Author Archives: Hailey Carlson

Scammers Go for Gold: Rio 2016 Olympics Cybersecurity

As the Olympics draw to a close this coming Sunday, we can reflect on these two weeks full of the sport, glory, and friendly competition that the Games are meant to bring to the world stage. However, this year’s Olympics in Rio De Janeiro have also been riddled with security threats. Be it participants & journalists being robbed at gun point when venturing outside of the Village at night, terrorist threats, or multiple limbs washing ashore on Rio beaches—these Olympics have been full of terrifying surprises. But one of the greatest dangers facing the Games that does not get as much attention is cybersecurity. Any event that is presented on such a grand scale attracts not only millions of spectators, but hackers as well—and none are quite as famous as the Olympics.

“Cyber intelligence companies and western government officials warn that the two-week sporting festival, which began last Friday, could lead to some of the highest levels of cybercriminal activity in years.” — Financial Times

Phishing

Brazil is known for having one of the weakest cybersecurity defenses year round, so having the public eye completely focused on them means a challenge for cyber experts in the country and across the globe. The biggest cyber threat facing people in Brazil and around the world is phishing. In fact, Kaspersky Lab has seen an 83% jump in phishing attempts surrounding the months leading up to and weeks during the Olympics. Scammers are doing this by buying low-cost SSL certificates to make their fake websites appear authentic and trustworthy by using domains that include “Rio” or “Rio2016” and many are using these malicious URLs as a delivery method for ransomware.

Many of these phishing scams include fake ad banners that have similar logos to the Official Rio 2016 sign. Some make bogus promises like the recipient of the email has won an all-expenses paid trip down to Rio for the Games in a lottery-style announcement, while still others claim to be selling magic pills that would allow the user to become an “Olympic-level Athlete.” While these situations are ridiculous and even laughable, far too often, people click on the links only to find those hopes have been squashed.

How to avoid: The best way to avoid being caught in a phishing/ransomware scam is to not click on any email or links sent to you by people you do now personally know. If you do decide to click on a link, make sure that it has the secure “https” in front of the web address in order to ensure its validity. If an email from a random person seems too good to be true, it likely is.

Fake Rio 2016 Apps

In addition to the email phishing scams surrounding the Olympics, the Rio 2016 app—meant to keep fans and spectators up-to-date on things like breaking news and medal count per country—has 4,500 copycat versions across Android and iOS platforms that are malicious and could potentially put your smart phone at risk. Many attempt to take over the infected phone or the victim’s social media accounts and some steal data right off of the smartphone itself. If a victim had sensitive information on her phone such as banking information, this would have been an even greater loss all because of a malicious app download.

How to avoid: The best way to avoid this is only downloading apps from trusted sources and not third-party app download providers. Of course you want to stay updated on just how many medals Simone Biles or Michael Phelps have won, but by using the legitimate Rio 2016 app, you can feel more assured that your phone is not compromised in the process.

Tourist Cyber Threats

Now, for those who decided to make the once-in-a-lifetime trip down to Brazil to witness the Games in person, there are many different, targeted threats that you may be facing. Bank fraud, insecure Wi-Fi, and stolen electronics are among the biggest threats to tourists at the Summer Games this year. Here are some tips for avoiding these in-person cyber threats:

How to avoid:

Don’t use insecure Wi-Fi—Especially for sensitive professional or personal information, using unsecured Wi-Fi connections could result in your data being compromised and possibly stolen. Use this time for vacation and not work so as to protect your employer and the company you work for.
Keep your electronic devices with you at all times while traveling—Our mobile devices have so much personal information on them now, so by keeping them on our person or somewhere else where we know they will be safe, we can lessen our chances of data being stolen in that way.
Do not give out your information to anyone who does not need it—Banking, personal, and other information could be dangerous if they fell into the wrong hands. Make sure you do not give any of this out to people who are not required to have access to it. Giving out your bank information specifically, is a surefire way to get your accounts wiped out or other information linked to them stolen or compromised.
Monitor your bank accounts while abroad—Though you should always monitor this information, when travelling it is especially important to be aware of when your money is going. If something looks fishy, notify your bank immediately. When in doubt, exchange your money for the local currency so as to further protect your bank accounts.
Keep your passport close and other IDs close—Though this has less to do with cybersecurity and more personal security, in addition to bank fraud, your passport in the hands of a criminal makes it that much easier for your identity to be stolen. By keeping your passport safe, you’re protecting yourself in the long run as well.

The Olympics are meant to promote unity across nations through friendly competition, but hackers will always view global events such as this as huge targets for attack. By being informed and informing others of potential risks, we can help protect against these threats and enjoy the Games as they were meant to be enjoyed.

Hailey Carlson | Axiom Cyber Solutions | 8/18/2016

Image Source

Why is HIPAA Data so Valuable to Hackers?

15 August 2016
by: Hailey Carlson
in: Cybersecurity,Data Breach
Tags: cybersecurity, data breach, Healthcare
note: no comments

One of the few things that we all have in common is that we need to take some degree of care when it comes to our health. Healthcare providers—like doctors, dentists, nurses, and more—are there for us to take advantage of their extremely vital services in order to keep up with all aspects of our health. In order to properly know our healthcare needs, these providers need to have some pretty sensitive information about every one of us. But what if that very sensitive information was stolen by cybercriminals with plans to distribute it across the dark web? That’s exactly what could happen when healthcare providers fall victim to a data breach.

Figure 1: Total HIPAA Compliance’s List of 2015 Healthcare Data Breaches

In 2015, the healthcare industry saw more data breaches than any other industry—you can see some of the biggest breaches in Figure 1 above—and data breaches have cost the healthcare industry upwards of $6.2 billion over the last two years. Hackers and cybercriminals target healthcare providers because of the valuable information they have on their patients, often referred to as protected health information (PHI), personally identifiable information (PII), or HIPAA data. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the goal of protecting this PHI data and is a regulatory standard across the healthcare industry to this date.

Data protected by HIPAA includes health status, provision of health care, or payment for health care that can be linked to a specific individual. This data is valuable to healthcare providers because it is individually identifiable health information related to the patient’s past, present, and future medical conditions—this means it helps the doctor or dentist to make informed decisions about what their patient’s needs are and what means of medical attention are necessary to address these requirements. This is the good side of HIPAA data. However, hackers want this information just as much as healthcare providers, but for a few different reasons.

HIPAA data is attractive to hackers and other cybercriminals because it is one of the biggest gateways into stealing a person’s identity. Even more than credit card information, medical data is the easiest way to steal a person’s identity because of the sheer amount of information that is readily available. Medical records include sensitive information like patients’ full names, social security numbers, credit card numbers, signatures, and more—everything a malicious person would need to steal a person’s identity, or in the case of a data breach, multiple people’s identities. Unlike credit card-induced identity theft, ID theft via stolen medical records does not show up as quickly as credit card fraud. In addition to this fact, healthcare information sells online for ten times that of credit card data.

In addition to stealing identities, hackers can utilize HIPAA data that is stolen in health insurance and Medicare fraud. Dark web users who buy full medical files could use patient numbers with false provider numbers to file fraudulent claims with payers. When they do this, the victim does not know about the fraud because bills are being sent to his medical provider without his knowledge and the insurance provider does not know that he is not the one filing.

With all of this information needed by healthcare providers, it is their duty to their patients to protect this data. Here are a few ways healthcare providers can protect their PHI from data breaches and attack:

Educate staff members—Education is key in all aspects of life, but protecting data is one of the biggest areas where education is required. When staff members know what is and is not HIPAA data, they can take the necessary amount of care in keeping that data safe. Phishing is one of the main ways hackers get into hospitals’ networks, so informing employees of things to look for that could potentially be malicious is vital when it comes to securing your information.
Consider Encryption—Be sure to encrypt both your hard drive and any electronic communication that you can. When hackers have to work harder to get your data, they are likely to skip you and move onto the next, more vulnerable victim.
Protect your network—Having multiple stages of protection is key to keeping your PHI and HIPAA data secure. This includes wired networks, wireless networks, and connected medical devices via IoT. One of the best ways to do this is by installing a next-generation firewall. Axiom Cyber Solutions offers its SecureAmerica® Firewall as well as HIPAA compliance help as a partner to those healthcare providers that need to be HIPAA Compliant.

It is important to secure your networks in any industry, but it is even more crucial in those industries where real customers and clients could be compromised in the event of a breach of security. Healthcare has faced many hurdles in cybersecurity recently, but hopefully by creating multiple barriers for hackers to overcome, the industry will see a turn for a safer, more secure environment.

Hailey Carlson | Axiom Cyber Solutions | 8/15/2016

Image Source

IoT: The Internet of Things, or the Insecurity of Things?

Everything is connected in 2016, it seems. What many people do not know is that this connectivity of everything through the internet is called IoT, or the Internet of Things. Any device connected to the internet is considered an IoT device. There are the connected things you’d expect like smartphones, tablets, laptops, and even gaming consoles, but there are somewhat less conventional devices as well. These are the things that a few years ago, we’d never have imagined would be connected to the internet—like cars, drones, solar panels, toys, and more—anything made with built-in Wi-Fi capabilities and sensors is a part of the IoT.

Cars

While it is amazing that so many things are now connected via IoT, this also means that all of these devices are vulnerable to hackers. For example, vehicles have become a big target by cyber-criminals recently because many newly released cars have on-board Wi-Fi.

Last year, Charlie Miller and Chris Valasek were able to remotely hack into a Jeep Cherokee’s entertainment system which allowed them access to dashboard functions, steering, brakes, and transmission—all while it was going 70 mph. Hackers were even able to hijack a big rig’s accelerator and brakes just last month!

In addition to on-board Wi-Fi, automotive leaders and innovators like Tesla have implemented an autopilot feature on their newest Tesla S model. While this is an amazing feat that gives us some insight into the future of transportation, in May of this year, a Tesla S in autopilot mode failed to detect, and consequently ended up cutting off, a tractor-trailer, running it off of the road and killing the driver. Though this was of course accidental, researchers at universities in South Carolina and China have found that they could trick the car’s autopilot sensors into thinking objects were present when they weren’t or made them fail to sense real objects that were there. Were they malevolent, they could have caused accidents that could have killed several people. This is why IoT security is so important.

Solar Panels

At this week’s BlackHat conference in Las Vegas, experts plan to discuss the growing security threats to IoT. Security researcher, Frederic Bret-Mounet, scheduled to speak on Friday, has been able to hack into his own solar panels.

Had he been malicious, Bret-Mounet realized that he could have overheated the panels to the point of being knocked offline—or worse, installed spyware which could have watched and listened to all that he and his family did in the privacy of his own home. This is something many people would not expect needed protection because they are unaware of the cloud connectivity of these devices.

Medical Equipment

As scary as it might be to think of your car, big rig, solar panels, or toys being hacked, it is even more terrifying to think of what malicious people might do to connected medical equipment. A Kaspersky lab researcher found that he was able to hack into a hospital’s Wi-Fi and utilize that connection to get into an MRI machine. “It was scary because it was really easy,” he explained. He goes on to say how a hacker could have changed a person in the hospital’s system to be categorized as ‘well’ when they are in fact still very ill, or vice versa. The fact that human being would do this is reprehensible, but that fact remains that the IoT of the medical devices on poorly-secured networks is leaving people not only vulnerable to cyber-attack, but could have fatal, life-changing consequences as well.

Protecting your IoT devices

While IoT security threats can be intimidating as they threaten every Wi-Fi enabled aspect of our lives, there are still a few things we can do in our own lives to help better protect against such attacks:

Do your research before purchasing IoT products—Many people just buy what looks nicest or is most affordable when it comes to buying a new item with a variety of different options to choose from; however, when it comes to buying an IoT product, looking into the security or lack thereof in a product could be the difference in having peace of mind or worrying about your family’s household security.

Video baby monitors are a big concern in this area. These sorts of monitors are gaining popularity because they allow parents to watch their babies from almost anywhere to make sure they’re getting a good night’s sleep. But if this monitor were to be insecure, hackers—or worse, predators—could potentially watch or even talk to your baby. This is why it is so important to make sure that the IoT devices you are buying are secure.

Do not use the default settings—Though this might take some more time than some like to put into their new product purchase, changing from the basic, factory-installed default settings makes it harder for hackers to get into your IoT products. Simple steps like these could mean the difference between being secure or being hacked.

Use secure Wi-Fi connections—Free, public Wi-Fi, though convenient, is rarely properly-secured. Using your IoT devices on this kind of network could result in higher likelihood of cyber-attack.

Turn off your devices when not in use—Devices that are allowed to run all the time, even while no one is using them, not only drains their battery lives, but can result in an insecure connection for hackers to be able to attack. This is one of the easiest steps a person can take, and yet it is one that is often overlooked. If your device works without an internet connection as well, simply disconnecting it from the internet when those features are not needed can do the same thing for your IoT security.

Password protect anything and everything you can—Though passwords are not the only line of defense which should be taken in securing your IoT devices, adding in this extra security step makes hacking into your devices that much more difficult.

The Internet of Things has connected so many new and unique devices, but it has also exposed them to a myriad of new attacks. Staying informed on the latest IoT news and what hackers are coming up with are some of your greatest defenses in cybersecurity. To find out more about how to protect the things you hold near and dear, contact us at https://axiomcyber.com/ or (800) 519-5070.

Hailey Carlson | Axiom Cyber Solutions | 8/5/2016

Image Source

My Internship with Axiom Cyber Solutions

Axiom Cyber Solutions is a Las Vegas-based managed cybersecurity company that aims to provide simple solutions to major problems for small to medium sized businesses and beyond to help them fight back against cyber-criminals. At least, this is what they’ll tell you when you first meet Troy, Shannon, or anyone else on the Axiom team—but this is only part of their story. Yes, Axiom is a company that provides high quality cybersecurity to those who need it most—small businesses—but I’ve learned over the duration of my internship that they are so much more than that. The best way for me to explain is to tell you about all of the people who impact and are impacted by Axiom:

The Employees

The saying goes “A company is only as good as its people”—if this is true, then Axiom is golden. Though there are only a few of them, the Axiom staff is comprised of some of the hardest working, dedicated people you’d ever hope to meet. Working for a start-up has its challenges, but you’d never know that looking at the faces of these employees. From talking to Jade upon your arrival at our offices, to discussing the intricacies of the technology with Adam, Axiom team members are friendly people who only want to help you.

A lot of young professionals seek a company with a distinct, welcoming culture to start their careers, and you’ll find exactly that at Axiom Cyber Solutions. Though we all have our own space in our own offices, everyone’s door is always open for questions or advice. Something I’ve really enjoyed is being able to collaborate with so many different minds on various projects, and the team atmosphere is extremely strong within Axiom.

The Customers

A company may only be as good as its people, but companies would be obsolete without their customers. From a local indoor playground run by an awesome couple (just like Troy and Shannon) to exciting casinos in downtown Las Vegas, Axiom has a wide range of customers whom they work diligently to keep happy and protect. These customers are people who recognize the growing threats of cyber-crimes like ransomware and DDoS and know that they want high quality, cutting edge protection from them—for a price that fits their budgets.

The Community

In my ten weeks in Las Vegas working as an intern for Axiom, I probably encountered most of the local, small business owners and professionals from the numerous networking events I experienced. Something that I really admire about Axiom is their commitment to being involved in the local Las-Vegas community as well as communities across the country. Not only have they helped several companies do things like pay their ransom for ransomware attacks, replaced hacked PBX systems with secure ones, and mitigate DDoS attacks on a company’s opening day, but you can tell that they genuinely care about the people they help protect by the ways they interact with their clients. Axiom cares about people’s data and protecting the community that surrounds them is their superpower.

The Families

Axiom is not only a family of employees and customers, but we are a part of each other’s families as well. Troy and Shannon Wilkinson are the CEO and President of Axiom Cyber Solutions, but they are also the proud parents of three sweet girls—Mackenzie (5), Kayleigh (3), and Abigail (2). Both Troy and Shannon’s mothers come into the office regularly to talk with the employees and even sit in on a meeting or two while the girls will come and draw pictures on office windows to brighten everyone’s day. It is clear that the Wilkinsons eat, sleep, and breathe Axiom.

But Axiom is not just about the Wilkinson family—they care about other employees’ families as well. Be it going to birthdays, barbecues, or baptisms, you can see that Axiom is a family of families.

I have learned so much from the two months I’ve been an intern here. From having to google what the heck ransomware was on my first day to being able to explain different variants of it to friends and family, I’ve come a long way in my knowledge of cybersecurity. But I’ve learned more than just what different cyber-threats are or how to program a firewall—I’ve learned things like how to network, what it means to be a part of a team, what it feels like to be proud of your finished product, and how you’ll never know something unless you ask. Of course, there is so much more for me to learn, but I am happy that I started my professional career with Axiom Cyber Solutions. This is a place that, to me, will always feel like home.

Hailey Carlson, Axiom Cyber Solutions 7/22/2016

Phone System Security: What to do When Hackers Come Calling

Most everyone is aware that hackers are trying relentlessly every day to get into your company’s private network so they can steal your and your customers’ important data that would be harmful to your company if it were to fall into the wrong hands. But something most people are not aware of is the fact that phone systems are incredibly vulnerable to attack—and they can be a hacker’s fastest link into your private network.

PBXs, or private branch exchanges, are phone systems that allow for communication out of and across a large number of phones in a single organization. Companies have made a turn toward digital IP PBXs over traditional Analog systems because it is easier for them to have everything—computers and telephones—connected in one network. Analog PBXs only provide telephone services, requiring the company to find their own provider to deliver a separate connection to the internet; however, with IP PBXs both internet and phone are connected and come into the company from the same provider via one wire—making things more connected and easier to use for the company.

Unified Messaging

Along with the increased connectivity between telephone and private networks, there are some additional advantages to choosing an IP PBX including lower costs both upfront and for traditionally expensive calls, as well as increased ease-of-use and accessibility for employees via unified messaging. Unified messaging, or unified communication, simplifies and connects all forms of communication—text, voicemail, email, video conference, fax, etc.—and allows them to be handled in a single mailbox that the user can access from anywhere. This can be via an app that allows you to check your voicemail remotely, or via an email attachment with a soundbite of the voicemail. This allows users to be connected to their office telephones from anywhere.

However, with all of this network connectivity, there are some potential drawbacks as PBXs are among some of the most vulnerable office equipment out there.

Threats to your PBX

Many people are unware of the vulnerabilities that their phone systems pose to their company and consequently, these people leave their phones unprotected—and hackers are well aware of this knowledge deficit. Criminals can ring up a huge phone bill by making unapproved domestic and international calls, costing your business big bucks if gone undetected—and that’s just the minor threat PBX hacking can pose!

With the vulnerabilities of unprotected IP PBX phone systems, it raises the question—if my private network and my phone network are connected, wouldn’t it be easy for hackers to get into a private network via the connected, weakly-protected phone system? The short and simple answer is yes.

The greatest and most dangerous threat to your company is when hackers use your vulnerable phone system to hack into your private network—where you store your customer, employee, and financial data, among other vital things. This is the information computer hackers long to take from every company that they can, and weakly protected phone systems are the best direct channels to getting that information from your business.

Protecting your PBX

Though the revelation of yet another point of entry for hackers into your business might be pretty disconcerting, there are some simple defenses you can put in place in order to better protect your company’s PBX system and consequently all of your sensitive data.

Use strong authorization codes or passwords. Each phone and/or user should have their own individualized login and password in order to strengthen the security of the PBX. Many providers of PBX systems leave user passwords at their default settings or simply make them something easy to guess like the user’s birth date or extension number, thus leaving the door wide open for hackers to easily guess and check in order to infiltrate the system. Use of complex, hard to guess authentication codes/passwords is a simple step that allows for less risk to threaten your phone system security.
Delete or deactivate unused accounts. Say an employee leaves your company for whatever reason, her phone’s inactive voicemail box is now an unmonitored entry point for hackers to sneak into your company through your phone system. Deleting extra passageways for hackers takes little time to accomplish and can be a major benefit to your company’s cybersecurity.
Frequently check your outgoing voicemail to ensure that it is in fact your voicemail message. One way hackers ring up your phone bill is by changing your outgoing voicemail message to something like “Yes, I will accept the charges,” then the hacker collect calls this compromised number, charging it on the company’s dime. By not only checking, but changing your voicemail regularly, you can prevent this type of threat to your company. Though this is more of a minor threat, you could save your business thousands of dollars in phone bills by checking something as simple as your outgoing message.
Restrict or monitor certain types of phone calls made to/by your phones. Consider restricting international or long distance calling destinations if your company does not require contact with them regularly. You can set this up either directly into your phone system, or by having your provider notify you of attempts of this kind.
Use Firewalls to protect your data. By having your phone system shielded by a strong firewall, you are providing your company’s phone system with the best possible defense. Intrusion detection will notify you of any attempts or breaches to your phone system and is a key feature this firewall should have; a next-generation firewall will be the toughest one for a hacker to attack.
- Axiom provides a PBX system that has a built-in firewall and we encourage our users to put an additional Axiom SecureAmerica® Next-Generation Firewall in front of that in order to protect your phone system two-fold. Learn more about Axiom’s PBX from our CEO, Troy Wilkinson, here.

Though an unexpected route for hackers to take, securing your phone system is not only key to keeping calls and other means of communication safe from attack, but your private networks and all of the dignified information they store as well.

If you’d like to find out more about securing your phone system or private network, give us a call at (800) 519-5070 or visit our website at https://axiomcyber.com/ to speak with one of our IT experts.

Hailey R. Carlson, Marketing Inter, Axiom Cyber Solutions 7/21/2016

Image Source

Cybersecurity in Gaming: DDoS & Hacking Threats

Cyber-threats plague our society today in every area of our lives that involves technology. Be it work, school, or play, we are always surrounded by technology that could potentially be hacked or attacked at any moment, leaving us vulnerable. One of the industries where protecting against these cyber-threats has been an issue for many years is gaming—and with Pokémon Go all over the news this week, there is no better time to address cybersecurity in the gaming world.

Smartphone threats, ‘Gotta catch em all’

Pokémon Go is all people have been able to talk about recently—with over 7.5 million downloads in the U.S. alone within its first week of launch, the game is wildly successful and obviously entertaining. But with its emergence as one of the first augmented reality games for your smartphone, it has exposed users to a herd of cyber threats because of the full level of permissions it has been asking of users who sign up with their Google accounts. Not only that, but with “Pokémon Masters” sharing their location in order to play with and battle other users, this is the biggest database of people’s current locations created from a game. Thankfully, Pokémon has released a patch in an app update to lessen the amount of permissions they can access to just your Google user ID and email address. However, prior to this fix, they were privy to all of the information listed in Figure 1 below.

Figure 1: Pokémon Go Permissions before 7/12/16 patch via Inverse

Though the company may have had no intentions of using this information in a malicious way, had a hacker gotten into the app on your phone or through the Pokémon Go servers, they could have used all of this information to their advantage. This is one of the issues with gaming on smartphones—you must be careful of the permissions you allow otherwise you could be a victim without even knowing it.

Online and Console Gaming, A DDoS minefield

Cyber-threats are not only prevalent in the smartphone gaming world, but they are also rampant in online and console gaming as well. While these segments face many threats, but two of the biggest threats are DDoS and hacking. DDoS, or distributed-denial-of-service, attacks occur when massive numbers of corrupted systems attack a single target. These malicious sources flood the target with bad traffic, preventing (or denying) service to the site for genuine, honest users. DDoS can also include denying service via wiping out entire databases full of user information or attempting to change a user’s password too many times, thus locking him or her out. The primary way it affects video games is by overloading the servers with malicious traffic, thus bringing them down, making them inoperable. As you can see below in Figure 2, in the first quarter of 2016, the overwhelming majority of DDoS attacks across the internet were targeted at the gaming industry.

Figure 2: First Quarter 2016 DDoS Report by Industry via Statista

While these are shocking numbers, this is nothing new for the gaming world. Online and console games have been the primary targets for gaming DDoS attacks for years.

Earlier this year, well-known DDoS attack group, Lizard Squad, launched an attack on World of Warcraft and Diablo III online game provider, Blizzard. Servers were down for several hours leaving players restless and angry. DDoS is a cyber-crime that is easy to commit and difficult to combat, so getting their servers up and running again took much time and effort on Blizzard’s end.

Lizard Squad also led DDoS attacks on Christmas two years ago that affected both Microsoft and Sony, providers for Xbox and Play Station consoles respectively. Lizard Squad warned of the attack in the months leading up to the holiday—tauntingly asking how ‘Live’ and ‘PSN’ (the games’ online networks) were doing. It is difficult to fight these kinds of attacks because having traffic come from so many locations, especially with people the massive amounts of people who received the consoles as gifts for Christmas all logging on around the same time as the attackers, to weed out the good traffic from the bad.

Hackers: threatening your phone, laptop, and console

In addition to DDoS attacks, all platforms of gaming are threatened daily by hackers. Late last year, Steam, one of the world’s most powerful online gaming companies, admitted that 77,000 of its players’ accounts were hacked every month.

One of the scariest aspects of hacking is the information that hackers are able to take. PII is readily available because these users provide so much personal information just to sign up and play; so when game systems are attacked, users’ data is vulnerable to being stolen and possibly even sold on the internet. These players include people of all ages, so parents of young gamers should talk with their children about the amount of information they provide when registering for different games they play.

Many games ask for sensitive information such as a birth date, home address, and credit card information. Unless the game is specified for a specific age level (i.e. “Rated M for mature”) then they should not need your birthday information. Having access to your home address could lead malicious cyber-criminals to your right to your front door, exposing you to some serious physical trouble in the real world. And the only reason a credit card number should be needed is if you’re paying to play that game—though some ask for it even though they’re “not going to bill you anything.” This information should not be given out carelessly because, should it fall into the wrong hands, it could be detrimental to your personal cybersecurity—possibly even leading to hackers using this information to steal your identity.

Gaming Cybersecurity, Be careful where you download

Nobody who loves gaming will stop just because there are threats to the industry; however, by taking steps to personally protect yourself as well as being aware of what dangers are out there, you can better enhance your own personal cybersecurity.

Though all aspects of cybersecurity require layers of protection, many of the threats that gamers face are caused by the gaming platforms they use, and there is little they can do personally to defend against attack. The best way for players to protect themselves is by only downloading legitimate games from trusted sources. If you are unsure about the security and validity of a game, you should not download it. Downloading mobile games form third party providers can leave your smartphone vulnerable to attack and the same goes for computer downloads negatively affecting your laptop. While it is slightly more difficult to download games freely on consoles like Play Station and Xbox, it is still possible. The best way to prevent a malicious game from infecting your device is by only downloading legitimate, verified games.

Hailey Carlson, Marketing Intern, Axiom Cyber Solutions 7/15/2016

Image Source

Beware: Pokémon Security Vulnerability Allows Access to User’s Entire Google Account

LAS VEGAS— With over 7.5 million downloads since launch on July 6, 2016, Pokémon Go is a wildly popular game but Axiom Cyber Solutions wants to warn users of the security risks of the app connected to user’s Google accounts.

Currently, the app offers the option to connect with a Pokémon Trainer Club account or a Google Account. A large percentage of users are choosing to connect with their Google account, not knowing that they are giving the app permission to their entire Google account including documents and photos to email messages and search history, and even items stored in the cloud. A patch is being worked on by the app developers to restrict the app permissions to only basic Google information and the developers insist that so far the app has only accessed basic information, there is still a risk to users.

Ahead of the patch, users can restrict access to their Google account information through their Google Account. To change the app permissions, go to “My Account” on Google (https://myaccount.google.com/) and navigate to “Connected Apps and Sites”. Select “Manage Apps” and then on the Pokémon Go app, and select “Remove Access”.

Android users must also be wary of third-party download sites that are offering malware-infected versions of the app. Security research firm Proofpoint has found a version available from a third-party site that was packaged with a remote-access Trojan (RAT) which would give a hacker full control over the phone once activated.

Image Source

Smartphone Security—Who’s watching you while you’re taking selfies?

A man told me the other day that he had a “near-death” experience—was it a close call at a red light, a bit of rougher-than-usual turbulence on an airplane, or even swimming in shark-infested waters? Nope. He forgot his phone in a meeting right before the business closed for the day.

While the statement is a bit melodramatic on the surface, the sentiment is probably true for the greater majority of us—we can’t live without our smartphones. They give us information on breaking news and the weather, provide us with entertainment, and allow us to stay in contact with loved ones from anywhere. Smartphones are great.

But with the wealth of information we store on these little pocket-sized computers, they are perfect targets for hackers looking to find out any information about us. Between logging into emails, bank accounts, and even having your card information stored via a virtual wallet app, if hackers got their hands on your smartphone, they’d have access into your entire world with the ability to wreak havoc as they pleased.

Recently, smartphones have become the new target for hackers over PCs which have less personal information stored on them. This is bad news for the 68+% of US adults who own smartphones—not to mention the massive amount of children and teenagers under the age of 18 who use these devices as well.

When your phone falls into the wrong hands, it can mean the end of your personal cybersecurity, and with innovations in technology, hackers are not only able to hack into phones in their physical possession, but they can also get into them remotely without you even knowing it. They can even hold your phone and everything on it hostage. With such dauntingly increasing threats to your phone, it is important to educate yourself on the threats facing yourself and other smartphone users today.

Hacking

The top two smartphone producers today are Apple and Android. Android is credited for having an open and adaptable operating system where users can easily create and add their own applications—but with such an open OS, this leaves them severely vulnerable to hackers even with their rigorous app regulations and checks.

One student was able to include a 1-pixel x 1-pixel preview screen in his Google Play store app that allowed him to have access to the camera on a smartphone without the user’s knowledge, even when the screen was turned off. He did this to prove just how easy it is for hackers to be able to get into your smartphone undetected. Were he a malicious person, he could have hacked into any user’s camera on a phone that had this app, and taken intrusive snapshots of them throughout their daily lives. The creator of this app said that the fact that his app worked so well and the camera was operational without notifying the user was “scary” and “inexcusable.”

Though only the Android users might be worried up to this point, iPhone users, don’t be fooled—though Android phones have been the most vulnerable in the past, new malwares such as XCodeGhost are increasing at terrifying rates, making you just as vulnerable as your Android-loving friends.

Ransomware

Many people are worried about hackers looking at them through their phones, but something just as scary has been on the rise in cyber-crimes targeting smartphones. Ransomware, the cybercrime poster child of 2016, has increased in smartphone attacks 400% over the past year.

Hackers get into your phone via malicious apps or fictitious pop-ups and lock you out from your phone entirely until you pay up. Sometimes even when you do pay, these cyber-criminals still won’t allow you to regain access to your phone. Four major groups—Small, Fusob, Pletor, and Svpeng—made up 90% of these ransomware attacks in one year, and it is terrifying that there are so many people being affected—4 million US Android users last year alone—by such a small number of hackers.

What you can do to protect yourself

Between hacking into your phone to undetectably control your camera and taking your smartphone hostage, it is safe to say that we all need to start taking action to protect our phones and the sensitive information we store on them. Here are a few ways to strengthen your smartphone security:

Only download apps from the Google Play or iOS App Stores—When you stray from legitimate, well-checked applications, you leave your phone vulnerable to attack and downloading seedy or unreliable apps is one of the quickest ways to make your phone a target from cyber-criminals.
Be wary of what permissions apps request access to on your phone—Especially if you do stray from the approved app stores for whatever reason, be careful of which permissions different applications are asking your approval. For example, a legitimate weather app probably doesn’t need access to your microphone or camera and could be a red flag.
Download a smartphone antivirus—Taking multiple steps in your personal cybersecurity is key to staying protected. When you have an antivirus on your phone as well as on all computers and other devices you connect your phone to, you are further strengthening the security of your important information.
Educate yourself and others on the importance of personal cybersecurity and current threats—When you learn of some new ransomware or malicious application, tell someone—tell everyone for that matter. The majority of us have smartphones, so it is likely that you can help not only yourself but your friends and family members as well. Staying up to date on what the hackers are trying to do to steal your information is the best way to stay ahead of them.

Smartphone cybersecurity is one of the newest security challenges we are facing today. Smartphones are still evolving and being developed to centralize our data and make life easier for us—but because this can also make it easier for hackers to get into your phone and steal your information, it is important to get and stay protected.

Hailey Carlson, Marketing Intern, Axiom Cyber Solutions 7/6/2016

Image Source

5 Ways to Protect Yourself Against Sextortion

With texting, social media direct messaging, and apps like Snapchat—a mobile app where one person can send a photo to another that will “self-destruct” in a maximum of 10 seconds—it is easy to see how sexting has pushed its way to the forefront of technology-based communication. However, what if the person you’re messaging or snapping with isn’t who you think it is? What could the personal, intimate image you’re sending to your significant other mean if it fell into the wrong hands? When malicious people get their hands on these types of images, they can use them to extort more compromising images or demand payment with the threat of sending the existing images they have to your friends, family, or coworkers—this is the sexual-cybercrime known as sextortion.

Sextortion occurs when malicious online users obtain compromising images, usually posing as a young person who the victim may or may not think they know, or by hacking into a person’s webcam, which they then use to extort more compromising pictures or videos from the victim or sometimes even monetary payment with the threat of distributing the photos on the internet if the victim does not comply.

There are an expected 6,000+ cases of sextortion, many of which are not reported due to victims’ fear of their attackers exposing their intimate moments to the internet. The primary victims are young adults and minors. While women are the primary adult targets, these cyber-scum prey on both girls and boys under the age of 18, and unfortunately, minors make up a majority of the victims—a whopping 78% of total sextortion victims. One offender was able to trick and control 230 victims, 44 of which were minors. He would get the photos from the unsuspecting victims either by posing as their boyfriends or hacking into their webcams and unexpectedly spying on them. This behavior of having multiple victims is not uncommon due to the massive reach of the internet, making it that much easier for these predators to hook more unsuspecting people into their vicious schemes.

With sextortion becoming such a prevalent and common cybercrime, it is important to educate yourself and others on what signs indicate a sextortionist predator and ways to prevent becoming a sextortion statistic.

How to Prevent Becoming a Sextortion Victim

While there are good people out there working against sextortion on a grand scale, such as Mary Anne Franks of the Cyber Civil Rights Initiative who advocates laws that would make distribution of explicit images without the consent of the person pictured illegal, regardless of how the images were obtained, there are some things you can do to help protect yourself from such a crime on an individual level:

Never send compromising photos to anyone, regardless of who you think they are—Even if the image is slightly compromising, sending images to people online and via phones is extremely risky with the increasing abilities of hackers and other malicious people on the internet.

Do not talk to people online who you do not know—again, this seems like an obvious statement, but just because someone appears to be interested in you for whatever reason online, adding people to your networks who you do not personally know is extremely dangerous and can open doors wide open for sextortion predators.

Cover your cameras when not in use—Hackers can gain access to virtually anything they set their minds to if it is poorly protected enough, and that includes your webcam. By placing a webcam cover or even a piece of tape over your webcam, you can prevent hackers from being able to spy on you, even if they can hack into your webcam. Facebook CEO, Mark Zuckerberg, who has been in a bit of hot water recently with his personal social media account breaches, covers his laptop webcam with a piece of tape. If he is worried about people watching him through that camera, you should be as well.

Make sure your computer’s cybersecurity is up-to-date—at least by updating your anti-virus software regularly and not going to any seedy websites, you can reduce the chances of hackers getting into your computer and taking your personal information that way. Most anti-viruses will even allow you to auto-update. Taking multiple steps in protecting your personal cybersecurity will only help you to be more and more secure.

Your personal cybersecurity is more important today than it has ever been, and prevention is key to protection, so make sure you take these precautionary steps to lessen the likelihood of potential attack. However, in the event that you do find that you or a loved one fall victim to online sextortion, you are not alone. Do not continue to send explicit photos to the attacker—that would only be more ammunition that they could potentially use against you. Instead, tell an authority figure about the incident and call the toll-free FBI number 1-800-CALL-FBI to alert them of this crime and hopefully stop this person from further blackmail of you and others.

Hailey Carlson, Marketing Intern, Axiom Cyber Solutions 6/28/2016

Image Source

Social Media Security—Are Hackers Able to Steal Your Information?

Over 75% of US adults use some sort of social media—it’s a great way to keep in touch with friends, family, and even stay up-to-date on breaking news and the latest celebrity gossip. Many of us have accounts across several platforms, such as Facebook, Twitter, and Instagram, making it that much easier for us to keep in contact with people across the globe in a variety of ways.

With all of these connections, however, it is not only easier for us to see what our loved ones are up to, but it also centralizes all of our data for hackers, making it that much easier for them to steal our personal information to use for their own malicious gain. These cyber criminals are able to hack into individuals’ or business’ accounts and some have even been able to hit the majority of users on a single platform at once. With hackers so focused on attacking any and every one that they possibly can, it is important to educate yourself on the types of threats that these cyber criminals pose as well as to learn how to better protect your accounts against potential attack.

How They Do It—With the recent data breaches of LinkedIn, Tumblr, and the biggest of all (oddly enough) Myspace—consisting of 427,484,128 passwords and 360,213,024 email addresses from both active and dormant accounts (making it the biggest social media data breach to date), social media security has become a hot topic and the question at the top of everyone’s minds is, “Am I next?” While hackers seem to be fairly random in whom they target, there are ways to strengthen your own personal security for your online social networking accounts. Not only should you be prepared against massive platform data breaches, but targeted attacks on individual accounts as well.

While these data breaches are able to target millions of people at once, the most common social media cyber-security crimes are directed attacks on individuals, and are primarily done via sophisticated online phishing. Hackers hack into existing accounts or create secondary accounts of individuals and pretend to be them—going as far as to steal pictures, birthdays, and ‘liking’ the same pages the victim likes. Then, these criminals add friends and family of the victim, posing as him or her and then making odd requests such as needing cash immediately in order to help them out of a tight spot. It is the modern version of the Nigerian prince scheme, only more people fall for it because it appears to be an actual loved one in trouble. With hackers becoming more creative and shifty, it is growing to be more and more challenging to protect against these threats, and all the more important to protect your social media accounts.

Ways to Protect Against Attack—I originally titled this article “Are Hackers Trying to Steal Your Information?”—but the answer to that is always ‘yes.’ Hackers are consistently looking for ways to steal and corrupt as much information as they possibly can. The proper question is, “Is it easy for them to do so?” While there is no silver bullet when it comes to cyber-security, especially regarding social media, here are a few ways to make it harder for these cyber criminals to get your personal information:

Use different, stronger passwords—By making your passwords longer and more complex, as well as using a different password for every account you have, you can reduce your chances of being hacked significantly. Even if your information from one site was compromised, for example in a data breach, by having different passwords for your other social platforms, you reduce your risk of having more information exposed, which aids in your overall cyber-security. Facebook CEO, Mark Zuckerberg, had to learn this the hard way when his Pinterest and Twitter accounts were hacked after the LinkedIn breach provided hackers with his login information, including passwords, which were not only weak, and therefore easily hackable, but he used the same one for both sites. Thankfully he didn’t have the same password for his Facebook account, but it just goes to show you that no one is safe from attack if they use the same, easy-to-crack password for every social media site.

Two-factor authentication—otherwise known as two-step verification, requires users to login not only by entering their password online, but a second, unique verification code sent via text. When there are multiple security steps necessary to sign on to social media, it is harder for these hackers to get to your valuable information. This has proven to be one of the most vital steps in protecting social media accounts; Facebook, Google, and Twitter are currently utilizing this technology, and hopefully more catch on soon (Since their data breach, LinkedIn has implemented this feature as well and encourages its users to take advantage of it).

Do not add people you don’t know—While this may seem obvious to some, many people add ‘friends’ online all the time who they have never even heard of before. With people hacking into the accounts of people you actually know and pretending to be them in order to extort something out of you or another loved one already, why increase your chances of phishing and hacking by adding a complete stranger?

Be wary of suspicious messages and posts—Many hackers utilize vulnerable accounts to hack into in order to send friends and family members messages either asking for money or some other odd request. If you receive a message like this from someone you know, contact them in a way other than social media to see if it is really them, especially if the message looks like something out of the ordinary.

Don’t have sensitive information on your accounts—Most social media platforms give you the option to make certain information private, even from people you know and accept online as ‘friends’ and doing so can really help you strengthen your cyber-security; sensitive information such as your home address or cell phone number can be dangerous to have readily available on social media because it acts as an open door to finding other information about you that could potentially be used by cyber criminals to steal your identity.

There is no surefire way to guarantee your social media accounts won’t be hacked—hackers are working every day to find new ways to get your information. By taking multiple precautionary steps, however, you can make it harder for hackers to get to your information and the information of your loved ones.

—Hailey Carlson, Marketing Intern 6/13/2016

Page 4 of 5 < Previous 1 2 345 Next >

Blog ArchivesHailey Carlson

Blog Archives
Hailey Carlson