Wednesday, May 17, 2017

Zomato Hacked

Just got the news that Zomato has been hacked and 17 millions users records have been sold on dark trace. The database includes emails and password hashes of registered Zomato users.
In 2015 also the company was hacked by a white hat Indian Hacker named Anand. Zomato assured no payment information has been stolen.

Tuesday, May 16, 2017

WannaCry - Ransomware

Hi,
The morning on 12th May was not good. It started with the news of a ransomware attack that impacted 74 countries by that time. The biggest and largest victim was UK NHS where the computers of several hospitals were targeted with WannaCry Ransomware. The files on the computers were encrypted by the malware and users were asked to pay $300 in bitcoin to restore their documents.
The services of these hospitals were impacted severely and Doctors were using pen and papers for critical tasks. A&E was closed for non-critical patients.
Within three days wannacry spread like fire in the jungle and by the time this blog is being written there are already 150 countries which have been impacted by this nasty malware.
In China 30,000 organizations were affected on Mainland China.
More than 4,300 educational institutes were infected.
In France auto manufacture Renault were not able to open its plant in Douai.
In Japan  over 2,000 computers were affected. Nissan Motor, Hitachi were also impacted.
In India 120 computers were impacted in Gujrat Govt. GSWAN. Computers in Kerla and Andhra Pradesh were also impacted  by the malware. Police department in Mumbai was also impacted by the malware.
The national power company a hospital and one private business were impacted in Taiwan.

Sunday, June 7, 2015

CryptoWall 3.0


Threat –

CryptoWall 3.0

          Is a malware spyware/ransom ware that can steal the victim’s information and ask for the payment from users to release it. It uses Tor ( hidden Internet) to execute its online payment process.

 

How it spreads

Spam/Phishing Emails

It comes as an attachment in an spam or phishing mail (generally in zip file) and once user opens the zip file. It prompts the user to download the PDF file pretending to be harmless “Resume” etc.

  

Protection

Spam filtering 
Internet Firewall 
User awareness 
 

NjRat Malware


Threat –

NjRAT – A remote access Trojan complied in .Net 4.0 capable of  taking complete control of an infected device. The malware is capable of logging keystrokes, downloading and executing files, providing remote desktop access, stealing application credentials, and accessing the infected computer’s webcam and microphone.

 

How it spreads

1.       Spam/Phishing Emails offer users to install video game (need for speed etc.), video games cracks, application key generator and Antivirus etc.

2.       By visiting a compromised website which again asks to download antivirus etc.



Protection  

Internet Firewall
Spam filtering
End Point Protection
User awareness  

 
 

DYRE MALWARE



Threat –

DYRE MALWARE

·         A Trojan with Man in the middle (MITM) attack capabilities and coveted VNC Session,  designed to steal login credentials by grabbing the whole HTTPS POST packet, which contains the login credentials sent to a server  during the authentication process, and forwarding it to its own server.

·         It can then compromise the victim’s Bank /others account and can block the user to access his own account.

·         It has VNC capability as well to perform DoS or DDoS attack through the victim machine once the system is affected with the malware.

·         It works through a configuration file  and currently there are 90 target Banks  (mainly from Romania, United Kingdom, Ireland, USA, and UAE)  in that configuration file  


How it spreads

Spam/Phishing Emails

It comes as an attachment in an spam or phishing mail and once user invokes it, the Trojan executes itself and gets installed on  victim’s computer.

 

How to Protection

Spam Filtering
End Point Protection  
            User awareness  
                  1.       User not to fall prey to unsolicited mails.
                  2.       User  not to open email attachments if sender is unknown or unfamiliar.

Sunday, April 26, 2015

Password Security

 Passwords
Weak passwords are one of the biggest reasons of security breaches all around the world. Whenever someone starts talking about security, he/she definitely will talk about passwords' security. There is a standard list of precautions of Dos and Don’ts.  
Normally you can find this list on any of the security awareness mailer or on Internet and it  goes as follows
1-      Do not create weak passwords.
2-      Imagine strong passwords and the characteristics of strong password are
3.       Create long password 8-9 characters
4.      Your password must consists alphanumeric values and special character.
5.       Use pass-phrase and make it complex for example “TimeforTea” now you can make it “T1mef0rt3a” or  “T1mef@rT3a”
6-      Do not share your password with your friends and colleagues
7-      Do not write your password on postit and stick to monitors and on your desk.
8-      Do not use one password for all the accounts. Try to be creative, categorize the accounts as per confidentiality & criticality and create different password for different type of accounts.
9-      Avoid using public computers to login to your banking accounts.
10-      Try to adopt Two factor authentication wherever possible ; Two factors authentication is a double layer security where you are required to get authenticated with more one than one ways.. for example what you know and what you have. Bio-metric authentication adds "Who you are" component in the authentication.
11-      Beware of the websites that asks your personal details. Do not disclose passwords online.
12-      Beware of the phishing accounts – Phishing is a method, used by attackers to incite users so they can click on the fake links given in the genuine looking email. The sender pretends to be a genuine source like your bank etc. Once you click on the fake link or enter your credentials, the hackers steal your information and misuse it.
13-   Beware of shoulder surfing. Always check your surroundings before you enter the credentials.
Hell Bent to crack
There are lots of free tools easily available on Internet to hack others’ password. Some of the most common are Brutus, RainbowCrack, Wfuzz, Cain and Abel and John the Ripper etc. Due to the high speed internet with more and more bandwidth, it takes quite less time to crack the complex passwords. The Problem is that dictionary words and their combinations are easy to guess. As a matter of fact there are lots of such lists available on internet which you can simple use to crack the password. There are cognitive tools which require some human inputs about the target so they can produce the list of probable password the target can think of...these tools can prove lethal if someone really knows a lot about the target and has the intention to crack his/her secret passwords.
“Single Sign On”
Nowadays, big companies introduce “Single Sign On”, an access management appraoch, where a user logs in once and gains access to all systems without being prompted to log in again at each of them. There are apparent benefits and disadvantages of this approach.  It is easy to remember one strong password than multiple easy passwords. It is convenient and increases the security since it would be difficult and time taking for an attacker to crack the strong password. On the other hand, it is a single point of failure, once a single password compromised, it can create havoc.
Fusion is the way
People are adopting the new fusion approach while creating the password that is mixing two languages. If you know English and Hindi, you can use “Hinglish” to create passwords and that would be really difficult for dictionary attacks to crack.  For instance you can create a password such as “MeraDoggy@049”.  
Do not create so much complex password that you cannot remember and even the strongest password, if kept and stored insecurely serves no purpose.  

Thursday, April 23, 2015

All about CISSP


Hi Folks,

Recently I acquired CISSP (Certififed Information System Security Professional) Certificate and the exam was really a tough one. Once I cleared the exam, I started getting calls from my friends and colleagues who would ask me the tips of passing the exam like what they should study and what should be the correct approach to nail the one of the toughest exam in security domain.

So I thought of summarizing it here so it will be easy for me to just send the link of this blog to my friends and it may prove beneficial for other aspirants as well.

The facts about CISSP exam are all available on internet like the CISSP Certification is governed by International Information Systems Security Certification Consortium, also known as (ISC)². This Certificate has been approved by United States DoD (Department of Defense). There are around 100 thousands CISSP around the world as of now. CISSP contains 10 domains which are as follows

1.Access control
2.Telecommunications and network security
3.Information security governance and risk management
4.Software development security
5.Cryptography
6.Security architecture and design
7.Operations security
8.Business continuity and disaster recovery planning
9.Legal, regulations, investigations and compliance
10.Physical (environmental) security

This is an online exam and can be booked via Pearson VUE. The fee is $599 for one attempt. The exam contains 250 questions which are mostly cognitive and you get 6 hours for the exam.

Once you pass the exam, you need to get endorsement from one of the existing CISSP holder to become Certified. You have the option of becoming Associate ISC2 in case you do not possess the minimum requirement of work experience to get the endorsement.

Now comes the tricky part - The preparation. There are lots of good writers and trainer for CISSP but I studied Shon Harris, She had a wonderful ability to describe the lengthy and boring subjects with so much ease and fun.

I studied the CISSP book written by Shon Harris "CISSP All-in-One" and I attempted the questions given in the book and other 500 questions in the questions bank but this is not enough. One needs to go into details and refer other books like "CISSP Practice: 2250 Questions, Answers, and Explanations" and online information wherever required.

What I have found is that CISSP exam is not only about the knowledge but it is a mind game as well. The questions asked in exam are so unique in their formation, that you will hardly come across to any question you have seen previously but still if you are clear on the Security fundamentals and have a clear understandings of the CISSP domains, you can still figure out the answers. Below are the important points to note down -

  1. You need to prepare for the exam in a planned way. You need to devote some time daily for study. You just cannot do it in two full days.
  2. You just cannot rely on one book or one question bank. Shon Harris is good but look for other sources also.
  3. You need to attempt all the questions given in the book and in questions banks. You need to be well versed in how to eliminate the wrong answers. Check some videos on YouTube.
  4. You need to hold your nerve while taking exam. You may feel you are not going to pass it, but still give your best, and keep patience till the end.
  5. Do not give up and leave the test in the middle, Attempt all the questions.
  6. Do not waste time on difficult questions. First answers the questions you find easy and then come back again to answer the difficult ones.
  7. Do not change the answer again and again. Most of the time, what you think first time could be the correct answer. Just do not be panic and answer with patience
  8. Believe me 6 hours are not a very lengthy time for CISSP. You need 6 hours that's why they have provided.
  9. Finally keep you cool and believe in yourself. If you could not do it you wouldn't have attempted it.

I hope this will help you.