The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Pharming Attacks: What Are They And How To Protect Yourself

By

On January 23, 2017

In Security

23 January, 2017

Pharming attacks are network based intrusions whereby visitors of the target website are redirected to a hacker controlled web server. It may occur when a user clicks on a link or types the website URL in the browser’s address bar, which takes him to a fake portal that looks similar to the one that he intended to visit. The attack may involve compelling the user to enter his username, password or other personal information in the fake website. At times, simply visiting the website may compromise the security of the system.

How Are Pharming Attacks Carried Out?

The hackers mainly use the following two methods for carrying out a pharming attack:

DNS Cache Poisoning

In this type of pharming attack, the hacker breaches the DNS server to change the IP address of the legitimate website. With this, if the user types in the URL ‘www.abc.com’, the computer sends a query to the DNS server, which returns the IP address of the bogus website ‘www.abc1.com’. The user believes the website to be original and continues browsing.

In order to facilitate faster access, the server automatically caches the web documents to reduce page load time when the website is accessed later. As a result, the user will be repeatedly routed to the fake website even if he types the correct URL.

Hosts File Modification

The hosts file is a plain text file stored in the computer’s operating system and comprises of different IP addresses as well as hostnames. A pharming attack may involve changing the local host files on a user’s computer through a malicious code sent in an email. With this, the user gets redirected to a fake website when he types in a URL or clicks on an affected bookmark entry.

Tips To Prevent Pharming Attacks

  • Make sure you do not delay updating the operating system and software applications installed on your computer. This will fix any security vulnerabilities and prevent hackers from gaining unauthorized access.
  • When visiting a website, cross check to detect any spelling mistake in the domain name. The hackers may redirect you to a fake website that has a similar URL. For instance, web traffic to ‘www.abc-xyz.com’ may be routed to ‘www.abc_xyz.com’ or ‘www.abc.xyz.com’
  • If you are required to enter your personal or sensitive information in a website, the URL should change from ‘http’ to ‘https’. You should also verify the certificate of the website. Check if it carries a secure certificate and uses encryption for all transactions.

For more information on pharming attacks, you can contact Centex Technologies at (855) 375 – 9654.

Application Security Testing Checklist

By

On January 16, 2017

In Security

16 January, 2017

Web applications have provided a convenient way for businesses to offer better services to the customers. However, security is one of the biggest concerns while developing an app as even a minute vulnerability can provide a backdoor for the hackers to initiate a malicious attack. It is important to have a strategic testing procedure throughout the app development process. The process involves an in-depth analysis to identify the technical flaws or security vulnerabilities in the app and subsequently repair them. It ensures that the app can adequately protect important data and serve its intended functionality.

Given below is a complete checklist for application security testing:

Threat Modeling

Threat modeling is the first and most crucial step in testing a web application’s security. It involves analyzing the application bit-by-bit to map down the entry points, data flow and identify the exact location of the existing vulnerabilities. Thread modeling also includes ranking the vulnerabilities in order of severity and devising suitable countermeasures for the same.

User Authentication

Proper authentication mechanism is important to eliminate the risk of a brute force attack, making sure that only the authorized users and servers can have access. It should be verified that account suspension mechanism is working accurately and triggers a lock-out after repeated failed login attempts. Testing can be done by entering wrong combinations of username password till the account gets locked.

Access To Application

After the user’s login credentials have been authenticated by the application, the next thing to determine is the type of data he can or cannot access. Superfluous elevated rights can pose a risk of data breach. You can create multiple user accounts and set different access rights for each of them. After this, login with all the accounts and try to access the modules, screens, forms as well as menus. If any security issue is found, it needs to be corrected immediately.

Session Management

Session hijacking attacks are quite common in web applications. Hackers may attempt to steal the cookies of an already authenticated session to get control of the user’s access rights. In another form of session hijacking, the hacker may also passively capture the login credentials of the user. In order to protect the app users’ information, make sure that the cookies do not contain any sensitive information. Also, the session IDs should be unique and generated randomly after authenticating the user’s identity.

Contact Centex Technologies for more information on application security testing. We can be reached at (855) 375 – 9654.

Security Risks Of Typosquatting

By

On January 10, 2017

In Security

10 January, 2017

Typosquatting, also referred as URL hijacking, is a type of cybersquatting attack in which the hacker takes advantage of commonly misspelled alphabets in a website’s URL. When a user makes a typographical mistake, such as entering ‘g’ instead of ‘h’ due to the proximity of both keys on the keyboard, he may get redirected to a spam website controlled by the hacker.

Cybercriminals often create bogus websites that have similar design and layout as the target website. This is done to ensure that the visitors do not realize that they have landed on another website. At times, typosquatting attempts may be intended to promote a competitors’ product or service but, in most cases, they are initiated to serve a malicious purpose.

Typosquatting attacks may be aimed at:

  • Deceiving unsuspecting victims to reveal their personal identifiable information, such as username, password, social security number, bank account and credit card details. This may be done by compelling users to click on a pop-up advertizement that offers some sort of discount or giveaway.
  • Tricking users into downloading spyware, malware or other malicious program on the computer system. Once you install the application, it may breach your network security, steal important data or record the keystrokes.
  • Redirecting web traffic to a dating portal or competitor’s website.
  • Freezing the user’s web browser for fake tech support scams to extract money in exchange of fixing the problem.
  • Earning revenue by making users click on advertizements posted on the typosquat website.

How To Protect Against Typosquatting?

  • Be very careful while typing a website’s URL in the browser’s address bar. If you are not sure about the spelling of the website, cross check it on Google or any other search engine to avoid inadvertently landing on a fake website.
  • Do not open links sent in emails, particularly from unknown senders.
  • Bookmark the most frequently visited websites so you can easily visit them whenever required.
  • Get a comprehensive security software to protect against phishing attempts, spyware and malware attacks.
  • Do not register with the same password on all websites. This way, if you accidently reveal your credentials on one website, it won’t affect the security of other online accounts.
  • Business owners can consider purchasing multiple domain names similar to their primary URL to avoid being a victim of typosquatting.

For more details about the security risks of typosquatting and how to guard against them, feel free to contact Centex Technologies at (855) 375 – 9654.

Identifying An Advanced Persistent Threat

By

On December 27, 2016

In Security

27 December, 2016

Advanced persistent threats (APTs) pose a big network security challenge for the business firms. These forms of attacks are very well-organized and involve the use of phishing techniques to trick users into downloading a malware on to their computer systems. However, the ultimate objective of an advanced persistent threat attack is far more than compromising the network security. It aims at stealing valuable intellectual data of the company, such as project details, business contracts, patent information, sales data etc.

Advanced persistent threats generally work stealthily and can go undetected for long periods of time, which makes it even more important to employ the necessary security procedures. Though these attacks are difficult to detect, there are certain signs that indicate that your network has been compromised:

Presence of widespread backdoor Trojans

In an advanced persistent threat, the hackers install various backdoor Trojans to gain access to the target computer system, even if the log in credentials are changed. These Trojans are commonly deployed through social engineering techniques, mainly through a phishing email or drive-by download.

Unexpected information flows

If you suspect unexpected and enormous flow of information from your corporate network to other internal or external computer systems, this may indicate an advanced persistent threat. As these attacks are targeted at stealing confidential information about the company, even a limited amount of unauthorized data transfer should not be overlooked.

Increase in log-in attempts during late night

If you notice a sudden and extensive number of log-in attempts on your official email accounts, it may indicate an advanced persistent threat. This may be done to compromise the security of your entire corporate network. The hackers mainly breach accounts outside the normal working hours of your employees or late at night.

Use of pass-the-hash hacking technique

Pass-the-hash is a common hacking technique in which the cybercriminals aim to remotely connect to your company’s internal network by capturing the password hash of the admin account. With this, they can gain an easy access to the entire network, without having to breach the original password.

Unexpected data bundles

Advanced persistent threats often accumulate the confidential data inside the network before transmitting them to the hacker. The data may be found in an unidentified file or folder where it should not be ideally stored. The files are most often saved in a compressed or archived format.

We, at Centex Technologies, are a leading IT security consulting firm in Central Texas. For more information and prevention tips for advanced persistent threats, you can call us at (855) 375 – 9654.

The Different Types Of Web-Based Attacks

By

On December 20, 2016

In Security

20 December, 2016

With majority of the business operations being conducted online, web based attacks are continually on the rise. Cyber criminals devise innovative and more sophisticated techniques to exploit unpatched vulnerabilities in the web applications. The motive behind these attacks may be different, to steal a company’s sensitive information, display spam advertizements on the website or download malware to the user’s computer.

Discussed below are the different types of web based attacks:

Structured Query Language (SQL) Injection

SQL injection is a common technique that involves injecting a malicious code to alter the sensitive information in the website’s back-end database. It may also be performed to steal payment card details, username and password as well as insert spam links to the website. SQL attacks are quite easy to execute and can severely compromise the data security of a company.

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) can be defined as a client-side code injection attack in which the hacker injects a malicious script, predominantly JavaScript, in a legitimate website. As these scripts appear to be from a trusted source, they are often executed by the end users. This, in turn, allows the hacker to gain access to the cookies, session tokens, passwords and other sensitive information.

Drive-By Downloads

In this type of attack, the hackers tamper a web application with an HTML code that stealthily downloads a malware whenever a user visits the website. Once downloaded, the program may execute itself to record keystrokes, access important files, hijack online banking sessions or use the computer as a part of botnet.

Brute Force

Brute force attacks are mainly targeted attempts to decode a user’s login credentials. In this, the hackers use a trial and error method using different user names as well as passwords till they are able to identify the correct one. Creating strong passwords and limiting the number of invalid login attempts may help to prevent a brute force attack.

DoS And DDoS

Denial of service (DoS) and distributed denial of service (DDoS) attacks are carried out by flooding a website with traffic from multiple sources, making it unavailable for the genuine users. In a DoS attack, a single computer system may attempt to crash the target server with data packets. A DDoS attack is when multiple computers, widely distributed in a botnet, send simultaneous requests to slow down and ultimately halt the web server.

We, at Centex Technologies, can help to protect your corporate network from different web-based attacks. For more information, you can call us at (855) 375 – 9654.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)