Author Archives: Shannon Wilkinson

Been a Victim of Ransomware? Contact Axiom Cyber Solutions

Been a Victim of Ransomware? Contact Axiom Cyber Solutions

One of the first things that you should do following a ransomware attack is to alert the authorities. While the FBI and local law enforcement may not launch a formal investigation into the incident, they do want to be informed of the incident. The FBI released guidance on ransomware in 2018 that does not encourage the payment of ransomware but acknowledges that sometimes businesses will be forced to make the difficult decision of payment for the restoration of their files (I-091516-PSA). The FBI states that “The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.”

Victims of ransomware are requested to contact the FBI Internet Crime Complaint Center (IC3). https://www.ic3.gov/default.aspx

How Axiom Cyber Solutions Can Help

If you have been victimized by ransomware and don’t know where to turn for help, contact Axiom Cyber Solutions for a free consultation. Axiom Cyber Solutions specializes not only in ransomware protection but also in helping the victims of ransomware. Dealing with a ransomware attack is a stressful event so having a trusted adviser on your side who knows what you are going through can make a real difference.

FBI Recommends Home & Small Business Owners to Reboot Their Routers

FBI Recommends Home & Small Business Owners to Reboot Their Routers

As news has broken about the FBI’s warning to consumers and small business owners about rebooting their routers, many have reached out to Axiom to ask what do they need to do. Our advice to them is what the FBI has recommened: if you have one a cable modem or router at home, do a quick unplug/replug of the router (D-Link, NetGear, etc). The good news is the FBI has taken control of the domain that was harvesting the information so even if you were infected, the FBI is just collecting information to find how widespread the infection was (500,000 devices are suspected to be infected).

What is VPNFilter?

VPNFilter is a malware, that contains a killswitch for routers (meaning it can permanently shutdown your device) and it also could steal usernames and passwords. The infection appears to be hitting Ukraine hard but has been found in 54 countries.

Good News?

There is some good news for some users. If you have kept on top of firmware updates and changed the default credentials on your devices, you may be protected. But as we know, most of us never log in and update our cable modem’s firmware.

Axiom’s customers are protected from VPNFilter through a combination of rules that restrict access to our devices as well as addition of the known bad addresses to our blocklists.

Why Threat Intelligence is Not Always Intelligent

Why Threat Intelligence is Not Always Intelligent

The primary purpose of threat intelligence is to help organizations understand what kind of threats they may face, zero-day attacks or exploits. The problem that exists for many organizations about threat intelligence is that there can be so much information coming at them, so much information to act upon, but no time or resources to shift through it, much less apply it to the company’s cybersecurity defense and/or strategy.

Threat intelligence that doesn’t do anything is not that intelligent.

Brent Watkins, FBI Special Agent (Retired), Axiom Cyber Solutions Head of Business Development

There is a real issue with cybersecurity alert fatigue. It is such a problem that TechRepublic ran an article titled “Why notification overload is killing enterprise cybersecurity teams“. Cybersecurity fatigue affects 72% of organizations and part of the problem is the cybersecurity skills gap that only seems to be widening, rather than closing. Basically, the conclusion of a Bitdefender report called CISO’s Hardest Burden is that unless companies have enough personnel to deal with the incoming threat reports, they cannot improve their security.

And if cybersecurity teams, or the lone IT professional tasked with anything & everything within the organization (including cybersecurity, which is not a hobby), are overwhelmed, what does that mean for the cybersecurity defense of the organisation? Troy Wilkinson, CEO of Axiom Cyber Solutions, has frequently discussed that a company’s risk factor exponentially increases from the time that a vulnerability is disclosed to the time that a patch is applied yet still so many organizations are struggling to stay on top of their cybersecurity defense.

The result of the mismatch between the magnitude of threat data and the qualified resources needed to analyze and respond to new threats is increasingly costly and damaging data breaches across all industries from healthcare to financial services to retail and food service.

The problem with threat intelligence data is that it does require that someone in the organization to analyze and apply changes. Changes that may need to go through a strenuous and timely change management approval process which further slows down apply patches to maintain a secure cyber defense. And by the time that a change to the defense may be approved, there are thousands of other possible changes that have come through. So where does it end?

Axiom’s Polymorphic Threat Defense System

Recognizing the need to marry threat intelligence with action, Axiom Cyber Solutions developed its Polymorphic Threat Defense Systems used by both our Axiom SecureAmerica and Axiom Shield products. Axiom has curated over 100 open and closed sources of threat data to bring into our platform which allows us to currently push out over 350,000 threat data points a day to our clients. And to steal a line from “As Seen on TV”…but wait there’s more… one of the beautiful things about connecting with Axiom’s platform is that it requires no action on the part of the customer. All updates from our platform are fully automated and applied without intervention.

Threat actors are constantly evolving their tactics, methods, and connection points. It is important that we also evolve our defenses just as fast, if not faster, to ensure that we are doing our best to protect our businesses.

If you are interested in more information about Axiom’s Polymorphic Threat Defense System, please contact us or call 800-519-5070.

Healthcare Cybersecurity Woes

Healthcare Cybersecurity Woes

2018 has not gotten off to a good start in the healthcare industry cybersecurity. Still the top targeted industry, we have seen hospital groups and one of the electronic medical record companies fall to very preventable SamSam ransomware attacks.

SamSam infections are troubling

The recent attacks with SamSam ransomware is particularly concerning because it requires the attacker to be inside the victim’s computer network to manually activate the ransomware. This means that the attacker(s) who held Hancock Health, AllScripts, the Colorado Department of Transportation, and most recently at the time of writing, the City of Atlanta, Georgia ransom had remote access to the computer systems of all those organizations.

Research shows cyberattacks have lethal results

Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, has found that 2,100 deaths can be linked to hospital data breaches and lack of cybersecurity protections. The reason is that breaches “trigger remediation activities, regulatory inquires and litigation in the years following a breach…” and these activities affect the performance of the facility, leading to quality issues.

Thinking to the large-scale ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles in February 2016 that brought their computer systems down for weeks, when the attack was at its worst, the hospital had to divert ambulances and even transfer patients to nearby medical facilities for treatment. When WannaCry ransomware hit 16 hospitals in May 2017, at least one facility had to cancel 10 scheduled operations due to computer system outages.

So what do healthcare organizations need to do?

The first step is identifying what is on your network. It is surprising how many organizations have no idea how many computers or internet-connected devices are on their networks, much less their protection status. How can you protect your systems and data if you don’t even know where they reside?

The questions “Do you have a firewall” and “when was it last updated” seems to catch many organizations off-guard and the all too common answer is that “I think my IT guy put one in and I’m sure he’s keeping it up to date”. But that’s not good enough. As an office manager or administrator, you need to know that you have all the protections in place not only to maintain HIPAA compliance but really because you care about your patient’s data and safety.

Contact Axiom today for a short and complimentary cybersecurity risk assessment to go over your cybersecurity strategy. Contact us or call 800-519-5070 to speak with one of our qualified cybersecurity experts.

How Data Breaches Affect Children

How Data Breaches Affect Children

Believe it or not, data breaches do affect children, even as young as infants. The worrisome aspect of recent massive data breaches is that many adults have grown immune to data breach notifications; so much so that nearly half of Americans haven’t even checked their credit following the Equifax breach. If they are not checking their own credit, you can pretty much bet that they haven’t looked into their children’s credit either.

One family of five decided to plug in their entire family’s information into the Equifax data breach checker and were surprised to see that their 7-year-old son’s information was potential stolen.

The theft of a child’s identity is lucrative to a cyber-criminal because it can remain undetected for years, if not decades. Without regular monitoring, a child’s identity that has been stolen may not be discovered until they are preparing to go to college and start applying for student loans or get their first credit card. By then, the damage is done and the now young adult will need to go through the pain of proving that their identity was indeed stolen.

It may be surprising to many but a 2011 report found that children are 51% more likely to be the victim of identity theft than an adult. It was found that one of the victims was only five months old and another teenager had over $700,000 in debt in their name.

And this tax season, cybercriminals on the DarkWeb have been caught selling the social security numbers of infants for just $300 per social to be used on fraudulent tax returns. While data on children has been on sale for many years, this is the first believed case where hackers are specifically targeting newborns and “fresh” social security numbers.

So, what can parents do to protect their children and their credit?

The first step would be to treat your children’s social security numbers just as carefully as you would treat your own. Do not provide it to anyone unless absolutely necessary (doctor, school, accountant). And if you have a teenager, teach them how to be responsible with their social security number as well.

Secondly, if you have reason to believe that your child’s information may have been stolen, you as a parent are allowed to request to see if your child has a credit report and secondly, if they do, by request you can also put a credit freeze on their report.

Image Credit – Freepik

Beware Tax Season Scams

Beware Tax Season Scams

Tax season is upon us again and the hackers have been busy with a slew of old and new tricks to try to steal tax refunds. Here are some of the new and old tricks that hackers are employing this tax season and some tips on how you can avoid being taken advantage of by cyber-criminals.

A New Twist to an Old Game

Who wouldn’t be happy to get a bunch of money deposited in their bank account by surprise from the IRS?! Unfortunately for us, the IRS is not just giving us all money and it is a new elaborate scam by hackers to try to swindle you and the IRS out of money. Hackers are using your personal information to file a fraudulent tax return on your behalf but also having it deposited in your bank account. Then they fall back to their old scam of calling or emailing you, claiming to be the IRS and demanding that you send the money back.

Thanks, Equifax…

Due to the massive Equifax data breach, the IRS is expecting a huge uptick in the number of fraudulent filings. To try to help combat some of the fall-out, each employer has been assigned a special Employer Code that is found on the W-2 form to try to make sure that fake W-2s are not used to file claims.

The IRS also has encouraged everyone to try to file their claims as quickly as possible as to not allow hackers a chance to put in a fake claim before you do. If two (or more) claims are filed with your social security number, the IRS will notify you by snail mail (The IRS does not email or call).

If you try to eFile and a claim has already been filed, your claim may be rejected and you will need to contact the IRS (also because of the Equifax data breach, contact the FTC).

Even Children are Affected…

A worrisome discovery this tax season has been the sale of infant and child personal information on the Dark Web. Hackers even are eliciting sale of the information by advertising that it is tax season and buyers should get the information before it is used. The troublesome aspect of having children’s personal information for sale on the Dark Web is that very few parents actually monitor the credit of their youngsters and they may not discover a fake identity for years or even 16-17 years down the road when the child is grown and starts applying for college or credit.

The ol’ W-2 Phishing Scam

Despite IRS warnings and tons of news the past couple of years, hackers are still tricking businesses into sending their employee records. A few years ago, the IRS warned companies of falling for the W-2 scams but despite the continued warnings, businesses (and even government offices like the City of Keokuk,Iowa and Batavia, Illinois) are still falling for phishing scams posing as the company CEO or executives asking for employee summaries and W-2’s.

Employees may be your business’ greatest weakness but they also can be your greatest defender if you take the time to educate them. Inform your employees who have access to sensitive employee data about these types of scams. Don’t just assume that they know.

Teach your employees how to identify phishing scams and when it comes to sharing sensitive data, you can encourage them to seek verbal approval from the requestor. Even though scammers state there is extreme urgency in receiving the response, getting a verbal confirmation from the sender is the best way to protect sensitive information (the same goes for urgent requests for wire transfers to the Finance Department!)

Lastly, sensitive employee data should never be transmitted unencrypted (even if it’s thought to be internal).

What is Cryptojacking and Why Should I Care?

What is Cryptojacking and Why Should I Care?

If you pay attention to the latest cybersecurity news, you may have heard that something called cryptojacking is quickly taking the hacker world by storm as the newest cyber threat, possibly becoming even more popular than ransomware.

So what on the earth is cryptojacking?

Cryptojacking is a method of hijacking computers to mine cryptocurrency without the victim’s knowledge or permission.

If you are not familiar with the world of cryptocurrencies, the act of mining simply means performing complex calculations to add them to the blockchain (Another term?! The blockchain is the distributed ledger of recorded transactions for the cryptocurrency).  For instance, the popular Bitcoin cryptocurrency says that there will only ever be 21 million Bitcoins in existence but not all of them have been created yet. Bitcoin mining essentially is creating new Bitcoins and bringing them to light.

But back to cryptojacking…hackers are essentially stealing the processing power of victim’s computers to run the complex calculations to be awarded with new cryptocurrency. They do this by infecting website plugins and stealing your processing power while you visit legitimate websites, they do it while you are connected to the Wifi at your coffee shop, and they also get you through malware that steals your processing power all the time.

So why should I care about cryptocurrency mining malware?

More often than not, you may not even realize that you have been infected with cryptocurrency mining malware. You may experience a slow-down of your computers or lag while using the internet. The same goes with your mobile devices as cryptojacking has started exploiting the processing power of Android phones through malicious websites. There even was a nasty version of Android cryptojacking malware called Loapi that could cause the phone to use so much processing power that the phone would physically melt.

Other than melting your phone, there are other cases when cryptocurrency mining malware could cause real havoc. In a race to find more processing power, hackers have looked to utilities and have successfully infiltrated a water utility in the United Kingdom to mine cryptocurrency. If the cryptocurrency mining operation would have consumed enough processing power, it could have caused system failures and truly impacted the operations of the utility. Perhaps even more stunning is that a handful of scientists in Russia have been arrested when they attempted to connect a supercomputer at a nuclear facility to the internet so they could use the computer’s processor power to mine cryptocurrency.

How to prevent cryptojacking?

There are a couple of steps that you can take to prevent cryptocurrency malware infections.

  • Install an anti-cryptocurrency browser extension like NoCoin or MinerBlock
  • Use a pop-up/ad blocker (some even have cryptocurrency blocking built in)
Are you PCI Compliant?

Are you PCI Compliant?

Does your business process credit cards? Would you be able to continue operating if you lost the ability to process cards?

If your business relies on credit cards to conduct business, there are certain cybersecurity measures you must implement to comply with the Payment Card Industry Data Security Standard (PCI-DSS). A common misperception of PCI-DSS is that if you don’t store credit card information, you don’t have to be PCI compliant but that simply is not true. The PCI standards also apply to handling of data while it is processed or transmitted over the computer network, phone lines, and even fax. So unless you are using point-to-point encryption AND tokenization, you will need to comply with PCI-DSS.

Another misconception is that payment card processors do not fine small companies when they have a breach and while fines are typically levied with merchants that process more than a million transactions a year, if you suffer a breach of cardholder data you will be liable for chargeback amounts, credit monitoring costs, and could be on the hook for compliance auditing costs as well as lose your ability to process credit cards.

The PCI-DSS requirements mirror data security best practices and a few of key requirements are:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 1 requires that businesses that process or transmit credit card data to have a firewall to protect the cardholder data. It further dictates that the firewall configuration needs to be reviewed every six months and that you must block bogus IP addresses (Bogons) from accessing the network from outside.

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Requirement 5 requires that the business implement anti-virus software on all computers that could be compromised (5.1) and also that the anti-virus is able to detect, block, and remove known malicious software (5.1.2). While there are free anti-virus options available, many are limited in their capabilities and also do not provide the same level of protection as paid anti-virus. Additionally, anti-virus programs are not expensive (as low as $2.50 per computer per month from Axiom) so why would you take the risk that your computers could be infected by credit card stealing malware or locked up by ransomware?

Requirement 5 also states that you must ensure that the anti-virus programs are kept up-to-date, perform regular scans, and that you maintain an audit log (5.2) And anti-virus programs also cannot be disabled by users (5.3) unless justified and approved by management.

Requirement 6: Develop and maintain secure systems and applications

Requirement 6 guides companies to establish a method of conducting security assessments (6.1) to identify vulnerabilities and assign a risk rating (low, medium, high, critical) to found vulnerabilities. The requirement also requires that companies install security patches for known vulnerabilities within one month of the patch being released (6.2).

How Axiom can help with PCI Compliance

Axiom is able to assist with fulfilling all of the PCI-DSS requirements listed above through our combination of hardware and software services. If any of the requirements give you pause, contact us today for a free consultation at (800) 519-5070 Ext. 7

For more information on PCI-DSS, you may find the official PCI DSS Quick Reference Guide helpful.

What is a Botnet and Why Should I Care?

What is a Botnet and Why Should I Care?

If you’ve seen the news this week, you’ve no doubt seen articles about a botnet called “Reaper”, “IoT Reaper” or “IoTroop” that is enslaving vulnerable smart devices like wireless routers, security cameras, and DVRs. While botnets are interested to cyber-security professionals, I’m sure the news made many people think “what the heck is a botnet and why do I care about it?”

In a simple explanation, a botnet is an army of internet-connected devices or computers that have been infected by malware and are now under the control of hackers. The malware is designed to infect devices and create an army of devices that can be enlisted to create distributed denial of service (DDoS) attacks like the one last October that took much of the East Coast offline. Botnets also can be used to steal data, send spam emails, or just simply allow a hacker to access the device and the internet connection it uses.

You may also hear the term “zombie” in connection with a botnet and that is simply because the malware lives on the compromised device and often the owner of the device is unaware of the infection of that the device is being used in attacks.

So what is it about this particular “IoT Reaper” botnet that has created such a buzz in the cyber-security industry? The sheer number of devices that are vulnerable, over 378 million, that can be brought into the botnet that has many worried. The hackers behind “IoT Reaper” are currently exploiting at least nine different vulnerabilities across different device manufacturers and appear to be adding to the list of vulnerabilities as they are found. Plus, like the Mirai botnet, “IoT Reaper” is a worm that jumps from one infected device to the next to spread the infection.

So all of that sounds scary, is there anything that can be done to prevent getting your devices enlisted into a “zombie” botnet army? YES!

As always, make sure that you don’t keep default username/password combinations on your internet connected anything. Also, check to see if your smart device manufacturer has released any firmware or security patches to close the vulnerabilities that are being abused by the botnet. Another great way to protect your IoT network is to place firewall protection at your internet connection but it’s also important to make sure that you keep your firewall up-to-date as well because threats are always evolving!

Is Your Cannabis Business Safe from Hackers?

Is Your Cannabis Business Safe from Hackers?

If you’re in the cannabis industry, you would have heard about the cyber-attack earlier this year that brought down MJ Freeway, one of the largest cannabis compliance software systems in the industry.

This should have been a wake-up call for everyone that hackers are targeting the industry for a variety of reasons: profit, notoriety, or political statement.

Despite the seriousness of the MJ Freeway cyber-attack, today we’re still finding many businesses in cannabis are not taking cyber-security seriously, leaving themselves wide open to an attack that could bring their operations to a grinding halt.

If you’re not taking steps to ensure your cyber- and data-security is airtight, here are some real consequences your cannabis dispensary could be facing with a cyber-attack:

Patient and Customer Data

When you accept medical patients and clients, do you store their personal information on your servers or in the mythical, magical cloud?

If you do, then your data is at risk if you do not take steps to ensure your cyber-security and data security strategy is strong and impenetrable by hackers.

These talented hackers can target your systems to steal your customer information, and use it against you by holding it for ransom like they did for HBO or sell it on the Dark Web, or worse, delete it so you cannot recover the information.

There is no worse way to compromise your cannabis business’s integrity than having to tell your customers you’ve lost their data.

The recent Equifax hack demonstrated the value of personal information on the Dark Web. Hackers can relatively easily steal your data to sell to other unscrupulous individuals who will use the information for identity theft.

If you collect data that is regulated under the Health Insurance Portability and Accountability Act (HIPAA) and have a cyber-security breach, you’ll face serious finds from Health & Human Services.

Ransomware is the hot new cyber-crime trend that netted cyber-criminals hundreds of millions in ill-gained profits by encrypting business’ data and holding it for ransom, which puts businesses between a rock and a hard place: Do you pay the cyber-criminals to get your data back or do you start over from scratch?

Point of Sale (POS)

While credit card theft is not a large area of concern for many, there are still vulnerabilities within point-of-sale (POS) that need to be addressed.

POS systems are connected to the internet via servers and need to be protected and separated from the rest of the network to ensure that if a hacker gets into your back-office, they can’t move into your POS network.

There are plenty of examples of the theft of credit card data from POS systems infected by malware (Sonic, Whole Foods) but there also are verified cases where hackers have been able to change product prices for purchases after compromising a POS system. For example, instead of selling a product for $100, a hacker could change the price to $1 before checking out, costing you big money and allowing a hacker to take advantage of you big time.

Grow Operations

Grow Operations are increasingly sophisticated and use complicated internet-connected devices and HVAC systems.  Not taking the time to adequately secure you networks to ensure a hacker can gain access could allow them to gain access to your HVAC and change your room temperature and destroy your crop.

The sad and scary news is, your competitor may be the brains behind hacking your unsecured connections and data. Some companies are hiring hackers to destroy your business through a cyber attack and put you out of business.

The Target data breach was orchestrated when hackers jumped from the building’s unprotected HVAC systems into the company’s network and then into the point-of-sale system. This shows that not only are the HVAC systems vulnerable, but the HVAC system could be a your point of vulnerability that will allow a cyber-criminal access into your entire computer network.

Keep Asking Yourself This Question

Keep asking yourself this question for your cannabis retail operation: “What harm could a hacker do?”.

The answer is a lot and if any of these thoughts keep you up at night, contact Axiom Cyber Solutions or our partner, Hardcar Security, to discuss how you can achieve peace of mind and proper cyber-security protection for your cannabis business.