Monthly Archives: February 2016

Could Your Data Be Hijacked and Held for Ransom?

Hospitals were on edge recently when the Hollywood Presbyterian Medical Center was hit by cyberterrorists. After all, if this Los Angeles hospital’s information could be held for ransom, why couldn’t another’s? Which is, in fact, the reality: any organization, including medical, government, education, industry, etc. can be the target of a ransomware extortion plot.

If you didn’t hear about the incident, here it is in a nutshell: Hollywood Presbyterian Medical Center is an acute-care facility with physicians representing a wide variety of specialties, from cardiac and cancer care to fetal therapy and maternity services. A few weeks ago hackers hijacked the hospital’s computer system, preventing access to any data by encrypting it. Initially, hackers demanded $3.6 million in return for releasing the data. Although the attackers later decreased their demands to 40 bitcoins (worth $17,000) in exchange for a decryption key, they had made a point to the world: patient data and medical records are not safe from hackers.

A sobering lesson can be learned (again): important data must always be protected. Hackers don’t necessarily care who the data belongs to; they will do their best to exploit any weakness in the IT infrastructure to steal, damage, or hold for ransom an organization’s data. Like most criminals, cybercriminals are opportunists who seek out easy targets. Are you an easy target? Just for starters, consider this: Is your data unencrypted? Do you employ password protection policies? Are you using expired antivirus software?

Fortunately, organizations can safeguard their data by backing it up to the cloud. The more secure your data is, the more likely are cybercriminals to look elsewhere for better odds of accessing important or sensitive data. Don’t let your data become vulnerable! So, when looking for a service that backs up to the cloud, what should you expect? There are many points to consider, including the following:

•     Is your data encrypted in transit and at rest?
•     Do you have the option to use your own encryption keys?
•     Are backups automated?
•     Is the cloud service audited and certified?

Finally, ask yourself this question: In the event of hardware failure, theft, virus attack (including a ransomware extortion plot!), accidental deletion, or natural or man-made disaster, will my data be safe and recoverable quickly?

Organizations rely on digitized data more than ever. As such, all organizations—from the smallest business to the largest enterprise—must take the necessary steps to ensure that their data is securely backed up, accessible, and easily recoverable.

 

Most Prolific Hackers (infographic)

Money. Power. Politics. A new Porsche. Any one of those can be sufficient motivation for a hacker to ply his trade. These days, even with the most sophisticated security in place, hackers continue to break through the inner sanctums of government, industry, and business to steal secrets and other sensitive information like weapons technology and credit card numbers. These guys are so good that some end up making a legitimate profession by using their hacking skills. Let’s take a look back to learn about the most prolific computer hackers and the motivations behind their exploits.

As long as there have been computers, there have been hackers. Through the use of computers to gain unauthorized access to everything from radio station phone lines to government agencies, hackers have a wide variety of motives for their actions. Join us as we list the most prolific hackers to date.

Alias: The Homeless Hacker
Name: Adrian Lamo
Country of Origin: USA
Current Status: Threat analyst
Agenda: Unkown

Best Known For:

Using coffee shops and libraries as his command centers, Adrian earned his alias by hacking into The New York Times, Google, Yahoo! and Microsoft.

After an arrest and 6 months of house arrest in 2003, Lamo became an American threat analyst. He was one who turned in U.S. soldier Bradley Manning (now known as Chelsea Manning) for leaking thousands of government socuments, which shined the spotlight on the now infamous WikiLeaks website for the first time.

Alias: ASTRA
Name: Withheld from public
Country of Origin: Greece
Current Status: Inactive following arrest in 2008
Agenda: $$$

Best Known For:

This hacker has never been publicly identified, though it is suspected he was a 58-year-old math teacher. Astra spent over half a decade hacking into the aviation company Dassault Group’s inner sanctums to steal and sell weapons technology information.

Alias: Dark Dante
Name: Kevin Poulsen
Country of Origin: USA
Current Status: Senior editor for Wired magazine
Agenda: A new Porsche 944 S2

Best Known For:
Being the first American to be banned from the Internet and computers for 3 years after his release from a 5-year prison sentence for hacking.
Poulson hacked the phone lines of a local radio station to rig a competition in which he would be the 102nd caller, winning the grand prize.

Alias: Cumbajohnny, Segvec, Soupnazi, Kingchilli
Name: Albert Gonzalez
Country of Origin: USA
Current Status: Inactive, currently in prison until 2025
Agenda: $$$

Best Known For:
Starting shadowcrew.com, a website that gained up to 4,000 followers where stolen or fake passports, driver’s licenses, bank account information, debit and credit cards, etc. were bough and sold.
He hacked TJX Companies and Heartland Payment Systems to steal upwards of 45 million debit and credit card numbers. Gonzalez was arrested in 2008 for this crime.

Alias: The Condor, The Darkside Hacker
Name: Kevin Mitnick
Country of Origin: USA
Current Status: Security consultant and author of two books
Agenda: Social engineering

Best Known For:
Being “the most wanted computer criminal.”

Mitnick started his illustrious career by bypassing the punch card system on the city bus line in Los Angeles. Soon he was hacking Motorola, IBM, the Pentagon, and others.
In 1995, a judge placed him in solitary confinement, fearing Mitnick’s skills were so diverse he could start a nuclear war by whistling codes into a payphone.

Alias: c0mrade
Name: Jonathan James
Country of Origin: USA
Current Status: Committed suicide in 2008
Agenda: Unknown

Best Known For:
Being the first juvenile to be tried and sentenced for hacking in America.

At 15, James began hacking into the Miami-Dade School System, Bell South, the Department of Defense, and NASA. He also intercepted source code for the International Space Staion, causing NASA to shut down its computers for 3 weeks to fix the breach.

Alias: Unknown
Name: Vladimir Levin
Country of Origin: Russia
Current Status: Whereabouts unkown
Agenda: $$$

Best Known For:
Without using the internet, but instead, a telecommunications system, he was able to gain access to millions of dollards, which he siphoned off and split between his 2 partners. After serving 3 years in prison, he was ordered to pay back only part of the money because that was all that could be recovered.

Alias: Solo
Name: Gary McKinnon
Country of Origin: England
Current Status: Currently lives in England
Agenda: Looking for evidence of UFO’s

Best Known For:
Hacking into 100 American military and NASA servers from his girlfriend’s aunt’s house. He deleted sensitive software, files, and data.
Later he shut down 2,000 comptuers in the US Army’s Military District of Washington network in just 24 hours, making it the largest military computer hack of all time, rendering the US military network inoperable for days.

Alias: Syrian Electronic Army (group)
Name: Unknown
Country of Origin: Syria
Current Status: Active
Agenda: Support Syrian President Bashar al-Assad

Best Known For:
Hacking US President Barack Obama’s and the Associated Press’ Twitter feeds are just two of the high-profile altercations they’ve been involved in. The Syrian Electronic Army has also attacked political opposition groups, western news organizations, human rights groups, government websites, and US defense contractors.

Alias: Anonymous (group)
Name: Unknown
Country of Origin: Multiple
Current Status: Active
Agenda: Social causes

Best Known For:

Being a group of individual members (known as Anons) from around the globe who unite for social causes.

Anonymous has attacked government, religious, and corporate websites.  Among their targets are the Vatican, the FBI, the CIA, Paypal, Sony, MasterCard, and Visa , as well as the Chinese, Israeli, Tunisian, and Ugandan governments.

Make sure your data is protected offsite with Mozy Online Backup.

Benefits of SaaS

Most business owners face the ongoing challenge of reducing costs yet at the same time driving increases in revenue. One way for a business to reduce costs is to invest in SaaS applications. Not familiar with SaaS? Gartner defines software as a service (SaaS) “As software that is owned, delivered and managed remotely by one or more providers. The provider delivers software based on one set of common code and data definitions that is consumed in a one-to-many model by all contracted customers at anytime on a pay-for-use basis or as a subscription based on use metrics.”

You might be asking yourself, What are a few examples of SaaS applications? SaaS applications include but are not limited to, Google, Twitter, Salesforce, and Mozy cloud backup. Because SaaS applications have significant benefits, they are rapidly penetrating the IT market. Benefits include low cost, pay-as-you-go subscription model, and little to no maintenance for the business owner.

As already mentioned, cost savings is always front of mind for a business owner. SaaS applications can save businesses money on multiple fronts. The biggest cost savings come in the form of not needing to purchase any on-premises hardware. The SaaS provider supplies the appropriate software and resources to get the customer up and running quickly. Using Mozy as an example, the customer purchases the Mozy service and then downloads the Mozy backup software via a silent install. In a relatively short time, the customer can be securely backing up important files.

The pay-as-you-go business model is simple yet efficient. Pay as you go gives you the benefit of accurate budgeting practices as well as the ability to forecast accordingly on costs as you scale your business. Pay as you go also gives you the flexibility of not being tied down by lengthy contracts that can hinder your business operations.

An additional benefit of being a SaaS customer is that the provider is responsible for making sure systems are up to date and that security is handled effectively. This is a huge upside for the customer because the IT department can utilize its time and resources on business-critical priorities. Security is something that SaaS providers do not take lightly. For example, Mozy data centers are world class, embracing the highest of security measures, including 24x7x365 onsite monitoring and security, temperature controls, backup power supplies, fire suppression systems, and biometric scanners.

The benefits of SaaS go far beyond what we’ve discussed in this post. SaaS applications provide numerous benefits across many different industries making it one of the fastest growing industries. In October of 2014, EMC further showed its commitment to the SaaS industry by acquiring Spanning, backup for born-in-cloud applications such as Office 365, Google Apps, and Salesforce. If you’re not already taking advantage of SaaS applications, now is the time to be asking yourself, “What can SaaS do for me?”