Cyber Crime – Page 2 – Axiom Cyber Solutions

HACKED! Small Businesses are susceptible to cybercriminals

It’s a chilling moment when a small-business owner discovers hackers have stolen thousands of dollars from the company checking account.

Cybercriminals took an average $32,000 from small-business accounts, according to a December survey of owners by the advocacy group National Small Business Association. And businesses don’t have the same legal protection from bank account fraud consumers have.

The Electronic Funds Transfer Act, passed in 1978, states that it’s intended to protect individual consumers from bank account theft, but makes no mention of businesses. Whether a business is protected depends on the agreement it signs with a bank, said Doug Johnson, a senior vice president with the American Bankers Association, an industry group. If the business hasn’t complied with any security measures required by the agreement, it could be liable for the stolen money, he said.

Any business is vulnerable, but small companies are less likely to have security departments and procedures to guard against online theft than big corporations do. They also don’t have big revenue streams that are better able to absorb losses from a theft. And even if they get the money back, they still have to spend time and money dealing with the hassles of closing accounts and opening new ones.

Sandy Marsico’s company accounts were attacked — twice. Her bank contacted her in December 2014, saying a transfer of over $50,000 to Mexico had been requested from her checking account.

The thieves had obtained the account information; Marsico, owner of Sandstorm Design, a Chicago-based marketing company, still doesn’t know how. The bank did an investigation but didn’t share its findings with her.

Marsico didn’t approve the transfer, the account was closed and a new one opened. But the following November, someone began withdrawing money from the new account in increments ranging from $1,000 to $4,000, a total of $20,000 in the course of a month. Marsico didn’t discover it until she got her monthly statement.

“My stomach dropped when I wasn’t able to identify these as our charges,” Marsico said.

The bank, which again did an investigation but didn’t tell Marsico the results, again reimbursed Sandstorm. Marsico has since moved some of her accounts to another bank.

Thieves are increasingly using realistic-looking emails to trick companies into transferring money from their accounts with what’s known as wire transfers, said Avivah Litan, a security analyst with the research company Gartner. Often, an employee receives an email purportedly from a company executive asking them to transfer the money from the company’s account into a specific external account. If employees don’t check to be sure the request is legitimate, they might go ahead and authorize a withdrawal.

The first attack on Marsico’s account was a wire transfer attempt but didn’t use an email to her company.

The FBI reported in August that more than 7,000 U.S. companies had been victimized in emailed attacks since late 2013, with losses of more than $740 million. The government said the number of identified victims had surged 270 percent between January and August of last year. Most of the thieves are believed to be in organized crime groups in Eastern Europe, the Middle East and Africa.

Source: Joyce M. Rosenberg, The Associated Press

How Can Axiom Cyber Solutions Help?

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at anytime.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call today for your free consultation.(800) 519-5070. #FightBackWithAxiom

Hackers are Stealing Your Tax Returns

It’s tax season and cyber criminals are out in full force to steal your tax returns. This time last year, hackers stole $50 million from the Internal Revenue Service (IRS) through fradulent tax refunds, affecting 330,000 people. It’s no surprise that this January, the IRS was targeted by an automated cyber attack. Cyber criminals used stolen personal data from data breaches to create fake logins through the IRS Electronic Filing PINs. The IRS stated that they found unauthorized attemps to obtain Electronic Filing PINs for 464,000 Social Security numbers. The attackers tried to use malware to generate these fake identification numbers. Thankfully, the IRS was able to stop this attack before it affected anyone, however, it’s likely this won’t be the last attack.

“No personal taxpayer data was compromised or disclosed by IRS systems,” the IRS said in a statement. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”

The numerous data breaches that have occurred in the past few years have given these cyber criminals plenty of data to use for identity theft. In 2015, health insurers like Excellus, Anthem, and CareFirst, were victims of huge data breaches. These data breaches affected tens of millions of people. Even the Office of Personnel Management was attacked, exposing 21.5 million U.S. government employees. From the sheer amount of data that is out there, it’s no surprise that hackers are using this data to file people’s taxes.

As reported in Forbes: “The trend is clear. Each year, the IRS publishes a list of its ‘Dirty Dozen’ tax scams. In 2011, just one involved some form of identity theft. This year no less than one-third were (identity theft-related) scams.”

For a cyber criminal, it takes very little work to secure a big payoff. All it takes is a name and Social Security number, stolen from one of the many data breaches that have occurred. These thieves file for taxes under the stolen identity and provide a fake address to send the refund to. By using their automated programs, they can scam easily and quickly.

How can you protect yourself? The best thing you can do is to file your taxes as early as possible! The more you delay, the more time you are allowing cyber criminals to steal your identity.

Consumers need to be alert to possible tax-related identity theft, especially if you’ve received a letter from the IRS stating you have been breached. The IRS has published 5 warning signs that everyone should be aware of.

1. More than one tax return was filed for you;
2. You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return;
3. IRS records indicate you received more wages than you actually earned or
4. Your state or federal benefits were reduced or cancelled because the agency received information reporting an income change.

Financial Services are Under Attack!

Hackers are consistently targeting the financial sector and our personal information is at risk more than ever before. Cyber crime is the number one threat we face according to the U.S. Intelligence Service and 39% of all cyber attacks affected financial institutions (PwC). Hackers target these financial service firms 300% more than businesses in other industries. (CDW Finance) These financial institutions include banks, mortgage lenders, insurance companies, investment firms, and wealth managers. Most people assume that their finances and data are kept safe. However, as we have seen over the past few years, this is no longer true. Hackers are becoming more and more sophisticated and sneaky, infiltrating themselves into even our most secure networks.

Many asset and wealth managers do not believe they are a target because they assume hackers are after higher profile organizations. However, this is not the case. Financial instituions are incredibly attractive to hackers and cyber criminals. According to Kroll’s Cyber Threat forecast these financial firms are an “attractive target as they typically hold volumes of valuable data which are often stored in an organized manner with little protection.”

Recently, the Securities and Exchange Commission (SEC) has listed cybersecurity as a top priority for 2016. At least 88% of broker-dealers and 74% of advisers have been the target of cyber attacks, the SEC stated earlier this February. The majority of these cyber attacks were done through fraudulent emails, some of which led to brokers losing more than $5,000, the report said. In one case, an adviser reported a loss of more than $75,000.

SEC Commissioner Luis Aguilar, stated that “cybersecurity is a persistent and growing threat, and that firms must take their cybersecurity duties seriously.”

The Financial Industry Regulatory Authority (FINRA), also issued their annual Regulatory and Examiniation Priorities Letter earlier this February which identified hacking as a major threat facing brokerages. These regulatory agencies are taking note of how financial institutions supervise their cybersecurity.

FINRA states that they “will review firms’ approaches to cybersecurity risk management, and depending on a firm’s business and risk profile, we will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training.”

There are many ways these cyber criminals attempt to steal money and data. One way is by contacting a wealth manager and pretending to be a client. They will claim they have been robbed and need a wire transfer immediately. Another popular scam is called social engineering. This type of scam is so popular that even the Director of the CIA fell for this last year. In this situation, the teenage hacker posed as a Verizon employee to gain sensitive information which allowed him access into the Director’s AOL account.

Social engineering refers to the concept of psychologically manipulating people in order to trick a person into revealing critical information. For example, tricking an employee into giving them accessibility whether it is a password or crucial banking information is very common. Human nature and trust feeds into this concept and cyber criminals are counting on this. There have even been reports of attractive women befriending IT security professionals, thereby gaining entry and infecting networks with malware.

By employing cybersecurity professionals, you as a business are making real steps toward protecting your business, your clients, your data, and more. Save yourself from being hit with fines and audits, otherwise the FTC will fine a company that has not sufficiently protected their data against a breach. The FTC will require a company to undergo 20 years of security audits if they are found negligent. Having firewalls and intrusion detection mechanisms in place to prohibit cyber criminals from gaining access to your network is key to avoiding the potential fallout you’ll have to deal with. Cybersecurity is a necessity and it is incredibly important for all businesses to take it seriously.

How can we help?

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for businesses starting as low as $199 per month. We realize that many organizations do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Cyber Criminals Are Targeting Universities

Universities are getting barraged by cyber attacks. Organized crime and state sponsored attacks by foreign governments are going after universities and their data. According to the 2015 Cost of Data Breach study by IBM, 1.5 million annual cyber attacks occur which breaks down to over 4,000 cyber attacks every day. It’s no surprise that many of those attacks are done specifically against universities.

In 2015, numerous colleges were attacked. The University of Virginia and Pennsylvania State University blamed their data breaches on Chinese hackers. At the University of Connecticut, their students Social Security numbers and credit card information was stolen. Washington State University, Johns Hopkins University, and Rutgers University were also attacked by cyber criminals.

“The landscape of who the attackers are has changed significantly,” says Mark Nardone, director of IT security for Northeastern University in Massachusetts. “We’re not in the ’80s, where it’s hobbyists coming after systems for a kind of self-gratification or bragging rights. Now we have people coming after resources that have tangible financial worth attached to them.”

10% of reported security breaches in 2014 involved the education sector, according to Symantec’s Internet Security Threat Report

.

Bill Mellon from the University of Wisconsin recently did an overhaul of the school’s network security and shared,

“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mr. Mellon, the associate dean for research policy. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

College and university networks are appealing to cyber criminals for three main reasons according to Lawrence White, the Association of Governing Boards of Universities and Colleges.

1. Servers found in universities are full of intellectual data that is worth quite a bit to cyber criminals. as a university. Richard Pérez-Peña, a New York Times journalist who reports on higher education, stated that,

“Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical device,”
Not only do universities have this data, they also have the thousands and thousands of applications from hopeful students containing even more critical information enticing cyber criminals.

2. Unlike most for profit businesses, college and universities try to operate under an easily accessible system. Computer systems are managed in a decentralized way and are difficult to secure. Since these computer systems are difficult to secure, they become prime targets for cyber attacks.

3. The costs associated with cybersecurity is high and many IT departments lack the resources to keep the systems up to date. IT departments in universities may have hundreds or thousands of third party software programs that need to be updated constantly as new viruses are found. A few seconds or minutes of a delay in downloading and installing the new patch can create serious vulnerability issues. Those few seconds could be just the amount of time a cyber criminal needs to get into the universities’ network.

Universities are getting attacked by cyber criminals so often, that the FBI has stepped in and created programs in an effort to assist universities with their cyber security. The College and University Security Effort (CAUSE) is a partnership effort between the FBI and academia that seeks to protect research, products, and personnel from foreign intelligence threats. It falls under the FBI’s Academic Alliance Program. The FBI states they will even send an agent to the university to discuss cybersecurity and will train students, researchers and administrators.

If a university fails to safeguard their data, a data breach will cost them millions of dollars. Repairs, remediation costs, consultancy fees, and preventative help are just a few things a university needs to consider. Consider Rutgers University, who spent approximately three million dollars this past year to clean up the mess that hackers made after their network was knocked offline four times.

How can Axiom Cyber Solutions help your University?

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Law Firms : Beware of Cyber Criminals

“There are two types of law firms: those that know they’ve been hacked and those that do not”, according to Vincent Polley, attorney for the American Bar Association.

What an incredibly powerful statement considering the fallout of cyber attacks amongst businesses these days. The numbers of cyber crimes have only increased for those working in the healthcare and financial field, but due to reluctance from many law firms to report cyber crimes, we do not know if the same can be said for law firms.

1 in 4 law firms are victims of a data breach according to a 2015 study done by the American Bar Association.

Many law firms view cyber breaches as something to be ashamed of and many lawyers are hesitant to openly admit to their clients that they have become victims of a data breach. As hard as it may be to report these things, law firms need to report cyber breaches when they happen. A 2015 study by Citigroup’s cyberintelligence unit reported that,

“Due to the reluctance of most law firms to publicly discuss cyber intrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise.” The report when on to say that law firms are very appealing to cyber criminals, considering the incredibly confidential data on corporate deals and business strategies. These days, data = money, so it comes as no surprise that cyber criminals are after this data.

Earlier this year, there were reports of fraud related to law firms in where a hacker intercepted important instructions between the closing attorney and the buyer’s agent. The hacker sent out entirely different instructions on the wiring of the money. Unbeknownst to the victims, they then wired their money straight into the hacker’s account. These types of scams are only continuing.

The fallout from a data breach for a law firm can be huge. Not only does it become a huge legal liability, a law firm may even be sued depending on what kind of data was released. If a law firm ignores their cybersecurity issues and refuses to take proactive measures, they can be subject to fines by the FTC.

A law firm could also lose their reputation, as well as the trust their customers and clients have given them. The amount of confidential information that people entrust their lawyers with is insurmountable. Class action lawsuits will follow. The time and money dealing with a cyber security data breach is a huge headache of inconvenience and there’s no guarantee that a law firm will even be able to continue to stay open.

Law firms, no matter the size, must take their cyber security seriously. By getting into the mind of a hacker and mapping out vulnerabilities in your network, you will be taking the necessary proactive steps to protect yourself and your business from cyber criminals. Taking steps to protect your business will make the difference in whether or not a law firms is successfully attacked.

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Category Archives: Cyber Crime

Category Archives:
Cyber Crime