Saturday, September 18, 2021

SolarWinds: The trail of devastation

0
SolarWinds cybersecurity breach

The SolarWinds hack explained

The SolarWinds security breach is perhaps the most widespread and damaging internet hack yet discovered. Microsoft President Brad Smith called it, “the largest and most sophisticated hack the world has ever seen.” First revealed by private cybersecurity firm FireEye, this security breach may have affected around 18,000 internet users from early 2019 to late 2020. 

Believed to have been orchestrated by Russian hackers, the SolarWinds attack left scores of data unprotected for an unprecedented period of time at both private companies and in several key departments of the federal government. The full extent of the SolarWinds hack is still being understood, but the attack was delivered via a routine software update in a supply chain breach

Other names for the SolarWinds hack 

SolarWinds Corp is the name of the Texas-based IT company that inadvertently delivered the infected files to hundreds of US companies and government agencies. The attack was not originated by SolarWinds, which is an networking software company designed to help other companies manage their IT needs. 

The SolarWinds attack may also be referred to as:

  • Solorigate: This is a term initially popularized by Microsoft, once it discovered that it had been targeted by the infected DDL file as a user of SolarWinds’ services. 
  • Sunburst: Sunburst refers to the actual malicious code inserted into the SolarWinds file. 
  • Orion: Orion is the SolarWinds software update that was infected with the bug, and downloaded onto users’ computers, delivering the virus. 
  • UNC2452: This is the technical term given to the malware by security firm FireEye, the first to discover the breach. 
  • Nobelium: Nobelium is now understood to be the Russian cyber criminal group likely behind the SolarWinds hack, and suspected to be continuing to target other government agencies and NGOs to this day. 

How the SolarWinds hach happened

The dialogue box pops up, and the message is simple: Routine software update necessary.  Any system user is familiar with the message, and has carried out the simple download and restart process regularly enough to not be suspicious of it. We often know very little about what’s actually being fixed in a routine software update – it’s enough to read the term “bug fixes”, and most users will click install without thinking twice. 

The SolarWinds security breach happened through this kind of routine software update. A malicious Trojan Horse virus was inserted into lines of code in a regular update, and was then downloaded onto users’ computers as part of the standard package through SolarWinds’ Orion networking monitoring software. After the tainted update was downloaded and installed, an Internet connection enabled the virus’s access to the entire system. 

This simple but devastating style of hack is known as a supply chain breach. It’s a relatively common way of attacking certain otherwise secure platforms. By infecting a neutral third party (in this case, SolarWinds IT software) with malware, bad actors can burrow their way into a wide variety of companies and agencies in one fell swoop. 

Timeline of devastation

  • As early as January 2019, hackers may have inserted malicious lines of code into the SolarWinds update, according to CEO and President of the company Sudhakar Ramakrishna.
  • March 26, 2020: SolarWinds starts unknowingly sending out infected updates to the companies that it serves. 
  • December 2020: Private cybersecurity firm FireEye conducts their own internal analysis and discovers that they have been hacked. They continue to conduct an audit to discover the malicious Trojan horse hidden in over 50,000 lines of code, and raise the alert that other companies may have been infected as well. 

One of the important factors that makes the SolarWinds hack so devastating is its unnaturally long dwell time. Dwell time in cybersecurity is defined as the length of time between when a hacker or virus first infiltrates a system, and when the host discovers the breach. In 2019, the average dwell time was 95 days. The SolarWinds hack, however, lasted around 14 months before being discovered. 

Who was affected by the SolarWinds hack?

According to SolarWinds, 18,000 customers may have downloaded the infected update between March and June of 2020. SolarWinds has over 300,000 companies that it serves, however, so the full extent of the data breach is still being understood. 

At least 100 major companies such as Microsoft, Deloitte, Cisco, Intel, are believed to have been affected by the SolarWinds hack, according to the latest data. In addition, several departments of the US government were exposed to the security breach. Some of the federal departments whose servers were affected include the State Department, the National Institute of Health, the Department of Homeland Security, the Departments of the Treasury, Justice, Commerce, and others. 

How the hack may affect cybersecurity in the future

  1. Sanctions against Russia: The impact of the SolarWinds attack has already been felt on foreign policy. In April of 2021 the US government issued a directive to place sanctions on a variety of Russian assets, expelling ten diplomats as well. The sanctions are in response to concerns that the Russian government is linked to the cyber criminals, posing a threat to national interests. 
  1. Private companies may play a larger role in revealing government data security weaknesses: Much of the information about the SolarWinds attack came from private companies such as FireEye and Microsoft, who were instrumental in pinpointing the source of the breach. Upsettingly, the Departments of Homeland Security and US Cyber Command were blindsided by the attack until they were alerted by FireEye’s audit. Currently, Microsoft continues to warn about Nobelium’s role in threatening governmental cybersecurity.
  1. The creation of a new government role: As the Biden administration attempts to double down on cybersecurity, a new role has been created on the National Security Council, or NSC. Cybersecurity veteran Anne Neuberger has been named the first Deputy National Security Adviser for Cyber Security, signaling a strengthened sense of priorities when it comes to protecting government data. 

Takeaway

The full effects of the SolarWinds hack are still being felt and understood by the global community. As the situation continues to unfold, more companies may discover that their own data security was breached in the SolarWinds attack. The threat of Nobelium and the SolarWinds hack is classified as “ongoing” by officials. In many ways, SolarWinds was a wakeup call to the need for better cybersecurity for both private companies and local, state, and federal levels of government. 

How could the Colonial Pipeline hack have been prevented?

0
Colonial pipeline

The hack of the Colonial Pipeline is the largest cyberattack carried out yet on a U.S. utility company. The attack caused widespread, national disruption and increased scrutiny regarding the security practices and protocols being used by the nation’s largest energy providers. 

Subsequent investigations and interviews into the hack revealed that it was carried out not using the most advanced, sophisticated hacking technology and expertise, but by taking advantage of the fact that Colonial Pipeline was not adhering to some of the most fundamental cybersecurity basics.

How did the Colonial Pipeline hack begin?

On May 6th, 2021, an Eastern Europe-based ransomware gang known as DarkSide was able to breach Colonial Pipeline’s cybersecurity defenses and steal 100 GB of data in as little as two hours. The following day, May 7th, the hackers infected Colonial Pipeline’s network with ransomware, locking down the company’s access to their billing and accounting services. DarkSide offered to allow Colonial access to they system in exchange for 75 BitCoin, which at the time would have been valued at about $4.4 million.

In response to the hack, Colonial enlisted the help of Mandiant, a cybersecurity firm tasked with investigating and responding to the attack. Colonial also alerted federal law enforcement to the breach and ceased all pipeline operations in order to contain and mitigate the damage being done by the attackers.

On May 9th, President Joe Biden made an emergency declaration for 17 states affected by the shutdown of Colonial’s distribution.

What are the effects of the hack?

Colonial operates the largest petroleum pipeline in the country. As a result of the company completely shutting down their operations, a short-term limit to a large portion of the Southeastern United States’ fuel supply took effect.

Air travel was affected and gasoline stations quickly ran out of supply. Panicked citizens rushed to purchase gasoline in bulk, sometimes resorting to unsafe practices such as filling grocery bags and open containers with fuel. Fear spread as people began to worry about the implications of a long term gasoline shortage during an already stressful and chaotic pandemic.

On May 12th, five days after the ransomware hack took place, normal pipeline operations were resumed.

How did the Colonial Pipeline Company end the ransomware attack?

On May 19th, Colonial Pipeline officially revealed that they gave in to DarkSide’s demands and paid $4.4 million in BitCoin to regain control of their network. Colonial Pipeline Company CEO Joseph Blount said that deciding to pay the ransom was not an easy decision, but ultimately had to be done “for our country.”

In the following weeks, the U.S. Department of Justice was able to recover the majority of the ransom money. DarkSide, perhaps not anticipating the amount of pressure they would be under after such a high profile hack, largely went into hiding.

How could the hack have been prevented?

While Colonial’s official statements immediately following the hack stated that the criminals used “highly sophisticated” techniques to breach their defenses, further interviews carried out by a Senate committee on Capitol Hill revealed a much different story.

DarkSide was able to infiltrate and take over Colonial Pipeline’s network by using a single leaked password and user name combination that allowed them to simply log in to a “legacy VPN” that was still active within the system.

Because the VPN did not require multi factor authorization, once DarkSide had entered the credentials required for access, they were able to set up shop and completely paralyze the company’s operations.

Particularly determined hackers may find ways to breach even the most highly fortified cyber defenses.

It is entirely possible, however, that the hack of the Colonial Pipeline may have been entirely prevented had the company adhered to basic security principles and required multi factor identification for access to their VPN or discontinued the unused VPN in the first place.

The hack of the Colonial Pipeline is sure to go down in history as one of the most far-reaching cybersecurity slip ups in the nation’s history, as well as a wake up call for the IT departments of large corporations and utility providers the world over. The mere presence of a leaked password, as well as the existence of a functional but abandoned VPN, shows that Colonial did not have good cybersecurity hygiene with regard to password security or network maintenance.

Senator Ron Wyden (D-OR) said on record that “the shutdown of the Colonial Pipeline by cybercriminals highlights a massive problem. Many of the companies running our critical infrastructure have left their systems vulnerable to hackers through dangerously negligent cybersecurity.”

How can future attacks like that on the Colonial Pipeline be prevented?

The Biden administration has unveiled a multi-trillion dollar plan to fortify and modernize the country’s power grid and infrastructure. Additionally, President Biden has been vocal in his determination to bolster the nation’s defenses against cyberattacks. 

While the administration’s path forward may enhance the security of federal and government entities, it does little to encourage privately held companies like Colonial to strengthen their own defenses. As cyberattacks increase in frequency, bills are being considered and voted on that will require private companies to report cybercrime activity to the federal government. While some feel that this may constitute government overreach, in the wake of Colonial Pipeline’s shutdown, many feel that the country’s dependence on private utility companies and energy providers warrants a greater degree of federal oversight.

Cybersecurity basics

You don’t have to be a high profile corporation to be hacked. Follow these simple steps to help keep your network and devices safe:

  • Create strong passwords. Be sure to use strong login credentials. Change your passwords frequently.
  • Delete your cookies. Cookies are pieces of information that websites use to keep track of you. This data can potentially be used by hackers for nefarious purposes. Clear the cookies saved in your browser once every couple of weeks.
  • Swap out your old hardware. Replace outdated hardware with refurbished firewalls or network switches from a reputable dealer.
  • Hide your activity with a VPN. Using a VPN is a great way to keep your network hidden from hackers. Needless to say, multi factor identification can make the difference between safety and stolen data.

Sources

Cybersecurity News week ending 12 Sep 2021 ~ NetworkTigers

0
cybersecurity fails

Cybersecurity news provided by NetworkTigers on Monday, 13 September 2021.

SAN MATEO, CA — Hacker steals and deletes popular Instagram account after holding it ransom, WordPress releases security update, New Zealand bank reeling after hack, Howard University continues to cancel classes due to cyberattack, United Nations hacked, Hackers leak 500,000 VPN passwords to dark web, attacks on IoT devices double, French visa applicants’ data exposed in cyberattack, attempted cyberattack carried out against Pennsylvania utility company, Texas school district hacked.

Dadsnet, a father-focused parenting-themed Instagram account, has been deleted after being taken over by a hacker who asked the account’s founders for over $40,000 in ransom. The account was broken into and had its profile photo and name changed. The original owners tried unsuccessfully to restore their access to the account, but ultimately failed. After 36 hours without payment, the account was deleted by the hacker, who referred to themself as “The King.” Read more.

WordPress releases security update

WordPress has released an update that it says fixes 60 bugs and 3 security vulnerabilities within the CMS. Due to the security patches in this release, it is recommended that users update their software immediately. Sites with automatic background updates are already switching over to version 5.8.1. A full list of changes is available. Read more.

New Zealand bank reeling after hack

New Zealand’s ANZ bank has been hit with a Distributed Denial of Service attack, leaving its customers unable to access online banking services. It remains unclear who is responsible for the attack, and the bank has been encouraging patience from its customers via social media. ANZ is assuring customers that they are working to resume services as soon as possible. Read more.

Howard University continues to cancel classes due to cyberattack

Washington state’s Howard University was targeted by a ransomware attack last Friday, the fallout of which has resulted in a network shutdown and online/hybrid classes canceled for the majority of the current week. Students have been using wifi from outside sources or cellular hotspots while faculty and staff continue to struggle with how to best move forward while the school’s network remains offline. Read more.

United Nations hacked

Hackers have allegedly broken into the computer system of the United Nations using login credentials stolen from a UN employee and purchased on the dark web, according to cybersecurity research firm Resecurity. The intrusions occurred between April 5 and August 2 of this year. Since no damage was done to the UN’s network, it is theorized that the hackers were interested in gathering information. Researchers believe that data was stolen throughout the time period in which the intrusions were taking place. Read more.

Hackers leak 500,000 VPN passwords to dark web

A hacker going by the name of “Orange” has leaked the passwords belonging to over 500,000 users of Fortinet’s VPN service. Orange is believed to be a member of ransomware gang Groove. The hacker seems to have used a previously discovered and patched vulnerability within the product. In an unusual turn of events, the information has been posted online for free with Orange asking for no payment in return. Read more.

Attacks on IoT devices double

A report has indicated that attacks on IoT devices have doubled from the second half of 2020 to the first half of 2021. As the popularity of connected devices has increased, so have the attacks on them, with most users not understanding that such devices can potentially provide access to their network if unprotected. Hacked IoT devices can also be used to illegally mine for cryptocurrency. Read more.

French visa applicants’ data exposed in cyberattack

The French Ministry of Foreign Affairs and the Ministry of the Interior reported that 8,700 French visa applicants have had their personal information exposed in a cyberattack that targeted their website. While the ministry claims that the threat was quickly extinguished, it did say that data such as passport numbers and birthdays were leaked in the breach. Read more.

Attempted cyberattack carried out against Pennsylvania utility company

Pennsylvania-based power provider FirstEnergy has locked all users accounts down, requiring new passwords after access was attempted by an unauthorized user. The company noticed that a large amount of login attempts were being made from a source that appeared to be outside of the company. While most of the attempts were not successful, FirstEnergy said that some logins did make it into the network. No sensitive customer information is available through the targeted accounts. Read more.

Texas school district hacked

The Dallas Independent School District, one of the country’s largest school districts, has been hacked, exposing the personal data of students, employees and contractors that has been stored over the past 11 years. The data has not yet been seen to have been sold or misused. The school district has offered free credit monitoring for those affected and does not yet know how the breach was carried out. Read more.

More cybersecurity news

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950

Does the lack of women in cybersecurity leave the online world at greater risk?

0

Women bring a much-needed change in perspective to cybersecurity. Maskot/Maskot via Getty Images

Nir Kshetri, University of North Carolina – Greensboro

Women are highly underrepresented in the field of cybersecurity. In 2017, women’s share in the U.S. cybersecurity field was 14%, compared to 48% in the general workforce.

The problem is more acute outside the U.S. In 2018, women accounted for 10% of the cybersecurity workforce in the Asia-Pacific region, 9% in Africa, 8% in Latin America, 7% in Europe and 5% in the Middle East.

Women are even less well represented in the upper echelons of security leadership. Only 1% of female internet security workers are in senior management positions.

I study online crime and security issues facing consumers, organizations and nations. In my research, I have found that internet security requires strategies beyond technical solutions. Women’s representation is important because women tend to offer viewpoints and perspectives that are different from men’s, and these underrepresented perspectives are critical in addressing cyber risks.

Perception, awareness and bias

The low representation of women in internet security is linked to the broader problem of their low representation in the science, technology, engineering and mathematics fields. Only 30% of scientists and engineers in the U.S. are women.

The societal view is that internet security is a job that men do, though there is nothing inherent in gender that predisposes men to be more interested in or more adept at cybersecurity. In addition, the industry mistakenly gives potential employees the impression that only technical skills matter in cybersecurity, which can give women the impression that the field is overly technical or even boring.

Women are also generally not presented with opportunities in information technology fields. In a survey of women pursuing careers outside of IT fields, 69% indicated that the main reason they didn’t pursue opportunities in IT was because they were unaware of them.

Organizations often fail to try to recruit women to work in cybersecurity. According to a survey conducted by IT security company Tessian, only about half of the respondents said that their organizations were doing enough to recruit women into cybersecurity roles.

Gender bias in job ads further discourages women from applying. Online cybersecurity job ads often lack gender-neutral language.

Good security and good business

Boosting women’s involvement in information security makes both security and business sense. Female leaders in this area tend to prioritize important areas that males often overlook. This is partly due to their backgrounds. Forty-four percent of women in information security fields have degrees in business and social sciences, compared to 30% of men.

Female internet security professionals put a higher priority on internal training and education in security and risk management. Women are also stronger advocates for online training, which is a flexible, low-cost way of increasing employees’ awareness of security issues.

Female internet security professionals are also adept at selecting partner organizations to develop secure software. Women tend to pay more attention to partner organizations’ qualifications and personnel, and they assess partners’ ability to meet contractual obligations. They also prefer partners that are willing to perform independent security tests.

Increasing women’s participation in cybersecurity is a business issue as well as a gender issue. According to an Ernst & Young report, by 2028 women will control 75% of discretionary consumer spending worldwide. Security considerations like encryption, fraud detection and biometrics are becoming important in consumers’ buying decisions. Product designs require a trade-off between cybersecurity and usability. Female cybersecurity professionals can make better-informed decisions about such trade-offs for products that are targeted at female customers.

Attracting women to cybersecurity

Attracting more women to cybersecurity requires governments, nonprofit organizations, professional and trade associations and the private sector to work together. Public-private partnership projects could help solve the problem in the long run.

A computer science teacher, center, helps fifth grade students learn programming. AP Photo/Elaine Thompson

One example is Israel’s Shift community, previously known as the CyberGirlz program, which is jointly financed by the country’s Defense Ministry, the Rashi Foundation and Start-Up Nation Central. It identifies high school girls with aptitude, desire and natural curiosity to learn IT and and helps them develop those skills.

The girls participate in hackathons and training programs, and get advice, guidance and support from female mentors. Some of the mentors are from elite technology units of the country’s military. The participants learn hacking skills, network analysis and the Python programming language. They also practice simulating cyber-attacks to find potential vulnerabilities. By 2018, about 2,000 girls participated in the CyberGirlz Club and the CyberGirlz Community.

In 2017, cybersecurity firm Palo Alto Networks teamed up with the Girl Scouts of the USA to develop cybersecurity badges. The goal is to foster cybersecurity knowledge and develop interest in the profession. The curriculum includes the basics of computer networks, cyberattacks and online safety.

Professional associations can also foster interest in cybersecurity and help women develop relevant knowledge. For example, Women in Cybersecurity of Spain has started a mentoring program that supports female cybersecurity professionals early in their careers.

Some industry groups have collaborated with big companies. In 2018, Microsoft India and the Data Security Council of India launched the CyberShikshaa program in order to create a pool of skilled female cybersecurity professionals.

Some technology companies have launched programs to foster women’s interest in and confidence to pursue internet security careers. One example is IBM Security’s Women in Security Excelling program, formed in 2015.

Attracting more women to the cybersecurity field requires a range of efforts. Cybersecurity job ads should be written so that female professionals feel welcome to apply. Recruitment efforts should focus on academic institutions with high female enrollment. Corporations should ensure that female employees see cybersecurity as a good option for internal career changes. And governments should work with the private sector and academic institutions to get young girls interested in cybersecurity.

Increasing women’s participation in cybersecurity is good for women, good for business and good for society.

[Insight, in your inbox each day. You can get it with The Conversation’s email newsletter.]

Nir Kshetri, Professor of Management, University of North Carolina – Greensboro

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The Windscribe VPN provider security breach explained

0
Windscribe VPN security breach

If you’re using a VPN, it’s likely you value your privacy online. Using a VPN protects your data, whether you connect to the internet through public WIFI or your own home or office network. By bouncing your network connection through a secure chain to another server (usually the home base of the VPN), the process works to shroud your network identity. When a VPN is working correctly, it should block your personal IP address and internet browsing history from being gathered up by advertisers, social networking sites, government agencies, hackers, and more. A functional VPN is the key to protecting your privacy, passwords, financial information, and location when browsing online. 

Unpacking the Windscribe VPN provider security breach

Enter the Windscribe VPN provider security breach. Because privacy is the main reason why an individual or company might choose to use a VPN in the first place, the security breach on the Windscribe servers was especially problematic. Users on the Windscribe VPN discovered that their information could have been accessed as part of a Ukrainian government investigation. Ordinarily, a VPN should protect against this kind of invasion. However, Windscribe revealed that it had failed to protect its own servers, rendering them susceptible to be read by anyone.

What happened in Ukraine with the security breach?

While Windscribe is an Ontario, Canada-based company, certain of its servers that process private, encrypted traffic as part of its VPN is located in Ukraine. Two of Windscribe’s Ukrainian servers were searched by the Ukrainian government early in July 2021. The Ukrainian authorities then seized and confiscated the two servers as part of an investigation. 

When servers are properly secured, a seizure-like this would not have been enough to constitute a security breach. VPN servers are usually encrypted to protect against the data that they process being read by any outside party, using keys. Additionally, some servers run on RAM memory only, meaning that no data is ever being stored on them, only processed in real-time. This protects against a data log ever being downloaded and unencrypted for future use. 

Usually, VPN servers are encrypted against seizures and searches using a blend of the aforementioned methods. However, Windscribe revealed that its servers were in fact unencrypted, operating on an OpenVPN server certificate along with the private key. This kind of lapse is unprecedented in VPN technology. Windscribe founder Yegor Sevak issued a statement after the breach was revealed, saying:

“We make no excuses for this omission. Security measures that should have been in place were not. After conducting a threat assessment we feel that the way this was handled and described in our article was the best move forward. It affected the fewest users possible while transparently addressing the unlikely hypothetical scenario that results from the seizure.”

Because of this lack of encryption, the Ukrainian government was able to read any data processed along with the Windscribe servers, that was previously understood to be private. Even more alarming, Sevak admits that anyone who then accessed the key to the servers could have decrypted any of the information being passed along them. 

How are VPN users affected by the Windscribe VPN provider security breach?

Prior to this failing, confidence in Windscribe was high, with reviewers praising its double-encryption technology, running data through two separate servers in an attempt to guarantee privacy. After the breach, Windscribe as a company sought to assure users that no specific user data was under attack and that all future keys required to access the network are no longer stored permanently on any servers. Furthermore, Windscribe asserted that all servers have unique, short-lived certificates, which makes them less easy to impersonate, with a singularly identifying common name. Finally, Windscribe reminds consumers that it does not log VPN traffic, meaning that data is less likely to be read in retrospect, while it may have been accessible during the investigatory breach. 

Takeaway

Whether or not consumer confidence in Windscribe will rebound has yet to be seen. Using a VPN is specifically designed to protect against the kind of data intrusion that the Windscribe VPN provider security breach enabled. This kind of lack of basic encryption renders the use of a VPN more or less null and void as a security measure. Whether or not users’ specific information was accessed is still unknown. Additionally, the Windscribe security breach throws into question how effective certain popular VPNs may be without due diligence in preventing similar security breaches in the future. 

Other News of Interest:

Cybersecurity news week ending 5 September 2021 ~ NetworkTigers

0
cybersecurity news

Cybersecurity news provided by NetworkTigers on Monday, 6 September 2021.

SAN MATEO, CA — Healthcare company discloses Accellion breach, Texas schools adopt system to communicate cyber threats, 98,000 patients exposed in breach of Oklahoma healthcare provider, Montana public library offering ethical hacking classes, Banksy’s website supposedly hacked and fake NFT sold, ransomware attacks increase by 288% thus far in 2021, Illinois medical group has data exposed in cyberattack, Indonesian COVID-19 app possibly breached, cryptocurrency trading platform hacked, Singapore eye clinics hacked.

Healthcare company discloses Accellion breach

Michigan’s Beaumont Health has disclosed that the data of 1,500 patients was exposed in the December attack on Accellion’s file trading product. Those individuals were notified late last month and no unlawful use of their data has been yet reported. The company is reviewing its cybersecurity policies and offering free credit monitoring services to all affected patients. Read more.

Texas schools adopt system to communicate cyber threats

The Texas Education Authority (TEA) launched a system this week that is designed to allow schools to share threat intelligence related to cybersecurity issues. The system was created to prevent multiple schools from falling victim to the same attack. TEA will use the system to anonymously share and collect reports of cyberattacks from participating school districts. Read more.

98,000 patients exposed in breach of Oklahoma healthcare provider

Oklahoma-based healthcare provider CareATC suffered a breach that exposed the data of 98,000 people after an unauthorized user gained access to two employee email accounts. No misuse of the data has yet to be reported. The company has stated that, upon learning of the breach, it closed any vulnerabilities. The company has provided a phone number for concerned individuals with questions about their data and is encouraging all who have been affected to keep a close eye on their online accounts. Read more. 

Montana public library offering ethical hacking classes

Montana’s Butte Public Library is offering classes in ethical hacking to teach teenagers how computers communicate with each other as well as how to determine where their security vulnerabilities may be. The class is presented with the narrative that a malicious hacker is attempting to break into the library’s network. It’s up to the teens signed up for the class to stop the criminals and report their findings. Read more.

Banksy’s website supposedly hacked and fake NFT sold

Street artist Banksy suffered a hack on his website, with a link to an online auction that supposedly offered the artist’s first NFT (non-fungible token). The auction reportedly closed after a collector made a bid of $335,000. The money was almost immediately returned to the bidder. Banksy has denied claims that the event may have been a publicity stunt, but has not reported on how someone may have been able to hack his website. Read more.

Ransomware attacks increase by 288% thus far in 2021

According to data from NCC Group, the number of ransomware attacks between the first and second quarter of 2021 has increased by 288%. Nearly half of the known victims of ransomware attacks were based in the U.S. Experts are encouraging organizations to continue to bolster their defenses against cybercriminals, especially as the country moves closer to a holiday weekend. Read more.

Illinois medical group has data exposed in cyberattack

600,000 patients have had their data exposed after Illinois’ DuPage Medical Group, the largest independent physician group in the state, was hacked in July. The attack compromised information including names, Social Security numbers, addresses and more. The group has reported that no misuse of the data has been detected at this time and they are offering free identity protection services to all affected. Read more.

Indonesian COVID-19 app possibly breached

A vulnerability in the Indonesian Health Alert Card COVID-19 test-and-trace app may have exposed the personal data and health results of 1.3 million people, according to the Indonesian health ministry. The issue is reportedly present in an older version of the app. Users are being encouraged to delete the old app and use the newest version that has the vulnerability fixed. Read more.

Cryptocurrency trading platform hacked

Bilaxy, a leading cryptocurrency trading platform, is advising its users not to deposit any funds into its system due to a hack on its hot wallet. The extent of the hack has not been revealed, with the company currently only saying that it is in the process of fixing it. It is not yet known how much, if any, cryptocurrency has been stolen. Read more.

Singapore eye clinics hacked

Eye & Retina Surgeons, a specialist medical clinic in Singapore, has come under cyberattack. A ransomware attack has affected the clinic’s servers and management system. The attack marks the second time that Singapore, known for its modern healthcare facilities, has been breached by hackers as the value of stolen healthcare data rises steadily on the dark web. Read more.

More cybersecurity news

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950

Are schools at risk from cybercriminals?

0
school cybersecurity

While the world continues to grapple with the challenges brought about by the COVID-19 pandemic, an unprecedented and exponential rise in cybercrime has ensued. Healthcare facilities, government organizations, and utility companies have all found themselves in the crosshairs.

As criminals capitalize on the difficulties that companies have been facing as workforces become remote and cybersecurity is spread thin, attacks have become brazen and more lucrative.

Schools and universities have also found themselves repeatedly targeted by cybercriminals looking to steal large amounts of sensitive, personal data. Ransomware attacks against schools can be disastrously disruptive and result in potentially long-term issues related to identity theft for staff and students alike.

Why are schools targeted by cybercriminals?

Valuable data

Schools and colleges keep a large amount of student, staff, and contractor data stored in their servers. This makes their networks enticing targets for criminals looking to steal troves of valuable information. From home addresses and telephone numbers to Social Security information and banking data, the successful hack of a school’s system can result in a significant payday for a criminal looking to sell data on the dark web.

A multitude of connected devices

Between students, staff, and visitors, a school’s network may have thousands of different devices logging on and off at any given time. These different endpoints provide hackers with ample opportunities to attempt network access and create a challenging web of connected equipment for an IT department to manage.

Public access to campuses

Colleges and universities are traditionally visitor-friendly. It’s in a college’s best interest to foster an open environment where prospective students, parents, and staff can feel comfortable. However, this openness also allows bad actors to easily come and go as they please. Open computer labs provide opportunities for hackers to attempt to insert malicious code into a campus computer by physical means via a USB drive.

Sensitive, confidential research

College campuses are research supercenters. State actors are well aware of this, and efforts by foreign entities to hack into college networks to take a peek at scientific and military research have been on the rise. In 2019 alone, the Wall Street Journal reported that Chinese hackers had attempted to break into more than two dozen college campuses looking to steal data related to military research.

Poor cybersecurity protocols

Schools often lack robust cybersecurity. Most schools don’t even have anyone on the payroll specifically dedicated to maintaining network safety. In many cases, unauthorized access to networks or user email accounts is accidentally given up by someone who has been the victim of a phishing scam. One of the most important but overlooked aspects of cybersecurity is proper training. The ability to identify and recognize fraud is a skill that is sorely lacking across school systems, especially those that remain underfunded or poorly staffed. The fact that it is impractical to properly monitor the online activity of hundreds, if not thousands of students make this an especially challenging obstacle for larger districts.

How can schools improve their cybersecurity in 2021?

Hacks and ransomware attacks don’t have to be a normal occurrence. Here are some ways that schools can improve their cybersecurity in 2021 and beyond:

Improved device management

Schools should restrict staff and student access while using a device connected to their network. Access to areas outside of the controlled environment should not be allowed and students should only have the ability to access what they need to complete assignments and study. A network without restriction can be an open door for malware and hacking.

Cybersecurity training and education

Just as students are educated on the proper behavior and exit strategy in the event of a fire, young people should also be taught the foundational principles of strong cybersecurity. Teach students about password strength, online account best practices, and how to identify scam attempts.

Conduct a cybersecurity review

Conducting a review of cybersecurity practices may reveal vulnerabilities that would have been otherwise undetected. Disabling old accounts, refreshing who has access to what data, and taking a close look at the information that is currently being saved can allow an IT department to streamline and refresh network security.

Get parents involved

With so many students engaging in remote learning from home, it’s important to educate parents on proper cybersecurity protocols as well. Schools should inform parents of the risks inherent to the internet and encourage them to keep a close watch on their childrens’ web usage and habits.

How can you bolster your own cybersecurity?

Cybersecurity takes a village. Hackers are crafty and resourceful, pulling data from a variety of sources and using it to break into networks and servers belonging to targeted organizations. You can improve the cybersecurity of your home network or small business in the following ways:

Keep everything updated. From your OS to your antivirus software, keep up with regular security updates and patches to prevent hackers from taking advantage of old vulnerabilities within your system

Use modern hardware. Refurbished firewalls, network switches and more can be purchased at deep discounts from reputable dealers. Spend your funds effectively to get the most value for money.

Use a virtual private network (VPN). VPNs keep your online activity hidden and are a great way to keep prying eyes off of your web usage.

Create strong passwords. Practice proper password etiquette by creating challenging login credentials that aren’t used across multiple accounts. Change your passwords regularly.

Sources

Does your business need a firewall?

0
firewalls

In the constantly changing world of cybercrime, experts agree that it is critical for businesses to maintain robust security to help prevent unauthorized access to their information and network. One common way that you can strengthen your network security is by using a firewall. 

What is a firewall?

A firewall is traditionally a piece of hardware that monitors the incoming and outgoing traffic on your network. They are configured to only allow traffic to flow in certain directions if specific criteria is met. In this way, they provide security for your network by acting as a gatekeeper.

Hardware vs. software

While software firewalls are available, most security professionals recommend using hardware options. This is because software firewalls must be installed on each individual computer, taking up valuable memory and processing power. A hardware option, however, is completely dedicated to monitoring the entirety of your network and will not cause any data strain in the process.

Software firewalls sometimes come bundled with antivirus subscriptions. While it is not recommended to exclusively use software firewalls on your connected computers, using them in addition to a hardware model will provide an additional layer of cybersecurity.

What are the benefits to using a firewall?

Firewalls are basic but critical devices that protect your network and computers in the following ways:

Firewalls keep an eye on your network traffic

Firewalls allow your IT team to assess the information coming into and leaving your network. A properly configured firewall will block any questionable traffic and allow your IT staff to monitor your network for attempted threats and unauthorized activity.

They block spyware

Spyware is malicious software that hides in your computer, gathers data about your internet usage and devices, and sends the information off to an unauthorized third party without your consent. A firewall can prevent your computer from spyware infection and keep your data and activity safe from prying eyes.

They block viruses

Computer viruses are a threat as old as information technology itself. A firewall is your first line of defense against a computer virus entering your network and infecting your hardware.

They block hackers

While firewalls excel at blocking malicious software from entering your network, they also present an effective obstacle between you and any hackers who attempt to break into your system. Often, the mere presence of a firewall is enough to encourage a hacker to look elsewhere for an easier target.

Are there disadvantages to using a firewall?

While none of the following disadvantages to using a firewall are compelling reasons to disregard the security they add to your network, the following topics are worth consideration:

Cost

Unless you are savvy enough to do it yourself, firewalls require configuration and maintenance from a qualified IT technician. Additionally, installing a firewall has an upfront cost in the form of the hardware itself. Thankful, refurbished hardware is readily available. Fairly recent models can be purchased from reputable dealers at deep discounts.

User restriction

While user restriction is a benefit to using a firewall, when it comes to major companies that employ a large staff, things can get complicated. It takes special attention and configuration to ensure that your device is keeping up with proper security protocols but still allowing for easy, authorized network access by employees. Users continually being denied access to data they require can slow efficiency to a crawl.

They aren’t perfect

Firewalls are a trusted and reliable means of network defense. However, they are not bulletproof. Some sophisticated attacks can disguise themselves as acceptable network traffic to slip through your defenses and into your network. It is recommended that other security features such as antivirus software and additional malware blockers be put in place to create a heavily fortified system.

6 ways to create great network security

Because of the continually evolving landscape of cybersecurity, network security requires maintenance and regular attention. Here are five basic tips for achieving great network security:

1. Use one or more firewalls

Using a firewall is a great way to limit entry into your network. Software firewalls should also be installed on each separate computer for additional protection.

2. Use a virtual private network

Often described as driving through your own personal tunnel as opposed to the open highway, a virtual private network, or VPN, keeps your internet activity hidden from outside users and is recommended for privacy.

3. Practice good password habits

Rename all of the devices on your network and change their default passwords. Keep passwords complex and random to prevent them from being guessed easily. Change passwords frequently and do not use the same passwords across multiple devices or accounts.

4. Educate your staff

Cybercriminals are usually opportunistic, relying on users accidentally opening emails containing malware or clicking on links to malicious code as opposed to engaging in targeted attacks. Be sure to keep your staff educated on cybersecurity dangers.

5. Keep everything up to date

Software companies are continually updating their products to ensure that they remain safe against attack. Failing to patch older software can leave the door wide open for criminals looking to exploit vulnerabilities. Keep automatic updates scheduled on your operating systems, drivers and antivirus software. Read cybersecurity news sites to stay aware of developing or newly discovered threats.

6. Use encryption

Today’s routers often offer encryption as a security feature. It is recommended that you take a look at your internet router’s settings and be sure that encryption is turned on.

Sources

Cybersecurity news week ending 29 August 2021 ~ NetworkTigers

0
hackers

Cybersecurity news provided by NetworkTigers on Monday, 30 August 2021.

SAN MATEO, CA — Hackers disrupt Boston Public Library, researcher posts Windows 10 Hack, hacker returns all crypto stolen from PolyNetwork, outpatients facilities attacked as often as hospitals, 21 year old claims responsibility for T-mobile hack, Georgia healthcare provider loses PHI of almost 10,000 patients, Indianapolis hospital patient data for sale on dark web, millions of private records exposed due to misconfigured setting, California university breach leaks student vaccination exemption requests, U.S. State Department said to have been under cyberattack, unpatched Microsoft Exchange servers under attack, T-Mobile data breach affects almost 55 million customers.

Hackers disrupt Boston Public Library

The Boston Public Library experienced disrupted services and a “systemwide technical shutdown” due to a cyberattack. The library staff acted quickly as soon as unusual activity was detected, taking their systems offline and preventing access to or theft of employee or patron data. People are still able to check out books and some online services remain available as the library works to fully restore its system. Read more.

Researcher posts Windows 10 hack

A researcher that discovered and reported a simple but devastating Windows 10 hack became discouraged after not receiving a response from the company and posted instructions for how to execute the hack on Twitter. The tweet quickly went viral. The hack involves using a Razer mouse to gain admin access to any Windows 10 computer it is plugged into. After the tweet went public, the researcher was contacted by Razer who said that they were working to fix the bug and offered them a bounty. Read more.

Hacker returns all crypto stolen from PolyNetwork

The hack of cryptocurrency platform PolyNetwork made headlines as the largest crypto theft recorded with the perpetrator stealing $610 million. However, PolyNetwork embraced the hacker, referred to them as “Mr. White Hat,” and even went so far as to offer them a position at the company. According to PolyNetwork, all funds have been returned. The unusual nature of the attack and the events that followed have left many wondering if perhaps the hack was a stunt or an attempted scam by the company. Read more.

Report: outpatient facilities attacked as often as hospitals

A report from cybersecurity firm Critical Insight, outpatient facilities such as specialty clinics and family care offices were targeted by cybercriminals just as frequently as hospitals in the first half of 2021. Their data indicates that smaller healthcare centers keep the same data as larger ones and often use the same technology. However, with less money to properly protect their data, they are easier targets for criminal activity. Read more.

21 year-old claims responsibility for T-Mobile hack

John Binns, a 21 year-old living in Turkey, has claimed responsibility for the massive hack on T-Mobile that exposed the data of millions of customers. Binns cited his motivation for the hack as retaliation against the U.S. for his alleged 2019 kidnapping by the CIA and Turkish intelligence agents. Binns referred to T-Mobile’s cybersecurity as “awful” and reportedly gained access to their servers from his mother’s home in Turkey. Read more.

Georgia healthcare provider loses PHI of almost 10,000 patients

Georgia healthcare provider Atlanta Allergy & Asthma has reported that a January cyberattack resulted in the theft of the personal healthcare information of 9,800 patients. The company’s report says that it is currently not away of any misuse of the stolen data, which includes addresses, names, Social Security numbers and more. The healthcare center is urging affected people to enroll in complimentary credit monitoring services and keep a close watch on their online accounts. Read more. 

Indianapolis hospital patient data for sale on dark web

Indianapolis’ Eskenazi Health suffered a ransomware attack earlier this month that resulted in patient data being posted for sale on the dark web. The hospital did not pay the ransom and is working with the FBI to investigate the matter. The hospital is urging both patients and staff to closely monitor their online accounts for any suspicious activity. The attack briefly disrupted both ambulance activity and the accessing of electronic medical files. Read more.

Millions of private records exposed due to misconfigured setting

American Airlines, New York’s Metropolitan Transportation Authority, Ford Motor Co., and many other corporations and government agencies have exposed the data of millions of people due to a misconfigured privacy setting in Microsoft’s Power Apps software. According to security researchers at UpGuard, the data, which included Social Security numbers, addresses, COVID-19 vaccination data and more, has been exposed for months. The vulnerability has reportedly been fixed. Read more.

California university breach leaks student vaccination exemption requests

California State University, Chico, has suffered a data breach which resulted in 130 students’ religious exemption requests to refuse COVID-19 vaccines being posted online. Student names and phone numbers were attached to many of the leaked requests. The school has issued a statement saying they are aware of the leak and investigating the breach. Read more.

U.S. State Department said to have been under cyberattack

The U.S. Department of Defense Cyber Command has reportedly issued a notification that the State Department was hit by a cyberattack weeks ago. The State Department is said to have not experienced any serious disruptions in its continued efforts to evacuate American allies in Afghanistan due to the attack. No official statement regarding the reported cyberattack has been made. Read more.

Unpatched Microsoft Exchange servers under attack

CISA has warned Microsoft Exchange users that unpatched versions of the product are still vulnerable and continue to come under attack. The latest threats are coming from efforts to exploit ProxyShell attack chain vulnerabilities in the software. These vulnerabilities could allow an outside individual to execute code on a machine using Microsoft Exchange. Read more.

T-Mobile data breach affects almost 55 million customers

As more information regarding the breach suffered by mobile carrier T-Mobile is reported, it is now estimated that 54.6 million individuals have had their data compromised. The company has expressed confidence in ending the attack, but admits that more people than originally thought have been affected. T-Mobile was apparently only aware of the breach after customer data had appeared for sale online. Read more.

More cybersecurity news

Read more cybersecurity news and articles brought to you by NetworkTigers.

About NetworkTigers

NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com

Contact NetworkTigers

Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950

The promise and perils of life lived online

0
online life

The pandemic has immersed us faster and deeper in immersive communication technologies. It’s a disrupted, confusing, sometimes exhausting world — but shifting both the tech and our expectations might make it a better one.

I am sitting in a darkened room, listening to upbeat music of the type often used at tech conferences to make attendees feel they are part of Something Big, waiting in eager anticipation for a keynote speaker to appear.

Bang on time, virtual communication expert Jeremy Bailenson arrives on the digital stage. He is here at the American Psychological Association’s November meeting, via a videoconferencing app, to somewhat ironically talk about Zoom fatigue and ways to battle it. “In late March, like all of us, I was sheltered in place,” Bailenson tells his invisible tele-audience. “After a week long of being on video calls for eight or nine hours a day, I was just exhausted.”

One of the pandemic’s many impacts was to throw everyone suddenly online — not just for business meetings but also for everything from birthday parties to schooling, romantic dates to science conferences. While the Internet thankfully has kept people connected during lockdowns, experiences haven’t been all good: There have been miscommunications, parties that fall flat, unengaged schoolkids.

Many found themselves tired, frustrated or feeling disconnected, with researchers left unsure as to exactly why and uncertain how best to tackle the problems. Sensing this research gap, Bailenson, director of Stanford University’s Virtual Human Interaction Lab, and colleagues quickly ramped up surveys to examine how people react to videoconferencing, and this February published a “ Zoom Exhaustion & Fatigue Scale” to quantify peoples’ different types of exhaustion (see box). They found that having frequent, long, rapid-fire meetings made people more tired; many felt cranky and needed some alone time to decompress.

This reality comes in contrast to the rosy views painted by many enthusiasts over the years about the promises of tech-mediated communication, which has evolved over recent decades from text-based chat to videoconferencing and the gathering of avatars in virtual landscapes. The dream is to create ever more immersive experiences that allow someone to feel they are really in a different place with another person, through techniques like augmented reality (which projects data or images onto a real-life scene), to virtual reality (where users typically wear goggles to make them feel they are elsewhere), to full-blown systems that involve a user’s sense of touch and  smell.

The vision is that we would all be sitting in holographic boardrooms by now; all university students should be blowing up virtual labs rather than physical ones; people should feel as comfortable navigating virtual worlds and friendships as in-person realities. On the whole, this hasn’t yet come to pass. Highly immersive technologies have made inroads in niche applications like simulation training for sports and medicine, along with the video gaming industry — but they aren’t mainstream for everyday communication. The online environment Second Life, launched in 2003, offered a parallel online world as a companion space to the physical one; it saw  monthly active users drop from a million in 2013 to half that in 2018.  Google Glass, which aimed to provide augmented reality for wearers of a special camera-enabled pair of glasses, launched in 2013 mostly to widespread mockery.

As Zoom fatigue has highlighted, the road to more immersive technologies for communication isn’t always a smooth one. But experts across fields from education to communication, computer science and psychology agree that deeper immersion still holds great promise for making people feel more connected, and they are aiming to help navigate the bumpy road to its best adoption. “I hope that no pandemic ever happens again, but if it does, I hope we have better technologies than we have now,” says Fariba Mostajeran, a computer scientist who studies human-computer interaction and virtual reality at Hamburg University. “For people who live alone, it has been really hard not to be able to hug friends and family, to feel people. I’m not sure if we can achieve that 10 years from now, but I hope we can.”

For distanced communication to live up to its full potential, “there will need to be an evolution,” Bailenson writes me, “both on the technology and on the social norms.”

Sudden shift

It takes a while for societies to adapt to a new form of communication. When the telephone was first invented, no one knew how to answer it: Alexander Graham Bell suggested that the standard greeting should be “Ahoy.” This goes to show not just that social use of technology evolves, but also that the inventors of that technology are rarely in the driver’s seat.

Email has danced between being extremely casual and being as formal as letter-writing as perceptions, expectations and storage space have shifted. Texting, tweeting and social media platforms like Facebook and Snapchat are all experiencing their own evolutions, including the invention of emojis to help convey meaning and tone. Ever since prehistoric people started scratching on cave walls, humanity has experimented with the best ways to convey thoughts, facts and feelings.

Some of that optimization is based on the logistical advantages and disadvantages of different platforms, and some of it is anchored in our social expectations. Experience has taught us to expect business phone calls to be short and sharp, for example, whereas we expect real-life visits with family and friends to accommodate a slow exchange of information that may last days. Expectations for video calls are still in flux: Do you need to maintain eye contact, as you would for an in-person visit, or is it OK to check your email, as you might do in the anonymity of a darkened lecture hall?

Travel often demarcates an experience, focusing attention and solidifying work-life boundaries — whether it’s a flight to a conference or a daily commute to the office. As the online world has sliced those rituals away, people have experimented with “fake commutes” (a walk around the house or block) to trick themselves into a similarly targeted mindset.

“For people who live alone, it has been really hard not to be able to hug friends and family…. I’m not sure if can achieve that 10 years from now, but I hope we can.”

FARIBA MOSTAJERAN

But while the evolution of technology use is always ongoing, the pandemic threw it into warp speed. Zoom reported having 300 million daily meeting participants by June 2020, compared to 10 million in December 2019. Zoom itself hosted its annual  Zoomtopia conference online-only for the first time in October 2020; it attracted more than  50,000 attendees, compared to about 500 in 2017.

Some might see this as evidence that the tech is, thankfully, ready to accommodate lockdown-related demands. But on the other side of the coin, people have been feeling exhausted and disrupted.

Visual creatures

Humans are adapted to detect a lot of visual signals during conversations: small twitches, micro facial expressions, acts like leaning into a conversation or pulling away. Based on work starting in the 1940s and 1950s, researchers have estimated that such physical signals made up 65 to 70 percent of the “social meaning” of a conversation. “Humans are pretty bad at interpreting meaning without the face,” says psychologist Rachael Jack of the University of Glasgow, coauthor of  an overview of how to study the meaning embedded in facial expressions in the  Annual Review of Psychology. “Phone conversations can be difficult to coordinate and understand the social messages.”

People often try, subconsciously, to translate the visual and physical cues we pick up on in real life to the screen. In virtual worlds that support full-bodied avatars that move around a constructed space, Bailenson’s work has shown that people tend to intuitively have their virtual representatives stand a certain distance from each other, for example, mimicking social patterns seen in real life. The closer avatars get, the more they avoid direct eye contact to compensate for invasion of privacy (just as people do, for example, in an elevator).

Yet many of the visual or physical signals get mixed or muddled. “It’s a firehose of nonverbal cues, yet none of them mean the thing our brains are trained to understand,” Bailenson said in his keynote. During videoconferencing, people are typically looking at their screens rather than their cameras, for example, giving a false impression to others about whether they are making eye contact or not. The stacking of multiple faces on a screen likewise gives a false sense of who is looking at whom (someone may glance to their left to grab their coffee, but on screen it looks like they’re glancing at a colleague).

And during a meeting, everyone is looking directly at everyone else. In physical space, by contrast, usually all eyes are on the speaker, leaving most of the audience in relative and relaxed anonymity. “It’s just a mind-blowing difference in the amount of eye contact,” Bailenson said; he estimates that it’s at least 10 times higher in virtual meetings than in person.

Research has shown that the feeling of being watched (even by a static picture of a pair of eyes) causes people to  change their behavior; they act more as they believe they are expected to act, more diligently and responsibly. This sounds positive, but it also causes a hit to self-esteem, says Bailenson. In effect, the act of being in a meeting can become something of a performance, leaving the actor feeling drained.

For all these reasons, online video is only sometimes a good idea, experts say. “It’s all contextual,” says Michael Stefanone, a communications expert at the University of Buffalo. “The idea that everyone needs video is wrong.”

Research has shown that if people need to establish a new bond of trust between them (like new work colleagues or potential dating partners), then “richer” technologies (video, say, as opposed to text) are better. This means, says Stefanone, that video is important for people with no prior history — “zero-history groups” like him and me. Indeed, despite a series of emails exchanged prior to our conversation, I get a different impression of Stefanone over Zoom than I did before, as he wrangles his young daughter down for a nap while we chat. I instantly feel I know him a little; this makes it feel more natural to trust his expertise. “If you’re meeting someone for the first time, you look for cues of affection, of deception,” he says.

But once a relationship has been established, Stefanone says, visual cues become less important. (“Email from a stranger is a pretty lean experience. Email from my old friend from grade school is a very rich experience; I get a letter from them and I can hear their laughter even if I haven’t seen them in a long time.”) Visual cues can even become detrimental if the distracting downsides of the firehose effect, alongside privacy issues and the annoyance of even tiny delays in a video feed, outweigh the benefits. “If I have a class of 150 students, I don’t need to see them in their bedrooms,” says Stefanone. He laughs, “I eliminate my own video feed during meetings, because I find myself just staring at my hair.”

In addition to simply turning off video streams occasionally, Bailenson also supports another, high-tech solution: replacing visual feeds with an automated intelligent avatar.

The idea is that your face onscreen is replaced by a cartoon; an algorithm generates facial expressions and gestures that match your words and tone as you speak. If you turn off your camera and get up to make a cup of tea, your avatar stays professionally seated and continues to make appropriate gestures. (Bailenson demonstrates during his keynote, his avatar gesturing away as he talks: “You guys don’t know this but I’ve stood up…. I’m pacing, I’m stretching, I’m eating an apple.”) Bailenson was working with the company Loom.ai to develop this particular avatar plug-in for Zoom, but he says that specific project has since been dropped. “Someone else needs to build one,” he later tells me.

Such solutions could be good, says Jack, who studies facial communication cues, for teachers or lecturers who want visual feedback from their listeners to keep them motivated, without the unnecessary or misleading distractions that often come along with “real” images.

All together now

This highlights one of the benefits of virtual communication: If it can’t quite perfectly mimic real-life interaction, perhaps it can be better. “You take things out that you can’t take out in real life,” says Jack. “You can block people, for example.” The virtual landscape also offers the potential to involve more people in more activities that might otherwise be unavailable to them because of cost or location.  Science conferences have seen massive increases in participation after being forced to thrust their events online. The  American Physical Society meeting, for example, drew more than 7,200 registrants in 2020, compared with an average of 1,600 to 1,800 in earlier years.

In a November 2020 online gathering of the American Association of Anthropology, anthropologist and conference chair Mayanthi Fernando extolled the virtues of virtual conferences in her opening speech, for boosting not just numbers but also the type of people who were attending. That included people from other disciplines, people who would otherwise be unable to attend due to childcare issues, and people — especially from the Global South — without the cash for in-person attendance. Videoconferencing technologies also tend to promote engagement, she noted, between people of different ages, languages, countries and ranks. “Zoom is a great leveler; everyone is in the same sized box,” she said. (The same meeting, however, suffered from “bombers” dropping offensive material into chat rooms.)

Technology also offers huge opportunity for broadening the scope and possibilities of education. EdX, one of the largest platforms for massive open online courses (MOOCs), started 2020 with 80 million enrollments; that went up to 100 million by May. Online courses are often based around prerecorded video lectures with text-based online chat, but there are other options too: The Open University in the UK, for example, hosts  OpenSTEM Labs that allow students to remotely access real scanning electron microscopes, optical telescopes on Tenerife and a sandbox with a Mars rover replica.

There is great potential for online-based learning that isn’t yet being realized, says Stephen Harmon, interim executive director of the Center for 21st Century Universities at Georgia Tech. “I love technology,” says Harmon. “But the tech we use now, like BlueJeans or Zoom, they’re not built for education, they’re built for videoconferencing.” He hopes to see further development of teaching-tailored technologies that can monitor student engagement during classes or support in-class interaction within small groups. Platforms like Engage, for example, use immersive VR in an attempt to enhance a student’s experience during a virtual field trip or meeting.

Full immersion

For many developers the ultimate goal is still to create a seamless full-immersion experience — to make people feel like they’re “really there.” Bailenson’s Virtual Human Interaction Lab at Stanford is state of the art, with a pricey setup including goggles, speakers and a moveable floor. Participants in his VR experiments have been known to scream and run from encounters with virtual earthquakes and falling objects.

There are benefits to full immersion that go beyond the wow factor. Guido Makransky, an educational psychologist at the University of Copenhagen, says that virtual reality’s ability to increase a person’s sense of presence, and their agency, when compared to passive media like watching a video or reading a book, is extremely important for education. “Presence really creates interest,” he says. “Interest is really important.” Plenty of studies have also shown how experiencing life in another virtual body (of a different age, for example, or race) increases empathy, he says. Makransky is now working on a large study to examine how experiencing the pandemic in the body of a more vulnerable person helps to improve willingness to be vaccinated.

But VR also has limitations, especially for now. Makransky notes that the headsets can be bulky, and if the software isn’t well designed the VR can be distracting and add to a student’s “cognitive load.” Some people get “cyber sickness” — nausea akin to motion sickness caused by a mismatch between visual and physical motion cues. For now, the burdens and distractions of immersive VR can make it less effective at promoting learning than, for example, a simpler video experience.

Mostajeran, who looks primarily at uses of VR for health, found in a recent study that a slideshow of forest snaps was more effective at reducing stress than an immersive VR forest jaunt. For now, she says, lower-immersion technology is fine or better for calming patients. But, again, that may be just because VR technology is new, unfamiliar and imperfect. “When it’s not perfect, people fall back on what they trust,” she says.

All technology needs to surpass a certain level of convenience, cost and sophistication before it’s embraced — it was the same for video calling. Video phones go much further back than most people realize: In 1936, German post offices hosted a public video call service, and AT&T had a commercial product on the market around 1970. But these systems were expensive and clunky and few people wanted to use them: They were too ahead of their time to find a market.

For distanced communication to live up to its full potential, “there will need to be an evolution, both on the technology and on the social norms.”

JEREMY BAILENSON

Both Mostajeran and Makransky say they’re impressed with how much VR technologies have improved in recent years, getting lighter, less bulky and wireless. Makransky says he was surprised by how easy it was to find people who already own VR headsets and were happy to participate in his new vaccination study — 680 volunteers signed up in just a few weeks. As the technology improves and more people have access to it and get comfortable with it, the studies and applications are expected to boom.

Whether that will translate to everyone using immersive VR for social and business meetings, and when, is up for debate. “We just missed it by a year or two, I think,” said Bailenson optimistically after his keynote presentation.

For now, the researchers say, the best way to get the most from communication media is to be aware of what you’re trying to achieve with it and adapt accordingly. People in long-distance relationships, for example, get value out of letting their cameras run nonstop, letting their partners “be in the room” with them even while they cook, clean or watch TV. Others, in the business world, aim for a far more directed and efficient exchange of information. Video is good for some of these goals; audio-only is best for others.

“This has been a heck of an experiment,” says Stefanone about the last year of online engagement. For all the pitfalls of social media and online work, he adds, there are definitely upsides. He, for one, won’t be jumping on any planes when the pandemic ends — he has proved he can do his academic job effectively from home while also spending time with his daughter. But it’s hard to know where the technology will ultimately take us, he says. “The way people adapt never follows the route we expect.”

This article is part of  Reset: The Science of Crisis & Recovery , an ongoing Knowable Magazine  series exploring how the world is navigating the coronavirus pandemic, its consequences and the way forward. Reset is supported by a grant from the Alfred P. Sloan Foundation.

This article originally appeared in Knowable Magazine, an independent journalistic endeavor from Annual Reviews. Sign up for the newsletter.

Knowable Magazine | Annual Reviews