Types Of Social Engineering Attacks

Social engineering is a broad term that is used to define a range of malicious activities that majorly rely on human interaction. These attacks often involve tricking people into breaking standard security protocols. The success of social engineering attacks is dependent on the attacker’s ability to manipulate the victim into performing certain actions or providing confidential information to the attacker. Social engineering attacks differ from traditional attacks as they can be non-technical and don’t necessarily require the attackers to exploit or compromise software or a network.

The best way to protect an organization from social engineering attacks is to educate the employees about different types of social engineering attacks. Here is a list of most common types of social engineering attacks –

  • Baiting: A baiting attack is conducted by the attackers by leaving a bait such as a flash drive, USB, or CD at a place, where it is likely to be found by an employee. The device is loaded with malicious software. The success of such attacks depends upon the notion that the person who finds the compromised device will plug it to a system. When the device is plugged to a system, the malware is installed. Once installed, the malware allows the attacker to gain access to the victim’s system.
  • Phishing: It is one of the most common social engineering attacks. The attack involves the exchange of fraudulent communication with the victim. The communication may be in form of emails, text messages, chats, or spoofed websites. The communications may be disguised as a letter from a financial institution, charity, employment website, etc. The communication contains a link and the victim is lured to click on the link to install a malware on his device. In other form of phishing attacks, the link may be used to collect victim’s personal, financial or business information.
  • Pretexting: This type of attack occurs when the attacker fabricates a situation that forces the victim to provide access to sensitive data or a protected system. Some common examples of pretexting attacks are the attacker pretending to require financial details of the victim to validate victim’s identity or the scammer posing as a trusted person such as IT employee to gain victim’s login details.
  • Quid Pro Quo: In such attacks, the scammer requests sensitive data from the victim in exchange for a desirable compensation. For example, the scammer may set up a form asking the users to fill in their information in exchange for a free gift.

For more information on types of social engineering attacks, contact Centex Technologies at (254) 213 – 4740.

, , , ,

Establishing Data Loss Prevention Policy

A data loss prevention policy defines how an organization can share data while ensuring the data being shared is protected. It also lays down the guidelines for using the data for decision-making without exposing it to anyone who should not have access to the data. In general terms ‘Data Loss Prevention Policy’ can be broadly defined as processes that identify confidential data, tracks data usage, and prevents unauthorized access to data.

Why Is It Important To Establish Data Loss Prevention Policy?

Before understanding ways to establish data loss prevention policy, it is important to understand the need for the policy. As the organizational setup has changed with an increase in number of remote employees and employees accessing the data on different devices, the risk of data loss has also increased.

Under these circumstances, there are three main reasons for setting up a Data Loss Prevention Policy:

  • Compliance
  • IP Protection
  • Data Visibility

Once the need for Data Loss Prevention is clear, it is time to understand the best practices to establish the policy.

Best Practices To Establish Data Loss Prevention Policy

  • Take time to understand and get an insight into the data. Classify the data according to its vulnerability and risk factors. Once classified, identify the data that needs to be protected and fabricate the data loss prevention policy around this data type.
  • Establish strict criteria for choosing data loss prevention vendors. Create an evaluation framework with right set of questions to choose effective data loss prevention solutions for the organization.
  • Identify the people who will be involved in the data loss prevention process and clearly define their rules. It is necessary to segregate the responsibilities of every individual and clearly convey the responsibilities to avoid data misuse.
  • Start by choosing the data set with highest level of priority and risk. Once an effective policy is set up to secure most critical data, build up on this policy to further secure other data sets as per their level of priority.
  • Educate all the employees on importance of data, sources of data loss, need for data loss prevention policy and steps to be taken in case of a data loss or breach.
  • Document the data loss prevention policy and make sure that every employee has a copy for reference.

For more information on establishing data loss prevention policy, contact Centex Technologies at (254) 213 – 4740.

, , ,

What Is Whaling Attack?

PDF Version: What-Is-Whaling-Attack

, , , ,

Understanding Everything About GoBrut

GoBrut is a computer virus written in Go programming language. The compilation of GoLang programs generates binaries that have all required dependencies embedded in them. It avoids the need of installed runtimes within the machine and simplifies the multi-platform support of Go applications.

Mode Of Infection

GoBrut virus infects Windows and Linux machines using ‘Brute Force’ method.

What Is Brute Force Infection?

A brute force attack is also known as brute force cracking. It involves a computer machine that tries different combinations of usernames and passwords until it finds the correct combination to unlock the victim machine or network.

There are different types of brute force attacks that can be used by GoBrut virus. Some common types are:

  • Dictionary Attack: The attacker uses a dictionary of possible passwords to guess the right password.
  • Exhaustive Key Search: The computer tries every possible combination of characters to find the correct password. The new computers can brute force crack an 8 character alphanumeric password (including capitals, lowercase letters, numbers, and special characters) in about two hours.
  • Credential Recycling: In this type of attack, the attackers use the leaked usernames and passwords from other data breaches.

The virus is mainly used to target servers running Content Management Systems (CMS) and technologies such as SSH and MySQL. Here is a list of commonly targeted platforms:

Content Management Systems

  • Bitrix
  • Drupal
  • Joomla
  • Magento
  • WordPress
  • OpenCart

Databases

  • MySQL
  • Postgres

Administration Tools

  • SSH
  • FTP
  • cPanel
  • PhpMyAdmin
  • Webhostmanagement

After-Infection Process:

  • After successful infection, the infected system becomes a part of the GoBrut botnet. It now requests work from Command and Control server of the botnet.
  • Once the work is received, the infected host will now bruteforce other systems on the network (mentioned in the work request sent by botnet owner).
  • This allows lateral spread of GoBrut virus in the network.
  • After gaining access to a machine’s credentials, the attackers may steal confidential information, photos or other private data.

As the virus uses brute force techniques to steal password, the machines using low-security passwords are at higher risk of infection. Thus, simple ways to protect a system or network from GoBrut virus are:

  • Use of strong and reliable passwords.
  • Regular update of passwords after short intervals.
  • Avoid use of common passwords for different systems.
  • Apply access control for remote logins across all services.
  • Update all services and plugins regularly to combat vulnerabilities.

For more information on the GoBrut virus, contact Centex Technologies at (254) 213 – 4740.

, , , , ,

What Is A Trojan And How To Protect Against It?

A Trojan Virus or Trojan Horse virus is a type of malware that impersonates legitimate files or programs for conceding its true contents. The payload hidden in the Trojan Virus remains unknown to the target user and can act as delivery vehicle for a variety of threats. Unlike normal viruses, a Trojan virus is capable of replicating itself.

Types Of Trojan Virus

Common types of Trojan Virus are:

  • Backdoor Trojans – This type of Trojan Virus allows hackers to remotely access and control a computer for uploading, downloading, or executing files.
  • Exploit Trojans –These Trojans inject a machine with code that is specifically designed to take advantage of vulnerability inherent to a specific piece of software.
  • Rootkit Trojans –These Trojans prevent the discovery of malware already infecting a system so that it can cause maximum damage.
  • Banker Trojans –This type of Trojan Virus specifically targets personal information used for banking and other online transactions.
  • Distributed Denial of Service (DDoS) Trojans – These Trojans are programmed to execute DDoS attacks, where a network or machine is disabled by a flood of requests originating from different sources.
  • Downloader Trojans –These are files written to download additional malware, often including more Trojans, onto an infected system.

Detecting A Trojan Virus:

Some common telltale signs of infection by a Trojan Virus are:

  • Poor Device Performance
  • Strange Device Behavior
  • Pop-Up & Spam Interruptions

If the system exhibits any of these behaviors, it is possible that system is infected with a Trojan Virus. Here are some ways to detect the Trojan:

  • Search the system for programs or applications you don’t remember installing.
  • If you find any unrecognized file names, search online for these file names to check if they are recognized Trojans
  • Scan the system with antivirus and antimalware software to see if it detects a malicious file.

Defending Against Trojan Virus

As preventive measures, stick to following practices to defend your system against Trojan Virus:

  • Install an effective internet security solution
  • Refrain from downloading or installing software from a source you don’t trust
  • Never open an attachment or run a program sent in an email from an unrecognized address
  • Keep all software on your computer up to date with the latest patches for avoiding vulnerabilities
  • Make sure a Trojan antivirus is installed and running on your system
  • Run regular system scans

For more information on Trojan Virus, contact Centex Technologies at (254) 213 – 4740.

, , , ,