Archive for October, 2018

More About CEO Fraud

Online crimes are on a consequent rise and every sector is vulnerable to it. However, corporate sector is at a high risk as there is a constant threat of data breach.

CEO Fraud is the recent cyber-attack that has taken a toll over business sector. Also known as Business Email Compromise (BEC), it is an attack in which the attacker masquerades his original identity. They often pose themselves as the CEO or any other senior executive of an organization and send emails to the staff members. They generally ask for confidential information or make you do something which should not be done otherwise.

Such attacks are launched after careful planning & research. Cyber-criminals often search the organizations website to gather information such as physical location of the business, employee details, business partners etc. They might also gather employee specific data from sites such as LinkedIn, Facebook, Twitter, etc.

After a thorough study of organization’s structure and dynamics they search for their targets as specific employees are targeted with a specific goal.  For example, they might target accounts department if they seek some money related information, HR department if they seek employee info or IT department to access database servers. After determining exactly what they want, a phishing attack is launched. A well-drafted email containing a malicious link is then sent to selected people.

Emails in CEO fraud are crafted so realistically that it is often very hard for employees to detect that they are being tricked. Cyber-criminals might send you an email in the name of your CEO, senior executive or fellow employee with a company’s logo or seal. The text is written to initiate a sense of urgency so that the target victim in a rush to reply ignores the loopholes and provides necessary information asked for in the email.

Following are the three different things that can happen:

  • Wire Transfer: The attacker might send an email to an employee in the accounts department posing as their boss to transfer some money in a particular account urgently.
  • Passwords: Passwords to important logins may be asked through email.
  • Tax Fraud: A cyber-criminal might send a fake email asking for certain employee information in order to conduct a fraud.
  • Attorney Impersonation: The attack might also be conducted through a telephone. A cyber-criminal might email you posing as a senior official advising you to consult an attorney. Then he might impersonate as an attorney and call you to discuss an urgent matter. They trick you in passing on confidential information by creating a sense of urgency.

How To Prevent A CEO Attack?

  • If you come across a rogue & suspicious email then inform everyone on the company’s radar so that they might be wary of it in future.
  • Design policies & restrict data access to trusted employees only.
  • Train employees on ways to identify phishing emails
  • Consider multifactor authentication.

For more information IT security, call Centex Technologies at (254) 213-4740.


No Comments

Guide To VPN Routers

A VPN router is a routing device that helps in enabling network communications within a VPN environment. It connects & communicates between multiple VPN end devices that are located at separate locations.

These routers are specifically designed to protect your system from a cyber-attack. This is made possible because all the devices connected with a VPN router are protected by a Virtual Private Network

Methods Of VPN Router Setup

  • There are 3 main methods and one can go with any one of these:
  • Buying a pre-configured VPN router
  • Using a VPN enabled router that supports OpenVPN
  • Flashing a non VPN compatible router with new firmware to support VPN.

Benefits Of Using VPN Routers

  • Easy To Install – They are very similar to regular routers apart from the fact that in this case internet connection is routed through the servers of a private network. Setting up a VPN router completely negates the need of installing VPN on multiple devices separately. It can be done all at once because as soon as the VPN router is installed, you can easily connect your devices with it.
  • Less Expensive – It is always beneficial to set up a VPN router due to the twin benefit it has. Firstly, buying a VPN router is a better deal than taking separate internet subscriptions for each device. So it can help you save costs and also ensures complete security at the same time.
  • Device Friendly – You can connect multiple devices with the VPN router i.e. your smart TV, smartphone, laptop, etc. So configure the device which you have and connect it to the VPN router for added security. In other words, it requires a one-time effort in setting it all up and then you are ready to go.
  • Ensures Security – Installing a VPN router secures all the devices on the network. It adds an additional layer of privacy and maintains anonymity of all your online activities. This way it is hard for cyber criminals to break through a network secured by a VPN router.

Things To Consider When Setting Up A VPN Router

  • Cost – You’ll need to buy a decent router and VPN subscription. However, the cost of a VPN router may vary depending upon the option you choose.
  • Speed – It is one very important factor that needs to be considered to ensure that there are no server overloads, network disruptions or snags etc.
  • Features – The way you plan to use your VPN router determines which firmware & VPN service you need to go with. Although it is very important to make sure that it is up to date, fast, reliable, secure and enforces policy based routing.

For more information about VPN routers, call Centex Technologies at (254) 213-4740.

, ,

No Comments

All About Cryptocurrency


PDF Version :  All-About-Cryptocurrency-Scams



, ,

No Comments

What Is Fileless Malware Attack?

Gone are the days when the only way to inject a malware was through malicious files sent in emails. Nowadays, fileless attacks are taking over the toll and are becoming more common. According to The State of Endpoint Security Risk Report by Ponemon Institute, 77% of the total compromised attacks in 2017 were fileless.

Fileless malware attack as the name suggests do not need installation of a malicious software to infect the victim’s machine. It is also known as zero-footprint, non-malware, macro attack etc. as unlike traditional malware it takes advantage of the vulnerabilities existing on the user’s device. It usually exists in the computer’s RAM and uses common system tools such as Windows Management Instrumentation, PowerShell etc. to inject the malware.

Since they are not injected through a file, it is often very difficult to prevent, detect & remove the malware. However, the loss can be minimized to a great extent if you reboot your device as RAM can be exploited only if the device is on.

Features Of Fileless Malware

  • It is difficult for antivirus software’s to detect the malware as it is not based on an identifiable code or signature.
  • It is a memory based malware.
  • It can be paired with other types of malwares as well.
  • Fileless attacks evade whitelisting (the practice by which only approved applications are allowed to be installed on a system).
  • Processes that are native to the operating system are generally used in order to initiate an attack.
  • It generally takes advantage of approved applications that are there on your system.

How Does It Work?
Such an attack maybe launched through a variety of ways. You might mistakenly click on a banner ad that shall redirect you to a legitimate looking malicious site which may load Flash on your system. Flash in turn will compromise the Windows PowerShell. This in turn might download a malicious code from a botnet and send the data to hackers.

How To Detect?

It is usually difficult to detect a fileless malware attack since it is not launched through files. However, there are certain warning signs that one needs to take a note of.

  • Unusual network patterns
  • Compromised memory
  • Unusual snags

Ways To Protect Yourself From Fileless Malware Attack

  • Updating your current software on a regular basis.
  • Keeping a tab on your network traffic.
  • Disabling PDF readers from activating JavaScript
  • Uninstalling or disabling features that you do not use.
  • By enhancing your end point security.
  • Adopting safe practices to use PowerShell.
  • Disabling Flash
  • Employing password vaults & strengthening user authentication.
  • Cognizing employees about the attack in order to combat the threat.

For more information about IT Security, call Centex Technologies at (254) 213-4740.


No Comments