Tag: Defend | SpinSafe

How to Think Like a Hacker — and Defend Your Data

March 17, 2024/in Computer Security

How do hackers hack?

What tools and techniques are commonly used against organizations to gain unauthorized access into systems?

Where can we learn about the mindset of hackers and how to best protect our personal and professional data?

How can you disrupt (or stop) your information from being stolen?

WHO IS MISHAAL KHAN?

A few weeks back, I was in Las Vegas for the World Game Protection Conference as an invited keynote speaker covering ransomware stories. The presentation immediately prior to mine on the main stage was given by Mishaal Khan, who gave an entertaining keynote that demonstrated how hackers “do their thing” — often with information that is openly available to everyone online.

Not only did I enjoy and learn from Khan’s presentation, I had several follow-up conversations with him regarding cybersecurity, hacking, industry trends and much more. I was impressed with his passion, expertise and role as a vCISO and cybersecurity practice lead, in addition to his hacking roles. Mishaal is also an advocate for better online privacy, and he offers tips to audiences on how to protect your data.

You can learn more about Khan at his website bio. He’s co-author of The Phantom CISO, and he leans into the “hacker with a hoody” persona — which many in the cybersecurity industry shy away from. He also offers many presentations, podcasts and other online cyber resources at his website.

Dan Lohrmann (DL): Have you always wanted to be a hacker? When did you discover that you “think like a hacker”?

Mishaal Khan (MK): Ever since my middle school days, I’ve been immersed in a world of gadgets and computer parts, all thanks to my dad’s computer repair shop. Surrounded by the hum of computer fans, I couldn’t help but be drawn into the intricate workings of computers. As my understanding…

Source…

How to defend against CherryBlos and protect your passwords

November 9, 2023/in Computer Security

Enterprises, Meet CherryBlos: the malware that plunders your passwords from pictures. Earlier this year, researchers uncovered this new species of malware that can extract passwords and sensitive information from images alone.

In an era marked by the embrace of Bring Your Own Device (BYOD), the infiltration of compromised devices into corporate networks is now disturbingly effortless. This case serves as a stark reminder that as new technologies surface, so do innovative threats. For enterprise leaders, Android management strategies must be improved to effectively counter this growing menace.

A new breed of threat: CherryBlos and beyond

In a recent report by cybersecurity firm Trend Micro, it has been revealed that the operators behind the malware campaign have employed a multi-platform approach to disseminate their malicious software. Utilizing popular platforms such as Telegram, TikTok, and X, the threat actors have displayed ads directing unsuspecting victims to phishing sites hosting these fraudulent applications.

Notably, Trend Micro’s investigation has unearthed at least four of these nefarious Android apps bearing the CherryBlos malware, including GPTalk, Happy Miner, and Robot99. The fourth one, named Synthnet, however has even been listed on the Google Play Store. Google has since taken swift action to remove it from the Play Store, prioritizing user safety and security. Nevertheless, its infiltration of the Google Play Store, camouflaged as a legitimate application, underscores this point. Once downloaded, CherryBlos steals information in two ways.

First, the malware deploys “fake overlays.” This tactic involves the creation of counterfeit interfaces that superimpose themselves on authentic banking apps or cryptocurrency wallets, effectively siphoning user credentials.

Second, and even more concerning, CherryBlos leverages optical character recognition to scan images and extract data from them. In essence, should you have screenshots of passwords or sensitive information stored in your device gallery, CherryBlos possesses the ability to read and share this information.

Unfortunately, CherryBlos isn’t an isolated incident. Its sibling malware, FakeTrade, further…

Source…

Enterprises Unprepared to Defend Against MITRE ATT&CK Techniques

June 29, 2023/in Internet Security

Enterprises lack detections for more than three-quarters of all MITRE ATT&CK techniques, while 12% of SIEM rules are broken and will never fire due to data quality issues including misconfigured data sources and missing fields.

These were among the results of a CardinalOps report which analyzed real-world data from production SIEMs including from Splunk, Microsoft Sentinel, IBM QRadar and Sumo Logic.

The data covered more than 4,000 detection rules, nearly one million log sources and hundreds of unique log source types, spanning industry verticals ranging from banking and financial services to manufacturing and energy.

The study also indicated that while organizations are implementing “detection-in-depth”—collecting data from multiple security layers including Windows endpoints and email—monitoring of containers lags behind.

Broken Rules

Mike Parkin, senior technical engineer at Vulcan Cyber, said the biggest issue he sees is the number of “broken rules” that will never trigger an event.
“While some of them are undoubtedly edge cases that would have been unlikely to trigger an event in any case, many are almost certainly the result of misconfiguration or broken logic,” he said.

John Gallagher, vice president of Viakoo Labs at Viakoo, said two study findings were particularly concerning.

“While it is encouraging to see there is already sufficient data to detect 94% of potential MITRE ATT&CK techniques, it raises the question of what the missing 6% is and how impactful such attacks might be,” he said.

For example, if the missing 6% resulted in catastrophic damage (e.g., an IoT attack vector that is highly damaging) it might put more focus on achieving higher than 94% coverage.

He added that “security layers” is a term defined by CardinalOps and is useful for organizations to plan resources and strategies based on their specific organization. “However, it includes containers but not IoT/OT, which seems like a significant oversight,” Gallagher noted.

For example, IoT/OT is used by almost all organizations (more than the 68% who reported using containers) and is less covered by a security layer within their SIEM than containers are.

“Lack of high-fidelity data…

Source…

Know the difference, defend against the danger: DoS vs DDoS attacks

April 10, 2023/in Internet Security

Key differences between DoS and DDoS

Here are some detailed differences between DoS and DDoS attacks:

Source of Attack

The primary difference between DoS and DDoS attacks is the source of the attack. In a DoS attack, the attacker uses a single device or network to carry out the attack, while in a DDoS attack, the attacker uses a network of compromised devices (botnet) to flood the target with traffic.

Scale

The scale of the attack is another critical difference between DoS and DDoS attacks. In a DoS attack, the attacker can only generate a limited amount of traffic, which may not be enough to bring down a well-protected website or network. In contrast, a DDoS attack can involve thousands or even millions of devices, generating massive amounts of traffic that can overwhelm even the most robust defenses.

Complexity

DDoS attacks are generally more complex than DoS attacks. The attacker needs to infect a large number of devices with malware to create the botnet, which requires advanced technical skills and knowledge. Additionally, DDoS attacks may use different techniques to evade detection and mitigation, such as IP spoofing, amplification attacks, and randomization of attack patterns.

Duration

DoS attacks are typically shorter in duration than DDoS attacks. A DoS attack may last a few minutes to a few hours, while a DDoS attack can last for days or even weeks. The longer duration of a DDoS attack makes it much more challenging to mitigate and recover from.

Impact

DoS attacks and DDoS attacks can both have a significant impact on the target website or network. However, DDoS attacks can be much more damaging, as they can result in extended periods of downtime, data loss, and financial losses.

Motivation

DoS attacks are usually carried out by individuals seeking attention or revenge, while DDoS attacks are often carried out by organized criminal groups, hacktivists, or state-sponsored actors seeking to disrupt or damage a target website or network.

Also Read: Role Of Cyber Security In Compliance: A Comprehensive Guide

Source…

Tag Archive for: Defend

WHO IS MISHAAL KHAN?

A new breed of threat: CherryBlos and beyond

Broken Rules

Key differences between DoS and DDoS

Source of Attack

Scale

Complexity

Duration

Impact

Motivation