Why DDoS Security is Critical for your School (and what is DDoS, anyway)?

If you regularly follow our blogs, you’ve read about the dangers of Phishing and Ransomware, but there’s a third method of cybercrime that can be just as damaging: a DDoS attack, or “Distributed Denial of Service.” A DDoS attack occurs when a hacker takes control of thousands of computers and aims traffic at a single server, overwhelming its network to knock it offline or slow it to a crawl. Without appropriate DDoS security protocols, an attack can cause mass and immediate disruption.

EdTech Magazine reports that DDoS attacks “are on the rise. For schools, the attacks can shut down websites, phone systems and prevent users from accessing the internet and applications.” Here are some recent examples of school-related DDoS security issues in recent years,:

  • The Miami-Dade County Public school system was unable to provide online testing for three days after a series of DDoS attacks crippled their new, high-touted computer-based standardized testing system.
  • Minnesota Department of Education twice had to suspend its state testing when a DDoS attack kept students from logging into its online assessment system.
  • The St. Charles, Illinois school district lost online access for employees and all of their 13,000 students. According to a report from eSchool News, “the hackers cut off the entire district’s internet access for four hours at a time and then repeated the process 10 more times over the following six weeks.” Eventually, two students were charged in the attack.
  • Rutgers, Arizona State and University of Georgia have all been victims of recent DDoS attacks. After an attack, Rutgers spent $3 million dollars and raised tuition 2.3% just to upgrade their DDoS security, and then became a DDoS victim again less than a year later.

The Simplicity of a DDoS Attack

Many schools, even those that are on the alert to cyberthreats, may not be paying much attention to their DDoS security. But it doesn’t take a cyber-genius to launch a DDoS attack. You can find relatively simple how-to videos on popular sites such as YouTube. The ease of launching such an attack, combined with inadequate DDoS security, makes this scheme popular with a wide variety of groups as a form of protest, as an act of “revenge,” as a distraction from another cyberattack, or even just for “fun.”

The lack of DDoS security can also harm schools through their vendors or partners. In September of last year, millions of families across 45 states were impacted by a DDoS attack on the app Infinite Campus, which provides a “Parent Portal” allowing parents and students the ability to check grades and other information.

How To Implement Your DDoS Security

Schools have become a target for cybercriminals, accounting for 13 percent of all data breeches in the first half of 2017, which involve nearly two billion student and parent records. But schools can incorporate numerous strategies to increase security, including their DDoS security, such as by switching to cloud networking, monitoring cyber-traffic for abnormal patterns, and adding backup internet service providers to keep networks up and running. School districts can also upgrade their firewall protection and their network architecture. Sounds like a lot of work? It can be.

That’s why Single Path partners with schools to help protect their IT technology from hackers, and to make upgrades and changes as easy and as turnkey as possible. We consult and implement, provide continual monitoring, and can also educate your staff on data security best practices. We also provide a wide variety of Managed/Cloud Services. DDoS security can be challenging, which is why you need a team like Single Path to help protect your organization from harm.

Ask us how to get started!

 

 

 

What You Don’t Know Can Hurt You: The Perils of Inadequate Cyber Security Asset Management.

cyber security asset managementWe’re often surprised at how frequently companies fail to adequately track their IT resources. But while tracking the life cycle of your IT devices is important to assure you maximize their value, it is also a critical safety issue. BYOD devices, mobile devices and third party cloud service providers only enhance the need for effective cyber security asset management.

A Wake Up Call

A recent, much read and passed around blog post from cybersecurity expert Daniel Miessler detailed many of the issues regarding lax cyber security asset management. Miessler wrote: “Asset management is arguably the most important component of a security program, but I know of virtually zero companies that have a single person dedicated to it.” He goes on to point out that, “Companies pay hundreds of thousands a year to keep snacks in the break rooms. They pay to send people to training and conferences that usually have very few tangible benefits … But pay 100K a year to have a list of what we’re actually defending? Nope.”

The Life Cycle of IT Assets

An IT asset life cycle refers to the stages that an information technology asset goes through during its time of ownership. Determining the current life cycle stage for each IT asset is a necessity for effective cyber security asset management and may look like this:

  1. Procurement. It should be a matter of course that, whenever an asset is purchased, it is recorded in your organization’s asset management system, and your IT devices and software should be no exception. Information should include model numbers, serial numbers, name of manufacturer and the department the equipment was purchased for.
  2. Distribution of assets. Recording to whom the assets are distributed, or redistributed, is the next necessary step to take for cyber security asset management. Many organizations lose track of who has what devices, and this can only get more muddled as employees leave, shift departments and so on. You’ll also want to tightly control what devices run which software assets; employees who have access to programs they won’t use or don’t need may only needlessly impair security.
  3. Maintenance and Upgrade. Software and hardware updates often have security patches (see our earlier post about the importance of patching). Each update or patch should be recorded, and verified. An organization should also record the last time a device was scanned or antivirus software run, or antivirus schedules.

Be thorough. In 2014, JP Morgan Chase overlooked one of their network servers when providing a security update. Hackers were able use this exposed server to steal data from roughly 83 million customers.

Maintaining devices also means making sure employees aren’t uploading or using unauthorized or unmanaged software. This software may be benign, or it could be an entry point for a hacker to invade

  1. A list of log-in users for each device. Even if a device is assigned to one specific employee, a device may be shared or passed around. Keeping a list of every user for each device can help protect them, especially when a staff member leaves, as a reminder their log in should be deleted.
  2. Disposal/Retirement. When a piece of equipment has run its course, don’t forget to verify that all the information on it has been wiped clean, so that company data is not vulnerable to hackers. You also may want to cancel or transfer licenses.

Keep in mind that cyber security asset management cannot be a one-time only chore; it’s success hinges on its continuity. You have to know when each asset changes hands, becomes outdated, needs updating and so on.

As cybersecurity company Compuquip says, “IT asset management is a lot of work—which may explain why so many companies fall behind on this critical task. But, the importance of asset management for your company’s IT components cannot be overstated.”

Let’s Get Started With Your Cyber Security Asset Management

Our recent blog post on cyber security monitoring stressed the importance of being proactive in keeping your organization safe form cyber threats. Cyber security asset management is a critical component of proactive security, and can be the difference between rebounding quickly after a cyberattack and not recovering at all. Understanding the importance of an active cyber security asset management system is a first and proactive step, but you also need to put that understanding into action. Single Path can help. We offer a wide selection of security offerings including infrastructure patch management, 24/7/365 network monitoring services, proactive desktop and server security and more.

Let us help get your asset management program started. Contact us for more information.

Is Your Cisco Network Hardware Leaving You Vulnerable?

Recently, Cisco Systems made the news, but not the sort of news any Internet-related business wants to make. Their network hardware was hijacked, and hundreds of thousands of their customers were victims.

As this blog post from Kaspersky Labs reported right when the attack hit: “According to our sources, there’s a massive attack against Cisco switches going on right now—these switches are used in data-centers all across the globe.”

For those on a Cisco network, this was, and continues to be, a frustrating and potentially nightmarish issue. For those who don’t use Cisco networking switches, this event is a reminder that vulnerabilities exist everywhere, and constant vigilance is crucial.

What exactly went wrong?

More than 200,000 Cisco network router switches worldwide were hacked on Friday, April 6, 2018. This affected large Internet service providers and data centers across the world, especially in Iran, Russia, the United States, China, Europe and India. According to an Iranian government official, “Some 55,000 devices were affected in the United States and 14,000 in China.”

As a result of this hack, many users found their Internet connections blocked, websites down, and screens showing an American flag and the note, “We were tired of attacks from government-backed hackers on the United States and other countries.” It seems machines affected in the United States were collateral damage from an attack meant to hit foreign states. Anarchic hactivists are suspected, although no one has been charged.

Mounir Hahad, head of Juniper Threat Labs, a network and security product manufacturer confirmed initial suspicions when he said, “The vulnerability is severe enough to cause a lot of damage and implant a man-in-the-middle agent [a scheme we discussed in a past blog post], but it doesn’t look like the attacker took advantage of it. I suspect this is the work of a hacktivist group with sympathy toward the U.S., which had no intention to inflict serious damage.”

So, good news, we suppose. But it’s only good news compared to what may have been much worse news. A different group could have caused significantly more trouble such as inserting malicious code into networks, locking users out of systems unless ransomware was paid, and so on. And this could still happen. Cisco acted quickly in response to this problem, but there may be other vulnerabilities still yet unfound or exposed. One hacker news site reported that, according to Internet scanning engine Shodan, more than 165,000 systems were still vulnerable days after the attack. Those who didn’t update security patches may still be.

What can you do now?

If you think your system may have been infected, there are a few steps you can take to check. But even if you’re safe, for now, you may be exposed to other vulnerabilities in the future in unexpected ways. Single Path can help you build up your defenses, protect your systems, and help you rebound if you face a malicious computer attack.

As this story demonstrates, patching is critical for all IT assets, including networking components. Single Path provides a wide range of services, from security offerings like Patching, Desktop Security Risk Assessment and Managed Firewall, Content Filtering & Proxy Services, to consulting services so we can analyze your needs and provide ongoing support and advice. Doing nothing is never a good idea; instead, play it safe and play it smart with Single Path.

Ask us how to get started!

 

Phishing Part One: Six Techniques Hackers are Using to Steal Your Information

While you’re reading this blog, hackers are thinking of ways to steal passwords and personal information. Your passwords and personal information. They may use that data for themselves, or sell it on the open market. As we detailed in our recent blog post about Security Awareness Training, phishing—stealing someone’s online identity or information through email, telephone or text message by posing as a legitimate institution—is the number one cyber threat today.

The more you are aware of phishing techniques, the better you can protect yourself. The following schemes are among the most common.

Email Phishing

Everyone has seen this one. A hacker sends the same email to millions of users, requesting personal details such as name, birth date, social security number or other information. Most of the messages have an urgent note, often promising money in return for assistance, but requires the user to share account information or verify a bank account. Many of us get these sorts of emails daily.

Email phishing can be quite clever, with emails that look identical to ones sent by real organizations. For example, you could get an email that looks like it has been sent by UPS, with a link to check an upcoming package delivery, but clicking the link infects malware on your system. Another example might be an email from “Netflix” informing you that your account is closed and asking to click a link to “restart membership.” You can see these, and other examples on this post from IT service provider EDTS.

Link Manipulation

Link manipulation refers to sending a link, usually via a bogus email, that may appear perfectly harmless but instead leads to a malicious website. This is a common component of email phishing. For example, you may get an email offering a free product but actually loads a virus to your computer. Or you get an email that appears to be from your bank, but that “log in here” button takes you to a copycat site eager to steal your information (See “content spoofing” below). Hovering the mouse over the link to view the actual address is the best way to keep from falling for link manipulation.

Content Spoofing

Often working in conjunction with link manipulation, content spoofing is the creation of a copycat website that only looks legitimate. As IT education site Technopedia writes, “A hacker can design a web page very similar to that of any legitimate website and then use that facade to collect the information that users usually input into that page. This can be relatively harmless data such as an email address or the username and password for that particular site. However, content spoofing can dupe people into revealing more sensitive information like bank account numbers, Social Security numbers, birth dates, credit card numbers, mailing addresses and so on.” Differentiating these pages from a legitimate site can be challenging.

Content Injection           

Similar to content spoofing, content injection occurs when a hacker is able to modify the code of a legitimate website, usually adding spam or malicious links. For the user, they may not even realize they are linking to a different site entirely, one that may mimic the site they are currently visiting. Like most phishing schemes, the goal is to gain password or log in information.

Smishing

While link manipulation is most commonly connected with emails, it’s also a common problem with texts. This scheme is called smishing (SMS + phishing). As texting increasingly replaces emailing, smishing is also on the rise. Just like with an email link, a user should never click on a text link without checking it first.

Vishing

If smishing is phishing using SMS, you can probably guess that vishing is phishing with voice. This ploy is actually not electronic at all. The hacker calls the user, perhaps posing as a colleague at work, a supervisor, or another authority figure, with the purpose of getting password information, bank information, or other personal data. Phone phishing is mostly done with a fake caller ID.

In our recent post about ethical hacking we mentioned a hacker who was able to get passwords and user names by calling an IT technician of a law firm, posing as a partner. This was a great example of vishing.

Be Smart. Be Safe.

While there is no way to be 100% protected, taking the right steps to patch vulnerabilities can go a long way to providing security against many phishing strategies. At Single Path we are experts in every area of cyber security, from training your employees, to installing the protocols and processes you need. We can work with you as a consultant, as a procurer, installer and more. With Single Path Security offerings you’ll get extensive, collaborative and customized protective services, from risk management to data loss prevention. Let us help you get smarter and safer.

Ask us how to get started!

Look for our follow up post, with six more phishing schemes, coming soon.

 

 

What the Equifax Breach Teaches Us

identity-theftAs nearly everyone knows, Equifax recently reported a data breach, which has put more than a hundred million people at risk. As the Federal Trade Commission puts it bluntly, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.”

The facts are undisputed. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Yet Equifax didn’t inform the public until September 7th. Within a week of that announcement, both Equifax’s Chief Security Officer and Chief Information Officer were fired, Equifax became a source of anger from the public, a source of investigation by the U.S. government, and a source of ridicule on late night television.

As Wired Magazine stated in an article dated September 14 titled Equifax Officially Has No Excuse, “Capping a week of incompetence, failures and general shady behavior in responding to its massive data breach, Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March … As the security community processes the news and scrutinizes Equifax’s cybersecurity posture, numerous doubts have surfaced about the organization’s competence as a data steward.”

Even Worse, It was Entirely Preventable

According to Equifax itself, the data breach was due to a flaw in the Apache Struts Web Framework, a widely used enterprise platform. Equifax discovered the bug months before the breach occurred, yet did nothing to fix it. This decision is surprising, as the remedy to fix it was a relatively simple procedure. Equifax was provided clean and simple instructions on what to do. Instead, they chose to do nothing.

At best, the refusal to fix this major flaw was negligent. At worst…well, that’s still to be determined.

Once Trust Is Gone, It’s Gone

Since this ongoing fiasco was first made public, how many people are excited about the immediate prospects of Equifax? Its stock lost more than 35% of its value within days of the news coming out, and has remained significantly lower than its pre-breach levels. Meanwhile, the Department of Justice is looking into criminal charges against high-level Equifax executives who sold nearly $2 million in stock before Equifax released the data breach information.

While it is too early to determine the long-term future of Equifax, if it has one, individuals and municipalities have filed numerous lawsuits (including one by the city of Chicago on September 28 of behalf of its citizens, following in the footsteps of San Francisco which filed suit just two days earlier; more cities are expected to follow) and politicians are calling for more investigations. As the lawsuits go through the system and people’s lives are disrupted—this breach affects nearly everyone who has had a credit report run—the news of Equifax’s lax security standards and insufficient response will only linger, as will public outrage.

Are You the Next Equifax?

While it’s true a breach can affect any business at any time, arrogance and a refusal to protect your data will only hurt your business’s rebound and make the prospects for its success questionable. Recent and well-publicized data breaches from Target, Home Depot and others have demonstrated that open communication can go a long way to restoring public trust; a path that Equifax has so far seemed reluctant to follow, at its own risk.

But openness after the fact is only one step—the best step is to be proactive and do all you can to avoid a breach in the first place. That means not only ensuring appropriate safeguards, but also backing up data in case you are hit by a malicious cyber attack that compromises, erases or prohibits access.

As we detailed in a recent blog post about cypersecurity attacks, “formulating a multi-layered plan including continual back-ups and implementing best practices, such as employee education, is of paramount importance.” This includes back-up protection, strong email security, artificial-intelligence-based security and more. In short, you not only need to protect your customers, but yourself. Safeguarding information rewards your customers’ trust but also ensures your company doesn’t miss a beat in the event of a cybersecurity breach.

Learn more about how Single Path’s Security Offerings can help you create a cyber strategy and protect your data and your reputation.

Ask us how to get started!