Tips For Disaster Recovery Planning After A Cyber Attack
A well-planned cyber-attack can wreak havoc on any business. Although, it is advisable to take precautionary steps in order to avoid such attacks; still, some cyber-attacks can catch your business off-guard. Thus, it is important to have a Disaster Recovery Plan for dealing with the after-effects of any cyber-attack. A Disaster Recovery Plan (DRP) helps in softening the blow of the attack by minimizing the loss. A successful DRP should conduct a thorough Business Impact Analysis (BIA) and Risk Analysis (RA). This will help in determining the business areas that need to be prioritized for security. Also, this will enable you to establish an estimated Recovery Time Objective (RTO).
For drafting an effective DRP, it is important to consider following tips in addition to BIA and RA:
A DRP needs to include all the aspects of the business to ensure that no aspect is left exposed during a tragic event.
- To begin with, segregate your data as per priority. This will facilitate you in increasing the security of vital data, resources, devices, and systems. Also, you can draft separate recovery plans for critical data that is of sheer importance to your organization.
- It is advisable to set up a separate ‘safe house’ or satellite location and keep a backup of your data. This will help you in avoiding the loss of business in face of a cyber-attack. However, weigh the cost of setting up a separate location against the loss that will be incurred if the business becomes inoperative during RTO. Consider the cost-effectiveness to make an effective decision.
- If your business organization has some mobile devices that are not linked to the main server, then formulate an alternative backup plan for these devices. This will ensure that these devices do not have to depend upon the DRP.
- Make it a point to encourage the individual users to run regular backups for their own safety.
The 5 W’s Of DRP
The 5 W’s of DRP help in developing an accurate contingency plan to maximize the longevity of your business:
Who? In order to create a risk-free environment, make it a point to educate every single user about the DRP. This is the key to ensure the success of your recovery plan. Thus, if any cyber-attack threatens our organization, every user will be able to play his role in the recovery plan efficiently.
What? An organization’s DRP should address what steps would be taken if the business meets with an unfortunate situation. The steps should be clearly laid out and should address diverse situations ranging from damaging cyber-attacks to regular risks of losing staff/vital data.
Where? DRP needs to look ahead of the geographical business location alone. Some other aspects that should be included in the DRP are company vehicles, remote workforce, etc.
Why? It is important to understand why you need a DRP. It is a contingency plan that would help the business sustain if met with a disastrous cyber-attack.
When? A common question is that when do you need to formulate a DRP. The answer is that you should formulate a DRP well in advance so that you are equipped to handle any situation, whenever it arises.
For more information on Disaster Recovery Planning, call Centex Technologies at (254) 213 – 4740.
Understanding New Evasion Techniques Followed By Web Skimmers
Cyber criminals have been stealing the card details of users for years. They have been successful at card skimming, both at server-side and client-side, without attracting much attention. However, some notable breaches in past few years put them under the scrutiny of security researchers. To tackle the situation, the threat actors have employed new evasion techniques to evolve their craft.
In order to safeguard yourself from web skimming attacks, it is important to be aware of following new evasion techniques adopted by the cyber criminals:
- Steganography: Steganography is the technique of hiding data directly on the pixel value of an image in such a manner that the effect of data is not visible on the image. First case of using steganography to hide a malicious code was ‘ZeusVM’ in 2014. It was a Zeus banking Trojan that used a beautiful sunset image to hide its configuration data. The technique is now being used by web skimmers to trick the website security and users.A simple example may be of any ecommerce website. An e-commerce website loads numerous images such as logos, product images, offer images, etc. The web skimmers use these images (that attract user clicks such as free shipping banners) to embed their code. On studying the image properties, they may show a ‘Malformed’ message and additional data after normal end of the file. Threat actors use code snippets to load the fake images and parse the website’s JavaScript content via the slice() method.
It is an easy way to slide past the website security because the web crawlers and scanners tend to focus on HTML and JavaScript while ignoring media files. To protect yourself from skimming acts, scan the source file of any media files downloaded from third party sites.
- WebSockets Instead of HTTP: HTTP follows a request and response communication channel to a server and from a client. WebSockets, on the other hand, is a communication protocol that allows streams of data to be exchanged between a client and server over a single TCP connection. It allows a more covert way to exchange data as compared to HTTP. The web skimmers use a skimming code and data exfiltration to launch the attack. The code is obfuscated in the communication in a way that it is concealed from DOM. Once the code is run in the browser, it triggers client handshake request. The request is received by the server controlled by the cyber criminals which responds to it. This establishes the connection between victim client browser and malicious host server. Now the skimming code is downloaded on the victim system and run as JavaScript code.
Centex Technologies provide cyber & network security solutions for businesses. For more information on new evasion techniques followed by web skimmers, call Centex Technologies at (254) 213 – 4740.
What Is WinRAR Bug?
WinRAR is a commonly used software for creating and extracting archives on Windows and other supported OS. The main reason for the popularity of the software is that it is capable of supporting different types of packing formats. Thus, the software has over 500 million users. However, the software was found to be corrupted by a bug which was named ‘WinRAR Bug’.
1. When Was WinRAR Bug Discovered?
The bug was discovered in early 2019; however, the bug itself was 19-years old at the time of discovery. The bug was discovered by security research run by ‘Check Point Research’.
2. What Is WinRAR Bug?
It is a code execution vulnerability (CVE 2018-20250). The code was used to extract the ACE archive format (which is now rarely used). The library that is responsible for the vulnerability is UNACEV2.DLL. The library had not been updated since 2005. Also, it was a third-party library so, WinRAR did not have access to the source code. This made it troublesome to amend the vulnerability.
3. What Does It Do?
- The vulnerability can be exploited by pushing specially prepared archives to the user system.
- The hackers can manipulate WinRAR by renaming an ACE file with a ‘rar’ extension.
- The vulnerability now enables hackers to extract files to any folder instead of the default or user-selected folder.
Hackers extract malware loaded files to the Windows start-up folder. - The malware is executed at the next start of the system.
4. What Are The Examples Of Cyber Attack Campaigns Launched To Exploit WinRAR Bug?
- The vulnerability was exploited by hackers to launch more than 100 targetted attacks. Some of the examples are:
One such attack uses a bootlegged copy of Ariana Grande’s hit album ‘Thank you, Next’ with a file name ‘Ariana_Grande-thank_u,_next(2019)_[320].rar’ which contains a hidden malware code. Whenever a compromised version of WinRAR is used to extract the files, a list of harmless MP3 files is downloaded to the user’s selected folder, while the malware payload is extracted in the Windows Startup folder in the background without the user’s knowledge. When the user starts his system next time, the payload is run to launch the malware code. - Apart from general attacks, the hackers also used this vulnerability to target government agencies by embedding technical documents, law documents and other such archives with malicious code.
5. How To Get Rid Of The Bug?
WinRAR has launched a new version ‘5.70 beta 1’ with patched vulnerability. Since WinRAR did not have access to the source code of the culprit directory, the team has completely deleted this directory from the new version. Thus, ACE format support has been dropped from WinRAR in order to protect the users.
Also, all the WinRAR versions that were launched prior to ‘5.70 beta 1’ are prone to the vulnerability and WinRAR does not have an auto-update feature. So, it is advised to manually download the new version to avoid being a victim of exploits based on WinRAR bug.
For more information on computer and network security for businesses, call Centex Technologies at (254) 213 – 4740.
All You Need To Know About DevOps
As a term, DevOps is derived by combining two different terms- Dev and Ops. “Dev” is a vast term that covers all kinds of software developers and “Ops” includes system engineers, system administrators, operations staff, release engineers, network engineers, system security professionals, and various other sub-disciplines.
DevOps is a practice rather than a set of tools. It can be defined as a setup where the development and operations engineers work together through all the stages of a service lifecycle including design, development, production support, deployment, testing, and continuous improvement.
DevOps is essentially based upon a CAMS structure:
- Culture: This practice requires the organization to build a culture where people and processes are top priorities. It focuses on the overall service that is delivered to the customer instead of the ‘working software’ only.
- Automation: In order to implement the DevOps practice to its complete capabilities, it is essential to build an automated fabric of tools. Common tools that should be a part of this fabric are the tools for release management, provisioning, configuration management, systems integration, monitoring, control, and orchestration.
- Measurement: Successful implementation of DevOps requires a team to regularly measure some metrics such as performance metrics, product metrics, and people metrics. Regularly measuring these metrics helps the team to make improvements, where required.
- Sharing: Sharing of ideas is an important part of DevOps implementation. It involves a thorough discussion of problems between the development and operations teams to find common solutions.
Challenges Solved By DevOps:
In the absence of DevOps application development, a general development scenario includes:
- A development team that is responsible for gathering business requirements for software and writing code.
- A QA team that is responsible for testing the software in an isolated development environment and releasing the code for deployment by the operations team, if requirements are met.
- A deployment team that is further fragmented into independent groups such as networking and database teams.
Since the teams functioned independently, new challenges are added whenever software is pushed from one phase to another. Some of the challenges arising from this setup are:
- The development team is unaware of the problems faced by the QA and Operations teams which may prevent the software from functioning as required.
- QA and operations teams have little information about the business purpose and value that formed the basis of software development.
- Each team has independent goals that may contradict each other leading to reduced efficiency.
DevOps application development helps in integrating the teams and thus, overcoming these challenges. It establishes cross-functional teams that run in collaboration to maintain the environment that runs the software.
For more information on DevOps, call Centex Technologies at (254) 213 – 4740.
Social Networks
Author
978-1-4582-1785-1 (SC ISBN)
978-1-4582-1787-5 (HC ISBN)
978-1-4582-1785-1 (Ebook ISBN)
Abdul Subhani
I am the President & CEO of Centex Technologies Microsoft Small Business Specialist, Certified E-Commerce Consultant, Certified Ethical Hacker, Certified Fraud Examiner, Virtual Instructor and an IT Consultant/Speaker on IT Security, Networking, Small Business Architect, & SEO Internet Marketing. 
Certifications
Twitter posts
We've been nominated for Small Business of the Year, Best I.T. Company, Young Entrepreneur of the Year, and CEO of the Year. Register and search for myself or Centex Technologies. It will only take you 5 minutes and I would greatly…lnkd.in/eqhaUXp lnkd.in/erfAizd
reply
retweet
favorite