data from PandaLabs, four out of five infections around the world were caused by trojans, which translates to 79.90% of the total. Viruses are in second place, accounting for 6.71% of infections, followed by worms, with a ratio of 6.06%. Unsurprisingly, in the area of mobile devices, there have been increasing attacks on Android environments. The firm noted that many of these involve subscribing users to premium-rate SMS services without the victims’ knowledge, both through Google Play as well as ads on Facebook, using WhatsApp as bait.”

http://CyberIDGuard.com Page 9 of 15 ©2016 Cyber ID Guard LLC

Malware spreads in many ways: • in email, often sent as an attachment • embedded in web pages • through computers with an exploitable vulnerability, such as out of date

antivirus software • through file-sharing/peer-to-peer networks • through instant messaging clients • using an infected CD • through social networks

What you can do about Malware Is this much ado about nothing? Many people seem to think so. The more data breaches are in the news, the more people seem to be ignoring them, or shifting the responsibility to the businesses and newsmakers they perceive as being the causes or conduits. While that is true to a large extent, we still have to take care of our own families. Even after the infamous Target Data Breach, not many people took action to protect themselves, as the chart shows. 6

6 Vuong, Andy. “Despite data breaches, report says consumers aren’t doing much to protect themselves”. The Denver Post / TECHKNOW BYTES. Accessed on June 15, 2014. http://blogs.denverpost.com/techknowbytes/2014/06/04/despite-data-breaches-report-says-consumers-arent-much-protect/13668/

http://CyberIDGuard.com Page 10 of 15 ©2016 Cyber ID Guard LLC

Along with consumer apathy, even industry leaders concede the fact that antivirus software cannot keep up with the malware epidemic. Symantec, the maker of Norton antivirus software, is changing their entire business model to reflect the new onslaught of malware.7

Let’s read between the lines for a moment. Consumers are not protecting themselves. Cyber security companies are migrating to a business model more focused on protecting enterprises and large organizations, and shifting away from a product line that is at best, only marginally effective against malware. Where does that leave you, as a consumer? Well, in short, it leaves you holding that sack of small potatoes. Do you want fries with that? Or do you want to take action? Cyber Security for Parents is taking action. We are educating families. We are building a community of like-minded people. We are taking the approach that protecting our own personal space is the key to mitigating risk. Much activity and development will continue in the commercial world, but we are applying a solution - a decision point - to take responsibility for our own devices. Before we add our solution, let’s take a look at the mainstream mode of thought. 7 Newman, Lily Hay. “Symantec Executive Says Antivirus Is Dead”. slate.com | future tense. Accessed on June 15, 2014. http://www.slate.com/blogs/future_tense/2014/05/06/symantec_s_vp_for_information_security_brian_dye_says_that_antivirus_is.html

“This idea is part of a broader shift in the cybersecurity industry toward thinking of vulnerabilities and the hackers who exploit them as inevitable. If you assume that there are malicious threats compromising a system all the time, you defend it differently than you would if you were assuming that the system is intact. The old method of antivirus involved continuously updating a list of viruses and vulnerabilities and downloading updates to fix or defend them. With the new approach, the system doesn't hinge on keeping a customized yet exhaustive list on every individual's computer.”

http://CyberIDGuard.com Page 11 of 15 ©2016 Cyber ID Guard LLC

Here is a typical list of what to do to protect yourself.8

Cybersecurity Tips from the Department of Homeland Security

General Tips

• Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

• Keep your operating system, browser, antivirus and other critical software up to date. Security updates and patches are available for free from major companies.

• Verify the authenticity of requests from companies or individuals by contacting them directly. If you are being asked to provide personal information via email, you can independently contact the company directly to verify this request.

• Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

Email

• Turn off the option to automatically download attachments. • Save and scan any attachments before opening them. If you have to

open an attachment before you can verify the source, take the following steps:

• Be sure your antivirus software is up to date. • Save the file to your computer or a disk. • Run an antivirus scan using your computer’s software.

8 “Cybersecurity Tips”. Homeland Security. Accessed on June 15, 2014 http://www.dhs.gov/cybersecurity-tips

http://CyberIDGuard.com Page 12 of 15 ©2016 Cyber ID Guard LLC

Social Media, Video Games, Forums, Chat Sites and more • Limit the amount of personal information you post. Do not post

information that would make you vulnerable, such as your address or information about your schedule or routine. If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.

• Take advantage of privacy and security settings. Use site settings to limit the information you share with the general public online.

• Be wary of strangers and cautious of potentially misleading or false information.

Mobile

• Only access the Internet over a secure network. Maintain the same vigilance you would on your computer with your mobile device.

• Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

• Download only trusted applications from reputable sources or marketplaces.

At Home

• Talk to your children about Internet safety. Keep your family’s computer in an open area and talk to your children about what they are doing online, including who they’re talking to and what websites they’re visiting.

• Inform children of online risks. Discuss appropriate Internet behavior that is suitable for the child's age, knowledge, and maturity. Talk to children about the dangers and risks of the Internet so that they are able to recognize suspicious activity and secure their personal information.

http://CyberIDGuard.com Page 13 of 15 ©2016 Cyber ID Guard LLC

At Work • Restrict access and secure the personal information of employees and

customers to prevent identity theft. • Be suspicious of unsolicited contact from individuals seeking internal

organizational data or personal information. Verify a request’s authenticity by contacting the requesting entity or company directly.

• Immediately report any suspect data or security breaches to your supervisor and/or authorities.

These are all good things to do, and if you are already checking these off as you read them, you are to be commended. But there is a glaring omission on this list that will still leave you vulnerable. You must protect the information on the way out of your keyboard to the internet. That is what puts the finishing touch on your cyber security suite. We talked about malware and keylogging earlier, and even documented the cyber security industry itself admitting it is something they are ineffective against. But where do you see that on this list? You don’t. This is how Cyber ID Guard emerges as a leader. We recognize the issue, while others downplay the risk or leave consumers in the cold. We

researched it. And we found a low cost, easy to implement solution. We partnered with a company that has patents on

keyboard encryption software.9 10 StrikeForce Technologies has several patents on this technology, and several more in the works. 9 “StrikeForce Technologies Is Awarded Its Third Patent for its Out-of-Band Authentication Technology”. MarketWatch. Accessed on June 15, 2014. http://www.marketwatch.com/story/strikeforce-technologies-is-awarded-its-third-patent-for-its-out-of-band-authentication-technology-2014-05-13 10 “StrikeForce Technologies Is Awarded a Second Patent for Its Keystroke Encryption Technology”. MarketWired. Accessed on June 19, 2014. http://www.marketwired.com/press-release/strikeforce-technologies-is-awarded-second-patent-its-keystroke-encryption-technology-otcqb-sfor-1921265.htm

http://CyberIDGuard.com Page 14 of 15 ©2016 Cyber ID Guard LLC

About Cyber ID Guard LLC We are a group of regular folks, just like you, with varied backgrounds and interests that assembled in late 2015 to form a marketing and applications development team. We are in California, Oregon and Florida. Our workday consists of Skype chats, many screen shares, a ton of research, a whole bunch of marketing, social networking, reading and strategizing. In the end, we are geared towards helping people combat the world’s most pesky problem - Keylogging Identity Theft. We are: Kevin Crabb: Kevin has been in the Construction industry for about 19 years. During that time he studied Internet Marketing & Internet Security. Kevin knows the dangers on the Internet. His bank account was hacked 4 times in the past two years. When Kevin learned about KeyLogging Malware and what it does, he understood the risk all internet users face. Knowing the seriousness of this problem and the fact that ANYBODY can get this KeyLogging Malware to spy on others, our families and our businesses, it is his mission, through Cyber ID Guard, to educate the world about the problem of KeyLoggers and the Pro-Active Solution against this threat. Charles Crabb: Married in 1972, Charles and his wife have four fabulous children, all successful in their chosen fields. Charles worked as a manager for several large businesses and became known as the “go to” person for solutions or problem solving. With the change in the economy and the way business is conducted now via the Internet, a new set of problems are emerging. Keylogging has become the number #1 threat to security and financial well being. Charles’ main focus is teaching businesses about the threats to their security, their customers’ security and by extension, all of their families. Everyone must become proactive when it comes to their identity, their children’s identity and the way information is handled if they are to protect themselves from internet criminal key loggers.

http://CyberIDGuard.com Page 15 of 15 ©2016 Cyber ID Guard LLC

Ralph McGinnis: In 1988, at the age of 19, Ralph moved to New York to volunteer in a bible printing and education facility. While volunteering, Ralph’s skill and passion for technical analysis and architecting became clear. In 2006, Ralph moved with his wife to North Carolina, where he worked in the industrial engineering field. Now living in Oregon with three children, Ralph has been focused on assisting companies grow their online brand and market their services and products. Having assisted several businesses in setting up PCI compliant secure encrypted websites for taking customer data and transactions, Ralph now plays an important role in Cyber ID Guard with the technical architecture and secure data movement. Tim Grollimund: Tim has over thirty years of experience as a business professional in government, banking, internet marketing, advertising and photography. He has been hacked. “I remember all too well the feeling of being hacked – like it was yesterday. Now I get to help people defend themselves against cyber criminals.” Tim spent many years as a “Suit” beginning in the late 1970s as a staff economist conducting research for banks and regulated utilities while in graduate school. Professional accomplishments include developing a Marketing Customer Information File and a Credit Card Management Information System for the precursor banks that became Bank of America. Tim lives in Key Largo, Florida, and when he is not working on cyber security issues he pursues his passion of underwater photography. See his work from under the sea at http://timgimages.com. Cyber ID Guard LLC 1603 Capitol Ave, Ste 512 Cheyenne, WY 82001 Phone: (858) 722-4408 http://cyberidguard.com admin@cyberidguard.com