FBI Recommends Home & Small Business Owners to Reboot Their Routers

As news has broken about the FBI’s warning to consumers and small business owners about rebooting their routers, many have reached out to Axiom to ask what do they need to do. Our advice to them is what the FBI has recommened: if you have one a cable modem or router at home, do a quick unplug/replug of the router (D-Link, NetGear, etc). The good news is the FBI has taken control of the domain that was harvesting the information so even if you were infected, the FBI is just collecting information to find how widespread the infection was (500,000 devices are suspected to be infected).

What is VPNFilter?

VPNFilter is a malware, that contains a killswitch for routers (meaning it can permanently shutdown your device) and it also could steal usernames and passwords. The infection appears to be hitting Ukraine hard but has been found in 54 countries.

Good News?

There is some good news for some users. If you have kept on top of firmware updates and changed the default credentials on your devices, you may be protected. But as we know, most of us never log in and update our cable modem’s firmware.

Axiom’s customers are protected from VPNFilter through a combination of rules that restrict access to our devices as well as addition of the known bad addresses to our blocklists.

DIY Hacking (or “How to Build a Better Meth Lab”)

DIY Hacking (or “How to Build a Better Meth Lab”)

A few years ago I sat in an audience a bit shocked as I watched an Albuquerque Police Department officer show us how to build a meth lab. Systematically, he explained what parts were needed, where they could be purchased, the ingredients required, dangers to watch for, and then the actual steps to cook the meth.

To the typical law abiding citizen, it might seem inappropriate that something so harmful could be presented so casually. It also seemed a bit ironic to hear this from a police officer who works in the city recently made famous by the series Breaking Bad. However, he went on to explain that everything he had talked about was readily available on the internet and that accessibility is only contributing to the exponential growth of this serious problem.

Unfortunately, the same situation is true for cyber-crime. Today, you can Google “How to hack a network,” “How to DDOS a website,” or “How to crack a password” and easily find step-by-step instructions for doing so. For those who are more visual learners and would prefer videos, they are readily available on YouTube and even sub-titled for your convenience. All of this is freely and easilyaccessible on-line to everyone.

Of course, some people don’t want to learn all of the technical stuff and just want an “off the shelf” program to do it. These guys are known as “script kiddies” and have at their disposal a large number of effective, easily downloadable programs capable of breaching other’s networks and computers. Even more alarming is that now on the “dark net” they can launch a ransomware attack against the targets of their choice and hold computers locked and data encrypted until a ransom is paid.

But another option also exists.  Just like the guy who wanted Walter White to do all the dirty work for him, you can now simply hire someone else to hack a password, destroy a website, or launch a DDOS attack (for which you pay by the hour) all while you sit comfortably in your own home and watch reruns ofBreaking Bad.

My point is, we shouldn’t think that cyber-crime is going to get any better because it’s only becoming easier to do. There will always be the nation-states and organized crime syndicates (the “Walter Whites” so-to-speak) orchestrating massive cyber-attacks. But more and more there will be the “little neighborhood meth labs” – the DIYers – popping up and taking advantage of the ill-prepared.

Cyber-crime is not going to get any better because it’s only becoming easier to do.

So it’s important to have an effective, layered cyber-security defense in place – one that includes a powerful next-generation firewall, regular system updates and back-ups, current virus and malware protection, data encryption, network monitoring, and an interactive employee education program so that they are aware of the real and growing threat that exists.

If you would like more information on how we at Axiom Cyber Solutions can help you do this, email me at info@axiomcyber.com or call 1-800-519-5070.

The Top 5 Cyber Hacks of 2015

The Top 5 Cyber Hacks of 2015

2015 was a busy year for cyber criminals. As the year comes to a close, we are reviewing the top 5 cyber attacks. Unfortunately, by the looks of it, this seems to be just the beginning.

office-of-personnel

1. Office of Personal Management (OPM)
The United States Office of Personal Management announced that they were victims of a data breach in June, 2015. The breach began in March, 2014 and remained undetected until April, 2015. This is one of the largest data breaches to occur in the federal sector, affecting approximately 18 million government employees. Information such as Social Security numbers, names, birth dates, addresses, military records, pension information, and more was leaked. 5.6 million sets of fingerprints were also stolen, putting secret federal agents in harms way. The Wall Street Journal reported that US government officials suspected Chinese hackers were responsible for the data breach. Since this hack, China and the US have had numerous discussions on this issue and are currently their discussing cybersecurity issues.

2. Vtech
Hong Kong toy manufacturer VTech was hit with a very serious data breach in November 2015. VTech is known as a children’s toys manufacturer. Their items include tablets, phones, and baby monitors. This hack was reported by the hacker himself. who gave his findings to Motherboard. Approximately 10 million VTech customers were affected by the data breach. According to VTech’s website, a total of 4,854,209 customer (parent) accounts and 6,368,509 children’s profiles were affected. Customers around the world were affected but the USA saw the highest number of parent accounts, approximately 2 million. The hacker was able to collect photos of children and their parents, including audio recordings, by breaking into VTech’s servers through a SQL injection. VTech immediately began a thorough investigation for this cyber crime. As of December 16th, the authorities in the UK arrested a 21 year old man in connection with the VTech data breach. The investigation is still ongoing.

ashley-madison

3. Ashley Madison
Perhaps the juiciest data breach of 2015, the Ashley Madison website was hacked by a group named the Impact Team. More than 32 million users had their personal e-mail addresses leaked. Ashley Madison, a website that encourages extramarital affairs, found itself in the middle of a huge headache. According to the hackers, the reasoning behind the breach was simple: to prove that Ashley Madison was corrupt and lied to their users for money. Ashley Madison charged their customers a $20 fee for those who wanted to have their profile deleted fully. The hackers were able to prove that the $20 fee did nothing to protect customers and was just a scam for more revenue. This specific hack raises many ethical questions on user data and how companies are handling the user data. Currently, as of December 2015, Ashley Madison hack victims are starting to receive blackmail letters and people are still being affected.

4. T Mobile
This past October, T-Mobile announced that they fell victim to hackers by way of Experian, a credit reporting service. 15 million applicants applied for credit at TMobile and ended up having critical data such as social security numbers, license information, passport info, and more stolen. While no banking or credit card information was leaked, the information that was released can easily allow for identity theft. Although TMobile is offering two years of free credit monitoring to those affected, any cyber criminal could simply wait for the those two years to pass before attempting to do anything.

5. Hacking Team
In July 2015, the Hacking Team, a company who sells surveillance software to law enforcement agencies, had over 400 gigabytes of crucial information stolen. Surveillance data, contracts, emails, and invoices were leaked. Revealed in the leaked data showed the Hacking Team used poor passwords which only assisted the hackers to gain access into the Hacking Team’s servers. Much worse however, was the data that showed the Hacking Team was not afraid to sell their surveillance software to any government worldwide, creating lasting effects by giving cyber criminals better tools to commit their crimes.

How can Axiom Cyber Solutions help your business?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own.

Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom