Poison Attacks: A quick overview

, ,
Poison Attacks: A quick overview

Poison Attacks: A quick overview

Smart technology is everywhere. Not just in our offices, but even in our day-to-day lives with tools like Google Home and Alexa becoming a commonplace. With technology becoming smarter every minute, the risks are increasing by the minute as well. Cybercriminals are finding new ways to corrupt our IT networks to disrupt our businesses, hold our data hostage and even clear our personal bank accounts. Some of the more overt, commonly known acts of cybercrime include hacking, phishing, and ransomware attacks. This blog discusses a lesser-known cybercrime–Poison attacks.

What are Poison attacks
Poison attacks are attacks on the ability of the system to make smart decisions. Think about this. How do systems make intelligent decisions? Based on the training or data they receive. This data is used to hone the artificial intelligence of the system to help make smart decisions. Poison attacks mess the very base–the training data set. Poison attacks basically skew the system’s data model in such a way that the output is no longer as intended. They create a new normal for everything. Poison attacks are primarily backdoor attacks. In a backdoor poison attack, the attacker creates a loophole in the core data rule and trains the system to adhere to that rule so it can be exploited at a later time. For example, let’s say, the access control for a particular file is set such that it will allow only those beyond the VP level to view the data. If someone changes the main parameter to include manager level in there, the core data set is violated and the system will not detect an intrusion by someone at the manager level, even if they log in with their credentials.

Unlike Ransomware, poison attacks don’t make much noise but cause far more damage as they can go undetected for a longer time. Follow our blog next week as we discuss the 3 common types of poison attacks

Watch out for these poison attacks!
Poison hamper the ability of the system to make smart decisions by disturbing the very core data set that is used to make a decision. Poison attack methodologies typically fall into one of the following 3 categories.

  • Logic corruption
  • Data manipulation
  • Data injection

Logic corruption
In logic corruption, the attacker changes the basic logic used to make the system arrive at the output. It essentially changes the way the system learns, applies new rules and corrupts the system to do whatever the attacker wants.

Data manipulation
In data manipulation, as the name suggests, the attacker manipulates the data to extend data boundaries that result in backdoor entries that can be exploited later. Unlike logic corruption, the attacker doesn’t have access to the logic, so they work with the existing rule and push data boundaries further with a view to accommodate them later.

Data injection
In data injection, the attacker inserts fake data into the actual data set to skew the data model and ultimately weaken the outcome. The weakened outcome then serves as an easy entryway for the attacker into the victim’s system.

/by

Employee training and Cybersecurity

, ,

Employee training and Cybersecurity

Employee training & Cybersecurity

Employee training will form a big part of the cybersecurity initiative that you will take on as an organization. You need to train your employees to identify and respond correctly to cyberthreats. Here are some employee training best practices that you can make a part of your cybersecurity training program.

Create an IT policy handbook
Make sure you have a handbook of your IT policy that you share with every new employee, regardless of their position in the company. This IT policy handbook must be provided to everyone–right from the CEO to the newest intern in your organization. Also, ensure this handbook is consistently updated. IT is evolving at great speed and your handbook must keep up

Make cybersecurity training a part of your official training initiatives
Cybersecurity training should be a part of your corporate training initiatives for all new employees. You can also conduct refresher sessions once in a while to ensure your existing employees are up-to-date on the latest cyberthreats. At the end of the training session, conduct tests, mock drills, certification exams. Good training includes assessment. Provide follow up training for those who need it. This strong emphasis on training will ensure your employees take cybersecurity seriously.

Day zero alerts
As discussed, the cybercrime landscape is constantly evolving. Every day, cybercriminals are finding new vulnerabilities to exploit, and new methods to steal your data or to hack into your system. Day zero alerts are a great way to keep your employees updated. Has a new security threat been discovered or an important plug-in released for the optimal functioning of a browser? Send an email to everyone spelling out clearly what the threat is and what they can do to mitigate it. Then, follow up to verify they took the necessary steps.

Transparency

Let your employees know who to contact in the event of any IT related challenges. This is important because someone troubleshooting on the internet for a solution to something as simple as a zipping up a file could end up downloading malware accidentally.

Considering the serious ramifications brought on by cybercrime attacks, it makes sense for organizations to strengthen their first line of defense against cybercriminals–their own employees.

/by

Strengthening your cybersecurity policies

, ,

Strengthening your cybersecurity policies

Strengthening your cybersecurity policies

Formulating strong IT policies and laying down the best practices for your staff to follow is one of the best ways to prevent your business from becoming a victim of cybercrime. In this blog, we explore the various areas your IT policy should ideally cover.

Passwords: Your IT policy should cover

  1. Rules regarding password setting
  2. Password best practices
  3. The implications of password sharing
  4. Corrective actions that will be taken in the event the password policy is not followed

Personal devices

    1. Rules regarding the usage of personal devices at work or for work purposes. Answer questions like
      1. Are all employees allowed to use personal devices for work or do you want to limit it to those handling lesser sensitive data, or to those at higher in the corporate hierarchy as you assume they will need to be available 24/7? Regardless, you should spell out the regulations that they must follow. For example, requiring a weekly or monthly check for malware and updates to anti-malware software, etc., If only certain kinds of devices, software or operating systems may be approved as they are presumed to be more secure, then that should be addressed in the policy

 

  1. Discuss best practices and educate your employees on the risks related to connecting to open internet connections (Free WiFi) such as the ones offered at malls or airports.

Cybersecurity measures

  1. Document the cybersecurity measures that you have in place for your business. This should include your digital measures such as the software you have deployed to keep malware out–like anti-virus tools, firewalls, etc., and also the physical measures such as CCTV systems, biometric access controls, etc.,
  2. Another example of a good practice is how you handle employee turnover. When someone quits your organization or has changed positions, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc.,
/by

Why do you need a top-down approach to IT security?

, ,

Why do you need a top-down approach to IT security?

Why do you need a top-down approach to IT security?

For any organization, its employees are its biggest assets. But, what happens when your biggest assets turn out to be your greatest threats or liabilities? That is how cybercrime can change the game. In a recent study, it came to light that employee actions account for about 70% of the data breaches that happen. This blog focuses on the first step you need to take as an organization to better prepare your employees to identify and mitigate cyber threats–adopting a top-down approach to IT security.

Being a victim of cyber-attack can prove disastrous for your business as it has the following repercussions.

  • Affects your brand image negatively: Business disruption due to downtime or having your important business data including customer and vendor details stolen reflects poorly on your brand.
  • It can cause you to lose customers: Your customers may take their business elsewhere as they may not feel safe sharing their PII with you.
  • Can cost you quite a bit financially: Data breach makes you liable to follow certain disclosure requirements mandated by the law. These most likely require you to make announcements on popular media, which can prove expensive. Plus, you will also have to invest in positive PR to boost your brand value.
  • It makes you vulnerable to lawsuits: You could be sued by customers whose Personally Identifiable Information (PII) has been compromised or stolen.

The organizational mindset needs to change and acknowledge the fact that IT security is not ONLY your IT department, CTO or Managed Service Provider’s (MSP) responsibility. You need to truly believe that IT security is everyone’s business, and that includes everybody working in your company, from the C-level execs to the newly hired intern. Everybody needs to understand the gravity of a cyberattack and its impact. Only then will they take cybersecurity seriously.

/by

3 steps you can take to protect your data in the Cloud

, ,

3 steps you can take to protect your data in the Cloud

3 steps you can take to protect your data in the Cloud

Moving to the Cloud offers tremendous benefits for SMBs that range from lower IT costs to any-time access to data and certainly more reliability in terms of uptime. But, data in the Cloud is also vulnerable to security threats just like the data stored on physical servers. This blog discusses 3 things you can do to protect your data in the Cloud

Secure access: The first step would be to secure access to your data in the Cloud. So, how do you go about it? Safeguard your login credentials-your User IDs and passwords-from prying eye. Set strong password policies that are practiced across the board and educate your employees about good password hygiene. Also, do you have employees using their own devices to access their work-related applications and documents? Do you have staff working from home? Then, you also need to formulate strong BYOD (Bring-your-own-device) policies, so these devices don’t end up as the entry point to cybercriminals.

Educate your employees: What’s the first thing that pops into your head when someone talks about cybercrime? You probably picture some unknown person, a tech-whiz sitting behind a computer in a dark room, trying to steal your data. But, surprising as it may seem, the first and probably the biggest threat to your data and IT security in general, comes from your employees! Malicious employees may do you harm on purpose by stealing or destroying your data, but oftentimes, employees unwittingly become accomplices to cybercrime. For example, forwarding an email with an attachment that contains a virus, or clicking on a phishing link unknowingly and entering sensitive information therein or compromising on security when they share passwords or connect to an unsecured or open WiFi at public places such as the mall or the airport with a view to “get things done”, but, without realizing how disastrous the implications of such actions can be.

Choosing the right Cloud service provider: If you are putting your data in the Cloud, you need to make sure that it is in safe hands. As such, it is your Cloud service provider’s responsibility to ensure your data is secure and, accessible, always. But, are they doing all that is needed to ensure this happens? It is very important to choose a trustworthy Cloud service provider because you are essentially handing over all your data to them. So, apart from strengthening your defenses, you need to check how well-prepared they are to avert the threats posed by cybercriminals.

Complete Cloud security is a blend of all these plus internal policies, best practices, and regulations related to IT security, and of course, the MSP you choose to be your Cloud security provider plays a key role in all this.

/by

Is the Cloud really risk-free?

, ,

Is the Cloud really risk-free?

Is the Cloud really risk-free?

The Cloud presents plenty of benefits that make it a very attractive choice, especially for SMBs who don’t want to be burdened with higher in-house IT costs, putting your data in the Cloud is not risk-free. Just as storing data on physical servers has its security threats, the Cloud presents certain security concerns as well. These include

  • Data breach: A data breach is when your data is accessed by someone who is not authorized to do so.
  • Data loss: A data loss is a situation where your data in the Cloud is destroyed due to certain circumstances such as technological failure or neglect during any stage of data processing or storage.
  • Account hijacking: Like traditional servers, data in the Cloud could be stolen through account hijacking as well. In fact, Cloud account hijacking is predominantly deployed in cybercrimes that require entail identity thefts and wrongful impersonation
  • Service traffic hijacking: In a service traffic hijacking, your attacker first gains access to your credentials, uses it to understand the online activities that happen in your domain and then uses the information to mislead your users or domain visitors to malicious sites.
  • Insecure application program interfaces (APIs): Sometimes, Cloud APIs, when opened up to third parties, can be a huge security threat. If the API keys are not properly secured, it can serve as an entry point for cybercriminals and malicious elements.
  • Poor choice of Cloud storage providers: A security lapse from the Cloud storage provider’s end is a huge security concern for businesses. It is very important to choose a trusted and experienced Cloud service provider who knows what they are doing.

Apart from the above, there are some common threats that apply to both the Cloud and traditional data storage environments such as a DDoS attack, or a malware attack where your data in the Cloud becomes susceptible because it is being shared with others and at other places.

Some Cloud security mechanisms that SMBs can invest in to keep their data safe

Cloud firewalls: Much like the firewalls you deploy for your local IT network, Cloud firewalls work to prevent unauthorized Cloud network access.

Penetration testing: Penetration testing is a sort of a Cloud security check where IT experts try hacking into the Cloud network to figure out if there are any security lapses or vulnerabilities that could serve cybercriminals.

Obfuscation: In obfuscation, the data or program code is obscured on purpose such that the system delivers unclear code to anyone other than the original programmer, thus mitigating any malicious activity.

Tokenization: Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.1

Virtual Private Networks (VPN): Another, more commonly used mechanism is the VPN. VPN creates a safe passage for data over the Cloud through end-to-end encryption methodology.

Investing in a good Cloud security system is a must, but, in the end, you also need to remember that Cloud security is not only about antivirus software, firewalls, and other anti-malware tools. You need to pick the right MSP and work closely with them to implement a Cloud security solution that works for you.

1https://searchsecurity.techtarget.com/definition/tokenization

/by

Things to consider before switching to the Cloud

, ,

Things to consider before switching to the Cloud

Things to consider before switching to the Cloud

More and more businesses are switching to the Cloud to store their data and rightly so. The Cloud offers numerous benefits over the traditional, physical on site server. For example,

  • Anytime, anywhere access to your data: Information in the Cloud can be accessed from anywhere using an internet connection, unlike in the case of traditional servers, where you need a physical connection to the servers
  • Significant cost savings: You cut hardware costs, because the Cloud follows a ‘pay-as-you-use’ approach to data storage
  • SaaS compatibility and support: The Cloud allows the use of Software-as-a-Service since the software can be hosted in the Cloud
  • Scalability: The Cloud lets you scale up and down as your business needs change
  • 24/7 monitoring, support, and greater access reliability: When your data is in the Cloud, the Cloud service provider is responsible for keeping it safe and ensuring it is securely accessible at all times. They monitor the Cloud’s performance and in the event of any performance issues, they provide immediate tech support to resolve the problem

Your big Cloud move: What to consider

If you are considering moving to the Cloud, you will find it helpful to sign-up with an MSP who is well-versed with the Cloud. They can advise you on the benefits and risks of the Cloud and also offer the Cloud solution that’s right for you. In any case, before you migrate to the Cloud, make sure you are dealing with a reputed Cloud service provider who has strong data security measures in place. You can even explicitly ask them what security mechanisms they have invested in to manage data access and security.

Yes, moving to the Cloud has it benefits, but it also has its challenges including security risks. Learn more in our next blog, “Is the Cloud really risk-free?”

/by

Supply Chains are Getting Attacked by Hackers

,

Shipping Crates with cranes on a wharf

Gaining access to a company that provides products or services for other organizations is an effective way for hackers to attack many targets at once. As a result, businesses that are part of a supply chain are becoming an increasingly attractive target for cyber attackers, especially those acting under the direction of foreign governments.

Large-scale Attacks

Several major cyber security incidents during the past year demonstrate the large-scale effect of an attack on an entire supply chain. The attack against IT services provider SolarWinds was one of the largest and most effective, as it was conducted by hackers working for the Russian intelligence service. This attack compromised Solar Winds’ updates, which 18,000 customers subsequently downloaded. The attackers then targeted about 100 of those customers, some of which were US government agencies.

Another recent major attack against US supply chains exploited a vulnerability in Kaseya’s software, which attackers used to conduct a ransomware attack affecting thousands of this company’s customers throughout the world. This attack included threats of future attacks if the victims disclosed the attack to law enforcement agencies or other third parties. These threats are a recent development in ransomware that demonstrate the attackers’ strong desire for secrecy.

Small-scale Attacks

Other attacks against supply chains are much less likely to draw attention than these major incidents, but they can still be very effective. Furthermore, an attack that’s tightly focused on a limited number of targets can also be harder to detect. These factors create a trade-off between casting a wider net to compromise more systems and minimizing the risk of detection. As a result, malicious actors are using more care in designing their campaigns, often choosing a more targeted strategy.

Bigger attacks certainly get more attention, but some supply chain compromises warrant closer examination due to their potential impact on the supply chain. These small-scale attacks can be just as effective in creating discrete pathways into a network, especially through developer and mobile environments. Many supply chain compromises are currently focusing on developer environments due to the high privileges these users often have. Mobile environments also provide attractive attack vectors due to the difficulty in tracing the source of these attacks. The high probability of success for these attacks make it likely that they’ll remain a threat to supply chains for the foreseeable future.

Prevention

The expected growth in the frequency and sophistication of supply chain attacks increases the need to detect these attractive vectors. Rapid advances in the technology that supply chains use will increase their complexity, thus making it more difficult to defeat these attacks. Organizations should therefore examine strategies from protecting themselves from the likelihood that one of their suppliers will eventually fall victim to a cyber attack.

The first step in this process is to establish a clear security pathway between an organization and its suppliers, ensuring strong defenses at all links in the supply chain. These defenses largely consist of managing access control, which is relatively straightforward in modern security systems. The next step is use a design that offers resiliency in the event a supplier is compromised, meaning that the effects of an attack tend to be limited to the initial target.

Information security teams can also increase their network protection by understanding what’s on their networks and how they connect to the internet. For example, the SolarWinds attacks succeeded only because those installations had direct access to the internet. Ensuring that supply chain systems don’t have direct internet access creates a major barrier to ransomware and similar attacks.

Horizon flickr photo by Tristan Taussac shared under a Creative Commons (BY-ND) license

/by

Website Security: HTTPA over HTTPS

Secure Sockets Layer, Protocol, and Database Security related words wordmap

Hypertext Transfer Protocol Secure (HTTPS) is quickly becoming a more popular internet protocol than HTTP for website and application connections. While HTTPS is fast and secure, it must execute code in a trusted execution environment (TEE).

Intel staffers Gordon King and Hans Wang have proposed a new protocol called HTTPS-Attestable (HTTPA) that will improve on HTTPS by eliminating the requirement for a TEE on the client side. King and Wang describe HTTPA in a paper distributed through ArXiv in October 2021.

HTTPS

HTTPS is an extension of HTTP that’s widely used for secure communication over a network, especially the internet. It originally used Secure Sockets Layer (SSL) to encrypt data, although it now uses Transport Layer Security (TLS). HTTPS is therefore also known as HTTP over TLS or HTTP over SSL. The general purposes of HTTPS are to authenticate websites that the user accesses and protect the privacy of the exchanged data while it’s in transit between client and server. Specifically, HTTPS uses bidirectional encryption to protect communications from eavesdropping and tampering, including man-in-the-middle attacks.

HTTPS requires a trusted third party to sign digital certificates on the server side, which has historically been an expensive operation. As a result, HTTPS has been used mostly on secured corporate information systems like payment transaction services. However, a partnership between the Electronic Frontier Foundation and web browser developers successfully campaigned to increase HTTPS’s prevalence in 2016. Within five years, websites were using HTTPS more often than HTTP, especially for protecting page authenticity.

HTTPA

HTTPA uses remote attestation to improve on the security of HTTPS. This technique provides applications with assurance that trusted software in a server-side TEE is handling the data through the use of certificates or cryptographic methods. HTTPA ensures that the expected code is running and that it hasn’t been modified by an administrator, process or tool, all of which are possible sources of malicious actions.

A TEE is an area of memory that allows an application to perform computations on sensitive data. ARM and Intel both offer hardware-based TEEs, TrustZone and Software Guard Extension (SGX) respectively. King and Wang note in their paper that SGX provides in-memory encryption, which helps protect runtime computations by reducing the risk of modifications and leaking of sensitive data. HTTPA also uses remote attestation to protect vendor identity, verification identity and trusted computing base (TCB) identity.

Benefits

The primary benefit of HTTPA is that performing computations on server-side TEEs and providing web clients with verification that this was done increases the security of web services. Clients currently have no way of verifying that a server hasn’t been hijacked, leaving open the possibility that its data has been maliciously modified.

HTTPA also allows web services to confirm that the client’s workload is running inside a TEE with protected code. However, HTTPA only protects the application, not the server itself. In addition, it involves extending the HTTPS handshake to include the attestation, consisting of the HTTP request and response for the preflight, attest and trusted sessions.

HTTPA is a general solution for standardizing attestation over HTTPS. It also protects and manages requested data for HTTP domains by establishing multiple trusted connections. In addition, HTTPA leverages HTTPS, making it less complex than other approaches to improving the security of HTTPS.

SSL flickr photo by EpicTop10.com shared under a Creative Commons (BY) license

/by

Beware of QR Code Scams

,

Neon Green closeup of QR code

Businesses use Quick Response (QR) codes to provide a variety of services for their customers, such as locating apps for ordering a product and tracking shipments. They aren’t human readable, which allows scammers to easily embed malicious links in QR codes. This type of scam is becoming more common as the use of QR codes increases, according to the Better Business Bureau (BBB).

A QR code is a two-dimensional barcode that the Japanese automotive manufacturer Denso Wave invented in 1994. It’s a machine-readable label that contains information about a specific product such as identification, location and a pointer to an application or website. A QR code can use any of four encoding modes, including alphanumeric, binary, numeric and kanji. They may also use extensions for these modes.

Scam Examples

QR scams differ greatly in their execution, but they generally rely on the victim scanning the code without thinking about what they’re doing. In particular, scammers hope that the victim won’t consider the QR’s source before scanning it.

The most common QR scam of this type involves distributing content that contains a QR code, which could be a piece of mail, flyer, text message or social media post. The code typically opens a web page when victims scan the QR code with their camera. This website is usually a phishing website controlled by the scammer that resembles a legitimate website. In this case, the website prompts the victim for personal information, especially login credentials.

For example, a victim may receive a letter claiming to offer a consolidation for student loans. The letter also contains a QR code that appears to link to an official government website that deals with student loans. This scam can be highly effective when it’s sent to someone who is currently paying off a student loan. Another approach is to use QR codes to launch a payment app or follow a social media account that the scammer controls.

Scammers can also embed a Bitcoin address in QR codes, which is a common form of cryptocurrency scam. In this scam, consumers may receive a message on a social media platform purporting to be from a forex trader offering an investment opportunity. The victim is expected to pay a withdrawal fee through a Bitcoin machine and send it to the provided QR code. Next, the victim receives an email requesting a transfer fee, which should tell the victim that the message is a scam.

Prevention

The most effective method of avoiding scams involving QR codes is to confirm that the code came from the party you think it did. Contact that party directly and ask if they sent the QR code before scanning it. You can also make QR scanning more secure by adding an app. Antivirus (AV) companies frequently offer apps that check a QR code before opening it, allowing it to detect links that perform malicious actions such as forced downloads and phishing scams.

Look for signs of tampering in advertising materials. Scammers may alter legitimate business ads by placing a sticker with their QR code over the ad’s original QR code. Use extreme caution when a QR code uses a TinyURL, which is an abbreviation of the complete URL. In this case, you don’t know where the URL will direct you, so it could be a scam.

Call us at DirectOne for complete computer and network protection. Over 20 years in business with only you in mind.

QR code flickr photo by Christiaan Colen shared under a Creative Commons (BY-SA) license

/by