Gone Phishing: Who’s really on the other end of the line?

Gone Phishing: Who’s really on the other end of the line?

Phishing

Email, social media, smartphones, and other electronic communication are now the norm for communicating across and between businesses of any size. You may even be a part of a company so big that you email back-and-forth with people on a daily basis whom you’ve only met a few times in passing. Or you may be contacting multiple potential clients for your start-up business, many of which you have never met before at companies you’ve barely heard of. If you see that an email is from someone who appears to be an employee at your business or a good potential client, you click on it so as to build and maintain positive relationships with them and help them with whatever it is that they may need. But how do you know if that email is actually from Jim in Accounting or Jane at your strong lead’s firm and not a hacker posing as him or her? When it is really the hackers and not the genuine people you think it is, this is called phishing.

Phishing is a tricky cyber threat—able to stump 20% of employees at J. P. Morgan when the company sent out a fake phishing email—but what is it exactly? Phishing is when impostors pose as reliable entities, such as banks, universities, or other well-known companies, via electronic communication, to solicit personal information which they can then use to steal people’s identities or infect their computers with malware. Phishing is growing at a rapid rate with many other cyber crimes; not even halfway into 2016, there have already been 36 companies that have fallen victim to phishing email attacks where the hackers were in search of employees’ personally identifiable information (PII) to aid the hackers in identity theft. Arguably just as vicious as going after people’s PII, these hackers have begun to steal funds from companies primarily through a form of phishing known as whaling.

 

Whaling, the new Phishing

Whaling, a form of phishing usually synonymous with the term spear phishing, is when hackers target executives for their phishing attacks; either emailing them directly or posing as these high-ranking members to send mass emails to employees (and in turn successfully infecting all employee’s computers who open the malware-ridden emails), in order to gain access to valuable information like financial numbers, wire transfers, and employee information.  A Mimecast survey conducted late last year found that 55% of businesses across the globe had experienced an increase in whaling attacks over the previous twelve months.

Whaling has been in the news recently for having hit Mattel, the producer of such toys as Barbie and Hot Wheels, with a malicious $3 million transfer of money to a hacker based out of the Bank of Wenzhou in China. Cyber criminals posed as a legitimate member of the Mattel executive board—the newly-instated CEO, Christopher Sinclair—to trick finance employees into transferring the sum to their malevolent bank accounts. In order to transfer money, Mattel requires two executives to sign off on the transfer so as to help reduce financial-related risks, one of which being the CEO. When the unnamed financial executive saw what he thought was the CEO’s approval, he assumed the transfer was legitimate and transferred the funds to the Bank of Wenzhou, unknowingly completing the hacker’s mission.

Thankfully, this event happened on a Chinese banking holiday, meaning that the funds were held up and Mattel was able to recover the wrongfully transferred funds almost immediately after finding out about the issue. Though this is good news for the toy-producing giant, most companies do not always have such lucky timing when cyber crimes strike. This is why knowledge and education are crucial defenses on the cybersecurity front. If employees know how to identify suspicious communications, then it is less likely that the company will be subject to phishing and whaling attacks.

 

How to identify a suspicious message

The primary goal in combating phishing and whaling attacks is to make sure that harmful traffic to employees is stopped without hindering the good traffic of current and new clients as well as other reliable entities. The best way to handle a phishing email scam is to prevent it from happening in the first place; employee training on how to identify a fraudulent email is an extremely important step in ensuring workplace cybersecurity, and there are a few telltale signs that indicate whether or not an electronic communication is a scam:

Links- The best way for a hacker to access your information is by making you come to him. Many links in suspicious emails can be verified by hovering your mouse over it; if the link is taking you to an .exe file for example, do not click on it, as these have been known to be the source of various malicious software in other cyber crime situations.

Threats- When there is a threat in an email, such as forcefully taking down an account or being fined if you do not take instant action, this is usually an indicator of phishing. This can come in the form of both email and phone solicitation and threats are easily identifiable by the request of immediate action or otherwise facing the hacker’s consequences.

Posing as a popular company- Seeing a familiar logo or name on an email or other electronic communication can give you a false sense of security that what you are receiving is a legitimate connection from an accredited company. An indicator that a message is phishing is when the hacker includes the company title in a way that is slightly different from the actual company name (i.e. Twitter Co. instead of Twitter Inc.). Also, if you regularly get emails from a reliable company and you receive one that looks different than usual, this is a sign that it may be a phishing scam.

Spelling errors- If there are clear spelling errors throughout the email, it is obvious that this email was not carefully looked over by a member of an authentic company and is likely phishing. This not only includes spelling and grammatical errors, but also when key parts of an email, such as the subject line or a signature, are missing or strangely worded.

If you believe an electronic communication to be malicious or suspicious, do not open it, delete it, and report the incident to your IT department. For small businesses that may not have an IT department or think that cybersecurity is out of reach for your company’s budget, please go to www.axiomcyber.com to learn more about our affordable managed cybersecurity solutions and how we can help your business get and stay secure.

The Anatomy of a Ransomware Attack

The Anatomy of a Ransomware Attack

“Ransomware attacks are increasing dramatically.” As threats from cyber-criminals become part of the reality of doing business, that statement is becoming all too familiar and personal for small businesses.  By the end of this year, it’s projected that ransomware attacks alone will net cyber-criminals more than $1 billion made possible in part because small businesses are easy targets and have little option other than to pay ransoms or risk closing their doors.

So you probably know that a “ransomware attack” is used to extort money from you by literally holding your data and computer systems hostage.  But, what does this attack look like and what can you do to defend your business from them?

First, let’s take a look at how a ransomware attack progresses:

1)      Though ransomware attacks can be initiated by visiting an infected website, most businesses will find that attacks are going to be launched on them through an increase of emails which contain attachments. The messages usually evoke a sense of urgency to open the attachment (such as with an unpaid invoice, a “Final Notice,” or a package delivery notification). The file may appear to be just a Word document or PDF file.

2)      After clicking on the attachment, the user is prompted to “enable content” or possibly decompress a zip file. Once that message is clicked on, the malware is activated and released into your system.

3)      Depending on the file type, an icon may appear on your desktop, but only for a brief time before disappearing. It is at this point the malware sends a message to a computer system outside of your network for an encryption key to use on your computer system.

4)      Once that key is communicated back, the ransomware begins encrypting your files and programs. Since encryption is a time consuming and resource intensive process you may notice that your computer system slows down or starts acting “quirky.” However, you may not notice any outward sign of infection.

5)      Depending on the amount of information being encrypted it could take several hours for all files on your computers and attached or networked drives to be encrypted. So just because it doesn’t happen quickly doesn’t mean you have nothing to worry about.

6)      While all of this is happening, you may notice that you are still able to access some files, but other files are not accessible. File names will change. You may receive messages that the “file is corrupt” or has an “unknown extension.” Ultimately, files you had been able to access become inaccessible. Depending on the attack, entire programs may become unusable.

7)      Finally, the background on your screen will change and a message will display explaining that your files have been encrypted along with a demand that you must pay within a set amount of time or else your data will be lost. These demands are usually for payment in the form of Bitcoin (which is a process of and by itself that most Americans are not familiar with).

8)      Once the ransom is paid, the victim is supposed to receive an alpha-numeric key for decrypting the files. However, because these hackers are criminals, there is no real guarantee that a key will be sent, or if one is, that they won’t simply attack again later. It isn’t unusual that a victim is repeatedly attacked once they have proven they are easy targets and willing to pay.

Because these hackers are criminals, there is no real guarantee that a key will be sent, or if one is, that they won’t simply attack again later.

So what is a business supposed to do to avoid these attacks?  If you look at the points above you will see where different points of failure exist. Here’s what you can do about them:

  1. Be sure your employees understand the threats posed and tactics used by these criminals. Reinforce the need to be cautious when clicking on attachments in emails from people whom they are not expecting anything. Help them recognize that emails that use urgency as a tactic to get them to open attachments are suspect. And attachments that require an additional step of “unzipping” or “enabling content” need to be scrutinized carefully before doing so.
  2. It’s crucial to invest in the right kind of security solutions like a robust next generation firewall so that ransomware doesn’t infiltrate systems to begin with and cause irreparable damage.  If you are using an older firewall or one that isn’t updated daily, you are leaving yourself open to attacks.  Also, be sure you are using powerful and updated virus and malware scanning software.
  3. Always, always, always keep your operating systems and software updated with the most recent patches and hotfixes.
  4. Have a good backup strategy, which includes monitoring your backup status and testing your restore process to ensure that restored files are usable. A backup process without testing may not be worth much.
  5. Take this threat seriously! It’s real and it’s growing.

If you have been a victim of a ransomware attack, Axiom Cyber Solutions may be able to help. Give us a call at 800-519-5070, or drop me an email (without any attachments – we won’t open them) at info@axiomcyber.com.

The Healthcare Industry is Undeniably Vulnerable to Ransomware Attacks

The Healthcare Industry is Undeniably Vulnerable to Ransomware Attacks

HEALTHCARE DATA BREACHES

Recently it has become obvious that we are all vulnerable to attacks by anonymous people on the internet who wish to hack into our lives and steal our private information for their own personal gain if we do not take the proper measures to protect ourselves. Hospitals and other healthcare facilities are goldmines for hackers looking to steal hundreds of people’s information at once. You would think that with all of this sensitive information in their files, hospitals would be highly concerned about the protection and security of this data. However, the Healthcare industry has become one of the most hard-hit industries when it comes to cyber security due primarily to the heavy amount of data breaches that have plagued the industry in recent years.

Data breaches have skyrocketed over the past six years, especially in the Healthcare industry, and things are looking worse, making us more susceptible to breaches of our own personal medical information—and we’re not the only ones who are afraid. In just one year, Healthcare professionals have grown 13 percent more worried about attacks on their databases; and with 59 percent fearing that the existing budgets set in place for protection against these kinds of incidents are insufficient, it is obvious that the Healthcare industry is struggling to keep up with the changing world of cyber security.

According to the sixth annual Benchmark Study on Privacy & Security of Healthcare Data conducted by Ponemon Institute, 89 percent of Healthcare providers fell victim to multiple data breaches over the past two years and one-third of providers were subject to anywhere from 2-5 breaches. Approximately 50 percent of these breaches were due to a mix of employee negligence, third-party snafus, as well as stolen electronics. When the study was conducted six years ago, the majority of data breaches were caused by these issues; however it is clear that today, responsible for the remaining half of these breaches, the number one cause of Healthcare data breaches is cybercrime.

RANSOMWARE

One of the fastest growing, most devastating of these cybercrimes is ransomware and the Healthcare industry has taken more than its fair share of the brunt of this issue just this year. A few months ago, ransomware was found to be the cause of two Healthcare networks to be forced to take their systems offline, for fear of the issue spreading. Prime Healthcare Management, Inc. in California and Methodist Hospital of Kentucky were in a state of crisis when their networks were compromised by ransomware. While it seems that Prime was able to detect and handle the situation prior to any protected health information (PHI) being made vulnerable, Methodist was not so lucky. Reports say that they paid $17,000 as a ransom to regain access to their PHI files, while insiders claim that the amount paid could be significantly higher. This is one of the worst situations you could be in when dealing with ransomware, second only to your business being shut down. Prevention is a much better defense than reaction or negotiation with criminals.

Axiom can aid in these preventative measures due to its proprietary ransomware algorithm built into their Sentry firewall that would have been able to block these ransomware communication protocols at the firewall before criminals could have encrypted the PHI files. This would have saved Methodist Hospital of Kentucky thousands of dollars in ransom paid to criminals as well as their patients’ peace of mind.

HIPAA COMPLIANCE

When these Healthcare providers wish to combat ransomware, it is important for them to be aware of their HIPAA compliance. HIPAA HITECH requires that you have a disaster recovery plan and adequate backups, so HIPAA regulations have been a hot topic of discussion during this spike in Healthcare breaches. While some influential figures have questioned whether or not these breaches caused by ransomware are protected under HIPAA, it is conclusive that the industry is in dire need of revamping their approach to cybersecurity.

Axiom is able to help businesses in the Healthcare industry feel at ease by acting as their HIPAA Compliance Partner through providing them with professional and technical product services that include a HIPAA Security Assessment, Gap Analysis, Preparation and Certification as well as VOIP and 24-hour technical support.

If you’d like to find out more about what Axiom Cyber Solutions can do for you in regards to HIPAA compliance and protecting your business from cyber threats, please visit www.axiomcyber.com.

Axiom Cyber Solutions Presenting Free Cyber Security Seminar

Axiom Cyber Solutions Presenting Free Cyber Security Seminar

Axiom Cyber Solutions will offer a free cyber security seminar at The Lead Team B2B Mixer Expo on Wednesday, May 31, 2016, at 6 p.m.

The expo, taking place at Palace Station Hotel and Casino, is designed to help small- to medium-sized businesses network, and more than 400 attendees are expected. Axiom Cyber Solutions is a co-sponsor of the expo.

“Cyber Security is critical for small businesses, as more than 70 percent of cyber attacks target them,” said Troy Wilkinson, CEO of Axiom Cyber Solutions. “So many small businesses still believe they are too small to face a cyber security breach, and our goal is to make business owners aware of the threat and protect them from the devastation a breach can cause.”

Troy founded Axiom Cyber Solutions a year ago with his wife Shannon, and the company now protects businesses across the country.

“Small business owners tend to think that they can’t afford cyber security, but we’re working to change that,” said Troy. “The cost of a cyber breach can be devastating to a small business. In fact, more than half of small businesses close within six months of a breach. We’re working to help more business owners understand that with Axiom comprehensive protection is easy and affordable.”

For more information about the The Lead Team B2b Mixer Expo and to get tickets, visit www.ltbusinessexpo.com

We’re NOT Making This Stuff Up! Cyber Crime is Serious Business.

We’re NOT Making This Stuff Up! Cyber Crime is Serious Business.

It’s pretty easy to think that a cyber security company might make up a few “facts” to try to manipulate consumers into buying their products.  Statistics like “60% of small businesses that are hacked go out of business within six months” (National Cyber Security Alliance) might seem a bit unbelievable.  But when it comes to cyber-security and the concerns facing small businesses, unfortunately we don’t have to “make up” statistics – because the threat and the consequences are very, very real.

Last month (April 2016), the House Committee on Small Business held a hearing to discuss the growing threat of cyber attacks on small businesses. Below is video from that hearing. But, rather than listen to the whole session, just take a moment and listen to the first few minutes and you’ll understand how significant this problem really is:

If you’re more adventurous (or your favorite channel is C-Span) watch the entire hearing.  But I will warn you, if you are a small business owner, it’s the kind of stuff that will keep you up at night.

For those who didn’t watch, or in case you missed it, here is something of note:

…the IRS paid 3.1 billion dollars in fraudulent Identity Theft (or IDT) tax returns. ~ Chairman Steve Chabot

That’s a significant amount of money.  And what it shows is simple: the digital information stored in small business computer systems is extremely valuable to hackers.  And that’s not even talking about the money to be made from stealing intellectual property, medical information, or financial records.

Know this: if our government understands the security threat well enough to say “Small businesses face an increased risk because they lack the resources to protect themselves against sophisticated cyber-attacks” then you can be sure cyber-criminals are aware of this, too.

One last comment of Chairman Chabot’s should catch our attention:

…the threat to small businesses has only grown. Unfortunately, in many ways, the federal government’s efforts to guard against this threat have not kept pace.

So unfortunately this means that though “small businesses face an increased risk because they lack the resources to protect themselves” they are also the ones primarily responsibly for providing that protection.

Dealing with this issue begins with acknowledging that the cyber-threat landscape is a real and growing concern for businesses – one that must become a higher priority in your company, a regular agenda item in board meetings, and a line-item expense in the budget.

In regard to the latter, at Axiom Cyber Solutions, we understand that most small business have a “lack of resources” in both finances as well as experienced staff.  So we offer enterprise-level protection monitored by cyber-security professionalsat a price a small business can afford.

If you would like to discuss what we can do to help you protect your business, give me a call at 1-800-519-5070 or email us at info@axiomcyber.com.

Employees: The biggest risk and defense in cyber crime

Employees: The biggest risk and defense in cyber crime

The news is full of stories about how computer networks are being infected by malware, trojans, viruses, and that nasty malware variant known as ransomware. Starting off as an innocent looking email with an attachment or link sent to someone in HR or Finance, an independent consultant, even the business owner, and ending with the encryption of the business’ networks or a data breach. The news loves to harp on the fact that the human factor is the biggest risk in cyber security but they often do not talk about how humans are also the best defenders against cyber crime.

You can’t just rely on one person in a 10-person company; everyone needs to have a good understanding of cybersecurity and what the risks are for the organization.

Patricia (Pat) Toth

Supervisory Computer Scientist, NIST

 

Employee education is one of the best ways to defend against malicious activity. Letting your staff know what a phishing email looks like, why they should not enable macros on files they receive by email, and just overall being smart about how they use the internet are all steps in a positive direction for businesses who take cyber security seriously. Firewalls, endpoint protection, SIEM, that’s all great but unless you also pay attention to the inside of the business, the threats and damage will continue to occur.

Four in ten organisations had experienced insider damage at least quarterly in 2015.

Information Age, 2016

Start with Employee Orientation: Incorporating data protection and cyber security best practices into new employee orientation and annual training is a great place for businesses to start hardening their inside defenses. Nearly all companies handle sensitive data, whether from employees to customers, so outlining safe data practices in the employee handbook and giving employees guidelines on how to safely handle data could be the difference between a W-2 phishing scheme that reveals sensitive data about your employees to a hacker and keeping that data secure.

Passwords: Seems like a no-brainer but organizations continue to struggle with password expiry, complexity, and even forcing their IT professionals/admins to change their passwords on a regular basis. A survey during the RSA security conference found that 55% of admins make users change their passwords more regularly than they change their administrative credentials. And believe it or not, 123456 and password still top the list as the most popular passwords still in use.

Safe Data Handling: Employees need to be aware of ways to safely handle data. Whether it’s encrypting sensitive data sent by email or shredding sensitive data on paper, employees need to be told how to handle data.  Employees also need to know the process for assisting people who call for assistance. Kevin Roose from Fusion learned the hard way how easy it was to con a customer support representative into letting a hacker into his mobile phone account with the help of the recording of a crying baby and the hacker pretending to be his stressed-out wife.

See Something, Say Something: Employees should not be punished for asking for verification of requests emailed to them. Too often phishing schemes are successful as they appear to be coming from the highest levels of management and are labeled urgent. Employees should know the normal procedure for making such requests and management should put check-and-balances in place to ensure sensitive data and money do not leave the organization without some form of verification. Those in Accounting should be told that the CEO, COO, etc will not email and tell them to wire money to a vendor without a verbal confirmation (and if that is not the procedure, the business should consider it or else be at risk for failing victim to a common phishing scheme!) And HR departments need to know that they won’t receive email requests for sensitive employee information either.

Axiom Cyber Solutions Prevents Cyber Attack on Local Business Within Hours of its Opening

Axiom Cyber Solutions Prevents Cyber Attack on Local Business Within Hours of its Opening

Kangamoo Indoor Playground Faced Hacker Attack On Opening Day, Reinforcing Risk to Small Businesses

Las Vegas—When Kangamoo Indoor Playground opened for business recently, one of the last things owners Mimi and Shawn Wachter expected to face on opening day was a cyber attack.  But after having their network online for just a couple of hours, the small business was targeted by hackers looking to access sensitive customer information.

“We’re a small, independent indoor playground—we didn’t expect to face an attempted data breach ever, let alone just hours after opening our doors to the public,” said Mimi.  “You hear about this kind of thing happening to large corporations with millions of customers; it was really off our radar that a tiny, new business like ours would be targeted.”

Fortunately for the Wachters, they had enlisted Axiom Cyber Solutions’ services prior to opening, so the attack was detected by Axiom and thwarted.

“Small business owners think they’re immune to these types of attacks—the perception is that hackers only target systems with millions of people’s personal information, but it doesn’t work that way,” said Troy Wilkinson, CEO of Axiom Cyber Solutions.  “Hackers don’t see company names—they see numbers, and they don’t discriminate.  Kangamoo wasn’t a name to these attackers, it was merely a potential goldmine of sensitive customer information.”

Wilkinson, who runs Axiom Cyber Solutions with his wife Shannon Wilkinson, said that 60 percent of businesses close within six months of experiencing a cyber breach.

“Most small businesses don’t have an IT department, let alone a cyber security pro,” said Shannon, President of Axiom Cyber Solutions.  “The average cost of a data breach to a business is $36,000, which is absolutely devastating to many small businesses.”

The Wachters said they were sold on Axiom’s services after talking with them while Kangamoo Indoor Playground was under construction.

 

“Axiom was incredibly affordable for us, and easy to set up with our network,” said Mimi.  “After weighing the risk of what a breach could cost our business and wanting to protect our customers as best as possible, it was a no-brainer to secure our network.  We really didn’t expect our modest investment to pay off so quickly!”

Shannon adds that recent data shows that 71% of hacks targeted small businesses.

“Small businesses don’t think they will be targeted, and they don’t think they can afford protection, and that’s why we founded Axiom,” said Shannon.  “In our one year of business, our system has prevented hundreds of attacks on small businesses and kept thousand’s of people’s sensitive information safe.”

Kangamoo Indoor Playground’s customers, of course, are among them.

“It was terrifying to think of what we would have gone through that first day if we hadn’t had Axiom protecting our network,” said Mimi.  “To think of having to announce to customers that their information had been compromised a couple hours after visiting us for the first time—who would have trusted us again?  Imagine if we had to close our doors just as we were getting them opened!  We couldn’t be more grateful to Axiom for protecting our business and our customers—we’ll never be without this service.”

Axiom Cyber Solutions

Axiom Cyber Solutions is a Las Vegas-based cyber security company responsible for some of the most unique and most capable security appliances on the market. Axiom has a proprietary Denial of Service mitigation algorithm and currently produces the world’s most powerful DDoS mitigation appliance. Axiom also has a proprietary ransomware algorithm built into every device they produce that can stop nearly 100 percent of ransomware infections. Axiom focuses mainly on providing a low cost monthly subscription to small businesses that includes a $3,000 firewall at no upfront cost. Axiom then manages, monitors and updates that firewall for the business at a cost of under $200 per month.  For more information, visit www.axiomcyber.com

DIY Hacking (or “How to Build a Better Meth Lab”)

DIY Hacking (or “How to Build a Better Meth Lab”)

A few years ago I sat in an audience a bit shocked as I watched an Albuquerque Police Department officer show us how to build a meth lab. Systematically, he explained what parts were needed, where they could be purchased, the ingredients required, dangers to watch for, and then the actual steps to cook the meth.

To the typical law abiding citizen, it might seem inappropriate that something so harmful could be presented so casually. It also seemed a bit ironic to hear this from a police officer who works in the city recently made famous by the series Breaking Bad. However, he went on to explain that everything he had talked about was readily available on the internet and that accessibility is only contributing to the exponential growth of this serious problem.

Unfortunately, the same situation is true for cyber-crime. Today, you can Google “How to hack a network,” “How to DDOS a website,” or “How to crack a password” and easily find step-by-step instructions for doing so. For those who are more visual learners and would prefer videos, they are readily available on YouTube and even sub-titled for your convenience. All of this is freely and easilyaccessible on-line to everyone.

Of course, some people don’t want to learn all of the technical stuff and just want an “off the shelf” program to do it. These guys are known as “script kiddies” and have at their disposal a large number of effective, easily downloadable programs capable of breaching other’s networks and computers. Even more alarming is that now on the “dark net” they can launch a ransomware attack against the targets of their choice and hold computers locked and data encrypted until a ransom is paid.

But another option also exists.  Just like the guy who wanted Walter White to do all the dirty work for him, you can now simply hire someone else to hack a password, destroy a website, or launch a DDOS attack (for which you pay by the hour) all while you sit comfortably in your own home and watch reruns ofBreaking Bad.

My point is, we shouldn’t think that cyber-crime is going to get any better because it’s only becoming easier to do. There will always be the nation-states and organized crime syndicates (the “Walter Whites” so-to-speak) orchestrating massive cyber-attacks. But more and more there will be the “little neighborhood meth labs” – the DIYers – popping up and taking advantage of the ill-prepared.

Cyber-crime is not going to get any better because it’s only becoming easier to do.

So it’s important to have an effective, layered cyber-security defense in place – one that includes a powerful next-generation firewall, regular system updates and back-ups, current virus and malware protection, data encryption, network monitoring, and an interactive employee education program so that they are aware of the real and growing threat that exists.

If you would like more information on how we at Axiom Cyber Solutions can help you do this, email me at info@axiomcyber.com or call 1-800-519-5070.