Tag: #cyberattack

HTTPS is no longer secure: says FBI

Posted on by Anteelo Master

FBI warns users to be wary of phishing sites abusing HTTPS – Naked Security

The investigation bureau FBI has issued an alert warning to internet users that “HTTPS” and a padlock icon in the address bar might not be enough to prove if a website is authentic or not. It has been observed that cyber-criminals are increasingly abusing the trust in TLS-secured websites for improving the success rate of phishing attacks.

“They [phishing attackers] are more frequently incorporating website certificates – third-party verification that a site is secure – when they send potential victims’ emails that imitate trustworthy companies or email contacts.”

In 2016, a report by the Ponemon institute revealed that nearly half of all the cyber-attacks used SSL encryption to evade detection within the period of last 12 months. Two-thirds of the organizations admitted that their organization was not prepared to detect malicious SSL traffic.

For many years, there has been a push toward adopting the HTTPS protocol on the web since it ensures a secured communication between the website and user’s browser.

Most of the browsers mark websites that use HTTPS with a padlock icon which indicates that the browser traffic is encrypted, and attackers cannot access the data in the transit. These websites also display warnings in case the user accesses a non-secured website.

Google Pushes Business Websites to Use HTTPS (SSL) - Prometheus PPC

With the advancement in the security measures, attackers have also started adopting HTTPS protocol to deploy sophisticated phishing attacks since the use of this secured protocol allows attackers to psychologically trick the victim into believing that the malicious emails or links that they received in their inboxes are coming from authentic sources.

They are designed with the motive to acquire sensitive login details or other information by redirecting victims to malicious websites that looks secure due to the padlock icon.  However, only connection to these websites is secure and the HTTPS protocol is unable to authenticate the content on the website.

What is the reason behind the increasing use of HTTPS?

Graph - Increasing Graph Clip Art - Png Download - Full Size Clipart (#931804) - PinClipart

To deploy a successful cyber-attack, cyber criminals leverage the latest technology. With the number of websites that use SSL encryption, cyber attackers have started encrypting the phishing websites, making it harder for IT administrators to identify the difference between bad and good traffic. Attackers are increasingly using SSL to encrypt the communication between the compromised endpoint and command-and-control systems to hide payloads, instructions as well as other information that is being sent.

As an increasing number of attacks are using HTTPS to avoid the scrutiny by the traditional methods of cyber security, organizations should take steps to ensure that they are protected against bad traffic.

What is the solution?

Where are the people with solutions? - Reputation Today

Lack of awareness among employees is one of the major reasons for the success of such attacks. In recent years, attackers have shifted their focus from individuals to employees. Statistically, 90% of the cyber-attacks are a result of employee negligence. During the year 2018, there has been a 76% increase in the number of phishing attacks. 54% of the companies had experienced cyber-attacks that compromised with their IT infrastructure and data. According to a survey conducted by McAfee on 19,000 people, 97% of the people were unable to identify such cyber attacks.

This is where the cyber security awareness and training tool comes in handy. The tool helps in creating awareness among employees to combat real-life cyber-attacks. With the power of reporting tool TAB, employees become capable to protect the entire organization against probable cyber-attacks.

Every day the number of reported cyber-crimes are increasing. It is, therefore, important for organizations to invest in cyber security awareness and training programs which should be continuous and must be followed with the regular assessment of the employees’ knowledge on cyber-attacks.

In 2019, new cyber security threats are predicted to emerge.

Posted on by Tushar

11 Emerging Cybersecurity Trends in 2021 - Panda Security

Cyber security remains a major issue for all organisations and 2019 will continue to prove challenging. Expect to see more large-scale data breaches, new forms of malware and the continuing plague of ransomware attacks. In addition, we need to prepare for threats to Internet of Things devices and attacks on infrastructure, such as banking and payment systems and public transport. Perhaps more worrying than these are the unknown, emerging threats that are on the horizon. Here we’ll look at four you should be wary of.

AI versus AI attacks

Artificial Intelligence vs. Machine Learning in Cybersecurity | Varonis

Artificial intelligence is being increasingly used by all manner of businesses and in a wide range of ways. Crucially, it is a key tool for cyber security firms which use AI models to find better ways to defend our systems.

Unfortunately, AI is also available to cybercriminals who now use it to counteract the work done by security companies. This is carried out using a generative adversarial network (GAN) which creates a situation where two neural networks compete against each other to discover the AI algorithms each is using. If the cybercriminals discover the algorithms being used by cyber security companies, it gives them a much better understanding of how to evade being detected.

Indeed, these increasingly sophisticated hackers can use AI and machine learning to infiltrate the data sets used by security companies, for example, injecting malicious code and modifying labels, so that threats can be re-identified as safe.

Fake media exploitation

Information Overload Helps Fake News Spread, and Social Media Knows It - Scientific American

Most people are now aware of the problem of phishing emails where criminals send fake messages to employees in the hope of conning them into giving away important data, access details or, in some cases, getting them to transfer money to the criminals’ accounts.

While many of us have learnt to spot the tell-tale signs of most fake emails, advances in artificial intelligence have now produced an entirely new and potentially much more difficult to spot threat – fake video and audio messages. Simply by analysing online images, video and voice recordings, AI-enhanced software is now able to create highly realistic video and audio that can fool even the most cautious of viewers. In the video below, you’ll see how this is done.

As you can see from the video, even the creator of this technology has concerns about how it can be used for malign reasons. Cybercriminals with access to it can deliberately spread misinformation that can have a devastating impact, for example, making statements purporting to be from a leading CEO that affects stock market volatility. Criminals can also use the technology to send fake video and audio messages to employees and customers that con them far more easily than a phishing email.

For now, this technology is difficult to use and expensive to own. However, it won’t take long before it’s available for use on the average laptop or even as a phone app. Luckily, as the video shows, there are efforts in place to develop technology that can detect these fake videos. For the time being, it is important to remain vigilant.

A quantum leap in encryption cracking

Quantum Leap: This tech will boost communication security | Hyderabad News - Times of India

Understanding the bizarre world of quantum physics is a challenge even for the most gifted of scientists. However, we are now at a stage where quantum computers are being developed that have the processing power far beyond that which we have ever been able to produce before.

With such potent technology, experts believe that cybercriminals with access to quantum computers would be able to crack the encryption we currently use to protect data. While it is possible to create even more secure encryption to combat this in the future, the problem lies with technology that is already in use. Products like TVs, vehicles and phones, together with many IoT devices, which are going to be around for quite a few years and which have today’s levels of encryption built in, may become far easier to hack in the future.

Smart contract hacks

Smart contract hacks cost millions — this company wants to fix it

Blockchain technology is increasingly used in business because it offers both transparency and the security brought by encryption. One way in which it is used is for smart contracts, where apps housed on blockchain automate processes when the right conditions are met, for example, carrying out financial transactions or delivering intellectual property.

While blockchain has a potentially very useful role to play, this relatively new technology still has issues. One of the concerns is that the inbuilt transparency of blockchain makes it difficult to keep smart contract data private. This vulnerability has already been exploited by cybercriminals who have used it to get their hands on large amounts of cryptocurrencies.

Conclusion

As you can see, in 2019, the new cyber security threats are far more sophisticated than ever before, using technologies such as artificial intelligence, machine learning and quantum computers to launch their attacks. They are also finding new things to attack, such as the media, blockchain and even other AI models. With this in mind, 2019 is certainly a year to keep security threats as a priority in your organisation.

Why Cyber Security in Banking is Important?

Posted on by Anteelo Master

man with key and laptop with digital bank 687720 Vector Art at Vecteezy

Since the last decade, cyber attackers have especially affected businesses that depend on computerized technology for conducting their daily business. Cyber crime is a significant threat to all businesses regardless of their sizes. Therefore, it is important to invest in cyber security in banking for protecting your business and data against malicious cyber criminals and hackers. It is important to build cyber resilience.

Cyber security in banking is of great importance. Since 2010, Indian banks have rapidly adopted newer technologies and digital channels while keeping up with the underlying objective of increasing revenues and footprints.  83% of CISOs agree on the increase in cyber attacks on banks since 2018.

Why is Cyber Security in Banking Important?

Since 2019, several banking institutions have been targeted by cyber attackers. Some of them include:

OTP Bank Data Leak

OTP Bank injects EUR 50 mln into Romanian subsidiary | Romania Insider

Database that was dated back to 2013 consisting of the personal data of approximately 800,000 clients including names, addresses, phone numbers, approved credit limit, work notes on client’s contract was made publicly available with. The database allegedly belonged to OTP Bank. According to the bank, there was no evidence on information leakage recorded in our bank, and the origin of this database remained unknown to the bank.

HCF Bank Data Leak

What Is Path Traversal Attack And How To Prevent It?

A database consisting of the data of the HCF bank customers was available on the internet with the personal information of the bank’s 24,400 customers. The database included customers’ names, phone numbers, passport details, addresses as well as the credit limit.

Alfa Bank Data Leak

Alfa-Bank - Overview, Competitors, and Employees | Apollo.io

Two databases belonging to Alfa Bank were found lying on the internet. The first database was dated back to 2014-15 and held the personal data of more than 55,000 customers. The database included customers’ names, their contact information, addresses as well as their place of work. It was speculated that these databases might have leaked during 2014 when the IT staff of the bank was going through mass layoffs.

Banks must be on their guard more than any other business since they are the custodian of money, which is the most valuable resource in the present times. In the case of a successfully deployed cyber attack, the results will be the most devastating. Since the foundation of banking lies in trust and credibility with the customers, it is very important to ensure cyber security in the banking sector.

The following are a few reasons why cyber security in banking is important and why should it matter to you.

  • The wave of digitalization: These days, the government is emphasizing ongoing digital. This means an increase in the population that is using digital money such as plastic cards and is going cashless. Therefore, it becomes important to employ precautionary measures that ensure cyber security for protecting your data and privacy.
  • Data breach leads to a breach of trust: Data breaches make it difficult for the customers to trust financial institutions. For banks, it is a serious problem since a weak cyber security system can lead to data breaches.
  • Financial Loss: When a bank suffers from a cyber attack, not only the bank but also, its customers suffer from financial loss. Recovering from this loss can be time-consuming. It will involve canceling cards, checking statements as well as confirming other minute details.
  • Your data is no longer yours: cyber security is extremely important when the attackers Once the attackers get a hold on your private data; it can be misused in any manner. Your data is sensitive and could reveal a lot of information about what might be leveraged by attackers.

How to Enhance Cyber Security in the Banking Sector?

GDPR will Help Enhance Cyber Security - IEEE Innovation at Work

  • Bank regulators should be allowed to examine third-party vendors that many credit unions are using these days for technology services.
  • Data breaches and cyber security incidents require a rapid response to mitigating the impact. Employ proactive measures to evade such cyber threats.
  • With security attack simulator and awareness tools, bank employees can learn about various forms of cyber attacks. This is ensured with the help of the tools four-step cycle. This includes simulated attack, knowledge imparting, an assessment which is followed by another simulated attack.

SQL injection attack: Your website might be undergoing one right away!

Posted on by Anteelo Master

How to Prevent SQL Injection Attacks? | Indusface Blog

Injection, this word not only terrifies children but also, is a cause of immense worry for those who have suffered from ‘injection’ attacks. Last week, 90% of the deployed cyber-attacks were injection attacks. In an injection attack, attacker injects a malware or malicious code in a query or program. This allows the attacker to execute commands remotely that can read or manipulate a database. It can also enable the attacker to modify data that is lying on the website.

There are different forms of Injection attacks including XPath Injection, Blind XPath Injection, SSI Injection, OS Commanding, LDAP Injection, Format String Attack, Buffer Overflow, SQL Injection, Blind SQL Injection etc.

One of the most commonly deployed injection attacks is SQL injection. Considered as one of the top ten vulnerabilities, this injection attack is a code injection technique that targets data-driven applications by inserting malicious SQL statements into the entry field for execution. It was discovered in 1998 that is still being deployed by the attackers. SQL injection exploit security vulnerabilities in software of applications. This allows the attacker to manipulate, tamper, disclose or destroy data, changing the balances or voiding transactions etc.

What is an SQL injection attack?

Introduction to SQL Injections. SQL injection is an attack technique… | by Charithra Kariyawasam | Medium

SQL injection attack is deployed through parts of SQL statements in the web entry field for letting the website pass a freshly formed rogue SQL command to the database. It is an attack vector for websites that can be used to attack any type of SQL database.

Why are SQL injection attacks successful?

Protecting Against SQL Injection

The reason behind the success of SQL injection attacks is the weak codes. These vulnerabilities can be easily exploited by attackers for the execution of database queries thus, allowing attackers to access sensitive and confidential information, modify database entries and injecting malicious codes resulting in the compromise of the entire data. SQL injection attack can easily encrypt sensitive data. This attack can allow attackers to read information like username, passwords, card credentials. It can also allow attackers to delete the entire database.

What are the different types of SQL attacks?

SQL Injection Payload List. PayloadBox | by Ismail Tasdelen | Medium

SQL injection attacks can be categorized into four types. These are:

Blind based: In this form of SQL injection attack, attackers are not required to see any error message for running the attack. Even if the database error messages are disabled, attacker can still route the blind SQL injection attack. It can be further categorized into Boolean-based blind SQL injection attack and Time-based blind SQL injection attack.

Error based: This SQL injection attack is based on the error messages that are thrown by the database server for gathering information about the building of the database. Attackers can calculate an entire database.

Union based: In Union based SQL injection technique, attackers leverage the UNION SQL operator for combining the results of more than two SELECT statements. This attack helps in determining the structure of the main query with the help of blind SQL injection attack.

String based: This type of SQL injection attack takes place when the website is susceptible to SQL injection but does not show any consequences that would have otherwise shown after performing SQLi query.

How to prevent SQL injection attacks?

SQL Injection Prevention - A Practical Approach - Yeah Hub

Sanitization and Validation: Sanitization refers to ensure that no dangerous characters are passed to an SQL query in data. Validation confirms that the data is submitted in the form in which it is expected to be.

Updating and patching vulnerabilities: It is important apply patches and updates as soon as possible in order to prevent attackers from exploiting the vulnerabilities.

Encryption is important: Hashing or encryption of passwords as well as other crucial information including connection string is important for maintaining the confidentiality of your data.

Penetration testing: Cyber security companies like Anteelo provide managed services like web application penetration testing help in preventing SQL injection attacks with input validation testing.

SQL injection has been prevailing in the world of cyber-crime since two decades and is still strongly impacting industries. It is therefore, very important to examine each vulnerability and work in the direction to patch it.

Delivering excellence, collaborating across time zones.

Take a look at our global hideouts.​

DMCA.com Protection Status

Contact

contact@anteelo.com

Twitter Instagram Dribbble Linkedin Facebook

India (HQ)

C-2073A, Sushant Lok, Phase-1, Gurgaon,
Haryana 122002

Atlanta, USA

120 West Trinity Place Decatur, GA 30030

London, UK

33 St James’s Square, London
SW1Y 4JS

Dubai, UAE

704, Saheel Tower 1 Al Nahda 1,
Dubai, UAE

Melbourne, Australia

291 -Blackburn Road, Burwood East Vic 3151

Surabaya, Indonesia

Jl. Hang Tuah 14 Sidoarjo Jawa
Timur 61212

India (HQ)

C-2073A, Sushant Lok, Phase-1,
Gurgaon, Haryana 122002

Atlanta

Atlanta, USA – 120 West Trinity Place
Decatur, GA 30030

London

33 St James’s Square,
London SW1Y 4JS

Dubai

UAE – Office # 704, Saheel Tower
1 Al Nahda 1, Dubai, UAE

Australia

Level 33, Australia Square 264
George Street, Sydney, 2000

Indonesia

Jl. Hang Tuah 14 Sidoarjo
Jawa Timur 61212

© 2018-2021 Anteelo Design Private Limited

error: Content is protected !!