AXEL.org

Blog

What Does Cyberwarfare Look Like? Just Ask Ukraine.

Since March of last year, Russia has been deploying troops close to the Russia-Ukraine border [1]. While troop movement within a nation is typically normal, Russia’s relationship with Ukraine is anything but. Since 2014, Russia has aggressively shown its desire to annex Ukrainian territory, starting with its occupation of Crimea, a territory that was formerly part of Ukraine, but mostly comprised of people of Russian ethnicity. However, it soon became clear that Crimea was just the beginning for Moscow’s leaders. Following Russia’s occupation of Crimea in 2014, the country began to use unique, digital strategies to destabilize Ukraine.

Beginning in 2015, Russia has engaged in flagrant cyberwarfare with Ukraine. And these attacks weren’t just data breaches and ransomware attacks; they’ve affected nearly every resident of Ukraine. Ultimately, the Russia-Ukraine conflict could be a sneak peek of how war is waged in the future.

Hackers Target Ukraine

Following Russia’s annexation of Crimea, Ukraine saw relative calm for almost two years. However, in December 2015, Russia launched an effective, atypical attack. On December 23, a Russian cyber-military unit, “Sandworm,” attacked Ukraine’s power grid, and knocked out electricity to over 200,000 Ukrainians.[2] Thankfully, power was restored to most places within six hours. Although a few hours without electricity isn’t exactly a devastating attack, it was undoubtedly worrying. After all, this was the first-ever confirmed hack that took down a power grid.[2] Additionally, power grid control centers were still not fully operational over two months after the attack, highlighting the sheer strength and organization of the attack.

Unfortunately, this was not the only cyberattack that Russia has executed on Ukrainians. One year later, in December 2016, Russia again attacked Ukraine’s power grid.[3] They quickly followed up by targeting Ukrainian banks and state-owned industries in June 2017.[4] Following this major attack, Russia seemed to calm down, and tensions actually diffused for a few years. However, this changed in early 2022. As Russia began to mobilize its troops toward the Ukraine border, Moscow launched another cyberattack. This time, Russians were able to take down over 70 Ukrainian government websites, along with a message that warned Ukrainians to “Prepare for the worst.”[5]

Although Russia launched multiple effective cyberattacks, many cybersecurity experts believe Russian President Vladimir Putin could have ordered the attacks to be so much worse. After all, Ukraine’s 2016 power grid outage only lasted for about an hour. This made some believe that Russia was using Ukraine as a “testbed” for refining cyberattacks that could be used globally[3]. No matter Russia’s ultimate purpose, these cyberattacks show a glimpse of Russia’s unique military strategy.

Disinformation Campaigns

In addition to cyberattacks, Russia has also used the Internet to sew instability within Ukraine as well. When Russia invaded Crimea in 2014, the country used state media and social media to sway ethnic Russians in Ukraine to support the annexation.[6] These accounts falsely alleged that Western forces manipulated Ukrainian protests, and also fabricated stories of Ukrainian soldier misconduct. Using this disinformation, Russia was able to gain enough support to annex Crimea with (relatively) little pushback.

If these disinformation efforts sound familiar, well, they are. Russia used similar techniques to meddle in the United States’ 2016 presidential election.[6] It’s a sinister, yet successful strategy for promoting Russian interests. With the emergence of the Internet and the popularity of social media, information warfare is relatively simple. Being able to kindle instability from thousands of miles away is a new, anxiety-inducing strategy that is being utilized in Ukraine, the United States, and other nations. Although it may not lead to traditional warfare casualties, Russia’s cyberwarfare actions have been extremely successful in promoting Putin’s interests.

What Would a Cyberwar Look Like?

When people think of cyberattacks, most think of data breaches and ransomware attacks. Damaging, yes, but they typically don’t harm anyone outside of the affected business and its customers. Cyberwarfare is very different. While Russia’s power grid attacks on Ukraine were effective, they were not nearly as devastating as they could have been. If Russia chooses to execute full-strength cyberattacks, the consequences could be deadly. In this scenario, Russia could shut off most of the country’s electricity, disable heat in the middle of winter, and shut down Ukraine’s military communications.[7] A cyberattack like this could make it astonishingly easy for Russia to successfully invade Ukraine. While an attack of this magnitude has not been undertaken by Russia or any other nation, the possibility of one is undoubtedly concerning. Full-fledged cyberwarfare is something the world has never seen, but the possibility of it increases every day.

Of course, it’s naive to assume that Russia is the only country preparing for cyberwarfare. The United States certainly has the capability to defend itself against cyberwarfare, and the ability to execute offensive cyberattacks. In fact, the United States was one of the first nations to engage in an act of cyberwarfare. In 2010, the U.S. and Israel jointly infected Iran’s nuclear infrastructure with the Stuxnet computer worm.[8] This attack crippled Iran’s nuclear program, highlighting just how successful cyberattacks can be.

When it comes to cyberwarfare, we really don’t know what the rules are yet. If Russia attacks another nation’s electricity or heat, indirectly leading to civilian deaths, is that a war crime? Or is remotely targeting infrastructure fair game? There are dozens of questions that haven’t been answered. Unfortunately, we may learn these answers during a future cyberwar. Whether this new kind of war is waged between Russia and Ukraine, the U.S. and China, or some other combination of unfriendly nations, we know the consequences of cyberwarfare will be severe.

About AXEL

Cybercrime is an ever-present threat. Thankfully, AXEL makes it easy to protect yourself from ransomware and data breaches. At AXEL, we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Roth, Andrew. “EU and UK Pledge Backing to Ukraine after Russian Military Buildup.” The Guardian. Guardian News and Media, April 6, 2021. https://www.theguardian.com/world/2021/apr/05/eu-sounds-alarm-at-russian-troops-ukraine-border-moves

[2] Zetter, Kim. “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid.” Wired. Conde Nast, March 3, 2016. https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

[3] Zetter, Kim. “The Ukrainian Power Grid Was Hacked Again.” VICE, January 10, 2017. https://www.vice.com/en/article/bmvkn4/ukrainian-power-station-hacking-december-2016-report

[4] Polityuk, Pavel, and Alessandra Prentice. “Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack.” Reuters. Thomson Reuters, June 27, 2017. https://www.reuters.com/article/us-ukraine-cyber-attacks-idUSKBN19I1IJ

[5] “Ukraine Cyber-Attack: Russia to Blame for Hack, Says Kyiv.” BBC News. BBC, January 14, 2022. https://www.bbc.com/news/world-europe-59992531

[6] Merchant, Nomaan. “US Tries to Name and Shame Russian Disinformation on Ukraine.” ABC News. ABC News Network, January 28, 2022. https://abcnews.go.com/Politics/wireStory/us-shame-russian-disinformation-ukraine-82526617

[7] Miller, Maggie. “Russian Invasion of Ukraine Could Redefine Cyber Warfare.” POLITICO, January 28, 2022. https://www.politico.com/news/2022/01/28/russia-cyber-army-ukraine-00003051

[8] Melman, Yossi. “’Computer Virus in Iran Actually Targeted Larger Nuclear Facility’.” Haaretz.com. Haaretz, September 28, 2010. https://www.haaretz.com/1.5118389.

National Data Privacy Day: The Internet isn’t Anonymous Anymore

In the late 1990s, when the Internet truly hit the mainstream, people were often struck with a mixture of wonder and fear when they sat down at their computer desk. Back then, the Internet offered limitless information and global communication instantly, two things simply unheard of just a decade prior. When users browsed the Internet, it felt like an adventure, with websites acting as friendly navigators. Although the early Internet certainly had its problems, it didn’t feel like a business tool or high-tech gizmo. It felt like a toy for grown-ups.

As the Internet matured, this wonder eventually turned to familiarity. Gone were the days of simple AOL chat rooms and catching up on news. Businesses started to harness the Internet’s power, and the mystery of the Internet began to fade. The Internet wasn’t a toy anymore; it was a necessary tool that we had to use if we wanted to keep up with work, friends, and the world in general. And with the Internet becoming more ingrained in everyday lives, the anonymity of online spaces disappeared as well.

January 28th is National Data Privacy Day, and AXEL is celebrating by highlighting the importance of digital privacy and why stronger privacy protections are required for a safe, secure Internet.

Digital Privacy in the Early Internet

In the early days of the Internet, websites were radically different than they are today. In the late 1990s, nearly every site was built only using HTML and images, with no tracking capabilities. Because of how simple these websites were, few sites offered personal accounts, so users simply weren’t motivated to give information up. Simply put, users knew little about websites, and websites knew little about their users.

The Internet remained this way for a few years, offering simple services in exchange for a hefty fee. For example, AOL charged users over USD $20 per month to use its Internet software.[1] In the late 1990s and early 2000s, the Internet was widespread, but there was still a significant barrier to entry. However, the invention of a delicious digital tool would soon change the business model of Internet-based companies: Cookies.

Cookies are small text files that are sent from website servers to a user’s computer, allowing a server to identify and remember a specific user.[2] While this sounds simple, Cookies spearheaded a massive change to website design and user accessibility. From remembering website preferences to revolutionizing online shopping, cookies offered a multitude of benefits to users. While cookies undoubtedly offered intuitive features for early Internet users, they also were a turning point in the prioritization of online privacy. After the widespread adoption of cookies, the Internet ceased being anonymous.

In addition to cookies, the rise of social media in the early 2000s radically changed how users approached the Internet. In the late 1990s, Internet users were typically wary of revealing personal information online, and for good reason. However, the rise of early social media sites like Friendster, MySpace, and Facebook changed the way users approached the Internet. No longer were people confined to anonymous AOL usernames; users could simply search their friends’ names in order to communicate with them online. While this was certainly an exciting feature in the early 2000s, it led to the normalization of digital footprints.

Online Privacy Today

Today, nearly everyone in the world has a digital footprint. Try it! Search your name and see what comes up. Websites and images from years ago regularly appear, even from posts and webpages that have been deleted. Worst of all, even if you delete all of your online accounts, those images are likely to stay there forever. While this de-anonymization does have benefits, say, looking people up for job interviews or first dates, it also represents a complete dissolution of online privacy.

While these digital footprints can be unnerving for some, they ultimately don’t have a massive effect on overall online privacy. After all, a few posts and images are nothing for Big Tech. What Big Tech can use, however, is data. And the vast majority of that data comes from cookies. Unfortunately, today’s cookies don’t just auto-fill URLs or remember your shopping cart. Modern cookies are built to track and analyze every single click we make. Using these cookies, Big Tech companies like Google, Amazon, and Facebook are able to collect massive amounts of information on us. For example, Google likely knows if you have a medical problem, your current address, and what political party you support.[2] All of this information is then used for one purpose: Delivering hyper-targeted digital ads.

These pesky advertisements are the lifeblood of Internet-based companies. Think about it: Many of the web’s most used applications are completely free. Useful sites like Gmail, Facebook, and Twitter are completely free for all users, yet these companies are worth billions. This is Big Tech’s dirty little secret: They’re not selling their products and services to you. They’re selling you and your data to advertisers.[3] And the more data they have on you, the more they can charge advertisers. This is why companies like Amazon and Google typically sell many of their products at a loss. For example, when Amazon prices an Echo Dot at USD $20 during the holidays, Amazon isn’t making a profit off the sale of the hardware; it’s making a profit from all the new, personal data that users give to the device. Ultimately, Big Tech is financially motivated to collect more and more personal data, putting everyone’s digital privacy to the side.

What Should Be Done?

First, increased regulation of hyper-targeted advertisements would be a massive victory for digital privacy. The amount of data that Big Tech companies have on us is staggering, and they’re encouraged to collect as much as possible to sell to advertisers. Selling data about extremely sensitive subjects like medical history ought to be banned. After all, advertisers shouldn’t have access to people’s sensitive health information. Additionally, allowing users to opt-out of tracking would be another win for privacy advocates. Cookies do offer legitimate features for users, so most would still accept tracking. However, simply offering a choice to opt-out would be incredible progress for digital privacy in the 2020s.

Big Tech corporations make billions by trivializing our digital privacy and prioritizing advertisers over people. Unfortunately, these companies are financially motivated to collect as much data as possible, so without regulation, this trivialization of privacy is likely to continue. Fortunately, there is hope: The European Union has a law that allows users to opt-out of tracking cookies,[4] and similar legislation is possible in the United States. Although Big Tech would certainly fight back with shady tactics, an opt-out law would be the biggest victory for privacy of the 21st century.

About AXEL

Time and time again, Big Tech has prioritized its profits over privacy, putting their users at risk. At AXEL, we’ll never sell your data to third-party advertisers because we believe that your private information should stay private. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] “AOL Hikes Price to US$21.95.” Wired. Conde Nast, February 9, 1998. https://www.wired.com/1998/02/aol-hikes-price-to-us21-95/

[2] Hill, Simon. “The History of Cookies and Their Effect on Privacy.” Digital Trends. Digital Trends, March 29, 2015. https://www.digitaltrends.com/computing/history-of-cookies-and-effect-on-privacy/

[3] King, Bertel. “Why Targeted Ads Are a Serious Threat to Your Privacy.” MUO, April 1, 2019. https://www.makeuseof.com/tag/targeted-ads-threat-privacy/

[4] Lomas, Natasha. “Europe’s Cookie Consent Reckoning Is Coming.” TechCrunch. TechCrunch, May 31, 2021. https://techcrunch.com/2021/05/30/europes-cookie-consent-reckoning-is-coming/

AXEL’s Guide to Remote Work

In March 2020, nearly every office worker was filled with anxiety about the prospect of remote work. With no warning and little preparation, a significant portion of the world’s workforce was forced to do their jobs from home, many with no experience of at-home work whatsoever. It was a stressful and unique time, learning new skills and software from home, all while the looming threat of COVID-19 was ever-present in peoples’ lives. This radical, immediate shift to at-home work was unlike anything workers had ever faced before.

But then something funny happened: We got used to it. Not only did employees begin to tolerate remote work, but they enjoyed it more than traditional work at the office. In fact, nearly 50% of workers stated that they’d take a pay cut to continue working remotely [1]. 25% stated that they would quit their jobs if they couldn’t work remotely anymore, and 70% say they find virtual meetings less stressful than in-person meetings.

Now, with remote work popularized and here to stay, here are some ways to maximize your efficiency, create a healthy work-life balance, and overcome some of the unique challenges of at-home work.

Maintain a Healthy Work-Life Balance

Although remote work offers incredible flexibility for employees, that flexibility comes with a price. 45% of remote workers say they work longer hours than they did before, and the picture is even bleaker for younger workers [2]. With the rise of remote work, employees are working longer hours and more weekends, putting a healthy work-life balance at risk. With bedrooms becoming the new office, it can be concerningly easy for worklife and homelife to blur. Thankfully, there are a few strategies that can help workers separate their job and their home life.

First, one of the most useful strategies to utilize is scheduling. Most employees have a specific time to clock in and clock out. Even when you’re working from home, sticking to those specific times helps separate work and home. Additionally, it’s helpful to schedule breaks in advance as well, to provide structure to the workday. Creating a schedule and sticking to it is one of the best ways to prioritize a healthy work-life balance. 

Additionally, it’s helpful to create specific places for work as well. Set aside a desk, office, or even just a chair for work, and only use it during work hours. This way, your home can be split into two, with distinct workspaces and homespaces. This way, once you’re at your work desk, you’ll be able to focus solely on work, rather than allowing your work life and home life to intersect. Although these strategies sound simple, they help workers separate their work and personal lives immensely. Just following these two strategies can help maintain (or even increase) worker efficiency, while also promoting healthy distinctions between work and home.

Embrace Change

When workers were sent home in March 2020, they were forced to learn new programs on the fly. From Zoom meetings to Slack channels, workers involuntarily embraced modern workplace technology. Many workers had never even participated in a Zoom meeting before the pandemic, but now they’re practically the norm. Additionally, programs like Slack, Skype, and Microsoft Teams surged in popularity, even among offices that were previously low-tech. Ultimately, although the pandemic forced employers and workers to try new programs, it allowed nearly every workplace to embrace modern workplace technology. Now, nearly every worker is technologically savvy enough to get work done from home. The rapid modernization of many offices was certainly one of the hidden blessings of the pandemic.

In addition to embracing new software and programs, remote work has allowed employees to embrace new places as well. On the more common side, many workers enjoy leaving their homes for part of the workday. After all, some people may work best next to the office-like bustle of a coffee shop, or the eerie silence of a local library. Remote work allows workers to try out different working environments to determine which location works best for them. Additionally, some workers have even become “digital nomads,” employees who travel often, but are still full-time remote workers. Because remote work allows unprecedented flexibility in where work gets done, it’s no wonder why many employees prefer working out of the office.

Utilize New Tech

Even before the pandemic hit, new workplace collaboration software made our jobs so much easier. Now, dozens of useful programs are readily available to businesses, making the transition to remote work even more simple. Useful programs include: 

  • Slack, a business communication software that features chat rooms organized by department, team chats, and direct messaging.
  • Todoist, a workplace organizing software that schedules and shares tasks, meetings, and projects.
  • GitHub, a hosting service for software development that allows users to comment and collaborate on each other’s coding projects.
  • Clio, a practice management software for law firms that collects and finalizes documents remotely.

Don’t be afraid to try out new technology! There are dozens of useful programs available, no matter what industry you work in. Whether it be work automation or business communication, workplace software is a wonderful tool that can help your business. Embracing new technology can be scary, but the benefits certainly outweigh the stress. After all, we were all anxious about Zoom meetings in 2020, but now, they’re second-nature, and help us get work done effectively. The best workers and businesses are unafraid of trying out new technology, so keep an eye out for new programs that can help you get work done more efficiently.

Communication is Key

During in-office work, it’s easy to stay in the loop. With remote work, staying informed and updated on your team’s latest projects can be a bit trickier. That’s why it’s extremely important to communicate often with coworkers and managers alike. Make group chats with your team, so no one is left behind, and follow up often to ensure everyone is on the same page. Without in-person meetings, everyone has to know their responsibilities. Embracing consistent, clear communication helps ensure that tasks don’t slip through the cracks.

Additionally, communication doesn’t only have to be about work. One of the biggest drawbacks of remote work is the loss of office camaraderie. This loss is particularly felt by young employees, many of whom are starting their career without ever meeting their coworkers in real life [3]. One way to mitigate this effect is to encourage casual conversation among employees. Whether it be as simple as a “water cooler” Slack channel or occasional Zoom hangouts with coworkers, fostering connections between employees not only helps workers avoid burnout, but also helps cultivate a distinct company culture.

Overcome Challenges Together

One of the most difficult aspects of remote work is time management, particularly when your coworkers are in different time zones. Unplanned meetings are often too difficult to pull off successfully in a remote work environment. That’s why it’s extremely important to plan projects, tasks, and meetings well in advance, so every employee knows what’s coming up, and when to be available. Of course, sometimes things come up and require immediate action, but giving your best effort to plan in advance not only helps you stay organized; it helps your entire office stay coordinated and running smoothly.

Finally, one of the biggest challenges with remote work is technology. With no on-site IT department, workers are often on their own when they encounter a tech problem. That’s why businesses ought to have clear guidelines regarding technology. Some helpful tech tips include:

  • Only using secure Wi-Fi networks.
  • Immediately downloading software updates.
  • Using a secure file-sharing service (like AXEL Go!)
  • Creating an incident response plan in the event of a data breach.

Tech problems will always be present, whether you’re working at the office or at home. That’s why offices need to communicate with employees regarding technology and cybersecurity. Creating and enforcing technology guidelines can help both employees and the business stay safe from cyberthreats.

About AXEL

As remote work becomes the norm, cybersecurity ought to be a priority for all businesses. At AXEL we believe that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Collins, Terry. “Work Remote after COVID? Nearly 50% of US Workers Would Take a Pay Cut for It, Survey Says.” USA Today. Gannett Satellite Information Network, November 11, 2021. https://www.usatoday.com/story/money/2021/11/11/workplace-survey-remote-pay-cut-covid/6367601001/

[2] Maurer, Roy. “Remote Employees Are Working Longer than Before.” SHRM. SHRM, July 6, 2021. https://www.shrm.org/hr-today/news/hr-news/pages/remote-employees-are-working-longer-than-before.aspx

[3] Petersen, Anne Helen, and Charlie Warzel. “Remote Work Is Failing Young Employees.” The New York Times. The New York Times, November 22, 2021. https://www.nytimes.com/2021/11/22/opinion/remote-work-gen-z.html

How Law Firms Should Handle Cybercrime

Law firms are extremely unique places of business. They don’t rely on releasing products, but on a specific service that requires the collection of confidential information from clients. Further, because law firms typically serve multiple clients at a time, they hold a wealth of information on both corporations and individuals. And this knowledge isn’t run-of-the-mill company fun facts; it’s the scandalous, salacious, highly-confidential information that would cause chaos if publicly revealed. 

Unfortunately, cybercriminals have realized this, and have taken decisive action. In the past few years, law firms have become a prime target for cybercriminal organizations because of their combination of valuable data and relatively lax cybersecurity. This culminated in a 2020 attack by REvil, a notorious ransomware gang, on Grubman Shire Meiselas & Sacks, demanding a USD $42 million ransom for the near-terabyte of stolen data [1]. Overall, 29% of firms recorded a security breach in 2020, according to an ABA survey [2].

It’s clear that law firms are a top target of cybercriminal gangs. Therefore, it’s important to stay informed on these gangs’ strategies, and the best ways to prevent cyberattacks.

How do Cybercriminals Attack Firms

Although cybercriminal organizations typically have “go-to” strategies, there isn’t one specific way that all law firms are attacked. Whether it be with phishing emails, malware, or even insider attacks, there are a variety of ways that law firms can be targeted. While large firms were mostly targeted a few years ago, cybercriminals have recently shifted their priorities. Due to the global crackdown on ransomware gangs, these diabolical organizations started to target small and mid-size firms, avoiding the publicity (and government attention) that an attack on large firms would bring. In fact, mid-size law firms have become the prime target for cybercriminals [3]. After all, these firms still have loads of valuable information, but likely have much less stringent cybersecurity measures.

Concerningly, fewer than half of all law firms use simple security measures like two-factor authorization and file encryption [2]. With a significant portion of firms having no cybersecurity protection beyond usernames and passwords, it’s no wonder that cybercriminal gangs have raked in money from desperate firms. In 2021, the average ransomware payment was USD $140,000, a massive figure for small and mid-size firms [3]. Unfortunately, if an unprepared firm is hit with ransomware, there is typically no other option but to pay the cybercriminals to unlock their encryption and return the stolen data. That’s why the best defense against cyberattacks is preparation.

Legal and Moral Obligations

While there is no federal law requiring law firms to have certain cybersecurity precautions, some individual states and industries do regulate firms’ cybersecurity practices. For example, firms that handle financial data may be subject to the Sarbanes-Oxley Act of 2002, a law that mandates stringent recordkeeping and reporting [4]. Further, certain states like New York and California have more cybersecurity regulations on their books. For example, New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act mandates prompt public disclosure in the event of a security breach [4]. These regulations ultimately help firms stay prepared for cyberattacks, while also serving the public interest if a cyberattack were to occur. Failure to follow these regulations could lead to investigations, lawsuits, fines, and an overall loss of public trust.

In addition to federal and state laws, law firms must also follow the American Bar Association’s (ABA) Model Rules of Professional Conduct. One rule states that lawyers must take

Reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client [4].

Additionally, the ABA requires firms to reasonably inform clients about the status of a cyberattack. While the term “reasonable efforts” is certainly open to interpretation, the ABA is clear: It’s an ethical obligation for firms to prepare for cyberattacks. In today’s digital world, handling client data unsafely isn’t only irresponsible; it’s immoral.

What Can Law Firms Do?

So, we know that law firms are ethically, and in some cases legally, required to take reasonable precautions for cyberattacks. But what exactly can firms, particularly small and mid-size, do? Businesses like this simply can’t afford the cybersecurity infrastructure of large firms, with dedicated staff and numerous expensive programs. Thankfully, providing strong protection from cybercrime is simple and inexpensive.

The best way to prevent data breaches and ransomware attacks is to cultivate a culture of security in the workplace. Specifically, this means embracing simple safeguards like two-factor authorization and file encryption. Just taking these two precautions vastly lowers the risk of a successful cyberattack. Additionally, having yearly (or even twice-a-year!) training on cybersecurity risks helps create a culture of security as well. Think about it: Phishing emails are typically well-disguised. But if all employees know the difference between an innocent work email and a nefarious phishing attempt, your firm will be significantly safer.

Finally, in the unfortunate case that a firm is hit with a cyberattack, it’s extremely useful to have an incident response plan. As a cyberattack is occurring, every minute counts, and having a specific plan can be the difference between a devastating data breach and a failed attempt. If employees know what to do immediately, whether it be turning off all computers, shutting down Wi-Fi, or calling a trusted expert, firms can minimize the risk, or at least lessen the impact, of a surprise cyberattack. Unfortunately, just 34% of firms maintain an incident response plan [2]. While this is an increase from past years, this shows there is still a long way to go regarding cybersecurity at law firms.

About AXEL

Law firms will continue to be targeted by nefarious cybercriminals. Thankfully, AXEL is prepared. At AXEL, we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go, a secure file sharing software. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Shankar, AJ. “Council Post: Ransomware Attackers Take Aim at Law Firms.” Forbes. Forbes Magazine, March 11, 2021. https://www.forbes.com/sites/forbestechcouncil/2021/03/12/ransomware-attackers-take-aim-at-law-firms/

[2] Loughnane, John. “2020 Cybersecurity.” Americanbar.org. American Bar Association, October 19, 2020. https://www.americanbar.org/groups/law_practice/publications/techreport/2020/cybersecurity/

[3] Dalton, Brian. “Law Firms Stagger through Ransomware Attacks.” Above the Law, November 2, 2021. https://abovethelaw.com/2021/11/law-firms-stagger-through-ransomware-attacks/

[4] “5 Cybersecurity Risks and 3 Obligations for Law Firms.” The National Law Review, July 8, 2021. https://www.natlawreview.com/article/5-key-data-privacy-and-security-risks-arise-when-organizations-record-job-interviews

National Technology Day: How Tech has Changed the Way We Live

What was life like twenty years ago? What technology did we use? How did we get work done in 2002? While twenty years may seem like a relatively short period of time, our everyday lives have drastically changed over the past two decades. We went from flip phones to iPhones, from CDs to music and video streaming, from printed-out MapQuest papers to instant GPS directions. In the past twenty years, modern technology has changed nearly every aspect of our lives. 

Because of the incredible technological advances we’ve seen in the past twenty years, AXEL founded National Technology Day, a holiday celebrated every year on January 6th. On National Technology Day, we encourage everyone to reflect on the advances made in business, culture, and entertainment. From maximizing efficiency at the office to sharing your own media online, technology has changed the way we live and will continue to change our lives in the future. While it’s unclear what the world will look like in twenty years, we do know one thing: Technology will continue to innovate.

With that said, here are a few ways how recent technological advances have radically impacted our everyday lives:

How Tech Changed Public Health

Undoubtedly, one of the greatest technological triumphs in public health in the past twenty years has been the widespread use of messenger RNA (mRNA) vaccines. Most COVID-19 vaccines are mRNA vaccines, and with billions of doses administered in one year, these high-tech vaccines have saved countless lives. But how are mRNA vaccines different from traditional vaccines? With an mRNA vaccine, a weakened pathogen isn’t injected into your body like with traditional vaccines. An mRNA vaccine delivers “coded” mRNA to your immune cells, and using that code, your immune cells can produce proteins that are found on the specific pathogen [1].

The development of mRNA vaccines was made possible by technological advances in the pharmaceutical industry. Although they are relatively new today, mRNA vaccines have been studied and theorized for decades. Finally, modern technology caught up with researchers, and a new soldier in the war on infectious diseases was created.

While vaccines have certainly had a massive impact on the world, they aren’t the only way that technology has changed public health. An obvious example is the rise of fitness and health trackers. Today, about one in five Americans use a fitness tracker and corresponding app [2]. With these trackers, users can track their steps taken, calories burned, steps climbed, blood pressure, sleep quality, and dozens of other metrics. While research on their effectiveness has been mixed, fitness trackers give people fun, convenient ways to check on their health [3].

How Tech Changed Education

If the pandemic taught us one thing, it’s that technology allows us to be connected, even when we can’t be physically present together. This was particularly apparent when schools across the world were closed and classes were taught online. Although there are certainly valid criticisms of e-learning, the fact that instruction was able to continue in the midst of a pandemic highlights just how much technology allowed education to evolve. Now, almost every lecture or assignment can be completed online, ensuring that education can continue even after future pandemics or natural disasters.

While e-learning is certainly new, the advancement of technology has always correlated with expanded access to education [4]. Think about it: 500 years ago, the only educational materials were books, and books were only available to the extremely well-off. However, the technological innovation of the printing press made books far more available for middle and lower-class people. Now, thanks to the Internet, there are millions of educational websites and videos available to all. Today, a student can learn calculus or biology from reliable sources on their own time, for free. While some may criticize technology for “dumbing down” our youth, it’s a simple fact: Technological progress leads to greater access to education.

How Tech Changed Business

Even before the pandemic, technology was radically changing the modern office. One of the biggest changes in the past twenty years has been the way employees share information with each other. Although email existed twenty years ago, it was certainly in its infancy, and when files needed to be shared, physical documents were printed off and delivered. Now, most documents are shared electronically, without the need for paper and ink, helping to save businesses time and money. Outside of file-sharing, even the way workers communicate with each other has greatly changed. Today, software applications like Slack make it easy for employees to communicate without anyone being left out of the loop. Technological advances have made office communication digital and instantaneous, making the necessary transition to remote work during the pandemic relatively simple.

Outside of office communication, technology has allowed businesses to increase efficiency in nearly every department. From resumé software to digital marketing, technology has greatly changed the way businesses operate. Unfortunately, this also means that the businesses that haven’t embraced technology are at risk of going under. After all, if your business doesn’t have a digital presence, such as social media or a simple website, it may as well not exist. 

Technology has fundamentally changed the way work gets done in the United States, and it’s not done changing either. In twenty years, Mark Zuckerberg’s vision of the “Metaverse” may become our everyday office. One thing is known: If it can save money, businesses will continue to test and use innovative modern technology.

How Tech Changed Cybersecurity

Twenty years ago, “cybersecurity” was little more than simply having a password. Unfortunately, as technology has progressed, so have cybercriminals. Today, features like encryption, multi-factor authorization, and artificial intelligence are the norm when it comes to cybersecurity. 

It’s no coincidence that the technological advancement of computers and their related technologies is correlated with the number of cybercriminal attacks [5].

In 2002, cybercriminals mostly utilized phishing attacks to make their money. Cybercriminals used fake emails and pop-ups to trick users into divulging their names, addresses, credit card information, or even Social Security numbers. Thankfully, most of these phishing attacks were easy to identify [5]. However, cybercriminals quickly learned even more efficient methods of making money. Today, ransomware is the main tool that cybercriminal organizations use to wreak havoc around the world. Much more efficient than individual phishing emails, ransomware can shut down an entire business, forcing executives to pay millions in order to get their data back. Put simply, as technology has advanced, so too have cybercriminals. It’s an unfortunate fact, but all hope is not lost.

While cybercriminals are taking advantage of modern technology for a quick buck, more savory organizations are also working to prioritize security. Even AXEL is utilizing modern cybersecurity technology in innovative ways to protect users. One of AXEL’s patents, US11159306B2, describes a token identification system that allows users to perform transactions privately, while making the transaction verification public. This technology prioritizes the digital privacy of users, secures the specific aspects of the transaction, and offers public verification. Patents like this are being presented, approved, and utilized every day, creating a more private, secure Internet. So while cybercriminals may be quick to exploit technological flaws, an army of individuals and businesses are ready to fight for digital security.

About AXEL

Technology will continue to advance, and our lives will become more digitized than ever before. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Dolgin, Elie. “The Tangled History of mRNA Vaccines.” Nature News. Nature Publishing Group, September 14, 2021. https://www.nature.com/articles/d41586-021-02483-w

[2] “19% Of Americans Use Wearable Fitness Trackers and MHealth Apps.” Mercom Capital Group, October 13, 2021. https://mercomcapital.com/90-americans-wearable-mhealth-apps/#:~:text=According%20to%20a%20new%20survey,or%20tablet%20app%20(32%25)

[3] Marks, Adam. “Do Exercise Trackers Make You Healthier?” Ace.edu, February 16, 2021. https://www.ace.edu/blog/post/2021/02/16/do-exercise-trackers-make-you-healthier

[4] “How Has Technology Changed Education?” Purdue University Online.. https://online.purdue.edu/blog/education/how-has-technology-changed-education

[5] Acharjee, Sauvik. “The Evolution of Cybercrime: An Easy Guide (2021).” Jigsaw Academy, February 13, 2021. https://www.jigsawacademy.com/blogs/cyber-security/evolution-of-cybercrime/

The World’s Top Hacking Groups – Part 2

In Part 1 of AXEL’s feature on the world’s top hacking groups, we featured some of the leading cultivators of chaos in the world. From state-sponsored groups like Bureau 121 to leaderless hacktivist organizations like Anonymous, no two hacking groups are the same. Each organization has different personnel, goals, and methods of achieving those goals, with some more successful than others. In a way, these criminal syndicates are extremely similar to traditional businesses: If you’re financially successful, your group will flourish. If you struggle to make steady income, you’ll lose employees and, eventually, your entire company.

However, just as it is in the business world, there are some hacking groups that are seemingly too big to fail. Typically, these groups are state-sponsored, and receive oodles of cash for security purposes. While these state-sponsored groups may rarely grab headlines, these are the syndicates that truly hold the most power. After all, an independent hacker group can be taken down with a thorough investigation. A hacker group supported by a powerful nation is extremely unlikely to ever face investigations or oversight from other nations.

These four groups represent some of the most powerful hacking organizations in the world:

Cozy Bear

Cozy Bear is yet another Russian state-sponsored hacking group that focuses on attacking Western governments and media [1]. This group, however, seemingly has an intense focus on the United States. In 2014, the group hacked the State Department and the White House’s email systems, and in 2020, breached the Commerce and Treasury departments [2]. As part of Russia’s foreign intelligence service, Cozy Bear, along with sibling hacking group Fancy Bear, hacked into the Democratic National Committee (DNC) in 2016. Oddly enough, Cozy Bear and Fancy Bear were unaware of each other’s activities, and both independently hacked the political committee [3].

Although Cozy Bear and Fancy Bear both breached the DNC’s servers in 2016, Cozy Bear’s latest actions show that these hacks aren’t done for partisan purposes. In July 2021, the group breached the servers of the Republican National Committee (RNC) [4]. Ultimately this highlights Russia’s main strategy regarding cyberwarfare. The goal isn’t to make sure a certain candidate wins; it’s to undermine faith in the electoral process, thus lowering confidence in the nation itself. While Russia may have a preferred candidate every four years, it’s cybersecurity actions show a clear, nonpartisan strategy to simply embarrass the United States and decrease faith in its political processes. And Cozy Bear is just one of many groups Russia uses to further this goal.

REvil

One of the newest hacking groups in the world is also one of the most notorious. REvil is a private Russian group that makes millions from its ransomware attacks on businesses. The group initially gained attention in May 2020, when it hacked an entertainment-focused law firm and stole a number of files from the firm. REvil threatened then-President Donald Trump to release compromising documents unless the group received a massive USD $42 million ransom [5]. However, cybersecurity researchers quickly believed that this was a bluff, and no compromising documents were ever released by REvil [6].

Unfortunately, REvil’s initial failure did not deter the group. In 2021, the group was responsible for two massive cyberattacks. First, in May 2021, REvil breached JBS Foods, the world’s largest beef producer. This attack forced the company to shut down some of its food processing plants, threatening a potential beef shortage. However, just one day after the initial attack, JBS paid a USD $11 million ransom to REvil to decrypt its servers [7]. While the quick payment ensured there would be no major shortages, it showed how desperate businesses can be if hit with a devastating ransomware attack. Just a month later, REvil attacked Kaseya, a networks, systems, and IT software company. This attack shut down Kaseya’s main software, ultimately affecting up to 1,500 businesses worldwide. The impacts of this attack were felt worldwide, with a Swedish grocery store chain closed because of inoperable cash registers, and New Zealand schools being taken offline [8].

Thankfully, in October 2021, REvil itself was forced offline by a multi-country operation led by the United States [9]. While this doesn’t mean REvil will never pop up again, the crackdown on ransomware shows that even the most notorious private hacking groups can be stopped.

Chinese Cyber Operations

While not much is known about China’s cyber operations, we do know that their attacks have been effective. In 2010, China was the culprit behind Operation Aurora, an advanced, highly-sophisticated attack on dozens of American companies, including Google and Adobe [10]. In the attack, China stole intellectual property, along with access to the Gmail accounts of two high-profile human rights activists.

Following this complex cyberattack, China was accused of executing one of the worst cyberattacks of all time: The Equifax data breach. In February 2020, the United States charged four members of China’s People’s Liberation Army with the 2017 hack that leaked personal information of over 150 million Americans [11]. While the United States has no way of extraditing the four soldiers for trial, this claim highlighted the sheer power of state cyber operations groups. The Equifax hack had a profound effect on everyday Americans, and caused concern that extremely effective and damaging cyberattacks could become commonplace in the future.

In the present, China’s cyber operations have expanded. This escalation is fueled by the desire for more intelligence, particularly from the United States amid rising tensions between the two global superpowers [12]. In fact, Western governments have accused China of hacking into Microsoft’s Exchange company server. This hack affected about 250,000 organizations worldwide, allowing Chinese hackers to pilfer through company emails for intelligence. While this hack was not nearly as impactful as the Equifax breach, it highlights China’s renewed focus on gathering massive amounts of intelligence on the United States and other Western nations.

NSA Tailored Access Operations

While many of the world’s top hacking groups operate far from North America, the world’s most powerful group is undoubtedly within American borders. The National Security Administration’s (NSA) Tailored Access Operations group gathers intelligence from foreign targets by hacking into devices, stealing data, and monitoring communications. Additionally, the group develops software that can destroy a foreign target’s computer and networks [13]. The group is responsible for developing malware that targeted Iran’s nuclear program, along with regularly breaching Chinese computer networks for gathering intelligence.

The United States’ targeted surveillance capabilities should come as no surprise. After all, the NSA is well-known for its mass surveillance techniques. Tailored Access Operations is relatively similar to other state cyber operations groups: It uses targeted surveillance to gather intelligence, and uses sophisticated malware to attack its targets. Of course, because it’s the NSA, there is the possibility that the group has even more publicly unknown high-tech resources for cyberattacks. While Tailored Access Operations works in the shadows, the strength of the NSA, and the United States in general, make this group the most powerful hackers in the world.

About AXEL

Some of these powerful hacking groups will, unfortunately, continue to wreak havoc in 2022. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Meyer, Josh. “Cozy Bear Explained: What You Need to Know about the Russian Hacks.” NBCNews.com. NBCUniversal News Group, September 15, 2016. https://www.nbcnews.com/storyline/hacking-in-america/cozy-bear-explained-what-you-need-know-about-russian-hacks-n648541

[2] Nakashima, Ellen, and Craig Timberg. “Russian Government Hackers Are behind a Broad Espionage Campaign That Has Compromised U.S. Agencies, Including Treasury and Commerce.” The Washington Post. WP Company, December 14, 2020. https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html 

[3] “Bear on Bear.” The Economist. The Economist Newspaper, September 22, 2016. https://www.economist.com/united-states/2016/09/22/bear-on-bear

[4] Turton, William, and Jennifer Jacobs. “Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit.” Bloomberg.com. Bloomberg, July 6, 2021. https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee

[5] Collier, Kevin, and Diana Dasrath. “Criminal Group That Hacked Law Firm Threatens to Release Trump Documents.” NBCNews.com. NBCUniversal News Group, May 16, 2020. https://www.nbcnews.com/tech/security/criminal-group-hacked-law-firm-threatens-release-trump-documents-n1208366

[6] Vanian, Jonathan. “Everything to Know about Revil, the Group behind Several Devastating Ransomware Attacks.” Fortune. Fortune, July 8, 2021. https://fortune.com/2021/07/07/what-is-revil-ransomware-attack-kaseya/

[7] Abrams, Lawrence. “JBS Paid $11 Million to REvil Ransomware, $22.5m First Demanded.” BleepingComputer. BleepingComputer, June 10, 2021. https://www.bleepingcomputer.com/news/security/jbs-paid-11-million-to-revil-ransomware-225m-first-demanded/

[8] Satter, Raphael. “Up to 1,500 Businesses Affected by Ransomware Attack, U.S. Firm’s CEO Says.” Reuters. Thomson Reuters, July 6, 2021. https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

[9] Bing, Christopher, and Joseph Menn. “Exclusive Governments Turn Tables on Ransomware Gang Revil by Pushing It Offline.” Reuters. Thomson Reuters, October 21, 2021. https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/

[10] Zetter, Kim. “Google Hack Attack Was Ultra Sophisticated, New Details Show.” Wired. Conde Nast, January 15, 2010. https://www.wired.com/2010/01/operation-aurora/

[11] Perez, Evan, and Zachary Cohen. “US Charges 4 Members of Chinese Military with Equifax Hack.” CNN. Cable News Network, February 11, 2020. https://www.cnn.com/2020/02/10/politics/equifax-chinese-military-justice-department/index.html

[12] Sabbagh, Dan. “Experts Say China’s Low-Level Cyberwar Is Becoming Severe Threat.” The Guardian. Guardian News and Media, September 23, 2021. https://www.theguardian.com/world/2021/sep/23/experts-china-low-level-cyber-war-severe-threat

[13] Peterson, Andrea. “The NSA Has Its Own Team of Elite Hackers.” The Washington Post. WP Company, August 29, 2013. https://www.washingtonpost.com/news/the-switch/wp/2013/08/29/the-nsa-has-its-own-team-of-elite-hackers/