Posts Tagged IT security

What Is Maze Ransomware?

Maze is a sophisticated version of Windows ransomware that was discovered in May 2019. The ransomware was previously known as ‘ChaCha ransomware’. The goal of the ransomware is to crypt the files it finds on an infected system and demand a cryptocurrency payment in exchange of safe recovery of the encrypted data.

What Makes Maze Different?

Like other ransomware, Maze is capable of spreading across a corporate network and infecting all the computers connected to the victim network. It encrypts the data files in order to render them useless safely recovered.

However, what sets it apart from other ransomware is its ability to steal the data on infected systems and send it to servers controlled by the hackers. This allows hackers to threaten the victim organization to release its documents in case the ransom is not paid.

Thus, even if an organization uses a back up to retrieve the files, it is still obliged to pay the ransom to prevent public release of its documents.

The Maze hackers maintain a website where they list their clients (term used for victims who fail to pay the ransom). The website includes details such as name of the victim, when their computer systems were infected, links to download stolen data as “proof” and convenient buttons to share the details of breach on “social media”. The hackers have no reservations about offering uncensored downloads of stolen data that can damage an organization’s reputation.

How Does Maze Ransomware Work?

Maze ransomware makes use of different techniques to gain entry into a network. Some techniques include-

  • Use of exploit kits such as Fallout and Spelevo
  • Remote desktop connections with weak security
  • Email impersonation (the email contains a word attachment that uses macros to run the malware in the system)

The malware is a 32 bits binary file that is usually packed as an EXE or DLL file.

The malware encrypts the files in an easy step-by-step process:

  • Locate the file using “SetFileAttributesW” function & “FILE_ATTRIBUTE_ARCHIVE” attribute.
  • Reserve memory to the file with a call to “Virtual Alloc”.
  • Open the file with read and write permissions.
  • Get the file size with the “GetFileSizeEx” function.
  • Create a file mapping.
  • Generate a random key of 32 bytes with the function “CryptGenRandom”.
  • Generate a random ‘Initialization Vector (IV)’ of 8 bytes with the function “CryptGenRandom”.
  • Reserve 264 bytes of memory with the function “VirtualAlloc”.
  • Generate a new random extension for the victim file.
  • Crypt the file.
  • Write this new block with the key and IV to decrypt at the end of the file.
  • Rename the file with the function “MoveFileExW”.
  • The image of the file is unmapped, and handles closed.
  • The process is repeated with new files.

When all files are crypted, the wallpaper of the system is switched with a note to inform the user about the attack.

Maze also has a chat function to contact the hackers and receive the information about payment details.

For more information on IT security, contact Centex Technologies at (254) 213 – 4740.

, ,

No Comments

Security Risks Concerning Virtual Personal Assistants

VPA (Virtual Personal Assistant) software application follow commands of a user intelligently and performs a variety of tasks such as searching information on the web, scheduling an appointment, monitoring health data, initiating online shopping, searching for addresses & location, etc. Also known as Intelligent Personal Assistant (IPAs); Siri, Google Now, Alexa, Cortana, etc. are the most commonly used ones.

Although Virtual Personal Assistants are of great use, there are certain security risks concerning them. Here we have discussed the most prominent security threats associated with VPAs

  • Eavesdropping: A VPA is programmed to follow voice commands. So, it passively listens to everything being said, if the user forgets to turn it off when not in use. Thus, it ends up collecting user’s voice data without his knowledge. This recorded data always poses a risk of hijacking because cybercriminals might collect & use it unlawfully.
  • Vast Exposure Of Personal Information: VPAs resort to different databases on the web in order to respond to user’s query. Although it is highly convenient, it can pose a serious security threat.
  • Data Theft: VPA keeps a track of the user’s activity and stores that information on the device as well as a remote database. When an VPA hijacker gets hold of this information, he can extract the data and exploit it to offend the user.
  • Voice/Audio Hijacking: This technology recognizes voice to take commands. Even though it understands different words & their pronunciations, it does not distinguish the voices of different users. This can be used against the user, as an impersonator might command the VPA to perform tasks that may harm the user. Even if it recognizes the user’s voice, there is a possibility that a cybercriminal might use the actual user’s voice recording and issue commands to the VPA.
  • Remote Malware Downloading: A compromised VPA might be instructed to visit certain sites containing a malicious link. Once clicked, this link installs a malware in the device which continues to operate & damage the device remotely without the user’s knowledge.
  • Undertake Tasks Autonomously: Users might register automated commands with a VPA. This can be exploited by the hijacker to victimize the user.  For example, the user may direct his VPA to pay his phone bill every month. The VPA further takes the command and connects it to an authorized payment gateway. If the VPA is compromised, the hacker might dismiss the bill payment and transfer funds to his remote account.

There is no denying the fact that virtual personal assistants provide numerous benefits. However, it is important to stay cautious in order to avoid security risks.

For more information about IT, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

Cybersecurity Trends For 2019

PDF Version: Cybersecurity-Trends-For-2019

, ,

No Comments

How To Stay Anonymous Online

Internet has become an integral part of daily life because everything possible is seemingly available online. This is the reason, why there is a constant risk of your privacy being hacked by cyber criminals. Not only can they track your online presence but also snoop away on everything you do.

This constant tracking imposes the need of staying anonymous online. Following are some ways through which you can achieve the desired anonymity:

  • Hide Your IP: The best way to stay unidentified online is to hide your IP with an anonymous VPN service. This way a virtual IP replaces your real IP address and prevents cyber criminals in gaining a sneak peek of your online activities.
  • Keep Your Web Searches Private: Conducting searches on search engines like Google, Yahoo, Bing etc. collects a lot of information such as your IP address, searches made, device used to make the search, location, etc. This is the reason why users are now opting for alternate search engines which do not track the search history and retain their privacy.
  • Block Third Party Cookies: Advertizers often use third party cookies to keep a track of your browsing habits. However, it is possible to hide them by blocking third party cookies within the browser settings. If you want to delete the cookies and other browsed information, you may use programs like CCleaner./li>
  • Use HTTPS: In order to prevent sensitive information from being intercepted Transport Layer Security (TLS) is extremely important. However, every website does not support a TLS connection and in that case HTTPS can help. It helps in keeping the internet traffic secure & private by enforcing TLS connections on the websites you visit.
  • Opt For Anonymous Email Communication: There are two ways to ensure email anonymity in a situation where you want to send somebody an email without letting them know your email address. You can use an alias which is essentially a forwarding address and allows the recipient to see your forwarding address only. The other way is to use a disposable email account which can be done by creating a new email account which you can use when you need. Another alternative to is to create a temporary forwarding address. This address gets deleted after a specific time, so it is best to use it while signing up on untrusted websites.
  • Encrypt Your Emails: Encrypting your emails can help you prevent unauthorized access by a middleman. There will be a limiting control as only you will have a private key for it.
  • Enable Privacy Settings: Your social media profile speaks volumes about you and hackers usually resort to a victim’s social media accounts to garner their private information. So make sure that you enable your privacy settings and hide personal information from public view.

For more information about IT Security, call Centex Technologies at (254) 213-4740.

, ,

No Comments

Guide To VPN Routers

A VPN router is a routing device that helps in enabling network communications within a VPN environment. It connects & communicates between multiple VPN end devices that are located at separate locations.

These routers are specifically designed to protect your system from a cyber-attack. This is made possible because all the devices connected with a VPN router are protected by a Virtual Private Network
.

Methods Of VPN Router Setup

  • There are 3 main methods and one can go with any one of these:
  • Buying a pre-configured VPN router
  • Using a VPN enabled router that supports OpenVPN
  • Flashing a non VPN compatible router with new firmware to support VPN.

Benefits Of Using VPN Routers

  • Easy To Install – They are very similar to regular routers apart from the fact that in this case internet connection is routed through the servers of a private network. Setting up a VPN router completely negates the need of installing VPN on multiple devices separately. It can be done all at once because as soon as the VPN router is installed, you can easily connect your devices with it.
  • Less Expensive – It is always beneficial to set up a VPN router due to the twin benefit it has. Firstly, buying a VPN router is a better deal than taking separate internet subscriptions for each device. So it can help you save costs and also ensures complete security at the same time.
  • Device Friendly – You can connect multiple devices with the VPN router i.e. your smart TV, smartphone, laptop, etc. So configure the device which you have and connect it to the VPN router for added security. In other words, it requires a one-time effort in setting it all up and then you are ready to go.
  • Ensures Security – Installing a VPN router secures all the devices on the network. It adds an additional layer of privacy and maintains anonymity of all your online activities. This way it is hard for cyber criminals to break through a network secured by a VPN router.

Things To Consider When Setting Up A VPN Router

  • Cost – You’ll need to buy a decent router and VPN subscription. However, the cost of a VPN router may vary depending upon the option you choose.
  • Speed – It is one very important factor that needs to be considered to ensure that there are no server overloads, network disruptions or snags etc.
  • Features – The way you plan to use your VPN router determines which firmware & VPN service you need to go with. Although it is very important to make sure that it is up to date, fast, reliable, secure and enforces policy based routing.

For more information about VPN routers, call Centex Technologies at (254) 213-4740.

, ,

No Comments