Posts Tagged Cyber Security

Tips to Secure Data Access

PDF Version: Tips-to-Secure-Data-Access

,

No Comments

Security Risks Concerning Virtual Personal Assistants

VPA (Virtual Personal Assistant) software application follow commands of a user intelligently and performs a variety of tasks such as searching information on the web, scheduling an appointment, monitoring health data, initiating online shopping, searching for addresses & location, etc. Also known as Intelligent Personal Assistant (IPAs); Siri, Google Now, Alexa, Cortana, etc. are the most commonly used ones.

Although Virtual Personal Assistants are of great use, there are certain security risks concerning them. Here we have discussed the most prominent security threats associated with VPAs

  • Eavesdropping: A VPA is programmed to follow voice commands. So, it passively listens to everything being said, if the user forgets to turn it off when not in use. Thus, it ends up collecting user’s voice data without his knowledge. This recorded data always poses a risk of hijacking because cybercriminals might collect & use it unlawfully.
  • Vast Exposure Of Personal Information: VPAs resort to different databases on the web in order to respond to user’s query. Although it is highly convenient, it can pose a serious security threat.
  • Data Theft: VPA keeps a track of the user’s activity and stores that information on the device as well as a remote database. When an VPA hijacker gets hold of this information, he can extract the data and exploit it to offend the user.
  • Voice/Audio Hijacking: This technology recognizes voice to take commands. Even though it understands different words & their pronunciations, it does not distinguish the voices of different users. This can be used against the user, as an impersonator might command the VPA to perform tasks that may harm the user. Even if it recognizes the user’s voice, there is a possibility that a cybercriminal might use the actual user’s voice recording and issue commands to the VPA.
  • Remote Malware Downloading: A compromised VPA might be instructed to visit certain sites containing a malicious link. Once clicked, this link installs a malware in the device which continues to operate & damage the device remotely without the user’s knowledge.
  • Undertake Tasks Autonomously: Users might register automated commands with a VPA. This can be exploited by the hijacker to victimize the user.  For example, the user may direct his VPA to pay his phone bill every month. The VPA further takes the command and connects it to an authorized payment gateway. If the VPA is compromised, the hacker might dismiss the bill payment and transfer funds to his remote account.

There is no denying the fact that virtual personal assistants provide numerous benefits. However, it is important to stay cautious in order to avoid security risks.

For more information about IT, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

Frequently Asked Questions About Malware Botnet

A Malware-Bot is a type of malware that exercises control over the infected machine once the infection spreads through the system. It acts according to the instructions given by the master i.e. malware writer. Following are some most commonly asked questions about Malware Botnet:

  • What Actions Does A Malware Bot Perform?

A Malware Bot can perform numerous tasks such as-

  • Spying & tracking
  • Sending spams, hosting command servers, working as proxies & performing other malicious activities
  • Accessing corporate resources & hijacking
  • Stealing confidential information, documents, credentials, etc.
  • Bitcoin mining
  • Web browsing
  • Do All Malware Bots Perform The Same Actions?

The bot can perform all the above mentioned actions, however there are two types of malware actions that the Malware Bot does not perform, not because it is incapable to do so but because they make little business sense. Following are the two malware actions:

  • Actions Which Impend The Machine: A Malware Bot cannot work in a damaged environment. When the software environment is damaged the machine is usually reinstalled, thus removing the bot. So, Malware Bot does not usually perform an action that would restrain it from running on the machine.
  • Actions That Reveal The Infection: A bot does not want a user to know about its presence on their machine, which is why it operates stealthily. Thus, it does not resort to activities such as modifying browser setting, popping up dialogue box, etc.
  • How Are Botnets Investigated?

When the malware is launched, it reaches the malware researchers sooner or later. They capture it through various channels such as malware spam, honeypots, phishing sites, product reports, etc. Once captured, the malware researchers analyze it in a controlled environment to receive the updates.

  • How Is A Botnet Controlled?

It is controlled by a computer or a group of computers running a command & control server (C&C server). The server communicates & sends instructions to the Malware Bot in the format understood by it. The server then performs numerous functions such as instructing the bots to schedule or execute a task, keeping track of number & distribution of bots as well as updating the bots by replacing them with a new type of malware.

  • Why Do Botnets Emerge?

The main reason why the malware writers develop, deploy & maintain a botnet is to tap on financial gains.

  • How To Prevent A Malware Botnet?

After understanding the working of a malware botnet, let us know how to prevent it:

  • Update your operating system regularly.
  • Avoid downloading from P2P & file sharing networks.
  • Don’t click on suspicious attachments & links.
  • Install a good antivirus software.
  • Follow good surfing habits.

For more information, call Centex Technologies at (254) 213-4740.

, ,

No Comments

How Does Touch ID Scam Work

Smartphones are coming up with new features every day, touch ID scan being one of them. This feature allows you to unlock your phone, approve a purchase or protect access to applications using a fingerprint or face scan instantly. It is highly beneficial as it prevents people from accessing your critical apps & personal information if they happen to lay hands on your unlocked device.

However, off lately cybercriminals have come up with touch ID scams to exploit users and steal away their confidential information.

How Does The Scam Work?

Since touch id scan is a convenient option, people are using it for more than just unlocking the phone. Nowadays, touch ID is being used for authentication on various apps. However, once you press your finger against the home button, there is generally no additional prompt to confirm whether you want to purchase the app or not.

The scam apps often pose as health assistants and invite users to use a touch ID to track calories, heart rate, etc. When you scan your fingerprint, an in-app purchase pop-up appears on the screen. Consequently, the screen is dimmed to make it hard to see the prompt. Once authorized, it usually charges you somewhere between $90 to $120 and the user is victimized by a touch ID scam.

How To Avoid Falling Prey To A Touch ID Scam

  • Double Check If It Looks Suspicious: If any app functions in a way other than normal, then be wary of it and avoid it altogether. The app might ask you to hold down your finger longer than usual, register your fingerprint in different ways, might not support fingerprints that you have saved with android/iOS or ask you to do a fingerprint scan numerous times to authenticate.
  • Check Reviews: Make sure that you read the reviews before downloading a new app. To some extent, this may help you know if the app is legitimate or not. However, if you decide to download it, then stay a little cautious and report it if you find any problem.
  • Disable Fingerprint Or Face Authentication For Purchases: The best way to stay safe is to disable fingerprint as well as face authentication for purchases. Even though you will have to type the password manually, it will give you extra time to consider if you wish to purchase an app or not. This is unlike fingerprint authentication where pressing the home button prompts the purchase.
  • Prefer Trusted Developers: When downloading an app, it is always preferable to buy the one that has been developed by trusted companies. Reputed apps usually have thousands of downloads and their developers have a significant online presence on websites & social media.

For more information, call Centex Technologies at (254) 213-4740.

, ,

No Comments

More About Industrial Espionage

PDF Version:  More-About-Industrial-Espionage

 

 

, , ,

No Comments