Archive for December, 2016

Identifying An Advanced Persistent Threat

27 December, 2016

Advanced persistent threats (APTs) pose a big network security challenge for the business firms. These forms of attacks are very well-organized and involve the use of phishing techniques to trick users into downloading a malware on to their computer systems. However, the ultimate objective of an advanced persistent threat attack is far more than compromising the network security. It aims at stealing valuable intellectual data of the company, such as project details, business contracts, patent information, sales data etc.

Advanced persistent threats generally work stealthily and can go undetected for long periods of time, which makes it even more important to employ the necessary security procedures. Though these attacks are difficult to detect, there are certain signs that indicate that your network has been compromised:

Presence of widespread backdoor Trojans

In an advanced persistent threat, the hackers install various backdoor Trojans to gain access to the target computer system, even if the log in credentials are changed. These Trojans are commonly deployed through social engineering techniques, mainly through a phishing email or drive-by download.

Unexpected information flows

If you suspect unexpected and enormous flow of information from your corporate network to other internal or external computer systems, this may indicate an advanced persistent threat. As these attacks are targeted at stealing confidential information about the company, even a limited amount of unauthorized data transfer should not be overlooked.

Increase in log-in attempts during late night

If you notice a sudden and extensive number of log-in attempts on your official email accounts, it may indicate an advanced persistent threat. This may be done to compromise the security of your entire corporate network. The hackers mainly breach accounts outside the normal working hours of your employees or late at night.

Use of pass-the-hash hacking technique

Pass-the-hash is a common hacking technique in which the cybercriminals aim to remotely connect to your company’s internal network by capturing the password hash of the admin account. With this, they can gain an easy access to the entire network, without having to breach the original password.

Unexpected data bundles

Advanced persistent threats often accumulate the confidential data inside the network before transmitting them to the hacker. The data may be found in an unidentified file or folder where it should not be ideally stored. The files are most often saved in a compressed or archived format.

We, at Centex Technologies, are a leading IT security consulting firm in Central Texas. For more information and prevention tips for advanced persistent threats, you can call us at (855) 375 – 9654.

,

No Comments

The Different Types Of Web-Based Attacks

20 December, 2016

With majority of the business operations being conducted online, web based attacks are continually on the rise. Cyber criminals devise innovative and more sophisticated techniques to exploit unpatched vulnerabilities in the web applications. The motive behind these attacks may be different, to steal a company’s sensitive information, display spam advertizements on the website or download malware to the user’s computer.

Discussed below are the different types of web based attacks:

Structured Query Language (SQL) Injection

SQL injection is a common technique that involves injecting a malicious code to alter the sensitive information in the website’s back-end database. It may also be performed to steal payment card details, username and password as well as insert spam links to the website. SQL attacks are quite easy to execute and can severely compromise the data security of a company.

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) can be defined as a client-side code injection attack in which the hacker injects a malicious script, predominantly JavaScript, in a legitimate website. As these scripts appear to be from a trusted source, they are often executed by the end users. This, in turn, allows the hacker to gain access to the cookies, session tokens, passwords and other sensitive information.

Drive-By Downloads

In this type of attack, the hackers tamper a web application with an HTML code that stealthily downloads a malware whenever a user visits the website. Once downloaded, the program may execute itself to record keystrokes, access important files, hijack online banking sessions or use the computer as a part of botnet.

Brute Force

Brute force attacks are mainly targeted attempts to decode a user’s login credentials. In this, the hackers use a trial and error method using different user names as well as passwords till they are able to identify the correct one. Creating strong passwords and limiting the number of invalid login attempts may help to prevent a brute force attack.

DoS And DDoS

Denial of service (DoS) and distributed denial of service (DDoS) attacks are carried out by flooding a website with traffic from multiple sources, making it unavailable for the genuine users. In a DoS attack, a single computer system may attempt to crash the target server with data packets. A DDoS attack is when multiple computers, widely distributed in a botnet, send simultaneous requests to slow down and ultimately halt the web server.

We, at Centex Technologies, can help to protect your corporate network from different web-based attacks. For more information, you can call us at (855) 375 – 9654.

,

No Comments

Ways To Avoid Banking And Payment Fraud

13 December, 2016

Online banking and payment frauds are increasing at an alarming rate. Moreover, with the continuous emergence of ecommerce websites, more and more people are becoming victims of these fraudulent activities. Though online banking offers a lot of convenience, the security risks that come along with it necessitate the users to be extremely cautious while accessing their financial accounts.

Given below are a few tips that can help to avoid banking and payment fraud:

  • Enable Two Factor Authentication: The best approach is to use two factor authentication for all your online financial accounts. With this, you will have to enter your login credentials, along with the unique one time password (OTP) sent to your mobile number, to confirm any transaction. Thus, even if someone has your username and password, he would not be able to use them unless he gets the OTP.
  • Choose Strong Passwords: Create a strong and hard-to-crack password for your internet banking account. The password should ideally be 6 to 10 characters long and consist of uppercase, lowercase letters, numbers as well as symbols. Also, you should not store your password in your computer system, unless it is properly encrypted.
  • Avoid Clicking Through Emails: Be wary of phishing emails that require you to update your account information online. Also, do not click on any links embedded in such emails. They may contain a malicious code that redirects you to a fake website to record your banking credentials. It is safer to directly type in your bank website’s URL in the browser.
  • Access Your Accounts Securely: Do not access your financial accounts from open Wi-Fi hotspots. These networks do not use encryption and all the information you share can be easily viewed, accessed or modified by the hackers. Also, the website’s URL should begin with ‘HTTPS’ instead of ‘HTTP’ along with a small padlock icon in the address bar.
  • Log Out After Each Session: No matter you are using a personal/public computer system or a smartphone, it a good practice to log out after every online banking session. This will minimize the chances of becoming a victim of session hijacking and cross site scripting attacks. You should also clear the browser cache and history at the end of each session.

We, at Centex Technologies, offer comprehensive internet security solutions across Central Texas. For more tips on preventing online banking and payment fraud, you can call us at (855) 375 – 9654.

,

No Comments

Vulnerability Scanning Vs. Penetration Testing

6 December, 2016

Vulnerability scanning and penetration testing (or pen testing) are often used interchangeably in the field of IT security. Though these security tools are co-related, there are some key differences in the purpose for which each of them is carried out. Having a clear understanding is essential for the IT professionals to utilize the available resources judiciously.

Given below is a detailed description of vulnerability scanning and penetration testing:

Vulnerability Scanning

Vulnerability scanning refers to an in-depth and automated scan of the computer systems to identify any potential security flaws. It allows the organizations to evaluate the level of IT security protocols, detect weaknesses and differentiate the ones that can be exploited by the cybercriminals. The scan also involves providing a detailed report stating the steps required to either mitigate or diminish the security threats.

A vulnerability scanning process mainly involves the following steps:

  • Creating a list of the valued assets and resources in a computer system
  • Determining the importance and confidentiality of all the resources
  • Identifying the vulnerabilities, where they are located and categorize them according to their risk of being exploited
  • Eliminating the potential vulnerabilities for the most important files and data

Penetration Testing

Penetration testing involves simulating a cyber-attack to penetrate the corporate network and gain access to the sensitive data. Its main purpose is to determine if any malicious activity is possible and the way it can be carried out by the hackers. The IT security experts conduct a complete scan of the corporate network and attempt to exploit any of the identified vulnerabilities. Subsequently, a detailed report is provided stating what resources were accessed without permission, vulnerabilities that were exploited and how they can be fixed.

Essentially, penetration testing can be of two types, white box and black box. The former one involves the use of pre-disclosed information about the target company’s resources and network vulnerabilities. Black box testing, on the other hand, is performed with little or no knowledge of the security flaws in the target systems.

Though vulnerability scanning and penetration testing serve different objectives, both of them should be performed to improve an organizations’ overall IT security. Vulnerability scan should be carried out monthly and may take less than an hour to be completed. Penetration tests are recommended to be performed annually and may take a few weeks, depending upon its scope.

For more information on the importance of vulnerability scanning and penetration testing for your organization, feel free to contact Centex Technologies at (855) 375 – 9654.

, ,

No Comments