What Is An Evil Twin Attack

With the advancement of technology, there has been a rise in the use of wireless connectivity solutions. It has found applications in restaurants, coffee shops, offices and shopping malls. However, wireless connectivity in the form of Wi-Fi is inherently less secure. It is largely unprotected from threats that can result in theft of credentials and sensitive information. The unprotected access points expose your connection and personal data to cyber-attacks such as ‘Evil Twin Attack’.

Understanding An Evil Twin

An evil twin is a rogue wireless access point that appears as a genuine hotspot offered by a legitimate provider. It typically clones the MAC address, name and service set identifier (SSID) of the network. This makes it hard for the users to differentiate between original and fake access point.

An attacker can conveniently create an “evil twin” within the smart phone or other internet-capable device using some easily available software. He discovers the radio frequency of a legitimate access point and uses the same to send out his own radio signals with the same name as original access point. This enables the attacker to eavesdrop on the network traffic, capture traffic or plant malware on the system.

Implications To Cybersecurity

Once the fake access point is set up, it poses as a local hotspot. The attacker positions himself near the end-user so that his signal is strongest within the range. The strong signals tempt users to connect manually to the evil twin for internet access. Also, it can be a case where the end-user’s computer automatically chooses that connection. This allows the hacker to intercept user’s sensitive data that is being shared between user and the host. Thus, he can obtain sensitive information or login credentials resulting in identity theft or financial loss of the end-user. Attackers are also using social engineering to clone a login page through which credentials can be stolen.

Ways To Prevent Evil Twin Attack

To avoid evil twin network connections, following tips should be considered by end-users:

  • Refrain from using public hot spots for online shopping or banking.
  • Users should disable auto connect feature on all wireless devices.
  • Connect via a virtual private network (VPN) to compress all traffic while using a public access point.
  • Before connecting, ask the owner of the area for official name of the hotspot and security key, if any. Type the incorrect key intentionally; evil twin hotspots will grant access irrespective of the key.

Companies should also incorporate measures to protect corporate data from evil twin attack:

  • Instruct employees to use Wi-Fi Intrusion Prevention Systems (WIPS) to prevent their systems from connecting to unauthorized duplicate access points.
  • Protect company’s wireless connections with Personal Security Key (PSK) and provide its details to employees and customers.

For more information on IT security solutions for your business, call Centex Technologies at (254) 213 – 4740.

, , , , ,

Safe Internet Access For Kids

Giving your child access to using internet may be required for educational purposes but it is equally important to ensure how safely the internet is being used by them. Children can often come across dangerous online content which gives rise to the need for equipping yourself with necessary knowledge about online threats for your kids. They can browse through a lot of stuff either accidently or on purpose.

Following internet safety tips can help your child to manage online risks and enjoy safe use of internet:

  1. Achieving Internet Safety For Kids: Children, these days, are spending longer hours using online media for entertainment and education. Kids are more curious to explore further and trust whatever they see. This makes them susceptible to a lot of sensitive content. These unique set of problems require careful monitoring to help your kids achieve internet safety.
  2. Monitor Your Child’s Online Activity: Mostly children are not able to spot various scams and fall for unnecessary schemes. They are at an age which makes them unable to understand the difference between an ad, a spam or any other malicious attack. It is important to be aware of the sites that your child is visiting and tracking their online behavior. Also, there are various parental control apps to help parents monitor their kid’s internet usage in a better way. The apps keep a track of the online sites visited by your child. They also keep a control on internet connection time, block malicious websites and report any unusual online activity.
  3. Communicate With Your Child: Talk to your kids about the scams that they might be facing on internet and help them to understand the basics of cyber security. Emerging online threats and safe browsing on internet are other important topics that you should discuss with your kids. It is important to help them know about the implications of a virus to assist them in developing a better understanding on safe online browsing. Also, spending time online with your child can teach your kids appropriate online behavior.
  4. Make Sure Your Child Is Anonymous Online: It is important for kids to understand that they should not reveal any personal information such as address, phone number, or school name or location on social platforms. Exercising restraint is beneficial for their internet safety. Strictly instruct them not to post or trade any personal pictures. Inform them to use a screen name instead of real name. Make sure to let your kids know that they should never share passwords with anyone. Children should not agree to meet in person with anyone they met online without parent’s supervision and they should never respond to any threatening email or message.

For more information on keeping your child internet safe, call Centex Technologies at (254) 213-4740.

, , , , ,

Protecting Your Home IoT Devices

View Full Image

, , , ,

What Is Doxing?

Doxing is referred to as the dark side of OSINT or Open Source intelligence. OSINT is an overt method of data collection and involves the practice of gathering information from publically available resources such as public media, internet, public government data, professional or academic publications, corporate databases, financial assessments and grey data (unpublished papers, business documents & patent reports).
The term Doxing is an abbreviation for ‘dropping documents’ which means compilation and release of a dossier of personal information on someone. The information included in the dossier is gathered via public resources and thus, the act falls under the category of OSINT.

Sources Of Information
The perpetrator gathers information from public and open sources. Some common sources of information are:

  • Social media
  • Blogs
  • Personal websites
  • Online forums & web discussions
  • Online gaming profiles

Targeted Information
Typically a dossier contains following information about an individual.

  • Contact information
  • Social Security Number
  • Personal photographs
  • Social media profiles
  • Credit card details
  • Credit report
  • Banking information

Why Is Doxing Called Dark Side Of OSINT?
Although the information is gathered using overt methods; the online publication of personal information usually results in illegal implications. The tactic is rarely in public interest and is often targeted at breaching the victim’s personal information and publishing it to attract unwanted harassment. It can pose following threats:

  • Threat To Personal Safety: Public release of contact information, personal photos, address, etc. can be used by cyberbullies for harassing the victim. Also, it may lead to some hacking acts such as fake memberships or serious crimes such as stalking, swatting, etc.
  • Threats To Cybersecurity: The information collected by Doxing may be used by hackers or cyber criminals to pressurize either an individual or an organization for financial gains.

Ways To Protect Yourself
Here are some simple tricks to protect yourself from Doxing attacks:

  • It is important to understand the basics of social engineering. Social engineers scan the online profiles and data for useful information that can be used to victimize the target. Thus, it is important to scrutinize the information you share on your social media profiles and avoid oversharing your personal information.
  • Check the privacy settings of your social media profile and edit them to ensure that your personal information is shared with your friends only. Also, be critical of people you add to your list of social media friends.
  • Hide your IP address by using a trusted proxy or VPN service for anonymity while using internet.
  • When purchasing a domain, invest in WHOIS protection to prevent unwanted access to the information you share on your website.
  • Avoid using a single email address for all online accounts. It is advisable to use different emails, passwords & usernames for different profiles, gaming and bills. Also, deploy multi-factor authentication for your accounts.

For more information on Doxing and its outcomes, call Centex Technologies at (254) 213-4740.

, , , , ,

What Is SamSam Ransomware?

SamSam is a targeted ransomware attack which incorporates custom infection using a wide range of exploits or brute force tactics. The ransomware is also known as Samas or SamsamCrypt. The first version of the ransomware was released in late 2015. The SamSam ransomware attacks do not make use of phishing or malware downloads to infect a network; instead they utilize following modes of infection:

  • Vulnerabilities in Remote Desktop Protocols (RDP)
  • Vulnerabilities in Java based web servers
  • Vulnerabilities in File Transfer Protocol (FTP)
  • Brute force against weak passwords
  • Stolen login credentials

Once, the ransomware has initial foothold on the victim’s network, it compromises the network to gain control. Also, SamSam is a manual attack. Thus, in case an application detects the ransomware, the attackers modify a registry entry to disable the endpoint tool’s detection. This enables them to compromise the application and control the network. SamSam uses a number of applications to accomplish the attack such as Mimikatz, reGeorg, PsExec, PsInfo, RDPWrap, NLBrute, Impacket, CSVDE, PowerSploit and JexBoss.

During the reconnaissance phase, the attackers try to write a plain text file named test.txt to target. If successful, they add the target to a list titled alive.txt on Domain Controller (DC). After ensuring that DC has writing privileges for machines, the ransomware is deployed and pushed to all the machines controlled by DC simultaneously.

The ransomware follows an efficient approach for encrypting the files on infected machines.

  • The encryption is initiated on holidays, weekends or late nights to buy time for maximizing the impact before getting noticed.
  • Files with selective extensions or important files required for running the machines are encrypted first.
  • The remaining applications or files are encrypted later; starting from smaller files and gradually moving towards larger files.
  • A unique AES key is generated for every encrypted file.
  • As soon as encryption is complete, ransomware deletes its installer and removes any traces of the attack.
  • It becomes difficult for victims to download files from off shore backup because the applications required to run the machine are also inaccessible. Thus, they are required to go thorough time consuming process of reloading the disk and installing applications before downloading back up files.

A ransom note is left on target organization’s machines demanding a set amount of bitcoin currency to decrypt a single machine and a lump sum amount for decrypting all the machines at once. Every victim is provided a unique web address on dark web which leads to chat feature for communicating with the attackers. The chat is deleted after a victim pays the ransom.

Security Practices To Prevent SamSam Attack:

  • Regularly install available patches for RDP service. Also, disable the service when not needed by the users.
  • Ensure that no RDP ports are left open during interactions between cloud-based virtual machines and public IPs. If it is required to leave RDP Port of a system open, keep the system behind firewall and instruct users to communicate with this machine via VPN.
  • Enable, two-factor authentication, strong passwords and account lockout policies.

For more information on how to secure your network, call Centex Technologies at (254) 213 – 4740.

, , , , ,