The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 34 of 75

Gap Between Traditional EDR & Modern Threats

By

On May 15, 2019

In Security

The term End Point Detection & Response (EDR) was first coined by Anton Chuvakin in July 2013. It is used to define ‘the tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints’.

EDR works by collecting data related to endpoint events using a software. This data is sent to a centralized database where further analysis, investigation & reporting is conducted by analytical tools. These tools pay heed to both internal as well as external threats. They respond to these threats while identifying the upgrades required for strengthening the organization’s cyber security. The traditional EDR tools have been successful in creating visibility and remediation of stealthy threats. However, the cybercrimes have evolved and this has led to a need for better and evolved EDR tools.

Following are some gaps between traditional EDR and modern threats that have given birth to the need for next-generation solutions:

  1. EDR requires cloud connectivity and an analyst has to wait for cloud response to take action. This results in a delay in protecting end devices. However, the cyber threats no longer target a single user and are capable of spreading over the entire organization, encrypting data and removing traces of attack in mere seconds.
  2. The attackers make use of tools already available on a computer to incorporate scripts that run directly in the memory. These in-memory file-less attacks do not leave behind a trail and may not be detected by traditional EDR tools.
  3. To provide visibility, EDR creates a high amount of data and analysis; thus, these solutions are not scalable and require extensive resources like bandwidth, skilled workforce, etc.
  4. EDR does not provide visibility into lateral network. If a threat makes its way into organizational network, it can move through connected devices and covertly communicate with a remote control server without being detected or interrupted.

In the world of ever developing cyber threats, it has become important to make a shift towards next generation EDR solutions that make use of artificial intelligence to detect threats in real time. It is advisable to use a collaboration of various security solutions to create a multi-layer cyber security shield. New EDR solutions offer wider features:

  • Detect and prevent hidden exploits that are more complex than a simple hash signature.
  • Visibility throughout applications, endpoints, processes & communications to detect malicious activity.
  • Automation of alerts & defensive responses once an attack is detected.
  • Threat intelligence and forensic capabilities to gain information about movements of the attacker in the network.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

What Is Scareware?

By

On April 30, 2019

In Security

Scareware is a malicious software that tricks the users and directs them to a malware infested website. It usually comes up in the form of a pop-up and appears as a legitimate warning from an antivirus company. The pop up displays the information that users must purchase the software to fix the problem. Scareware creates a perception of threat and manipulates users to buy a fake software. The fake software could be a spyware which collects user’s personal data for further gains.

How Is It Conducted?

Step 1: A pop-up appears on the website with a note that a virus has been found in the system and a software needs to be downloaded in order to get rid of it.
Step 2: Once the user clicks on the download button, a scareware attack is launched & a malware is installed on the user’s system.
Step 3: The cyber-criminal gains access to the victim’s private data and exploits it for his benefit.

Ways In Which Scareware Can Infect The System

  • Through a greeting, lottery or news alert email
  • Advertizements
  • Pop-ups with a message like- scan your system or a virus has been detected in you system
  • Affected websites that take advantage of software vulnerabilities

What Can A Scareware Attack Do?

  • Trick you to pay money for a fake antivirus software
  • Control your device and use it for sending spam
  • Access your confidential bank details and record your keystrokes

Ways To Protect Yourself From A Scareware Attack

  • Typically, a scareware gets into your system though a pop-up. You can minimize the risk of scareware by turning on the pop-up blocker.
  • It is always advisable to use the latest version of the browser; so make sure that your browser is regularly updated for any security patches.
  • Make sure that you install a reputed antivirus software on your system and also keep it updated.
  • Restart the computer if your system is responding slowly or you come across something unusual.
  • Prefer reading emails in plain text.
  • Never open emails sent from unknown sources.
  • Do not click on any link on an unsecured webpage. Chances are that the warning pop-up is a malicious link that will install virus in to your system.
  • Never allow the browser to save your login details and passwords.

In order to protect yourself from such cyber-attacks, it is important to understand how they operate. Also, be wary of clicking on any pop-up while browsing.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

Tips to Secure Data Access

By

On April 29, 2019

In Security

PDF Version: Tips-to-Secure-Data-Access

Understanding LeakerLocker Ransomware Attack

By

On April 26, 2019

In Security

LeakerLocker is a ransomware that affects mobile devices running on android platform. Unlike other mobile ransomwares that encrypt user data, LeakerLocker Ransomware doesn’t encrypt your data but locks your screen. Cybercriminals claim that the user’s private & confidential information will be transferred to their secure cloud and sent to the victim’s phone contacts if he fails to pay a ransom amount.

The mobile malware research team at McAfee identified the LeakerLocker ransomware on July 7, 2017. It was spotted that the ransomware was spreading via two apps:

  • Wallpapers Blur HD
  • Booster & Cleaner Pro

The apps function like any legitimate app; however once installed, a malicious code is loaded via a command-and-control server. When the access permission is granted, the code collects sensitive data from the user’s phone and blackmails him against it.

What Type Of Data Is Collected?

  • Personal photos
  • Contact numbers
  • Sent and received SMS
  • Phone call history
  • Facebook messages
  • Chrome history
  • Full email texts
  • GPS location history

How To Protect Your Device From LeakerLocker Ransomware?

  • Install An Antivirus Software: Protect your phone from any ransomware attack by installing a reputed antivirus software. These software scan the websites as well as apps to ensure that they are safe and do not contain any type of malware.
  • Update Your Phone: Make sure that you check your phone for android system updates available and download them regularly.
  • Back-up Your Files: It is important to back-up your files regularly to recover them in case of any data loss. You can back-up the information to the cloud or store your data on an external hard drive.
  • Don’t Download Apps From Unknown Sources: Whenever you download an app, make sure that you download it from a trusted source. Avoid downloading third party apps as they may pose a security threat. Also change your system settings and disable them to perform unofficial app installations.
  • Ignore Pop-Up Installations: Be wary of pop-up installations and avoid installing an update or plug-in.
  • Know Before Clicking On A Link: Make sure that you do not click on any links which you receive via an email or text from an unknown source.
  • Check The App Reviews: Read the reviews before downloading any app and also ensure that it is from a reputable developer. Do not download the app if you find something suspicious in the comments

For more information about ransomware attacks and ways to protect yourself from them, call the team of Centex Technologies at (254) 213-4740.

Security Risks Concerning Virtual Personal Assistants

By

On April 17, 2019

In Security

VPA (Virtual Personal Assistant) software application follow commands of a user intelligently and performs a variety of tasks such as searching information on the web, scheduling an appointment, monitoring health data, initiating online shopping, searching for addresses & location, etc. Also known as Intelligent Personal Assistant (IPAs); Siri, Google Now, Alexa, Cortana, etc. are the most commonly used ones.

Although Virtual Personal Assistants are of great use, there are certain security risks concerning them. Here we have discussed the most prominent security threats associated with VPAs

  • Eavesdropping: A VPA is programmed to follow voice commands. So, it passively listens to everything being said, if the user forgets to turn it off when not in use. Thus, it ends up collecting user’s voice data without his knowledge. This recorded data always poses a risk of hijacking because cybercriminals might collect & use it unlawfully.
  • Vast Exposure Of Personal Information: VPAs resort to different databases on the web in order to respond to user’s query. Although it is highly convenient, it can pose a serious security threat.
  • Data Theft: VPA keeps a track of the user’s activity and stores that information on the device as well as a remote database. When an VPA hijacker gets hold of this information, he can extract the data and exploit it to offend the user.
  • Voice/Audio Hijacking: This technology recognizes voice to take commands. Even though it understands different words & their pronunciations, it does not distinguish the voices of different users. This can be used against the user, as an impersonator might command the VPA to perform tasks that may harm the user. Even if it recognizes the user’s voice, there is a possibility that a cybercriminal might use the actual user’s voice recording and issue commands to the VPA.
  • Remote Malware Downloading: A compromised VPA might be instructed to visit certain sites containing a malicious link. Once clicked, this link installs a malware in the device which continues to operate & damage the device remotely without the user’s knowledge.
  • Undertake Tasks Autonomously: Users might register automated commands with a VPA. This can be exploited by the hijacker to victimize the user.  For example, the user may direct his VPA to pay his phone bill every month. The VPA further takes the command and connects it to an authorized payment gateway. If the VPA is compromised, the hacker might dismiss the bill payment and transfer funds to his remote account.

There is no denying the fact that virtual personal assistants provide numerous benefits. However, it is important to stay cautious in order to avoid security risks.

For more information about IT, call Centex Technologies at (254) 213-4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)