Posts Tagged Cyber Threats

Potential Hurdles Limiting The Internet of Things

There is immense hype surrounding Internet of Things (IoT). However, irrespective of technological advancements and immense benefits offered by IoT, there are some potential challenges that limit the application of IoT. In order to understand these hurdles, it is first important to understand what IoT is and how it works?

IoT is a network of interconnected things, devices, machines, animals or humans that are equipped with sensors, software, network connectivity and necessary electronics which enable them to share, exchange and collect data. The sensors of every connection in the network communicate with a cloud system and send data to it through internet connectivity. Once data is received by cloud, the software processes it to take an action like sending an alert or making adjustments to sensor/device with manual efforts of the user.

Following are the hurdles that limit the use of Internet of Things:

  • Availability Of Internet: Although IoT offers high levels of convenience and technological access to users, but there is a basic internet requirement for IoT to be operational. Undoubtedly, internet access is not considered to be a problem by majority of people, but there are still some areas of world where internet connectivity may be spotty or absent.
  • Expenses: IoT requires placement of sensors on the devices or objects. For implementing this technology to its complete potential, there is a requirement to place sensors on roads, traffic lights, utility grids and buildings. Embedding sensors on all required places is looked upon as a huge expense. Progress has been made to develop cheaper sensors. However, more progress is required before organizations would embrace the technology completely.
  • Privacy & Cyber Security: As the number of cyber security breaches is rising, organizations and individuals are thoroughly concerned about the security related to IoT. If every household item or organizational computer is connected over web, it raises the need for strict cyber security protocols.
  • Data Surge: It is estimated that by 2020, around 26 billion items or objects will be a part of IoT. This will lead to the generation of large amount of data. So, businesses need to invest in new hardware, equipment and data mining techniques for effectively collecting and analyzing data in real time.
  • Consumer Awareness: IoT is a technological buzzword, but still 87% of general public is unaware of the term or its actual meaning. There are chances that people may actually be using the technology in some way and yet be unaware of it. This lack of knowledge may result in loss of interest. However, there has been an increased interest in the use of wearable technology which could act as a gateway for other connected objects.

Irrespective of these hurdles, the number of IoT developers is expected to reach 4.5 million by 2020. This gives a hope for new solutions to these hurdles for facilitating the spread of technology and its applications.

For more information on Internet of Things, call Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

Protecting Your Home IoT Devices

View Full Image

, , , ,

No Comments

What Is SamSam Ransomware?

SamSam is a targeted ransomware attack which incorporates custom infection using a wide range of exploits or brute force tactics. The ransomware is also known as Samas or SamsamCrypt. The first version of the ransomware was released in late 2015. The SamSam ransomware attacks do not make use of phishing or malware downloads to infect a network; instead they utilize following modes of infection:

  • Vulnerabilities in Remote Desktop Protocols (RDP)
  • Vulnerabilities in Java based web servers
  • Vulnerabilities in File Transfer Protocol (FTP)
  • Brute force against weak passwords
  • Stolen login credentials

Once, the ransomware has initial foothold on the victim’s network, it compromises the network to gain control. Also, SamSam is a manual attack. Thus, in case an application detects the ransomware, the attackers modify a registry entry to disable the endpoint tool’s detection. This enables them to compromise the application and control the network. SamSam uses a number of applications to accomplish the attack such as Mimikatz, reGeorg, PsExec, PsInfo, RDPWrap, NLBrute, Impacket, CSVDE, PowerSploit and JexBoss.

During the reconnaissance phase, the attackers try to write a plain text file named test.txt to target. If successful, they add the target to a list titled alive.txt on Domain Controller (DC). After ensuring that DC has writing privileges for machines, the ransomware is deployed and pushed to all the machines controlled by DC simultaneously.

The ransomware follows an efficient approach for encrypting the files on infected machines.

  • The encryption is initiated on holidays, weekends or late nights to buy time for maximizing the impact before getting noticed.
  • Files with selective extensions or important files required for running the machines are encrypted first.
  • The remaining applications or files are encrypted later; starting from smaller files and gradually moving towards larger files.
  • A unique AES key is generated for every encrypted file.
  • As soon as encryption is complete, ransomware deletes its installer and removes any traces of the attack.
  • It becomes difficult for victims to download files from off shore backup because the applications required to run the machine are also inaccessible. Thus, they are required to go thorough time consuming process of reloading the disk and installing applications before downloading back up files.

A ransom note is left on target organization’s machines demanding a set amount of bitcoin currency to decrypt a single machine and a lump sum amount for decrypting all the machines at once. Every victim is provided a unique web address on dark web which leads to chat feature for communicating with the attackers. The chat is deleted after a victim pays the ransom.

Security Practices To Prevent SamSam Attack:

  • Regularly install available patches for RDP service. Also, disable the service when not needed by the users.
  • Ensure that no RDP ports are left open during interactions between cloud-based virtual machines and public IPs. If it is required to leave RDP Port of a system open, keep the system behind firewall and instruct users to communicate with this machine via VPN.
  • Enable, two-factor authentication, strong passwords and account lockout policies.

For more information on how to secure your network, call Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

What Is Scareware?

Scareware is a malicious software that tricks the users and directs them to a malware infested website. It usually comes up in the form of a pop-up and appears as a legitimate warning from an antivirus company. The pop up displays the information that users must purchase the software to fix the problem. Scareware creates a perception of threat and manipulates users to buy a fake software. The fake software could be a spyware which collects user’s personal data for further gains.

How Is It Conducted?

Step 1: A pop-up appears on the website with a note that a virus has been found in the system and a software needs to be downloaded in order to get rid of it.
Step 2: Once the user clicks on the download button, a scareware attack is launched & a malware is installed on the user’s system.
Step 3: The cyber-criminal gains access to the victim’s private data and exploits it for his benefit.

Ways In Which Scareware Can Infect The System

  • Through a greeting, lottery or news alert email
  • Advertizements
  • Pop-ups with a message like- scan your system or a virus has been detected in you system
  • Affected websites that take advantage of software vulnerabilities

What Can A Scareware Attack Do?

  • Trick you to pay money for a fake antivirus software
  • Control your device and use it for sending spam
  • Access your confidential bank details and record your keystrokes

Ways To Protect Yourself From A Scareware Attack

  • Typically, a scareware gets into your system though a pop-up. You can minimize the risk of scareware by turning on the pop-up blocker.
  • It is always advisable to use the latest version of the browser; so make sure that your browser is regularly updated for any security patches.
  • Make sure that you install a reputed antivirus software on your system and also keep it updated.
  • Restart the computer if your system is responding slowly or you come across something unusual.
  • Prefer reading emails in plain text.
  • Never open emails sent from unknown sources.
  • Do not click on any link on an unsecured webpage. Chances are that the warning pop-up is a malicious link that will install virus in to your system.
  • Never allow the browser to save your login details and passwords.

In order to protect yourself from such cyber-attacks, it is important to understand how they operate. Also, be wary of clicking on any pop-up while browsing.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

,

No Comments

Understanding LeakerLocker Ransomware Attack

LeakerLocker is a ransomware that affects mobile devices running on android platform. Unlike other mobile ransomwares that encrypt user data, LeakerLocker Ransomware doesn’t encrypt your data but locks your screen. Cybercriminals claim that the user’s private & confidential information will be transferred to their secure cloud and sent to the victim’s phone contacts if he fails to pay a ransom amount.

The mobile malware research team at McAfee identified the LeakerLocker ransomware on July 7, 2017. It was spotted that the ransomware was spreading via two apps:

  • Wallpapers Blur HD
  • Booster & Cleaner Pro

The apps function like any legitimate app; however once installed, a malicious code is loaded via a command-and-control server. When the access permission is granted, the code collects sensitive data from the user’s phone and blackmails him against it.

What Type Of Data Is Collected?

  • Personal photos
  • Contact numbers
  • Sent and received SMS
  • Phone call history
  • Facebook messages
  • Chrome history
  • Full email texts
  • GPS location history

How To Protect Your Device From LeakerLocker Ransomware?

  • Install An Antivirus Software: Protect your phone from any ransomware attack by installing a reputed antivirus software. These software scan the websites as well as apps to ensure that they are safe and do not contain any type of malware.
  • Update Your Phone: Make sure that you check your phone for android system updates available and download them regularly.
  • Back-up Your Files: It is important to back-up your files regularly to recover them in case of any data loss. You can back-up the information to the cloud or store your data on an external hard drive.
  • Don’t Download Apps From Unknown Sources: Whenever you download an app, make sure that you download it from a trusted source. Avoid downloading third party apps as they may pose a security threat. Also change your system settings and disable them to perform unofficial app installations.
  • Ignore Pop-Up Installations: Be wary of pop-up installations and avoid installing an update or plug-in.
  • Know Before Clicking On A Link: Make sure that you do not click on any links which you receive via an email or text from an unknown source.
  • Check The App Reviews: Read the reviews before downloading any app and also ensure that it is from a reputable developer. Do not download the app if you find something suspicious in the comments

For more information about ransomware attacks and ways to protect yourself from them, call the team of Centex Technologies at (254) 213-4740.

,

No Comments