DDoS Attacks Against Universities Are on the Rise

DDoS Attacks Against Universities Are on the Rise

In our blog last week, we discussed how colleges and universities are the third most attacked sector, beating out financial, government, and insurance sectors for numbers of cybersecurity attacks. This week, we will discuss how these hackers commonly utilize DDoS (Distributed Denial of Service) attacks to shut down a university’s network.

What is a DDoS attack?
A Denial of Service attack occurs when a malicious entity sends more traffic to your network than it can handle in order to overload it. When this occurs, your network equipment can become overloaded and fail into a state known as “hub mode” in an effort to maintain communication across the network. When this “hub mode” is enabled, all of the traffic on your network is blasted to every port, allowing an attacker to gather meta and packet data in an effort to map topology of your equipment.

Having a map of your network makes it easier for attackers to push forward with deeper penetration into your infrastructure, allowing them to breach data systems and steal information about your business and clients. The reasoning behind DDoS attacks can vary from revenge to anti-competitive businesses. Whatever the intent behind the cyber attack is, the goal is to be a huge headache for that organization by bringing down their network.

This past year, a number of colleges and universities were hit with DDoS attacks. The University of Virginia, Pennsylvania State, University of Connecticut, Washington State, Johns Hopkins, University of Maryland, University of Southern California, were all victims of DDoS attacks. We aren’t just talking about the big names in the academia world. Community colleges are also being targeted for DDoS attacks.

Earlier this January, Rutgers University suffered from their 6th successful DDoS attack. This came even after Rutgers spent approximately $3 million dollars on improving their cybersecurity which the hacker was sure to mention on Twitter.

Academic institutions in the U.S. are not the only ones falling victim to these DDoS attacks. On December, 7, 2015, the United Kingdom was hit with a cyber attack on their Janet computer network which operates on behalf of the UK’s higher education.

Andrew Smith, a senior lecturer at The Open University, one of the biggest universities in the UK for undergraduate education, described a DDoS attack as “probably one of the oldest tools in the arsenal of attacks that come from cyber criminals”.

“In straightforward terms, attackers have lined up an army of malware compromised computers and have primed them to attack Janet,” he said. “Janet is used by many universities and colleges in the UK. While our security is good, having thousands of computers around the world all sending useless data to one system will flood it and will slow it down.

“Each compromised computer will send a small amount of data, nothing that you would notice and normally in keeping with the typical internet traffic behaviour expected by your broadband provider. However, when this is multiplied by tens, hundreds and thousands of computers – the deluge becomes unmanageable as this restricts our ability to receive internet traffic which would also come in via the same connection.”

With the decreasing price of hacking tools, this increase in attacks will continue to become the new norm. Businesses of all sizes need to adapt to these new threats now in order to continue operating in the coming storm. The number of distributed denial of service attacks in the second quarter of 2015 has hit record highs according to the latest State of the Internet report from Akamai.

DDoS attacks grew seven percent since the last quarter and a staggering 132 percent compared to this time last year. In the quarter there were also 12 attacks that were categorized as “mega attacks,” peaking at more than 1,000 gigabits per second (Gbps) and 50 million packets per second (Mpps). These attacks will not slow down in 2016 and will only increase. All colleges and universities must think about how to mitigate through the murky waters of cybersecurity and reach out to cybersecurity experts.

How can Axiom Cyber Solutions help you?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Enterprise Class Businesses Organizations with advanced DDoS capabilities, starting as low as $199 per month. Let us take over and provide you with peace of mind. Axiom will provide your organization a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your organization.

From response time to an attack, to mitigative capacity, to packets inspected per second, the Axiom Sentinel wins in every category against the competition. Our patent pending algorithm coupled with the latest nanotechnology allows us to inspect 120 million packets per second, respond within 10 milliseconds to an attack and mitigate up to 100GB of traffic with a single appliance.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Cyber Criminals Are Targeting Universities

Cyber Criminals Are Targeting Universities

Universities are getting barraged by cyber attacks. Organized crime and state sponsored attacks by foreign governments are going after universities and their data. According to the 2015 Cost of Data Breach study by IBM, 1.5 million annual cyber attacks occur which breaks down to over 4,000 cyber attacks every day. It’s no surprise that many of those attacks are done specifically against universities.

In 2015, numerous colleges were attacked. The University of Virginia and Pennsylvania State University blamed their data breaches on Chinese hackers. At the University of Connecticut, their students Social Security numbers and credit card information was stolen. Washington State University, Johns Hopkins University, and Rutgers University were also attacked by cyber criminals.

“The landscape of who the attackers are has changed significantly,” says Mark Nardone, director of IT security for Northeastern University in Massachusetts. “We’re not in the ’80s, where it’s hobbyists coming after systems for a kind of self-gratification or bragging rights. Now we have people coming after resources that have tangible financial worth attached to them.”

10% of reported security breaches in 2014 involved the education sector, according to Symantec’s Internet Security Threat Report

.graph

Bill Mellon from the University of Wisconsin recently did an overhaul of the school’s network security and shared,

“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mr. Mellon, the associate dean for research policy. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

College and university networks are appealing to cyber criminals for three main reasons according to Lawrence White, the Association of Governing Boards of Universities and Colleges.

1. Servers found in universities are full of intellectual data that is worth quite a bit to cyber criminals. as a university. Richard Pérez-Peña, a New York Times journalist who reports on higher education, stated that,

“Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical device,”
Not only do universities have this data, they also have the thousands and thousands of applications from hopeful students containing even more critical information enticing cyber criminals.

2. Unlike most for profit businesses, college and universities try to operate under an easily accessible system. Computer systems are managed in a decentralized way and are difficult to secure. Since these computer systems are difficult to secure, they become prime targets for cyber attacks.

3. The costs associated with cybersecurity is high and many IT departments lack the resources to keep the systems up to date. IT departments in universities may have hundreds or thousands of third party software programs that need to be updated constantly as new viruses are found. A few seconds or minutes of a delay in downloading and installing the new patch can create serious vulnerability issues. Those few seconds could be just the amount of time a cyber criminal needs to get into the universities’ network.

Universities are getting attacked by cyber criminals so often, that the FBI has stepped in and created programs in an effort to assist universities with their cyber security. The College and University Security Effort (CAUSE) is a partnership effort between the FBI and academia that seeks to protect research, products, and personnel from foreign intelligence threats. It falls under the FBI’s Academic Alliance Program. The FBI states they will even send an agent to the university to discuss cybersecurity and will train students, researchers and administrators.

If a university fails to safeguard their data, a data breach will cost them millions of dollars. Repairs, remediation costs, consultancy fees, and preventative help are just a few things a university needs to consider. Consider Rutgers University, who spent approximately three million dollars this past year to clean up the mess that hackers made after their network was knocked offline four times.

How can Axiom Cyber Solutions help your University?

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Law Firms : Beware of Cyber Criminals

Law Firms : Beware of Cyber Criminals

“There are two types of law firms: those that know they’ve been hacked and those that do not”, according to Vincent Polley, attorney for the American Bar Association.

What an incredibly powerful statement considering the fallout of cyber attacks amongst businesses these days. The numbers of cyber crimes have only increased for those working in the healthcare and financial field, but due to reluctance from many law firms to report cyber crimes, we do not know if the same can be said for law firms.

1 in 4 law firms are victims of a data breach according to a 2015 study done by the American Bar Association.

law

Many law firms view cyber breaches as something to be ashamed of and many lawyers are hesitant to openly admit to their clients that they have become victims of a data breach. As hard as it may be to report these things, law firms need to report cyber breaches when they happen. A 2015 study by Citigroup’s cyberintelligence unit reported that,

“Due to the reluctance of most law firms to publicly discuss cyber intrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise.” The report when on to say that law firms are very appealing to cyber criminals, considering the incredibly confidential data on corporate deals and business strategies. These days, data = money, so it comes as no surprise that cyber criminals are after this data.

Earlier this year, there were reports of fraud related to law firms in where a hacker intercepted important instructions between the closing attorney and the buyer’s agent. The hacker sent out entirely different instructions on the wiring of the money. Unbeknownst to the victims, they then wired their money straight into the hacker’s account. These types of scams are only continuing.

The fallout from a data breach for a law firm can be huge. Not only does it become a huge legal liability, a law firm may even be sued depending on what kind of data was released. If a law firm ignores their cybersecurity issues and refuses to take proactive measures, they can be subject to fines by the FTC.

A law firm could also lose their reputation, as well as the trust their customers and clients have given them. The amount of confidential information that people entrust their lawyers with is insurmountable. Class action lawsuits will follow. The time and money dealing with a cyber security data breach is a huge headache of inconvenience and there’s no guarantee that a law firm will even be able to continue to stay open.

Law firms, no matter the size, must take their cyber security seriously. By getting into the mind of a hacker and mapping out vulnerabilities in your network, you will be taking the necessary proactive steps to protect yourself and your business from cyber criminals. Taking steps to protect your business will make the difference in whether or not a law firms is successfully attacked.

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom