Gmail Outage December 2020

Being a bit of a fiend for relentlessly checking emails, I first noticed something was awry with my Gmail when I was presented with the below error message.

I’ve been using Gmail for a good few years and I’ve honestly never once encountered an outage in the service. With all the budget available to Google for information security, I initially would’ve considered myself highly surprised if a hack was the reason.

In an attempt to determine if other Google services were affected, I loaded up YouTube and was shocked to find myself greeted with the below error. It then became clear the outage was more severe and widespread than I first imagined.

I became suspicious given the multiple services affected that this pointed towards a cyber attack of unprecedented scale.

From a personal perspective, I was worried that the Google Docs file I’d spent 4 hours working on would no longer exist. I’m sure many of you reading felt similar levels of worry about your important documents. Sure enough, when trying to refresh my Drive, I received a blank screen and a server error message. Yikes.

With much of the world wondering WTF was going on, Google remained silent on social media platforms. Speculation mounted; some people assumed it was a technical server error, while others pointed out that Google would have redundancy in place all over the planet via cloud computing, so an internal technical issue would be unlikely.

Google services then began functioning again at around 12.35 GMT. I refreshed my Gmail, and voila, my email inbox greeted me. The 2020 Google outage was over. And the world’s collectively breathed a sigh of relief.

So what happened?

As of now, it appears the issue stemmed from Google Accounts. It’s not looking like an information security issue. One Twitter user reported it was possible to access the offline services via incognito browsing.

The total outage was around 40 minutes long, but the discussion volume it generated on twitter, Reddit, and other social media platforms was breathtaking. What this Google outage revealed was the extraordinary extent to which so many people rely on these services for work or entertainment.

Even if the cause ultimately ends up not being a cyber attack, it’s still a prime example of just how lucrative a successful cyber attack on Google services could be. With so many dependant on these services for school, work, and entertainment, the ransom a hacker could demand would be mind-boggling.

The post Google Outage 2020: What Happened? appeared first on RonanTheWriter.

With an adept social engineering attack, the malicious outsider convinces the victim to run an applet on a modified website that looks legitimate. The applet contains code that establishes a route into the network for the third party.

Many organizations (and the people within them) mistakenly believe that because applets won’t run unless a recognized authority signs them, this means the code within the applet must be safe. This is untrue in many respects.

The most literal aspect is that code signing merely verifies that the code has not been modified by anyone apart from its original author. But this doesn’t mean the code is safe. Just because a recognized code authority signs the code doesn’t mean the author wrote legitimate, safe code.

What normally happens in the code signing process is that people create code and they apply to get it verified by certificate authorities. The business of signing code and issuing certificates of validity is extremely competitive (and lucrative). What this means practically is that verification is minimal because the code signing companies want you as a customer.

I searched Google for “code signing services” and visited the order page of a leading code signing company’s website. I was greeted with the following fields to complete my order:

As you can see, the information requested is pretty bare bones. Any hacker worth their salt can easily clone a website and insert their own phone number onto the cloned web page. Poof! They’ve got a legitimate organization. The digital signing company calls the hacker to verify this legitimacy, which the hacker is able to easily do.

Another easy way around the verification would be to set up a domain with maximum privacy settings and create a one or two-page website that makes it look like a legitimate organization with a name and contact details. This does leave somewhat of a footprint because the hosting company has your payment details, though, so a prudent intruder into a network would deploy the first method.

False Security

Intruders into networks know that Java is extremely popular and likely to be used in some way on a network that they want to access. All it takes is a combination of technical skills and social engineering to shatter the false sense of security that code signing provides.

The intruder creates a website in the mold of something that would resonate with employees of a target organization. The pretext to visit this website is a convincing email that uses psychological manipulation, such as using flattery (asking for expert opinions), hinting at information that would benefit the target, and so on.

Upon visiting the phony website, an employee working at the target organization gets a request to run a Java applet, perhaps under the illusion that it is required to properly use this phony website. Up pops the standard reassurance that “the application security certificate has been verified” on the employee’s screen.

The target employee (perhaps understandably) thinks that the verification of this security certificate means the applet he’s about to run is safe. But he’d be wrong.

Upon execution, the malicious applet executes a payload that provides access to the internal network of a large organization, university, or government department. Et voila; the code signing has achieved nothing from a security perspective.

How is an organization to prevent employees from running signed applets that they think are safe? Good question. Personally, I think the only means of prevention is continuous employee education about social engineering attacks, particularly around emails.

Is Code Signing Useless?

Code signing is not useless; that’s not the point of this article. It is a useful idea insofar as it guarantees that code has not been altered since it was signed. But that doesn’t mean the unaltered code is, itself, safe, especially when hackers can so easily bypass the verification mechanisms in place at code signing services.

If you enjoyed this article, consider reading my other cybersecurity articles.

The post Why Code Signing Provides a False Sense of Security appeared first on RonanTheWriter.

Macro Virus Definition

A macro virus is a type of computer virus spread using a macro language, which is a type of programming language for automating user actions within a larger application. Software such as Excel and Word allow people to store macro programs within documents that execute when the document opens or when a button is clicked.

Creating a macro is very easy, which is good news both for legitimate users and hackers. The macro language in Microsoft software is Visual Basic for Applications (VBA). It is quite a primitive language as far as programming languages go.

Legitimate users often create macros to automate sequences of actions in one click. For example, a popular Word macro can automatically insert a company’s letterhead into a document; a process that normally takes a few minutes.

However, because VBA is capable of importing outside libraries, it has a long history of being used for nefarious reasons. In fact, you can call the entire Windows API using VBA code. Because of this API-calling capability, running a macro-enabled document is essentially the same as running a standard portable executable file in Windows.

Example Macro

What our example Word macro virus actually does is not significant in this article. It could be code that when executed, establishes the initial compromise as part of an advanced persistent threat. I’m not concerned about technical code details: the most important part of getting a malicious macro to run is actually getting the targeted user to actually run the macro. All the code obfuscation skills in the world mean nothing when the target isn’t convinced to do what you want them to do.

As part of its security defenses against macro malware, Microsoft now disables macros from automatically executing by default. The challenge, therefore, for the modern hacker is to establish a suitable pretext that will convince a targeted human user to run the macro. In other words, it’s a social engineering problem.

Getting someone to open a macro is far less of a problem than you might think. According to Verizon’s 2019 Data Breach Investigations Report, one-third of all breaches involved social engineering.

Consider the following hypothetical scenario: a hacker wants to obtain proprietary data from a pharmaceutical company.

The hacker decides to create a Word macro that downloads or otherwise establishes a secondary payload upon execution, giving them unfettered access to the internal network of the company.

The person carrying out the attack looks up the targeted company’s employees on LinkedIn for people with common names. He finds the validation engineer, a suitable target who likely has access to valuable information about processes or the efficacy of products. Let’s call the validation engineer Mr. Dave Rogan. The attacker also looks for an employee in HR with a similar name and finds someone named David.

The emails of these employees can usually be obtained with relative ease, using a tool or by simply checking the LinkedIn profiles.

A simple trick often deployed by cybercriminals to get people to run macros is to craft an email that has been apparently sent to the target by mistake. Within the email is an attachment that contains information the target will benefit from seeing. The attacker knows that despite the natural inclination to not run unverified macros, the emotional pull of seeing certain information is often overwhelming and goes against this inclination.

In this hypothetical scenario, the hacker uses the current economic downfall and a spate of upcoming redundancies to get our validation engineer to open the Word document run the macro. The email may look as follows:

For our validation engineer, Dave Rogan, this email is incredibly compelling. He has just received an email that he wasn’t supposed to get, outlining upcoming redundancies in his own department! The emotional pull to take a peek and see if his name is in the document is too strong.

Furthermore, because Dave is seeing a document that he wasn’t meant to see, he probably isn’t going to say anything to the IT department.

The hacker can add a macro button to the file that executes the malicious VBA code when the target clicks the button. The button would say something like “Enter Password”. The document would be blacked out, and our victim Dave thinks that entering the password and clicking the button will reveal the confidential redundancies list.

The button wouldn’t actually do anything for the user, though, even if the password entered is the same as was indicated in the original email. To further deter the target from reporting this document to the company’s IT department, a prudent attacker can easily insert a false popup message box warning them that further incorrect password attempts will be reported to IT.

Closing Thoughts

Spreading a Word macro virus is as simple and as deadly as that. Using a combination of technical hacking skills (which I haven’t dealt with here) and social engineering techniques, the above Word macro virus example should serve as a striking insight into the efficacy of attacks that exploit human psychology.

Target organizations need to be aware that this type of psychological manipulation is very regularly used by malicious intruders to gain access to valuable data or otherwise disrupt their networks. Defending against this type of attack requires continuous employee training and awareness around social engineering.

The post An Example of a Successful Word Macro Virus appeared first on RonanTheWriter.

Advanced Persistent Threats Explained

An Advanced Persistent Threat is a mission-oriented attack on a corporate network typically conducted with the aim of stealing proprietary data. This type of data is particularly sensitive and often goes by the term “trade secrets”.

The following steps explain the usual progress of a successful APT attack:

1. First compromise: A malicious party targets a corporate network, usually via precise social engineering, and establishes a foothold in the network with appropriate technological assistance, such as a Macro or Java applet.
2. Ensuring future access: The attacker uses his/her own knowledge and skills to establish a customized route into the network without needing to perform the first compromise attack again. This usually involves fooling the target’s IT security team with traffic that looks legitimate.
3. Privilege escalation: With a foothold into the network, the attacker seeks to gain administrator access to take more control.
4. Infrastructure scrutiny: With the extra privileges that come from administrative access, the attacker can find out more information about the network, such as key infrastructure and important relationships of trust.
5. Network expansion: Having established administrative access and conducted extra scrutiny, the attacker expands their control of the network as necessary to get access to the target information.
6. Achieve target: The successful completion of the mission, obtaining sensitive data belonging to the target organization, is the most critical step in the APT attack and is its raison d’etre.

With an APT, there is always an aim to obtain some kind of information. This threat stands in contrast to say DDoS attacks, in which the aim is often to disrupt an organization’s business continuity. The key tenets of all APTs are stealth, patience, and goal-orientation.

Advanced Persistent Threat Protection

It’s often the case in infosec that learning about the things that don’t protect your systems is as much help in protecting your company as learning about what works. Given the steps above, we can say protection will NOT result from:

• Malware detection: the point of an APT is that it is advanced, which means that the attacker will rarely if ever use any commonly known malware or backdoor trojan to gain a foothold within a network.
• Auditing logins: checking logs to notice strange times at which users have logged into systems is not a strategy likely to protect against this type of compromise. The reason is that in step 2, the intruder establishes a customized toolkit that ensures future access without needing to repeat the first compromise.
• Relying on suspicious IP addresses: some sources say you can find an in-progress APT by monitoring logins to internal email addresses and detecting suspicious IP addresses. A skilled hacker often logs in from inside your network, leaving no trace of suspicion in the IP address.

Closing Thoughts

Advanced persistent threats are extremely effective information security attacks that all companies need to worry about, especially the largest organizations. Hospitals, universities, pharmaceutical companies, large financial corporations, and even government agencies are all viable targets because they all have one thing in common—they store sensitive, valuable information.

The post Explaining What an APT is in Cybersecurity appeared first on RonanTheWriter.

What is Ethical Hacking?

Ethical hacking is the compromising of a computer system or network by a skilled professional in order to help detect and protect those same systems from vulnerabilities. An ethical hacker uses the same skills and tools as a malicious hacker; the difference is in the purpose of the activity.

A malicious hacker typically wants to disrupt a system, steal information, or otherwise damage an organization’s credibility. The key tenet of ethical hacking is protecting organizations, whether that means large businesses or government departments.

What Are The Three Types of Hackers?

There are three broad types of people who intentionally attempt to compromise systems and networks:

1. White hat. These people professionals who use their expertise in compromising systems for defensive rather than malicious purposes. It’s critical to note that white hat pros crack systems only when they have explicit permission from the data owner to do so.
2. Black hat. Black hats are people who use their skills for nefarious reasons. Put simply, they’re the bad guys of the hacking world. These people break into systems with the intention to destroy data, obtain lucrative information, spread computer viruses, or simply wreak havoc.
3. Gray hat. Gray hats occupy an interesting in-between point on this spectrum. These people are generally very curious about the tools and technologies people use to compromise a system. They might target a particular organization, not with the intention of causing harm, but with the intention of highlighting a flaw in the victim’s info security posture. Gray hats are unpaid, and they hack into systems without permission, which is why we can say they occupy a gray area between malicious and ethical.

It’s worth noting that ethical hackers fall into the white hat category when currently employed. However, it’s often the case that organizations recruit professional system crackers who’ve previously operated as gray hats.

What is the Use of Ethical Hacking?

When hired by an organization, the ethical hacker first asks for clarification on what systems and information the organization deems critical and necessary to protect. The professional also needs to know what resources the organization wants to commit to this protection.

Often there’s a mismatch between resource allocation and the level of protection needed to guard information assets. The hacker plans penetration tests around the assets of importance. The person then uses the same tools and processes as a black hat would to find loopholes and breach systems. The person then compiles a penetration test report, which includes screenshots and a summary of the key risks.

Based on the pen test report, the organization can put measures in place to mitigate the risks highlighted by an ethical hacker. After establishing these countermeasures, the pen test can be repeated to make sure nothing is missed.

Are Ethical Hackers in Demand?

As much as you can say cybersecurity, in general, is a growing field, then yes, ethical hacking is an in-demand career. It’s worth noting that cracking a system is a specialized skill that not many people possess. It is also pertinent that cyber attacks continue to grow in volume and sophistication. Governments and large businesses need specialized professionals to find flaws in their systems and help rectify them before a black hat finds them.

Salaries for certified ethical hackers vary considerably due to factors like location, experience, and skillset. On average, you can expect to earn $71,000 if you opt for this career path.

Large organizations should definitely consider hiring a good certified ethical hacker as part of improving their IT security defenses. These skills will only become more important as malicious attacks continue to rise and digital information becomes more valuable.

The post Ethical Hacking: An Overview appeared first on RonanTheWriter.

At any medium to large-sized business, there is often a mix of private and public clouds and multiple service providers. All organizations need a good way to manage the interconnections and dependencies within their cloud infrastructures.  This is where orchestration comes in.

What is Cloud Orchestration?

Cloud orchestration uses code to automatically provision resources and services in a cloud environment. Orchestration takes a series of separate automated tasks and coordinates them within a workflow. The premise is that managed, controlled automation is more efficient than keeping automated tasks siloed and unmanaged, which can create confusion.

More specifically, the tasks within an orchestration workflow in cloud computing can involve the following:

• Starting or provisioning new servers
• Adding extra storage capacity
• Spinning up new virtual machine instances
• Accessing cloud-based software services

Benefits of Cloud Orchestration

There are several reasons beyond greater efficiency that businesses might want to consider cloud orchestration, including:

• Auditing cloud use

With a complex multi-cloud setup, it’s difficult for IT support teams to maintain visibility and control over cloud use on their own. Orchestration provides a unified view of cloud resources, which facilitates better monitoring. The result is increased control of your cloud environment and improved implementation of IT security policies and cloud usage guidelines.

• Reduced costs

An additional benefit stemming from how orchestration enables visibility is more economic use of cloud resources. Unused servers are quickly identified and automatically switched off, which avoids unnecessary expenses. Network admins can maintain control of the virtual machines on their network. Coordinated automation generally requires less human labor and consumes only the necessary resources for the company’s cloud workloads, both of which save money.

• Simplified automation

Automation on its own is useful, but it can introduce complexities. Because automation handles individual tasks, it can lead to confusion about what needs automating and when. With orchestration, everything is integrated into a unified workflow, leading to greater clarity and simplicity.

• Event-driven remediation

When any company uses the cloud, things are bound to go wrong now and then. Disks may run out of space for your primary storage, not enough servers might be provisioned to deal with traffic spikes on business applications. One of the great things about orchestration is its ability to provide organizations with event-driven remediation. If a disk runs out of space, new storage space is automatically provisioned via the orchestration tool(s).

• Improved agility

Modern IT businesses need to be agile, which means they need to be able to rapidly respond to change. A business is only as agile as its IT infrastructure, though. Orchestration is hugely important for achieving improved agility through the intelligent and automatic provisioning of resources across storage, computing, and networking cloud infrastructure.

Popular Cloud Orchestration Tools

There is a slew of cloud orchestration tools available to businesses. Some are orchestration-specific; others facilitate orchestration through IT task automation. Here are some examples:

• Bolt
• Morpheus
• IBM Cloud Orchestrator
• AWS CloudFormation
• Ansible
• Puppet

The post A Primer on Orchestration in Cloud Computing appeared first on RonanTheWriter.

Data Replication in the Cloud

In the context of cloud computing, data replication is vital for businesses that want to ensure data redundancy. The last thing you need is your primary storage server for a business-critical application going offline, affecting end users. With effective data replication in place, the end-users will never notice if a primary storage system goes down.

It’s important for IT departments to note that data replication in the cloud can be instigated by two different parties:

1. Cloud service providers. As part of a cloud provider’s service level agreement (SLA), each provider typically replicates data automatically at no cost to you; the business using their cloud services. But you also have no control over this replication.
2. Users of cloud services. As a business user of cloud services, you can take action to replicate your data or other important resources if you want added protection beyond what your cloud provider does. Or, as you’ll soon see, if you want a different type of replication.

It’s worth noting that replication is a disaster recovery strategy. In the event of a disaster causing the failure of a primary system, replication provides failover to a secondary system.

The scope of replication does not extend to data corruption or deleting data. If there is a fundamental problem that affects a dataset, such as accidental deletion, the problem is simply replicated to your secondary systems.

From this perspective, data replication is a tool with an important role to play in your wider business continuity strategy and disaster recovery plan.

Synchronous vs Asynchronous Replication

If you want to take action to replicate your data and important cloud resources aside from what your cloud provider does, you need to know about the different types of replication. By understanding these ways to replicate data, you can choose the best method for your use cases.

Synchronous replication happens in real-time. As you write data to your primary storage, it gets replicated to other secondary locations simultaneously. With synchronous replication, data is written to multiple locations all at the same time.

Asynchronous replication is when data is not replicated in real-time. The data is written to the primary storage location, and there is a time lag between the initial write and the copying of this data from primary to secondary sources.

By definition, each of these types of data replication in the cloud comes with its own advantages and disadvantages.

Synchronous replication is useful precisely because it happens in real-time without any delay. There is no risk of data loss caused by the failure of the primary resource between the time of writing and the time of replicating.

The disadvantage of synchronous replication is that it is highly limited by distance. Any sort of network latency above 30-40 ms between two storage locations is not conducive to effective synchronous replication. As such, this type of replication is typically only suitable within a data center or between two locations close to each other geographically.

Asynchronous replication is not limited by geographic location. You don’t need pristine network connectivity and as much bandwidth to replicate asynchronously.

The problem with asynchronous replication is that if a disaster strikes the primary data resource during a period of heavy updates with lots of write operations, these updates will not be reflected when the replication occurs.

In Closing

The main question you need to answer as a business is, “Which type of replication is better”? The answer depends on the specific priorities and budget at your company’s disposal.

In general, you should choose asynchronous replication when you want a more cost-efficient solution with minimal network burden and long-distance replication.

Your business should use synchronous replication if you can’t tolerate any level of data loss and your secondary storage locations are in close proximity, such as in your own data center.

Lastly, always remember to monitor your cloud usage, making sure that data is actually being replicated how you want it to be.

The post <center>A Guide to Synchronous vs Asynchronous Replication</center> appeared first on RonanTheWriter.

Benefits of Cloud Monitoring

When IT departments deploy cloud resources, they often do so in an automated way. The problem is that not keeping track of these resources potentially leads to situations in which servers are left running that aren’t doing anything. Another bad outcome from a lack of visibility into cloud usage is that applications might need more resources than are currently in use, leading to performance issues or downtime.

Cloud monitoring tools and dashboards can keep track of storage usage, memory consumption, billing costs, and currently running servers. Correspondingly, the main benefits of cloud monitoring are:

• Cost-effective—cloud monitoring keeps your bill as low as it can be. Despite the often touted cost-efficacy of using cloud computing, it can quickly become an expensive mistake for your business if the proper monitoring is not in place or used.
• Reliability—whether you use the cloud for internal or customer-facing applications, monitoring your resources ensures reliable application performance, with the appropriate number of servers and amount of storage in place to meet application demands.
• Scalability—proper monitoring ensures you can scale your resources up or down on an as-needed basis, precisely when demand for resources dictates that you need to scale.
• Investigative—by examining log files, your cloud monitoring efforts can unearth insights into potential threats to databases, or other issues affecting your IT infrastructure.

Cloud Monitoring and Alerting

Alerts are a hugely important part of effective cloud monitoring. Typically, the way in which cloud alerting works is that when a specific threshold is reached on a resource, the monitoring tool or dashboard generates an alert.

It’s crucial to note that generating an alert doesn’t necessarily mean your IT department receives a notification about it. Ideally, you want a monitoring solution in place with as much automation as possible. What this means in practice is that you set up alerts and automated corrective actions for those alerts.

The idea is that you have a workflow in place that readily detects suboptimal performance and has automated actions to take the relevant systems or applications back into an optimal state of performance.

For some alerts, you will want explicit notification by email or text. These alerts typically relate to billing considerations. With a certain cloud budget in place, you’ll want to know exactly when and why your organization’s cloud usage exceeds that budgets

Scaling Cloud Resources

Scaling your cloud resources in an automated or manual way as needed is a huge part of the reasoning behind cloud monitoring. The beauty of the cloud is that resources are practically unlimited, and you can spin up a new server in minutes if you need to.

It’s important to remember, though, that you can also scale your resources down. Cloud providers would love your business to spin up servers, leave them running, and forget about them. This lack of monitoring leads to more money in their pockets. But it serves your business no useful purpose to pay for unused resources, which is why monitoring is so crucial.

You can generally scale in the cloud in two types of ways. Vertical scaling is when you add more computing power to resources you’ve already deployed. For example, you could add more storage or processing speed. Horizontal scaling is adding extra resources to your current cloud infrastructure.

Cloud Monitoring Tools

Most leading cloud providers give you some useful tools for tracking and monitoring your cloud use. Google‘s Cloud Monitoring suite is a good example.

Closing Thoughts

Striving for as much automation as possible is a prudent way to go about cloud monitoring. Try to get a tool that facilitates automation and gives central access to and control over your entire cloud deployment across all providers and types of cloud. To really optimize cloud performance, incorporate user feedback metrics, such as response times, into your monitoring capabilities.

The post An IT Department’s Guide to Monitoring the Cloud appeared first on RonanTheWriter.

What is Load Balancing?

Load balancing distributes workloads on a network across multiple servers efficiently. With load balancing in place, no single server becomes overburdened by network traffic, ensuring that end-users, whether internal or external, experience stable performance when interacting with IT services, such as applications or websites.

Software Load Balancer vs Hardware

Load balancing can function using software or hardware. Companies can purchase a proprietary load balancing device pre-loaded with a special operating system. The device’s operating system distributes traffic in an efficient way across many servers.

For software-based load balancing, no proprietary hardware is required. You can simply install the software on a standard server, from which the load balancing software manages the traffic flow. The server can be on-premise or a virtual machine.

It’s the network administrator’s role to properly set up load balancing. The network admin defines an IP address or DNS for the website, application, or task for which an organization needs load balancing. This IP address ensures that all traffic for the specific function goes to the load balancer.

From the load balancing server or load balancing device, the traffic is distributed using the IP addresses of the actual servers that will handle and share the workload(s) in question.

Different types of load balancing algoirthms control the flow of traffic to servers. It’s the job of the network admin to choose the most suitable algorithm based on their own knowledge.

Load Balancing Options

There are a few different types of configurations and options for using load balancing in networking. This section doesn’t attempt to be exhaustive—rather, it provides a high-level overview of topics that could have entire posts dedicated to them.

1. On-premise load balancing: typically for large organizations that want to manage traffic flow on a network from internal applications with heavy use, such as CRM systems.
2. Internet-facing load balancing: companies can distribute incoming Internet traffic (to their website, for example) efficiently between many servers.
3. Cloud load balancing: distributes workloads across many computing resources in the cloud and on-premise using a service-based model.
4. Content-based load balancing: an approach to load balancing in which different groups of servers handle different types of requests, such as video streaming, downloads, and web pages.
5. Global server load balancing: distributes traffic across server resources located in multiple regions around the world.

Benefits of Load Balancing

Given the definition of load balancing, it would be easy to assume that network efficiency is the only important benefit. However, the picture is bigger than that, and IT departments at small, medium, and large businesses have much to gain from using load balancing.

Scalability

One of the best benefits of load balancing that accommodates offloading traffic to the cloud is scalability. Maybe you’re a small consumer goods business selling merchandise online and your web servers can handle your online store traffic most of the time. But, during specific times of the year, such as Black Friday, you experience traffic surges and your servers become overburdened, leading to failure.

Load balancing addresses this exact need for scalable computing resources. By using load balancing, you can offload traffic to the cloud during times of peak demand, whether that means for specific days during the year of specific times. Read about different ways to connect to the cloud.

Redundancy

In the case of a small, fast-growing business, there is a need to expand beyond using a single server to deliver customer-facing websites or use business-critical applications. A single point of failure can cost your business a lot of money.

However, even if a business has multiple web servers, it’s possible for a server to fail. Without load balancing in place, all the requests made to the failed server cannot be answered, which affects the end users. With load balancing in place, you achieve redundancy. Traffic is automatically redirected to working servers, meaning your critical applications and websites aren’t noticeably impacted by the failure of one server.

DDoS Mitigation

One of the most overlooked benefits of load balancing in networking is in the area of network security. Using a software-based load balancer with the option to offload traffic to the public cloud provides cost-effective protection against DDoS attacks.

In a DDoS attack, a third party attempts to overwhelm IT resources by inundating an organization’s servers with a barrage of requests to the point that they stop working. From a business continuity perspective, DDoS attacks can be incredibly damaging. The use of load balancing is cost-effective and elastic in mitigating DDoS attacks. Software-based solutions with intelligent analytics can offload large numbers of server requests to public cloud servers when DDoS attacks are identified.

Performance

Your business-critical apps and websites work better with load balancing in place. Downtime is dramatically reduced. Content-based load balancing ensures servers are optimized to deal with specific types of requests, resulting in further performance boosts.

Reliability

With global server load balancing, or even cross-regional load balancing, you become less susceptible to conditions in one area and your critical apps become more reliable. For example, say you’re a small marketing company from Heuston hosting a business-critical application, and your employees work remotely. If there’s a severe weather event or power outage in Houston, all your servers go down, and nobody can access the business-critical app. With load balancing, different servers in different geographical areas can host the application and the load balancer can direct end user requests to these servers.

Summary

Load balancing can benefit businesses of all sizes by managing the distribution of workloads between servers. A load balancing solution, whether software or hardware-based, should be a prime consideration of any company’s IT department and network administrator.

The post Benefits of Load Balancing in Networking appeared first on RonanTheWriter.

2020 Twitter Breach Explained

In the breach, hackers gained access to the accounts of several high-profile Twitter users, including US presidential candidate Joe Biden, billionaire entrepreneur Jeff Bezos, and trillion-dollar tech company, Apple. The hackers used the access they gained to conduct a simple bitcoin scam. The access to such high-profile Twitter accounts took advantage of a coordinated social engineering attack on key Twitter employees, gaining access to internal systems.

So, here we have an interesting combination of incredible sophistication to gain access to internal systems and incredible simplicity to steal money. The simple bitcoin scam promised, via Tweets from verified accounts, that if people sent $1,000 worth of bitcoin to a particular bitcoin address, they’d get $2,000 in return.

In response to the attack, Twitter blocked verified accounts from Tweeting completely for up to one hour. Verified Twitter accounts belong to people of public interest who have verified their authenticity. These people typically have hundreds of thousands of followers.

The dark beauty of this attack is that it took advantage of peoples’ trust in public figures. Most people would have the common sense not to send money to a random bitcoin address if a random account Tweeted that they could double their money.

However, when the accounts Tweeting about the money-making promises are verified figures of public trust, it is much easier to fall victim and believe the Tweet. It’s believed the bitcoin wallet’s balance grew rapidly to over $100,000 in value (~11 BTC at the time of the attack).

What is Social Engineering in Cyber Security?

Social engineering in cyber security is when an unknown or untrusted party gains the trust of someone inside a company. After the attacker gains the victim’s trust, they can use this trust for nefarious purposes, such as opening a back door into sensitive systems.

In the case of the 2020 Twitter breach, it appears that a coordinated and complex social engineering attack granted the access that the hackers needed to post from verified Twitter accounts. Social engineering attacks take advantage of the people within organizations rather than the systems used to secure a network.

The Twitter breach shows that even the people working for tech-oriented organizations are vulnerable to social engineering attacks. It also shows that even technically secure environments at the world’s largest enterprises are susceptible to intrusion.

Social Engineering Threats

The following are some of the main social engineering threats can arise from a successful attack:

• Compromised users can open infected files that wreak havoc on an organization’s internal networks.
• Victims can reveal confidential company information or personal information in a type of social engineering attack known as spear phishing.
• Victims may click malicious URLs that infect their computer or every computer one network.
• Victims might reveal passwords to sensitive databases, which attackers can retrieve and dump on the darknet or demand money for.
• In a type of social engineering attack known as a watering hole attack, victims visit seemingly trustworthy websites and attackers either infect their computers or access internal networks.
• Apply all these practices inside the corporate network and when working outside the office to improve endpoint security.

Social Engineering Prevention

Social engineering prevention is best achieved through thorough employee awareness and education about these types of attacks. More specifically, here are some prevention methods all employees and employers should follow:

• Take a cautious approach to any communications that seem abnormal or unexpected even from people whom you trust
• Ask people for proof of identity, such as documents or numbers that can easily be verified as authentic
• When receiving phone calls, ask a colleague who recognizes the supposed caller’s voice to verify it
• Think before clicking on any new or unfamiliar links.
• Never download files you didn’t expect or when you don’t know the sender
• Use multi-factor authentication for key systems so that a compromise in credentials doesn’t always result in a breach

Summary

Social engineering attacks exploit vulnerabilities in human psychology. The 2020 Twitter breach is an almost perfect example of how effective social engineering can be. An enterprise can take all the steps in the world to secure its network, but employees can still provide attackers with entry points into key systems. Prevention can only be achieved with increased employee education about social engineering.

The post Twitter Security Breach 2020: A Successful Social Engineering Attack appeared first on RonanTheWriter.