CNBC: Hackers Are Targeting School Websites

According to an article from CNBC, hackers are now targeting school websites – including elementary and high schools. Universities like Harvard and the University of Louisville have been hacked. As have state departments of education, like Indiana’s. Even elementary, junior and high schools have been attacked by cyber criminals.

I guess it just took CNBC to talk about it before people realized the dangers for students, parents, teachers and admin when accessing their schools’ websites.

The article mentions that a hacking group named “The Dark Overlord,” known for hacking Netflix, has recently been linked to a series of attacks on school districts in three different states.  CNN mentioned that in a Montana school district, for example, more than 30 schools shutdown for three days. The Wall Street Journal reports that cyber-thieves have attacked more than three dozen schools. But there have been more than that.

“Schools have long been targets for cyber-thieves and criminals,” writes the Department of Education. “We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.”

'These grades won't do at all! Go to your room, hack into your school's computer and change these!'The Department of Education says the hackers are probably targeting districts “with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data.” It advises districts to conduct security audits and patch vulnerable systems, train staff on data security best practices, and review sensitive data to make sure no outside actors can access it.

According to Mary Kavaney, the chief operating officer of the Global Cyber Alliance, school environments often don’t have a lot of technology resources dedicated to security, but they could have some of the most sought after personal information on people, including social security numbers, birth dates, and medical and financial information.

The Department of Education’s letter confirmed that threats like these have now been observed multiple times, stating, “In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received.”

“These attacks are being actively investigated by the FBI, and it is important to note that none of the threats of violence have thus far been judged to be credible,” explains the department. In order to protect private information that can be stolen and used for extortion, the Department of Education suggests that schools conduct security audits like those offered by Trust Guard and that they train staff and students on data security best practices like secure passwords.

Cyber crime has been happening since the creation of the internet. With more than 30,000 WordPress sites being hacked on a daily basis, schools, districts, and state education departments need to start monitoring their sites for vulnerabilities on a daily basis. If you are a student, parent or teacher, visit TrustGuard.com for more information on how to keep your private information safe.


Special thanks to these two articles for much of the content in this article:
http://money.cnn.com/2017/10/18/technology/business/hackers-schools-montana/index.html
https://www.cnbc.com/2017/10/24/department-of-education-warns-that-hackers-are-now-targeting-schools.html

 

More Hackers Are Doing More Damage

If you’re concerned about cyber security these days—and you should be—reading the headlines isn’t exactly going to give you any peace of mind. Sometimes it seems that hackers just have the upper hand.

Equifax_LogoOne such headline from TheRegister.co.uk tells us that “Energy sector biz hackers are back and badder than ever before.” Cyber security firm Symantec believes that a resurgent group of hackers dubbed “Dragonfly 2.0” poses more of a threat than ever. They were apparently behind a massive attack on the Ukraine’s electrical grid, which affected hundreds of thousands of people. The group now poses a threat to the electrical grids of Western nations.

Newsweek reports that the recent attack on HBO caused the loss of seven times more data than the Sony cyber attack, which back in 2014 gizmodo.com called possibly “the worst corporate hack in history.” The losses of data include things like employee medical records, Social Security numbers and TV show scripts.

And then there is the Equifax hack that lost personal data of 143 million people—yes, that’s a million. And the list goes on and on.

It would seem a good time to take cyber security seriously by using Trust Guard. If they’re on your side, they will scan for the more than 75,500 known vulnerabilities so any hacker-inviting weakness in your computer system can be fixed before the hackers can put you in a fix.

The name of the game is staying ahead of the bad guys, and you almost certainly can’t do that on your own. Trust Guard will also provide you with a Trust Seal for your web site so visitors can see that their personal data will be protected if they make a purchase on your site.

Don’t let your business make it on the hacking headlines; let Trust Guard worry about warding off hackers so you can focus on your business.  


Sources:
http://gizmodo.com/the-sony-pictures-hack-exposed-budgets-layoffs-and-3-1665739357/1666122168
http://www.newsweek.com/hbo-cyberattack-sony-hack-leak-game-thrones-645450
https://www.theregister.co.uk/2017/09/06/energy_sector_attacks
https://us.norton.com/internetsecurity-emerging-threats-143-million-people-exposed-in-equifax-data-breach.html?om_em_cid=hho_email_US_BLST_ACT_2017_09_databreach_Equifax

 

What You Should Know about the Equifax Breach

What: Data collected by Equifax, one of the three credit report giants, was hacked. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard F. Smith, Equifax CEO, in a statement. 

When: In early August, Mandiant (a cybersecurity firm) was approached by Equifax to figure out what was going on, according to CNN News. Mandiant aided in the investigation and determined from May 13 through July 30 a spate of hacks occurred.

Who: 143 million Equifax customers have been affected. Their information, including social security numbers, addresses and birth dates were accessible by hackers.

Soon after the breach was announced to the public, Susan Mauldin, former chief security officer and Dave Webb, former chief information officer, retired.

How: Like many of these cases, the how is still a mystery. But Apache Struts, a tool used for Equifax’s online dispute portal, has become the scapegoat, being blamed for vulnerabilities, making the breach easier for hackers.

Apache Struts released this statement:

“We as the Apache Struts PMC want to make clear that the development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem…”

What you can do: If you believe you might have been impacted, visit Equifax’s Cybersecurity Incident & Important Consumer Information page: https://www.equifaxsecurity2017.com/.

What is Vulnerability Scanning?

There are different types of vulnerability scanning as well as different software for each. But what is it exactly?

A vulnerability scanner is a software or an application developed to scan computers, networks, and even websites for possible security threats. It is responsible for the analysis of how strong or weak a computer’s or a server’s defenses are. By scanning, the users and technicians will know, or at least have an overview of, what threats or issues they are dealing with in terms of the security of a network, website, computer, or server.

Vulnerability ScanningIf you are to choose the right vulnerability scanner, then you first need to know the main kinds to understand your options better. There are at least two main categories I’d like to talk about.

Network Vulnerability Scanners

These scanners are often installed into one machine and are configured to access and scan multiple computers and networks. These are programmed to detect vulnerabilities of the devices, alerting the user or an IT person if there are mis-configured settings or if the treat is coming from either a pre-installed application or a user-installed application. The network vulnerability scanner works on anything that has to do with firewalls, networks, web servers, and system administration. They deal with high-profile information but not individual files since they are not installed directly onto the host.

Hosted Vulnerability Scanners

These scanners are installed on the host (the computer or system being scanned). These types of scanners take care of the low-profile information such as passwords, operating systems of the computers they were installed in, suspicious files downloaded, and file system checks.

Despite having technology to do all the job for the security of your computer, network, servers, and everything in the cloud, it is also crucial that you understand their limitations.

Vulnerability scanners are coded software that, at some point in time, may fail to do what you expect them to do. They are programmed to take snapshots of your system’s security status at a given time. It is highly recommended that users regularly scan their devices to get the most updated (if not the exact) security status of the systems and files therein. Trust Guard currently scans for 75,575 security holes. 


JonnaArticle written by Jonna Lindawan

Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Your Dog’s Name is Not a Good Password

Buster and Champ are great names for dogs. But neither of them make a good online password – especially when those are the names of your dogs!

Password Trust GuardOne of the most annoying things you’ll come across on the web is when a website forces you to create a complicated password. You’ve had to do it before—with capitals, and numbers, and special characters. You end up with something like “Beth@ny12”, which looks more like a 12-year-old’s screen name than a password. The worst part? Those passwords aren’t secure. Here’s why.

Dictionary Attacks

Brute force is usually what people think of when hacking comes to mind. That’s when hackers guess every possible combination of every letter and character. It’s a technique that’s used, but only as a last resort. Hackers start, instead, with dictionary attacks. These involve taking a very large and comprehensive list of common passwords, characters, and substitutions, and then using them to guess your password. So, yes, they’re going to guess “password”, or even “p@ssw0rd1”.

The problem, here, is that people pick passwords out of habit. The computers have been forcing us to when they make us turn “Scruffy” into “$CruFfy89”. We use short, familiar words because it’s the only way we can remember those ridiculous passwords. But that only makes them easier to guess for the dictionary attacks. Online bullies know all of the words we pick, and all the substitutions we’re going to use. And heaven forbid we forget our password. Then we just reset it to a password we already use somewhere else…which is another cardinal password sin.

Better Passwords

So how do we protect ourselves? The best option is to add more letters, preferably in the form of a random word (or words), as words are easier to remember than substitutions. If you have the option, instead of “$CruFfy89”, do a few random words, like “correcthorsebatterystaple”. You’ll get way more bang for your security buck that way. There are online password creation and storage companies like LastPass that can create and store unique passwords for you. That way, you only have to remember one password in order to access all of your accounts.

Online security should be a big deal for you! It seems like every other day we hear about another big company that got hacked. So before you give some online business your personal information and unique, non-personal password, make sure the website has a Trust Guard trust seal on it, verifying that it is secure.


Special thanks to writer Stephen Porritt.

Cyber Security Can Get Personal!

In 2013, Brian Krebs taught someone a lesson in cyber security. He had earned the unwanted attention of a man calling himself The Fly, or Flycracker, later revealed to be a 26-year-old career thief named Sergey Vovnenko. Krebs tracked Vovnenko to a forum where he brokered the sale of credit card information. Krebs found out that Vovnenko was going to do his best to damage Krebs’s reputation – maybe even land him in jail.

The plan was to have heroin delivered to Krebs, then to call the police. It didn’t work out that way. Krebs called the police first, notifying them of Sergey’s plan. The heroin came a few days after he gave his statement to law enforcement. Krebs turned it over to the cops and went to work, trying to find Vovenko.

Cyber security can get personal

Vovnenko fits a profile Krebs says applies to many in the world of information crime: young, arrogant and frankly sadistic, with a chip on his shoulder. Investigators are prone to boil down credit card stealing operations and mass identity thefts to simple greed. But often, it’s much more than that. “These guys have such huge egos,” he said. “What are they after? How much is enough? You make $100 grand a month, is that not enough?”

Krebs thinks some hackers just really enjoy messing things up and attacking people or doing it as a power trip.

After Vovnenko failed to frame him, Krebs wrote about the experience in a blog post, which the Guardian republished. He says he thinks the post embarrassed Vovnenko, who then sent Krebs’s wife a funeral flower arrangement. Says Krebs, “He had it delivered to our house with a note to her, just to her, saying, ‘Dear Jennifer, you married the wrong guy, but we’ll always take care of you. Rest in peace, Brian.'” And at that point, Krebs was so mad that he really wanted to know who the jerk was.

It didn’t take Krebs long to find out that Vovnenko, just like the people he stole from, shared passwords between the administrator account on his identity theft forum, and the Gmail address he used to do his dirty work. After a little digging, Krebs learned that Vovnenko didn’t trust his fiancee and had her every keystroke logged and secretly sent to the Gmail account; in those messages was every possible personal detail about Vovnenko’s life.

Here are some of those details: Vovnenko lived in Naples, Italy. He had a son and he married his one-time untrusted fiancee. Vovnenko bought stolen Italian credit card information. He also printed and embossed credit cards on machines he owned himself and cashed out the cards through high-end Italian retailers in the fashionable city.

Krebs decided to get in touch with Vovnenko. Running organized crime was one thing; a Ukrainian running an identity theft ring and printing stolen credit cards in the Camorra’s backyard was another. The Camorra is an Italian Mafia-type crime syndicate, or secret society, located in the region of Campania and its capital Naples.

“I just reached out to him and said, ‘Hey, how’s Italy? How’s your son Max?’” Krebs recalls. “And he said ‘Ahahaha, I wait for FBI.’

“I said: ‘It’s not the FBI you have to worry about.’” Should the Camorra be displeased with Vovnenko, bad thinks were sure to happen.

Vovnenko fell afoul of Italian authorities and spent “a while” in what he called “Naples’ worst prison” in a letter of apology he wrote to Krebs. Krebs thinks Vovnenko was in a 12-step program. Vovnenko told his victim that he “forgave” him for posting a picture and Vovnenko’s address on the website “Krebs on Security” when Vovnenko was arrested.

There are many times that hackers outfool security professionals. Daily security scanning can help. And all it takes is for people like Brian Krebs and Trust Guard to help take down these criminals – even if it is one at a time. The key is to find them before it gets personal.

 


 

Special thanks to The Guardian for supplying much of the information found in this article.

Five Ways to Combat Cyber Crime

Like most theft, cyber crime tends to follow the path of least resistance.  For paid security monitoring for your website, contact Trust Guard. They’ll help you combat cyber crime by scanning your website for more than 75,500 known vulnerabilities used by hackers to really screw things up.

Here are five online hygiene tips anyone can follow, for free, to make life harder for people looking for an easy way to steal your personal or financial information – whether you’re a business owner or not.

Combat Cyber Crime1. Use multifactor authentication. This includes entering a password plus a code or a question that only you know. Google’s authenticator app is a quick download and works easily with many services including Amazon and Gmail. It’s worth checking to see if there’s a multifactor option every time a website asks you to fill out bank account or credit card information.

2. Don’t share passwords across websites. Almost everyone shares at least a couple of passwords. Don’t. There are plenty of inexpensive password manager phone apps that can help you with this, notably the open-source Password Safe and LastPass.com.

3. Refuse to give up information whenever you can. Best Buy doesn’t need your phone number. The more information you part with, the more can be used against you if the retailer is hacked. Ron Swanson from Parks and Rec didn’t have it right all of the time, but staying off the grid as much as possible is always a good idea.

4. Check your bank balance regularly. Thieves often try for a small purchase to see if the card works before they go shopping; in particular, look for easy-to-resell items like gift cards and credits on online marketplaces. When it comes to financial accounts, you also want to change the passwords to those accounts every three months at a minimum.

5. Close down services that you don’t use anymore. Do you still have a Steam account from that one time you bought a PC game all your friends were talking about? Are you sure? Is it linked to a credit card you still use? These are the easiest ways for hackers to steal in bulk, and the one-off purchase you make on impulse is probably the one you’ll unthinkingly reuse your old password on, too. For these types of purchases, it’s a good idea to get a pay-as-you-go debit card that you load from another card with only the amount you need to make the one-off purchase.

Everyone can and should do their small part to keep their personally identifiable information safe and protected. These five tips should help.


Special thanks to The Guardian for supplying much of the information found in this article.

Gambling with Your Website’s Security

Let’s face it. We love gambling. There is a thrill in risk taking that isn’t found anywhere else. The anticipation of possibly guessing right gives us an emotional high. The possibility of failure outweighs the possibility for success. Many entrepreneurs and their investors have made millions on just such gambles while others have lost almost everything.

Some gambles are meaningless, others are life-changing. Gambling $50 to bet that our favorite team will win the Superbowl isn’t a big deal. If they don’t win, we’re often more upset at the loss of the game than we are at the loss of the $50. However, when we win big games like that, even though monetarily we may have only doubled our risk, we feel like millionaires as we celebrate our winnings.

Gambling with Online Website Security

But how many of us, as online business owners, knowingly or unknowingly, risk opening up our websites up to hackers? We gamble that out of the 30,000 websites that are destroyed or debilitated every day, for some reason, hackers will continue to leave us alone – even though we’ve done nothing to keep them out.

There is an online service that monitors for more than 75,500 vulnerabilities used by hackers to make a mess of online businesses. During the monitoring process, if any vulnerabilities are found, the company sends a report to the business owner with instructions on how to fix the issue. Once fixed, the website is safe from unfriendly visitors trying to ruin the lives of business owners and their online visitors.

Trust Guard, the leader in websites security, runs security scans for thousands of websites for owners from all over the world. These business owners don’t gamble when it comes to their website’s security. They understand the risks associated with malware, trojans, and viruses that hackers can leave. They have spent too much and effort to risk losing it all to a hacker. They don’t want to face the economic, legal and/or reputational consequences that would come if their website were hacked.

The truth is, however, that there are still hundreds of thousands of website owners that are still gambling unnecessarily with their website’s security. Are you one of them? If you are, you have two choices: Continue to trust your luck or ask Trust Guard to scan your website on a daily basis against online security threats.