Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Cybersecurity Page 5 of 10

Types Of Social Engineering Attacks

Social engineering is a broad term that is used to define a range of malicious activities that majorly rely on human interaction. These attacks often involve tricking people into breaking standard security protocols. The success of social engineering attacks is dependent on the attacker’s ability to manipulate the victim into performing certain actions or providing confidential information to the attacker. Social engineering attacks differ from traditional attacks as they can be non-technical and don’t necessarily require the attackers to exploit or compromise software or a network.

The best way to protect an organization from social engineering attacks is to educate the employees about different types of social engineering attacks. Here is a list of most common types of social engineering attacks –

  • Baiting: A baiting attack is conducted by the attackers by leaving a bait such as a flash drive, USB, or CD at a place, where it is likely to be found by an employee. The device is loaded with malicious software. The success of such attacks depends upon the notion that the person who finds the compromised device will plug it to a system. When the device is plugged to a system, the malware is installed. Once installed, the malware allows the attacker to gain access to the victim’s system.
  • Phishing: It is one of the most common social engineering attacks. The attack involves the exchange of fraudulent communication with the victim. The communication may be in form of emails, text messages, chats, or spoofed websites. The communications may be disguised as a letter from a financial institution, charity, employment website, etc. The communication contains a link and the victim is lured to click on the link to install a malware on his device. In other form of phishing attacks, the link may be used to collect victim’s personal, financial or business information.
  • Pretexting: This type of attack occurs when the attacker fabricates a situation that forces the victim to provide access to sensitive data or a protected system. Some common examples of pretexting attacks are the attacker pretending to require financial details of the victim to validate victim’s identity or the scammer posing as a trusted person such as IT employee to gain victim’s login details.
  • Quid Pro Quo: In such attacks, the scammer requests sensitive data from the victim in exchange for a desirable compensation. For example, the scammer may set up a form asking the users to fill in their information in exchange for a free gift.

For more information on types of social engineering attacks, contact Centex Technologies at (254) 213 – 4740.

Establishing Data Loss Prevention Policy

A data loss prevention policy defines how an organization can share data while ensuring the data being shared is protected. It also lays down the guidelines for using the data for decision-making without exposing it to anyone who should not have access to the data. In general terms ‘Data Loss Prevention Policy’ can be broadly defined as processes that identify confidential data, tracks data usage, and prevents unauthorized access to data.

Why Is It Important To Establish Data Loss Prevention Policy?

Before understanding ways to establish data loss prevention policy, it is important to understand the need for the policy. As the organizational setup has changed with an increase in number of remote employees and employees accessing the data on different devices, the risk of data loss has also increased.

Under these circumstances, there are three main reasons for setting up a Data Loss Prevention Policy:

  • Compliance
  • IP Protection
  • Data Visibility

Once the need for Data Loss Prevention is clear, it is time to understand the best practices to establish the policy.

Best Practices To Establish Data Loss Prevention Policy

  • Take time to understand and get an insight into the data. Classify the data according to its vulnerability and risk factors. Once classified, identify the data that needs to be protected and fabricate the data loss prevention policy around this data type.
  • Establish strict criteria for choosing data loss prevention vendors. Create an evaluation framework with right set of questions to choose effective data loss prevention solutions for the organization.
  • Identify the people who will be involved in the data loss prevention process and clearly define their rules. It is necessary to segregate the responsibilities of every individual and clearly convey the responsibilities to avoid data misuse.
  • Start by choosing the data set with highest level of priority and risk. Once an effective policy is set up to secure most critical data, build up on this policy to further secure other data sets as per their level of priority.
  • Educate all the employees on importance of data, sources of data loss, need for data loss prevention policy and steps to be taken in case of a data loss or breach.
  • Document the data loss prevention policy and make sure that every employee has a copy for reference.

For more information on establishing data loss prevention policy, contact Centex Technologies at (254) 213 – 4740.

Simple Guide To Threat Detection & Response

What Is Threat Detection & Response (TDR)?

Threat detection & response is an application of big data analytics, where data analysis is conducted across large and disparate data sets to find anomalies, their threat level and response actions required to tackle these anomalies. TDR facilitates security professionals to detect and neutralize attacks before they can cause a breach.

What Is The Need For TDR?

Following are some reasons that emphasize on the requirement of TDR:

  • The large amount of data has made it difficult for cyber security teams to investigate and act on cyber attacks across widespread networks and operating environments in an effective and efficient manner.
  • The cyber threats have become more evolved and stealthier. They implement advanced evasion techniques such as making use of native OS tools. These techniques enable them to infect the systems without alerting the cyber security team.
  • Cyber attacks are directed by human operators, who are efficient in testing and adapting different pathways, if encountered by an obstacle. Thus, once inside the network, they are highly efficient in surpassing security systems.

In these circumstances, TDR helps in forming strong line of defense in layered next-generation security system.

  • The analysts and threat detectors uncover the attacks by looking for suspicious events, anomalies and patterns in regular activity. These anomalies are then tested to see if they involve malicious agents.
  • The human insight is coupled with AI technologies such as AI-guided detection. This makes it easier to analyze a large amount of data in a short period and efficient manner.
  • The TDR system does not only find the hidden threats, but also works towards finding a response to neutralize it.

What Is TDR Framework?

The TDR framework consists of four pillars:

  • Observe: What do you see in the raw data?
  • Orient: What is the context or how does it map against existing attack TTPs (tactics, techniques and protocols)?
  • Decide: Is it malicious, suspicious or benign?
  • Act: Mitigate, neutralize and re-enter the analysis loop

What Are The Components Of TDR?

TDR has five core components:

  • Prevention: Effective prevention requires the knowledge about the location of critical data and computational resources over the network. It involves effective and regular configuration of technology and access controls. Maintaining efficient prevention techniques reduces the number of security alerts generated on a daily basis.
  • Collecting Security Events, Alerts And Detections: Security data may be collected and reviewed by adopting any of these methods; Event-centric, Threat-centric, or Hybrid.
  • Prioritizing Signals That Matter: Once the events are detected, it is important to prioritize them to find actual threats. Apply well-managed security filters to separate security incidents from event logs.
  • Investigation: After isolating the key signals, measure them against industry frameworks and models for further investigation. The aim of the investigation is to check if the signal is indicative of an actual attack and where does it fall in the attack sequence.
  • Action: This involves identifying and implementing relevant response for containing the threats.

For more information on threat detection & response, contact Centex Technologies at (254) 213 – 4740.

What Is CryptoWall Ransomware?

A ransomware is a type of malware that encrypts user files on victim computer or network. The attacker then demands a ransom from the victim in exchange for the decryption key. CryptoWall is a family of such file-encrypting ransomware. It first appeared in early 2014 and has numerous variants including Cryptorbit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. The early variants used RSA public key for file encryption, however, the new versions use AES key for file encryption. The AES key is further encrypted using a public key. This makes it impossible to get the actual key needed to decrypt the files.

Mode Of Infection:

Traditionally, CryptoWall ransomware was distributed via exploit kits. But, now spam emails are also used to infect the victims. The spam email contains RAR attachment that includes a CHM file. When the victim opens the CHM file, it downloads ‘CryptoWall binary’ to the system and copies itself into the %temp% folder.

CHM file – Compiled HTML or CHM file is an interactive html file that is compressed inside a CHM container and may hold other files such as JavaScript, images, etc. inside it.

Execution:

  • The Cryptowall binary downloaded on the system is compressed or encoded. Useless instructions and anti-emulation tricks are deliberately inserted in the coding to break AV engine protection.
  • On execution, it launches a new instance of explorer.exe process.
  • In the next step, the ransomware injects its unpacked CrytoWall binary and executes the injected code.
  • The original process automatically exits itself after launching the injected explorer process.
  • The files are encrypted and the ransomware deletes the volume shadow files using ‘vssadmin.exe’ tool. This makes sure that the encrypted files may not be recovered.
  • The CryptoWall binary is copied to various locations such as %appdata%, %startup%, %rootdrive%, etc. The copies are added to the auto start key to help them stay persistent even after the infected system is rebooted.
  • A new svchost.exe process is launched with user privilege and malicious binary code is injected into it.
  • The ransomware connects to I2P proxies to find live command and control server.
  • The server replies with unique encryption key generated specifically for the target system. The key starts the file encryption thread and drops ransom notes in all directories.
  • Finally, it launches Internet Explorer to display ransom notes and the hollowed svchost process kills itself.

Protection:

  • Keep antivirus up-to-date
  • Back up the files
  • Apply windows update regularly
  • Avoid clicking random emails
  • Disable remote desktop connections
  • Block binaries running from %appdata% and %temp% paths

For more information on Cryptowall ransomware, contact Centex Technologies at (254) 213 – 4740.

 

Most Dangerous Virus & Malware Threats Of 2020

Cyber criminals keep on evolving virus and malware to make them advanced and more dangerous. This allows them to target new vulnerabilities and operating system versions. To keep the business network secure, it is important for businesses to have in-depth information about new virus and malware. This knowledge comes handy in creating strategies to protect the systems against these virus & malware.

So, here is a list of most dangerous virus & malware threats of 2020 to help businesses understand and strategize against these cyber attacks:

  • Clop Ransomware: Clop is a variant of CryptoMix ransomware that targets Windows users. Clop ransomware blocks the Windows processes and disables multiple Windows applications including Windows Defender and Microsoft Security Essentials. Once these applications are blocked, the ransomware encrypts the data files on the target system and demands ransom in exchange of decryption key.
  • Fake Windows Update (Hidden Ransomware): Cyber criminals have been taking advantage of the need for installing latest Windows updates. The latest ransomware makes use of phishing email that instructs users to install urgent Windows update. The email contains ransomware ‘.exe’ files that are disguised as Windows update link. The ransomware, known as ‘Cyborg’, encrypts all the files and programs and demands a ransom payment for decrypting the files.
  • Zeus Gameover: It is a part of Zeus family of malware and viruses. The piece of malware is a Trojan that accesses sensitive bank account details to steal the funds. This variant of Zeus family does not require a centralized “Command & Control” server. It can actually bypass centralized servers and create independent servers to send sensitive information.
  • RaaS: It is also known as “Ransomware as a Service” is a growing industry. People can hire a hacker or team of hackers to perform the attack for them. These services can be used by people with zero prior knowledge of coding to carry out dangerous cyber attacks.
  • Fleeceware: It is a type of malware that continues to charge large amounts of money to app users, even after they have deleted their accounts from the app. Although, this malware doesn’t infect or encrypt any user files, it is still a shady practice used by app developers wanting to cash on unsuspecting users.

For more information on latest cybersecurity techniques, contact Centex Technologies at (254) 213 – 4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)