Cybersecurity – RonanTheWriter https://ronanthewriter.com Freelance Blog Writer | Cyber Security Content Writer | Ireland Tue, 26 Oct 2021 07:54:38 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.2 https://ronanthewriter.com/wp-content/uploads/2020/05/cropped-android-chrome-512x512-2-32x32.png Cybersecurity – RonanTheWriter https://ronanthewriter.com 32 32 Google Outage 2020: What Happened? https://ronanthewriter.com/google-outage-2020/ Mon, 14 Dec 2020 12:52:24 +0000 https://ronanthewriter.com/?p=1035 Users of Gmail, Google Drive, and YouTube around the world were affected by an unexpected outage on December 14, 2020. On Gmail, people were informed that their accounts were temporarily ...

Read moreGoogle Outage 2020: What Happened?

The post Google Outage 2020: What Happened? appeared first on RonanTheWriter.

]]>
Users of Gmail, Google Drive, and YouTube around the world were affected by an unexpected outage on December 14, 2020. On Gmail, people were informed that their accounts were temporarily unavailable. Given the sheer popularity of services like Gmail and the size of Google, this is the biggest incident of downtime for years. But what exactly happened in the 2020 google outage? Was it a cyber incident?

Gmail Outage December 2020

Being a bit of a fiend for relentlessly checking emails, I first noticed something was awry with my Gmail when I was presented with the below error message.

 

gmail outage 2020

I’ve been using Gmail for a good few years and I’ve honestly never once encountered an outage in the service. With all the budget available to Google for information security, I initially would’ve considered myself highly surprised if a hack was the reason.

In an attempt to determine if other Google services were affected, I loaded up YouTube and was shocked to find myself greeted with the below error. It then became clear the outage was more severe and widespread than I first imagined.

youtube outage december 2020

I became suspicious given the multiple services affected that this pointed towards a cyber attack of unprecedented scale.

From a personal perspective, I was worried that the Google Docs file I’d spent 4 hours working on would no longer exist. I’m sure many of you reading felt similar levels of worry about your important documents. Sure enough, when trying to refresh my Drive, I received a blank screen and a server error message. Yikes.

google docs outage 2020

With much of the world wondering WTF was going on, Google remained silent on social media platforms. Speculation mounted; some people assumed it was a technical server error, while others pointed out that Google would have redundancy in place all over the planet via cloud computing, so an internal technical issue would be unlikely.

 

Google services then began functioning again at around 12.35 GMT. I refreshed my Gmail, and voila, my email inbox greeted me. The 2020 Google outage was over. And the world’s collectively breathed a sigh of relief.

 

So what happened?

 

As of now, it appears the issue stemmed from Google Accounts. It’s not looking like an information security issue. One Twitter user reported it was possible to access the offline services via incognito browsing.

The total outage was around 40 minutes long, but the discussion volume it generated on twitter, Reddit, and other social media platforms was breathtaking. What this Google outage revealed was the extraordinary extent to which so many people rely on these services for work or entertainment.

Even if the cause ultimately ends up not being a cyber attack, it’s still a prime example of just how lucrative a successful cyber attack on Google services could be. With so many dependant on these services for school, work, and entertainment, the ransom a hacker could demand would be mind-boggling.

 

The post Google Outage 2020: What Happened? appeared first on RonanTheWriter.

]]>
Why Code Signing Provides a False Sense of Security https://ronanthewriter.com/code-signing-security/ Tue, 01 Sep 2020 13:44:26 +0000 https://ronanthewriter.com/?p=1001 Often, the mechanism by which a malicious party gains access to a network is by getting an unknowing victim to run unsecured code inside that network. The third party can ...

Read moreWhy Code Signing Provides a False Sense of Security

The post Why Code Signing Provides a False Sense of Security appeared first on RonanTheWriter.

]]>
Often, the mechanism by which a malicious party gains access to a network is by getting an unknowing victim to run unsecured code inside that network. The third party can use applets to achieve this goal. Applets are essentially small applications that run within a larger piece of software. For example, you can embed Java applets in web pages, so that users run them in their web browsers.

With an adept social engineering attack, the malicious outsider convinces the victim to run an applet on a modified website that looks legitimate. The applet contains code that establishes a route into the network for the third party.

Many organizations (and the people within them) mistakenly believe that because applets won’t run unless a recognized authority signs them, this means the code within the applet must be safe. This is untrue in many respects.

The most literal aspect is that code signing merely verifies that the code has not been modified by anyone apart from its original author. But this doesn’t mean the code is safe. Just because a recognized code authority signs the code doesn’t mean the author wrote legitimate, safe code.

What normally happens in the code signing process is that people create code and they apply to get it verified by certificate authorities. The business of signing code and issuing certificates of validity is extremely competitive (and lucrative). What this means practically is that verification is minimal because the code signing companies want you as a customer.

I searched Google for “code signing services” and visited the order page of a leading code signing company’s website. I was greeted with the following fields to complete my order:

code-signing

As you can see, the information requested is pretty bare bones. Any hacker worth their salt can easily clone a website and insert their own phone number onto the cloned web page. Poof! They’ve got a legitimate organization. The digital signing company calls the hacker to verify this legitimacy, which the hacker is able to easily do.

Another easy way around the verification would be to set up a domain with maximum privacy settings and create a one or two-page website that makes it look like a legitimate organization with a name and contact details. This does leave somewhat of a footprint because the hosting company has your payment details, though, so a prudent intruder into a network would deploy the first method.

False Security

Intruders into networks know that Java is extremely popular and likely to be used in some way on a network that they want to access. All it takes is a combination of technical skills and social engineering to shatter the false sense of security that code signing provides.

The intruder creates a website in the mold of something that would resonate with employees of a target organization. The pretext to visit this website is a convincing email that uses psychological manipulation, such as using flattery (asking for expert opinions), hinting at information that would benefit the target, and so on.

Upon visiting the phony website, an employee working at the target organization gets a request to run a Java applet, perhaps under the illusion that it is required to properly use this phony website. Up pops the standard reassurance that “the application security certificate has been verified” on the employee’s screen.

The target employee (perhaps understandably) thinks that the verification of this security certificate means the applet he’s about to run is safe. But he’d be wrong.

Upon execution, the malicious applet executes a payload that provides access to the internal network of a large organization, university, or government department. Et voila; the code signing has achieved nothing from a security perspective.

How is an organization to prevent employees from running signed applets that they think are safe? Good question. Personally, I think the only means of prevention is continuous employee education about social engineering attacks, particularly around emails.

Is Code Signing Useless?

Code signing is not useless; that’s not the point of this article. It is a useful idea insofar as it guarantees that code has not been altered since it was signed. But that doesn’t mean the unaltered code is, itself, safe, especially when hackers can so easily bypass the verification mechanisms in place at code signing services.

If you enjoyed this article, consider reading my other cybersecurity articles.

The post Why Code Signing Provides a False Sense of Security appeared first on RonanTheWriter.

]]>
An Example of a Successful Word Macro Virus https://ronanthewriter.com/word-macro-virus-example/ Fri, 28 Aug 2020 10:11:28 +0000 https://ronanthewriter.com/?p=984 This hypothetical scenario shows how easy it could be for an attacker to establish the pretext for gaining entry into a corporate network using a Word macro virus. It is ...

Read moreAn Example of a Successful Word Macro Virus

The post An Example of a Successful Word Macro Virus appeared first on RonanTheWriter.

]]>
This hypothetical scenario shows how easy it could be for an attacker to establish the pretext for gaining entry into a corporate network using a Word macro virus. It is a powerful display of why social engineering can be so effective.

Macro Virus Definition

A macro virus is a type of computer virus spread using a macro language, which is a type of programming language for automating user actions within a larger application. Software such as Excel and Word allow people to store macro programs within documents that execute when the document opens or when a button is clicked.

macro-button

Creating a macro is very easy, which is good news both for legitimate users and hackers. The macro language in Microsoft software is Visual Basic for Applications (VBA). It is quite a primitive language as far as programming languages go.

Legitimate users often create macros to automate sequences of actions in one click. For example, a popular Word macro can automatically insert a company’s letterhead into a document; a process that normally takes a few minutes.

However, because VBA is capable of importing outside libraries, it has a long history of being used for nefarious reasons. In fact, you can call the entire Windows API using VBA code. Because of this API-calling capability, running a macro-enabled document is essentially the same as running a standard portable executable file in Windows.

Example Macro

What our example Word macro virus actually does is not significant in this article. It could be code that when executed, establishes the initial compromise as part of an advanced persistent threat. I’m not concerned about technical code details: the most important part of getting a malicious macro to run is actually getting the targeted user to actually run the macro. All the code obfuscation skills in the world mean nothing when the target isn’t convinced to do what you want them to do.

As part of its security defenses against macro malware, Microsoft now disables macros from automatically executing by default. The challenge, therefore, for the modern hacker is to establish a suitable pretext that will convince a targeted human user to run the macro. In other words, it’s a social engineering problem.

Getting someone to open a macro is far less of a problem than you might think. According to Verizon’s 2019 Data Breach Investigations Report, one-third of all breaches involved social engineering.

Consider the following hypothetical scenario: a hacker wants to obtain proprietary data from a pharmaceutical company.

The hacker decides to create a Word macro that downloads or otherwise establishes a secondary payload upon execution, giving them unfettered access to the internal network of the company.

The person carrying out the attack looks up the targeted company’s employees on LinkedIn for people with common names. He finds the validation engineer, a suitable target who likely has access to valuable information about processes or the efficacy of products. Let’s call the validation engineer Mr. Dave Rogan. The attacker also looks for an employee in HR with a similar name and finds someone named David.

The emails of these employees can usually be obtained with relative ease, using a tool or by simply checking the LinkedIn profiles.

A simple trick often deployed by cybercriminals to get people to run macros is to craft an email that has been apparently sent to the target by mistake. Within the email is an attachment that contains information the target will benefit from seeing. The attacker knows that despite the natural inclination to not run unverified macros, the emotional pull of seeing certain information is often overwhelming and goes against this inclination.

In this hypothetical scenario, the hacker uses the current economic downfall and a spate of upcoming redundancies to get our validation engineer to open the Word document run the macro. The email may look as follows:

social-engineering-email-example

For our validation engineer, Dave Rogan, this email is incredibly compelling. He has just received an email that he wasn’t supposed to get, outlining upcoming redundancies in his own department! The emotional pull to take a peek and see if his name is in the document is too strong.

Furthermore, because Dave is seeing a document that he wasn’t meant to see, he probably isn’t going to say anything to the IT department.

The hacker can add a macro button to the file that executes the malicious VBA code when the target clicks the button. The button would say something like “Enter Password”. The document would be blacked out, and our victim Dave thinks that entering the password and clicking the button will reveal the confidential redundancies list.

word-macro-virus-example

The button wouldn’t actually do anything for the user, though, even if the password entered is the same as was indicated in the original email. To further deter the target from reporting this document to the company’s IT department, a prudent attacker can easily insert a false popup message box warning them that further incorrect password attempts will be reported to IT.

Closing Thoughts

Spreading a Word macro virus is as simple and as deadly as that. Using a combination of technical hacking skills (which I haven’t dealt with here) and social engineering techniques, the above Word macro virus example should serve as a striking insight into the efficacy of attacks that exploit human psychology.

Target organizations need to be aware that this type of psychological manipulation is very regularly used by malicious intruders to gain access to valuable data or otherwise disrupt their networks. Defending against this type of attack requires continuous employee training and awareness around social engineering.

The post An Example of a Successful Word Macro Virus appeared first on RonanTheWriter.

]]>
Explaining What an APT is in Cybersecurity https://ronanthewriter.com/what-is-an-apt/ https://ronanthewriter.com/what-is-an-apt/#comments Thu, 27 Aug 2020 19:14:39 +0000 https://ronanthewriter.com/?p=974 Cybersecurity software companies have a habit of latching on to certain buzzwords or other jargon terms in order to attract new business. You’ve probably heard of SIEM solutions if you ...

Read moreExplaining What an APT is in Cybersecurity

The post Explaining What an APT is in Cybersecurity appeared first on RonanTheWriter.

]]>
Cybersecurity software companies have a habit of latching on to certain buzzwords or other jargon terms in order to attract new business. You’ve probably heard of SIEM solutions if you work in IT at any medium to large organization. APT is another buzzword that companies like to market their products to defend against, and it’s worth explaining what the term means because this threat often results in an extremely effective and damaging data compromise.

Advanced Persistent Threats Explained

An Advanced Persistent Threat is a mission-oriented attack on a corporate network typically conducted with the aim of stealing proprietary data. This type of data is particularly sensitive and often goes by the term “trade secrets”.

The following steps explain the usual progress of a successful APT attack:

  1. First compromise: A malicious party targets a corporate network, usually via precise social engineering, and establishes a foothold in the network with appropriate technological assistance, such as a Macro or Java applet.
  2. Ensuring future access: The attacker uses his/her own knowledge and skills to establish a customized route into the network without needing to perform the first compromise attack again. This usually involves fooling the target’s IT security team with traffic that looks legitimate.
  3. Privilege escalation: With a foothold into the network, the attacker seeks to gain administrator access to take more control.
  4. Infrastructure scrutiny: With the extra privileges that come from administrative access, the attacker can find out more information about the network, such as key infrastructure and important relationships of trust.
  5. Network expansion: Having established administrative access and conducted extra scrutiny, the attacker expands their control of the network as necessary to get access to the target information.
  6. Achieve target: The successful completion of the mission, obtaining sensitive data belonging to the target organization, is the most critical step in the APT attack and is its raison d’etre.

With an APT, there is always an aim to obtain some kind of information. This threat stands in contrast to say DDoS attacks, in which the aim is often to disrupt an organization’s business continuity. The key tenets of all APTs are stealth, patience, and goal-orientation.

Advanced Persistent Threat Protection

It’s often the case in infosec that learning about the things that don’t protect your systems is as much help in protecting your company as learning about what works. Given the steps above, we can say protection will NOT result from:

  • Malware detection: the point of an APT is that it is advanced, which means that the attacker will rarely if ever use any commonly known malware or backdoor trojan to gain a foothold within a network.
  • Auditing logins: checking logs to notice strange times at which users have logged into systems is not a strategy likely to protect against this type of compromise. The reason is that in step 2, the intruder establishes a customized toolkit that ensures future access without needing to repeat the first compromise.
  • Relying on suspicious IP addresses: some sources say you can find an in-progress APT by monitoring logins to internal email addresses and detecting suspicious IP addresses. A skilled hacker often logs in from inside your network, leaving no trace of suspicion in the IP address.

Closing Thoughts

Advanced persistent threats are extremely effective information security attacks that all companies need to worry about, especially the largest organizations. Hospitals, universities, pharmaceutical companies, large financial corporations, and even government agencies are all viable targets because they all have one thing in common—they store sensitive, valuable information.

The post Explaining What an APT is in Cybersecurity appeared first on RonanTheWriter.

]]>
https://ronanthewriter.com/what-is-an-apt/feed/ 1
Ethical Hacking: An Overview https://ronanthewriter.com/what-is-ethical-hacking/ Sun, 23 Aug 2020 09:04:05 +0000 https://ronanthewriter.com/?p=961 On this page, I want to talk about a fascinating area of information security, which is ethical hacking. I’ll define what it is, talk about the three types of hackers, ...

Read moreEthical Hacking: An Overview

The post Ethical Hacking: An Overview appeared first on RonanTheWriter.

]]>
On this page, I want to talk about a fascinating area of information security, which is ethical hacking. I’ll define what it is, talk about the three types of hackers, and help you understand the purpose of ethical hacking. I’ll also talk a bit about the career prospects in this discipline for those of you who are interested in going further with it.

What is Ethical Hacking?

Ethical hacking is the compromising of a computer system or network by a skilled professional in order to help detect and protect those same systems from vulnerabilities. An ethical hacker uses the same skills and tools as a malicious hacker; the difference is in the purpose of the activity.

A malicious hacker typically wants to disrupt a system, steal information, or otherwise damage an organization’s credibility. The key tenet of ethical hacking is protecting organizations, whether that means large businesses or government departments.

What Are The Three Types of Hackers?

There are three broad types of people who intentionally attempt to compromise systems and networks:

  1. White hat. These people professionals who use their expertise in compromising systems for defensive rather than malicious purposes. It’s critical to note that white hat pros crack systems only when they have explicit permission from the data owner to do so.
  2. Black hat. Black hats are people who use their skills for nefarious reasons. Put simply, they’re the bad guys of the hacking world. These people break into systems with the intention to destroy data, obtain lucrative information, spread computer viruses, or simply wreak havoc.
  3. Gray hat. Gray hats occupy an interesting in-between point on this spectrum. These people are generally very curious about the tools and technologies people use to compromise a system. They might target a particular organization, not with the intention of causing harm, but with the intention of highlighting a flaw in the victim’s info security posture. Gray hats are unpaid, and they hack into systems without permission, which is why we can say they occupy a gray area between malicious and ethical.

It’s worth noting that ethical hackers fall into the white hat category when currently employed. However, it’s often the case that organizations recruit professional system crackers who’ve previously operated as gray hats.

What is the Use of Ethical Hacking?

When hired by an organization, the ethical hacker first asks for clarification on what systems and information the organization deems critical and necessary to protect. The professional also needs to know what resources the organization wants to commit to this protection.

Often there’s a mismatch between resource allocation and the level of protection needed to guard information assets. The hacker plans penetration tests around the assets of importance. The person then uses the same tools and processes as a black hat would to find loopholes and breach systems. The person then compiles a penetration test report, which includes screenshots and a summary of the key risks.

Based on the pen test report, the organization can put measures in place to mitigate the risks highlighted by an ethical hacker. After establishing these countermeasures, the pen test can be repeated to make sure nothing is missed.

Are Ethical Hackers in Demand?

As much as you can say cybersecurity, in general, is a growing field, then yes, ethical hacking is an in-demand career. It’s worth noting that cracking a system is a specialized skill that not many people possess. It is also pertinent that cyber attacks continue to grow in volume and sophistication. Governments and large businesses need specialized professionals to find flaws in their systems and help rectify them before a black hat finds them.

Salaries for certified ethical hackers vary considerably due to factors like location, experience, and skillset. On average, you can expect to earn $71,000 if you opt for this career path.

Large organizations should definitely consider hiring a good certified ethical hacker as part of improving their IT security defenses. These skills will only become more important as malicious attacks continue to rise and digital information becomes more valuable.

The post Ethical Hacking: An Overview appeared first on RonanTheWriter.

]]>
Benefits of Load Balancing in Networking https://ronanthewriter.com/benefits-of-load-balancing-in-networking/ Thu, 23 Jul 2020 09:30:40 +0000 https://ronanthewriter.com/?p=893 Sometimes there are solutions in IT that solve so many problems, it’s hard to believe that not every business uses those solutions or even knows about them. Load balancing is ...

Read moreBenefits of Load Balancing in Networking

The post Benefits of Load Balancing in Networking appeared first on RonanTheWriter.

]]>
Sometimes there are solutions in IT that solve so many problems, it’s hard to believe that not every business uses those solutions or even knows about them. Load balancing is a cure-all for many of the ailments that plague IT departments. This article explains what load balancing in networking is and how businesses can benefit from it.

What is Load Balancing?

Load balancing distributes workloads on a network across multiple servers efficiently. With load balancing in place, no single server becomes overburdened by network traffic, ensuring that end-users, whether internal or external, experience stable performance when interacting with IT services, such as applications or websites.

Software Load Balancer vs Hardware

Load balancing can function using software or hardware. Companies can purchase a proprietary load balancing device pre-loaded with a special operating system. The device’s operating system distributes traffic in an efficient way across many servers.

For software-based load balancing, no proprietary hardware is required. You can simply install the software on a standard server, from which the load balancing software manages the traffic flow. The server can be on-premise or a virtual machine.

It’s the network administrator’s role to properly set up load balancing. The network admin defines an IP address or DNS for the website, application, or task for which an organization needs load balancing. This IP address ensures that all traffic for the specific function goes to the load balancer.

From the load balancing server or load balancing device, the traffic is distributed using the IP addresses of the actual servers that will handle and share the workload(s) in question.

Different types of load balancing algoirthms control the flow of traffic to servers. It’s the job of the network admin to choose the most suitable algorithm based on their own knowledge.

Load Balancing Options

There are a few different types of configurations and options for using load balancing in networking. This section doesn’t attempt to be exhaustive—rather, it provides a high-level overview of topics that could have entire posts dedicated to them.

  1. On-premise load balancing: typically for large organizations that want to manage traffic flow on a network from internal applications with heavy use, such as CRM systems.
  2. Internet-facing load balancing: companies can distribute incoming Internet traffic (to their website, for example) efficiently between many servers.
  3. Cloud load balancing: distributes workloads across many computing resources in the cloud and on-premise using a service-based model.
  4. Content-based load balancing: an approach to load balancing in which different groups of servers handle different types of requests, such as video streaming, downloads, and web pages.
  5. Global server load balancing: distributes traffic across server resources located in multiple regions around the world.

Benefits of Load Balancing

Given the definition of load balancing, it would be easy to assume that network efficiency is the only important benefit. However, the picture is bigger than that, and IT departments at small, medium, and large businesses have much to gain from using load balancing.

Scalability

One of the best benefits of load balancing that accommodates offloading traffic to the cloud is scalability. Maybe you’re a small consumer goods business selling merchandise online and your web servers can handle your online store traffic most of the time. But, during specific times of the year, such as Black Friday, you experience traffic surges and your servers become overburdened, leading to failure.

Load balancing addresses this exact need for scalable computing resources. By using load balancing, you can offload traffic to the cloud during times of peak demand, whether that means for specific days during the year of specific times. Read about different ways to connect to the cloud.

Redundancy

In the case of a small, fast-growing business, there is a need to expand beyond using a single server to deliver customer-facing websites or use business-critical applications. A single point of failure can cost your business a lot of money.

However, even if a business has multiple web servers, it’s possible for a server to fail. Without load balancing in place, all the requests made to the failed server cannot be answered, which affects the end users. With load balancing in place, you achieve redundancy. Traffic is automatically redirected to working servers, meaning your critical applications and websites aren’t noticeably impacted by the failure of one server.

DDoS Mitigation

One of the most overlooked benefits of load balancing in networking is in the area of network security. Using a software-based load balancer with the option to offload traffic to the public cloud provides cost-effective protection against DDoS attacks.

In a DDoS attack, a third party attempts to overwhelm IT resources by inundating an organization’s servers with a barrage of requests to the point that they stop working. From a business continuity perspective, DDoS attacks can be incredibly damaging. The use of load balancing is cost-effective and elastic in mitigating DDoS attacks. Software-based solutions with intelligent analytics can offload large numbers of server requests to public cloud servers when DDoS attacks are identified.

Performance

Your business-critical apps and websites work better with load balancing in place. Downtime is dramatically reduced. Content-based load balancing ensures servers are optimized to deal with specific types of requests, resulting in further performance boosts.

Reliability

With global server load balancing, or even cross-regional load balancing, you become less susceptible to conditions in one area and your critical apps become more reliable. For example, say you’re a small marketing company from Heuston hosting a business-critical application, and your employees work remotely. If there’s a severe weather event or power outage in Houston, all your servers go down, and nobody can access the business-critical app. With load balancing, different servers in different geographical areas can host the application and the load balancer can direct end user requests to these servers.

Summary

Load balancing can benefit businesses of all sizes by managing the distribution of workloads between servers. A load balancing solution, whether software or hardware-based, should be a prime consideration of any company’s IT department and network administrator.

The post Benefits of Load Balancing in Networking appeared first on RonanTheWriter.

]]>
Twitter Security Breach 2020: A Successful Social Engineering Attack https://ronanthewriter.com/twitter-2020-breach-social-engineering-attacks/ https://ronanthewriter.com/twitter-2020-breach-social-engineering-attacks/#comments Thu, 16 Jul 2020 07:50:58 +0000 https://ronanthewriter.com/?p=877 On July 15th, 2020, leading social media platform Twitter experienced a sophisticated cyber attack that caused untold disruption to the platform. The attack itself appears to be an example of ...

Read moreTwitter Security Breach 2020: A Successful Social Engineering Attack

The post Twitter Security Breach 2020: A Successful Social Engineering Attack appeared first on RonanTheWriter.

]]>
On July 15th, 2020, leading social media platform Twitter experienced a sophisticated cyber attack that caused untold disruption to the platform. The attack itself appears to be an example of social engineering attacks that plague businesses of all sizes around the world. This social engineering attack, combined with a simple bitcoin scam, will be talked about for years in information security.

2020 Twitter Breach Explained

In the breach, hackers gained access to the accounts of several high-profile Twitter users, including US presidential candidate Joe Biden, billionaire entrepreneur Jeff Bezos, and trillion-dollar tech company, Apple. The hackers used the access they gained to conduct a simple bitcoin scam. The access to such high-profile Twitter accounts took advantage of a coordinated social engineering attack on key Twitter employees, gaining access to internal systems.

So, here we have an interesting combination of incredible sophistication to gain access to internal systems and incredible simplicity to steal money. The simple bitcoin scam promised, via Tweets from verified accounts, that if people sent $1,000 worth of bitcoin to a particular bitcoin address, they’d get $2,000 in return.

twitter breach 2020

In response to the attack, Twitter blocked verified accounts from Tweeting completely for up to one hour. Verified Twitter accounts belong to people of public interest who have verified their authenticity. These people typically have hundreds of thousands of followers.

The dark beauty of this attack is that it took advantage of peoples’ trust in public figures. Most people would have the common sense not to send money to a random bitcoin address if a random account Tweeted that they could double their money.

However, when the accounts Tweeting about the money-making promises are verified figures of public trust, it is much easier to fall victim and believe the Tweet. It’s believed the bitcoin wallet’s balance grew rapidly to over $100,000 in value (~11 BTC at the time of the attack).

What is Social Engineering in Cyber Security?

Social engineering in cyber security is when an unknown or untrusted party gains the trust of someone inside a company. After the attacker gains the victim’s trust, they can use this trust for nefarious purposes, such as opening a back door into sensitive systems.

In the case of the 2020 Twitter breach, it appears that a coordinated and complex social engineering attack granted the access that the hackers needed to post from verified Twitter accounts. Social engineering attacks take advantage of the people within organizations rather than the systems used to secure a network.

The Twitter breach shows that even the people working for tech-oriented organizations are vulnerable to social engineering attacks. It also shows that even technically secure environments at the world’s largest enterprises are susceptible to intrusion.

Social Engineering Threats

The following are some of the main social engineering threats can arise from a successful attack:

  • Compromised users can open infected files that wreak havoc on an organization’s internal networks.
  • Victims can reveal confidential company information or personal information in a type of social engineering attack known as spear phishing.
  • Victims may click malicious URLs that infect their computer or every computer one network.
  • Victims might reveal passwords to sensitive databases, which attackers can retrieve and dump on the darknet or demand money for.
  • In a type of social engineering attack known as a watering hole attack, victims visit seemingly trustworthy websites and attackers either infect their computers or access internal networks.
  • Apply all these practices inside the corporate network and when working outside the office to improve endpoint security.

Social Engineering Prevention

Social engineering prevention is best achieved through thorough employee awareness and education about these types of attacks. More specifically, here are some prevention methods all employees and employers should follow:

  • Take a cautious approach to any communications that seem abnormal or unexpected even from people whom you trust
  • Ask people for proof of identity, such as documents or numbers that can easily be verified as authentic
  • When receiving phone calls, ask a colleague who recognizes the supposed caller’s voice to verify it
  • Think before clicking on any new or unfamiliar links.
  • Never download files you didn’t expect or when you don’t know the sender
  • Use multi-factor authentication for key systems so that a compromise in credentials doesn’t always result in a breach

Summary

Social engineering attacks exploit vulnerabilities in human psychology. The 2020 Twitter breach is an almost perfect example of how effective social engineering can be. An enterprise can take all the steps in the world to secure its network, but employees can still provide attackers with entry points into key systems. Prevention can only be achieved with increased employee education about social engineering.

The post Twitter Security Breach 2020: A Successful Social Engineering Attack appeared first on RonanTheWriter.

]]>
https://ronanthewriter.com/twitter-2020-breach-social-engineering-attacks/feed/ 1
Database Management Systems: 5 Big Security Risks https://ronanthewriter.com/security-risks-to-database-systems/ Wed, 01 Jul 2020 13:14:00 +0000 http://ronanthewriter.com/?p=832 Data is one of the most important assets for organizations of all sizes. Organizations use database management systems to handle the storage, querying, and retrieval of their data. These tasks ...

Read moreDatabase Management Systems: 5 Big Security Risks

The post Database Management Systems: 5 Big Security Risks appeared first on RonanTheWriter.

]]>
Data is one of the most important assets for organizations of all sizes. Organizations use database management systems to handle the storage, querying, and retrieval of their data. These tasks help to uncover important business insights. Cybercriminals also know the value of data, and they can attempt to gain access to valuable data by exploiting database systems. This article describes five of the main security risks to database systems.

Why is Data so Important for Businesses?

To reinforce the importance of guarding against the security risks to database systems, it’s helpful to refresh our minds about why data is such an important asset for businesses. The following are some of the main ways companies benefit from data:

  • Improved decision making—Businesses of all sizes generate data, and they can use that data to make better decisions about ways to find new customers, social media platforms to focus marketing efforts on, and much more.
  • Solving problems—Marketing campaigns performing poorly? The data typically has the answers you’re seeking and you can rectify problems based on this knowledge.
  • Refining performance—Analytics data helps refine performance in different areas of importance to your business, such as deliveries, or eCommerce experience.
  • Understanding customer behavior—Data helps you glean crucial insights about who your customers are, what content they interact with, and what marketing channels they prefer.
  • Increasing business efficiency—Analyzing data helps your business eliminate inefficiencies that cost time and money.

Security Risks to Database Systems

Bearing in mind the value of data, it’s no surprise that hackers want to access it. One of the main methods for accessing data is to take advantage of security flaws or weak points in the software you use to manage your data. Here are five of the main security risks to database systems.

Aggregation Attacks

SQL in the main language that business professionals use to query organizational data stored in database management systems (DBMS) such as MS Access, SQL Server, and MySQL. A common SQL operation is aggregation, in which information from multiple tables is combined.

An aggregation attack is an insider attack that occurs when a malicious employee uses aggregation functions to piece together different pieces of non-sensitive information that when combined, become sensitive. The best prevention method is proper control over the permissions granted to database system users.

Inference Attacks

An inference attack is closely related to an aggregation attack. It involves a malicious insider obtaining highly sensitive information from a database without necessarily having the highest access privileges to see that data.

While aggregation attacks depend on the use of aggregation functions to piece together information, inference attacks use the deductive capabilities of the malicious party to piece together information about sensitive data.

Again, proper access control is an information security department’s best friend when it comes to preventing inference attacks.

Lack of Encryption

A surprising number of exploits on database systems arise due to organizations not encrypting sensitive data. While attacks targeting encrypted data do occur, they require far more sophistication than simply accessing unencrypted data. This security risk arises from poorly implemented infosec processes rather than underlying security issues in database management systems.

It’s a good example of the benefit of the tools at your disposal depending on how you use those tools as much as the tools themselves.

The procedure for encrypting an unencrypted database depends on the DBMS your company uses. As an aside, if you store sensitive data in the cloud, it’s always prudent to make sure it’s encrypted. Here is a link to the Oracle page on transparent data encryption, which described how to encrypt an Oracle database.

Injection Attacks

An SQL injection attack is one of the main types of security risks to database systems. Injection attacks typically exploit the interactions between web applications and database systems. A programmer building a web application writes insecure code that is easily exploitable by hackers using valid SQL commands.

Databases store usernames, passwords, and even credit card information belonging to users of web applications. The hacker injects valid, yet malicious SQL commands into entry fields and can gain privileged access, alter data, or view entire databases of sensitive information.

The likes of Sony, Talk talk, and Yahoo have fallen victim to SQL injection attacks. They are a perfect cybersecurity storm of being easy to execute and devastating when successful.

Prevention comes from proper coding—using parameterized statements when constructing the code that passes inputs into SQL statements for database access. From an infosec perspective, web application firewalls and vulnerability assessment tools can detect SQL injection attacks.

Unpatched Exploits

A DBMS like Oracle is a software package that, much like any other software, is vulnerable to exploits. When security loopholes are found in a particular program, the owners of that program scramble to implement fixes as quickly as possible.

Despite the speed at which patches for security exploits are released, a shocking number of data breaches occur because of companies failing to apply patches to their software on time. According to a 2019 survey of IT professionals conducted by Tripwire, unpatched vulnerabilities caused data breaches at 27 percent of organizations.

The obvious solution is to use proper patch management and update all software on time, including database systems. A good vulnerability scanning tool is the friend of any infosec department and should be used frequently.

Closing Thoughts

As with many areas of infosec, the security risks to database systems arise from a combination of human and software weaknesses. Prevention and mitigation of all of these issues is possible and recommended if your business wants to safeguard its important data.

 

If you enjoyed this article and you’d like me to write an engaging, well-researched article or blog post for your business on any technical IT topic, you can email me now by clicking the below button:

Hire Me

 

The post Database Management Systems: 5 Big Security Risks appeared first on RonanTheWriter.

]]>
A Guide to the Main 6 Types of Computer Viruses https://ronanthewriter.com/types-of-computer-viruses/ https://ronanthewriter.com/types-of-computer-viruses/#comments Thu, 18 Jun 2020 09:50:18 +0000 http://ronanthewriter.com/?p=776 In much the same way that different human viruses cause different symptoms, there are different types of computer viruses that do different types of damage to computer systems and networks. ...

Read moreA Guide to the Main 6 Types of Computer Viruses

The post A Guide to the Main 6 Types of Computer Viruses appeared first on RonanTheWriter.

]]>
In much the same way that different human viruses cause different symptoms, there are different types of computer viruses that do different types of damage to computer systems and networks. It’s crucial for decision-makers and IT departments to understand these viruses and their potentially damaging impacts; both economic and operational. This article describes six main types of computer viruses and their effects.

What is a Computer Virus?

A computer virus is a piece of malicious software that can replicate itself inside a host application and spread across computers and networks when a user executes the host software. The mechanism is similar to the way in which a virus spreads through a human population (effective self-replication) by attaching itself to host humans.

Computer viruses can cause devastating financial losses. The fast-spreading MyDoom e-mail virus caused more than $38 billion worth of damage as far back as 2004. Computer viruses remain ever-present threats in the landscape of information security.


Computer Virus Symptoms

Sometimes the symptoms of a computer virus infection will be obvious, and sometimes they require a keen eye. Here are the most common signs and symptoms to look out for:

  • Annoying messages appearing on your screen
  • Complete hard drive shutdown
  • System slowdowns due to the virus consuming system resources
  • Important system files disappearing
  • The size of installed programs increasing due to the virus replicating itself with those programs
  • Systems randomly switching off or crashing
  • Unexpected error messages and blue screens of death

The most effective and rapidly spreading viruses are often e-mail viruses. The virus might infiltrate email programs on an infected system and attach itself to any outgoing emails. This makes for a rapid way for a computer virus to replicate itself on other systems as unknowing users open email attachments and infect their computers.

Types of Computer Virus

The six broad types of computer viruses are:

  1. Polymorphic viruses
  2. Stealth viruses
  3. Macro virus
  4. Companion virus
  5. Multipartite virus
  6. Retrovirus

Polymorphic Viruses

A polymorphic computer virus gets its name from its ability to change itself into different forms to avoid detection. Polymorphic viruses often use cryptography methods to encrypt themselves and evade detection by antivirus software scanners. This is known as a viral mutation and it is similar to how biological viruses mutate their genes to avoid detection by host organisms.

Stealth Viruses

Stealth viruses, as their name suggests, are adept at avoiding detection by hiding in files, boot sectors, or hard disk partitions. Surprisingly, some leading technology blogs conflate stealth viruses and polymorphic viruses, but their mechanisms are not the same.

Stealth viruses are able to evade detection by redirecting commands around themselves. For example, a stealth virus in the boot sector of a drive will redirect any attempt to read the infiltrated sector of that drive

Macro Virus

A macro virus exploits coding languages known as macro languages that many users of Microsoft Excel and MS Word are familiar with. In fact, within an enterprise environment, it’s likely that many employees use macros several times in their daily work. Macros are simple pieces of code composed of repeated actions that people create to save time. For example, you might create a macro to automatically hide all worksheets in Excel except the active sheet.

The macro language for a particular software is embedded in the software itself. A macro virus is written in the same macro language as the application it infects. The macro virus typically uses the same name as a normal macro and replaces its commands with malicious tasks, such as corrupting systems.

Companion Virus

Companion computer viruses tricks users by using the same naming convention as commonly executed software. The companion virus uses a different extension than the executable file. When the user attempts to run the commonly used program, the companion virus executes instead. Companion viruses can be tricky to spot because unlike many other types of computer viruses, they don’t modify any files.

Multipartite Virus

A multipartite virus attacks both executable files and boot sectors on a system in order to increase its ability to infiltrate a system and spread. A key indicator of infiltration by a multipartite virus is if a system becomes low on virtual memory. Multipartite viruses can be extremely destructive and difficult to completely eliminate. Even if you clear the virus from all program files on a system, its multi-pronged approach means it can easily infect the system again during the bootup process.

Retrovirus

A retrovirus is a unique type of computer virus that actively seeks out anti-virus software and attempts to disable any virus-scanning functionality. A retrovirus can destroy virus definition files, rendering the antivirus software useless. Retroviruses can also directly attack antivirus software and create exceptions allowing them to spread on a system.

The Importance of Antivirus Software

One of the main ways for businesses and individuals to protect against viruses is to use effective antivirus software The efficacy of antivirus software depends on its definition database containing known antivirus signatures. The database should be updated frequently to reflect new viruses and it should be extensive enough to encompass all known viruses.


The utility of good antivirus software is that it offers comprehensive protection against all types of computer viruses. It’s also worth remembering that a virus can destroy a computer system or multiple systems on a network. The cost of an effective antivirus program is far less than the cost of replacing hardware rendered useless by a really malicious computer virus.

Employee education is also important. People should know about common vectors of computer virus attacks and prevent them. For example, never opening email attachments from untrusted sources.

 

If you enjoyed this article and you’d like me to write an engaging, well-researched article or blog post for your business on any technical IT topic, you can email me now by clicking the below button:

Hire Me

 

The post A Guide to the Main 6 Types of Computer Viruses appeared first on RonanTheWriter.

]]>
https://ronanthewriter.com/types-of-computer-viruses/feed/ 1
5 Everyday Applications of Cryptography https://ronanthewriter.com/applications-of-cryptography-in-daily-life/ Tue, 09 Jun 2020 12:30:51 +0000 http://ronanthewriter.com/?p=748 You don’t need to be an expert who knows exactly how cryptography works in your organization, but it’s a good idea to become familiar with what cryptography actually does for ...

Read more5 Everyday Applications of Cryptography

The post 5 Everyday Applications of Cryptography appeared first on RonanTheWriter.

]]>
You don’t need to be an expert who knows exactly how cryptography works in your organization, but it’s a good idea to become familiar with what cryptography actually does for your business. This article attempts to bridge the communication barriers that can arise between IT security teams and upper-level staff by highlighting five applications of cryptography in daily life.

Applications of Cryptography in Daily Life

Cryptography is one of those peculiar things that benefits everyone multiple times every day, whether in business or as customers, without most of us even realizing it. It’s kind of like the ozone layer in that sense. The below image is a snapshot of the topics I’ll discuss here:

applications of cryptography in daily life

1. Encrypting Company Devices

If you have a suite of company laptops or tablets to facilitate business travel or remote work arrangements, it is essential to encrypt the hard drives on every one of those devices if you want to maximize information security. This is particularly important for industries such as finance and healthcare, where sensitive data is protected by several regulations.

Picture the scenario—a company executive takes his company laptop, which contains sensitive customer data, on his commute home from work. He leaves the laptop behind him and it’s not encrypted. Disaster strikes. Someone finds the laptop and uploads thousands of customer names, card details, and addresses on the darknet.

The scenario above has repeated so often over the years that it’s now completely unsurprising to wake up to a news story about a data breach caused by a stolen laptop.

An Intel-sponsored study as far back as 2011 found that the average cost of a stolen laptop for businesses was €35,284 ($49,246). There have been no similarly robust studies since. However, adjusting for inflation and the increased stringency of compliance penalties since 2011, you could reasonably add another 15-20% to those figures.

Full disk encryption is the type of cryptography that prevents such incidents. If your business doesn’t encrypt its company devices, now is the time to start. If your business already uses full disk encryption, now you know why.

2. Securing Email Communications

Prudent organizations should use file encryption methods to secure email communications where sensitive data is being sent. The most straightforward to implement is Pretty Good Privacy (PGP), which is a hybrid of asymmetric and symmetric encryption. Even though its implementation is straightforward, PGP requires some additional employee training.

Many organizations (of all sizes) don’t secure their email communications, though, which is an undeniable information security risk. The average cost of a breach per record leaked is $242. Whether the leakage from an unencrypted email of 1000 or even 10000 of such records constitutes a cost your business is willing to pay should determine if you need to encrypt your emails.

3. Protecting Sensitive Company Data

Internally, organizations should be encrypting their own sensitive data, such as intellectual property, so that only certain privileged employees can access that information. Proper access controls also contribute to this use of cryptography.

In fact, unless your organization’s IT security team operates on the least privileges principle, encrypting your trade secrets won’t work anywhere near as well as it can. File-level encryption works best for protecting specific folders and files from malicious insiders and prying intruders. Combined with proper access controls, file-level encryption is imperative.

4. Encrypting Databases

Cyber attacks on databases are commonplace. One of the most important applications of cryptography in daily life is to secure sensitive records contained in databases. This use case of cryptography not only ensures compliance with industry regulations; it also protects the identities of customers.

For example, a large dental practice might have a database with social security numbers and other sensitive patient data. If that dental practice cares about compliance or patient confidentiality, it needs to encrypt either the full database or the specific records that are sensitive.

5. Securing a Website

One of the applications of cryptography in daily life that pretty much everyone benefits from is the use of HTTPS to secure communications over a network. Any competent business with a website or mobile app for communicating with customers should be using HTTPS.

HTTPS is an example of a cryptographic use case because its port, number 443, is protected by an encryption algorithm. The older HTTP protocol is an unsecured version of HTTPS that communicates using clear text. HTTP is fine for blogs and other websites that don’t transact in sensitive data. For the majority of businesses, it’s an absolute must.

Closing Thoughts

Cyber attacks on cryptography can happen, and this article does not suggest cryptography is foolproof. However, attacks that seek to exploit cryptography are far more complex to carry out than taking advantage of organizations that neglect to use an effective encryption strategy. Bear these important applications of cryptography in mind the next time your IT security team badgers you about an incomplete encryption strategy at your organization.

 

If you enjoyed this article and you’d like me to write an engaging, well-researched article or blog post for your business on any technical IT topic, you can email me now by clicking the below button:

Hire Me

 

 

The post 5 Everyday Applications of Cryptography appeared first on RonanTheWriter.

]]>