Archive for March, 2017

What Are Man-In-The-Browser Attacks?

28th March, 2017

Man-in-the-Browser (MitB) attack is one of the most harmful forms of online threats prevalent in the recent times. It involves the use of a Trojan horse to gain access to the target user’s online banking credentials, financial details, account numbers and other sensitive information. The hacker uses a phishing approach to trick the user to click on a link that directs him to a website with manipulated form fields. A Man-in-the-Browser attack is quite difficult to detect as it does not hamper the normal functioning of the web browser.

Man-in-the-Browser attack can be specifically risky because of the following reasons:

  • It does not require complex hacking or phishing techniques to gain access to the user’s web browser.
  • It cannot be detected by anti-virus software.
  • Since the attack operates between the browser and the user’s input, it can easily circumvent the standard security measure, such as two factor authentication.

How Does A Man-In-The-Browser Attack Work?

Just like other online attacks, a Man-in-the-Browser attack also begins by infecting the user’s computer with a malware. This may be done by compelling the user to download a malicious attachment, visit a fake website or click on a malware injected URL. Once the system has been infected, the malware remains in stealth mode until the user performs the desired action, such as access an online banking account or visit a shopping website.

At this stage, the malware gets activated and creates a code to add extra input fields in the web page. When the user enters the information in these fields, it gets transmitted to the hacker. The Man-in-the-Browser attack can even involve secretly manipulating data on the website, such as account number or amount to be transferred to initiate illegitimate transactions without the knowledge of the user.

How To Prevent Against Man-In-The-Browser Attack?

  • Keep your web browser, operating system and other software updated as well as properly patched.
  • Install anti-malware software on your computer system and update it frequently.
  • Be careful while filling form fields on online banking and shopping websites. If you are asked to fill in additional form fields, provide more
  • information than is normally required or re-enter your password, you should close the browser and start a new session.
  • Keep a check on browser extensions. Make sure you use only reputed extensions and disable the ones that are no longer required.

We, at Centex Technologies, provide complete information security solutions to business firms in Central Texas. For more information, feel free to call us at (855) 375 – 9654.

,

No Comments

How To Combat Online Gaming Security Risks

21st March, 2017

As the online gaming industry continues to expand, hackers are looking for ways to breach into the players accounts to gain access to their personal and financial details. Whether you are a regular player or occasionally spend some time on an online game, you are making yourself susceptible to many potential attacks that can jeopardize your personal identity as well as financial privacy.

Given below are some of the common security risks associated with online gaming and how you can stay protected against them:

Phishing

Phishing is a scamming technique that involves the use of imitation websites or fake URLs. The hackers send out emails to the online gamers with an aim to defraud them and gain access to their account login credentials or credit card details. The users may be required to click on a link to validate the online gaming account or change their password. The information entered is directly transmitted to the hackers.

To protect against phishing attacks, make sure you do not click on a link in an email. Instead, manually type in the gaming website’s URL to log in to your account and update your account settings.

Character/Inventory Theft

In this type of attack, the cyber criminals may attempt to cheat the players with in-game resources, paid account upgrades or game characters. The stronger your game characters are, higher will be your chances of being targeted by the hackers. They may offer lucrative in-app purchases or character upgrades to extract your credit card details.

Playing cautiously is important to avoid being a victim of such attacks. Set up two factor authentication and create a strong password to prevent the hackers from breaching your gaming account.

Malicious File Downloads

Online gaming involves several file downloads. To capitalize on this, the hackers may attempt to infect the player’s computer system with malware. They may install fake game updates, anti-cheats, in-game interface tweaks, utility files etc. that contain a malicious code. Once executed, the malware acts as a keylogger as well as records your user name, password, credit card numbers and other sensitive information.

In order to stay safe, you should install an anti-virus software on your device. Schedule a daily scan to identify and remove any keylogger tools or malware files. Also, keep your device updated with the most recent patches and OS versions released by genuine vendors.

For more tips on online gaming security, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Cyber Security Threats To The Finance Sector

14th March, 2017

Cyber security has always been a major concern for the finance sector. With the extensive use of computers and innovative technology in carrying out financial transactions, hackers are looking for ways to breach the security of the organization’s internal network. Their purpose may be to inject a malware laden code, steal account credentials, perform unauthorized money transfers etc.

In the present times, cyber attacks are not only becoming more sophisticated but also quite hard to detect. Therefore, it is important for the IT professionals to formulate a coherent strategy to protect the financial institution against different forms of online attacks.

Listed below are some of the major cyber security threats to the finance sector:

Data Breach

Security flaws in the computer’s operating system and software applications provide a backdoor for the hackers to gain access to the network. Once successful, they may be able to store customers’ financial information such as credit card numbers, ATM pins, user IDs, passwords etc., even if they are stored in an encrypted format. Lack of proper security measures, unsecure network configuration and reckless data storage practices can make a financial organization vulnerable to data breach.

Spear Phishing And Whaling

In a spear phishing attack, the hackers send out spam emails that have been disguised to have come from a genuine source. The email is usually crafted in a way that the users are tricked into providing sensitive information to the hacker, such as internet banking password or credit card number. Often, these emails create a sense of urgency and contain an embedded link or attachment.

Taking spear phishing a step further, whaling attacks involve sending emails in the name of the executives and CEOs to trick the finance officials into transferring money to fraudulent accounts.

DDoS Attacks

A Distributed Denial of Service (DDoS) attack is carried out to make a corporate network unavailable to the users. The hackers identify an unpatched vulnerability in the computer to infect it as well as the devices that connect to the system. These computers, also known as bots, are used as a part of the botnet to flood the target system with unauthorized requests, causing it to crash and inaccessible by the genuine users.

For more information on cyber security threats to the finance sector, contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Common Misconceptions About Wi-Fi Security

7 March, 2017

It is a well-known fact that unsecured Wi-Fi networks are quite unsecure, particularly for banking, online shopping, social networking and other sensitive web browsing. As open wireless hotspots are easily available at restaurants, hotels, coffee shops etc., hackers have found an easy way to breach the security of the network to track the users’ online activities, record information being transmitted and manipulate data.
With multiple security risks associated with Wi-Fi access, there are some common misconceptions that need to be steered clear of in order to stay safe:

Not broadcasting SSID hides your wireless network

A lot of people believe that if they hide their Service Set Identifier (SSID), the hackers would not be able to find and connect to their Wi-Fi network. However, this is not absolutely true. Computer systems that operate on Windows 7 and newer versions display all the wireless networks that are in range, even the ones that do not have an assigned SSID. Additionally, hackers have various tools to acquire a network’s SSID.

MAC address filtering keeps your network secure

Media Access Control (MAC) address filtering is also a common technique of keeping a Wi-Fi network secure. The user can create a white list comprising the MAC addresses of all the computers that are authorized to access the network. Though it does provide security to some extent, hackers can easily spoof the MAC address of the computer systems. With the use of wireless analyzers, they can view the list of all devices in your white list, modify the MAC address of their own device and gain access to the network.

Strong authentication and encryption provide complete protection

Encryption and WPA2 authentication are recommended to prevent hackers from viewing, stealing or manipulating the data being shared on your Wi-Fi network. However, this does not mean that you can completely rely on them. If the administrator does not validate the security certificate while configuring a wireless device, it can leave your network open to several vulnerabilities.

You should disable your router’s DHCP server

Disabling the router’s Dynamic Host Control Protocol (DHCP) server that assigns an IP address to all the devices connected to your network, is also believed to protect against attacks. However, if a hacker has already penetrated your wireless network, he can easily determine the IP addresses that you have assigned. Thereafter, he may create a compatible IP address to gain access to the network.

For more tips and information on Wi-Fi security, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments