Category Archives: hacker

New case study reveals that Training can reduce your Vulnerability to Cybercrime

Internet safety tips from the Ascentive team

New statistics published by Internet Security Awareness Training (ISAT) firm KnowBe4 indicate that formal training can substantially reduce an organization’s vulnerability to cybercrime. The findings, which are based on a case study of three KnowBe4 clients, revealed that between 26% and 45% of employees at those companies were susceptible to phishing emails. Implementation of ISAT immediately reduced that percentage by 75%; with subsequent 4-week phishing testing resulting in a close to zero phishing response rate across all three companies.

“As cyberheists continue to make headlines, it’s become clear that Small and Medium Enterprise underestimate the prevalence of cybercrime and the ability of cybercriminals to hack into their networks and bank accounts,” said Stu Sjouwerman, founder and CEO of KnowBe4. “Many executives erroneously assume that their IT departments and antivirus software will identify and block any cyberheist attempts. The fact of the matter is though, that all it takes is one employee clicking on a phishing email gives the bad guys a backdoor to your network. Cybercriminals use that weak link (employees) to bypass your antivirus software and gain full access to your systems. Our research has proven that Internet Security Awareness Training can close that hole; but organizations need to take the initiative to implement a formal, company-wide program.”

KnowBe4’s recent client case study showed that between a quarter to a half of employees were phish-prone before receiving Internet security training. If a cybercriminal had targeted any of those companies prior to their implementation of ISAT, there could have been serious implications. The initial test involved sending a simulated phishing email to employees before the first ISAT session to see how many would fall for a phishing attempt. The results were alarming; KnowBe4’s phishing statistics revealed an average 36.67% click rate among the three companies:

•   Company A (28 users):  45%

•   Company B (95 users):  39%

•   Company C (76 users):  26%

Following the preliminary free phishing security test, KnowBe4 conducted company-wide training. After that 30-minute on-line training, a series of five different simulated phishing emails were sent to users. The emails and the order in which they were sent varied by company; and the simulated phishing attacks encompassed a number of different topics, which ranged from bank account unauthorized access alerts, to Twitter notifications, to requests that appeared to be sent from the companies’ own IT departments. After the first email in the post-training test campaign, Company A’s Phish-prone percentage dropped to 28%, while Company B and Company C had a 0% click rate; resulting in an average of 9.33% across the three organizations. That represents an immediate overall 74.55% reduction in phishing susceptibility after the first training session.

Supplemental training decreased the phishing response rates even further. The second email in the campaign netted only a 7.10% response rate from Company A, while Company B and Company C held steady at 0%. Following the third email in the series, Company A had joined Company B at 0% phishing susceptibility, while Company C had a 1% response rate. The fourth email in the campaign – a message that appeared to have been sent from the companies’ own IT departments – fooled some employees at Company A (3.5%) and Company B (10%), while Company C had no clicks. By the fifth email in the test campaign, all three companies had achieve a 0% Phish-prone rate; representing a full 100% reduction in susceptibility to phishing tactics.

Sjouwerman noted that the initial pre-testing phishing response rates are indicative of phishing susceptibility among small and medium enterprises (SMEs) as a whole, making these businesses especially vulnerable to cybercrime. “The media often tend to focus on high-profile cases, like the recent hacking incidents at Sony and Lockheed Martin. Cybercriminals target smaller companies and non-profits all the time; it’s just that those cases don’t always make national news. As a result, many SMEs have a false sense of security, thinking that nobody is going to bother going after them with so many larger, more successful targets out there. The reality is that cybercriminals know SMEs are less likely to have effective security measures in place – and they’ll go anywhere they can find an easy way in. We recently published a case study about an attempted $150,000 cyberheist at a Boston branch of the United Way. If someone at the charitable organization hadn’t been especially vigilant, those funds would be in the hands of overseas criminals instead of helping local citizens in need. My point is that cybercrime can – and does – happen everywhere. That’s why Internet security awareness training is so important.”


Report links Cyberbullying and Suicide

Internet safety tips from the Ascentive team

Although the taunting of children by their peers always been a fact of life while one grows up, the growing popularity of the Internet in our society has escalated bullying to alarming proportions. Known as Cyberbullying, this type of bullying usually occurs when individuals utilize information and communication technologies to execute deliberate, repeated, and hostile actions intended to harm others. Whether it’s creating a fake social network member page to impersonate another child, transmitting harmful text messages or images, or posting malicious comments somewhere on the Internet, CyberBullying can seriously hurt a child. Mean comments, lies, embarrassing photos, videos, or malicious polls can be spread to a wide audience through texts, email or through posts on social networks. Some photos are even doctored with Photoshop to make them even more embarrassing and harmful.

Even worse, studies are now connecting Cyberbullying and teen suicide. A report by Sameer Hinduja, Ph.D. and Justin W. Patchin, Ph.D of the Cyberbullying Research Center notes that victims of Cyberbullying were almost twice as likely to have attempted suicide when compared to children who have not experienced Cyberbullying at all.

So what can you do to prevent Cyberbullying?

Talk to your Child

The first and most crucial step to take to prevent CyberBullying is to talk to your child about it. Make sure they know CyberBullying is wrong, and explain your expectations for their behavior. Encourage your children to come to you immediately if anything gets out of hand, and make sure they know never to take revenge on a cyberbully.

Create a Code of Conduct

Warn your children that if they would not say something to someone in person, then they shouldn’t communicate it online. And remember to set guidelines for the use of their computers and cellphones.

Online Security

Remind your children to keep their passwords safe, and not to share anything private online. Have them create their email and IM accounts with you, and make sure they do not put their personal info in their profile or screen name.

Delete Suspicious Emails

Train your child to always trash suspicious emails without opening them.

No Pretend Behavior

Warn your child never to pretend that someone they are not in chat rooms, IM’ing, or on social networks.

Filter Emails

If your child is cyberbullyied via email, use an email filter to direct all the cyberbully’s messages to go to a special folder, then forward the messages to the email provider.

Block Bullies

Tell your child that they can block bullies from their messenger buddy list by clicking on the “Block Buddy” button.

Research School Policies

Review your children’s school’s policies on bullying and discuss them with your children. And if there are not any policies on bullying in place, ask whether there are any plans to create them.

Install Tracking Software

Tacking software is special software that tracks malicious emails and automatically forward these emails to the sender’s Internet Service Provider.

Watch your Children

Finally, continue watch your children’s behavior. Ask your children how they interact with their friends and what kinds of problems pop up.


How Cyberbullies Attack

Computer safety tips from the Ascentive team

As technology evolves exponentially, it’s crucial that parents, educators, and local law authorities keep abreast of the potential threats that children may encounter online. Unfortunately, Cyberbulling is a rapidly growing problem. A cyberbully uses the Internet, cell phone, or other device to send or post text or images to try to hurt or embarrass other people. Here are the types of abuse to watch out for:

Trolling
A popular form of Cyberbullying, trolling is the act of sending or posting electronic messages that are deliberately hostile, insulting, mean, angry, vulgar or insulting, to one person or several, either privately or publicly to an online group.

Gossiping
Inspired by popular Internet gossip sites, gossiping occurs when a person sends or publishes cruel rumors, or false statements about a person to intentionally damage the victim’s reputation or friendships.

Message Board Posts
Message Boards are online bulletin boards where people post anything they choose. Although there are many good bulletin boards on the net, there are many hostile message boards like 4chan that children should avoid, as the postings on these types of message boards are abusive.

Harassment
Harassment is when the electronic bully repeatedly sends insulting, hurtful, rude, or insulting communications via email or text messages.

Impersonation
Impersonation the act of breaking into someone’s account by stealing a password and changing it, or by maliciously using information provided by a friend.

Happy slapping
Happy slapping occurs when an unsuspecting victim is physically attacked as an accomplice films or take pictures of the incident. The image or video is then posted online at a video site like YouTube or distributed electronically.

Text Wars
Similar to harassment, a Text War occurs when several people gang up on the victim, sending the target hundreds of emails or text messages, resulting in high cellphone bills.

Hate polls
A hate poll asks readers to vote on specific hateful questions, such as “Ugliest freshman” or “Biggest slut on campus?”

Spying
A more sophisticated form of Cyberbullying, this is the act of a computer hacker sending malicious computer code to the victim’s system in order to spy on the victim.

Images and videos
A result of the popularity of camera cell phones, photographs and videos of unsuspecting victims are now taken in bathrooms and locker rooms, then distributed online to humiliate the victims.

Outing
Outing occurs when a Cyberbully releases a victim’s confidential, private, or embarrassing information online, including private email messages or images meant for private viewing.

Trickery
Trickery is when a person purposely convinces another person into divulging secrets, private information or embarrassing information, and subsequently publishes that information online.

Exclusion
A relatively minor form of Cyberbullying, exclusion occurs when someone intentionally excludes another person from an online group or community.


Five Books to Help You Deal with Cyberbullying Now

Tips to handle cyberbullying from the Ascentive team

Despite cyberbullying being a relatively new problem for children in school, a number of resources are now available to help parents deal with it. In addition to website such as www.stopcyberbullying.org and www.cyberbullying.us, there are many book on the subject. Here are five books to Help You Deal with Cyberbullying now.

1) BullyingBeyond the Schoolyard: Preventing and Responding to Cyberbullying

By Sameer Hinduja and Justin W. Patchin

Focusing on how technology can facilitate or magnify traditional forms of peer harassment, “Bullying beyond the Schoolyard” paints a vivid picture of online aggression among adolescents by recounting the stories of victims, summarizing current research, and reviewing recent legal rulings. The book also provides proactive prevention and intervention strategies to equip parents, educators, counselors, law enforcement, and other youth-serving adults with the tools necessary to protect students from the negative effects of cyberbullying. Finally, it includes many special features, such as questions for reflection after each chapter, numerous illustrations, and reproducible resource documents to further educate those involved.

2) Cyber Bullying: Bullying in the Digital Age

By Robin M. Kowalski PhD, Susan P. Limber PhD, & Patricia W. Agatston PhD

“Cyber Bullying: Bullying in the Digital Age” provides an overview of bullying research in general, paying attention to research from around the world, and an overview of the cyberbullying research, much of which the authors have been directly involved in conducting. The authors provide current research that informs the reader as to the pervasiveness of this event in the lives of children.

3) Teen Cyberbullying Investigated: Where Do Your Rights End and Consequences Begin?

By Thomas A. Jacobs J.D.

Among books recently published on this topic, this one distinguishes itself by covering more than 50 actual court cases involving teenagers. Although Judge Jacobs assures teenagers of their protected legal rights, especially First Amendment rights, the hearings are a sobering reminder of the real dangers and legal consequences of cyberbullying.

4) Cyberbullying and Cyberthreats: Responding to the Challenge of Online Social Aggression, Threats, and Distress

By Nancy E. Willard

“Cyberbullying and Cyberthreats: Responding to the Challenge of Online Social Aggression, Threats, and Distress” contains a Parent’s Guide to Cyberbullying and Cyberthreats, a fact sheet entitled CyberbullyNOT: Stopping Online Social Cruelty, a Situation Review Process handout and School Action plan for working with parents and students, and detailed guidelines for managing in-school use of the Internet and personal devices, including cell phones. Appendices contain reproducible assessment and program forms/

5) Confronting Cyber-Bullying: What Schools Need to Know to Control Misconduct and Avoid Legal Consequences

By Shaheen Shariff Ph.D

This book is directed to academics, educators, and government policy-makers who are concerned about addressing emerging cyber-bullying and anti-authority student expressions through the use of cell phone and Internet technologies. The author analyzes government and school responses by reviewing positivist paradigms. Her review of a range of legal frameworks and judicial decisions from constitutional, human rights, child protection, and tort law perspectives redirects attention to legally substantive and pluralistic approaches that can help schools balance student free expression, supervision, safety, and learning.


Hackers prank Tupac hoax on PBS website

Business news from the Ascentive team

PBS officials say hackers have cracked the network’s website and posted a fake story claiming dead rapper Tupac Shakur was alive in New Zealand. LulzSec, the hacker group that claimed responsibility for the prank, are said to have acted in response to a recent “Frontline” investigative news program focusing on the whistleblower site WikiLeaks. PBS confirmed Monday that the website had been hacked. The phony story had been taken down as of Monday morning. It had been posted on the site of the “PBS NewsHour” program, which is produced by WETA-TV in Arlington, Va.

Anne Bentley, PBS’ vice president of corporate communications, said in an email that erroneous information posted on the website has been corrected. The hackers also posted login information for two internal PBS sites: one that media use to access the PBS pressroom and an internal communications website for stations, she said. She said all affected parties were being notified.

David Fanning, executive producer of “Frontline,” said he was learning of the hacking early Monday, nearly a week after the program aired its “WikiSecrets” documentary about the leak of U.S. diplomatic cables to the WikiLeaks website. The documentary, produced by WGBH-TV in Boston, generated criticism and debate on the program’s website in recent days from those sympathetic to WikiLeaks founder Julian Assange and from those who thought the program was fair, Fanning said. “Frontline” producers hear impassioned responses all the time, Fanning said. Having a group attack the PBS website over a news program was unusual but “probably not unexpected,” he said. “From our point of view, we just see it as a disappointing and irresponsible act, especially since we have been very open to publishing criticism of the film … and the film included other points of view. This kind of action is irresponsible and chilling.”

A group calling itself LulzSec (aka The Lulz Boat on Twitter) claimed responsibility and posted links to other hacks, including a video apparently taunting the network. Taunting messages were also posted on the group’s Twitter page targeting the PBS program “Frontline.” One message said the group recently saw the “WikiSecrets” show and was “less than impressed.”

PBS ombudsman Michael Getler wrote about the “WikiSecrets” documentary in his weekly column Thursday, saying it had generated only a handful of complaints, though he had expected more mail from viewers. “This may be a good thing for Frontline if it suggests that most viewers found the program to be in keeping with Frontline’s reputation for fair yet tough reporting,” Getler wrote. Getler raised some questions about the reporting in the program but said he found the questioning by interviewer Martin Smith to be “tough but proper.”


%d bloggers like this: