Back-to-School Cybersecurity: What College Students Need to Know

Back-to-School Cybersecurity: What College Students Need to Know

“It’s that time of year again.”

Everyone is so original with their ad campaigns around this time of year. Nevertheless, August means that millions of students across the country will be going back to school. Among them, an astonishing 20.5 million university and college students will or already have started back in full force for the Fall 2016 semester in the U.S. alone. From seniors itching to graduate to wide-eyed freshmen trying to take it all in, universities are about to be jam packed with bodies eager to learn and have fun.

Amid the countless things packed in the bags of these students, a laptop, tablet, or some other sort of computer is essential for almost every single class, be it in-class or online. While the online components of college classes allow for more open communication between students, peers, and professors, there are some drawbacks to having all of these people online. Even though college-age students are generally more tech savvy than most other demographics, hackers and cybercriminals are targeting both the students and institutions alike more and more aggressively and there is a myriad of cyber threats that are trying to hurt or steal these students’ personal information.

Unsecured Public Wi-Fi Connections

While it is an incredibly convenient thing for students to be able to be connected on campus via free Wi-Fi, it could also potentially be extremely dangerous. The use of any public Wi-Fi connection, be it at the library, coffee shop, or anywhere else on or around campus, can be very risky because these networks are very rarely secured properly and consequently are a big target for cyberattack. Due of the openness of the connection, almost anyone who knows how could view what you are doing online while you’re connected.

The best way to avoid this threat is to not use unsecured public Wi-Fi. While this is a nice thought, it is not necessarily a realistic solution for all students, especially those that live on-campus. If you must use an insecure public Wi-Fi connection, make sure to not unveil any personal or financial information and only use secure, encrypted sites. Most universities do offer separate secure networks with a unique login for each student that is usually made up of either the individual’s student ID number, email address, or some other personal identifier. If your university offers such a connection, this is the best route to take.

Phishing Scams

Phishing attacks target different groups of people for different reasons. Email phishing scams that target college students are usually designed to try and steal personal information such as account names, passwords, and banking information.

The threat of phishing has been a big issue for North Carolina State University for several years now. N.C. State has seen rather targeted attacks where cybercriminals have performed reconnaissance to make their messages seem more realistic to students. Scammers have created virtually perfect copies of multiple N.C. State login pages with reference to the university and other specifics related to specific students’ involvement. With hackers working diligently to make their schemes appear legitimate, it is extremely important that students take defensive action against phishing scams into their own hands.

The first defense against phishing attacks is knowing how to identify them. If the message has an urgent request or is poorly worded, it is likely to be a phishing email. One thing that is fairly consistent in all emails of this nature is that they include a malicious link that appears to be legitimate. Students can verify the authenticity of a link by hovering his/her mouse over it. Scammers want to appear as true-to-the-original as possible, and will often use logos they find online. Examine these images to see if they are of the professional quality that your university would actually use, and this could be helpful in indicating a false sender.

The best plan of attack for combatting phishing emails is to not open any email from a strange, unrecognized source and report the incident to your university immediately so that your peers do not fall victim to this same scam.

Sextortion and Webcam Hacking

While it is pretty scary to lose your important personal and financial data, it is even more terrifying to have a cybercriminal harassing you by threatening to expose sexually explicit photos of you all over the internet unless you pay up or give them more photos. This cybercrime is called sextortion and some of its primarily targets are young people, specifically young women.

In May of this year, two students at George Mason University in Virginia reported to police that they were the victims of sextortion. Both victims claimed that their respective “sextortionists” demanded a $5,000 payment in lieu of him exposing the compromising photos online. This is a threat that the FBI says is increasingly growing and is in desperate need of being stopped.

There are a few ways to help combat this cybercrime:

  • Don’t send explicit photos of yourself to anyone.
  • Do not talk to people you don’t know personally online.
  • Turn off or cover your webcam when not in use—many cases of sextortion happen even if the victim has never sent out explicit photos. Hackers get into a person’s webcam and snap pictures without the target ever suspecting it. Just a piece of tape over the camera can be the difference between being safe or becoming a victim of sextortion.

Universities themselves are fighting cybercrimes like data breaches and ransomware that are targeting the student body as a whole—putting your and your classmates’ information in danger. Because of this, it is important for you to take your cybersecurity protection into your own hands. By taking a few simple steps, you can protect yourself against lurking hackers in a café, scammers trying to steal your information via phishing emails, and sextortionists who only want the worst out of you. When you protect your personal cybersecurity, you can truly enjoy the best years of your life without worrying about your personal data.

 

Hailey R. Carlson | Axiom Cyber Solutions | 8/25/2016

Image Source

Why is cloud security not a good thing?

Why is cloud security not a good thing?

With everyone moving to the cloud, internet service providers will try to sell you on a cloud based firewall. There are hundreds of companies that will scrub your traffic “in the cloud” before it comes into your business.

The benefits are obvious. No need for expensive on premise firewalls. No need for an IT professional on staff to manage, monitor and update security equipment. Your internet traffic will magically be cleansed of threats by the cloud security police and you will only receive the cleanest, purest internet traffic.

There is only one problem with this. Hackers don’t play by the rules!

Just like a traffic cop, your internet service provider directs traffic through their cloud scrubbing center and then on to you. Your internet traffic has to follow very specific routes designated by your internet provider. Hackers don’t follow red lights, yield signs or wrong way signs.

In 100% of businesses there is a router placed there by the internet service provider. This device is the internet handoff from the ISP to the business. Hackers target these devices via unique identifiers, MAC address or IP address. Even if these devices are hidden by the ISP, hackers have tools to identify them. They then attempt multiple attack schemes to gain access to this device.

If they are successful, they own 100% of the business network. Remember that you have moved your firewall into the cloud. There is no longer a firewall at your edge to protect you. Just like the gate to your castle, you can’t remove it and assume the traffic cop down the street will keep the bad guys out.

This is where Axiom excels. With our SecureAmerica® program, we provide you with a fully configured firewall for your edge. It is the first stop into the business and the last stop out. We monitor threats coming in and going out to protect your business from Ransomware, malware, intrusion attempts, cross site scripting, SQL injections, distributed denial of service attacks and many others.

The secret is in the automation we have built into the threat intelligence gathering and deployment. Axiom’s customers get updates to their firewalls every ten minutes based on real world threats that are identified by global agencies such as the FBI, Homeland Security and the IANA. Other companies wait 3 months or longer to patch holes in their firewalls, leaving them vulnerable to attack. Our proprietary update automation collects this data from trusted sources in real time and creates a firewall update via an ETL process (Extract, transform, and load). That update is checked for integrity and quality assurance and then pushed to our entire client base every ten minutes meaning our customers are on the cutting edge of protection. If a threat is detected by one of our client’s Axiom firewalls and it meets the threshold of a verified attack, the entire ETL process begins again, building a custom update that is pushed out to all of our client base within ten minutes. As our clients grow, our artificial intelligence engine will become smarter, creating a community of well protected and happy clients.

Our team of cybersecurity experts monitor clients 24 hours a day to ensure protection is up to date and none of our clients are under attack. All updates, monitoring, configuration, support, reporting and the equipment is included in our monthly subscription prices. Protection starts at $199 per month. At that price, who could afford not to have Axiom SecureAmerica®?

Scammers Go for Gold: Rio 2016 Olympics Cybersecurity

As the Olympics draw to a close this coming Sunday, we can reflect on these two weeks full of the sport, glory, and friendly competition that the Games are meant to bring to the world stage. However, this year’s Olympics in Rio De Janeiro have also been riddled with security threats. Be it participants & journalists being robbed at gun point when venturing outside of the Village at night, terrorist threats, or multiple limbs washing ashore on Rio beaches—these Olympics have been full of terrifying surprises. But one of the greatest dangers facing the Games that does not get as much attention is cybersecurity. Any event that is presented on such a grand scale attracts not only millions of spectators, but hackers as well—and none are quite as famous as the Olympics.

Cyber intelligence companies and western government officials warn that the two-week sporting festival, which began last Friday, could lead to some of the highest levels of cybercriminal activity in years.” — Financial Times

Phishing

Brazil is known for having one of the weakest cybersecurity defenses year round, so having the public eye completely focused on them means a challenge for cyber experts in the country and across the globe. The biggest cyber threat facing people in Brazil and around the world is phishing. In fact, Kaspersky Lab has seen an 83% jump in phishing attempts surrounding the months leading up to and weeks during the Olympics. Scammers are doing this by buying low-cost SSL certificates to make their fake websites appear authentic and trustworthy by using domains that include “Rio” or “Rio2016” and many are using these malicious URLs as a delivery method for ransomware.

Many of these phishing scams include fake ad banners that have similar logos to the Official Rio 2016 sign. Some make bogus promises like the recipient of the email has won an all-expenses paid trip down to Rio for the Games in a lottery-style announcement, while still others claim to be selling magic pills that would allow the user to become an “Olympic-level Athlete.” While these situations are ridiculous and even laughable, far too often, people click on the links only to find those hopes have been squashed.

How to avoid: The best way to avoid being caught in a phishing/ransomware scam is to not click on any email or links sent to you by people you do now personally know. If you do decide to click on a link, make sure that it has the secure “https” in front of the web address in order to ensure its validity. If an email from a random person seems too good to be true, it likely is.

Fake Rio 2016 Apps

In addition to the email phishing scams surrounding the Olympics, the Rio 2016 app—meant to keep fans and spectators up-to-date on things like breaking news and medal count per country—has 4,500 copycat versions across Android and iOS platforms that are malicious and could potentially put your smart phone at risk. Many attempt to take over the infected phone or the victim’s social media accounts and some steal data right off of the smartphone itself. If a victim had sensitive information on her phone such as banking information, this would have been an even greater loss all because of a malicious app download.

How to avoid: The best way to avoid this is only downloading apps from trusted sources and not third-party app download providers. Of course you want to stay updated on just how many medals Simone Biles or Michael Phelps have won, but by using the legitimate Rio 2016 app, you can feel more assured that your phone is not compromised in the process.

Tourist Cyber Threats

Now, for those who decided to make the once-in-a-lifetime trip down to Brazil to witness the Games in person, there are many different, targeted threats that you may be facing. Bank fraud, insecure Wi-Fi, and stolen electronics are among the biggest threats to tourists at the Summer Games this year. Here are some tips for avoiding these in-person cyber threats:

How to avoid:

  • Don’t use insecure Wi-Fi—Especially for sensitive professional or personal information, using unsecured Wi-Fi connections could result in your data being compromised and possibly stolen. Use this time for vacation and not work so as to protect your employer and the company you work for.
  • Keep your electronic devices with you at all times while traveling—Our mobile devices have so much personal information on them now, so by keeping them on our person or somewhere else where we know they will be safe, we can lessen our chances of data being stolen in that way.
  • Do not give out your information to anyone who does not need it—Banking, personal, and other information could be dangerous if they fell into the wrong hands. Make sure you do not give any of this out to people who are not required to have access to it. Giving out your bank information specifically, is a surefire way to get your accounts wiped out or other information linked to them stolen or compromised.
  • Monitor your bank accounts while abroad—Though you should always monitor this information, when travelling it is especially important to be aware of when your money is going. If something looks fishy, notify your bank immediately. When in doubt, exchange your money for the local currency so as to further protect your bank accounts.
  • Keep your passport close and other IDs close—Though this has less to do with cybersecurity and more personal security, in addition to bank fraud, your passport in the hands of a criminal makes it that much easier for your identity to be stolen. By keeping your passport safe, you’re protecting yourself in the long run as well.

The Olympics are meant to promote unity across nations through friendly competition, but hackers will always view global events such as this as huge targets for attack. By being informed and informing others of potential risks, we can help protect against these threats and enjoy the Games as they were meant to be enjoyed.

 

Hailey Carlson | Axiom Cyber Solutions | 8/18/2016

Image Source

Why is HIPAA Data so Valuable to Hackers?

Why is HIPAA Data so Valuable to Hackers?

One of the few things that we all have in common is that we need to take some degree of care when it comes to our health. Healthcare providers—like doctors, dentists, nurses, and more—are there for us to take advantage of their extremely vital services in order to keep up with all aspects of our health. In order to properly know our healthcare needs, these providers need to have some pretty sensitive information about every one of us. But what if that very sensitive information was stolen by cybercriminals with plans to distribute it across the dark web? That’s exactly what could happen when healthcare providers fall victim to a data breach.

Stats

Figure 1: Total HIPAA Compliance’s List of 2015 Healthcare Data Breaches

 

In 2015, the healthcare industry saw more data breaches than any other industry—you can see some of the biggest breaches in Figure 1 above—and data breaches have cost the healthcare industry upwards of $6.2 billion over the last two years. Hackers and cybercriminals target healthcare providers because of the valuable information they have on their patients, often referred to as protected health information (PHI), personally identifiable information (PII), or HIPAA data. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the goal of protecting this PHI data and is a regulatory standard across the healthcare industry to this date.

 

Data protected by HIPAA includes health status, provision of health care, or payment for health care that can be linked to a specific individual. This data is valuable to healthcare providers because it is individually identifiable health information related to the patient’s past, present, and future medical conditions—this means it helps the doctor or dentist to make informed decisions about what their patient’s needs are and what means of medical attention are necessary to address these requirements. This is the good side of HIPAA data. However, hackers want this information just as much as healthcare providers, but for a few different reasons.

 

HIPAA data is attractive to hackers and other cybercriminals because it is one of the biggest gateways into stealing a person’s identity.  Even more than credit card information, medical data is the easiest way to steal a person’s identity because of the sheer amount of information that is readily available. Medical records include sensitive information like patients’ full names, social security numbers, credit card numbers, signatures, and more—everything a malicious person would need to steal a person’s identity, or in the case of a data breach, multiple people’s identities. Unlike credit card-induced identity theft, ID theft via stolen medical records does not show up as quickly as credit card fraud. In addition to this fact, healthcare information sells online for ten times that of credit card data.

 

In addition to stealing identities, hackers can utilize HIPAA data that is stolen in health insurance and Medicare fraud. Dark web users who buy full medical files could use patient numbers with false provider numbers to file fraudulent claims with payers. When they do this, the victim does not know about the fraud because bills are being sent to his medical provider without his knowledge and the insurance provider does not know that he is not the one filing.

 

With all of this information needed by healthcare providers, it is their duty to their patients to protect this data. Here are a few ways healthcare providers can protect their PHI from data breaches and attack:

 

  1. Educate staff members—Education is key in all aspects of life, but protecting data is one of the biggest areas where education is required. When staff members know what is and is not HIPAA data, they can take the necessary amount of care in keeping that data safe. Phishing is one of the main ways hackers get into hospitals’ networks, so informing employees of things to look for that could potentially be malicious is vital when it comes to securing your information.
  2. Consider EncryptionBe sure to encrypt both your hard drive and any electronic communication that you can. When hackers have to work harder to get your data, they are likely to skip you and move onto the next, more vulnerable victim.
  3. Protect your network—Having multiple stages of protection is key to keeping your PHI and HIPAA data secure. This includes wired networks, wireless networks, and connected medical devices via IoT. One of the best ways to do this is by installing a next-generation firewall. Axiom Cyber Solutions offers its SecureAmerica® Firewall as well as HIPAA compliance help as a partner to those healthcare providers that need to be HIPAA Compliant.

 

It is important to secure your networks in any industry, but it is even more crucial in those industries where real customers and clients could be compromised in the event of a breach of security. Healthcare has faced many hurdles in cybersecurity recently, but hopefully by creating multiple barriers for hackers to overcome, the industry will see a turn for a safer, more secure environment.

 

Hailey Carlson | Axiom Cyber Solutions | 8/15/2016

Image Source

IoT: The Internet of Things, or the Insecurity of Things?

Everything is connected in 2016, it seems. What many people do not know is that this connectivity of everything through the internet is called IoT, or the Internet of Things. Any device connected to the internet is considered an IoT device. There are the connected things you’d expect like smartphones, tablets, laptops, and even gaming consoles, but there are somewhat less conventional devices as well. These are the things that a few years ago, we’d never have imagined would be connected to the internet—like cars, drones, solar panels, toys, and more—anything made with built-in Wi-Fi capabilities and sensors is a part of the IoT.

Cars

While it is amazing that so many things are now connected via IoT, this also means that all of these devices are vulnerable to hackers. For example, vehicles have become a big target by cyber-criminals recently because many newly released cars have on-board Wi-Fi.

Last year, Charlie Miller and Chris Valasek were able to remotely hack into a Jeep Cherokee’s entertainment system which allowed them access to dashboard functions, steering, brakes, and transmission—all while it was going 70 mph. Hackers were even able to hijack a big rig’s accelerator and brakes just last month!

In addition to on-board Wi-Fi, automotive leaders and innovators like Tesla have implemented an autopilot feature on their newest Tesla S model. While this is an amazing feat that gives us some insight into the future of transportation, in May of this year, a Tesla S in autopilot mode failed to detect, and consequently ended up cutting off, a tractor-trailer, running it off of the road and killing the driver. Though this was of course accidental, researchers at universities in South Carolina and China have found that they could trick the car’s autopilot sensors into thinking objects were present when they weren’t or made them fail to sense real objects that were there. Were they malevolent, they could have caused accidents that could have killed several people. This is why IoT security is so important.

Solar Panels

At this week’s BlackHat conference in Las Vegas, experts plan to discuss the growing security threats to IoT. Security researcher, Frederic Bret-Mounet, scheduled to speak on Friday, has been able to hack into his own solar panels.

Had he been malicious, Bret-Mounet realized that he could have overheated the panels to the point of being knocked offline—or worse, installed spyware which could have watched and listened to all that he and his family did in the privacy of his own home. This is something many people would not expect needed protection because they are unaware of the cloud connectivity of these devices.

Medical Equipment

As scary as it might be to think of your car, big rig, solar panels, or toys being hacked, it is even more terrifying to think of what malicious people might do to connected medical equipment. A Kaspersky lab researcher found that he was able to hack into a hospital’s Wi-Fi and utilize that connection to get into an MRI machine. “It was scary because it was really easy,” he explained. He goes on to say how a hacker could have changed a person in the hospital’s system to be categorized as ‘well’ when they are in fact still very ill, or vice versa. The fact that human being would do this is reprehensible, but that fact remains that the IoT of the medical devices on poorly-secured networks is leaving people not only vulnerable to cyber-attack, but could have fatal, life-changing consequences as well.

Protecting your IoT devices

While IoT security threats can be intimidating as they threaten every Wi-Fi enabled aspect of our lives, there are still a few things we can do in our own lives to help better protect against such attacks:

  1. Do your research before purchasing IoT products—Many people just buy what looks nicest or is most affordable when it comes to buying a new item with a variety of different options to choose from; however, when it comes to buying an IoT product, looking into the security or lack thereof in a product could be the difference in having peace of mind or worrying about your family’s household security.

Video baby monitors are a big concern in this area. These sorts of monitors are gaining popularity because they allow parents to watch their babies from almost anywhere to make sure they’re getting a good night’s sleep. But if this monitor were to be insecure, hackers—or worse, predators—could potentially watch or even talk to your baby. This is why it is so important to make sure that the IoT devices you are buying are secure.

  1. Do not use the default settings—Though this might take some more time than some like to put into their new product purchase, changing from the basic, factory-installed default settings makes it harder for hackers to get into your IoT products. Simple steps like these could mean the difference between being secure or being hacked.

 

  1. Use secure Wi-Fi connections—Free, public Wi-Fi, though convenient, is rarely properly-secured. Using your IoT devices on this kind of network could result in higher likelihood of cyber-attack.

 

  1. Turn off your devices when not in use—Devices that are allowed to run all the time, even while no one is using them, not only drains their battery lives, but can result in an insecure connection for hackers to be able to attack. This is one of the easiest steps a person can take, and yet it is one that is often overlooked. If your device works without an internet connection as well, simply disconnecting it from the internet when those features are not needed can do the same thing for your IoT security.

 

  1. Password protect anything and everything you can—Though passwords are not the only line of defense which should be taken in securing your IoT devices, adding in this extra security step makes hacking into your devices that much more difficult.

The Internet of Things has connected so many new and unique devices, but it has also exposed them to a myriad of new attacks. Staying informed on the latest IoT news and what hackers are coming up with are some of your greatest defenses in cybersecurity. To find out more about how to protect the things you hold near and dear, contact us at https://axiomcyber.com/ or (800) 519-5070.

Hailey Carlson | Axiom Cyber Solutions | 8/5/2016

Image Source