Posts Tagged Cybersecurity

What Is Doxing?

Posted by centexitguy in Security on July 22, 2019

Doxing is referred to as the dark side of OSINT or Open Source intelligence. OSINT is an overt method of data collection and involves the practice of gathering information from publically available resources such as public media, internet, public government data, professional or academic publications, corporate databases, financial assessments and grey data (unpublished papers, business documents & patent reports).
The term Doxing is an abbreviation for ‘dropping documents’ which means compilation and release of a dossier of personal information on someone. The information included in the dossier is gathered via public resources and thus, the act falls under the category of OSINT.

Sources Of Information
The perpetrator gathers information from public and open sources. Some common sources of information are:

Social media
Blogs
Personal websites
Online forums & web discussions
Online gaming profiles

Targeted Information
Typically a dossier contains following information about an individual.

Contact information
Social Security Number
Personal photographs
Social media profiles
Credit card details
Credit report
Banking information

Why Is Doxing Called Dark Side Of OSINT?
Although the information is gathered using overt methods; the online publication of personal information usually results in illegal implications. The tactic is rarely in public interest and is often targeted at breaching the victim’s personal information and publishing it to attract unwanted harassment. It can pose following threats:

Threat To Personal Safety: Public release of contact information, personal photos, address, etc. can be used by cyberbullies for harassing the victim. Also, it may lead to some hacking acts such as fake memberships or serious crimes such as stalking, swatting, etc.
Threats To Cybersecurity: The information collected by Doxing may be used by hackers or cyber criminals to pressurize either an individual or an organization for financial gains.

Ways To Protect Yourself
Here are some simple tricks to protect yourself from Doxing attacks:

It is important to understand the basics of social engineering. Social engineers scan the online profiles and data for useful information that can be used to victimize the target. Thus, it is important to scrutinize the information you share on your social media profiles and avoid oversharing your personal information.
Check the privacy settings of your social media profile and edit them to ensure that your personal information is shared with your friends only. Also, be critical of people you add to your list of social media friends.
Hide your IP address by using a trusted proxy or VPN service for anonymity while using internet.
When purchasing a domain, invest in WHOIS protection to prevent unwanted access to the information you share on your website.
Avoid using a single email address for all online accounts. It is advisable to use different emails, passwords & usernames for different profiles, gaming and bills. Also, deploy multi-factor authentication for your accounts.

For more information on Doxing and its outcomes, call Centex Technologies at (254) 213-4740.

Cyber Bullying, Cybersecurity, Cyberstalkers, Data Breach, Doxing, OSINT

No Comments

Understanding Software Supply Chain Attacks

Posted by centexitguy in Security on June 24, 2019

PDF Version: Understanding-Software-Supply-Chain-Attacks

Cybersecurity, Software Supply Chain, Software Supply Chain Risks, Supply Chain Attacks

No Comments

SpeakUp: A New Malware Threat

Posted by centexitguy in Security on June 21, 2019

SpeakUp is a backdoor Trojan which originally affects Linux distributions and MacOS systems. However, the scope of SpeakUp attack includes any server running ThinkPHP, Hadoop Yarn, Oracle WebLogic and Apache ActiveMQ. It has been named after its command-and-control domain ‘SpeakUpOmaha[dot]com’. SpeakUp exploits remote code execution vulnerabilities to propagate internally within the infected subnet and across new IP ranges. It downloads miners in the infected systems for unauthorized cryptomining.

Mode Of Infection: For introducing the infection vector, SpeakUp takes advantage of the CVE-2018-20062 vulnerability of ThinkPHP. It is a remote command execution vulnerability.

The hackers use GET request to send malicious code to the target server. It acts as a PHP shell that executes commands sent by the module parameter in a query.
Another HTTP request is sent to the target server to serve as Perl backdoor. It is a standard injection which pulls the Intelligent Input Bus (ibus) payload and stores it on a different location.
An additional HTTP request is then sent for launching the backdoor. This request executes the Perl script and deletes the files for eradicating evidence.

Registering A New Victim: On victimizing a server, SpeakUp communicates with its command-and-control domain via POST and GET requests. It uses POST request over HTTP to send the victim ID, current version of installed script and other information to the C&C domain. The domain sends “needrgr” response to the request indicating that it is a new victim & requires registration. The Trojan then forwards complete information of the victim system by running a series of Linux commands.

Functions And Tasks: After registering the victim, the Trojan communicates with its C&C domain at regular intervals known as ‘Knock Interval’ which is 3 seconds. C&C domain commonly uses following commands:

“newtask”: It commands the Trojan to execute a code, download & execute a file, uninstall the program and send updated information.
“notask”: The command indicates that the Trojan should sleep for ‘Knock Interval’ of 3 seconds and then request for a new task.
“newerconfig”: This command indicates the Trojan to update the miner configuration file.

The Trojan defines 3 User-Agents. A User-Agent is a Python library that provides a way to detect devices such as mobile, tablet or a PC. The User-Agents defined by SpeakUp include two MacOS X User-Agents and a hashed string.
Propagation: For further propagation, SpeakUp is loaded with an additional Python script which allows the Trojan to identify, scan and infect other Linux servers within internal & external subnets.

For more information on malware threats and to know how to secure your IT system, call Centex Technologies at (254) 213-4740.

Cryptomining, Cybersecurity, SpeakUp Trojan

No Comments

Things To Include In Your Data Response Plan

Posted by centexitguy in Security on December 27, 2018

Making efforts to ensure organizational data security is of utmost importance in the wake of rising identity data breaches as well as cyber-attacks. It is extremely important to stay aware and alert of data breach incidents to minimize the effect and loss. Thus, in order to avoid the implications of data loss, one needs to design a data breach response plan.

Data Breach Response Plan acts as a guiding force to be followed when a data breach is discovered. If you already know what to do and how to do it; it would help in saving both time as well as efforts. Also, a well drafted strategy helps you avoid missteps at the time of crisis.

Setting Up A Response Plan

Define Breach: The first step is to define the term ‘breach’ i.e. deciding the type of incident that would initiate a response. For example, a phishing email might not have as much impact on the company as a ransomware attack. So, a business needs to categorize the serious issues and then work on the causes of disruption. There are many aspects that need to be monitored i.e. from compromise of private & confidential information to material loss such as distributed denial of service (DDoS).
Form The Response Team: There are numerous things that need to be done once a data breach is discovered. So, a good data response plan pre-sets the roles that everyone needs to perform. Every individual has a designated and defined task that he has to perform in the need of hour. Following are the teams who should be assigned the roles & responsibilities beforehand:
- IT Security Team
- Legal Team
- Communication Team
- Risk Management Team
- Human Resource Team
However, it is important to make sure that you vest this responsibility in your trusted employees who understand the complexity of the situation. Other factors such as size of the company, type of data breach etc. also govern the size and composition of response team.
Design Course Of Action For Every Scenario: The response plan should lay down a proper procedure of steps that need to be taken when a data breach occurs. Decide the course of action that needs to be followed for escalating the incident through the organization hierarchy once a data breach is discovered.
Setup A Follow-Up Procedure: Once you have been able to implement the plan to control a data breach, sit with your response team and review. Do a follow up and list down the problems faced by members, lessons learnt, etc.