Author Archives: Hailey Carlson

The Real Costs of Cyber Attacks

The Real Costs of Cyber Attacks

Cyber attacks constantly top the news headlines–be it yet another massive data breach for Yahoo! or the findings that ransomware can now infect Smart TVs running Android OS, our world seems to always be threatened by some sort of cyber phenomenon or another. These cyber attacks threaten companies with their various costs, both measurable and immeasurable, and some of the most common costly cyber attacks are DDoS attacks, ransomware attacks, and data breaches.

Distributed Denial-of-Service (DDoS) Attacks

A distributed denial-of-service, or DDoS, attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. This is done by malicious actors to prevent legitimate users from accessing a website. When this type of attack occurs, it can either be meant to flood the company’s network infrastructure to block connections to the entirety of its site or more targeted at specific applications to block company use–and sometimes it can be both. When a company experiences a DDoS attack, it is important for them to know the costs involved.

The biggest costs surrounding a DDoS attack are related to getting the business’ domain operational again–meaning lots of money and time must be dedicated to fixing the issue. As of 2014, the average hourly cost to a company to try and mediate a DDoS attack was $40,000 an hour; as the the number of occurrences and the strength of DDoS attacks has increased since then, it is likely that this cost has risen as well. With two-thirds of attacks lasting 6 hours or more (16% of which lasted 1 to 7+ days), it is obvious that this can be a hefty price for a company to pay.

DDoS attacks are fairly preventable compared to other cyber attacks, and one of the best ways to prevent an attack is through early detection. Costs surrounding a DDoS attack can be reduced significantly with early detection, and there are simple steps a company can take in order to fight an attack once one has been detected. Companies can run a script on their servers that sends a message periodically with the recent traffic count. Monitoring and managing traffic is essential in preventing a DDoS attack. Once a pattern has been recognized, it is important for the bad traffic to be blocked without blocking those legitimate users who wish to access the site. It is important to be ready with strong incident response and DDoS mitigation plans in order to prevent the costs incurred by your company from getting out of hand.

Ransomware Attacks

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money, or ransom, is paid. Though now primarily known by this definition as a cyber crime, ransomware has been around since before the internet gained its popularity. Since then, the threat has grown drastically with the flourishing of the Internet, not only in its complexity but in its reach as well. 2016 experienced record amounts of complex ransomware attacks–with attacks totaling over $1 billion as of September 2016 for the year and an average of 4,000 attacks each day in the United States alone. While it is known that one of the costs surrounding ransomware is the actual ransom paid to the criminals in order to regain access to a company’s precious files, there are other hidden costs that are important for organizations to know about as well.

According to a survey conducted by the market research firm Vanson Bourne on behalf of SentinelOne, it takes an average of 33 man hours for an organization to recover from a ransomware attack. Researchers who conducted this survey make the assumption that the average employee makes around $20 per hour, meaning that this cost alone is more than $6,000 for each attack, and this varies based upon the company’s size and the employees’ actual rate of pay. Ransoms are commonly collected in the form of Bitcoin, a digital currency that uses encryption, created and held solely online. The average ransom is worth around 1-2 Bitcoin, and the current exchange rates show that the currency is worth over 1,000 USD per coin–but some especially malicious hackers charge their victims even more to regain access to their important and private files.

Similar to handling a DDoS attack, prevention is preferable to reaction when it comes to combating ransomware. By setting up a plan that includes the use of an antivirus and malware software, keeping all of your operating systems and computers up-to-date, enabling automatic updates, the use of a pop-up or ad-blocker, use of strong and unique passwords, and avoiding suspicious links and emails, you can prevent ransomware from infiltrating your company to begin with. The greatest defense you can have is a strong, managed firewall, as well as cyber-aware employees.

Data Breaches

The cold, hard truth about data breaches is that most IT professionals adhere to the belief that it is not a matter of if a company will be affected by a data breach, but rather when–and 2016 was not exempt from this belief either.

According to the 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute, the average cost of a data breach in 2016 was $4 million, with the average cost per record stolen in a data breach for this time being $158 (an increase of $4 per record from last year’s average); this cost was even greater for the healthcare and retail fields, at $355/record and $172/record respectfully. Costs associated with data breaches continue to climb yearly, so this Ponemon Institute Study took a look at why exactly this is occurring.

Researchers found three major causes for this hike in costs surrounding data breaches:

  1.  Nearly half of all data breaches are malicious attacks— Forty-eight percent of data breaches for 2016 were criminal and malicious attacks. This type of breach takes the most time to detect and contain, and this extra time devoted to remedying the situation results in a higher cost per record stolen. Since professionals believe it is only a matter of time before your company is hit with a data breach, it is important to prepare for the inevitable attack. By accepting that a breach will occur and creating a plan of action for when it does, you can protect your business from getting hit as hard as it might have been without proper preventative measures put in place.
  2. Costs surrounding lost business have increased As with other attacks, when a company faces a data breach, some of their customers will see this as a major fundamental flaw with the company itself and consequently, these enterprises will experience lost business. This is the biggest financial consequence to organizations that have experienced a data breach. Because of this cost being as significant as it is, after a company experiences a data breach, it is essential that they take steps to help retain customers’ trust in order to reduce the long-term financial impact.
  3. The cost of quality threat detection is growing rapidly— When a data breach is threatening an organization, the company needs to handle the situation as though it is a First 48 investigation–the more time that passes without a solution to the issue, the harder and more costly it becomes to resolve. According to the Ponemon Institute Study, detection and escalation costs have increased each year they have conducted this study, which suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a breach. Companies who feel as though quality threat detection and escalation are out of reach for them financially can find an external cybersecurity management partner to help protect the organization from attack.

These threats, as well as others, torment businesses year after year, costing them millions upon millions of dollars as well as significant chunks of their time. It is important for businesses to be prepared to prevent each attack as much as they possibly can in order to keep their customers’ trust and reduce the costs surrounding such a devastating event as a cyber attack.

Hailey R. Carlson | Axiom Cyber Solutions | 01/02/2017

Hackers Can Now Use Your Own Headphones to Spy on You

Hackers Can Now Use Your Own Headphones to Spy on You

zzzA few months ago, a photo of Mark Zuckerberg found its way circulating around the Internet. The image (left) features the Facebook CEO positioned in front of his laptop, posing with a huge frame to celebrate Facebook-owned Instagram reaching 500 million users earlier that week. What made this photo the talk of the Internet wasn’t due to “the Gram’s” success, rather everyone was focused on the tape covering Zuckerberg’s webcam and microphone.

Though some called him overly paranoid for believing hackers were really watching his every move and listening in on his private conversations, this fear has been realized as hackers have created a malware that spies on you, not through your webcam, but via your microphone.

A malware, dubbed “SPEAKE(a)R,” converts your headphones into makeshift microphones that can spy on you and record your conversations without you even knowing it.

SPEAKE(a)R, developed by researchers in the Cyber Security Research Labs at Israel’s Ben-Gurion University, was created to show how hackers who are determined to do so could find a way to slyly hijack a computer to record audio in secret. Those who find themselves even more mistrusting of their computer’s microphone than Zuckerberg have gone to such lengths as disabling or completely removing the microphone from their computers; however, this defense does not match up to this malware. The malware alters the speakers in headphones and repurposes them to be used as microphones, “converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.”

SPEAKE(a)R can infect those headphones with a built-in microphone channel on the wire, such as Apple’s EarPods, as well as the old school versions without such advancements. The way it is able to do so it that the malware capitalizes on a feature of RealTek audio codec chips that is not commonly known. Hackers use this vulnerability to subtly change the computer’s output channel into an input channel. This allows the malware to record audio through any headphones plugged into a computer–a scary thought because these RealTek chips are extremely common. So common, in fact, that researchers have found that the attack could potentially infect almost any desktop computer, regardless of its operating system.

You can see this malware in action below:

As you can see above, the sound is initially recorded via a connected microphone; however, with the microphone turned off while still plugged in and even when it was unplugged entirely as well, the computer can still pick up the music from across the room when the SPEAKE(a)R malware converts the output channel to an input one, all because headphones are still plugged in, continually eavesdropping.

Currently, there is nothing short of entirely disabling all audio input and output from a computer as far as a defense against this vulnerability is concerned. RealTek and other audio codec chip creators can only prevent this from happening in the future by redesigning chips with a higher level of security. Until then, even going to such lengths as removing microphones will not be effective if you leave your headphones plugged into the computer.

Hailey R. Carlson | Axiom Cyber Solutions | 12/28/2016

Cyber-Aware Employees: A Company’s Greatest Asset

Cyber-Aware Employees: A Company’s Greatest Asset

Cyber security professionals often harp on the importance of businesses adopting the latest technologies–Next-Generation Firewalls, cloud-connected-everything, two-factor authentication, and much, much more– to protect their enterprises from attack; However, none of these defenses are effective in the least if their operators are not aware of the vulnerabilities and threats that face them. Who are these operators? Your employees–and they need to know how to protect themselves and your company from attack.

Employee error was sited as the number one cause of data breaches in 2015, and though a small portion of these might have been caused intentionally by malicious employees, IT pros believe that nearly 80% of breaches they deal with are caused by employee negligence and lack of cyber security knowledge.  As Sir Francis Bacon and the characters on Schoolhouse Rock have taught us all, knowledge is power. It’s the kind of power that, when spread to others, makes us all stronger as a unit–and this applies to companies as well. You can strengthen your company’s overall cyber security defenses by educating your employees with these helpful tips:

Implementation of Password Best Practices

Almost every one of us could fill a Rolodex with the number of websites we subscribe to which require some sort of password to access the specific account, so it seems obvious that password security is a key issue when it comes to protecting yourself while online; however, in a world where ‘123456’ and ‘password’ still top the list as the most popular passwords, it is worth reviewing with your employees some of the ‘password best practices.’

  • Create unique, strong passwords for each accountEmployees should create passwords that are longer than 8 characters in length, have a combination of letters, numbers, and symbols, and these passwords should not contain “guessable” words and phrases, such as employee’s username or the company name.
  • Change passwords oftenOf those surveyed, 76% of employees are prompted by IT to change passwords on work accounts every 1-3 months. This not only allows for current employees to protect their active accounts, but it gives the IT department the ability to detect dormant accounts which are often the gateways which leave a company vulnerable to attack.
  • Require multi-factor authenticationIn addition to passwords, many companies require their employees to enter in another identifier in order to indicate their true validity. These include things such as a time-sensitive code, facial recognition, fingerprints, and even retina scan.

Training of All Employees

  • Have a cyber security plan–All companies should have a strong cyber security plan in order to protect their business. Many people think that the IT department of a company is the only place where people need to be well-versed in all that is cyber security, including knowledge of the company’s cyber security plans; however, the reality is that protecting a company on the cyber front is the responsibility of all employees. Pat Toth, a Supervisory Computer Scientist at NIST, said, “You can’t just rely on one person in a 10-person company; everyone needs to have a good understanding of cybersecurity and what the risks are for the organization.”
  • Educate everyone–Toth’s sentiment not only applies to lower level employees, or even solely to mid-level employees and below–Everyone from the CEO on down to the newest employee should be knowledgeable, not only of the corporation’s cyber security plan, but also current cyber threats and how to identify them.
  • Threat awareness & testingRansomware and DDoS have plagued companies more than ever in 2016, and the primary way they got access to private information has been through phishing schemes. Phishing occurs when impostors pose as reliable entities, such as banks, universities, or other well-known companies, via electronic communication, to solicit personal information which they can then use to steal people’s identities or infect their computers with malware. Employees receive emails with a suspicious link and when they click on it, they are infected with some cyber-attack which can either leak data from their own computer, or give the hacker unauthorized access to vital information. It is important for corporations to train their employees to be able to spot such threats. Companies like J.P. Morgan have taken a different approach to training employees on this when they sent out fake phishing emails to employees shortly after training them on the cyber-scheme. They were able to trick 20% of their employees–a scary thought when factoring in the massive size of the company.
  • Secure handling of sensitive dataEmployees need to know how to handle your company’s sensitive data. Be it digital encryption or hard copy paper shredding, employees need to take every precaution when it comes to protecting your data. Though it is important for employees to do things such as back up information to an external hard drive, they should be responsible in making sure that that is not stored in an easily accessible place.

Promotion of Open Communication Among All Employees

If an employee finds a suspicious email in their inbox, they should feel comfortable verifying its validity with others. It is important for employees to be able to ask questions when they are in doubt, as this shows that they have paid attention during training sessions and don’t want to do something that would put the entire company in jeopardy. Promoting open communication about cyber security best practices among all employees will help them to learn from and teach each other, making every member of the company cyber-aware.

Educated employees are able to recognize threats and they continually take simple steps that allow them to practice strong cyber security defenses– if you fail to teach your employees how to defend against attack in the first place, it is not them who have failed the company, rather you. By making your employees cyber-aware, you can protect your business better than with any other piece of machinery. Employees don’t have to be tech savvy to be technologically responsible and aware of their impact on the company’s overall cyber security.

For more tips on how to keep your employees educated on the latest cyber security threats, read Employees: The Greatest Risk and Defense In Cyber Crime, written by Axiom Cyber Solutions President, Shannon Wilkinson.

Hailey R. Carlson | Axiom Cyber Solutions | 12/22/2016

The Worst Data Breaches of 2016

The Worst Data Breaches of 2016

2016 has been quite an interesting year for cybersecurity. Not only was it among the most hotly debated issues in the Presidential election, but the industry itself has seen much activity, both good and bad. Efforts were made to shrink the cybersecurity skills gap,  there was a significant increase in common knowledge of various types of cyber-threats, and combating cyberbullying is set to be one of the main areas of focus for First Lady-elect, Melania Trump.

Despite this prosperity, however, there have been more ransomware attacks and data breaches affecting companies across all industries in 2016 than ever before. Among the most affected are technology, government, and healthcare, and this means that almost all of us could possibly have been touched by one data breach or another. Among the largest data breaches disclosed this year are the multiple Yahoo breaches, the numerous breaches within the healthcare industry, and there was even a breach on the country’s maritime defenders, the US Navy; Each of these has its own precious data that should have been protected. Here, we take a closer look at a few of 2016’s worst data breaches as well as what companies can do in the event they are attacked in the future.

Yahoo!

Breaking earlier this week was the news of yet another Yahoo data breach; only this time, it’s record-breaking. Over one billion (yes, billion with a ‘B’) accounts were compromised in this hack back in August of 2013. This news, coming on the heels of a different breach that affected over 500 million Yahoo users in 2014 (disclosed in September of this year), has turned many against the company, causing the public to discredit the company almost entirely, seeing as their lack of cyber defenses put over a billion of us at risk.

Not only did Yahoo put over 1.5 billion people’s data in the hands of cyber-criminals, but the type of data that was leaked is extremely private information. When asked about the 2013 data breach, Yahoo said, “The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (an original string of data that is converted into a seemingly random string of characters) and, in some cases, encrypted or unencrypted security questions and answers.”

As though this isn’t bad enough, of those email accounts that were affected, over 150,000 came from FBI, CIA, White House, and other government and military employees. This means that this data breach has put not only the public’s personal information at risk, but also information related to our national security. “It’s a leak that could allow foreign intelligence services to identify employees and hack their personal and work accounts, posing a threat to national security,” a Bloomberg article noted on the Yahoo breach.

Yahoo plans to contact to those users who might have been affected in either of these breaches via email. The company also provides a help link to aid users in recognizing whether or not their accounts have been hacked. Yahoo says that if any of the following are true of your account, you should update your password and recovery information with them.

  • You’re not receiving any emails.
  • Your Yahoo Mail is sending spam to your contacts.
  • Your account info or settings were changed without your knowledge.
  • You see logins from unexpected locations on your recent activity page.

The Healthcare Industry

Healthcare was affected by cybersecurity threats heavily in 2016. Hospitals and other providers were the primary targets of ransomware threats and there were a significant amount of data breaches as well. Though no single breach came anywhere close to the number of infected users as the Yahoo breach, there were many breaches that resulted in the number of users infected adding up quickly.

The largest of these breaches was against Banner Health in Phoenix, Arizona, which impacted 3.62 million individuals. The breach happened over the months of June and July earlier this year. Banner Health discovered unusual activity on its computer servers in late June and found evidence of two attacks. In these attacks, hackers accessed both patient records and credit- and debit-card transaction records from customers who had purchased food and beverages at the hospital. They sent physical letters in the mail to their affected customers to notify them of the breach, but the center’s image took a serious hit after exposing so much of the Phoenix area’s data.

The most recent healthcare related data breach, that hit Quest Diagnostics earlier this month, only exposed 34,000 users. Even though this is a small number compared to some of the other breaches, there are tens of thousands of people whose information is now at risk. Because of this breach, as well as the build up of others in the medical field this year, cybersecurity professionals are devoting much of their work toward protecting the healthcare industry in the future.

U.S. Navy

As though it is not bad enough that the medical field has been so highly targeted by this type of attack, the U.S. Navy was hit by a data breach this year as well. Personal data for more than 134,000 sailors, past and present, was exposed in this breach, including names and social security numbers. The breach occurred because of an unsecured Hewlett Packard Enterprise (HPE) laptop. HPE told the US Navy that one of its laptops operated by a contractor had been “compromised,” however it didn’t provide any further information about how the breach.

Though The Naval Criminal Investigative Service claims that none of the exposed data has been used for any malicious purposes, it has been access by “unknown individuals,” so the Navy is taking this breach very seriously. Navy personnel boss Vice Adm. Robert Burke said in a statement”…this is a matter of trust for our sailors… We are in the early stages of investigating and are working quickly to identify and take care of those affected by this breach.” Similarly to Yahoo, the Navy plans to email those who might have been affected by this breach in order to prevent any further damage from happening.

How to Avoid Data Breaches in 2017

IT professionals generally emphasize prevention when it comes to securing your company against threats in the cyber-realm, but there is a consensus among these professionals that it is not a matter of if your company will face a data breach, rather when.

Though this may sound ominously pessimistic, it doesn’t mean that you can’t prepare in some way to secure your company and its customers so that they survive the breach unscathed. There is not one single way that this can be accomplished, but by implementing the tips below, your company can fight back and protect its important data when hit with this inevitable hack.

  1. Breach acceptance–When it comes to data breaches, preventative measures have seldom worked in the passed, this is why it is important for companies to accept that a data breach is unavoidable. By accepting the breach, your organization can create a plan to handle this inevitable attack.
  2. Locate your critical data and encrypt it– Encryption of data makes it harder for cyber criminals to steal it. Figure out where your important data, such as names, social security numbers, bank account information, passwords, and other personally identifiable information (PII), is stored and make it as secure as you possibly can.
  3. Store and manage encryption keys– Keep keys secure, in a vault, away from any encrypted data. With these vital keys to your customers’ encrypted data, you need to protect them, so as people come and go from your organization, be cautious as to who you share this key with. Implement a process to limit, change, and revoke any keys from those who have access to them in order to better protect this data. Do not allow anyone to make copies of this sensitive information.
  4. Control user access– Determine who should and should not have access to your data. Implement strong authentication processes for those who you have approved access, so as to make it harder for cyber-crooks to gain access to your data.

Data breaches are going to happen, but by being prepared for when they do hit, your company can be protected. Not only will its client data be secure, but it can also save your company time, money, and prevent a blemish to its public image.

To stay up-to-date on recent data breaches across all industries, click here. To learn more about how Axiom Cyber Solutions can aid in your company’s preparations against data breaches, email us at info@axiomcyber.com.

Hailey R. Carlson | Axiom Cyber Solutions | 12/16/2016]]

“Name Brand” Malware: Malware Variants You Should Know

“Name Brand” Malware: Malware Variants You Should Know

Malware, short for ‘malicious software,’ is a type of software meant to harm computers and computer networks. We hear about different types of malware, such as botnet malware and ransomware, and different variants of those types of malware as well; but do we know enough about those malware currently threatening us? Here, we take an in-depth look at three of the most talked about malware of 2016.

Mirai Botnet Malware

Mirai is the Japanese word for the future, fitting, in that this is one of the most advanced types of malware yet. This malware, created in August 2016, turns any Internet of Things (IoT) device running Linux into a remotely controlled bot, or application that performs automated tasks, such as setting an alarm, that can be combined with other bots and used as part of a botnet in large-scale network attacks. Though these bots are meant to make our lives easier, they are often not properly secured and can consequently be used in malicious attacks. The most notable use of Mirai botnet malware in an attack happened in October of this year in a Distributed Denial of Service (DDoS) attack against domain name service (DNS) provider, Dyn.

Dyn, the DNS provider for major websites including Twitter, Netflix, Reddit, and Spotify, was attacked by one of the largest DDoS attacks to date, an attack that was fueled by Mirai-infected IoT devices including Internet-enabled DVRs, surveillance cameras, and other Internet-enabled devices. Because of all of the popular websites it affected, this Mirari botnet attack is considered the attack that ‘shook the Internet.’

Mirai easily infects its victims because IoT devices are some of the least protected things out there. The only way as of right now to combat this malware is to secure your IoT devices in various ways.

Locky Ransomware

Scanning the news online with just the search term ‘ransomware,’ delivers a whole host of recent ransomware variants that are threatening our files. One of the variants that is most common among these search results is ‘Locky’ ransomware. This strain of ransomware is titled as such because it renames all of your important files so that they have the extension .locky.

The most common way that Locky infects your computer is via email. What happens is that the victim receives an email containing an attached document (Troj/DocDl-BCF) that is an illegible mess of odd symbols. The document then advises you to enable macros if the ‘encoding is incorrect.’ Seeing that the message on the document file is indiscernible to the reader, he or she will likely enable these macros, resulting in infection. If the macros are enabled, the text encoding is not actually corrected, instead, code inside of the document is run which then saves a file to disk and runs it. The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks, which could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW); Locky then scrambles all files that match a long list of extensions, including videos, images, source code, and Office files.

Once a computer has been infected with Locky Ransomware, the victim’s desktop screensaver is changed to display the ransom payment instructions. These instructions lead the victim to the dark web, where they can pay the ransom. Unfortunately there is not much that can be done other than paying this ransom, which is why it is important to take preventative measures, such as those listed at the end of this article.

Popcorn Time Ransomware

Of all of the current, popular malware out there, ransomware variant, ‘Popcorn Time,’ is among the newest and most evil of them all. This form of ransomware is named after, but not related to, the torrenting site of the same name and it is believed that this malware was created by a team of Computer Science students from Syria.

This variant takes its cue from movies like The Box and the Saw movie series in that it forces its victims to make a detrimental choice: infection of their own files, or their friends’. Once hit with the cyber-attack, the victim has seven days to determine whether her or she will pay the 1 bitcoin ransom, equivalent to about $780 currently, or pass it along to two ‘friends’ instead. If the victim decides to give up his or her comrades’ information, the malware is allegedly deleted from the initial computer entirely and it moves on to ask for payment from its new victims. Once the ransom has been paid by either the initial or secondary victim(s), they will get a decryption code; the victim has four tries to type in the code before his or her computer files are all deleted.

This ‘pass the buck’ payment method is what makes this malware variant so unique. It prompts victims with a moral question that might turn up surprising results when their backs are against the wall.

How to Avoid These Major Malware Threats

  • Avoid suspicious downloadsMalware infects computers primarily through the user clicking on a malicious link in an email or via a suspicious download. If you do not know the validity of a link, you should not click on it. This is a simple step that can go a long way when it comes to protecting your files.
  • Back up your filesIf you are unfortunate enough to be the victim of a malicious ransomware attack, you can avoid paying the criminals if all of your data is backed up to an external hard drive or some other source. The FBI advises victims of this crime to not pay the ransom, so as to discourage the hackers from doing the same thing again; they instead recommend that victims of the cyber-crime report the incident to the government agency so that they can hopefully track down these people.
  • Secure your IoT devicesWhen it comes to Mirai botnet malware in particular, it is important to secure your Internet-connected devices. Many of these devices come with a default password which you should change in order to make it harder for cyber-criminals to get to your data. Also, when at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use leaves it extremely vulnerable to use in an attack similar to that against Dyn DNS.
  • Don’t enable macros in documents received via emailMicrosoft itself turned off auto-execution of macros by default many years ago as a security measure. Many malware infections rely on persuading you to turn macros back on, so don’t avoid them by not enabling macros.
  • Keep your anti-virus & anti-malware updatedWhile backing up your data and avoiding sneaky sites or links is effective, preventing these malware from getting onto your computer in the first place is a key preventative measure in fighting malware. Keeping your computer’s anti-virus and anti-malware up-to-date is something simple you can do to protect against malware, and most even allow you to set automatic updates, so you rarely need to think about it at all.

Hailey R. Carlson | Axiom Cyber Solutions | 12/14/2016

Suspicious Images on Social Media Are Spreading Malware to Your Computer

Suspicious Images on Social Media Are Spreading Malware to Your Computer

Steganography, the practice of concealing a hidden message or other data in an otherwise legitimate- or innocent-looking image, is something that has been around since ancient Grecian times as a way to sneak information passed enemies without them realizing it.  Whereas in those days, the images were hidden in paintings, texts, and sculptures, today, they are ‘hidden’ on the Internet in plain sight all across social media in the form of malicious images.

ImageGate

Users of social media sites such as Facebook and LinkedIn are being infected by hackers who are embedding malicious code into image files that then deliver malware to innocent users’ computers in a new attack vector, jokingly refered to as ‘ImageGate.’ The attackers exploit a misconfiguration in security on the websites to deliberately force their victims to download the image file which begins its infection once the downloaded malicious file has been clicked on.

The company who has been conducting much of the research surrounding these malicious files is Israeli software technology company, Check Point. The company’s research team uncovered a few methods that could be fueling this new attack vector; Oded Vanunu, head of products vulnerability research at Check Point states, “Our primary finding is embedding an .HTA format into an image file (could be a JPEG too), which is relevant to all browsers. . . It can also be executed with a .SVG file that is embedded into Java Script.” A Scalable Vector Graphics, or .SVG, file is a fairly new file type that is very attractive to cyber-criminals. SVG is XML-based, meaning a criminal can embed any type of content they want – like malicious JavaScript code, as mentioned by Vanunu.

If a user does end up clicking on these files, the malicious image will direct them to a website that appears to be YouTube, however, its URL shows that it obviously is not a legitimate YouTube link. Once the page is loaded, the victim is prompted with a vicious Chrome extension pop-up in order to play the video that’s shown on the page. If the extension is installed, the attack is then spread further via Facebook Messenger and it sometimes even installs the Nemucod downloader, which ultimately delivers the Locky variant of ransomware.

Social Networks’ Comments

Facebook and LinkedIn, the primary sites that are affected by the malware- and ransomware-ridden images, have both commented on the issue:

Facebook representatives said:

“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform. In our investigation, we determined that these were not in fact installing Locky malware—rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties.”

LinkedIn also addressed ImageGate via a company spokesperson who said:

“We investigated this report and believe this method is not especially effective. . .While we have not found any exploitation of our platform using this vulnerability, we are taking additional steps to ensure our members are protected.”

How to Avoid Infection

Though it is apparent that social media sites are adamant that these threats are not a serious issue, many users have claimed ‘ImageGate’ has affected them personally. Regardless of whom you choose to believe, it is important to take any possible precautions you can in order to avoid attack.

  1. To avoid infection, social media users should avoid opening files that are downloaded as a result of clicking on an image, or that contain unusual file extensions such as .SVG, .SJ or .HTA. Some of these files are downloaded in the background, so users do not see them initially; this is why it is important to be cautious of these file extensions when clicking on any file that is on your computer, as it may have been lying dormant in the background without your knowledge or consent. The threat that ImageGate poses can only come to fruition if the user clicks on the malicious files, so avoid clicking on those at all costs.
  2. Be wary of messages you receive that are just an ‘image’ – especially if it is in a manner in which the sender would not usually behave. Many of the malicious images people claim to have Locky ransomware embedded in them have been sent through Facebook Messenger, not just images on users’ homepages.
  3. Stay up-to-date on your security measures when it comes to social media. Change your password often and take advantage of many sites’ two-factor authentication feature in order to better protect your accounts with minimal effort required on your end.
  4. Do not click on any suspicious-looking pop-up extensions such as the Chrome extension used to spread Locky ransomware. If something doesn’t look right about the image or the pop-up, there probably is something wrong with it. Trust your gut and avoid these malicious links.

Hailey R. Carlson | Axiom Cyber Solutions | 12/8/2016

All Aboard the Ransomware Express

All Aboard the Ransomware Express

Ransomware

Ransomware, an attack that has been around in some form or another since 1989, is one of the biggest cyber-crimes of 2016. Instances of this attack have quadrupled in number during 2016 from the same time period last year, and while some are hopeful that these rates will decrease in the coming year, ransomware has expanded its grasp to reach almost every industry out there. It’s latest target? Transportation networks. More precisely, San Francisco’s Municipal Transportation Agency.

The San Francisco Fiasco

San Francisco’s Municipal Transportation Agency (SFMTA), was hit last Saturday with ransomware. The attack actually began the night prior as SFMTA reported that agents’ computer screens displayed the message “You Hacked, ALL Data Encrypted.” These broken English displays and emails, received from a Yandex address, a Russian email provider, led the company to believe this attack was carried out by foreign hackers, however, they are not certain about that at this time. Whoever these hackers might have been, they requested payment of 100 bitcoin, equal to approximately $70,000, as ransom for the safe return of these encrypted files. However, the transportation agency took the FBI’s recent advice to those hit with ransomware and did not pay the ransom. Paul Rose, a SFMTA spokesman said, “We never considered paying the ransom. We have an IT team on staff who can fully restore all systems.”

 

Rose also stated that after investigating further, it has been determined that the hackers didn’t steal any financial records or other potentially damaging information about their customers or employees. This was extremely lucky for the transit system, as ransomware is often used to steal highly sensitive data from its victims. While there were disruptions to the system operations, in an attempt to avoid mass chaos, SFMTA decided to run their buses and light rail vehicles regardless, an added gift to riders of the ‘Muni Metro’ light rail as their fares were waived during this time. These free rides are, thankfully, the only major cost to the transit agency from this attack, and as of Monday, SFMTA was still trying to determine the magnitude of this financial damage.

Though San Francisco’s Municipal Transortation Agency was rather lucky despite having been hit by ransomware, this attack should be a wake up call for all transportation networks to amplify their cybersecurity measures.

Transportation Network Vulnerability

While San Francisco was fortunate in that this attack did not result in any disruption of their services, other transportation networks have not been so lucky. In 2008, a Polish hacker succeeded in derailing four vehicles after hacking into his local town’s transit system, injuring a dozen people, though thankfully killing no one. While not many cases of cyber-attack exist within the transportation world yet, the transportation industry is highly susceptible to attack, as is clear below in PhishMe’s 2016 Phishing Susceptibility and Resiliency report.

While cybersecurity can be an intimidating hurdle for any industry, it is especially important for companies like railways, whose entire operations would be derailed without the use of technology, to be strong in this area. As is true of every sector, there is no silver bullet to enhanced cybersecurity; multiple steps need to be taken in order to be strong against attack. By taking these simple steps, among others, transportation networks can be strong against cyber-criminals.

  • Educate employees– Computers were infected in the San Francisco ransomware attack because of employees clicking on malicious emails from hackers. Had the internal IT team who was able to recover the files on their own focused more of their efforts on preventative measures, such as educating the Agency’s employees on what factors indicate a phishing email, they would not have had to worry about the recovery aspect of this cyber crime at all. It may have even been avoided.
  • Have a recovery plan– Though all companies want to prevent an attack, having a backup plan is key in those cases where the cyber-crooks get through the cracks. As with overall cybersecurity, there is not one solution which will work every time for every company, but by speculating potential threats and developing customized plans of attack for each, companies can be prepared on the back end to recover data and get back to regular business operations as quickly and smoothly as possible.
  • Install and/or update hardware & software– You can never be too protected against attack, and it is important to protect your computers and their networks in as many ways as possible. By keeping up-to-date on softwares such as anti-viruses, as well as installing firewalls with Next-generation software, you can further protect both your employee and customer information.

By combining multiple, simple steps, cybersecurity becomes less threatening and much more manageable for companies across all industries. Implementing these tips as well as others and learning from similar networks’ security errors will result in transportation networks decreasing their vulnerability against attacks, such as ransomware.

Hailey R. Carlson | Axiom Cyber Solutions | 12/02/2016

SFMTA Image

Stay Safe While Shopping Online This Holiday Season

Stay Safe While Shopping Online This Holiday Season

Thanksgiving is not just a time to feast with family and friends any longer as Black Friday has poured over into the holiday preceding it, with some stores opening their doors for shopping as early as 3pm on Thursday, when most of us want to be eating some pumpkin pie. While Black Friday shoppers have already waited in lines overnight, approximately 50% of people are doing some part, if not all, of their Christmas shopping online, and this year it is expected that 13.3% more people will participate in online shopping than ever before. With Cyber Monday coming up on November 28th, there are sure to be millions of consumers purchasing gifts for their loved ones for the holiday season, but as the number of people shopping via the Internet grows, there comes an almost equal increase of cyber attacks as well.

While there are many cyber-crimes out there this time of year including phishing email scams and ransomware attempts, there are many precautions you can take in order to help prevent your information from being stolen. Here are some tips, some of which are also included in a previous Axiom blog post written by Shannon Wilkinson, on how to stay safe while shopping this holiday season:

1) Use credit cards instead of debit cards

We all remember the credit card hack that hit Target in 2013, and while it was detrimental to many shoppers of the massive chain, it did highlight the importance of being secure in your payment method. One very common recommendation I’ve seen to help avoid against significant financial distress if your information were to be compromised in a similar attack is to use your credit card. If your credit card data is used for something malicious without your knowledge, it’s easier to resolve issues with a credit card company than with your bank, so avoid using debit cards as much as you can. When in doubt, cash is always the safest bet.

If you do use one of your cards, take advantage of the possible updates you can receive, that way you can stay up to date on all of your account’s financial activity.

2) Be wary of ‘too good to be true’ deals, they probably are

A common tactic used by cyber-criminals is to lure you to their nefarious websites with deals that appear to be too good to be true. While most of us are aware of this, it is important to keep this in mind during the holiday season when searching for that one gift your loved one just can’t live without. If a deal seems too good to be true or you haven’t seen or heard of it being advertised elsewhere, it is likely, and unfortunately, a scam.

3) Only shop at retailers you know

By only purchasing items from retailers whose brands you recognize, such as Amazon or Best Buy, you can lessen the chance of your data being involved in a scam, as these big name stores likely have better cyber defenses that of less recognizable companies.

No matter which site you use, look for the secure ‘https’ and a lock symbol next to the link in your web browser, as these indicate that any purchase transacted on a particular website is secure. If you do deviate from known websites, take some time to research the validity of these sites to protect your information.

4) Do not give out any extra information

When signing up for a rewards card to add to your holiday shopping savings or giving your information to be entered to win a grand prize, never give out more information than is necessary. No company needs your social security number or other extremely personal information, so if they request it, do not provide it to them.

5) Keep your devices up-to-date

The first step to making sure that you are secure is to make sure that both your mobile (Phones, Tablets, etc) and computer are up-to-date with the latest patches to the operating systems and security software.

6) Be educated on cyber-crimes

Quite possibly the biggest cyber-crime that affects people around this time of year is phishing. Many people, especially after buying something from an online vendor, receive an malicious email. In these cases, customers might receive an email stating that their payment did not go through and their information needs to be re-entered in order to process the order. This is often times a cyber-criminal trying to get you to enter in your credit card information directly to their database. If you receive such an email, contact the company directly to find out if there is actually a legitimate issue with your order and to notify them of the scheme. This and many other fictitious emails have been flooding inboxes recently, so as consumers, we must be hyper-vigilant in protecting our data.

7) Stay updated on current threats

The best way to avoid a scam is to be knowledgeable about current cyber crimes threatening consumers such as yourself. A simple Google News search of ‘current holiday cyber attacks’ can keep you in the loop as to which scams you need to look out for. Likewise, if you find that you are the victim of a cyber crime, tell someone who can do something about it, such as the company who appears to be sending you legitimate information of their fake counterpart, in order to prevent others from being targeted. We are our best resources in the fight against online shopping criminals

While this season may be hectic at times, it is meant to be a time of happiness; avoiding malicious cyber attacks is extremely important in keeping your season full of cheer. Take these precautions to stay safe and if you feel unsure about a website or an email, trust your gut and don’t use that site.

Hailey Carlson | Axiom Cyber Solutions | 11/25/2016

Women in IT: Empowering Innovation

Women in IT: Empowering Innovation

Throughout history, women have been fighting for the ability to pursue their dreams and a major part in this pursuit has been the fight to be able to participate in the workforce. Women started heavily joining the workforce during 1954-1980; Currently, 57% of adult women are a part of the labor force, and that number continues to grow. While this shows great progress for women determined to have careers, the mathematical and technical industries are still heavily male-dominated.

One industry that many are aware of this gender gap is I.T., with women only making up a mere 26% of the available positions. This statistic is surprising because the cyber-world itself is struggling to fill positions with qualified individuals. By 2020, it is predicted that there will be 1.4 million jobs available in computing-related fields, however, U.S. graduates are on track to fill only 29% of those jobs, with women filling just 3%. Though this may seem disheartening, major companies like Apple, Google, and Microsoft are actively working to promote increases diversity in companies, as they recognize that the majority of workers in technology are white males. Studies show that hiring women in IT roles is beneficial to businesses, as tech companies with women in leadership positions have a 34% higher return on investment than their counterparts. This, coupled with the fact that 35% of young people interested in STEM (Science, Technology, Engineering, and Math) careers are girls, with that number growing increasingly each year, shows that there is hope for more women being a part of the future of technology.

shannon-wilkinson_las-vegas-woman-magazine-coverAxiom Cyber Solutions President, Shannon Wilkinson, is featured on the cover of the latest issue of Las Vegas Woman Magazine as being a woman of importance in the Las Vegas community, as a business owner, woman in IT, and as an example of a successful woman (read the full cover story here). In honor of her being both featured on the cover of Las Vegas Woman, as well as being an influential woman in IT, we decided to delve a little deeper into her experience in the technology world, what has aided in her success, and what she has to say to women with a similar career goal in mind.

How did you get into the IT field?

“The first time I used a computer was when I was in 5th grade and it was the beginning of my attraction to technology. My classroom received a donation of a computer and we were allowed to skip recess to use the computer and I spent many an afternoon waiting my turn to use the computer. Later in life, in college as I started to think about what I wanted to do as a career when I graduated, I realized that my idea of being a lawyer probably was not right for me and I should do something that I’ve always loved because I am a firm believer in the phrase “if you find a job you love, you’ll never work another day in your life” and the rest is history!”

 

What motivates you?

“I like to solve problems through the use of technology. America’s businesses are under constant attack by cybercriminals but for many, cybersecurity is a difficult and expensive endeavor. Through Axiom’s automated, intelligent, and innovative Threat Protection Platform that sits behind our firewalls, we are able to extend cybersecurity protection to all businesses that is easy to use and affordable.”

Do you find that you are treated the same as men in the industry?

“I personally have never felt any difference from being a female in the technology field. I’ve never accepted the idea that I couldn’t be successful in the technology field because I was female. I didn’t let the fact that I struggle with math due to numlexia (dyslexia of numbers) stop me from pursing a university degree that required advanced mathematics because that meant giving up on myself and my dreams.”

What woman/women inspire(s) you?

“Both my mom and step-mom (who I just call Mom as well) both have inspired me throughout my childhood and adult life. By watching them dedicate their lives to their careers, I gained a respect for hard-work and witnessed the power of confidence in self. It is through seeing them be successful in life that I learned that there is nothing that can hold me back except myself. I had to believe in me before anyone else would.

If I had to pick a historical figure, I would pick Eleanor Roosevelt as one of my favorite quotes comes from her. “No one can make you feel inferior without your permission.” Again, that speaks to me about having confidence and trust in yourself.”

What is your favorite part about your job?

“I enjoy trying to find new ways to solve old problems so in short, the innovation. Our ransomware algorithm arose out of a company discussion about how to help stop the rising flood of ransomware attacks that were crippling businesses. We knew that there had to be a better way to stop ransomware and it took about two days but we came up with a way to stop ransomware from activating through an algorithm that lives in each of our devices.”

What advice do you have to young women considering a career in an IT-related field?

“Don’t play into the nay-sayers that will tell you that your gender will somehow prevent you from being wildly successful. Believe in yourself and your abilities. If something is hard, work at it harder. Never give up on yourself.”

As you can see, Shannon Wilkinson and women such as herself can do anything they set their minds to, both within the IT world and beyond. Though statistics on women in technology may be intimidating, it is clear that with the right attitude, determination, and perseverance, your gender nor any other factor will stand in the way of your success. If you’re interested  in learning more about cybersecurity and what it takes to be in the field, please visit https://www.axiomcyber.com/.

Hailey R. Carlson | Axiom Cyber Solutions | 11/18/2016

IoT DDoS: Disrupting the Internet, One Device at a Time

IoT DDoS: Disrupting the Internet, One Device at a Time

The Internet of Things, a network of physical devices embedded with technology that enables them to collect and exchange data via the Internet, is one of technology’s most incredible advancements because it has been able to bring together millions of ‘smart devices’ in order to help us with things in our daily lives through items such as kitchen appliances, cameras, and cars. However, like many things that are connected to the Internet, these devices can have their helpful technology used for evil. IoT has been the vehicle for many cyber-crimes such as data breaches and ransomware, but more recently, IoT has been in the news for having fueled multiple distributed denial of service (DDoS) attacks.

A DDoS attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. Though this is usually done by a cyber-criminal taking over compromised computers referred to as “zombies” which are then used to send ‘bad traffic’ to the victim’s site, there is a new wave of this type of attack being fueled by IoT devices.

IoT-fueled DDoS attacks

One of the most noteworthy of these IoT DDoS attacks affected Domain Name System (DNS) provider, Dyn. On Friday, October 21st, Dyn, the DNS provider for major websites including Twitter, Netflix, Reddit, and Spotify, was attacked by one of the largest DDoS attacks to date. This takedown was facilitated by hundreds of thousands of hacked IoT devices from Web cams to routers. Similar to a common DDoS attack, once hijacked, these Internet-enabled devices are mobilized together to target all of their Web page requests at one target, in this case, it happened to be Dyn. This caused chaos and outrage on the Internet primarily because the websites it impacted, like Twitter and Reddit, have a massive amount of daily users. Though this is the most widely-known IoT-fueled DDoS attack so far, these attacks continue to occur at an alarming rate.

As recent as this morning, there have been reports on at least five Russian banks being hit by IoT-enabled DDoS attacks. Similar to the Dyn attack, unsecured IoT devices were used without owner knowledge and then colonized to target these banks and their websites. Kaspersky Lab has come out to say that the main cause of this attack was due to the fact that many of these devices were left with their default passwords, meaning that once a hacker got into one standard device, he gained access to all of them. This and a few other simple security steps could help us to be better protected against IoT-fueled DDoS attacks.

How to protect against IoT-fueled DDoS attacks

Many people found that in cases such as the Dyn DDoS attack, their IoT-enabled devices were being used in the attack without their consent or knowledge, and this is largely due to a lack of IoT device security. Here are some things you can do in order to help try and prevent your devices being used in the next IoT-fueled DDoS attack:

  • Turn off remote access to your devices when not in use, if possible–When at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use leaves it extremely vulnerable to use in an attack similar to that against Dyn DNS.
  • Change all device passwords from the default–As mentioned above about the recent Russian bank attack, this is another simple step that can be taken in order to make it that much harder for attackers to gain access to your devices. Change your passwords to something hard to guess rather than leaving them vulnerable by using the same, basic passwords that came installed on your devices when you bought them. This is likely the same password used on similar devices, and using such passwords make these devices easier to hack.
  • Update your systems early and often–Stay on top of your system updates so that your network is well-protected. Activate fully automatic updates if it is hard for you to remember to update frequently, this way, you will never be behind in securing your devices.

Stay Secure, America

Axiom Cyber Solutions has been selected as one of the 20 Most Promising DDoS Solutions of 2016 for being able to mitigate the most amount of DDoS attack in a single 1U appliance by CIOReview Magazine. To learn more about our DDoS mitigation services and how you can secure your business by staying ahead of cyber-attacks, please contact us at https://www.axiomcyber.com or by phone at 1 (800) 519-5070 today!

Hailey R. Carlson | Axiom Cyber Solutions | 11/11/2016