Archive for category Security

Most Dangerous Virus & Malware Threats Of 2020

Cyber criminals keep on evolving virus and malware to make them advanced and more dangerous. This allows them to target new vulnerabilities and operating system versions. To keep the business network secure, it is important for businesses to have in-depth information about new virus and malware. This knowledge comes handy in creating strategies to protect the systems against these virus & malware.

So, here is a list of most dangerous virus & malware threats of 2020 to help businesses understand and strategize against these cyber attacks:

  • Clop Ransomware: Clop is a variant of CryptoMix ransomware that targets Windows users. Clop ransomware blocks the Windows processes and disables multiple Windows applications including Windows Defender and Microsoft Security Essentials. Once these applications are blocked, the ransomware encrypts the data files on the target system and demands ransom in exchange of decryption key.
  • Fake Windows Update (Hidden Ransomware): Cyber criminals have been taking advantage of the need for installing latest Windows updates. The latest ransomware makes use of phishing email that instructs users to install urgent Windows update. The email contains ransomware ‘.exe’ files that are disguised as Windows update link. The ransomware, known as ‘Cyborg’, encrypts all the files and programs and demands a ransom payment for decrypting the files.
  • Zeus Gameover: It is a part of Zeus family of malware and viruses. The piece of malware is a Trojan that accesses sensitive bank account details to steal the funds. This variant of Zeus family does not require a centralized “Command & Control” server. It can actually bypass centralized servers and create independent servers to send sensitive information.
  • RaaS: It is also known as “Ransomware as a Service” is a growing industry. People can hire a hacker or team of hackers to perform the attack for them. These services can be used by people with zero prior knowledge of coding to carry out dangerous cyber attacks.
  • Fleeceware: It is a type of malware that continues to charge large amounts of money to app users, even after they have deleted their accounts from the app. Although, this malware doesn’t infect or encrypt any user files, it is still a shady practice used by app developers wanting to cash on unsuspecting users.

For more information on latest cybersecurity techniques, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments

Everything You Need To Know About Click Fraud

As the number of organizations investing in digital marketing is increasing, there has been an increase in fraudsters trying to take advantage of digital marketing platforms to drain revenue from such organizations. Click fraud is an example of frauds based on digital marketing and occurs on PPC online advertizing.

Let Us Understand The PPC Concept-

PPC or Pay-Per-Click is an online advertizing campaign. An organization contacts relevant websites, bloggers, influencers, etc. to place its ad on their page to attract target audience. When a user clicks on the advertizement, he is redirected to the landing page of the advertizing website resulting in higher lead generation. The website that places the ad on its page is paid a certain amount for every user that clicks on the advertizement.

What Is Click Fraud?

A click fraud is a technique that is used to falsely increase the number of clicks on a PPC ad. In other words, a click fraud or ‘invalid clicks’ (as termed by Google) is when a paid advertizement is intentionally clicked repeatedly. Higher the number of clicks on the ad, higher is the amount paid by the advertizer to the host website (where the ad is posted). The aim of a click fraud is to either generate higher revenue for the host website or drain revenue from the advertizer. One of the common techniques employed in click frauds is the use of click bots.

What Is A Click Bot?

A bot is a software that operates on the internet and is used to perform repetitive tasks. Click bots are used by the fraudulent websites to repetitively click on advertisements posted on their website in order to increase the number of clicks.

How Does Click Fraud Impact The Advertizer?

A click fraud impacts an advertizer in numerous ways:

  • It costs an advertizer higher PPC cost.
  • It drains a business of investment money that could be used for other business development tasks.
  • It results in inaccurate results from PPC campaign data analysis leading to misinformed critical marketing decisions.

How To Fight Against Click Fraud?

  • It is common for competitors to launch click fraud attacks to impact each other’s marketing campaign. In order to avoid this, search Google for keywords relevant to your niche and identify your competitors. After identifying the major competitors, use tools like ClickForensics, AdWatcher or ClickDefense fraudulent ad clicks.
  • Closely monitor your campaigns using different tools. It will give you a fair idea of how the campaign is performing in relevance to your campaign goals.
  • Some websites may offer low PPC rates; however be vigilant to choose high-value sites. Thoroughly research the websites to find a relevant & suitable site that is full of potential customers.
  • Employ bot management to identify fraud bots and block them from an application/website.
  • You can also invest in fraud prevention software that are specifically designed to spot and avoid click frauds.

For more information on Ads management and click-fraud prevention, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

What Is Maze Ransomware?

Maze is a sophisticated version of Windows ransomware that was discovered in May 2019. The ransomware was previously known as ‘ChaCha ransomware’. The goal of the ransomware is to crypt the files it finds on an infected system and demand a cryptocurrency payment in exchange of safe recovery of the encrypted data.

What Makes Maze Different?

Like other ransomware, Maze is capable of spreading across a corporate network and infecting all the computers connected to the victim network. It encrypts the data files in order to render them useless safely recovered.

However, what sets it apart from other ransomware is its ability to steal the data on infected systems and send it to servers controlled by the hackers. This allows hackers to threaten the victim organization to release its documents in case the ransom is not paid.

Thus, even if an organization uses a back up to retrieve the files, it is still obliged to pay the ransom to prevent public release of its documents.

The Maze hackers maintain a website where they list their clients (term used for victims who fail to pay the ransom). The website includes details such as name of the victim, when their computer systems were infected, links to download stolen data as “proof” and convenient buttons to share the details of breach on “social media”. The hackers have no reservations about offering uncensored downloads of stolen data that can damage an organization’s reputation.

How Does Maze Ransomware Work?

Maze ransomware makes use of different techniques to gain entry into a network. Some techniques include-

  • Use of exploit kits such as Fallout and Spelevo
  • Remote desktop connections with weak security
  • Email impersonation (the email contains a word attachment that uses macros to run the malware in the system)

The malware is a 32 bits binary file that is usually packed as an EXE or DLL file.

The malware encrypts the files in an easy step-by-step process:

  • Locate the file using “SetFileAttributesW” function & “FILE_ATTRIBUTE_ARCHIVE” attribute.
  • Reserve memory to the file with a call to “Virtual Alloc”.
  • Open the file with read and write permissions.
  • Get the file size with the “GetFileSizeEx” function.
  • Create a file mapping.
  • Generate a random key of 32 bytes with the function “CryptGenRandom”.
  • Generate a random ‘Initialization Vector (IV)’ of 8 bytes with the function “CryptGenRandom”.
  • Reserve 264 bytes of memory with the function “VirtualAlloc”.
  • Generate a new random extension for the victim file.
  • Crypt the file.
  • Write this new block with the key and IV to decrypt at the end of the file.
  • Rename the file with the function “MoveFileExW”.
  • The image of the file is unmapped, and handles closed.
  • The process is repeated with new files.

When all files are crypted, the wallpaper of the system is switched with a note to inform the user about the attack.

Maze also has a chat function to contact the hackers and receive the information about payment details.

For more information on IT security, contact Centex Technologies at (254) 213 – 4740.

, ,

No Comments

Types Of Data Security

Data security refers to a set of standards, protocols, and techniques that are focused on protecting personal or organizational data from intentional or accidental destruction, modification, and disclosure. Different technologies and techniques can be applied to ensure data security. These techniques include administrative controls, physical security, logical controls, organizational standards, etc.

In order to choose the right data security protocols, it is important to understand different types of data security.

Authentication: It is the process of validating a registered user’s identity before allowing access to protected data. It is used in conjunction with authorization; the process of validating that the authenticated user has been granted permission to access the requested resources. Authentication involves a combination of ways to identify a user, such as passwords, PINS, security tokens, a swipe card, or biometrics.

Access Control: Authentication and authorization happen through access control. It is a method of guaranteeing that users are whom they say they are and that they have the appropriate access. Access control systems can include-

  • Discretionary Access Control (DAC) assigns access rights based on user-specified rules.
  • Mandatory Access Control (MAC) assigns user access based on information clearance.
  • Role Based Access Control (RBAC) grants user access based on the user’s role and implements key security principles such as ‘least privilege’ and ‘separation of privilege’.
  • Attribute Based Access Control (ABAC) assigns a series of attributes to each resource and user. The user’s attributes such as time of day, position, location, etc. are assessed to make a decision on access to the resource.

Backups & Recovery: An efficient data security strategy requires a plan for how to access the organization’s data in the event of system failure, disaster, data corruption, or data breach. This puts an emphasis on regular data backups. It involves making a copy of the data and storing it off-site or in the cloud. Also, it is important to formulate proper recovery protocols.

Encryption: Data encryption involves the translation of data into another form, or code so that it is accessible only by the authorized personnel who have the decryption key. However, it is highly important to ensure the security of decryption keys, critical management systems, and off-site encryption backup.

Data Masking: This type of data security involves the masking of original data by obscuring letters or numbers with proxy characters. The data is changed back to its original form by software only when it is received by an authorized user.

Tokenization: In this case, sensitive data is substituted with random characters that cannot be reversed. The relationship between data and its token values is stored in a protected database lookup table.

For more information on types of data security, contact Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

Dictionary Attack: What Is It & How To Prevent It?

A dictionary attack is a type of identity breach where the hackers steal the password of the victim to gain access to personal or corporate information.

What Is A Dictionary Attack?

  • It is one of the cyber attacks where cyber criminals take advantage of the user’s habit of using common dictionary words as a password. Most internet users have a tendency to use simple or easy to remember words and phrases as their passwords.
  • In simpler words, it is an attempt to gain unauthorized access to a computer system or user account by using a large set of words to generate a potential password.
  • The traditional approach used by the hackers involved multiple attempts by making use of common words found in the dictionary. However, the attack has now evolved and the attackers make use of databases that include common dictionary words and passwords leaked in previous attacks to crack the password.
  • Some software are also available that help in cracking a password by using the password databases and producing common variations. In contrast to a brutal force attack, a dictionary attack tries only the password possibilities that are considered to be most likely to succeed.

Pre-Computed Dictionary Attack:

It involves pre-computing a list of hashes of common dictionary words these hashes are stored in a database. Once completed, the pre-computed database can then be used anytime to instantly lookup for the password hashes to crack the corresponding password. Although a lot of time is consumed in preparation, the actual attack can be executed faster than a simple dictionary attack.

Common Cracking Software Used In Dictionary Attack:

  • Burp Suite
  • Crack
  • Ophcrack
  • Cain and Abel
  • Aircrack-ng
  • John the Ripper
  • LophtCrack
  • Metasploit Project

How To Prevent A Dictionary Attack?

In order to prevent a dictionary attack, following steps can be helpful:

  • Change the security settings to lock the account after reaching a maximum number of authentication attempts.
  • Use multi-factor authentication to log in.
  • Use special characters and extra syllables in the password.
  • Use longer passwords.
  • Avoid reusing old passwords.

For more information on what is a dictionary attack and how to prevent it, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments