Recently our University was pleased to find that we had been ranked number one in San Diego for Cybersecurity degrees by Universities.com. If you did not already know, Coleman has had the longest running Cybersecurity (formerly Network Security) degree program in San Diego. Since 1963 when we first began our journey as The Automation Institute, our organization has been at the center of technology development and we have graduated many distinguished alumni over our 54 years in Southern California. From Data Processing to Cybersecurity we have come a long way by following the trends and seeing the potential in every student that walks through our door. Our alumni have gone on to work for SPAWAR, Cisco, Kyocera, and many other incredible companies that are the leaders in technology development. With our lifetime Career Services access and small class sizes our students have been able to create lucrative careers in exciting fields. More importantly, they have brought integrity to the Coleman name and we are proud to continue to provide a top Cybersecurity education for San Diego. Our mission statement is “To deliver relevant education that prepares individuals for technology focused careers, while providing an environment where they may develop to their full potential” and we will remain dedicated to that mission long into our future. This is exciting news for our university and we are so happy to share it with our followers and alumni!!
In the height of the westward expansion into California, the “Wild West” became not only a place, but a term that described an entire cultural phenomenon. What made the west so wild were the apparent lawless territories that saw hostile takeovers, train and carriage robberies, kidnapping, and ransoming. Over time the west was settled and developed into new states with their own laws and regulations. The wild part of the west was no longer a threat, at least in the physical world. Today we have a new and almost lawless place, however this territory only exists online. Though there are plenty of companies and programs that work 24/7 to ensure safety online, there are still opportunities for malicious attacks to be carried out. The robberies and takeovers that plagued the westward expansion have now become digital.
A typical scam that you will see online is the email phishing that we talked about in a previous blog. These scams can be easy to avoid as long as the recipient is not engaging with the email or providing any personal information. Unfortunately that does not always protect online users from being attacked for their information. Ransomware has become a bigger threat that is hard to trace and causes an incredible amount of damage. Essentially it is software that takes all of a victim’s personal files and information and holds it for a ransom that must be paid. Recently a large ransomware attack has become global news, with at least 150 countries experiencing the same attack. The most affected victims were the small businesses, universities, and hospitals that were unable to protect themselves and had to either pay the ransom or risk losing all of their data (CNN Money). Reports from China, Germany, Japan, Russia, the US, and Spain confirmed that there had been attacks from the same ransomware and that they had taken the necessary precautions to try and stop its spreading.
Through a patch in the Microsoft Windows software, the ransomware “WannaCrypt” was able to target specific users and take over their systems. Ransomware works as a lock box for your data, keeping you from accessing any of your files or personal information unless you agree to the terms and conditions set up by the creator. Victims were told to use Bitcoin to pay for the return of their files (Microsoft). Many of the Windows users who were targeted were not using an updated, or a licensed version of this software making them even more vulnerable to patches that could not be fixed in the Microsoft updates. In the wake of this viral attack, Microsoft released a statement outlining the efforts they were making to avoid these attacks in the future. However, they also called on the public to become more aware of their own responsibility in updating their computers and backing up their information with an external drive and cloud software. Proactive actions are the key to being safe online. This idea of being proactive is also what stopped the ransomware attack from continuing to spread. A young cybersecurity student in the UK decided to look more closely at the software behind the attack and discovered a kill switch. The malware was using “a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading” (The Guardian). Once the student located the domain name, all he had to do was buy it. The domain cost $10.69 and was immediately registering thousands of connections every second; once it was purchased the malware was stopped in its tracks. Additionally once this domain was bought he was able to determine the IP addresses attached to the malware and reported them to the authorities. Though this was a great victory, in the world of Cybersecurity it is just a temporary fix. There are just as many entities creating malware as there are cybersecurity experts trying to stop them. What makes this malware attack so dangerous is that it can be replicated and reused at any time.
Backing up files, or storing information in the Cloud, and regularly updating your software are the best measures you can take to protect yourself from ransomware. As we mentioned in a previous blog on email phishing, it is imperative that you avoid any email from a company or bank that is asking for your personal information via email.
If you are interested in becoming a cybersecurity expert yourself, consider a degree from Coleman University. Perhaps it could be you that stops the next big cyber-attack in its tracks! Call (858) 499-0202 for information on our technology focused programs.
Cybersecurity is a hot button topic lately. With the rumors of Russian infiltration into the United States Presidential election, and the exposure of private emails and photos onto sites such as WikiLeaks, the privacy that we covet online is becoming increasingly endangered. With the recent phishing scam going through Google Docs, it is imperative to remember the necessary steps to take online in order to ensure that you are not a target of a scam. First, let’s review what online scamming/phishing looks like, and the ways to spot one.
The most likely scam that you will encounter is a phishing email that can be sent to your accounts. Phishing is defined by the Merriam-Webster Dictionary as “a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.” An email may look legitimate with logos and graphics, but that does not mean that it should be taken at face value. For example, banks have taken a stance against phishing by only allowing account actions to be completed through their own websites or at a physical bank location. Your private bank will never ask you for passwords, social security numbers, account numbers, routing numbers, or any other private information via email (Telegraph.co.uk). Be on the lookout for emails that inform you of account changes or updates; if you did not authorize changes, immediately report this issue. The best course of action to protect yourself if you feel that you have been targeted by a scam is to document as much as you can with photos, emails, and phone calls. If an email comes into your inbox that seems suspicious call the company that supposedly sent it and ask about the email. Taking the initiative to validate the email before responding is one of the best ways to protect yourself from online threats. So what happened in regards to the Google Docs scam that went viral last week?
Gmail users were sent a notification from a known contact to click on a shared Google Doc. In order to access the document, the users had to authorize a transfer of contact information to the sender. Since the sender was perceived to be a friend or family member, there was little hesitation to allow this authorization. Routing the doc through an unauthorized Google Docs app prompted the Gmail user to allow the application to take control of their email information as a “management” tool (BGR.com). As a result, any personal information attached to contacts was downloaded and stored. Google reported shortly after this spamming went viral that over one million accounts were potentially compromised and the unauthorized application was shut down, as well as the email accounts that were the source of the scam. Information from email accounts linked to sites such as iTunes, Amazon, Twitter, and Facebook were the most vulnerable to this scam. Any users who had encountered this phishing email were asked to change their emails and passwords immediately. An interesting thing to note is that a majority of these emails were addressed to “firstname.lastname@example.org” (Forbes.com).
One of the first things that you should look for when it comes to identifying phishing emails is the sender’s name, the name that they have addressed the email to, and the language they have used. If there are typos, or if the language is not clear, that should be your first indication that the email in question is not valid. Most often the email address of the sender will look like an official domain, but there could be minor differences such as a period between words, or a domain extension from another country such as “.ru” or “br”, which can be hard to miss. If links are provided in the body of the email, hover your cursor over them and the destination for the link should pop up. If an IP address comes up instead of the domain name, then the link could be fraudulent. Another item to look for is the tone of the message. If you receive an email that has a threat such as closure of an account, that tone is your best indication that the message is fraudulent. A good source of examples for phishing is the Microsoft website, which also lists the information for phishing phone calls and how to report phishing activity.
Taking that extra moment to evaluate an email is your best line of defense in keeping your private information safe. Make sure to update your email passwords and delete unwanted or fraudulent emails as soon as possible. If you are interested in how online security works, and want to learn more about protecting online identities think about the possibility of a career in Cybersecurity. This field is growing fast and will be a lucrative degree option long into the future. Call Coleman today to schedule an appointment and speak with an admissions counselor at (858) 499-0202 Monday through Friday.
Here’s our new Network Security Commercial!
You can be on the front line of network defense and cyber security by turning your skills into a career in the Network Security program at Coleman University.
Secure networks and reliable transfer of data have become increasingly vital for successful businesses. Network Security professionals are needed to build, manage, maintain a stronger and safer digital world.