By Rudra Srinivas, Senior Feature Writer, CISO MAG

According to a Kaspersky report , threat actors targeted multiple distributors of equipment and software for industrial enterprises to steal credentials using phishing and steganography techniques.

What is Steganography?

In general, steganography is an ancient art of hiding information in images and paintings. Most artists use this technique to conceal their signatures and other hidden messages within their paintings. Even kings used this data hiding technique to send secret messages to their soldiers in the warzone.

Use of Steganography in Cyberattacks 

Cybercriminals are now leveraging steganography as an attack vector to hide malicious JavaScripts and malware within the images and distribute them to targets. When the victim clicks the malicious image, the malware embedded in the image automatically downloads the malicious code or malware, infecting the targeted system.

Types of Steganography Attacks

Based on the targets, the attackers use different types of steganography attacks, which include:

1. Text Steganography

In a Text Steganography attack, hackers conceal information (malware code) inside the text files. Bad actors do this by altering the text format in the existing file, such as changing words, creating random characters or sentences.

2. Image Steganography

Attackers hide malicious data in images in an Image steganography attack. They exploit the large number of bits or pixels in an image and replace them with malware codes. Threat actors leverage different tactics to establish image steganography attacks, including the Least significant bit insertion, Masking and Filtering, Pattern encoding, Coding, and Cosine transformation methods.

3. Audio Steganography

In an Audio steganography attack, threat actors exploit WAV audio files to hide their customized malware. Attackers embed the malicious code within the WAV audio files that contain a loader component to decode and execute malicious content embedded in audio files.

4. Video Steganography

Video steganography is a combination of both text and image-based steganography attacks. Adversaries embed a large amount of malicious data inside the moving stream of images and audio files.

How Do You Prevent Steganography Attacks?

• Avoid employees downloading software and other applications from unknown sources as they may contain steganographic codes.
• Never click/open/download suspicious text/audio/image files from unknown sources.
• Closely monitor the software distribution procedures in your organizations to identify malicious insiders.
• Train employees on various phishing and social engineering lures.
• Use anti-malware tools to identify the presence of malware in the files, text docs, images received from unknown sources.

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

The post How to Prevent Steganography Attacks appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is Brainjacking? 

Brainjacking is a kind of cyberattack in which a hacker obtains unauthorized access to neural implants in a human body. Hacking surgically implanted devices in a human brain could allow an attacker to control the patient’s cognition and functions, potentially resulting in drastic consequences.

Brain implants also referred to as neural implants, are microchips that connect directly to a human’s brain to establish a brain-computer interface (BCI) in the brain that has become dysfunctional due to medical issues.

How Brain Implants are Hacked

The unauthorized control of brain implants was represented as science fiction in movies, but with advances in medical technology, it is now becoming a real threat. According to a research from the Oxford Functional Neurosurgery, medical implants become vulnerable to various cyberthreats.

The researchers stated that hackers leverage different mechanisms like Blind attacks to gain unauthorized access to an implant. A blind attack could cause severe damages to human implants, including cessation of stimulation, draining implant batteries, inducing tissue damage, information theft, impairment of motor function, alteration of impulse control, modification of emotions, and induction of pain, etc.

Also Read: 3 Common IoT Attacks that Compromise Security

Medical IoT Devices and Cybersecurity

Cyberattacks in the health care sector have become rampant recently. With multiple intrusions and attacks on connected medical devices, the health care providers continued to be the primary target for cybercriminals. In line with a research, around 83% of connected medical devices are at security risks for running on outdated software.

Earlier, the Food and Drug Administration (FDA) in the U.S. released a draft of premarket guidance for medical device cybersecurity. The draft comprises new recommendations for internet-connected medical device manufacturers on assessing cybersecurity in the review of medical devices to ensure protection against cyberthreats.

Will IoT Ever be 100% Secure?

The number of IoT devices is estimated to reach 83 billion by 2024, from 35 billion in 2020, which represents a growth of 130% over the next five years. With the growing cyberattacks on connected devices, IoT security has become a pressing issue to organizations globally.

Commenting on the same with CISO MAG, Chukwudum Chukwudebelu, CSO  and Co-Founder at Simius Technologies Inc., said, “The IoT technology will always improve, but it will never be 100% secure. As long as it is connected to the internet, there is always a risk. The best chance at cybersecurity is to reduce that risk. Since the internet was not built to be secure, rather, it was designed to be shared.  Industries are increasing the use of IoTs, and consumers are doing the same.

“In the next five years, many of these industries will become fully dependent on IoT devices. They will need to be secure to reduce risk, and the manufacturers of these devices, together with the cybersecurity companies and government, have to find a way to work together to deliver 100% secure IoT devices. By constantly keeping up with the threats and vulnerabilities while being on point to thwart or prevent an attack at a moment’s notice. There’s no such thing as the cyber police yet, but I am sure that it will become recognized and more prominent as a need with most law enforcement agencies.”

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

The post How Brainjacking Became a New Cybersecurity Risk in Health Care appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

According to research, more than 1.5 billion people leveraged QR codes for digital transactions in 2020 globally, and threat actors have already exploited the trend.

How QR Code Technology is Abused

A QR code is a barcode that allows users to instantly access information by a digital device.  QR codes store data as a series of pixels in a square-shaped grid and are mostly used to track details of a particular product in a supply chain. Consumer-based QR codes pose severe security threats to corporate systems and data. Several cybercriminal groups exploit QR codes via Quishing and QRLjacking attacks to compromise targeted devices and steal sensitive financial data.

Types of QR Code Attacks  

Like phishing attacks, threat actors use different lures and tactics to trick users into scanning the malicious QR code. The types of QR code attacks include:

1. Quishing

In a Quishing attack, threat actors send a phishing email containing a malicious QR code attachment. Once the user scans the QR code, it will direct the user to a phishing page that captures sensitive data like users’ login credentials.

2. QRLjacking

Most organizations use Quick Response Code Login (QRL) as an alternative to password-based authentication procedures. A QRL allows users to log in to their accounts by scanning a QR code, which is encrypted with the user’s login credentials.

QRLJacking is like a social engineering attack capable of session hijacking affecting all accounts that rely on the Login with the QR code feature. In a QRLjacking attack,  threat actors trick unwitting users into scanning a specially crafted QRL rather than the legitimate one. Once the victim scans the malicious QRL, the device gets compromised, allowing the attacker to take over complete control over the device.

Also Read: Scammers Force Victims to Use Crypto ATMs and QR Codes

Additionally, threat actors leverage “honeypot” techniques such as enticing users with a free Wi-Fi network that scans the QR Code. Bad actors also replace QR codes in public places with malicious ones that redirect users to phishing sites. The malicious QR codes can connect the victim’s device to a malicious network to reveal the user’s location and initiate fraudulent payments. Most fraudulent QR codes can easily evade traditional security detections that only scan the email/site content rather than suspicious barcodes.

How to Prevent QR Code Attacks  

While avoiding QR code scans may be impractical, taking certain proactive measures may help mitigate the risks associated with QR code technology.

• Do not log in to an application or service via a QR code.
• Remember, there is no need to scan a QR code to receive money. So, never believe it when someone encourages you to do so.
• Never initiate the payment, if you get a notification to put any sensitive information when you scan a QR code.
• Avoid scanning random QR codes from suspicious or unknown sources.
• Do not scan QR codes received via emails from unknown sources.
• Ensure the QR is original and not pasted over with another one.
• Use QR scanner software to view the URL before clicking on it.

Conclusion

QR code attacks, like ransomware and phishing attacks, are becoming more frequent across the global threat landscape. With new kinds of cyber threats predicted to surge in 2022, users should be vigilant about the risks involved and think before scanning their next QR code.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How Cybercriminals Exploit QR Codes to Their Advantage appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

Updating browsers regularly can not only prevent security threats but also load web pages promptly with all the updated features. Certain modern web browsers automatically update themselves to the newest versions, while several others require manual inputs to download and install.

Read on to know how to update some popular web browsers.  

Google Chrome

Google Chrome updates automatically to the latest version available. To verify the same or to update it manually, follow the below steps.

• Open the Google Chrome browser
• Click on the control button in the upper-right corner of the screen
• Go to Settings and click on About Chrome

• Chrome automatically checks for updates and displays the current version.
• If updates are not installed, click the Relaunch button to restart the browser

Mozilla Firefox

To verify whether Firefox is updated automatically to the latest version or to update it manually:

• Open the Mozilla Firefox browser
• Click the Open menu button in the upper-right corner of the screen.
• Select the Help option at the bottom
• Select About Firefox

• Click the Restart to Update Firefox button on the popup window appeared to update the new features

Microsoft Edge

To verify whether Microsoft Edge is updated automatically to the latest version or to update it manually:

• Open the Microsoft Edge browser
• Click the icon in the upper-right corner of the browser window
• Select the Help and Feedback option and click on About Microsoft Edge from the side menu
• Edge updates automatically if it isn’t at the recent version
• Click on the Restart option to refresh the browser

 Internet Explorer

Microsoft automatically updates the Internet Explorer browser (to version IE11 ) with its Windows Update feature. Usually, Windows Update is automatically turned on in Windows 10 and cannot be turned off for users, except for enterprise users. To manually check or update the browser:

• Press the Windows key at the lower-left corner of the screen
• Type Check for updates and Enter
• Under the Windows Update section, click Check for updates

Microsoft discontinued sending security updates to Internet Explorer last year. Internet Explorer 11 is the last updated version available. Microsoft now recommends using Microsoft Edge as the default browser and supports Internet Explorer 11 for backward compatibility. 

Safari

Safari browser automatically updates itself if the Apple updates are turned on. To verify if Safari is on the latest version or to update it manually:

• Open the Apple menu by clicking the Apple icon in the upper-left corner of the home screen
• Select App Store option

• Click the Updates selector button at the bottom of the navigation panel on the left
• Find Safari and click Update

How to Update Browser on Mobile Phones

Most web browsers will automatically update themselves to the current versions on mobile devices running on Android, iOS, and Windows platforms. In case automatic updates are not working, open Play Store/ App Store/Windows Apps to check for the updated browser version and install.

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

Read More from the author.

The post How to Update Web Browsers for Secure Browsing appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

DNS is an important protocol that plays a critical role in web browsing and email services. DNS enables applications and service platforms to use domain names (like cisomag.com) rather than IP addresses.

What is DNS Tunneling?

DNS tunneling is a malicious activity leveraged by threat actors to bypass the firewall and tamper with DNS queries and responses protocols. In a DNS tunneling attack, hackers use data payloads to compromise the targeted DNS server and remotely take over operations.

How Does DNS Tunneling Work?

Initially, hackers deploy the malware into DNS queries to create a covert communication channel bypassing security scans. This will enable bad actors with a backchannel to exfiltrate sensitive data from the compromised DNS.

DNS attackers then tunnel protocols like SSH or HTTP in the DNS server and stealthily tunnel IP traffic. DNS tunneling technique allows attackers to transfer files, download additional payloads to the existing malware, and gain complete remote access to the targeted system.

How to Identify DNS Tunneling Attacks

DNS misuse can be identified in two ways:

1. Payload analysis – Identifying unnecessary or unusual information received by the DNS server. Security admins can look for odd hostnames, a new DNS record type, or unique character sets.
2. Traffic analysis – Evaluating the number of DNS domain requests received compared to the normal traffic. DNS attackers usually send huge traffic to the compromised DNS server, traffic that is greater than a normal DNS exchange.

How to Prevent DNS Tunneling

• Keep a close track of suspicious domains and IP addresses from unknown sources.
• Configure all internal clients to send queries to an internal DNS server to filter any suspicious domains.
• Always monitor DNS traffic and be vigilant for suspicious domains to mitigate the risks of DNS tunneling.
• Configure a DNS firewall to identify and prevent any hacker intrusion.
• Enable real-time DNS solutions that detect unusual queries and patterns on the DNS server.

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post What is DNS Tunneling and How is it Prevented? appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is Cryptomining?

Cryptocurrency mining or cryptomining is a process of validating cryptocurrency transactions, also called blocks. Cryptocurrencies like Bitcoin, Binance coin, Ethereum, Dash, Monero, etc., use distributed public ledgers to track all the crypto transactions linked to the previous transactions, forming a chain of recorded blocks called a blockchain.

Cryptomining is usually done via sophisticated hardware that solves complex mathematical equations. The first computer (miner) to solve the equation is rewarded with the next block of cryptocurrencies, and the process continues.

How Illicit Cryptomining Works

Anyone with a network of computers (crypto miners) and capable of solving complex mathematical problems can become a crypto miner. However, some crypto miners hire malicious botnets to mine cryptocurrency illicitly. Adversaries leverage malicious cryptomining techniques to compromise cryptocurrencies.  According to Akamai’s report, cybercriminals use several malware variants to infect personal and corporate servers for malicious cryptomining activities. The report stated that the access to fake crypto exchange phishing URLs increased over 500% between March 2020 and May 2021. Threat actors also leverage malicious crypto apps to trick users and steal crypto coins.

Targeting Crypto Wallets

Cryptocurrency hackers often target cryptocurrency exchanges and digital wallets by deploying malicious cryptomining techniques to infect targeted systems and mine crypto coins.

Also Read: How to Safeguard Your Cryptocurrency Wallet from Digital Exploits

A digital wallet (cryptocurrency wallet) allows users to store, transfer, and receive cryptocurrencies without intermediates. Digital wallets are categorized into two types – Hot wallets and Cold wallets. Hot wallets allow users to store, send, and receive digital coins linked with public and private keys that help facilitate transactions. Hot wallets are connected to the internet, making them vulnerable to cyberattacks and unauthorized intrusions. But, cold wallets are stored offline and do not connect to the internet. Therefore, they are not prone to cyberattacks.  Storing your private keys in a cold wallet, also known as a hardware wallet, is the most viable option as these come encrypted, keeping your keys secure.

How to Prevent Illicit Cryptomining  

Cryptocurrency attackers perform illegal cryptomining activities using two methods – Binary-based and Browser-based.

In Binary-based cryptomining, hackers use malicious mobile applications installed on the targeted devices to mine cryptocurrency. These malicious applications automatically download cryptomining botnets to procure digital currency.

In Browser-based mining activity, also known as cryptojacking, bad actors use malicious JavaScript, designed to mine cryptocurrency, embedded into a website. In cryptojacking, threat actors hijack a network of computers and exploit them to mine crypto coins.

How to Prevent Binary-based Cryptomining   

• Research on the app developers. Visit their official website and find their contact details.
• Always download apps from an official app store to reduce the risk.
• Read the terms and conditions carefully. Don’t download if you find anything suspicious.
• Read the reviews to know more about the app.
• Read the app permissions. Don’t install if the app asks for more permissions than required.

How to Prevent Browser-based Cryptomining   

• Frequently update critical systems along with malware intrusion detection software.
• Implement a BYOD (Bring Your Own Devices) at your company and make security awareness training mandatory for all employees.
• Use DNS filters, firewalls, and install the best web filtering tools.
• Install antivirus software and block pages that send cryptojacking mining scripts.
• Continuously monitor your enterprise’s computing resources, check CPU energy consumption, and ensure no cloud misconfigurations exist.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How Illicit Cryptomining Works, And How to Prevent It appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Sr. Feature Writer, and Minu Sirsalewala, Editorial Consultant, CISO MAG

The Log4j flaw (CVE-2021-44228), reported last week, is a remote code execution (RCE) vulnerability that enables hackers to execute arbitrary code and take full control of vulnerable devices.

What Is Log4j?

Apache Log4j is a Java-based logging utility developed by the Apache Software Foundation. Several companies use the Log4j library worldwide to enable logging and configure a wide set of applications. The Log4j flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework.

Looking at its severity, MITRE rated the vulnerability as critical and assigned a CVSS score of 10/10.

Affected Systems and Enterprises

The vulnerability reportedly affects systems and services that use Apache Log4j versions from 2.0 up to and including 2.14.1 and all frameworks (Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc.). However, several security experts opine that it also impacts numerous applications and services written in Java.

Microsoft-owned Minecraft was the first to acknowledge the flaw, stating that the Java edition of the game was at risk of being compromised. The company has urged users to upgrade to its latest release and defend against the deployment of the Khonsari ransomware variant exploiting the Apache Log4j vulnerability. The vulnerability is also leveraged to deploy cryptocurrency miners and remote access Trojan Orcus.

“Everything across heavy industrial equipment, network servers, down to printers, and even your kid’s Raspberry Pi is potentially affected by this flaw. Some affected systems may be on-premises while others may be hosted in the cloud, but no matter where they are, the flaw is likely to have an impact,” said Glen Pendley, Deputy Chief Technology Officer at Tenable.

The vulnerable code also affects some of the prominent IT service companies and tech vendors such as Amazon Web Services, Oracle, Cisco, IBM, Fortinet, and VMware.

“This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use. End users will be reliant on their vendors, and the vendor community must immediately identify, mitigate, and patch the wide array of products using this software. Vendors should also be communicating with their customers to ensure end-users know that their product contains this vulnerability and should prioritize software updates,” said Jen Easterly, Director of Cybersecurity and Infrastructure Security Agency (CISA).

Log4j: It’s Severe and Getting Bad 

The flaw’s severity stresses the inevitability of known vulnerabilities, patched vulnerabilities, and half-day and zero-day exploits in the open-source code libraries, often resulting in major data breaches, supply chain attacks, or ransomware attacks.

Experts also uncovered a second critical vulnerability (CVE-2021-45046) that affects all versions of Log4j from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 and could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup or a Thread Context Map pattern to craft malicious input data using a JNDI Lookup pattern, resulting in a DDoS attack. However, CVE-2021-45046 can be mitigated by applying the patch released by the Apache Software Foundation (ASF) in its latest advisory.

Remedial Actions

1. CISA

Federal agencies and security personnel across the globe are working on several mitigation measures to fix this flaw and identify any associated threat activity.

CISA has urged all organizations and security admins to upgrade their systems to log4j version 2.15.0 or apply their appropriate vendor-recommended mitigations immediately to prevent any risks. “To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between the government and the private sector. We urge all organizations to join us in this essential effort and take action,” CISA said.

CISA recommends asset owners take three immediate steps to mitigate the risks from this vulnerability, which include:

• Enumerating any external-facing devices that have log4j installed
• Ensuring your security operations center is actioning every single alert on the devices that fall into the category above
• Installing a web application firewall (WAF) with rules that automatically update so your SOC can concentrate on fewer alerts

For more information, visit Apache Log4j Vulnerability Guidance.

2. Apache Log4j

The Apache Log4j team has issued patches and suggested mitigation steps to address the Log4j security flaw.

• Log4j 1.x mitigation: Log4j 1.x is not impacted by this vulnerability.
• Log4j 2.x mitigation: Implement one of the mitigation techniques.
• Java 8 (or later) users should upgrade to release 2.16.0.
• Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon).
• Otherwise, Apache recommends removing the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
  Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.

3. Cisco Talos

Cisco Talos in its advisory recommends disabling the JNDI feature.

“For the largest segment of users, JNDI represents an unnecessary risk, so we suggest disabling this feature so that this threat surface is unavailable. Therefore, we recommend upgrading to Log4j 2.16.0—the latest version—which disables JNDI by default,” said Talos.

Per the advisory, Log4j 2.16.0 is the most recent patch Apache has released. It fixes CVE-2021-44228 and CVE-2021-45046 by:

• Disabling JNDI by default and limiting the default protocols to Java, LDAP, and LDAPS.
• Requiring the log4j2.enableJndi system property to be set to “true” to allow JNDI.
• Completely removing support for Message Lookups.
• Customers are encouraged to examine their internal and third-party usage of Log4j for vulnerable configurations and take remediation actions.

“If you are uncertain or unable to determine if your implementation is vulnerable, patch aggressively. Given the risk of third-party appliances that include Log4j, we also recommend that customers and partners conduct routine vulnerability scanning and engage in conversations with vendors, partners, and suppliers for additional mitigation support.”

4. SOPHOS

Sophos’ Naked Security revealed IPS rules, WAF rules, firewall rules, and web filtering could help by blocking malicious CVE-2021-44228 data from outside, and by preventing servers from connecting to unwanted or known bad sites. It recommends that users:

• Patch systems right now. Don’t wait for everyone else to go first.
• Use one of the mitigations if you can’t patch yet.
• Be part of the solution, not part of the problem!

Experts Take 

Commenting on the risks involved with the Log4j vulnerability, Dr. Charlene K. Coon, the Board President of Pentagon Cyber, Inc., said, “It is time for everyone to RETHINK how we approach cybersecurity, particularly in our software development. Log4j v1 reached the end of life in 2015. Log4j v2 has been around since 2015. Log4j v1 has been around since 2001, a full 20 years! Log4j v2 has been around six full years! Every version except for 2.12.2 is vulnerable. Every single one. Businesses might start getting mad that programmers are not checking their code better. We will continue to see businesses devastated by cybersecurity vulnerabilities until the industry demands better. Recently Pentagon Cyber, Inc. and Cyber Science Institute, Inc. have partnered up to drive change and offer solutions to this very large Fukushima software development issue.”

Conclusion

As the year draws to a close, and with the holiday season around the corner, we see a new shift in attack sophistication and scale. And the Log4Shell exploit sounds the alarm that it is much more serious than SolarWinds, Kaseya, or other critical infrastructure attacks reported in the last two years.

About the Authors

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.

More from Minu.

The post Log4j Explained: How It Is Exploited and How to Fix It appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is a Password Spraying Attack?

In a password spraying attack, adversaries try to guess users’ passwords by using a list of common and predictable passwords. Password spraying attacks are similar to brute-force attacks, in which threat actors predict users’ credentials to gain unauthorized access to targeted systems by the trial-and-error method.

Password spraying attacks usually enable hackers to:

• Obtain access to users’ private data
• Penetrate email and other online accounts
• Initial access and privilege escalation
• Evasion of security detection

Hackers Obtain Credentials in Password Spraying Attacks by:

• Researching on targets’ social media profiles online
• Leveraging social engineering scams to obtain sensitive information
• Trying common passwords like – qwerty, password, Password123, 123456, etc., to break into accounts
• Exploiting compromised accounts to obtain email addresses
• Moving laterally in the compromised network to affect more accounts and steal credentials

Also Read: These are the Most Common Passwords of 2021

How to Prevent Password Spraying Attacks

Organizations can boost their overall security posture by following basic password management measures. These include:

• Enabling two-factor or multi-factor authentication procedures
• Using strong passwords that include numbers, symbols, and both uppercase and lowercase letters
• Changing all default passwords
• Keeping well-documented procedures for password resets
• Implementing a Zero Trust security model to detect anonymous intrusions
• Restricting access to authentication URLs
• Enforce the use of strong passwords
• Enabling CAPTCHA feature for authentication
• Enabling account lockout option, after multiple wrong login attempts
• Maintaining security awareness training to employees regularly

Also Read: 6 Practices to Strengthen Your Password Hygiene

Weak Passwords Make Hacker’s Job Easy

Cybercriminals often exploit leaked/stolen passwords from data breaches to break into user accounts. Pet names, favorite movies, or hobbies are used as passwords, exposing user accounts to password spraying and account takeover attacks. According to a survey, 63% of employees in the U.S. have reused their passwords on work accounts and devices. It was found that employees are 6.5 times more likely to reuse their passwords.

What Experts Say… 

Commenting on the importance of passwords, Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock, said, “The remote working trend and the heightened dependence on digital platforms brought about by the ongoing pandemic have contributed to an increase in cyberattacks, with cybercrime rising through unsecured networks, websites, and emails. We often save financial data, personally identifiable information (PII), contacts, credit and debit card information on our personal devices.

“All this data is at risk online. One of the ways we can secure it is by using password managers that allow us to keep multiple and more complicated passwords. It is good that consumers today recognize the need for cyber safety and that it can start with something as simple as having stronger passwords,” Chopra added.

A robust password management program and adherence to cybersecurity practices are the best defense against evolving hacker intrusions.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How to Prevent Password Spraying Attacks appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is a Phishing Kit?

A phishing kit is a collection of various software tools, services, and other components such as archive files, HTML pages, images, and codes that enable threat actors to launch phishing or social engineering attacks. Phishing kits provide readymade phishing pages, email IDs, and malware codes to target victims. Even with little or no knowledge of phishing attacks, a person can create various kinds of phishing lures using a phishing kit.

A typical phishing kit includes:

• Website development software
• Email templates
• Sample malicious scripts or codes
• Automation software for malware distribution
• Compromised email ids or phone numbers
• Evasion mechanisms like HTML character encoding

Phishing kits facilitate adversaries to instantly create undetectable phishing pages, impersonate brands, and harvest users login credentials through it.

Also Read: How To Find a Phishing Email

Types of Phishing Kits  

The complexity and capability of a phishing kit depends on its price on the dark web. While a simple phishing kit contains only a few components, advanced kits include built-in botnets and other evasion techniques.

1. Basic Phishing Kit

A Basic phishing kit is a simple and small archive file containing a few HTML files and JavaScript codes.

2. Dynamic Phishing Kit

Dynamic phishing kits have specially created phishing lures such as fake banking login pages and compromised email addresses.

3. Puppeteer Phishing Kit

Puppeteer phishing kits are specifically designed to phish for online banking credentials. It allows phishers to prompt the victims for sensitive information from their online banking provider. Puppeteer phishing kits are often used to bypass OTPs and security phone calls.

4. Commercial Phishing Kit

With the increase in the usage of phishing kits, several adversaries are offering customized phishing kits online (like 16Shop and FreakzBrothers), where users can log in, purchase, configure, and download the phishing kits they like.

Also Read: Five Phishing Baits You Need to Know

Phishing Kits For Sale 

Threat actors sell phishing kits as phishing-as-a-service across various dark web forums, inviting other cybercriminal affiliates in their phishing campaigns. Research revealed that phishing kits have gained the “Bestseller” tag in the underground market, with the number of ads and their sellers having doubled in 2019 compared to 2018. The growing demand for phishing kits is also reflected in its price that skyrocketed last year by 149% and exceeded $300 per item.

How to Prevent Phishing Kit Scams 

Phishing lures (like emails and messages) are not perfect. A phishing email or message can be detected via paying attention to small details like:

• Poor grammar or phrasing in messages and emails
• False sense of urgency that trick users to take action
• Hidden URLs/short-links like Bit.ly, which conceals links to phishing websites
• Spelling errors in the email address

Conclusion 

While phishers across the globe invest more in phishing kits to expand their phishing activities, users need to be vigilant to detect and prevent evolving phishing lures proactively.

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How Cybercriminals Use Phishing Kits appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is a Credential Abuse Attack? 

In credential abuse attacks, scammers leverage illicitly obtained credentials to break into user accounts by adding a list of compromised usernames and passwords to botnets. These botnets are designed to initiate the authentication process on targeted victim accounts. Once attackers get hold of a system or employee account, they move freely across the organization’s network by bypassing all security scans. Attackers further try to steal classified corporate data or exploit other accounts by leveraging one compromised account. They could also launch various attacks, including identity theft, phishing, impersonation scams, and other data abuse acts.

How Credential Abuse Attack Works 

Credential abuse attacks are easy to execute and have a higher success rate because most users reuse passwords for multiple accounts.

Also Read: What is an SQL Injection Attack and How to Prevent it?

How to Prevent Credential Abuse

Having strong credentials will not prevent data breaches and hacker intrusions. Continuous security measures can help prevent unauthorized users from accessing corporate accounts. Here are some actionable steps to protect online accounts against credential abuse attacks:

1. Multiple Authentication Process

Enable two-factor authentication (2FA) or multi-factor authentication (MFA) processes to avoid unauthorized intrusions. Organizations can also implement passwordless authentication processes like biometrics or behavioral patterns to verify the user’s authenticity.

2. Enable Secondary Password Procedure

Along with password, organizations can prompt users to provide additional security inputs like PIN, Passcodes, or a security question.

3. Enable CAPTCHA

Ask users to solve a CAPTCHA for each login trail to help prevent unauthorized or automated login attempts.

4. Identifying Leaked Passwords

Reusing passwords is one of the primary reasons for credential abuse attacks. Check whether your credentials or other personal data have been leaked in any data breach on the haveibeenpwned website. Avoid reusing leaked/breached credentials and update them regularly.

5. Responsible Disclosure

Notify users and employees about data leaks or unusual security events as they happen.

About the Author

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How to Prevent Credential Abuse Attacks? appeared first on CISO MAG | Cyber Security Magazine.