PDF Version: More-About-Industrial-Espionage
Tag: Cyber Attack
In the wake of rising cyber-attacks, it has become important to be constantly vigilant as well as make efforts to protect data from CryptoWall and its variants. Detected in early 2014; CryptoWall is a nasty ransomware and some reports suggest CryptoWall 3.0 has caused damage of over 325 million dollars since its appearance. It encrypts the files available on the system and the cyber-criminals demand ransom to decrypt these files. The ransomware has been updated time and again and the threat hovers around in 2018 as well.
How Does It Work?
CryptoWall 3.0 uses RSA-2048 encryption to lock away your files and forces you to pay the ransom in order to decrypt them. Some variants of the ransomware have add-on features such as CryptoWall v4 not only encrypts the files but also the filenames thus disabling you to look up the filename to check if you have a file backup available. Whereas CryptoWall v5.1 is based on the HiddenTear malware that uses an AES-256 encryption which is quite different from its previous versions.
The ransomware can be distributed through a variety of ways, some of which have been listed below –
- Phishing Emails: Often the target victim is sent an email containing malicious files hidden in a zipped folder. As the victim opens the files, the malware is installed in the system. CryptoWall then scans the system for data files and encrypts them.
- Exploit Kits: The exploit kit takes advantage of the vulnerabilities in the operating system, applications used or websites visited to install the malware and thereby launch a ransomware attack.
- Advertizements: Malware can be installed into the system through malicious internet advertizements that are hacked by the cyber-criminals. These advertizements run JavaScript in the browser to download the malware. Most of the times the victim fails to notice that a malware has been injected into the system.
CryptoWall hides inside the OS and injects a new code to explorer.exe that installs the malware, deletes the volume shadow copies of your files as well as disables window services. It then runs throughout the system and communicates with Command and Control Server to receive an encryption key to encrypt the files. The encrypted files become inaccessible and can only be decrypted using the encryption key.
Post encryption, the victim gets a ransom note with instructions to pay certain amount of bitcoins as ransom to decrypt the files. However, most of the times it is a trap. A report by the CyberEdge Group reveals that only 19% of the ransomware victims actually got their files back.
How To Protect Against CryptoWall Ransomware?
- Update your Operating System timely and keep the applications patched
- Install an anti-virus scanner and update it regularly
- Use a firewall as it may prevent the connection between CryptoWall and home base
- Be wary of emails sent from unknown sources and never click on the links attached
- Always keep a backup of your files at a source other than your system
For more information about IT Security, call Centex Technologies at (254) 213-4740.
Cyber-attacks are increasing at a soaring rate. As per a report by Juniper Research, the average cost of data breach will exceed $150 million by 2020. Also, it is projected that cybercrimes will cost businesses over $2 trillion by 2019. The figures are alarming, and the businesses need to do something to prevent falling prey to a cyber-attack.
No wonder, better security and anti-virus systems are being designed but even the cyber-attacks are getting sophisticated & more complex with each passing day. Cyber criminals are finding one way or the other to infiltrate into the systems and get hold of private & confidential data.
In order to avoid falling prey to a cyber-attack, it is important to understand the life cycle of an attack. Following are the stages of a cyber-attack.
Step 1: Reconnaissance
Reconnaissance is often used in military and refers to the process of conducting a planned observation on the target area. Thus, before an attack is launched, cyber criminals tend to identify their target victim & explore the possible ways to exploit them. They gather sufficient information about the victim through various open sources such as business website, social media handles, etc.
Step 2: Scanning
Attackers often try to find a weak link which can act as an entry point. Once identified they infiltrate and tend to spread the malware throughout the system.
Step 3: Access
After identifying the vulnerability point in the target network, the next step in the process is to gain access to the system. Hackers plan the modus operandi of gaining the access and once successful they take over the network and exploit it.
Step 4: Exfiltration
When they have gained access to the system they are free to move around the network. They use this opportunity to gather the organization’s private & confidential information. They might also change or erase files for their benefit.
Step 5: Sustainment
After gaining an unrestricted access throughout the target network, they now tend to sustain in it quietly to avoid being caught before they have hands on the organization’s confidential information. They disguise their presence to maintain access so that there is no dependence on a single access point. This is done so that cyber attackers can come and go as per their choice.
Step 6: Assault
This is that stage of the attack when things get really nasty. It is generally too late for the victim organization to defend itself as the cyber criminals by this stage have taken full control of the network.
In order to mitigate a cyber-attack it is important to be able to control privileged access. Also make sure that you remove all the weak links and educate your employees to identify such attacks.
For more information, call Centex Technologies at (254) 213-4740.
Online crimes are on a consequent rise and every sector is vulnerable to it. However, corporate sector is at a high risk as there is a constant threat of data breach.
CEO Fraud is the recent cyber-attack that has taken a toll over business sector. Also known as Business Email Compromise (BEC), it is an attack in which the attacker masquerades his original identity. They often pose themselves as the CEO or any other senior executive of an organization and send emails to the staff members. They generally ask for confidential information or make you do something which should not be done otherwise.
Such attacks are launched after careful planning & research. Cyber-criminals often search the organizations website to gather information such as physical location of the business, employee details, business partners etc. They might also gather employee specific data from sites such as LinkedIn, Facebook, Twitter, etc.
After a thorough study of organization’s structure and dynamics they search for their targets as specific employees are targeted with a specific goal. For example, they might target accounts department if they seek some money related information, HR department if they seek employee info or IT department to access database servers. After determining exactly what they want, a phishing attack is launched. A well-drafted email containing a malicious link is then sent to selected people.
Emails in CEO fraud are crafted so realistically that it is often very hard for employees to detect that they are being tricked. Cyber-criminals might send you an email in the name of your CEO, senior executive or fellow employee with a company’s logo or seal. The text is written to initiate a sense of urgency so that the target victim in a rush to reply ignores the loopholes and provides necessary information asked for in the email.
Following are the three different things that can happen:
- Wire Transfer: The attacker might send an email to an employee in the accounts department posing as their boss to transfer some money in a particular account urgently.
- Passwords: Passwords to important logins may be asked through email.
- Tax Fraud: A cyber-criminal might send a fake email asking for certain employee information in order to conduct a fraud.
- Attorney Impersonation: The attack might also be conducted through a telephone. A cyber-criminal might email you posing as a senior official advising you to consult an attorney. Then he might impersonate as an attorney and call you to discuss an urgent matter. They trick you in passing on confidential information by creating a sense of urgency.
How To Prevent A CEO Attack?
- If you come across a rogue & suspicious email then inform everyone on the company’s radar so that they might be wary of it in future.
- Design policies & restrict data access to trusted employees only.
- Train employees on ways to identify phishing emails
- Consider multifactor authentication.
For more information IT security, call Centex Technologies at (254) 213-4740.
Gone are the days when the only way to inject a malware was through malicious files sent in emails. Nowadays, fileless attacks are taking over the toll and are becoming more common. According to The State of Endpoint Security Risk Report by Ponemon Institute, 77% of the total compromised attacks in 2017 were fileless.
Fileless malware attack as the name suggests do not need installation of a malicious software to infect the victim’s machine. It is also known as zero-footprint, non-malware, macro attack etc. as unlike traditional malware it takes advantage of the vulnerabilities existing on the user’s device. It usually exists in the computer’s RAM and uses common system tools such as Windows Management Instrumentation, PowerShell etc. to inject the malware.
Since they are not injected through a file, it is often very difficult to prevent, detect & remove the malware. However, the loss can be minimized to a great extent if you reboot your device as RAM can be exploited only if the device is on.
Features Of Fileless Malware
- It is difficult for antivirus software’s to detect the malware as it is not based on an identifiable code or signature.
- It is a memory based malware.
- It can be paired with other types of malwares as well.
- Fileless attacks evade whitelisting (the practice by which only approved applications are allowed to be installed on a system).
- Processes that are native to the operating system are generally used in order to initiate an attack.
- It generally takes advantage of approved applications that are there on your system.
How Does It Work?
Such an attack maybe launched through a variety of ways. You might mistakenly click on a banner ad that shall redirect you to a legitimate looking malicious site which may load Flash on your system. Flash in turn will compromise the Windows PowerShell. This in turn might download a malicious code from a botnet and send the data to hackers.
How To Detect?
It is usually difficult to detect a fileless malware attack since it is not launched through files. However, there are certain warning signs that one needs to take a note of.
- Unusual network patterns
- Compromised memory
- Unusual snags
Ways To Protect Yourself From Fileless Malware Attack
- Updating your current software on a regular basis.
- Keeping a tab on your network traffic.
- Disabling PDF readers from activating JavaScript
- Uninstalling or disabling features that you do not use.
- By enhancing your end point security.
- Adopting safe practices to use PowerShell.
- Disabling Flash
- Employing password vaults & strengthening user authentication.
- Cognizing employees about the attack in order to combat the threat.
For more information about IT Security, call Centex Technologies at (254) 213-4740.