Worried about the Ashley Madison Hack? Beware before you enter your spouses data on these fake sites

Given the constant media attention being dedicated to the Ashley Madison hack, it’s reasonable to expect that there are a number of curious spouses who may be tempted to find out if their partners were using Ashley Madison’s services.

In the past few days, hundreds of fake phishing, malware, and virus ridden websites have popped up encouraging users to enter their spouses personal information with promises to provide confirmation or denial of their involvement.

33 million users were exposed in the breach making any of these concerns valid.

Axiom would like to urge caution and ask netizens to summon the patience and wait for a legitimate security firm to provide a secure tool to analyze the data.

Many of these websites ask for names and e-mail addresses, but some ask for credit card and billing information, as well as partial social security numbers.

On top of these requests , some go as far as to require you to sign up for free and paid services, or take lengthy surveys.

In addition to downloading inadvertent malware, spyware and viruses, providing personal information to these thieves exposes the suspect, and anyone that may be closely associated with them, to inadvertent danger.

Many of these hacks are no longer targeted at identity theft, but instead are targeted at allowing state sponsored entities to create population and citizen databases to discover possible physical and social vulnerabilities leaving you, your family, and your nation at risk.

Axiom data engineers have been analyzing the recently available data dump and can confirm that it will require intervention on behalf of a data warehousing specialist or administrator to render the data searchable in a web friendly format.

To date, our researchers have not found any legitimate services offering database information without significant security risks.

 

Again, we urge caution to those lying in wait and ask that you #FightBackwithAxiom by not falling victim to these predators.

What Is The Future Of Internet Security?

What Is The Future Of Internet Security?

What if you woke up tomorrow and couldn’t access Facebook. Next you try Google and nothing happens. Next it’s CNN.com and Wikipedia. 

Nothing resolves and nothing works. Now, imagine this is not a short lived outage but days, weeks, even months.

This is a potential reality. What would businesses do? Think about banking, transportation, and healthcare. Every single industry relies on the internet to do business and keep our lives running.

As bandwidth availability continues to increase, there is a real threat of a distributed attack on the nation’s core infrastructure that could paralyze our world. We are tracking daily these attacks from Asia and Eastern Europe that are testing our vulnerabilities.

A few weeks ago, we saw a 25% packet loss across the backbone of the internet when the New York Stock Exchange was impacted. That same day United Airlines suffered outages due to that same flood. Many other businesses and government entities were impacted that day as well. Those attacks weren’t aimed at those businesses, but the carriers who service them.

Just like the Velociraptors in the original Jurassic Park movie, our enemies are testing our defenses. They are poking and prodding daily, finding our weaknesses. In the last week, core Level 3 routes were impacted by one of the worst sustained floods in recent months. Google DNS servers were also halted for more than 5 minutes, which is unprecedented.

In addition to increasing bandwidth, compute is becoming more accessible. Today you can purchase a Raspberry Pi device that has a 100MB interface for $39.  Many similar ARM SOCs (systems on a chip) are shipping with 1GBe interfaces. Most are less than $40. Someone with access to a 10Gbe circuit and an array of these compute nodes would have the distributed power equivalent of a State Sponsored action just 5 years ago.

We have to be thinking in future terms. At Axiom, we are developing devices that could have stopped these attacks at the upstream provider. What is needed, what Axiom is refining, is a compute solution that is designed to fight back. #FightBackWithAxiom. The answer is not to deny packets, not to black-hole packets, but to use a software defined algorithm that actively fights back and mitigates the attack. Not just at a single layer of the OSI model but at all of them.

In the past, flood attacks often used a single protocol as an attack vector. Since these kind of attacks are becoming easier to mitigate, attackers are evolving, adapting and creating new ways to attack specifically at the application layer, hitting you where it hurts. The best intruder will always use an open front door.

Axiom’s algorithm combined with our compute nodes is designed to mitigate an attack at any layer.

We are working with devices up to and including 100Gbe bonded interfaces, utilizing 400Gbe mitigation and TB switching fabric at the carrier level to stop these attacks before they ever get to the end customer.

Distributed denial of service (DDoS) is the new normal. We must fight back. #FightBackWithAxiom