Malware: It’s Everywhere

Articles about malware infiltrating everything from our ATMs, iOS apps, and baby monitors have been the focus of many tech news outlets as of late. Listed below are some of the more troubling attack vectors that have been exploited in recent weeks.

This past month, ATMs in Mexico were discovered to have malware that enabled hackers to withdraw all the cash from a victim’s account. That malware has yet to make its way to the U.S., however researchers believe that it is only a matter of time as industry officials have stated that it is possible for the same malware code to be used in U.S based ATM machines if they are not adequately protected.

Apple suffered their worst malware attack yet. 50 malware infected apps found their way into the App Store earlier this week, affecting their customer’s iPhones and iPads. While Apple hasn’t confirmed whether this iOS malware has stolen any customer data, they have since removed the infected apps from their store.

Baby monitors and Web-enabled cameras manufactured in China have been recently shown to be loaded with rootkit exploits from the factory and remain vulnerable to web-based malware attacks through their graphical UIs discovered last year.

In a related trend, some of the top baby monitoring and security mobile apps have been shown to be susceptible to the same UI exploits.

With the incoming wave of IoT and mesh enabled devices, we expect an increase in the number of attack vectors and subsequent exploits as developers learn to secure these protocols against more enterprising black hat engineers.

More than 317 million malware signatures (both computer-viruses and other malicious software) were created last year according to Symantec’s 2015 Security Threat Report. That means nearly one million new threats were released each day.

In 2015, “Malware is going to become the tool of choice rather than others because it’s easy to build,” said Paul Christman, VP of Public Sector Software at Dell.

“The level of sophistication for malware is going to become higher and higher and higher. It’s going to become easier to construct malware out of recyclable parts that are generally available via the Internet. From that perspective, the barrier to entry for malware is going to be lower.”

While the more complicated malware attacks are just now emerging publicly, many have been in development for more than half a decade, according to Joe Stewart, the director of malware research at Dell SecureWorks.

The most important thing to note about malware is that users must be knowledgeable, and know how to navigate the landscape of fake ads and buttons, to keep safe. Following basic cyber security tips such as keeping your software up to date, using unique passwords, and thinking before clicking on suspicious links can prevent a majority of malware attacks.

As simple as these steps sound, it’s been proven time and time again to be one of the most difficult things to do. Getting your employees for example, to follow safe cyber practices, can be easier said than done. What could be deemed an innocent visit on Facebook or a favorite news site, could give hackers a launching pad to penetrate a business’ system. It’s safe to say that most people will use their work computer for personal use at one point or another.

Joseph Demarest, assistant director of the FBI’s cyber division says, “The malware used in the Sony hack would have slipped past 90% of defenses today. By taking steps to learn about cyber security, many businesses can take it upon themselves to be proactive and do what they can to protect themselves.”

Axiom engineers agree. Perimeter and physical security are just as important as end-point protection. Often the best line of defense is a combination of continuing education, good software, and constant vigilance.

If you or your organization needs help, feel free to contact us for information on SME and corporate education seminars as well as Axiom’s continuously adapting line of security appliances, Sentinel. #FightBackWithAxiom

Why SMBs Should Pay More Attention to Their Cyber Security

Many small and medium-sized businesses (SMBs) assume that they are immune to cyber attacks and cyber crimes because they are not necessarily high profile targets. In recent headlines, big corporations such as Target, Sony, and JPMorgan Chase are experiencing very serious data breaches and losing large amounts of money due to cyber crimes and data breaches.

Although you often see these big corporations plastered in the news when they experience cyber attacks, smaller organizations do not attract as much attention in the media. That, however, does not mean that they are not victimized. In fact, 60% of all targeted attacks struck small and medium-sized businesses, according to Symantec’s 2015 Internet Security Threat Report.

According to the National Cyber Security Alliance, one in five small businesses experience a cybercrime each year and 60% of those small businesses go out of business within 6 months after a cyber attack.

Experts agree that smaller businesses are much more vulnerable and attractive to cyber criminals because they are often less secure. Also, thanks to automation, these cyber criminals have the ability to mass produce attacks.

Greg Shannon, chief scientist at the CERT Division of the Software Engineering Institute at Carnegie Mellon, states that size is “somewhat of a red herring. It’s more about scale.” But, he adds that, “small business is a huge target because attacks are automated. The criminals don’t care who they’re attacking, and while any given business isn’t worth much, they have viruses or ransomware that allow them to attack thousands or millions.”

These automated attacks are especially damaging for SMBs because many of these small business owners don’t believe they will be hacked when up against the thousands of other businesses out there. Today, hackers aren’t wasting their time to pick and choose what businesses they want to attack, it’s all taken care of with automation.

One of the most common issues that affect the quality of security in SMBs is budgetary constraints. Since many of these businesses do not have a dedicated IT team, business owners are handling their own cybersecurity matters. They may be struggling to keep their businesses profitable and do not see an immediate need to expend resources on cyber-security, especially if they do not rely on online applications. This ideology has to change as the volume and scale of cyber attacks grow exponentially.

We at Axiom Cyber Solutions understand these concerns and want to encourage businesses of all sizes, but especially smaller organizations, that the need for proper cyber security should be on the forefront of your strategic vision.#FightBackWithAxiom

Attention Healthcare Organizations: Get Ready For Some Serious Cyber Security

Attention Healthcare Organizations: Get Ready For Some Serious Cyber Security

2015 has been inundated with cyber-attacks against the healthcare industry. In recent headlines, Excellus Blue Cross Blue Shield stated that approximately 10 million of its customers had their healthcare records compromised.

Not only did critical information such as names, Social Security numbers, addresses, and birthdays get leaked but financial data such as credit card information was also compromised. Additionally, this puts their customers at risk for fraud and identity theft.

Criminal cyber-attacks are rising amongst the healthcare community and despite strict HIPPA guidelines and regulations, many hospitals and healthcare providers are grappling with keeping their patients’ data safe.

Cyber-attacks and data breaches cost the U.S. healthcare system approximately $6 billion annually, according to security research firm, The Ponemon Institute.
KPMG polled over 200 healthcare providers and found that four out of five providers had been hacked.

44% of healthcare organizations have been attacked 1-50 times while 38% have been attacked between 50-350 times in the last year. 13% were attacked more than 350 times.

It doesn’t take a stretch of the imagination to realize just how many additional attacks are left undetected and unreported such as the case with Excellus, wherein hackers first accessed patient records in December of 2013 but weren’t discovered until August of 2015. This gave the attackers nearly two years of running data collection. In the same study, KPMG also found that only 53% of healthcare providers are ready to defend against a cyber-attack.

They listed five issues that healthcare organizations are facing.

1. The adoption of digital patient records and the automation of clinical systems.

2. The use of antiquated electronic medical records (EMRs) and clinical applications that are not designed to securely operate in today’s networked environment — and software vendors who push that problem to the provider.

3. The ease of distributing electronic personal health information both internally (via laptops, mobile devices, thumb drives) and externally (third party firms and cloud services).

4. The heterogeneous nature of networked systems and applications (i.e. network-enabled respirator pumps on the same network as registration systems that can browse the Internet).

5. The evolving threat landscape, where cyberattacks today are more sophisticated and well-funded, given the increased value of the compromised data on the black market.

“Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed. A key goal for executives is to advance their institution’s protection to create hurdles for hackers”, according to Michael Ebert of KPMG’s Healthcare & Life Sciences Cyber Practice.

These data breaches and security vulnerabilities cannot and should not be underestimated and there severity and frequency is a cause for concern. Healthcare providers must make cyber security a priority. No longer is this an issue that companies can ignore.

Protecting patient data is critical and the healthcare industry must start preparing and implementing a strategy to prevent these hacks before the U.S. Government begins to levy heavy penalties and fines on those who do not step-up to today’s threats.

DDoS: What is it and How Will it Affect My Business?

DDoS: What is it and How Will it Affect My Business?

You hear about it almost every day. Some large business, corporation, or government entity has suffered a “Distributed Denial of Service Attack”, or DDoS attack, and lost time and revenue due to an inability to continue to operate under such conditions. It’s happening with increasing frequency and intensity, and has now become a top concern for small and medium sized enterprise organizations all over the country.

To understand how a DDoS attack can cripple a network, it helps to know what one is. The attack can come in many forms but most often starts as a network of geographically distributed computers who were unwillingly enlisted into a virtual army, waiting for commands from the hacker to begin flooding their target.

You’ll commonly hear networks like this referred to as “bot-nets”, and these networks can produce floods of traffic anywhere from megabits to hundreds of gigabits depending on the number of nodes enlisted. Most bot-net administrators do not perpetrate attacks themselves, instead renting out their networks to clients who pay by the hour to utilize the service to attack.

As bandwidth and compute power has decreased internationally, the price of renting a gigabit botnet has reached an all-time low. This has created an environment wherein hacking service providers have resorted to marketing tactics, such as coupons and subscriptions, to lure customers away from competing services.

With a web-link and handful of US dollars, you too can rent enough power to bring a large public-facing entity to a grinding halt.

Coincidently, as bandwidth to small and medium businesses has increased, service-providers have had to support access to very fast circuits and switching networks to adapt. Therefore an attack at 500Mbps, that may cripple your Web server’s ability to communicate with the outside world, will not have any effect on your provider’s ability to continue operations.

Therefore, they are unlikely to step in to mitigate, or port, the traffic until you call to alert them of the malicious traffic. To them, you’re just using more of your already fast internet connection!

Axiom researchers have found that the number of DDoS attacks in 2014 was up approximately 90% over the prior year. In 2015 alone, we have already recorded a 100% increase in attacks over 300Mbps in comparison with 2014.
With the decreasing price of hacking tools, this increase in attacks will continue to become the new norm. Businesses of all sizes need to adapt to these new threats now in order to continue operating in the coming storm.

#FightBackWithAxiom

Axiom DDoS protection uses a proprietary security solution that denies the attacker information about your network and causing an increase in resource commitment on behalf of the attacker to in order continue their virtual volley. This not only allows you to continue business operations during an attack, but turns you into an undesirable target for any hacker. It makes them think twice about spending money to mess with you again.

Axiom Sentinel solutions come in different sizes and solutions. From Axiom Sentry devices with 500Mbps of mitigation capacity to our flagship Axiom Sentinel appliance, a sealed bridging appliance with 2 Terabit mitigated capacity, all Axiom solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come.

For more information about Axiom Sentinel, feel free to call us about a capabilities presentation at (800)-519-5070