Posts Tagged Cyber Threats

Emerging Cyber Security Threats

2020 has witnessed a great change in the work environment of organizations with an increase in number of remote and work from home employees. This change in dynamics has paved way for new cyber security threats along with re-emergence of some old threats.

Here is a list of emerging cyber security threats that organizations should be aware of in order to stay protected:

  • Work-From-Home Attacks: Cyber security attacks on work-from-home or remote employees are not new but the frequency and extent of such attacks has increased many folds with the new work culture. Cyber criminals are targeting multiple and insecure home networks at same time to launch wide spread breach of critical systems and services. AN effective way to solve this problem is to effectively use Identity & Access Management Tools that are capable of analyzing user activity, resource requests, and corporate connectivity behavior.
  • Brute Force Attacks: Brute force attacks have resurfaced as cyber criminals are recognizing the potential of DDOS attacks. Hackers are making use of simple services delivery protocol (SSDP) and simple network management protocol (SNMP) to launch large number of Distributed Denial Of Service attacks. Use of botnet swarms has enable hackers to amplify IP requests to overwhelm organizational networks leading to slower response time. SNMP attacks can cause more damage as the protocol connects and manages common corporate devices, such as modems, printers, routers and servers. Compromised SNMP help attackers in bypassing firewalls which exposes all corporate services to risk.
  • Fileless Frameworks: Fileless malware and ransomware attacks are designed to bypass common detection controls and infiltrating key systems by using legitimate platforms or software tools that already exist within corporate networks. This allows hackers to get past common detection methods that scan for malicious files. Use of existing system tools does away with the need for cyber criminals to design an attack framework which decreases the time required for malware development.
  • Front Line Phishing: One of the biggest news of 2021 is COVID-19 vaccine. People are extensively searching online to know more information about the vaccine such as current state of the disease, when will the vaccine be given out, who has been approved to get the vaccine, etc. Thus, organizations and individuals should be prepared for phishing attacks fabricated around this topic. Cyber criminals are using COVID-19 vaccine information links as phishing baits in their emails or messages to lure users.

For more information on cyber security threats, contact Centex Technologies at (254) 213 – 4740.

, , ,

No Comments

User & Entity Behavior Analytics: Definition & Benefits

User & entity behavior analytics (UEBA) is a type of cyber security process that understands how a user conducts normally. Further, it detects any anomalous behavior or instances, such as deviations from normal conduct. A simple example being, suppose a user downloads 10 MB of files everyday but suddenly downloads gigabytes of files on an instance, the system will detect this anomaly and update the user.

UEBA relies on machine learning, algorithms and statistical analyses to detect the deviations from established user behavior and determine the anomalies that can translate into potential cyber threats. UEBA also takes into consideration the data in system reports, logs, files, flow of data and packet information.

UEBA does not track security events or monitor devices, instead it tracks all the users and entities in the system. The main focus of UEBA is insider threats.

Benefits Of User & Entity Behavior Analytics:

As the cyber threat landscape has become complex, hackers are now able to bypass peripheral security such as firewalls. Thus, it is important to detect the presence of hackers who have entered the system in a timely and efficient manner.

This makes user & entity behavior analytics an important component of IT security. Here are some benefits of user & entity behavior analytics system:

  • Detect Insider Threats: Insider threats such as an employee gone rogue, employees who have been compromised, people who already have access to organization’s systems, etc. can cause a serious threat to an organization’s security by stealing data and information. UEBA can help in detecting data breaches, sabotage, privilege abuse, and policy violations by analyzing a change in normal behavior of an employee.
  • Detect Compromised Accounts: There is a great probability that a user’s account may be compromised; the user may have unknowingly installed a malware on his system or a legitimate account may be spoofed. As soon as a compromised account performs an unusual action, it is detected by UEBA before it can cause major damage.
  • Detect Brute-Force Attacks: Scammers can target cloud-based entities as well as third-party authentication systems to launch an attack. UEBA helps in detecting brute-force attacks allowing the organization to block access to these entities.
  • Detect Changes In Permissions: Sometimes hackers create super user accounts to grant unauthorized permissions to some accounts. UEBA detects such changes in permissions to nip the attack before it is launched.

For more information on user & entity behavior analytics, contact Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

Potential Hurdles Limiting The Internet of Things

There is immense hype surrounding Internet of Things (IoT). However, irrespective of technological advancements and immense benefits offered by IoT, there are some potential challenges that limit the application of IoT. In order to understand these hurdles, it is first important to understand what IoT is and how it works?

IoT is a network of interconnected things, devices, machines, animals or humans that are equipped with sensors, software, network connectivity and necessary electronics which enable them to share, exchange and collect data. The sensors of every connection in the network communicate with a cloud system and send data to it through internet connectivity. Once data is received by cloud, the software processes it to take an action like sending an alert or making adjustments to sensor/device with manual efforts of the user.

Following are the hurdles that limit the use of Internet of Things:

  • Availability Of Internet: Although IoT offers high levels of convenience and technological access to users, but there is a basic internet requirement for IoT to be operational. Undoubtedly, internet access is not considered to be a problem by majority of people, but there are still some areas of world where internet connectivity may be spotty or absent.
  • Expenses: IoT requires placement of sensors on the devices or objects. For implementing this technology to its complete potential, there is a requirement to place sensors on roads, traffic lights, utility grids and buildings. Embedding sensors on all required places is looked upon as a huge expense. Progress has been made to develop cheaper sensors. However, more progress is required before organizations would embrace the technology completely.
  • Privacy & Cyber Security: As the number of cyber security breaches is rising, organizations and individuals are thoroughly concerned about the security related to IoT. If every household item or organizational computer is connected over web, it raises the need for strict cyber security protocols.
  • Data Surge: It is estimated that by 2020, around 26 billion items or objects will be a part of IoT. This will lead to the generation of large amount of data. So, businesses need to invest in new hardware, equipment and data mining techniques for effectively collecting and analyzing data in real time.
  • Consumer Awareness: IoT is a technological buzzword, but still 87% of general public is unaware of the term or its actual meaning. There are chances that people may actually be using the technology in some way and yet be unaware of it. This lack of knowledge may result in loss of interest. However, there has been an increased interest in the use of wearable technology which could act as a gateway for other connected objects.

Irrespective of these hurdles, the number of IoT developers is expected to reach 4.5 million by 2020. This gives a hope for new solutions to these hurdles for facilitating the spread of technology and its applications.

For more information on Internet of Things, call Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

Protecting Your Home IoT Devices

View Full Image

, , , ,

No Comments

What Is SamSam Ransomware?

SamSam is a targeted ransomware attack which incorporates custom infection using a wide range of exploits or brute force tactics. The ransomware is also known as Samas or SamsamCrypt. The first version of the ransomware was released in late 2015. The SamSam ransomware attacks do not make use of phishing or malware downloads to infect a network; instead they utilize following modes of infection:

  • Vulnerabilities in Remote Desktop Protocols (RDP)
  • Vulnerabilities in Java based web servers
  • Vulnerabilities in File Transfer Protocol (FTP)
  • Brute force against weak passwords
  • Stolen login credentials

Once, the ransomware has initial foothold on the victim’s network, it compromises the network to gain control. Also, SamSam is a manual attack. Thus, in case an application detects the ransomware, the attackers modify a registry entry to disable the endpoint tool’s detection. This enables them to compromise the application and control the network. SamSam uses a number of applications to accomplish the attack such as Mimikatz, reGeorg, PsExec, PsInfo, RDPWrap, NLBrute, Impacket, CSVDE, PowerSploit and JexBoss.

During the reconnaissance phase, the attackers try to write a plain text file named test.txt to target. If successful, they add the target to a list titled alive.txt on Domain Controller (DC). After ensuring that DC has writing privileges for machines, the ransomware is deployed and pushed to all the machines controlled by DC simultaneously.

The ransomware follows an efficient approach for encrypting the files on infected machines.

  • The encryption is initiated on holidays, weekends or late nights to buy time for maximizing the impact before getting noticed.
  • Files with selective extensions or important files required for running the machines are encrypted first.
  • The remaining applications or files are encrypted later; starting from smaller files and gradually moving towards larger files.
  • A unique AES key is generated for every encrypted file.
  • As soon as encryption is complete, ransomware deletes its installer and removes any traces of the attack.
  • It becomes difficult for victims to download files from off shore backup because the applications required to run the machine are also inaccessible. Thus, they are required to go thorough time consuming process of reloading the disk and installing applications before downloading back up files.

A ransom note is left on target organization’s machines demanding a set amount of bitcoin currency to decrypt a single machine and a lump sum amount for decrypting all the machines at once. Every victim is provided a unique web address on dark web which leads to chat feature for communicating with the attackers. The chat is deleted after a victim pays the ransom.

Security Practices To Prevent SamSam Attack:

  • Regularly install available patches for RDP service. Also, disable the service when not needed by the users.
  • Ensure that no RDP ports are left open during interactions between cloud-based virtual machines and public IPs. If it is required to leave RDP Port of a system open, keep the system behind firewall and instruct users to communicate with this machine via VPN.
  • Enable, two-factor authentication, strong passwords and account lockout policies.

For more information on how to secure your network, call Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments