Human Error

Major Impact

Last week the Federal Aviation Administration (FAA) announced a nationwide ground stop of all flights. Approximately 9,000 flights were delayed, and over 1,000 flights were canceled. The reason why? The NOTAM system (short for Notice to All Air Missions), which is designed to provide real-time information to pilots and air traffic controllers with critical information before takeoff, was down. This system is designed to alert you of such things as runway hazards or unsafe weather conditions and is therefore critical to safety.

What Happened?

According to reports, it was during routine maintenance that an engineer replaced one file with another. Unaware that the replacement had been made with a corrupted file, a cascade of failures then followed. A complete reboot was needed.

This was not an attack, and it was not intentional sabotage by an individual. Simply put, it was human error. Could it have been prevented? We’ll likely never know. The point of mentioning this news is to show that one simple human decision can take down an entire industry.

It was acknowledged that the system is outdated. And when the error occurred, it seems that there were contractors who did not follow the government’s procedure. Was there a plan in place for such a situation? Did they do regular Security Risk Assessments to address the issues? Was there a contingency plan should anything fail?

These are the questions that every business needs to ask and address in its own strategy and success plan.

Different But the Same

To be clear, we realize that this was not a cyberattack. But it was humans, that made (likely) unintentional mistakes, and they were just….being human. They didn’t know it was a corrupted file. They had trust in themselves and the job that they were doing because it was something that they may have done many times before. There wasn’t any reason to assume the file was corrupted.

The point we want to make is that it could have been your office and your employee clicking on a phishing email that looked like a hundred emails that they have seen before. It could have been someone that you hired on a contractor basis. It could have been a phishing email and it could have led to your own shutdown.

Too often we think that we have the right software in place, or the latest hardware installed and we assume these protect us from failure or attack. It isn’t always the cybercriminal lurking ‘out there’ that is the greatest threat to your business.

Train your team to be your strongest defense against cybercrime. It is your best approach to avoid having one person that makes one mistake, which affects your business, your clients, and your reputation. Having a plan in place, ongoing training programs that are mandatory, and tools and resources that change with the threat landscape will offset the risk of your business succumbing to human error.

Artificial Intelligence

Artificial Intelligence (AI) is gaining popularity among everyday consumers like so many technologies, through social media. Just take a quick look in your newsfeed and you’re likely to see your friends in otherworldly scenarios they’ve created with Magic Avatars from Lensa.

With over 4 million downloads in the first part of December, it’s clearly a hit. But is it safe? With any app, you should read the privacy policy and terms of use before downloading, especially when it involves your biometric data. But users should be aware, the risks don’t stop there. Additional information is likely being captured, as it might be with any app or program. This might include location and device information among other things.

Many Sides of AI

AI is more than avatars. There can be benefits that originate in medicine, decision-making, research, and a whole range of other topics. Removing the risk of human error in cybersecurity sounds great right? And it allows for 24/7 availability of machines working when we can’t be there. But this also means unemployment, a lack of emotion, out-of-the-box thinking, and more disadvantages when it comes to the rise in the use of AI.

The greatest concern that we have with AI is the risk it poses to duping people. The most dangerous option is if it were to be created with criminal intent. Cybercrime with AI can include fraudulent imagery, videos, and voice messaging. If your superior sends an email with directions to wire money, you might stop and evaluate for phishing. If he or she follows up with a voicemail or video message with the same instructions, you might be less hesitant to act on the directive.

Avatars Aside

The creation of avatars is just one side of AI. While there are multiple risks to consider regarding AI, there are some that aren’t obvious if you’re only focused on the cybersecurity aspect of it. For example, what is the threat to artists and creators regarding the origination of AI art? Not just for static images, but also with regard to actors and individuals who create commercial content. Will there come a day when there’s no need to hire actors for movies, we can simply create the person we need to fit the role. Or do we license the image and likeness of celebrities to use in projects, without them ever setting foot on a set?

Is there cause for concern regarding any of our own images being online? This article discusses that very issue. We’re beyond the days when photoshop was the only concern for such a cautionary tale.

Offset the Risk

Remind your employees that AI is a threat to their cybersecurity. Provide ongoing training to offset the risk that it presents. And as simple as it seems, we should remember to verify everything before taking action. Especially if the request will have implications on the welfare of a person or the business. If you would like to learn more about how to mitigate the threat of cybercrime, AllSafe IT can help.

What is Zero Trust?

Zero Trust Access

Zero Trust, or Zero Trust Access, is the term applied to the strategy which assumes that you cannot trust the individual or device until verified. The good guys, the bad guys, and all devices are the same and should not be trusted automatically. Proof of trust is verified with credentials.

The term was first coined in 1994 by Stephan Paul Marsh at the University of Stirling as part of his doctoral thesis that focused on trust. Over the next ten years, it became part of the tech vernacular as it relates to defining the perimeter of security access.

Three Principles

While implementing a zero trust strategy can happen in different ways, a zero trust architecture will always have similar elements.

User/Application authentication – grouped together since some actions are automated
Device authentication – consideration of access scenarios, will access be granted through a mobile phone, IoT device, different locations, etc
Trust layers – evaluation of access based on application layers rather than overall network access
Interaction – a way of duplicating verification through interactivity

Working together, these principles are modeled on the “never trust, always verify” foundation. And that means that even if they are connected to a corporate LAN, they need to be verified. The complexity of today’s technology landscape means that we cannot operate on any assumptions. Just because a device or login exists on a network, verification or validation should not be automatic.

Security From Start to Stop

AllSafe IT provides businesses with the tools to identify gaps in their security programs. Additionally, our ongoing training program and other resources then mitigate the risks that are found to further prevent the likelihood of a cyber breach.

AllSafe IT has spent over 15 years providing IT services to hundreds of businesses. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of businesses.

Staying Safe & Secure on Social Media

Did you know that an employee's sloppy social media habits can lead to a compromise that extends beyond the individual’s personal account? Many people don’t realize that their login credentials tie them together with an invisible thread in the dark web. A hacked social account could lead to access to business credentials or more.

Hackers 101

If you've been following our blog posts, you’re familiar with the various ways that hackers work to gain trust. That trust innocently leads to providing information that an individual deems irrelevant, but is not. It could be the one missing answer to a question that provides access to a password. Let’s take a quick look at the different ways that data can be unsuspectingly compromised.

Impersonation

Many of us have been ‘friended’ by someone who appears to be hacked. The victim has provided enough information to have their online profile duplicated. This provides cyber criminals with a chance to connect to you without you realizing they are impersonating someone you know and trust. There is a chance you’ll give up information without realizing this beforehand.

Another danger is that your business profile is hacked or duplicated. This provides an opportunity for a cybercriminal to threaten your good standing in the community or reputation on a larger scale.

Social Engineering

Social engineering is one of the easiest ways to get information. Through online conversations that don’t require in-person meetings, participating in those fun quizzes online, or answering a phone call that is asking for “just a minute of your time” for a survey.

You think you’re merely having fun, or giving your opinion, but in reality, you’re possibly giving them the answer to a security question that protects your account. One of the more prevalent ways to collect data is through an online quiz. Which kind of animal are you? You’re better off just staying clear, the answer won’t turn you into a leopard. But it might give your information to a snake (no offense to all of the snake lovers out there).

Phishing Attacks

Phishing can come at you in many ways. Let’s say that your online social presence indicates that you are a football fan. Some of those fun Facebook quizzes about your football expertise may have provided information to engineer a phishing attack. Or perhaps you start to receive fraudulent contest alerts to win game tickets or a trip to the Super Bowl. It’s all connected. Click here to win your prize, just enter your information so we can send you the tickets!

Phishing attacks are sophisticated. And hackers work in conjunction with data from other breaches to provide a really accurate dupe to fool you.

Stay Safe & Secure

Don’t be fooled into thinking that your identity isn’t valuable. We mistakenly think that a hacker won’t get too far on the funds in your bank account. The issue is with the havoc that can be brought upon your friends, business, family members, or even your own identity if you are falsely impersonated. You don’t have to be what you might consider rich to be a valuable asset in cybercrime.

Staying safe is done by implementing behaviors with training and by enabling security measures in your online activity. These will help to mitigate the risk of being breached or compromised. Always use multi-factor authentication when it is available. At work, train your team to recognize the tactics that hackers will use. Security Risk Assessments will identify the gaps and provide you with the opportunity to fix them.

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of businesses.

Can Your Mobile Phone Get Infected with Malware?

Can your mobile phone be infected with malware? It sure can. You’re holding a small computer in your hand, and it can be susceptible to malicious software just like your laptop or desktop. Nuisanceware can be problematic when it is downloaded with other applications. Spyware can lead to stolen data, and one step up is stalkerware, which is often the most unethical and malicious of the spyware varieties.

How Does My Phone Get Malware?

If you notice that your mobile phone is getting unusual messages, has modified settings that you didn’t adjust, or is not running optimally, it may be infected.

App Downloads

Hackers spread malware via apps and downloads to your devices. An easy way to do that is via an app that you download. While official app stores usually ensure legitimacy, there are pirated versions that are easier to manipulate. They can appear legitimate but can contain spyware or other malware.

Phishing Emails

Using your phone to check email is convenient. However, beware of clicking on links that may be fraudulent. Phishing is one of the most widely used ways to attack an unsuspecting user.

Non-Secure WiFi

Be aware of automatic connections to wifi networks. Using a VPN can add an additional layer of protection when it comes to gaining access to your phone.

Text Messages or Voicemails

It can look legitimate, and it may sound legitimate, but do not give out personal information over the phone through a text or in response to a voice message request.

Protecting Your Device

Whether you’re protecting your personal or professional equipment, the same rules apply. Do not purchase a jailbroken device or modify your own equipment. This is especially true if it is issued by your employer for work. Always use a VPN instead of a public network. Download apps and software only from reputable sources. Often there are rules against any modifications if it is a work device. That includes downloads. Use encryption for all sensitive data. Ensure that you have multi-factor authentication enabled when possible.

And above all of the methods that you can engage with when it comes to cybersecurity, training is at the top of the list. Human error is the easiest entry point when it comes to illegally accessing your devices which can lead to network access.

If you believe that your device has been compromised with malware, notify your IT team immediately.

We hope the tips above help you feel safer and more confident about your mobile security. AllSafe IT’s comprehensive cybersecurity services are designed to identify, assess, and manage cybersecurity risks. We have aligned with the National Institute of Standards and Technology (NIST) framework for the design of our cybersecurity solutions.

What is a Deepfake?

A deepfake is a portmanteau (more on that in a moment) of “deep learning” and “fake”. What is a portmanteau? It is when you take multiple words and combine them into a new word. For example, smog is a portmanteau of smoke and fog. So how exactly could deepfake affect you and your business?

If you take a photo, audio, or video and replace one person in it with someone else’s image, you’ve created a deepfake. If you create an audio file with a voice that impersonates someone else, you’ve created deepfake content. With today’s technology, this goes beyond cropping your face over someone else’s in a photograph. Current technology allows very realistic and believable content to be created. Content that never actually existed or happened.

Why is it Dangerous?

The dangers and risks of deepfake content are simple. False narratives are created. That means that misinformation is spread, and that then leads to misunderstanding. It can include political content. Imagine if false speeches, behaviors, or more were attributed to candidates or leaders. Not only could that result in interference with elections, but it also could affect existing relations.

A person of authority is in a position to provide guidance, and that then gives us directives. If information is created fraudulently, perhaps it can be corrected at the moment, but it also never goes away online. Remember, if it’s online, it’s out there forever. And a deepfake falls under the same rules. But that’s only one part of the dangers this presents.

Deepfakes can also be used in cybercrime. The FBI warned that they have received and increased number of reports that deepfakes are being used fraudulently to commit crimes.

How You’re Affected

While you might feel confident that you can decipher between real and fraudulent content, or that you would never fall for a scam, statistics say otherwise. And a deepfake can affect you personally. Phishing emails can be accompanied by audio files that ask you to perform fraudulent tasks. You might identify a scam in your email, but what if you receive a voice message as a follow-up to that same request? Suppose you own a business, and someone files a false customer complaint or review of your product. This could have repercussions that you can’t easily prove as false to your customer base.

How To Offset the Risk

Humans are the strongest way to offset cybersecurity risks of any kind. Having strong training programs, enforcing behaviors, and being aware of the latest threats are strong tactics for keeping your business safe. AllSafe IT offers a complete end-to-end solution for keeping your business safe.

What is a Botnet?

You may hear the word ‘bot’ used in conversations, especially around cybersecurity. But often we use it without really knowing exactly what it means or how it originated.

The Players

The term botnet is short for robot network. It describes a network of computers that are infected by malware. This malware is controlled by a single party, known as the bot-herder. And each computer that is under that control is known as a bot.

How Does It Work?

Every computer on the botnet can be controlled from one central point or location. Commands are issued for criminal acts to be carried out at the same time. These botnets are often made up of millions of bots. This enables large-scale attacks to happen without the effort and coordination of multiple parties. It also includes the ability to perform simultaneous updates and behavior modifications to the bots as well as attack commands. Bot-herders can often rent out segments of their botnet to cybercriminals for financial gain.

What Do They Do?

While not limited to the following actions, these are some of the more common criminal activities that bots can perform.

DDos Attacks – A distributed denial of service attack is when an overload of requests is directed at a targeted network or server. This then renders the network inaccessible to its legitimate users.

Targeted Intrusion – When a smaller botnet targets a very specific high-value part of an organization such as financial data, R&D, or other intellectual property. It can also target customer information.

Financial Breach – These botnets are designed to target credit card information and directly steal funds.

Email Spam – While this is one of the older botnet attack methods, it is one of the most common. Botnets will send out phishing and spam messages with malware to large, targeted audiences. One person clicking on a malicious link can result in financial gain for the criminal.

How To Fight Back

The sophistication and adaptability of bots make them a threat to cybersecurity in many aspects. Being proactive in your approach will provide better results when it comes to keeping your personal identity and the security of your business intact.

AllSafe IT recommends the following best practices to increase your chances of avoiding a breach:

Make sure your employees are trained on security awareness so they are aware of every type of threat and know how to respond to them.
Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
Assume you will be hit. We only hear about huge corporations in the headlines, but organizations of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable your IT team to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.

Social Engineering in Action

Is social engineering that effective? Ask an Uber or Rockstar Games employee that question and you’ll likely hear a resounding yes. This effective mode of duping people within a targeted group or business was the method that one hacker used to hit both companies with a breach. Just how effective is it? In 2021, the FBI received 323,972 complaints of social engineering attacks. And there are many more that go unreported.

What Happened

A teenage hacker known as TeaPot claimed ownership of these attacks. The Uber network was accessed by convincing an employee contractor that they were part of Uber IT and their credentials were needed. They believe those credentials were first found and purchased on the Dark Web. From there, TeaPot tried to log in but was stopped by multi-factor authentication (MFA). TeaPot then contacted the employee through WhatsApp, a messaging platform. They then claimed to be from Uber IT, saying that they needed the employee to approve the MFA request. With Rockstar Games, it was Slack messages that were breached. It is believed that access was acquired through manipulation there.

Losses from a breach aren’t all the same. We often assume it comes in the form of stolen credentials. While this is often the case, in the Rockstar scenario, it was stolen intellectual property. Content from their upcoming game was released which means a loss of revenue. Additionally, the hacker is threatening to release code that would give access to anyone wanting to create pirated versions of the game.

How to Prevent Social Engineering

Humans are the access point, so it is through ongoing training that they must learn how to avoid succumbing to an attacker’s tactics. Enabling multi-factor authentication can assist with preventing access, but avoiding leaked credentials in the first place is critical. The Uber breach is a case in point.

Educating your workforce to recognize that they can be targeted through online platforms outside of work systems is part of the process. Humans remain the weakest link in cybersecurity. By taking a multi-faceted approach you can strengthen your human firewall and secure your business.

AllSafe IT recommends the following best practices:

Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
Assume you will be hit. We only hear about huge corporations in the headlines, but organizations of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable your IT team to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.

Ransomware Attack on Los Angeles Unified School District

The Los Angeles Unified School District (LAUSD) has confirmed that a criminal hacking group was able to access their systems and steal data. The attackers demanded that the school district pay an undisclosed amount to prevent the release of the stolen data to the public. However, the district refused the ransom demands, stating that “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”

In a tweet Sunday, LAUSD confirmed that the data was published by the hacking group. They also announced that an incident response hotline would be available to assist those who have questions or need support. News outlets report that the leaked data includes “confidential psychological assessments of students, contract and legal documents, business records, and numerous database entries.”

Last August, we published a blog post detailing that the education sector was one of the biggest targets for ransomware attacks. A little over a year later, it appears that statistic has not changed. AllSafe IT’s takeaway from this incident is to remember that oftentimes, it’s WHEN not IF an organization will be hit with ransomware. While it’s important to take steps to prevent an attack, organizations should also assume they will eventually be hit and have a response plan in place.

What can Education Organizations do to prevent or mitigate an attack?

AllSafe IT recommends the following best practices:

Deploy a multi-layered stack of security solutions like AllSafe IT’s Safe Total, which includes endpoint protection, advanced email security, multi-factor authentication, security awareness training and compromised credential monitoring.
Implement Backup and Disaster Recovery (BDR). Restoring from backup is the easiest, cheapest and most reliable way to restore data after an attack.
Assume you will be hit. We only hear about huge corporations in the headlines, but organizations of all sizes are targeted. Do everything you can to avoid an attack, but also be prepared for the worst.
Have a malware recovery plan. Speaking of preparing for the worst, make sure you have an incident response plan in place. This will enable your IT team to quickly mobilize when a ransomware attack starts and may even be able to stop an attack before data can be encrypted.
Don’t pay the ransom. Organizations that pay ransom only have an 11% chance of getting all their data back. This is a very poor return on investment indeed

AllSafe IT is proud to have spent over 15 years providing IT services to hundreds of companies—many of those within the education sector. Our specialized services are uniquely tailored to provide our customers with the reliability, protection, and fast services needed to ensure 100% uptime and maximized data security. From comprehensive and preventative cybersecurity strategies to 24/7 customer support, AllSafe IT understands the unique needs of educators.

Student Loan Scams

With the launch of the U.S. Student Loan Forgiveness program, there is an opportunity for students and other borrowers to benefit. Any scenario that puts millions of people in a target pool is ideal for hackers. Add to the scenario the list of questions and uncertainties and you have a recipe for risk. The details are not always known at first or readily available and that means that cybercriminals are ready to pounce before you can get your questions together.

What Makes It High Risk?

The questions of eligibility, process, check insurance, deadlines, and requirements remain outstanding for most people. In situations like this, the headlines grab our attention and we either skim the fine print or we miss it altogether. And to further increase risk, the money component skyrockets the likelihood of a target succumbing to a cybercriminal’s efforts. Those who are eligible (or unsure if they are eligible) are going to want to take advantage quickly of the forgiveness option before this program is possibly gone. Are there unlimited funds? Can it be revoked? Those aren’t answers that are readily available and so people often act from a place of fear.

What Can You Do?

Stop and think before you react. That means that emails, advertisements, phone calls – and any other contact that you receive regarding a loan, should be carefully reviewed. Do not click, callback or answer without research. It is understandable that you may want to eliminate what you can from your own student loan debt. But in order to avoid being a scam victim, every item of information should be received with skepticism. If you are asked to provide personal information, credit card information, or required to “log in and update information” you should be wary.

If you are uncertain about any correspondence regarding the loan forgiveness program, you should verify before responding.