The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Attack Page 5 of 9

What is LockBit Ransomware?

By

On September 30, 2021

In Security

LockBit is a ransomware family that is part of a RaaS (Ransomware-as-a-Service) operation associated with LockerGoga and MegaCortex. LockBit has been seen in the wild since September 2019. The group previously advertised their services on hacking forums. They started advertising an affiliate program as “LockBit 2.0” in June 2021 via their own website on the dark web.

LockBit is initially deployed manually by an attacker that has already gained access to a victim system, but will quickly begin spreading to other systems by itself. The LockFile payload is known for its fully automated attacks and quick encryption. It prevents victims from accessing their files on an infected system by first encrypting the files adding a .lockbit extension to them. It then instructs the victim to pay a ransom in order to regain access to those encrypted files. The malware is capable of automatically spreading to other systems via SMB (Server Message Block) shares and executing PowerShell scripts. Victims regain access to their files by paying the ransom. They then obtain a custom decryptor that decrypts the locked and encrypted files.

This threat group uses a double extortion technique, threatening to release the stolen data if the ransom is not paid. Experts believe LockBit is part of a ransomware cartel involving collaboration between multiple ransomware groups, including Maze and Ragnar Locker.

So, how would you protect yourself from getting infected by the LockBit ransomware?

5 proactive and protective best practices helps you and your firm stay resilient against any cyber attack:

  1. Social Engineering Awareness: The users and employees must be provided end user security awareness training periodically. Organizations can release advisories and suggest best practices. Users must be demonstrated how to identify, block and report malicious emails. They must be able to differentiate between legit and illegit, email senders and user profiles on social media based on a list of Red Flags provided to them.
  2. Credentials policy and 2FA/MFA: Usernames and passwords must be configured in a manner that they cannot be guessed easily by the attackers. Use alphanumeric characters and keep the minimum length to 16. Threats ranging from account breaches to ransomware infections can be prevented if only the administrators pay attention to credential policies. You can check haveibeenpwned.com and follow NIST’s guidelines to set secure credentials. Use random password generator and check the complexity score of your password at passwordmeter.com. Enabling MFA (Multi-Factor Authentication) & 2FA (2-Factor Authentication) will prevent brute force attacks on your account. This adds more authentication layers on the top of your initial password-based logins. Alternatively you can implement biometrics and / or physical USB (Universal Serial Bus) key authenticators.
  3. ACL (Access Control List): Grant or assign the privileges or access on a Need-to-Know basis only.! Deployment of IAM (Identity and Access Management) strategy prevents accidental information modification from unauthorized employees. This also limits the scope of access for hackers having stolen the employees’ credentials. Enable a systematic deprovisioning process for employees leaving the company. Revoking the access rights of people who have left the organization is a crucial security responsibility that must be completed on the LWD (Last Working Day) & not get delayed.
  4. Fail-safe Backups: You can encrypt the data in upload it in cloud or keep in offline storage. Choose the CSP (Cloud Service Provider) that provides military-grade encryption. Implement, deploy & launch backup & disaster recovery mechanisms to protect your data.
  5. Holistic IT Strategies: Maintaining your organization’s credibility is very important. Comply to various regulatory standards & frameworks to protect highly sensitive business information. In-house SOC (Security Operations Center) team can monitor the real-time activities of users, services, and applications in your IT environment. Alternatively, to facilitate inadequate budgets & lack of resources, you can hire an MSSP (Managed Security Service Provider). They help you to outsource your security logging & monitoring requirements. They prevent, detect, analyze, & mitigate security risks, threats, vulnerabilities, & incidents for your business. Protect your data & devices with various security solutions such as NGAVs (Next-Gen Anti-Virus), DLP (Data Loss Prevention), XDR (Extended Detection and Response), Honeypot and likewise. Training and securing your users and employees would give hackers a hard time targeting your IT infrastructure.

For more information on various ransomware attacks and IT security measures to be adopted by businesses, contact Centex Technologies at (254) 213 – 4740

Tips on Securing Remote Work Space

By

On September 29, 2021

In Security

PDF Version: Tips-on-Securing-Remote-Work-Space

Online Payment Security Risk

By

On September 27, 2021

In Security

The advent of ECommerce digital technologies and the sales revenue generated by such businesses has benefitted global economies but attracted a lot of adversaries well. This has exponentially increased the rate at which PSPs (Payment Service Providers) are attacked. Risks and threats need to be identified, quantified & measured so they can be dealt with proactively.

5 common hurdles encountered in online payments systems:

  • Chargebacks: The “card-not-present” transactions indicate a fraudulent usage of payment networks and data theft. However, fraud-monitoring tools detect the same but deploying EMV (Europay, MasterCard® & Visa®) embedded chip & biometric authentication technologies are advisable. Too many chargebacks not only damage the business reputation but often the merchant closes its accounts. Deploying effective customer service and customer checks substantially reduces frauds and chargebacks.
  • Domestic and international transactions: National banking infrastructures require Private PSPs to enable cross-border transactions facilitating global trade. Government-led initiatives & mandates have regularized payment processors which were initially slow levying expensive transactions service charges. Managing credit risk, liquidity of assets, outsourcing business and professional services, and cost-to-benefit analysis for MNCs (Multi-National Companies) is now easily handled by transnational PSP systems.
  • Cyber-attacks: PSPs face DDoS (Distributed Denial of Service), phishing, vishing, smishing, e-skimming, etc. attacks. It is advised to subdue the application, network, data, & infrastructural security risks by following Defense-in-Depth and Depth-in-Defense approaches. Enforce the Security CIAAAN and comply with various physical, technical, tactical, operational procedures. Getting complied with regulatory compliance frameworks and standards increases your business reputation and customer acceptance. Implementing PCI-DSS, GDPR, ISO’s OSI model, HTTPS-SSL-TLS ensures the Credibility of your firm’s Security posture to your partners, merchant vendors, & customers.
  • Domestic & foreign currency payments: Merchants initially required different bank accounts and business entities as per the national/regional market. But nowadays, PSPs facilitate merchants, retailers, and customers paying in regional currencies increasing multi-currency, cross-border transactions.
  • Technological workflows: With digitization, integrating various technologies across the world to function & operate with common objectives faces a few difficulties as well. Payment processors need to deploy good security mechanisms which of course is expensive for merchants to bear its costs. The PSP has to roll out its own hardware and software that facilitates secure payment transactions between merchants, retailers, & customers. The seamless, safe and secure payment experience has its costs that the end-users have to bear.

5 Best practices to deal with online payment security risks:

  • Educate employees: Employees and partners need to understand the bigger picture of business risk. Everyone must take moral ownership to keep the risky online payment business safe and secure in their individual capacities. User awareness training must be conducted to prevent the staff from getting targeted by social engineering attacks.
  • Prevent, detect, and mitigate risks: Ensuring cybersecurity and secure data practices is the first step to preventing imminent risks. Detection & mitigation is strengthened by deploying in-house SOC (Security Operations Center) and/or NOC (Network Operations Center) or outsourcing them to MSSP (Managed Security Service Providers).
  • KYC and compliances: Complying with the various regulatory standards & compliance frameworks shows credibility to business partners, merchants vendors, clients, customers, and likewise. Adhering to Data privacy laws is very much recommended.
  • Conducive company policies: The online payment shipping, returns, refund amount, data privacy policies must be well stated over the online platforms that the Users use every day. Satisfaction, convenience, and security of customers must be prioritized.
  • Risk modeling: Risks & threats must be assessed beforehand. The relevant BCP (Business Continuity Plan), as well as DRP (Disaster Recovery Plan), must be clearly defined. Frauds must be dealt with strict legal actions to instill fear in fraudsters and maintain or improve business reputation in the market.

To know about Online Payment Security solutions for business, call Centex Technologies at (254) 213 – 4740

Cyber Security Controls Every Business Needs To Know

By

On August 30, 2021

In Security

As cyber attacks are becoming more evolved and complex, it has become critical for organizations to possess basic cyber security controls. In order to ensure the safety of business’ confidential data, organizations need to enforce appropriate security controls.

Here are some cyber security controls that every business needs to know:

  • Automated Patching: Patches are introduced by tech developers in order to fix critical vulnerabilities found in a network, app, or system. Timely fixes or patching is essential to prevent the spread of security breaches via open vulnerabilities which may cause extensive damage to a business. Automating the updates can save time and resources spent by IT professionals for manually searching devices to evaluate and install latest updates. Automation allows simultaneous implementation of patches for several vulnerabilities.
  • Full Disk Encryption: A great way to strengthen the security health of an organization is to allow Full Disk Encryption (FDE) data on hard disks in an organization. Enabling cyber security controls that store user credentials securely and drive data confidentiality helps in ensuring safety of business data from cyber criminals. In addition to FDE, make sure to backup the data regularly to tackle situations such as disk crash. Also, make sure to store passwords and encryption keys at separate location as no one can access a system without appropriate credentials.
  • Screen Lock: The next cyber security control to be implemented is automatic screen lock. Once this control is activated, a machine enters sleep mode after being idle for a set time and user has to enter password when returning to the machine. This prevents any one from accessing a machine when unattended. This cyber security control becomes even more important for users working from remote locations.
  • Enabling Firewall: It may seem like a basic strategy but it is highly important to activate firewall across all company devices. A firewall is a software that tracks inbound and outbound activities from a network and blocks the traffic that seem unsafe for the network based on a set of security rules. This prevents unauthorized applications from reaching endpoints and penetrating into the network. This helps businesses in mitigating risks and overcoming new cyber challenges.

For more information on cyber security controls, contact Centex Technologies at (254) 213 – 4740.

Cyber Security Concerns Of Smartphone Users

By

On August 25, 2021

In Security

As the ‘Work From Home’ and ‘Bring Your Own Device’ culture has gained popularity, organizations have increased their attention towards mobile security. Most employees routinely access organizational data from their personal mobile devices, cyber criminals also try to gain on this opportunity. So, organizations have to keep their employees informed about major cyber security concerns that can be woven around smartphones.

Here are some major cyber security concerns of smartphone users:

  • Data Leakage: Data leakage refers to unauthorized transfer of data from within an organization’s systems to an external destination or recipient. It is one of the most bothersome cyber security threats for enterprises. In order to combat the issue of data leakage, organizations need to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users as well. However, this doesn’t help in taking care of data leakage resulting from user error such as transferring company files onto public cloud, copying confidential information to a wrong place, forwarding an email to unintended recipient, etc.
  • Social Engineering: It is a manipulation technique that exploits user error to gain private information, unauthorized access, etc. These scams are also known as ‘human hacking’ scams because these scams work by luring unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Social engineering scams usually aim at theft of information as well as sabotaging organization’s reputation by disrupting or corrupting data. Common examples of social engineering attacks include phishing attacks, baiting attacks, physical breach, pre-texting attacks, access tail-gaiting attacks, quid pro quo attacks, scareware attacks, etc.
  • Wi-Fi Interference: A mobile device is secure only in case the network through which data is transmitted is secure. Cyber criminals find an array of ways to intercept the transmission. Some of the tactics include setting up fake Wi-Fi networks, intercepting communications transferred across public networks, etc. Organizations can combat this issue by motivating users to download and make use of VPN.
  • Cryptojacking Attacks: Cryptojacking is a type of attack where cyber criminals use victim’s device for mining cryptocurrency without victim’s knowledge. The cryptomining process relies on the user’s resources such as mobile device processor, network, data, storage, etc. This reduces the performance level of the mobile device.

For more information on cyber security concerns of smartphone users, contact Centex Technologies at (254) 213 – 4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)