Posts Tagged IT security

Differentiating Between IT Security & Cybersecurity

IT security and cybersecurity are often mistaken to be the same. However, in reality both these terms define different concepts. Both these segments have many overlapping areas but there are certain differences that need to be understood.

IT security or Information Technology security includes protocols, processes and tools to implement certain measures in order to secure and protect information/ organization’s data by using different technologies. The information to be protected includes both digital and physical (paper form) data.

Cybersecurity may be considered as a subset of Information security. It includes systems and processes used as precautionary measures to safeguard an organization against crime involving Internet; for example, protection against unauthorized access to computer systems and data connected to Internet. Cybersecurity is typically focused on protecting electronic data.

Let us take a look at some basic points that can be used to differentiate between IT security and Cybersecurity:

  • Cybersecurity is the practice of protecting an organization’s data, services and applications from individuals or entities outside the resource on the Internet, whereas IT security is about protecting critical information from unauthorized user access and data modification or removal in order to ensure uninterrupted services.
  • Cybersecurity is focused on building the ability to protect an organization’s cyber space from attacks. On the contrary, IT security deals with protection from any form of threat, irrespective of the environment.
  • Cybersecurity tools work against cybercrimes and cyber frauds like phishing attacks, data breach, cyber bullying, etc. IT security helps an organization strive against unauthorized access, disclosure and disruption which may be cyber or physical.
  • Cybersecurity professionals deal with advanced persistent threats. The process involves protection of company logins, profiles, server resources, applications, databases etc. Information or IT security is the basis of data security. IT security professionals prioritize resources before dealing with the threats.

Centex Technologies provides cybersecurity and IT security solutions to enterprises. For more information, contact Centex Technologies at (254) 213 – 4740.

, ,

No Comments

IT Security Recommendations For 2021

Rapid growth of technology is changing the way businesses operate. Technologies such as cloud computing, Artificial, Intelligence, automation, and IoT have created numerous growth opportunities for businesses. However, cyber hackers also use these technologies to launch an array of cyber security threats and attacks such as data breach, identity theft, etc.

The rise in number and frequency of cyber threats has created a need for businesses to focus on their IT security strategies. Here are some IT security recommendations for 2021:

  • Cloud Threats: The Coronavirus pandemic has intensified the remote work and collaboration between different teams resulting in increased use of cloud services for data storage, data sharing, app sharing, etc. However, increased migration to cloud has led to higher number of cloud threats. Some common cloud-based security threats are mis-configured cloud storage, reduced visibility and control, incomplete data deletion, and vulnerable cloud-apps.
  • AI Integration: As the cyber security threats keep growing in terms of intensity, AI is emerging as a helping hand to under-resourced IT security teams. Including artificial intelligence in IT security strategy can help in ensuring timely detection of threats and implementing rapid reaction. AI provides threat intelligence by analyzing massive quantities of risk data from structured and unstructured resources.
  • Extended Detection & Response (XDR): In order to ensure data security, it has become essential for IT teams to gain visibility and deep insight into enterprise and customer data across emails, endpoints, networks, servers, cloud workloads, and applications. It is recommended to include XDR in the IT security strategy as it helps in automatically collecting data from multiple sources and correlate it to ensure faster threat detection and incident response.
  • Security Process Automation: High frequency of IT security threats has resulted in a shortage of trained IT staff. Thus, organizations are required to extensively rely on security process automation. These tools eliminate repetitive security operations using pre-established rules and procedures. This also helps in reducing the errors in routine security checks.
  • SASE: Changing organizational environment has transformed the organization’s network security from LAN-based appliance models to cloud-native security service models such as Secure Access Service Edge (SASE). Using this model, organizations can robustly secure remote workforce and cloud applications by routing network traffic through cloud-based security check.

For more information on IT security recommendations for 2021, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

What Is Maze Ransomware?

Maze is a sophisticated version of Windows ransomware that was discovered in May 2019. The ransomware was previously known as ‘ChaCha ransomware’. The goal of the ransomware is to crypt the files it finds on an infected system and demand a cryptocurrency payment in exchange of safe recovery of the encrypted data.

What Makes Maze Different?

Like other ransomware, Maze is capable of spreading across a corporate network and infecting all the computers connected to the victim network. It encrypts the data files in order to render them useless safely recovered.

However, what sets it apart from other ransomware is its ability to steal the data on infected systems and send it to servers controlled by the hackers. This allows hackers to threaten the victim organization to release its documents in case the ransom is not paid.

Thus, even if an organization uses a back up to retrieve the files, it is still obliged to pay the ransom to prevent public release of its documents.

The Maze hackers maintain a website where they list their clients (term used for victims who fail to pay the ransom). The website includes details such as name of the victim, when their computer systems were infected, links to download stolen data as “proof” and convenient buttons to share the details of breach on “social media”. The hackers have no reservations about offering uncensored downloads of stolen data that can damage an organization’s reputation.

How Does Maze Ransomware Work?

Maze ransomware makes use of different techniques to gain entry into a network. Some techniques include-

  • Use of exploit kits such as Fallout and Spelevo
  • Remote desktop connections with weak security
  • Email impersonation (the email contains a word attachment that uses macros to run the malware in the system)

The malware is a 32 bits binary file that is usually packed as an EXE or DLL file.

The malware encrypts the files in an easy step-by-step process:

  • Locate the file using “SetFileAttributesW” function & “FILE_ATTRIBUTE_ARCHIVE” attribute.
  • Reserve memory to the file with a call to “Virtual Alloc”.
  • Open the file with read and write permissions.
  • Get the file size with the “GetFileSizeEx” function.
  • Create a file mapping.
  • Generate a random key of 32 bytes with the function “CryptGenRandom”.
  • Generate a random ‘Initialization Vector (IV)’ of 8 bytes with the function “CryptGenRandom”.
  • Reserve 264 bytes of memory with the function “VirtualAlloc”.
  • Generate a new random extension for the victim file.
  • Crypt the file.
  • Write this new block with the key and IV to decrypt at the end of the file.
  • Rename the file with the function “MoveFileExW”.
  • The image of the file is unmapped, and handles closed.
  • The process is repeated with new files.

When all files are crypted, the wallpaper of the system is switched with a note to inform the user about the attack.

Maze also has a chat function to contact the hackers and receive the information about payment details.

For more information on IT security, contact Centex Technologies at (254) 213 – 4740.

, ,

No Comments

Security Risks Concerning Virtual Personal Assistants

VPA (Virtual Personal Assistant) software application follow commands of a user intelligently and performs a variety of tasks such as searching information on the web, scheduling an appointment, monitoring health data, initiating online shopping, searching for addresses & location, etc. Also known as Intelligent Personal Assistant (IPAs); Siri, Google Now, Alexa, Cortana, etc. are the most commonly used ones.

Although Virtual Personal Assistants are of great use, there are certain security risks concerning them. Here we have discussed the most prominent security threats associated with VPAs

  • Eavesdropping: A VPA is programmed to follow voice commands. So, it passively listens to everything being said, if the user forgets to turn it off when not in use. Thus, it ends up collecting user’s voice data without his knowledge. This recorded data always poses a risk of hijacking because cybercriminals might collect & use it unlawfully.
  • Vast Exposure Of Personal Information: VPAs resort to different databases on the web in order to respond to user’s query. Although it is highly convenient, it can pose a serious security threat.
  • Data Theft: VPA keeps a track of the user’s activity and stores that information on the device as well as a remote database. When an VPA hijacker gets hold of this information, he can extract the data and exploit it to offend the user.
  • Voice/Audio Hijacking: This technology recognizes voice to take commands. Even though it understands different words & their pronunciations, it does not distinguish the voices of different users. This can be used against the user, as an impersonator might command the VPA to perform tasks that may harm the user. Even if it recognizes the user’s voice, there is a possibility that a cybercriminal might use the actual user’s voice recording and issue commands to the VPA.
  • Remote Malware Downloading: A compromised VPA might be instructed to visit certain sites containing a malicious link. Once clicked, this link installs a malware in the device which continues to operate & damage the device remotely without the user’s knowledge.
  • Undertake Tasks Autonomously: Users might register automated commands with a VPA. This can be exploited by the hijacker to victimize the user.  For example, the user may direct his VPA to pay his phone bill every month. The VPA further takes the command and connects it to an authorized payment gateway. If the VPA is compromised, the hacker might dismiss the bill payment and transfer funds to his remote account.

There is no denying the fact that virtual personal assistants provide numerous benefits. However, it is important to stay cautious in order to avoid security risks.

For more information about IT, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

Cybersecurity Trends For 2019

PDF Version: Cybersecurity-Trends-For-2019

, ,

No Comments