AXEL.org

Blog

Hackers Enjoy Open Season for Data

Much like open mic night at the local Giggle Barn, the hacks just keep on coming. In the last four weeks alone, there have been many developments. Here are some of the most publicized cases.

Equinix ransomware

Equinix is a large data center based in Redwood City, California. Obviously, data centers are prime targets for threat actors. They’re equivalent to banks for bank robbers. Over the U.S. Labor Day holiday weekend, hackers from the group “NetWalker” gained access to Equinix’s systems and unleashed their ransomware.

NetWalker’s payload operates similarly to other ransomware. Once it has infected a network, sensitive files are encrypted, and the hackers demand a hefty ransom to unlock them. NetWalker is interesting because there seems to be a connection to Russia in at least a semi-official capacity. One of their core tenets is not attacking entities located in Russia or the Commonwealth of Independent States. Whatever their affiliations, it’s undeniable that they have been successful recently. Since March this year, they have collected $25 million[1] in ransom.

They have demanded $4.5 million alone for the Equinix incident. It is unknown if Equinix has paid at the moment, but NetWalker has a history of dumping the affected files on black marketplaces once the deadline expires. So, it should be known soon whether they reached a deal.

$5.4 million crypto heist

On September 8th, thieves stole $5.4 million in various cryptocurrencies from the Slovakian exchange, Eterbase. The cyber bandits got away with undisclosed amounts of Bitcoin, Ethereum, Ripple, Tezos, Algorand, and TRON. They moved the stolen crypto into wallets housed on major exchanges such as Binance and Huobi.

Eterbase claims they have the capital necessary to take the hit and will reimburse any affected investor.  They have already notified the proper authorities and are working with the other exchanges to track the culprits. Heists such as this have caused other small exchanges to close in the past, so it’s good to see Eterbase holding firm.

300K WordPress sites exploited

On September 1st, those in the cybersecurity community found a critical vulnerability in specific versions (6.0-6.8) of the File Manager plugin for WordPress. When exploited, it allows malicious actors to run unauthorized code. While the exploit was closed quickly with the release of version 6.9, analysts conclude that up to 300,000 websites are still susceptible.

Since finding the exploit, hackers have been probing WordPress sites non-stop. In a strange twist, many hackers have found themselves fighting off other hackers after gaining illicit access to a site. Hackers hacking hackers.

If you run a WordPress website with the File Manager plugin, please check to ensure you’re running version 6.9 (or higher if you’re reading this in the future). If not, update immediately.

Argentinian government attacked

NetWalker sure is busy! Less than two weeks before the Equinix attack, the hacker gang disrupted operations of Argentina’s national immigration agency.  On the morning of August 27th, workers for the agency noticed that certain Windows files and shared folders were inaccessible. It resulted in a momentary closure of border stations throughout the country while they contained the breach.

NetWalker demanded $2 million to restore access, then upped it to $4 million when the deadline passed. Argentinian officials aren’t worried, however. They say they will refuse to negotiate with the group and don’t intend to recover the compromised information.

Russian arrested for trying to bribe Tesla employee

This story isn’t about a successful attack, but the attempt is so fascinating it needed a mention. On August 22nd, FBI authorities arrested a Russian man for attempting to bribe a Tesla employee. Egor Igorevich Kriuchkiv offered the worker $1 million to install ransomware on the electric car manufacturer’s internal servers.

Luckily, the Russian-speaking employee did not take up Egor’s offer, instead opting to notify law enforcement. A sting operation led by the FBI eventually resulted in the would-be hacker’s arrest.

It’s nice to see a foiled plot instead of a multimillion-dollar ransom every once in a while.

Iranian hacker group sells admission to compromised networks

This month, intelligence experts revealed that a hacker gang supporting Iran’s Ministry of Intelligence is selling access to international corporate networks on the Dark Web. The group is known as Pioneer Kitten, aka Fox Kitten, aka PARISITE, and is notorious in the global cyber intelligence community. First identified in 2017, Pioneer Kitten typically attacks VPN exploits to gain access to sensitive information deemed as useful intelligence by Tehran.

Starting in late July, the group began selling access to corporate and government networks throughout the world. This included compromised systems in countries such as the United States, Israel, Australia, France, Germany, the United Arab Emirates, and more. The attacks centered around tech, defense, and healthcare organizations, all of which store vast amounts of confidential data.

Analysts believe the sale of this high-value intelligence information would not be permitted by the Iranian government, leading to speculation that the group is not an official state entity, and only contracted by Tehran.

The University of Utah suffers a ransomware attack

On August 19th, The University of Utah admitted hackers carried out a successful ransomware attack in late July. The malicious agents encrypted student information on the College of Social and Behavioral Science’s servers. In the end, the university paid out over $450K to prevent the data from leaking to a Dark Web marketplace.

A representative for the university confirmed that a cybersecurity insurance policy paid the sum and that no taxpayers were on the hook. The rep also claimed the hack did not affect any central servers.

While it did not end up being a multimillion-dollar incident like other high-profile attacks, the use of cybercrime insurance is noteworthy. The trend of commonplace insurance is likely to continue as more attacks occur. Ironically, organizations known to have policies may become higher-priority targets, since hackers assume they will receive a payout.

1TB data stolen from liquor manufacturer

Brown-Forman, a United States spirits and wine conglomerate, announced in mid-August that they experienced a 1TB data breach. The parent company of brands such as Jack Daniels, Korbel wine, and Finlandia vodka fell victim to infamous hacker group REvil. Also known as Sodinokibi, REvil has many well-known incidents under their digital belts, including attacks against pop-star Lady Gaga and U.S. President Donald Trump.

The hackers gained access to many confidential documents, including business contracts, financial statements, and employee information. It could have been worse for the beverage giant; however, as the criminal syndicate was not able to encrypt any data. Nonetheless, REvil threatened to sell the information online if they did not receive a hefty ransom. Brown-Forman does not appear to be cooperating. At AXEL, we believe this hardball approach is the right one. Do not negotiate with terrorists.

Canon’s stolen files leaked

In early August, the camera and photo-equipment manufacturer, Canon, underwent a Maze ransomware attack. It was so bad, their image.canon website was down for six days. Canon refused to pay and was evidently able to unlock a portion of the infected files.

Then, on August 14th, the Maze gang released 5% of their ill-gotten data treasure to the internet. Their website claims it was only 5% of the files they have. It’s been a month since the leak, and there hasn’t been any further news on the subject. This leads some to believe Canon acquiesced and paid not to have more information revealed.

Data security

As you probably noticed, hacking is big business these days. With the recent proliferation of remote desktops, sophisticated phishing attacks, and cybercrime insurance policies, it doesn’t appear that it will end any time soon.

That’s why individuals and businesses alike need robust, secure data storage and sharing solutions. AXEL Go is the best application to fit these needs. AXEL Go allows for private, secure storage and sharing. Based on IPFS and blockchain technology, users receive high performance and protection not seen in other platforms. Optional AES-256 bit password encryption locks things down even further to prevent any unauthorized access. Try out our full-featured Basic service for free.

 

[1] Catalin Cimpanu, “NetWalker ransomware gang has made $25 million since March 2020”, ZDNet, Aug. 3, 2020, https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/#:~:text=The%20NetWalker%20gang%20has%20established,dangerous%20ransomware%20groups%20out%20there.&text=The%20operators%20of%20the%20NetWalker,security%20firm%20McAfee%20said%20today.

A Primer on Blockchain for the Legal Industry

Blockchain technology is a hot topic. Worldwide spending on blockchain initiatives is expected to triple to over $14 billion by 2023. The legal industry is a sector especially prone to disruption by this trend. Legal professionals should inform themselves of the implications to stay ahead of the curve and reap the benefits of this game-changing technology. 

A true disruptor

The legal industry is a notorious slow mover when it comes to technological adoption. While practices such as automated billing, digital document storage, and the use of accounting software are all commonplace today, you will still find plenty of good, old-fashioned paper documents in any law firm.

In the case of blockchain, however, slow-adopters may find themselves suddenly uncompetitive. That’s because the technology has many important benefits that could transform how the industry operates. But first, a quick introduction to the main concepts. 

What is blockchain, exactly?

Many legal professionals have heard the term but may not understand what blockchain technology actually does. It’s okay, you’re busy folk. 

So, your 22-year old nephew drives a nicer car than you since he struck it rich in the Bitcoin game a few years ago. That’s blockchain, right? Yes, blockchain technology powers cryptocurrencies such as Bitcoin, but it is so much more than that. 

A blockchain is a category of Distributed Ledger Technology. It can record transactional information in a way that cannot be altered. These transactions are verified by individual computers called nodes on a decentralized network. 

Transaction data is stored on “blocks”, which, when verified, are pooled and added to a “chain” of previous blocks.  Each block has a unique, cryptographic alphanumeric “hash” assigned to it. A block contains its hash and the hash of the previous block. 

Once a block is on the chain, information within the block can’t be changed. If there are any alterations, the unique hash changes, which changes all subsequent hashes up the chain, breaking it. The blockchain is carried by all of the nodes in a given network. This means if a single node is hacked to alter a transaction, all of the other nodes see it as invalid and the changed blockchain is voided. 

This makes a blockchain a very secure way to register transactions. But, how could it apply to the legal industry?

Benefits to the legal industry

There are two main benefits to integrating blockchain into your Legal Tech strategy: cost reduction and increased data integrity. 

The savings possible through the use of blockchain technology is enormous. Blockchain can automate many tedious legal procedures. Smart contracts and digital signatures could be used to reduce the amount of manual paperwork that needs to be filled. This alone would save money on paralegals and low-skill labor you typically have to bill your clients. 

This increases accessibility to the legal system. Lower-income people can afford to become clients when they aren’t charged for the mundane aspects that chew up a significant amount of time. Lawyers can either charge less or receive better margins, depending on their goals. A firm that can charge lower prices and save time for their clients would have a major competitive advantage in the marketplace. 

Superior data integrity is the other important benefit. Legal files are some of the most sought-after data targeted by hackers. Files are typically not stored on a blockchain, as the blocks tend to hold relatively small amounts of data. However, transactional info about where and to whom the files were sent can be stored on the blockchain. This allows for undeniable chain-of-custody verification. Remember, data on a blockchain can’t be altered without the malicious agent gaining control of the majority of the nodes on the network. With hundreds or even thousands of nodes, this becomes impractical. Therefore blockchain becomes an essential tool for confidential contracts or digital evidence sequestration.  

The power of smart contracts

While smart contracts have been mentioned as important, you may not understand the term. It’s an important concept when analyzing blockchain’s effect on the legal profession. 

Legal professionals are obviously familiar with standard contracts. Perhaps Party A agrees to buy certain property from Party B, if certain conditions are met by Party B before a specific time. Traditionally, this transaction could take days or weeks to complete. Smart contracts aim to reduce the transactional friction.

A smart contract is a piece of code integrated into a blockchain that holds all the necessary conditions for a potential transaction. Once these conditions are met by both parties, the smart contract executes and the transaction is made. Essentially, they automate the agreement without the need for human verification. And, since it takes place on the blockchain, it is not able to be reversed. 

While smart contracts won’t completely erase the need for traditional legal contracts, they could disrupt business-as-usual. If future regulation confirms smart contracts are legally binding documents, lawyers will need to inform themselves about the technology and integrate it into their offerings. 

Interesting potential use-cases

Presently, it’s a real Wild West out there regarding blockchain and the legal industry. While there are a few scattered firms accepting cryptocurrency as payment, the wide adoption of blockchain technology still lags. Regulatory uncertainty and the overall inertia against the adoption of new technology have contributed to this reluctance. Dig a bit deeper into the untapped possibilities, however, and you’ll find some very exciting applications. 

Blockchain could disrupt the field of IP (Intellectual Property) law. Through the use of non-fungible tokens, unique work or property can be represented and timestamped on an immutable ledger. This would go a long way toward clearing up IP disputes between parties. It would be an irrefutable way to prove ownership. 

As previously mentioned,  another useful application is related to chain-of-custody. This term refers to how evidence in a legal proceeding is handled from point A to point B. Blockchains could prevent tampering, as every piece of evidence would have to be logged in the ledger. It closes many weak points throughout the chain and inconsistencies would be spotted immediately. 

Property law could also transform due to blockchain technology. It’s one of the areas where a reduction in paperwork and intermediaries would lower transaction costs substantially. Once widely available, it’s difficult to imagine the majority of clients opting for the more manual version. 

Additionally, Blockchain could be used to host public documents and process Freedom of Information Act (FOIA) requests. Attorneys in need of a theoretically public document can find themselves waiting for months or years! If these documents were all put on a blockchain, there would be no worry about manipulation or hacking. The public could search for the necessary information without the need of a meandering bureaucrat to pour through what can only be imagined as an Indiana Jones-esque secret warehouse of long-forgotten files. 

Then there’s the burgeoning market for blockchain-savvy lawyers. In case you hadn’t noticed, blockchain is big business these days (your nephew’s Porsche is proof enough). Businesses and consumers alike need legal assistance on cryptocurrency holdings, smart contracts, digital IP, and all else blockchain. It’s an entirely new field where those truly invested will be able to make a name for themselves and flourish. 

Hopefully, you now see how blockchain is poised to change the legal industry forever. Even If your firm is not planning to work with any blockchain-related clients, it would be good to investigate its practical usefulness. And, with the technology becoming more ubiquitous, you may even be presented with blockchain legal scenarios from current clients in the near future. Don’t get caught unaware. 

A secure solution for your sensitive information

Few professions require the file privacy lawyers do. Those in the legal industry need solutions that ensure their documents are accessible and secure.

AXEL is at the forefront of the data security movement. Our revolutionary file-sharing platform, AXEL Go, is the perfect application for legal professionals. AXEL Go is an intuitive file-sharing program backed by blockchain technology. Files aren’t housed in a central location. Instead, they’re divided into many pieces and distributed to our verified network of nodes. This, combined with our optional AES-256 password encryptions guarantees privacy. Keep your sensitive data out of the hands of malicious agents with the help of AXEL Go.  Download it today and receive 2GB of free storage. 

5G Networks Pose New Security Problems

As 5G rolls out in select cities, the hype train for the technology has picked up steam. Everyone is claiming it’s going to disrupt this and transform that. It’s true 5G offers exciting speeds and new possibilities. It also has security vulnerabilities that need to be addressed before we all hop aboard.

What is 5G?

5G refers to the fifth-generation of wireless cellular networks. It promises incredible speeds that rival some of the fastest residential internet solutions.

The new 5G New Radio interface is used, which operates on a completely new signal spectrum compared to previous generations of cellular networks. It utilizes two sets of high-frequency bands, FR1 (410MHz-7.125GHz) and FR2 (24.25GHz-52.6GHz)[1]. FR1 includes the typical LTE frequency ranges and will carry the bulk of the communications traffic. The ultrawide FR2 is also known as the millimeter wave (mmWave) spectrum and is the band capable of the highest performance.

The downside of using millimeter-wave frequencies is the signal has a much shorter range. This means that more cellular towers need to be present to have the same area of coverage as a 4G network. This is why a 5G rollout is a time-consuming process. More infrastructure has to be built throughout the country to see the full benefits of high-band 5G.

The new towers are fitted with Massive MIMO (Multiple Input Multiple Output) technology. This allows for signals to be concentrated into “beams” and directed precisely at the connected devices. The result is improved speed, capacity, and coverage with decreased signal waste.

Compared to 4G networks

Being more modern, 5G provides a host of improvements compared to existing 4G networks. This includes up to 100x faster download speeds, reduced latency and higher bandwidth[2].

Increased bandwidth isn’t only useful for download performance. It also means more devices can be connected to the network without congestion. So those in population-dense areas can still catch up on their favorite Netflix shows while riding the subway home at rush hour.

Strengths become weak points

No new technology is perfect. Paradoxically, some of the 5G network’s biggest strengths introduce security weaknesses.

For instance, the increased number of devices supported by 5G has the potential to transform the IoT industry. IoT, or the Internet of Things, is a term that refers to the vast number of small physical devices now connected to the internet. Devices in a “smart home” are examples of IoT. Things such as the thermostat and lighting system are connected to your phone via the internet and controlled with a dedicated app. You can then program automatic functions or send instructions to these devices.

Widespread 5G coverage opens up possibilities for IoT that aren’t achievable by relying on home or business networks. Soon, cars could be outfitted with sensors connected to 5G networks that alert emergency contacts immediately in the event of an accident.

Unfortunately, billions of newly-connected devices mean billions of potential security vulnerabilities. This exponential increase in the surface area for malicious attacks is sure to attract the attention of hackers.

This is especially concerning as more critical infrastructure is connected. Smart cities have long been a desired goal for technologically advanced societies. In theory, it would be great for power plants with thousands of connected sensors to adjust electricity output based on dynamic changes in demand. It could reduce energy waste and increase environmental sustainability. But, what if

It may seem like hyperbole, but it’s not out of the realm of possibility. At a smaller scale, similar ransomware schemes happen today frequently to large and small businesses alike. Raising the stakes (and potential rewards to malicious agents) could have disastrous consequences.

As a result of its decentralized nature, 5G networks make use of high levels of virtualization where former networks required physical hardware. This makes hardware maintenance more straightforward and less prone to failure but increases the potential for software exploits. The amount of traffic routing points in these systems has increased significantly.

In particular, software-based routing tools are used and high-level network functions once performed by physical equipment now rely on digital solutions. Additionally, the networks themselves could be managed moment-to-moment by new Artificial Intelligence (AI) programs that assuredly have unknown security weaknesses.

So, not only is the attack surface area increased by a growing number of connected devices, but also by the amount of software required for the connection.

Another strength that turned to weakness is the amount of bandwidth passing through the network. 5G allows for much more bandwidth, but that also makes monitoring it more difficult. Without advanced AI tools proven to be secure, it may be impossible to monitor the immense traffic in real-time for threat identification.

Legacy network concerns

5G networks are being deployed slowly due to the infrastructure investment needed. The highest speed 5G is only on the Verizon network in 35 U.S. cities. Even then, only certain regions of the cities are covered. This means that 4G and 3G spectrums are still necessary for nearly all customers. This requires 5G devices to switch between spectrums as necessary. The process of switching uses the GPRS Tunneling Protocol (GTP) to move data packets seamlessly between the various networks. This protocol has been around since 2G moved to 3G and has known security issues.

This is not the only way legacy technologies can be used to exploit new 5G devices. Researches at Purdue University and the University of Iowa demonstrated other possibilities in February of 2019[3]. Using “torpedo” attacks, they were able to intercept calls and text messages. This technique could also be used to track a user’s location and obtain identification data such as phone numbers or social media account info.

Supply chain issues

The final security weakness commonly cited regarding 5G technology relates to the supply chains of the components. Due to the globalization of manufacturing around the world, some nations are concerned that hardware made in other countries could have secret backdoor exploits installed from the onset.

These fears are not altogether unfounded. Recently, the United States revealed that Chinese electronics manufacturer, Huawei, had access to backdoors in 4G base stations and other carrier equipment[4]. While it may be difficult to separate the truth from political theater, these are issues of national security and should be taken seriously.

The path to increased security

Hopefully, now you see the need to beef up security for 5G networks. If it is to live up to its potential as a transformative technology, rigorous safety procedures need to be implemented.

There are many ways we can head down this path, and it starts with promoting corporate responsibility. Organizations are compelled by market forces above all and are therefore less incentivized to pursue actions without clear growth outcomes. Historically, this has led to underinvestment in cybersecurity policies. This needs to change.

One way to nudge corporations to revamp their cultures in this way is for regulatory agencies to provide more incentives and fewer punishments. Criminally-negligent companies should still be punished, but in general, incentivizing good behavior is a better way to go. This could take the form of monetary benefits such as tax breaks or regulatory advantages afforded to organizations that prioritize cybersecurity.

If an overarching framework based on cooperation is too large of a task, there are more granular approaches. Companies should increase investment in cutting-edge network monitoring tools that integrate AI and machine learning. These technologies can learn from the mammoth amount of information generated and predict where malicious attacks occur. This makes network management more -ahem- manageable.

Great care should be taken to ensure these programs are secure so they don’t do more harm than good, though. Any new AI solution will need to be thoroughly tested to ensure no obvious exploits exist. We recommend enlisting the help of some white hat (ethical) hackers to see just how secure the program is before its full implementation.

Businesses should also focus on developing robust cybersecurity metrics. These metrics help identify weak points, along with leading indicators of problem areas. Without them, firms are forced to rely on lagging indicators of a breach that don’t do much good during a crisis. Knowing exactly how you got hacked after a major incident is much less valuable than catching an infiltration before it has a chance to do significant damage.

Our final suggestion is to only purchase network hardware from thoroughly vetted suppliers. Cheap gear may seem like a great idea at the time, but if it ends with an exploitable backdoor that compromises client information, was it worth it? No. The answer is always no.

Securing data at rest and in motion

As technology continues to advance, privacy and security are at a premium. Axel is dedicated to providing the most secure and private data sharing tools to users worldwide. Our filesharing platform, Axel Go, employs powerful blockchain encryption and decentralized IPFS technology to ensure your files are secure and accessible at all times. Download it today and receive 2GB of free storage.

 

 

 

[1] “5G Frequency Band, Channels for FR1 & FR2”, Electronics Notes, https://www.electronics-notes.com/articles/connectivity/5g-mobile-wireless-cellular/frequency-bands-channels-fr1-fr2.php

[2] Clare Duffy, “The big differences between 4G and 5G”, CNN, Jan. 17 2020, https://www.cnn.com/2020/01/17/tech/5g-technical-explainer/index.html

[3] Kayla Zacharias, “Flaws in 4G, 5G networks could let hackers intercept calls, track location”, Purdue University, Feb. 27, 2019, https://www.purdue.edu/newsroom/releases/2019/Q1/flaws-in-4g,-5g-networks-could-let-hackers-intercept-calls,-track-location.html

[4] Corinne Reichert, “US finds Huawei has backdoor access to mobile networks globally, report says” CNET, Feb. 12, 2020, https://www.cnet.com/news/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/

The Effect of COVID-19 on Data Breaches

The ongoing global pandemic has affected nearly all aspects of life as we know it. One area you may not have considered is corporate security. The landscape of data breaches has transformed since the onset of COVID-19. With little hope for a proven vaccine soon, organizations will probably have to deal with these consequences for a while.

A coalescence of factors

COVID-19 has proven to be a perfect storm regarding cybersecurity issues. Many variables have contributed to this.

First, furloughs, layoffs, and sick leave have reduced the human capital organizations have at their disposal. IT departments have not been spared from the chopping block, either[1]. The decrease in cybersecurity professionals combined with the dip in overall revenues for the majority of companies means resources are limited. Prevention systems are weakened, or at least not fortified, providing ample opportunities for malicious agents to prod and pry.

Another important element is the rise of the remote workforce. COVID-19 has accelerated the transition of employees from the office to the home. According to a recent survey by PWC, the percentage of executives who claim that most of their office staff work remotely at least one day per week rose from 39% before the pandemic to 77% after[2]. New security measures may have to be implemented to deal with a flux of new devices, weak remote access policies, and VPN configurations. This is a massive undertaking and further taxes already-strained IT departments.

Finally, general stress and anxiety levels for employees are high. Not only do they have to worry about protecting themselves from a potentially deadly virus, but there is also great economic uncertainty. People aren’t sure whether they’ll have their jobs a month down the line. This may have the unintended effect of making them less focused on maintaining proper cybersecurity protocols.

Data breach trends during COVID-19

Trends have emerged from this strange, new environment.

Perhaps the most insidious is the prevalence of COVID-19-related phishing attacks. Hackers prey on the fears and concerns of everyday people to gain access to networks. According to research from Verizon, people were 30% more likely to click a suspicious link if it was related to the pandemic[3]. Some organizations fared especially bad, with employee click rates ranging between 30-60%. Knowing this, it’s no wonder coronavirus-based spear-phishing attacks have risen in number[4]. Bad actors are utilizing more effective techniques more often.

Another trend is an overall increase in user error. People are adapting to new working conditions and dealing with digital transformation technology they may not be familiar with, all while in the midst of a global health crisis unparalleled in recent times.

Common examples of user error include the misconfiguration of security software, accidental delivery of sensitive documents to unauthorized recipients, or mistakes with file permissions.

Attacks on unsecured remote desktop protocol machines have also spiked since the start of the pandemic[5]. Hackers have more targets now that so many people are working from home on remote desktop software. They use simple brute-force attacks to take over a system. Then, they can install any variety of ransomware, cryptocurrency mining programs, or secret backdoors.

Similarly, Virtual Private Networks (VPNs) are also being targeted[6]. While sometimes mistaken as remote desktops, they are quite different. A VPN creates an encrypted private network on top of a larger network. Remote desktops just allow users to gain access to their computers from a different location. Remote desktops give the user access to the entire computer while VPNs restrict access to the shared folders on a given network.

This, plus the standard encryption make VPNs more secure, generally. It doesn’t mean that VPNs are cannot be hacked, however. A common trend right now is malicious agents using Distributed Denial-of-Service (DDoS) attacks to overwhelm VPN systems, leaving them vulnerable to breaches.

A DDoS attack is when a hacker gains control of a large number of online computers, then uses them to steer traffic to a specific network. The sudden increase in traffic overloads the networks and causes them to crash.

Cloud-based software is being attacked more often as well. Collaborative tools such as Zoom and Slack have seen significant growth in users and therefore, more attention from cyber-thieves. Up to 1350% more attention, depending on the industry[7].

Popular cloud software is usually developed by large corporations you’d assume would be committed to tight security. The truth is, even if the developer devotes considerable resources to security, vulnerabilities remain. For example, large exploits were found in the Microsoft Azure platform that could have allowed threat actors to gain access to other users’ data[8].

Effects on the healthcare industry

Healthcare providers throughout the world have had a rough year. They are on the frontlines in the fight against COVID-19 and have had their capacities tested. You would hope that they would be able to focus most of their attention on that monumental task, but also, they have had to deal with cybersecurity threats.

For example, in June alone, there were 37 confirmed cases of IT-related data breaches in the healthcare sector[9]. Over a million healthcare records were compromised. These attacks are quite common but pose even larger risks during a pandemic.

Imagine if a busy hospital were to undergo a major hack that left important systems or health records inaccessible. This could have disastrous consequences, especially if the area was in the middle of a spike in virus cases. It could lower the hospital’s capability for patient care, or at least divert important resources.

How can companies be more prepared?

It’s impossible to be completely protected from cyber-attacks, but there are ways to mitigate risk.

The first thing to understand is that you’re only as protected as your weakest link. You may need to do a thorough audit of your network and address the troublesome areas. Perhaps your system is rock solid, but if you have suppliers or outside vendors that have access to the system, you still have potential attack points.

You also need to invest in employee education on best practices. Inform them about the stakes of a breach. Train them on common phishing techniques and proper communication protocol. It needs to be made a priority throughout the entire organization if you want to be as protected as possible.

Ensure your IT department has the resources required to mount a worthy defense. Look into new, exciting security technologies that utilize artificial intelligence and blockchain. AI can act as a constant presence, safeguarding your network and quickly informing administrators about attacks. Blockchain solutions can encrypt sensitive data and protect your file systems from being altered.

Securing data at rest and in motion

It’s disappointing that opportunistic hackers are taking advantage of a fragile moment in time, but not surprising. These malicious agents aren’t interested in doing the right thing. They’re only interested in stealing money and information. Hopefully, through a combination of preventative and mitigating techniques, you can keep your most sensitive data safe.

Axel is dedicated to data security. Our platform, Axel Go, uses blockchain encryption to provide the safest file sharing experience available. If you value privacy and security, download Axel Go today for free and get the peace of mind you need.

 

[1] Galen Gruman, “COVID-related U.S. IT job losses tick up as spike in cases creates uncertainty”, COMPUTERWORLD, Jul. 6 2020, https://www.computerworld.com/article/3542681/covid-related-us-it-job-losses-tick-up-as-spike-in-cases-creates-uncertainty.html

[2] “When everyone can work from home, what’s the office for?”, pwc, Jun. 25 2020, https://www.pwc.com/us/en/library/covid-19/us-remote-work-survey.html

[3] “Analyzing the COVID-19 data breach landscape”, Verizon, Aug. 2020, https://enterprise.verizon.com/resources/articles/analyzing-covid-19-data-breach-landscape/

[4] Fleming Shi, “Threat Spotlight: Coronavirus-Related Phishing”, Barracuda, Mar. 26 2020, https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

[5] Ondrej Kubovic, “Remote access at risk: Pandemic pulls more cyber-crooks into the brute-forcing game”, We Live Security, Jun. 29 2020, https://www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/

[6] Sue Poremba, “Increase in Small DDoS Attacks Could Take Down VPNs”, Security Boulevard, Apr. 7 2020, https://securityboulevard.com/2020/04/increase-in-small-ddos-attacks-could-take-down-vpns/

[7] Lucian Constantin, “Use of cloud collaboration tools surges and so do attacks”, CSO, May 26 2020, https://www.csoonline.com/article/3545775/use-of-cloud-collaboration-tools-surges-and-so-do-the-attacks-report-shows.html

[8] Ronen Shustin, “Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure”, Check Point Research, Jan. 30 2020, https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/

[9] Steve Alder, “June 2020 Healthcare Data Breach Report” HIPAA Journal, Jul. 24 2020, https://www.hipaajournal.com/june-2020-healthcare-data-breach-report/

Recent Hacks Against Twitter, CWT, and Garmin

Anyone paying attention to the news lately likely knows about the large-scale hack of Twitter. It was the largest attack in the platform’s history and compromised over 130 prominent accounts[1].

It wasn’t the only recent high-profile hack, however. Two other large companies suffered major incidents as well. While they may not have been as headline-grabbing, the bandits in these cases made off with millions of dollars.

The day Bill Gates tried to scam you

No, that’s not a reference to Windows Phone. On July 15th, many public figures had their Twitter accounts hacked, including Gates, Joe Biden, Barack Obama, Warren Buffet, Kanye West, and others. These accounts were all made to tweet out a Bitcoin donation scam. By the time the attack was dealt with, the scammers got away with nearly $120,000 in BTC.

Since then, the alleged perpetrators have been identified. According to authorities, the “mastermind” behind the scheme was a 17-year old from Florida, Graham Ivan Clark. Whereas most 17-year old boys are concerned about who they’ll take to prom, Graham allegedly spent his time concocting an increasingly-complex list of digital scams. What started as trolling Minecraft players for small-time sums ended with Clark amassing over $3 million in Bitcoin[2], including the $118,000 Twitter heist.

While it has not been verified, the leading theory as to how the hackers carried out their plan is as follows:

  • They targeted employees with administrative privileges at Twitter with phone-based spear phishing attacks. Spear phishing is a social engineering method where the malicious agent attempts to convince an employee of the company to reveal sensitive information. In this case, Clark allegedly posed as a co-worker in the Twitter IT department.
  • This gave them access to powerful internal tools capable of managing high-profile accounts.
  • The agents then used these tools to change associated emails and reset passwords of the targeted accounts.
  • With full access, they were able to tweet out the Bitcoin scam.

You can imagine why this story has received much traction. It has potentially far-reaching implications beyond a moderate heist. If bad actors were able to gain access to such prominent accounts and use them for even more devious purposes, chaos could ensue. This is one reason why the FBI took a leading role in the investigation of the crime[3].

The CWT hack

The travel management firm CWT has also been in the news lately due to a cybercrime incident. Although the potential consequences of this attack are less sweeping than the Twitter incident, it is still an amazing case.

On July 27th, it was found the company paid $4.5 in Bitcoin to hackers who had infected up to 30,000 of their computers with the ransomware known as Ragnar Locker.

Ransomware is a common type of malware. The variety used in this attack encrypted data on the compromised computers. This encrypted data could not be accessed until ransom demands were met. Upon this, the hackers provided decryption keys.

Ragnar Locker is specific ransomware discovered in December 2019. Attackers employing this program have been known to use especially tricky methods to escape detection. They hide it within a virtual machine image. This image is installed in secret and then maps out all connected drives on the target’s network. Since the malware is running in a VM, it is concealed from security software. This makes it very difficult to prevent or quarantine.

The CWT case is interesting because the chat room logs of conversations between the hackers and CWT management leaked. Typically, companies faced with a hack discuss terms in private and the public is unaware of the specifics of the deal. Here, it is known that the attackers initially asked for over double the amount they ended up receiving in ransom. Still, it is amazing to think that a 49kB malware file hidden in a 282MB virtual image could net these attackers $4.5 million.

Garmin pays out

Garmin, most known for its GPS-related products and smartwatches, fell victim to ransomware on July 23rd. The attack has been tied to a notorious, Russian/Ukrainian-based hacker group known as Evil Corp.

What is there to know about this group? For one, they’re likely fans of the television show Mr. Robot. More than that, though, they are an extremely proficient group of cyber thieves. It is estimated their attacks have netted them well over $100 million in ill-gotten gains[4]. This gang is so prolific, it has received official sanctions from the United States government.

The ransomware used in the Garmin attack is called WastedLocker. Like Ragnar Locker, it also has a novel method of concealment.

Anti-ransomware programs monitor a computer’s file systems to see if a large number of files are being opened and modified sequentially. When security software detects this, it kills the process, limiting the damage done to a small number of files. WastedLocker bypasses this by opening a file into the Windows Cache Manager which is stored in the system’s RAM. It then closes the original file and encrypts it in the cache manager. Due to how Windows Cache Manager operates, the newly-encrypted file is then written back over the top of the original file in the file system.

Although it isn’t known exactly how much Garmin paid out to decrypt their files, we do know the company has retrieved their data. With an alleged demand of $10 million, it’s nearly guaranteed that Evil Corp received millions of dollars.

Leveraging the security of blockchain

At first glance, it may seem counterintuitive to use blockchain technology to stop cybercriminals. After all, the thieves typically receive their ransom payments in blockchain-powered cryptocurrency to remain as anonymous as possible. There are useful applications of the technology for cybersecurity, however.

Consider the underlying strengths of blockchain technology:

  • Data stored within the blockchain can’t be altered without being noticed immediately.
  • Data is not stored on a small number of centralized servers. The blockchain is distributed among all nodes within it, which often number in the thousands or more.

These strengths show why the tech is suited so well for data security. If a hacker were to infiltrate a node on the blockchain and alter information, it would conflict with the data on the other nodes in the blockchain, and subsequent blocks are rendered invalid. The infected nodes could be removed from the system and their data restored to a valid state before reintegration.

Databases built from blockchain technology are the future for cybersecurity. Malicious attacks of ransomware can be stopped in their tracks without significant downtime or data loss.

Securing data at rest and in motion

Axel is committed to this vision. That’s why blockchain encryption is the backbone of our Axel Go filesharing platform. Axel Go ensures your files are secure, private, and accessible from anywhere. In the age of multimillion-dollar hacker organizations, you can trust that your sensitive data is safe with us. Download it today and try it out for yourself. We’re securing data at rest and in motion.

 

[1] Michael Liedtke, “Biden, Gates, other Twitter accounts hacked in Bitcoin scam”, AP News, Jul. 15 2020, https://apnews.com/95f55c9846e880f23791845f5d0c3f38

[2] Josh Solomon, “Bail in Twitter hack: $725,000. Tampa tee’s assets: $3 million in Bitcoin”, Tampa Bay Times, Aug. 2 2020, https://www.tampabay.com/news/crime/2020/08/01/twitter-teen-makes-first-court-appearance-in-tampa/

[3] Robert McMillan, Dustin Volz, “FBI investigates Twitter Hack Amid Broader Concerns About Platform’s Security”, The Wall Street Journal, Jul. 17 2020, https://www.wsj.com/articles/fbi-investigates-twitter-hack-amid-broader-concerns-about-platforms-security-11594922537

[4] Andrew Roth, “US Charges Russian ‘Evil Corp’ hackers with $100m banking scheme”, The Guardian, Dec. 5 2019, https://www.theguardian.com/technology/2019/dec/05/evil-corp-hack-us-feds-charge-russian-hackers

Privacy in the Time of Data Breaches: How Blockchain Keeps Information Safe

If you spend much time on the internet, it’s inevitable that you’ll run into the term “blockchain” eventually. It’s usually mentioned in connection with things like Ethereum or Bitcoin – electronic currencies that pride themselves on anonymity. However, blockchain is more than just a fancy form of financial security. The basic tenets of blockchain can be applied to essentially every kind of internet exchange possible.

This includes storing your private information. With so much personal information stored online today, data privacy is a hot-button issue. Data breaches happen daily. From giant corporations down to individual users, mainstream methods of data storage as the exist today leave everyone vulnerable. However, moving to a blockchain-centric method of information storage could help put an end to big data breaches once and for all.

What Causes Data Breaches?

Companies that work with sensitive information typically keep records of this info. Items such as credit card numbers, social security numbers, medical history and more are stored by everyone from hospitals to Amazon to your local grocery store. When it comes to storing information today, there’s one mainstream method: centralized storage.

In the early days of the internet, the speed at which computers could communicate was slow. For companies to work with significant amounts of information, it was mandatory that it be somewhere local. Many companies had their own server banks that stored only their information. These servers were frequently connected to the local network and nothing else. Having to interact with information on the internet was too slow to be useful for everyday business.

As the internet grew, however, two things began to change. First, internet speeds increased. Whereas it used to take hours to download a short video, many people now have the speed to stream movies in high-definition instantly. Second, hosting companies began to emerge. These companies run server banks and take on the cost of the hardware, maintenance, and electricity that storing a lot of information required. With quicker internet and the option to cut their own expenses, most companies outsourced their data hosting. Instead of a bunch of decentralized, disconnected servers, there are a few centralized, highly-connected server farms.

Unfortunately, this new arrangement provides another perfect environment to foster data breaches. Before, getting into a small company’s servers was a lot of work for little payoff. They may not even be accessible through the internet, depending on the business. However, a big server farm that hosts websites for some and databases for others needs to be connected to the web. Getting into the system may be difficult, but the payoff could be the credit card info for thousands or even millions of people. Many hackers think that the time spent is worth the results.

The Equifax breach is a good example of a modern data breach. Equifax maintains records of the financial information of most US citizens. Hackers got access to servers containing 148 million people’s social security numbers by slipping through inadequate security on Equifax’s online complaint portal. Because of security flaws, that portal was connected to other, more important servers. If Equifax did not have such centralized systems, or if they had updated their security, this would not have been possible.

Blockchain: Privacy without Trust

Because most security systems require things like updates, renewed certifications, and passwords, they are subject to a lot of human error. The Equifax breach occurred in part because people stored passwords in plain text and a single encryption key wasn’t updated. By removing the option for human error from the equation, information becomes much more secure.

That’s where decentralized networking comes in.  In decentralized networks, the control of the network is distributed between the nodes (or servers running the blockchain and the network) as opposed to being collocated within the same server center (centralized). This makes it much harder for hackers and others to breach the network.  As an example, if a hacker were to pursue breaching Equifax, they would know to start with Equifax. But to breach a blockchain network that is both decentralized and distributed is a much larger task, and no way of knowing what the payoff would be.

Blockchain networks share the blockchain itself (a public ledger) between each node on the blockchain network. Every node has a copy of the entire blockchain. This means that every node can be sure that every other node has the right chain information because they are all identical.  This is where the trust between nodes in a decentralized network comes into play.  In order for a blockchain to be corrupted, a hacker would need to take control over the majority of the nodes in the network.  Specifically, the hacker would need to control 51% of these nodes (https://www.investopedia.com/terms/1/51-attack.asp) in order to make any changes to the blockchain. Naturally, this is a significant undertaking for any hacker to pursue, especially since they have no way of knowing what their rewards would potentially be as they wouldn’t know what is being managed through the blockchain.

Managing personal data such as files through a decentralized and distributed network also offers security advantages over centralized solutions. Interplanetary File Sharing (IPFS) is one way this can be done. Essentially, every file or document or financial transaction would be given its own cryptographic hash. The files are stored somewhere, and in order to get them out, you must know their exact hash. Without that info, you can never get to the file. That allows for servers around the world to hold information without anyone being able to access the information fraudulently. Instead of relying on centralized server farms and their security, blockchain and IPFS allow for people to host things on small, decentralized servers without worrying.

Where Equifax had its complaints portal running on a centralized server, blockchain would make that unnecessary. Through decentralized apps (dAPPs), everything from websites to games to entire banking systems could be run through decentralized networks. This is the Internet 3.0. It’s the next stage of the web’s evolution. So far, we’ve come from tiny, poorly connected sites (Internet 1.0) to big, centralized sites (Internet 2.0). We can make it to the next step: big, useful, decentralized sites, apps, financial systems, and more.

Blockchain vs. Breaches: A Clear Winner

A big data breach is only possible if many people’s information is stored in one place. Blockchain and decentralization not only make breaches difficult, they make centralization irrelevant. There’s no need to store many things in one central place when you can store it on a network with complete confidence in your privacy. The blockchain process is the next step in the evolution of the internet. From finances to healthcare to social media, blockchain and decentralization will help us all maintain ownership over our own data, no breaches allowed.