Holiday Shopping: Best Practices for Shopping Safely Online

Have you ever considered that you could be a target for a hacker? The holidays are around the corner meaning that this is the season for scammers to get to work. Identity theft and scam prevention services reports that approximately 15 million Americans have their identities used fraudulently each year with financial losses totaling upwards of $50 billion.

Here are four tips to help keep you safe while you shop.

Never click on links in an email

Clicking on the link instead of manually typing in the retailer’s website can redirect you to a scam site. Fake emails are designed to look like retailer’s in hopes you’ll give them your personal information. In fact, email phishing scams remain the most widespread method of stealing information. Although I am only referring to one form, it is important for you to be aware of the many other forms phishing presents itself as.

Best practices:

  • Check for odd spelling and bad English grammar
  • Beware of links
  • Be leery on too good to be true deals
  • Avoid redirected sites
  • Keep your security software up to date

Use Wi-Fi connections that you know

What is so wrong about using public Wi-Fi? Although public Wi-Fi can be convenient when you are at your favorite coffee shop browsing your news feed, public Wi-Fi is not secure even if it is password protected making it a major security risk. You are still an easy target for a hacker to eavesdrop on your online conversations, transactions, and personal information. Essentially, all that is really needed is for you and the hacker to be on the same Wi-Fi.

Best practices:

  • Always verify the SSID (service set identifier otherwise known as Wi-Fi name) with the business hosting
  • Use a VPN (virtual private network) if in a dire situation

Shop on secure sites only

Your browser is the door to the internet and the front line of defense against security threats. Securing the front line will keep hackers from walking right through your front door. How do you let the deals come in while keeping the hackers out? Keep a close eye on your address bar making sure it always shows an icon of a locked padlock. This ensures that the site is using SSL (secure socket layer) encryption HTTPS:// (instead of just HTTP://) adding an extra layer of protection by encrypting your data.

Best practices:

  • Shop from familiar websites that you trust
  • Research unfamiliar sellers to make sure they are legitimate
  • Always update your browser

Avoid Fake phone apps

As you scroll through your phone’s app store you find an app that claims to help you find the best deals, it shows a good score, and has the most popular brands. Up to 75-80% of the top free apps on Android or iPhones have malicious software known as malware, giving hackers easy access to not only steal your personal information but a gateway to your everyday life. They can now snoop on your conversations, steal passwords, track your location, credit card information, and even use your phone’s camera to spy on you. Worse of all, these apps continue to work while they do their magic profiting from your device without you even knowing.

Best practices:

  • Do your research before downloading apps
  • Delete apps that do not make sense
  • Read the reviews
  • Review app permissions
  • Do not download apps from third party sources

Top Malware Trends for Q1 of 2017

The first quarter of this year has already flown by, and with it, many events as well: a new president was sworn into office, the biggest comeback in the history of the Super Bowl occurred, and a new champion was declared in the college basketball arena. There was also a lot of activity within the world of cybersecurity, primarily in relation to malware. To summarize this activity, it would be helpful for us to take a look at the top five malware trends.

  1. Star Trek-Themed Ransomware brings us a new ransom payment method — Ransomware variants come in all different shapes and sizes, targeted and specialized to nearly every group of people and every fandom out there, so it is not surprising to see that there is a Star-Trek themed variant trying to dupe trekkies into coughing up money in order to regain access to their compromised files. Something more shocking than this malware, dubbed ‘Kirk-ransomware,’ is the payment method requested by hackers — Monero. Touted to be even more elusive, secure, and anonymous than the usual cryptocurrency payment method of Bitcoin, ever since its inception, cybercriminals have been scheming to use this hard-to-track payment method, and this was the first ransomware to do so. It appears as though the first quarter of the year lead to some competition for underground cryptocurrency, Bitcoin.
  2. Small-to-medium sized businesses are highly targeted — Forty-three percent of cyberattacks in 2016 targeted small-to-medium sized businesses, or SMBs, and, of course, this includes malware. A new study by Datto shows that SMB customers are very highly targeted by criminals not only this year, but into the future as well. Unfortunately, many businesses of this size do not have the resources, financially or otherwise, to prepare for potential ransomware or malware threats. Not only did these types of businesses get heavily targeted in 2016, but they have already been the most heavily targeted business demographic outside of hospitals so far this year.
  3. Card skimming made easier by MajikPOS — Quarter 1 for 2017 brought malware to the brick and mortar via MajikPOS, a new type of malware, capable of stealing credit card information through a modular attack researchers had never encountered before. It is affecting many businesses across the US and Canada, primarily gas stations as it is easy for card skimmers to be put on without Point-of-sale workers seeing criminals install it. It is believed MajikPOS has been responsible for stealing over 23,000 credit card numbers in the US and Canada, most of which end up being sold on the darknet.
  4. Inadequate anti-virus tools leave us vulnerable — Thankfully, it does seem as though throughout the general public, people are taking at least some sort of defense against cyber attacks, and they are doing so through anti-virus software. However, unfortunately, nearly one-third of all malware typesstill sneak into computers because of a failure by the antivirus fails to detect the threat. It is evident this major problem will need to be solved sooner rather than later, seeing as it affects many more individuals and businesses than some other insecurities, although it is doubtful that this will happen any time soon.
  5. WYSIWYE malware emerges — WYSIWYE, or What You See is What You Encrypt, malware allows cybercriminals to virtually hand-pick their target and release a personalized ransomware strain. Because of its advanced customization features, including self-deletion, stealth mode, and encrypting specific files, this malware type is causing major headaches within the cybersecurity industry and beyond.

Protect yourself and your business by staying informed on the current malware and other cybersecurity-related trends by paying attention to cyber-news as well as keeping up with the Axiom Cyber Solutions blog.

Hailey R. Carlson | Axiom Cyber Solutions | 04/12/2017

A Closer Look at Some of the Top Threats of 2016

A Closer Look at Some of the Top Threats of 2016

We hear all the time about different cyber threats that jeopardize our safety while navigating the online world. Because of this, it can be overwhelming trying to determine which threats are of serious concern and which do not need to be worried about as much. In an attempt to clarify these thoughts, the European Network and Information Security Agency (ENISA), the European Union agency dedicated to preventing and addressing network and information security problems, has released its Current Emerging Threat Landscape list of the top threats in the online world for the year 2016.

While the list of these top fifteen threats of the year can be clarity enough for some tech-savvy users, many people hear the names of these cyber-threats only as buzz words and are unable to clearly define what they mean. Below, we take a closer look at some of the top threats in hopes of making knowledge of them more common.

Malware

Malware tops ENISA’s list for yet another year, with over 600 million samples identified per quarter for 2016. Not only have traditional malware attacks grown, but 2016 saw mobile malware reach a growth of nearly 150%. Malware is a broad category of malicious software intended to damage or disable computers and network systems, and is often spread via email, pop-ups, and social media. Some of the most common variants are viruses/worms, Trojans, adware, backdoors, and also included under this broad category are botnets, the fifth most assessed trend of 2016. however, there are millions of malware variants and malware families. How to avoid: There are many ways to avoid this threat, but the primary defenses include running antivirus/anti-malware tools regularly, keeping firewalls up-to-date, use of strong and intricate passwords, and avoiding clicking on suspicious links.

Web-based attacks

According to ENISA’s report, “Web based attacks are those that use web components as an attack surface…such as web servers, web clients (browsers) content management systems (CMS) and browser extensions.” In particular, threats such as drive-by attacks, redirection, water-holing attacks, web browser and web server exploits, browser extension attacks abusing vulnerabilities and man-in-thebrowser-attacks.” Essentially, these are weaknesses and vulnerabilities within a user’s browser.How to avoid: According to ENIAS, major causes of this type of threat are outdated plug-ins and lackadaisical judgement when it comes to clicking on links. Keep your plug-ins up-to-date, and as with all other cyber-threats, do NOT click on any unfamiliar links. Also, be sure to use a secure browser and be wary of pop-ups.

Within the larger web-based attacks category are web-application attacks. These are attacks on web applications which include email, online retail sales, online auction sites, wikis, instant messaging services, and many others.

Denial of service

Denial of Service (DoS) and Distributed Denial of Service (DDoS) grew significantly over the last year. These attacks are intended to send traffic to certain, targeted website(s) in order to take them down — this used to be more of a form of activism for people to take down corporate sites, however ENISA’s report said that DDoS attacks are now being used for extortion attempts, as part of the trend toward monetising hacking.

The primary difference between DoS and DDoS is that a DoS attack comes from one computer and one Internet connection to flood a target, whereas a DDoS attack uses multiple computers or devices on numerous Internet connections in order to flood the targeted source. This increase in these attacks is due majorly to the innovations created by hackers to use unsecured Internet of Things (IoT) devices (i.e. household items with Internet-connectivity such as DVRs, digital cameras, and home Internet routers) as a part of their attacks. How to avoid: There are a few key ways to secure yourself from this attack: secure your IoT devices with non-default passwords, turn off remote access to devices when not in use, and keep your systems (home and office) up-to-date.

In addition to these top five threats, other threats that saw a rise in number of assessed trends last year include physical manipulation, damage, or loss, exploit kits, data breaches, and information leakage. Though this can be disheartening, spam, identity theft, and cyber espionage, a few of the most detrimental cyber-attacks out there, saw a decrease in their number of instances; phishing, ransomware, and insider threats remained relatively constant from the previous year’s attacks, which isn’t necessarily good news, but it highlights the cybersecurity industry’s shift in focus to combating these common threats.

To quote both Sir Francis Bacon and Schoolhouse RockKnowledge is Power. The only way to avoid these threats is to know what you’re up against; educate your family and friends and stay up-to-date on the current online threat landscape by keeping up with Axiom Cyber Solution’s blog where we address the major issues of the cyber world.

Hailey R. Carlson | Axiom Cyber Solutions | 02/24/2017

Image Source/The current digital threat landscape according to ENISA 

The Real Costs of Cyber Attacks

The Real Costs of Cyber Attacks

Cyber attacks constantly top the news headlines–be it yet another massive data breach for Yahoo! or the findings that ransomware can now infect Smart TVs running Android OS, our world seems to always be threatened by some sort of cyber phenomenon or another. These cyber attacks threaten companies with their various costs, both measurable and immeasurable, and some of the most common costly cyber attacks are DDoS attacks, ransomware attacks, and data breaches.

Distributed Denial-of-Service (DDoS) Attacks

A distributed denial-of-service, or DDoS, attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. This is done by malicious actors to prevent legitimate users from accessing a website. When this type of attack occurs, it can either be meant to flood the company’s network infrastructure to block connections to the entirety of its site or more targeted at specific applications to block company use–and sometimes it can be both. When a company experiences a DDoS attack, it is important for them to know the costs involved.

The biggest costs surrounding a DDoS attack are related to getting the business’ domain operational again–meaning lots of money and time must be dedicated to fixing the issue. As of 2014, the average hourly cost to a company to try and mediate a DDoS attack was $40,000 an hour; as the the number of occurrences and the strength of DDoS attacks has increased since then, it is likely that this cost has risen as well. With two-thirds of attacks lasting 6 hours or more (16% of which lasted 1 to 7+ days), it is obvious that this can be a hefty price for a company to pay.

DDoS attacks are fairly preventable compared to other cyber attacks, and one of the best ways to prevent an attack is through early detection. Costs surrounding a DDoS attack can be reduced significantly with early detection, and there are simple steps a company can take in order to fight an attack once one has been detected. Companies can run a script on their servers that sends a message periodically with the recent traffic count. Monitoring and managing traffic is essential in preventing a DDoS attack. Once a pattern has been recognized, it is important for the bad traffic to be blocked without blocking those legitimate users who wish to access the site. It is important to be ready with strong incident response and DDoS mitigation plans in order to prevent the costs incurred by your company from getting out of hand.

Ransomware Attacks

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money, or ransom, is paid. Though now primarily known by this definition as a cyber crime, ransomware has been around since before the internet gained its popularity. Since then, the threat has grown drastically with the flourishing of the Internet, not only in its complexity but in its reach as well. 2016 experienced record amounts of complex ransomware attacks–with attacks totaling over $1 billion as of September 2016 for the year and an average of 4,000 attacks each day in the United States alone. While it is known that one of the costs surrounding ransomware is the actual ransom paid to the criminals in order to regain access to a company’s precious files, there are other hidden costs that are important for organizations to know about as well.

According to a survey conducted by the market research firm Vanson Bourne on behalf of SentinelOne, it takes an average of 33 man hours for an organization to recover from a ransomware attack. Researchers who conducted this survey make the assumption that the average employee makes around $20 per hour, meaning that this cost alone is more than $6,000 for each attack, and this varies based upon the company’s size and the employees’ actual rate of pay. Ransoms are commonly collected in the form of Bitcoin, a digital currency that uses encryption, created and held solely online. The average ransom is worth around 1-2 Bitcoin, and the current exchange rates show that the currency is worth over 1,000 USD per coin–but some especially malicious hackers charge their victims even more to regain access to their important and private files.

Similar to handling a DDoS attack, prevention is preferable to reaction when it comes to combating ransomware. By setting up a plan that includes the use of an antivirus and malware software, keeping all of your operating systems and computers up-to-date, enabling automatic updates, the use of a pop-up or ad-blocker, use of strong and unique passwords, and avoiding suspicious links and emails, you can prevent ransomware from infiltrating your company to begin with. The greatest defense you can have is a strong, managed firewall, as well as cyber-aware employees.

Data Breaches

The cold, hard truth about data breaches is that most IT professionals adhere to the belief that it is not a matter of if a company will be affected by a data breach, but rather when–and 2016 was not exempt from this belief either.

According to the 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute, the average cost of a data breach in 2016 was $4 million, with the average cost per record stolen in a data breach for this time being $158 (an increase of $4 per record from last year’s average); this cost was even greater for the healthcare and retail fields, at $355/record and $172/record respectfully. Costs associated with data breaches continue to climb yearly, so this Ponemon Institute Study took a look at why exactly this is occurring.

Researchers found three major causes for this hike in costs surrounding data breaches:

  1.  Nearly half of all data breaches are malicious attacks— Forty-eight percent of data breaches for 2016 were criminal and malicious attacks. This type of breach takes the most time to detect and contain, and this extra time devoted to remedying the situation results in a higher cost per record stolen. Since professionals believe it is only a matter of time before your company is hit with a data breach, it is important to prepare for the inevitable attack. By accepting that a breach will occur and creating a plan of action for when it does, you can protect your business from getting hit as hard as it might have been without proper preventative measures put in place.
  2. Costs surrounding lost business have increased As with other attacks, when a company faces a data breach, some of their customers will see this as a major fundamental flaw with the company itself and consequently, these enterprises will experience lost business. This is the biggest financial consequence to organizations that have experienced a data breach. Because of this cost being as significant as it is, after a company experiences a data breach, it is essential that they take steps to help retain customers’ trust in order to reduce the long-term financial impact.
  3. The cost of quality threat detection is growing rapidly— When a data breach is threatening an organization, the company needs to handle the situation as though it is a First 48 investigation–the more time that passes without a solution to the issue, the harder and more costly it becomes to resolve. According to the Ponemon Institute Study, detection and escalation costs have increased each year they have conducted this study, which suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a breach. Companies who feel as though quality threat detection and escalation are out of reach for them financially can find an external cybersecurity management partner to help protect the organization from attack.

These threats, as well as others, torment businesses year after year, costing them millions upon millions of dollars as well as significant chunks of their time. It is important for businesses to be prepared to prevent each attack as much as they possibly can in order to keep their customers’ trust and reduce the costs surrounding such a devastating event as a cyber attack.

Hailey R. Carlson | Axiom Cyber Solutions | 01/02/2017

Stay Safe While Shopping Online This Holiday Season

Thanksgiving is not just a time to feast with family and friends any longer as Black Friday has poured over into the holiday preceding it, with some stores opening their doors for shopping as early as 3pm on Thursday, when most of us want to be eating some pumpkin pie. While Black Friday shoppers have already waited in lines overnight, approximately 50% of people are doing some part, if not all, of their Christmas shopping online, and this year it is expected that 13.3% more people will participate in online shopping than ever before. With Cyber Monday coming up on November 28th, there are sure to be millions of consumers purchasing gifts for their loved ones for the holiday season, but as the number of people shopping via the Internet grows, there comes an almost equal increase of cyber attacks as well.

While there are many cyber-crimes out there this time of year including phishing email scams and ransomware attempts, there are many precautions you can take in order to help prevent your information from being stolen. Here are some tips, some of which are also included in a previous Axiom blog post written by Shannon Wilkinson, on how to stay safe while shopping this holiday season:

1) Use credit cards instead of debit cards

We all remember the credit card hack that hit Target in 2013, and while it was detrimental to many shoppers of the massive chain, it did highlight the importance of being secure in your payment method. One very common recommendation I’ve seen to help avoid against significant financial distress if your information were to be compromised in a similar attack is to use your credit card. If your credit card data is used for something malicious without your knowledge, it’s easier to resolve issues with a credit card company than with your bank, so avoid using debit cards as much as you can. When in doubt, cash is always the safest bet.

If you do use one of your cards, take advantage of the possible updates you can receive, that way you can stay up to date on all of your account’s financial activity.

2) Be wary of ‘too good to be true’ deals, they probably are

A common tactic used by cyber-criminals is to lure you to their nefarious websites with deals that appear to be too good to be true. While most of us are aware of this, it is important to keep this in mind during the holiday season when searching for that one gift your loved one just can’t live without. If a deal seems too good to be true or you haven’t seen or heard of it being advertised elsewhere, it is likely, and unfortunately, a scam.

3) Only shop at retailers you know

By only purchasing items from retailers whose brands you recognize, such as Amazon or Best Buy, you can lessen the chance of your data being involved in a scam, as these big name stores likely have better cyber defenses that of less recognizable companies.

No matter which site you use, look for the secure ‘https’ and a lock symbol next to the link in your web browser, as these indicate that any purchase transacted on a particular website is secure. If you do deviate from known websites, take some time to research the validity of these sites to protect your information.

4) Do not give out any extra information

When signing up for a rewards card to add to your holiday shopping savings or giving your information to be entered to win a grand prize, never give out more information than is necessary. No company needs your social security number or other extremely personal information, so if they request it, do not provide it to them.

5) Keep your devices up-to-date

The first step to making sure that you are secure is to make sure that both your mobile (Phones, Tablets, etc) and computer are up-to-date with the latest patches to the operating systems and security software.

6) Be educated on cyber-crimes

Quite possibly the biggest cyber-crime that affects people around this time of year is phishing. Many people, especially after buying something from an online vendor, receive an malicious email. In these cases, customers might receive an email stating that their payment did not go through and their information needs to be re-entered in order to process the order. This is often times a cyber-criminal trying to get you to enter in your credit card information directly to their database. If you receive such an email, contact the company directly to find out if there is actually a legitimate issue with your order and to notify them of the scheme. This and many other fictitious emails have been flooding inboxes recently, so as consumers, we must be hyper-vigilant in protecting our data.

7) Stay updated on current threats

The best way to avoid a scam is to be knowledgeable about current cyber crimes threatening consumers such as yourself. A simple Google News search of ‘current holiday cyber attacks’ can keep you in the loop as to which scams you need to look out for. Likewise, if you find that you are the victim of a cyber crime, tell someone who can do something about it, such as the company who appears to be sending you legitimate information of their fake counterpart, in order to prevent others from being targeted. We are our best resources in the fight against online shopping criminals

While this season may be hectic at times, it is meant to be a time of happiness; avoiding malicious cyber attacks is extremely important in keeping your season full of cheer. Take these precautions to stay safe and if you feel unsure about a website or an email, trust your gut and don’t use that site.

Hailey Carlson | Axiom Cyber Solutions | 11/25/2016

5 Ways to Protect Yourself Against Sextortion

With texting, social media direct messaging, and apps like Snapchat—a mobile app where one person can send a photo to another that will “self-destruct” in a maximum of 10 seconds—it is easy to see how sexting has pushed its way to the forefront of technology-based communication. However, what if the person you’re messaging or snapping with isn’t who you think it is? What could the personal, intimate image you’re sending to your significant other mean if it fell into the wrong hands? When malicious people get their hands on these types of images, they can use them to extort more compromising images or demand payment with the threat of sending the existing images they have to your friends, family, or coworkers—this is the sexual-cybercrime known as sextortion.

Sextortion occurs when malicious online users obtain compromising images, usually posing as a young person who the victim may or may not think they know, or by hacking into a person’s webcam, which they then use to extort more compromising pictures or videos from the victim or sometimes even monetary payment with the threat of distributing the photos on the internet if the victim does not comply.

There are an expected 6,000+ cases of sextortion, many of which are not reported due to victims’ fear of their attackers exposing their intimate moments to the internet. The primary victims are young adults and minors. While women are the primary adult targets, these cyber-scum prey on both girls and boys under the age of 18, and unfortunately, minors make up a majority of the victims—a whopping 78% of total sextortion victims. One offender was able to trick and control 230 victims, 44 of which were minors. He would get the photos from the unsuspecting victims either by posing as their boyfriends or hacking into their webcams and unexpectedly spying on them. This behavior of having multiple victims is not uncommon due to the massive reach of the internet, making it that much easier for these predators to hook more unsuspecting people into their vicious schemes.

With sextortion becoming such a prevalent and common cybercrime, it is important to educate yourself and others on what signs indicate a sextortionist predator and ways to prevent becoming a sextortion statistic.

How to Prevent Becoming a Sextortion Victim

While there are good people out there working against sextortion on a grand scale, such as Mary Anne Franks of the Cyber Civil Rights Initiative who advocates laws that would make distribution of explicit images without the consent of the person pictured illegal, regardless of how the images were obtained, there are some things you can do to help protect yourself from such a crime on an individual level:

Never send compromising photos to anyone, regardless of who you think they are—Even if the image is slightly compromising, sending images to people online and via phones is extremely risky with the increasing abilities of hackers and other malicious people on the internet.

Do not talk to people online who you do not know—again, this seems like an obvious statement, but just because someone appears to be interested in you for whatever reason online, adding people to your networks who you do not personally know is extremely dangerous and can open doors wide open for sextortion predators.

Cover your cameras when not in use—Hackers can gain access to virtually anything they set their minds to if it is poorly protected enough, and that includes your webcam. By placing a webcam cover or even a piece of tape over your webcam, you can prevent hackers from being able to spy on you, even if they can hack into your webcam. Facebook CEO, Mark Zuckerberg, who has been in a bit of hot water recently with his personal social media account breaches, covers his laptop webcam with a piece of tape. If he is worried about people watching him through that camera, you should be as well.

Make sure your computer’s cybersecurity is up-to-date­­—at least by updating your anti-virus software regularly and not going to any seedy websites, you can reduce the chances of hackers getting into your computer and taking your personal information that way. Most anti-viruses will even allow you to auto-update. Taking multiple steps in protecting your personal cybersecurity will only help you to be more and more secure.

Your personal cybersecurity is more important today than it has ever been, and prevention is key to protection, so make sure you take these precautionary steps to lessen the likelihood of potential attack. However, in the event that you do find that you or a loved one fall victim to online sextortion, you are not alone. Do not continue to send explicit photos to the attacker—that would only be more ammunition that they could potentially use against you. Instead, tell an authority figure about the incident and call the toll-free FBI number 1-800-CALL-FBI to alert them of this crime and hopefully stop this person from further blackmail of you and others.

Hailey Carlson, Marketing Intern, Axiom Cyber Solutions 6/28/2016

Image Source

DIY Hacking (or “How to Build a Better Meth Lab”)

DIY Hacking (or “How to Build a Better Meth Lab”)

A few years ago I sat in an audience a bit shocked as I watched an Albuquerque Police Department officer show us how to build a meth lab. Systematically, he explained what parts were needed, where they could be purchased, the ingredients required, dangers to watch for, and then the actual steps to cook the meth.

To the typical law abiding citizen, it might seem inappropriate that something so harmful could be presented so casually. It also seemed a bit ironic to hear this from a police officer who works in the city recently made famous by the series Breaking Bad. However, he went on to explain that everything he had talked about was readily available on the internet and that accessibility is only contributing to the exponential growth of this serious problem.

Unfortunately, the same situation is true for cyber-crime. Today, you can Google “How to hack a network,” “How to DDOS a website,” or “How to crack a password” and easily find step-by-step instructions for doing so. For those who are more visual learners and would prefer videos, they are readily available on YouTube and even sub-titled for your convenience. All of this is freely and easilyaccessible on-line to everyone.

Of course, some people don’t want to learn all of the technical stuff and just want an “off the shelf” program to do it. These guys are known as “script kiddies” and have at their disposal a large number of effective, easily downloadable programs capable of breaching other’s networks and computers. Even more alarming is that now on the “dark net” they can launch a ransomware attack against the targets of their choice and hold computers locked and data encrypted until a ransom is paid.

But another option also exists.  Just like the guy who wanted Walter White to do all the dirty work for him, you can now simply hire someone else to hack a password, destroy a website, or launch a DDOS attack (for which you pay by the hour) all while you sit comfortably in your own home and watch reruns ofBreaking Bad.

My point is, we shouldn’t think that cyber-crime is going to get any better because it’s only becoming easier to do. There will always be the nation-states and organized crime syndicates (the “Walter Whites” so-to-speak) orchestrating massive cyber-attacks. But more and more there will be the “little neighborhood meth labs” – the DIYers – popping up and taking advantage of the ill-prepared.

Cyber-crime is not going to get any better because it’s only becoming easier to do.

So it’s important to have an effective, layered cyber-security defense in place – one that includes a powerful next-generation firewall, regular system updates and back-ups, current virus and malware protection, data encryption, network monitoring, and an interactive employee education program so that they are aware of the real and growing threat that exists.

If you would like more information on how we at Axiom Cyber Solutions can help you do this, email me at info@axiomcyber.com or call 1-800-519-5070.

No Firewall & Cheap Routers to Blame for $80 million Bangladesh Bank Heist

No Firewall & Cheap Routers to Blame for $80 million Bangladesh Bank Heist

A typo by hackers resulted in the theft of a mere $80 million instead of $1 billion from the Bangladesh central bank back in February. But what is more worrying is the way that the hackers gained access. Investigators have discovered that the bank had no firewall and were using cheap second-hand routers that cost $10 to connect to global financial networks. The head of the bank resigned and the Finance Minister has called the bank’s approach to cyber security “very incompetent”.

The lack of sophisticated equipment also will make it more difficult for investigators to figure out exactly what happened as there will be a lack of information logging on the devices. And it also means that there would not have been network segmentation, meaning once the hackers had access, they had access to everything instead of just one part of the network. Good network security involves segmenting the network into working areas (think POS, Administration/Management, Guest Network, etc). And of course, good network security also involves the use of a firewall.

FireEye, the security firm helping investigate the theft, believes that malware with keystroke capabilities was covertly installed and in the bank systems for several days before the theft occurred. The thieves were able to gather operational data and steal codes that allowed them to process transactions but a spelling error in one of the transactions lead the theft to be discovered and stopped additional millions from going out the door to the thieves.

It is baffling that a bank that has access to billions of dollars would not invest in the most basic cyber security protections. SWIFT, the secure financial messaging service, whose service was used to transfer the funds but not directly breached, said that in response to the hack that they would be checking with banks to ensure they are implementing recommended security strategies. While SWIFT is able to recommend security practices, there is no organization with regulatory oversight to ensure that financial institutions are securing their computer networks.

While it was reported in late March that the Bangladesh central bank was considering legal action against the Federal Reserve Bank of New York, the new information that has surfaced about the lack of cyber security investment is bound to make that case a lot harder.

Modern banks need to realize that they can’t just invest all their security budgets in physical security. In today’s digitized and connected world, everyone needs to consider network security as well as physical security. Not having a firewall on a network is the physical equivalent of leaving the front door of the business open when no one is around. For a financial institution not to have basic cyber security protection in place is not only dangerous but also egregious.

And I can’t help but close with a great quote from the Head of the Bangladesh Police Forensics Training Institute.

It could be difficult to hack if there was a firewall.

Mohammad Shah Alam

Cyber-criminals Increasingly Target Small Businesses

Small businesses historically have had the mindset that they are not a target for hackers due to their size, but never have they been so wrong.

Sarah Green, a cyber security expert and business manager for Cyber Security at Training 2000, says that one of the most dangerous phrases used by small businesses is: “It’ll never happen to us.”

 

“Small businesses may feel that they aren’t likely to be a target due to their size and that hackers couldn’t possibly be interested in what they do – but in reality the exact opposite is true,” Green adds.

 

– Source: The Guardian

Hackers are targeting small businesses on a much higher frequency than large businesses. In fact, according to the US House Committee on Small Business, 71% of cyber attacks are aimed at businesses with less than 100 employees.

Hackers know that small businesses are less inclined to invest in cyber-security so it makes them a much more attractive target. Think of it like this, as a burglar presented with two houses, would you pick the house that has the front door left open (no firewall) or the house that has an iron gate (firewall) on the front door?

In the UK, the latest Government Security Breaches Survey found that 74% of small organizations reported a security breach in 2015 and SMEs are being directly targeted by hackers.

In fact, Symantec reports that over half of spear phishing attacks are carried out against small businesses. And the ransomware trend is increasing with many small businesses suffering the consequences. Intermedia reports that 40% of ransomware attacks in 2015 targeted small businesses.

 

It seemed like just another ordinary day for staff at vehicle hire company MNH Platinum. Little did they know that the simple click of an email link was about to threaten their entire business.

 

It was early last year when the Blackburn-based firm was the victim of a virus which encrypted over 12,000 files on its company network. A ransom demand followed – the criminals would decrypt the company’s files in exchange for more than £3,000.

 

With the virus proving impossible to remove without the loss of crucial company data, the firm had no choice but to pay up.

 

“We were completely unprepared for a cyber breach simply due to a lack of awareness of the magnitude an attack of this type could have through mistakenly clicking a link in an email,” says managing director Mark Hindle. “I am thankful that we had a lucky escape, in that I was able to retrieve the documents that are crucial to the running of the business, albeit at a price.”

 

– Source: The Guardian

How can we help?

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month.

We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at any time. #FightBackWithAxiom

5 Reasons Why Your Small Business is at Risk for a Cyber Attack

Fact: America’s 28 million small businesses create approximately two out of every three new jobs in the United States each year and more than half of Americans either own or work for a small business.

Fact: Businesses with less than 20 employees make up approx 90% of the workforce according to the U.S. Census Bureau.

Fact: The Small Business Association found that small employers often don’t consider themselves targets for cyberattacks due to their size or the perception that they don’t have anything worth stealing. However, this could not be any more wrong.

Small businesses have incredibly valuable information that cyber criminals want, including both employee and customer data, bank account information, access to the business’s finances, and intellectual property. Many small businesses are in communication with larger businesses, thus, providing access to larger networks to these cyber criminals. These small businesses play an important part of the nation’s supply chain, and rely on their technology to safely store and process their information. No one really wants to spend money on something before it happens but in this day and age, you can’t afford not to protect your business, your livelihood. Look at your alternative, most businesses close within 6 months of a cyber attack. Some things are worth protecting, and your data, your customer’s data, and your network are your priority.

Most small businesses do not have any sort of cybersecurity practices in place because of a lack of resources. That may be a lack in sufficient resources or personnel to dedicate to cybersecurity. Even then, we’ve seen in recent news that larger corporations with plenty of resources at hand such as Target and Sony, are having their own issues with their cybersecurity not keeping them protected. With such an abundance of small businesses who lack cybersecurity, these small employers are an incredibly attractive target for cyber criminals. Let’s go over the 5 reasons why your small business is at risk for a cyber attack.

1. No one thinks it’ll happen to them. According to a report by Symantec, this kind of thought process couldn’t be further from the truth. 60% of all target attacks struck small and medium sized organizations. Oftentimes, these cyber crimes occur before the business owner can even realize their security has been compromised.

2. Most small businesses can’t afford an IT team, let alone cybersecurity so they ignore the issue. Unfortunately, the average cost of a data breach is $36,000 for small businesses. Many small businesses do not realize that they can be fined by the Securities and Exchange Commission (SEC) and Federal Trade Commission (FTC) for not protecting their customer’s data. The reality is, you can’t NOT afford cybersecurity.

3. Many small businesses don’t encrypt their data. Encryption in its simplest terms is a method of protecting data from people you don’t want to see it. According to a survey done by Sophos, there are numerous reasons why organizations do not encrypt their data. 37% of organizations cite lack of budget as to why they do not make extensive use of encryption. 31% point to concerns about encryption’s impact on performance and 28% state they have lack of deployment knowledge, while 20% say lack of legal pressure explains why they don’t use encryption. A small business may not realize why their assets are so valuable but in any organization, data is valuable not only to a small business owner but to the cyber criminals. The damage to your brand, your customers, and your business can be insurmountable.

4. Weak passwords pose as a huge security risk. Does your business use passwords like ‘1234’ or ‘password’? As ridiculous as this password is, it has been the #1 used password for years now. Cyber criminals are banking on this. Do not be lazy and just add numbers to your weak password. For example, instead of ‘123456’, many chose ‘1234567890’. This is a basic extension, which cybercriminals can take full advantage of. You’re not being clever by doing this. Take the few minutes to come up with a unique password. That could very well make the difference in your network security.

5. Not updating their firewalls. By regularly updating and checking your firewalls, you are being proactive towards the security of your business. Manufacturers release updates to their products which usually include fixes to bugs as well as new features that will mitigate new types of threats. It is also important to review your firewall logs and check for any alerts or policy changes.

Be proactive and don’t wait until it’s too late. Read below for how Axiom Cyber Solutions can help your small business manage their cybersecurity.

How can we help?

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month.

We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at any time.