Tag: IT security Page 2 of 6

What is LockBit Ransomware?

On September 30, 2021

LockBit is a ransomware family that is part of a RaaS (Ransomware-as-a-Service) operation associated with LockerGoga and MegaCortex. LockBit has been seen in the wild since September 2019. The group previously advertised their services on hacking forums. They started advertising an affiliate program as “LockBit 2.0” in June 2021 via their own website on the dark web.

LockBit is initially deployed manually by an attacker that has already gained access to a victim system, but will quickly begin spreading to other systems by itself. The LockFile payload is known for its fully automated attacks and quick encryption. It prevents victims from accessing their files on an infected system by first encrypting the files adding a .lockbit extension to them. It then instructs the victim to pay a ransom in order to regain access to those encrypted files. The malware is capable of automatically spreading to other systems via SMB (Server Message Block) shares and executing PowerShell scripts. Victims regain access to their files by paying the ransom. They then obtain a custom decryptor that decrypts the locked and encrypted files.

This threat group uses a double extortion technique, threatening to release the stolen data if the ransom is not paid. Experts believe LockBit is part of a ransomware cartel involving collaboration between multiple ransomware groups, including Maze and Ragnar Locker.

So, how would you protect yourself from getting infected by the LockBit ransomware?

5 proactive and protective best practices helps you and your firm stay resilient against any cyber attack:

Social Engineering Awareness: The users and employees must be provided end user security awareness training periodically. Organizations can release advisories and suggest best practices. Users must be demonstrated how to identify, block and report malicious emails. They must be able to differentiate between legit and illegit, email senders and user profiles on social media based on a list of Red Flags provided to them.
Credentials policy and 2FA/MFA: Usernames and passwords must be configured in a manner that they cannot be guessed easily by the attackers. Use alphanumeric characters and keep the minimum length to 16. Threats ranging from account breaches to ransomware infections can be prevented if only the administrators pay attention to credential policies. You can check haveibeenpwned.com and follow NIST’s guidelines to set secure credentials. Use random password generator and check the complexity score of your password at passwordmeter.com. Enabling MFA (Multi-Factor Authentication) & 2FA (2-Factor Authentication) will prevent brute force attacks on your account. This adds more authentication layers on the top of your initial password-based logins. Alternatively you can implement biometrics and / or physical USB (Universal Serial Bus) key authenticators.
ACL (Access Control List): Grant or assign the privileges or access on a Need-to-Know basis only.! Deployment of IAM (Identity and Access Management) strategy prevents accidental information modification from unauthorized employees. This also limits the scope of access for hackers having stolen the employees’ credentials. Enable a systematic deprovisioning process for employees leaving the company. Revoking the access rights of people who have left the organization is a crucial security responsibility that must be completed on the LWD (Last Working Day) & not get delayed.
Fail-safe Backups: You can encrypt the data in upload it in cloud or keep in offline storage. Choose the CSP (Cloud Service Provider) that provides military-grade encryption. Implement, deploy & launch backup & disaster recovery mechanisms to protect your data.
Holistic IT Strategies: Maintaining your organization’s credibility is very important. Comply to various regulatory standards & frameworks to protect highly sensitive business information. In-house SOC (Security Operations Center) team can monitor the real-time activities of users, services, and applications in your IT environment. Alternatively, to facilitate inadequate budgets & lack of resources, you can hire an MSSP (Managed Security Service Provider). They help you to outsource your security logging & monitoring requirements. They prevent, detect, analyze, & mitigate security risks, threats, vulnerabilities, & incidents for your business. Protect your data & devices with various security solutions such as NGAVs (Next-Gen Anti-Virus), DLP (Data Loss Prevention), XDR (Extended Detection and Response), Honeypot and likewise. Training and securing your users and employees would give hackers a hard time targeting your IT infrastructure.

For more information on various ransomware attacks and IT security measures to be adopted by businesses, contact Centex Technologies at (254) 213 – 4740

Cookies & Online Privacy

By centexitguy

On August 26, 2021

In Security

When surfing online, a common pop-up that a user receives is ‘Accept The Cookies’. Some websites use cookies to provide a more personalized and convenient website browsing experience. But in order to understand the relationship between cookies and user’s online privacy, it is first important to understand what cookies are.

What Are Cookies?

Cookies are text files that contain small amounts of data that can be used to identify your computer network. Specific HTTP cookies are used to identify specific users for improving their web browsing experience.

Data stored in the cookies is created when a user connects to an online server. This data is marked with an ID that is unique to the user and his computer/system. When cookies are exchanged between user’s computer and network server, the server reads this data for identifying the information that should be served to the user.

Cookies are of two types:

Magic Cookies: This is an old computing term that refers to packets of information that can be sent & received without any charges. This data is commonly used for logging in to a computer’s database systems. This concept is a precursor of modern day ‘cookies’.
HTTP Cookies: It is a repurposed version of magic cookies, which was created for internet browsing. It was specifically created to assist web browsers in tracking, personalizing, and saving information about a user’s online session. The server sends cookies only when it wants the web browser to save it. These are stored locally by the browser, so that when the user revisits a website, web browser can return the data stored in the cookies to help the server recall data from previous session. HTTP cookies can be further classified as – Session Cookies and Persistent Cookies.

How Are Cookies Used?

While session cookies are only used during navigating a website and are stored on RAM (never written to the hard drive), persistent cookies remain on the computer indefinitely.

Persistent cookies can be used for two main purposes:

Authentication: They help in identifying if a user has logged in and if yes, under what username. They also help in streamlining login credentials so that the user is not required to remember them.
Tracking: This is to track multiple visits to a website or webpage over time. This property is used by merchants to identify a user’s browsing behavior to suggest products that may interest the user.

Why Cookies Can Be A Threat?

Since the data written in the cookies cannot be changed, they are harmless. However, cyber criminals can get hold of the cookies to access victim’s browser sessions.
Third-party cookies (generated by ads on a webpage, even if user doesn’t click on ads) allow the ad owners to track user’s browsing history, thus interfering in his privacy.
Zombie cookies can be permanently installed on user’s system and reappear even after deleted.

Removing cookies can help in combating the risk of privacy breach.

For more information on cookies, online privacy and IT Security, contact Centex Technologies at (254) 213 – 4740.

Differentiating Between IT Security & Cybersecurity

By centexitguy

On May 26, 2021

In Security

IT security and cybersecurity are often mistaken to be the same. However, in reality both these terms define different concepts. Both these segments have many overlapping areas but there are certain differences that need to be understood.

IT security or Information Technology security includes protocols, processes and tools to implement certain measures in order to secure and protect information/ organization’s data by using different technologies. The information to be protected includes both digital and physical (paper form) data.

Cybersecurity may be considered as a subset of Information security. It includes systems and processes used as precautionary measures to safeguard an organization against crime involving Internet; for example, protection against unauthorized access to computer systems and data connected to Internet. Cybersecurity is typically focused on protecting electronic data.

Let us take a look at some basic points that can be used to differentiate between IT security and Cybersecurity:

Cybersecurity is the practice of protecting an organization’s data, services and applications from individuals or entities outside the resource on the Internet, whereas IT security is about protecting critical information from unauthorized user access and data modification or removal in order to ensure uninterrupted services.
Cybersecurity is focused on building the ability to protect an organization’s cyber space from attacks. On the contrary, IT security deals with protection from any form of threat, irrespective of the environment.
Cybersecurity tools work against cybercrimes and cyber frauds like phishing attacks, data breach, cyber bullying, etc. IT security helps an organization strive against unauthorized access, disclosure and disruption which may be cyber or physical.
Cybersecurity professionals deal with advanced persistent threats. The process involves protection of company logins, profiles, server resources, applications, databases etc. Information or IT security is the basis of data security. IT security professionals prioritize resources before dealing with the threats.

Centex Technologies provides cybersecurity and IT security solutions to enterprises. For more information, contact Centex Technologies at (254) 213 – 4740.

IT Security Recommendations For 2021

By centexitguy

On February 17, 2021

In Security

Rapid growth of technology is changing the way businesses operate. Technologies such as cloud computing, Artificial, Intelligence, automation, and IoT have created numerous growth opportunities for businesses. However, cyber hackers also use these technologies to launch an array of cyber security threats and attacks such as data breach, identity theft, etc.

The rise in number and frequency of cyber threats has created a need for businesses to focus on their IT security strategies. Here are some IT security recommendations for 2021:

Cloud Threats: The Coronavirus pandemic has intensified the remote work and collaboration between different teams resulting in increased use of cloud services for data storage, data sharing, app sharing, etc. However, increased migration to cloud has led to higher number of cloud threats. Some common cloud-based security threats are mis-configured cloud storage, reduced visibility and control, incomplete data deletion, and vulnerable cloud-apps.
AI Integration: As the cyber security threats keep growing in terms of intensity, AI is emerging as a helping hand to under-resourced IT security teams. Including artificial intelligence in IT security strategy can help in ensuring timely detection of threats and implementing rapid reaction. AI provides threat intelligence by analyzing massive quantities of risk data from structured and unstructured resources.
Extended Detection & Response (XDR): In order to ensure data security, it has become essential for IT teams to gain visibility and deep insight into enterprise and customer data across emails, endpoints, networks, servers, cloud workloads, and applications. It is recommended to include XDR in the IT security strategy as it helps in automatically collecting data from multiple sources and correlate it to ensure faster threat detection and incident response.
Security Process Automation: High frequency of IT security threats has resulted in a shortage of trained IT staff. Thus, organizations are required to extensively rely on security process automation. These tools eliminate repetitive security operations using pre-established rules and procedures. This also helps in reducing the errors in routine security checks.
SASE: Changing organizational environment has transformed the organization’s network security from LAN-based appliance models to cloud-native security service models such as Secure Access Service Edge (SASE). Using this model, organizations can robustly secure remote workforce and cloud applications by routing network traffic through cloud-based security check.

For more information on IT security recommendations for 2021, contact Centex Technologies at (254) 213 – 4740.

What Is Maze Ransomware?

By centexitguy

On September 22, 2020

In Security

Maze is a sophisticated version of Windows ransomware that was discovered in May 2019. The ransomware was previously known as ‘ChaCha ransomware’. The goal of the ransomware is to crypt the files it finds on an infected system and demand a cryptocurrency payment in exchange of safe recovery of the encrypted data.

What Makes Maze Different?

Like other ransomware, Maze is capable of spreading across a corporate network and infecting all the computers connected to the victim network. It encrypts the data files in order to render them useless safely recovered.

However, what sets it apart from other ransomware is its ability to steal the data on infected systems and send it to servers controlled by the hackers. This allows hackers to threaten the victim organization to release its documents in case the ransom is not paid.

Thus, even if an organization uses a back up to retrieve the files, it is still obliged to pay the ransom to prevent public release of its documents.

The Maze hackers maintain a website where they list their clients (term used for victims who fail to pay the ransom). The website includes details such as name of the victim, when their computer systems were infected, links to download stolen data as “proof” and convenient buttons to share the details of breach on “social media”. The hackers have no reservations about offering uncensored downloads of stolen data that can damage an organization’s reputation.

How Does Maze Ransomware Work?

Maze ransomware makes use of different techniques to gain entry into a network. Some techniques include-

Use of exploit kits such as Fallout and Spelevo
Remote desktop connections with weak security
Email impersonation (the email contains a word attachment that uses macros to run the malware in the system)

The malware is a 32 bits binary file that is usually packed as an EXE or DLL file.

The malware encrypts the files in an easy step-by-step process:

Locate the file using “SetFileAttributesW” function & “FILE_ATTRIBUTE_ARCHIVE” attribute.
Reserve memory to the file with a call to “Virtual Alloc”.
Open the file with read and write permissions.
Get the file size with the “GetFileSizeEx” function.
Create a file mapping.
Generate a random key of 32 bytes with the function “CryptGenRandom”.
Generate a random ‘Initialization Vector (IV)’ of 8 bytes with the function “CryptGenRandom”.
Reserve 264 bytes of memory with the function “VirtualAlloc”.
Generate a new random extension for the victim file.
Crypt the file.
Write this new block with the key and IV to decrypt at the end of the file.
Rename the file with the function “MoveFileExW”.
The image of the file is unmapped, and handles closed.
The process is repeated with new files.

When all files are crypted, the wallpaper of the system is switched with a note to inform the user about the attack.

Maze also has a chat function to contact the hackers and receive the information about payment details.

For more information on IT security, contact Centex Technologies at (254) 213 – 4740.