The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cyber Security Page 39 of 41

Beware Of Rombertik Virus

By

On June 28, 2015

In Security

June 29, 2015

Cybersecurity experts have come up with a new self-destructive virus, Rombertik, which is remarkably inimitable with respect to its functionality and perplexity. Identified by Cisco’s Talos Security Intelligence and Research Group, the deadly virus has been designed to decode any text entered into the user’s internet browser. It aims at stealing user names, passwords, bank account details, credit card codes and other sensitive information. Also known as the ‘suicide virus’, Rombertik attempts to destroy the infected computer if it gets detected.

How Does Rombertik Work?   

Rombertik mainly targets a user’s computer through spam emails. When a user downloads the attachment files that accompany these emails, the virus installs itself on the device. Initially, Rombertik performs some checks to confirm it is not running inside the sandbox, after which it starts with its execution. What makes Rombertik different from other malware is its bloated file size. As stated by Talos, the unpacked version of Rombertik is merely 28 KB whereas the packed file is more than 1 MB. This implies that almost 97 percent of the data in packed version is included just to make the file look legitimate.

The malware Rombertik is self-aware, meaning that it recognizes if the user tries to dismiss it with anti-virus software. In an attempt to avoid detection, the virus starts to destroy itself along with the computer’s Master Boot Record (MBR), rendering it unusable.

How Does Rombertik Remain Undetected?

  • The huge amount of junk elements contained in the executable file of Rombertik is never utilized by the malware. This inflates the volume of the file, which needs to be analyzed and studied by the cyber experts, thus, adjourning the virus identification process.
  • The virus overwrites a single byte of random data 960 million times on the computer memory. This is done to deceive sandbox to take Rombertik to be an authentic program. It leads to extending the data log over 100 GB, thus, complicating the investigation and detection of the malware.

How To Protect Against Rombertik?

  • One should not download attachments in emails from unknown sources.
  • Anti-virus software should be updated to block the malware in the first place.
  • Set up email security settings and block downloading of certain types of attachments.

Cyber security professionals recommend that users should constantly update their system’s security software and keep a backup of all the important data to minimize the effects of getting the system infected with Rombertik.

Man-In-The-Middle-Attack

By

On May 30, 2015

In Security

May 30, 2015

A man-in-the-middle (MITM) attack occurs when an unauthorized user attempts to actively monitor, capture and control the information transmitted between the source and destination computer. The attack may be carried out to simply gain access to the encrypted/unencrypted information or empower the hacker to modify the message before passing it further.

How Does A Man-In-The-Middle Attack Works?

The man-in-the-middle attack is performed when the attacker gains complete control over the networking router along a normal flow of traffic. The cybercriminal, in most cases, is in the same broadcast domain as the victim. For example, a TCP connection exists between the server and client in an HTTP session. The MITM splits the link into two – one between the server and attacker and other between the victim and attacker. By interrupting the TCP connection, the attacker decodes, alters and inserts fake data into the communication. A man-in-the-middle attack aims to exploit the weaknesses in the communication protocol, convincing the source network to divert traffic through the attacker’s router.

Tips To Prevent Man-In-The-Middle Attacks

  • Pay Attention To Certificate Warnings: A security certificate warning appearing for a website might indicate a serious problem. If the certificate doesn’t match with the server, you might be communicating with a malicious server carrying out a man-in-the-middle attack. Thus, you must not visit such websites, specifically if it involves entering important information like user names, passwords, bank account details etc.
  • Check for HTTPS Encryption: When connecting to sites that process financial transactions such as online shopping or banking, make sure that the session has an HTTPS encryption. When communicating over HTTPS, your web browser checks identity certificates to confirm the credibility of the servers you are connecting to, thus, reducing the possibility of a phishing server.
  • Be Careful While Using Wi-Fi Networks: Avoid doing any online transaction or sharing sensitive information if you are using a public Wi-Fi network. Be more alert if you see certificate warnings and websites without HTTPS encryption on such networks. Always try to use a private virtual private network (VPN) to create a secure connection to a trusted server.
  • Install Anti-Virus Software: Installing and regularly updating anti-virus software can help you defend against man-in-the-middle attacks that involve infecting your computer with a malware.

We, at Centex Technologies provide the most advanced cyber security solutions for businesses. For more information, you can call us at (855) 375 – 9654.

What is a Sniffer Attack?

By

On May 18, 2015

In Security

May 18, 2015

A sniffer attack involves capturing, inspecting, decoding and interpreting the network packets and information exchanges on a TCP/IP network. It aims at stealing unencrypted information, such as user IDs, passwords, email text, transferred files, credit card numbers, network details etc. It is also referred as a passive cyber-threat as the attacker is usually invisible and difficult to detect on the network.

Types Of Sniffer Attacks

  • LAN Sniffing: In this, the sniffer software is installed on the internal LAN to scan the entire network exhaustively. This helps to provide further information such as server inventory, live hosts, open ports etc. Once all the details are gathered, the hacker may launch a port-specific attack.
  • Protocol Sniffing: This method involves creating separate sniffers to carry out attacks on different network protocols. For instance, if a hacker sees UDP packets in a network, a separate sniffer is started to capture information.
  • ARP Sniffing: The hackers steal all the important information related to the IP addresses and its associated MAC addresses. This data is further used to initiate packet spoofing attacks, ARP poisoning attacks or exploit vulnerabilities in the network router.
  • TCP Session Sniffing: This is a basic sniffer attack in which the hackers get hold of the traffic between the source and destination IP address. They target details like service types, port numbers and TCP sequence numbers to create and control a fabricated TCP session.
  • Web Password Sniffing: In these sniffer attacks, the hackers penetrate the HTTP sessions that do not use secure encryption. Following this, the user IDs and passwords can be stolen and used for malicious purposes.

Tips To Protect Against Sniffer Attacks

  • Enable a WPA or WPA2 encryption for your router. Also, make sure you change its default password to limit access to your network. Use a long and secure password consisting of numbers, uppercase letters, lowercase letters and symbols.
  • Use MAC filtering on your network. You must allow only trusted MAC addresses to access your private VPN, thus, reducing the chances of a sniffer spying on the network.
  • Ensure that the important sites you use, particularly those that involve making financial transactions, have SSL (Secure Socket Layer) encryption. If a site is SSL enabled, it will have a URL beginning with HTTPS instead of HTTP.

We, at Centex Technologies, can assess and implement advanced cybersecurity measures in your organization. For more information, you can call us at (855) 375 – 9654.

What Is Network Traveling Worm Attack?

By

On April 18, 2015

In Security

April 18, 2015

Network traveling worms are specifically encoded programs that are able to transfer from a computer to other through various ways. These worms are automated hackers that transfer important information to impair the entire network once they gain access into it. Worms are quite similar to viruses except that they spread in a slightly different way. When a worm infects a computer, it searches for another system connected through the same local area network (LAN). Once it is found, the worm facsimiles itself to the new computer and continues with its search for more machines to replicate further. Due to its nature of traveling through the network, a worm is able to consume most of the bandwidth, causing the servers to stop responding.

Different types of network traveling worms are:

  • Email Worms: These worms travel by way of attachments in email messages or links to a corrupted website.
  • Instant Messaging Worms: These spread by sending spam links to the contacts in an instant messaging application.
  • Internet Worms: These types of worms scan the internet and other available network resources to search for vulnerable computers. If any such system is found, the worm attempts to connect and infect it.
  • IRC Worms: These worms spread through Internet Relay Chat (IRC) channels and transmit infected links or files to the contacts list.
  • File Sharing Network Worms: These worms replicate itself into a shared folder and spread by way of a peer-to-peer (P2P) network.

How Network Traveling Worm Attack Affects?

  • Exploit Vulnerabilities: The worm begins launching attacks from one computer in your network to other systems that do not have an updated firewall/ patch installed. Using this, the worm implements ‘shellcode’ on the target machine to make it download and set up a similar type of worm.
  • Weak Passwords: The worm tries to initiate a dictionary attack on other computers in the network. Through this, it aims at accessing the credentials required to execute commands on the target system.
  • Insecure Vulnerabilities: The worm can simply recreate itself through openly shared folders on other computers connected through the same LAN.
  • Email: The worm inspects the contacts list and sends well-written emails to make people click on a spam link, install software or download an attachment to their computers.

Tips To Counter Network Traveling Worms Attack

  • Block auto-execution of attachments in email
  • Keep your computer’s firewall and patches  updated
  • Filter traffic on your router and Wi-Fi network
  • Disable auto run capabilities on the computer
  • Use strong passwords

Following these tips can help you protect yourself against network traveling worms attack to a great extent.

What Are Advanced Persistent Threats

By

On April 13, 2015

In Security

April 13, 2015

An advanced persistent threat (APT) is a targeted cyber-attack mostly directed against businesses or political institutions. In this, a hacker gains unauthorized access to a system network and remains undetected for a long duration. The purpose of advanced persistent threat is not to damage the computer or infect the organizations’ network. Rather, it aims at stealing sensitive and high-value information from organizations involved in manufacturing, finance and national defense.

An advanced persistent threat has three main targets:

  • Stealing information from the target
  • Surveilling the target
  • Sabotaging the target

How Does It Work?

An advanced persistent threat usually follows the following four steps to successfully accomplish its purpose:

  • Investigation: This involves a thorough analysis of the weaknesses in the network security system of the organization. It may be done through domain queries, port as well as vulnerability scans.
  • Initial Access: Once the weaknesses are discovered, the hacker tries to exploit them to gain access into the organization’s network. For this, he may use a sophisticated social engineering technique, known as spear fishing.
  • Increase Rights: Following the initial entry, the hacker attempts to gather the necessary user credentials to gain more control over the system. He also creates several back doors to easily access the information while circumventing all the security mechanisms.
  • Exploitation: Once full control has been established, the hacker will be able to constantly detect, steal and exploit all the sensitive data stored in the corporate network.

Counter Measures For Advanced Persistent Threats

In spite of the sneaky nature of the advanced persistent threats, there are many preventive actions taken by most organizations to safeguard their critical information. The most important of them is to recognize what data you need to protect and detect the threat at an early stage to prevent further penetration. You must also install a layered data security protection in your system. This would provide an added protection in case of a potential advanced persistent threat attack.

Another counter measure can be to hold continuous security awareness training sessions for all the employees. This will ensure that they are alert about what and what not to do while using the internet or email.  Other technological defenses against advanced persistent threat attacks may include data encryption, classification, application whitelisting as well as security analytics.

It is also important for the IT security team of the organization to remain proactive to deal with any such unauthorized breaches in the corporate network. We at Centex Technologies evaluate and recommend security measures for your organization. For more information, call us at – (855) 375-9654

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)