Archive for June, 2019

Surprising Places Where Hackers Hide

Though most of the businesses follow the basic IT security protocols like using strong passwords, installing updated security solutions and blocking unauthorized access; there is a constant increase in number of hacking instances. Nowadays, hackers utilize diverse mediums to serve as an entry points to infect a system or network and initiate widespread attacks. It is important to be aware of these entry points in order to develop effective cybersecurity strategies.

  1. Off-brand Apps: Some apps may not be available on certain operating systems. Hackers design off-brand apps with similar features and offer them for download on these operating systems. Once a user installs this app, the system is compromised and hackers gain access to his personal data like login details,  photos, videos, etc. An example of such attack is the phishing attack that targeted Snapchat users. Hackers sent a link to users via a compromised account. This link pointed to a mobile site that was designed to look like Snapchat login page. As the users entered their login information, the details were copied and saved by the hackers. The stolen login information including passwords of affected users was then publicly posted on a phishing site.
  2. Home Appliances: Hackers now use home appliances like smart refrigerators to launch an attack. The smart home devices are generally factory configured including a preset password. It is common for users to forget to reset or personalize their password which makes them an easy target for hackers.
  3. Your Car: Most cars are installed with wireless or Bluetooth connectivity. The system enables users to enjoy benefits like keyless entries, remote start, navigation, etc. These features collect data like locations saved in navigation system, location where car is parked and other such vulnerable data. Car manufacturers tie up with third party data storage companies to store this personal information of users. This provides an opportunity for hackers to breach the system and steal the data.
  4. Cash Register: Hackers steal payment card details of customers by using POS Malware. When a card is swiped to make the payment, the payment card data is encrypted. The data is then decrypted in RAM of processing device to complete the payment. POS Malware attacks inefficiently secured systems to steal the payment card details from their RAM. The unencrypted data is then sent to the hacker. Stolen card details are then sold by the hackers.
  5. Fax Machine: The communication protocols of fax machines offer security vulnerabilities that can be used as loopholes by the hackers to launch widespread cyberattacks in organizations. Hackers create a colored jpeg image file coded with any type of malware. The coded image is sent to a target fax device where the image is decoded and saved into fax-printer’s memory. The malware can now spread over any network to which the fax printer is connected.

For more information about cybersecurity risks, call Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Understanding Software Supply Chain Attacks

PDF Version: Understanding-Software-Supply-Chain-Attacks

, , ,

No Comments

SpeakUp: A New Malware Threat

SpeakUp is a backdoor Trojan which originally affects Linux distributions and MacOS systems. However, the scope of SpeakUp attack includes any server running ThinkPHP, Hadoop Yarn, Oracle WebLogic and Apache ActiveMQ. It has been named after its command-and-control domain ‘SpeakUpOmaha[dot]com’. SpeakUp exploits remote code execution vulnerabilities to propagate internally within the infected subnet and across new IP ranges. It downloads miners in the infected systems for unauthorized cryptomining.

Mode Of Infection: For introducing the infection vector, SpeakUp takes advantage of the CVE-2018-20062 vulnerability of ThinkPHP. It is a remote command execution vulnerability.

  • The hackers use GET request to send malicious code to the target server. It acts as a PHP shell that executes commands sent by the module parameter in a query.
  • Another HTTP request is sent to the target server to serve as Perl backdoor. It is a standard injection which pulls the Intelligent Input Bus (ibus) payload and stores it on a different location.
  • An additional HTTP request is then sent for launching the backdoor. This request executes the Perl script and deletes the files for eradicating evidence.

Registering A New Victim: On victimizing a server, SpeakUp communicates with its command-and-control domain via POST and GET requests. It uses POST request over HTTP to send the victim ID, current version of installed script and other information to the C&C domain. The domain sends “needrgr” response to the request indicating that it is a new victim & requires registration. The Trojan then forwards complete information of the victim system by running a series of Linux commands.

Functions And Tasks: After registering the victim, the Trojan communicates with its C&C domain at regular intervals known as ‘Knock Interval’ which is 3 seconds. C&C domain commonly uses following commands:

  • “newtask”: It commands the Trojan to execute a code, download & execute a file, uninstall the program and send updated information.
  • “notask”: The command indicates that the Trojan should sleep for ‘Knock Interval’ of 3 seconds and then request for a new task.
  • “newerconfig”: This command indicates the Trojan to update the miner configuration file.

The Trojan defines 3 User-Agents. A User-Agent is a Python library that provides a way to detect devices such as mobile, tablet or a PC. The User-Agents defined by SpeakUp include two MacOS X User-Agents and a hashed string.
Propagation: For further propagation, SpeakUp is loaded with an additional Python script which allows the Trojan to identify, scan and infect other Linux servers within internal & external subnets.

For more information on malware threats and to know how to secure your IT system, call Centex Technologies at (254) 213-4740.

, ,

No Comments

Emerging Data Security Technologies

There has been an exponential increase in cyber-attack instances across the globe. This has led to a need for more advanced data protection and cyber security solutions which can defend organization’s IT systems and can protect business and consumer’s data. In such a scenario, newer technologies play a very important role in providing state-of-the-art data security solutions.

Some of the prominent technologies that are giving rise to possibilities of better data security in future are:

  1. Hardware Authentication: It is easier for hackers to get access to information systems due to inadequate passwords and usernames. This compromises sensitive data and urges the experts to come up with strict authentication methods. One of the ways, to accomplish this, is the development of user hardware authentication. Hardware authentication can be particularly essential for Internet of Things where it is important to ensure that any device seeking connectivity has the authorization to do so.
  2. User Behavior Analytics (UBA): It is a cybersecurity process that detects threats, targeted attacks and financial frauds. It gains information about network events like any kind of malicious behavior by attackers, unauthenticated usernames and passwords, etc. UBA is a valuable tool to train employees for adopting better security practices.
  3. Data Loss Prevention: Encryption of data can protect it on field and sub-field levels. Though any business process can be performed on encrypted data in its protected form, the attackers cannot monetize data even if they conduct a successful breach. For data loss prevention to work well, enterprises should ensure compliance to data privacy and security regulations.
  4. Cloud Technology: Transformation of system security technology will be impacted significantly through the cloud. Users have embraced cloud technology to store vast amount of information that is generated on daily basis. Migration from on-premise data storage and development of information systems security to be used in the cloud is emerging gradually.
  5. Deep Learning: Technologies like deep learning consist of artificial intelligence and machine learning. Experts have a significant deal of interest in these technologies for the purpose of system security. They focus on anomalous behavior as whenever AI and machine learning are fed with right data regarding a potential security threat, decisions are made to prevent attacks depending upon immediate environment without human input. Deep learning techniques have made it possible to analyze different entities that are found in an enterprise both at micro and macro level.

Combination of these new technologies and fundamental security controls can help in ensuring that the confidential information of an organization is safe. For more information on emerging data security technologies, call Centex Technologies at (254) 213-4740.

, , , ,

No Comments