The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Security Page 27 of 48

Tips To Reduce Cyber Crime In Inbound Call Centers

By

On October 28, 2020

In Security

Business security is one of the prime priorities for every business and as the number of cyber attacks is on a rise, the cyber security practices have become a necessity. Cyber criminals tend to find weak entry spots for targeting a business. Due to the nature of operations, inbound call centers act as an easy target for cyber criminals. The inbound call centers receive customer calls and acquire customer information to answer their queries. If hackers breech the inbound call system, they can get hold of consumer’s personal information.

Thus, businesses need to be vigilant and take proper steps to secure consumer information. Here are some tips to reduce cyber crime in inbound call centers:

  • Regularly Audit The Environment: Audits are generally overlooked, but regularly auditing the network environment of the call center can help in detecting any intrusion at an early stage. Audits can also help businesses in detecting any vulnerability in the system. A simpler way is to automate the network audit using a remote monitoring and management system (RMM). Also, businesses should consider password audit for all the staff in the inbound call center. This helps in tracking the users with weak or outdated password.
  • Strengthen The Authentication Process: Passwords alone may not be sufficient for proper authentication of users. So, inbound call centers should strengthen the system by incorporating multi-factor authentication.  Also, it is important to backup the authentication data with either a knowledge based, possession based, or inherence based requirement such as having a physical key or smartphone for receiving one-time password.
  • Boost Weak Security Through Automation: A great approach to ensure security of the systems is to automate the security process. A common example is to automate password generation such that the users themselves don’t know their passwords until the time of login. This eliminates the risk of knowingly or unknowingly leak of passwords by the users. This can be achieved by using software such as Password Management System or privileged Identity Management.
  • Secure The Endpoints: Endpoints are highly vulnerable because cyber criminals attack these endpoints to create holes in the network security perimeter. Inbound call centers can use advanced endpoint detection solutions to improve system’s ability to defend itself.

For more information on tips to secure network in inbound call centers, contact Centex Technologies at (254) 213 – 4740.

Tips To Mitigate Email Phishing Attacks

By

On October 26, 2020

In Security

PDF Version: Tips-To-Mitigate-Email-Phishing-Attacks

Dictionary Attack: What Is It & How To Prevent It?

By

On August 24, 2020

In Security

A dictionary attack is a type of identity breach where the hackers steal the password of the victim to gain access to personal or corporate information.

What Is A Dictionary Attack?

  • It is one of the cyber attacks where cyber criminals take advantage of the user’s habit of using common dictionary words as a password. Most internet users have a tendency to use simple or easy to remember words and phrases as their passwords.
  • In simpler words, it is an attempt to gain unauthorized access to a computer system or user account by using a large set of words to generate a potential password.
  • The traditional approach used by the hackers involved multiple attempts by making use of common words found in the dictionary. However, the attack has now evolved and the attackers make use of databases that include common dictionary words and passwords leaked in previous attacks to crack the password.
  • Some software are also available that help in cracking a password by using the password databases and producing common variations. In contrast to a brutal force attack, a dictionary attack tries only the password possibilities that are considered to be most likely to succeed.

Pre-Computed Dictionary Attack:

It involves pre-computing a list of hashes of common dictionary words these hashes are stored in a database. Once completed, the pre-computed database can then be used anytime to instantly lookup for the password hashes to crack the corresponding password. Although a lot of time is consumed in preparation, the actual attack can be executed faster than a simple dictionary attack.

Common Cracking Software Used In Dictionary Attack:

  • Burp Suite
  • Crack
  • Ophcrack
  • Cain and Abel
  • Aircrack-ng
  • John the Ripper
  • LophtCrack
  • Metasploit Project

How To Prevent A Dictionary Attack?

In order to prevent a dictionary attack, following steps can be helpful:

  • Change the security settings to lock the account after reaching a maximum number of authentication attempts.
  • Use multi-factor authentication to log in.
  • Use special characters and extra syllables in the password.
  • Use longer passwords.
  • Avoid reusing old passwords.

For more information on what is a dictionary attack and how to prevent it, contact Centex Technologies at (254) 213 – 4740.

5G & Data Security

By

On July 30, 2020

In Security

PDF Version: 5G-and-Data-Security

How Are Attackers Targeting Organizations With Steganographic Techniques?

By

On July 24, 2020

In Security

Steganography is the act of hiding secret information within an ordinary, non-secret file or message to avoid detection. The main strengths of steganography are its capacity to keep a message as secret as possible and hide a large amount of data. Cyber attackers are exploiting these strengths to target organizations by launching sophisticated attacks.

Cyber attacks employ steganography to embed malicious code in seemingly benign content to bypass an organization’s cyber security. The basic layout of a cyber attack using steganography is based on four concepts.

  • Social Engineering: When the user opens the compromised document, the malware code instructs the victim to enable content in the document.
  • Network Security Monitoring Evasion: Once the content is enabled, the document runs a PowerShell script to download a file with embedded malware. The file may be as simple as a popular image, a wallpaper, etc. and is stored on a remote server.
  • Manual Analysis Evasion: The attackers make use of obfuscated VB macros to decode the malicious content hidden within the pixels of these images and install the malware.
  • Persistence: The malware is designed to register scheduled tasks to enable the script to survive system reboots.

What Is PowerShell?

Microsoft introduced it as a scripting language and command line. It is now open-source and cross-platform enabling developers to use multiple languages and libraries for building applications for mobile, gaming, desktop, and IoT solutions. It is popular among cyber criminals for launching steganography attacks because:

  • It’s easy-to-use and versatile, providing access to all major OS functions.
  • It is used and trusted by many administrators, allowing PowerShell malware to blend in with benign activity on the network.

What Type Of Information Hidden Is Via Steganography By Cyber Criminals?

Cyber criminals can use the information hiding at different stages of a cyber attack depending upon the kind of information hidden.

  • Identities: Anonymization techniques are used to hide the identities of communicating parties.
  • Communication: Steganography is used to hide the fact that a conversation is taking place. It conceals the data packet flow by using traffic-type obfuscation methods.
  • Content: Cyber criminals may hide the content of data but not the transmission or presence of data itself.
  • Code: The structure of executable malicious code is hidden by binary code obfuscation and masquerading techniques.

With an increase in the number of sophisticated cyber-attacks using Steganographic techniques, the organizations are required to update their cyber security measures.

For more information on the use of steganography in cyber attacks, contact Centex Technologies at (254) 213 – 4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)