Categories
Cyber security

Why do we need Cyber security; sustain your privacy

Cyber security

Cyber security is the state or process of protecting and recovery computer systems, networks, devices and programs from any type of cyber-attack.

Cyber security is important because it encompasses everything that pertains to protecting our sensitive data, Personally Identifiable Information (PII), Protected Health Information (PHI), personal information, intellectual property data and governmental and industrial information systems from thefts and damage.

Usage of cloud services like Amazon web services has raised significantly. It is used to store sensitive data and personal information. So, the poor configuration of cloud services paired with increasingly sophisticated cyber criminals. This means the risk that your organization suffers from a successful cyber-attack or data breach is on the hype.

So in the current society using simple firewalls and antivirus software may not give you complete security. Business leaders can no longer leave information security to cyber security professionals.

Cyber threats can come in any form. You must educate your staff about simple engineering scams like phishing, ransomware attacks or malwares designed to steal personal datas.

The goal of implementing cyber security is to provide a good security posture for computers, servers, networks, mobile devices and the data stored on the devices from attackers with malicious intent. Cyber-attacks can be designed to access, delete or extort an organization’s or users sensitive data, making cyber security important.

Cyber security is continuously changing field with the technologies that open up new avenues for cyber-attacks. Additionally, even though significant security breaches are the ones that get publicized, small organizations still have to be mindful of security breach prevention as they can also be the target of viruses and phishing.

Elements of cyber security

  • Application security
  • Information security
  • Network security
  • Disaster recovery/business continuity planning
  • Operational security
  • End-user education

Benefits of cyber security

  • Business protection against malware, ransomware, phishing and social engineering.
  • Protection of data and network
  • Prevention of unauthorized users
  • Improves recovery time after a breach
  • Protection for end-users.
  • Improved confidence in the product for both developers and customers.

Challenges of cyber security

Cyber security is continually challenged by hackers, data loss, privacy, risk management and changing cyber security strategies. As per statistics, cyber-attacks will dramatically increase in the coming years.

One of the most problematic elements of cyber security is the evolving nature of security risks. As technology developed, new attacks developed.

Cyber security should address end-user education as an employer may accidentantly bring a virus into a work place on their work computer, laptop or smartphone.

Another large challenge to cyber security includes job shortage. As growth in data from business becomes more important, the need for more cyber security personnel to analyse, manage and respond to incident increases. It is estimated that there are two million unfilled cyber security jobs worldwide.

Importance of cyber security

 Cyber security importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive informations like Social security numbers, credit card information and bank account details are now stored in cloud storage services like Drop box or Google drive.

Government around the world are bringing more attention to cyber-crimes. GDPR is a great example. It has increased the reputational damage of data breaches by forcing all organizations that operate in the EU to:

  • Communicate data breaches
  • Appoint a data protection officer
  • Require user consent to process information
  • Anonymize data for privacy.

Impact of cybercrime

  • Economic costs

Theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems.

  • Reputational costs

Loss of consumer trust, loss of current and future customers to competitors and poor media coverage.

  • Regulatory cost

GDPR and other data breach laws means that your organization could suffer from regulatory fines or sanctions as a result of cybercrimes.

Protect yourself against cybercrimes

  • Educate all levels of your organization about the risks of social engineering and common social engineering scams like phishing emails and typo squatting.
  • Invest in tools that limit information loss, monitor your third party risk and fourth-party-vendor risk and continuously scan for data exposure leak credentials
  • Use technology to reduce costs like automatically sending out vendor assessment questionnaire as a part of overall cyber security risk assessment strategy.
Categories
Man-in-the-middle attacks

Man-In-The-Middle attacks; you are being trespassed!

Man-In-The-Middle attacks

Man-In-The-Middle attack is a type of deception technique where an attacker places himself between two people, making them believe that they are communicating to each other. This is done either to eavesdrop or to impersonate one of the parties making it appear as if a normal exchange is underway.

A MITM attack exploits the real time processing of transactions, conversations or transfer of other data.

The interactions susceptible to MITM attacks are:

  • Financial sites: Between login and authentication.
  • Connections meant to be secured by public or private keys.
  • Other sites that require logins: Where there is something to be gained by having access.

As it aims to dodge mutual authentication, a MITM attack can succeed only when the attacker impersonates each end point sufficiently well to satisfy their expectations

Most cryptographic protocols include some form of end point authentication specifically to prevent MITM attacks.

Though MITM can be protected against with encryption, successful attackers will either reroute traffic to phishing sites designed to look legitimate or simply pull on traffic to intended destination once harvested or recorded, which means detection is very difficult.

Information obtained during an attack can be used for many purposes including identity theft, unapproved fund transfers or an illicit password change.

Additionally it can be used to gain a foothold inside a secured perimeter during the infiltration stage of an advanced persistent threat (APT) assault.

MITM is not only an attack technique, but is also usually used during the development stop of a web application and web vulnerability assessment.

Tools used for an MITM attack

  • Packet creator
  • Ettercap
  • Dsnift
  • Cain e Abel
  • Paros oxy
  • Burp proxy
  • Proxy Fuzz
  • Odysseus proxy
  • Fiddler

How an MIMT attack progresses?

MITM is executed using two distinct phases: Interception & Deception.

Interception

First the attacker intercepts the user’s traffic using his network before it reaches the intended destination.

This is mostly done when the attacker makes free malicious Wi-Fi available to the public. These free hotspots are not password protected so that it attracts the users to use them. Once a victim connects to such a hotspot, the attacker gains full visibility to any online order exchange.

Other interception techniques used by the attacker include:

  • IP spoofing

Here the actor impersonates himself as an application to the user. Once the user clicks on the URL to open the application, the page is automatically directed to the attacker’s website.

  • ARP spoofing

In this process the attacker links a MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.

  • DNS spoofing

This involves infiltrating a DNS server and altering a website’s address record. As a result, the users that attempt to access the site are redirected to the altered DNS record to the attacker’s site.

Decryption

After interception, any two way SSL traffic needs to be decrypted without alerting the user or application.

They are achieved by:

  • HTTPs spoofing

It sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumb print associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before its passed to the application.

  • SSL BEAST

Here the victim’s computer is infected with malicious JavaScript that intercepts encrypted cookies sent by the web application.

  • SSL hijacking

Occurs when an attacker passes forged authentication keys to both the user and application during a TCP handshake.

  • SSL stripping

Downgrades a HTTPs connection by intercepting the TLS authentication sent from the application to the user.

Save yourself

  • Avoiding Wi-Fi connections that aren’t password protected.
  • Paying close attention to browser warnings while detecting an unsecured website.
  • Log out of every application after use.
  • Don’t use public networks while performing sensitive transactions.
  • Use Virtual Private Network (VPN) to encrypt your web traffic.
  • Secure your network with an intrusion detection system.
  • Use basic internet security hygiene on all devices including mobile applications.
Categories
privacy thrreats in social media

Privacy threats in social media; Facts you never knew!

Privacy threats in social media

It was during my lockdown days, I started to involve more in artistic works. I found myself through art. It gave me peace and happiness. To improve my skills, I started taking visual recorded classes through YouTube. It gave me more ways to explore art and improve my skills.

One day, after my YouTube classes I was scrolling through my news feeds in Facebook. At one point I got stuck. I saw ads of tools and equipments that are used by the narrators in the art class. How could Facebook ever know I was interested in art and was attending the classes?

Then I came to know the fact that private space in social media no longer exist. Everything is private and everyone is a part of a business cycle!

What actually did happen here? Let’s analyse

In the recent years, concerns about the privacy in social media have hiked dramatically. Incidents of privacy and security breaches have alarmed the users to rethink about their active participation in social media.

Once a consulting agency, Cambridge Analytica exploited the private information of over 500 million Facebook users to influence the 2016 American Presidential election.

Doesn’t this sound awkward?

Using others private information, without their consent, for the benefit of other people and organizations. If this loop continues, then the term ‘privacy’ in social media would become a big question mark.

This kind of attitude from reputed organizations steadily deteriorates public trust and results in the users to wonder if they have lost control over their own data.

According to a study conducted by Pew trust, 80% of social media reports are being concerned about business and advertisers, accessing and using their social media posts. These growing privacy concerns have prompted advocacy for tighter regulations. In addition, they have placed companies responsible for safeguarding personal data under greater security.

Due to this rise in security breaches, a cyber-security management program/Degree was launched by the authorities, that aim to protect social media users data and personal information. This enhances cyber security.

Brief note

As per statistics, 45% people of the world’s population use social networks. This means 3.48 billion people are connected worldwide. There are situations where this ‘connectivity’ can lead us to vulnerability.

Social media platforms which collects and stores huge amount of personal information with limited government oversight serves as a perfect target for the hackers to use the information for fraud and theft. Such hacks can result in stolen data and forced shares that redirect followers to malware, contaminating the entire system and the related ones.

Types of social media privacy threats

  • Data mining

Every action performed in social media are recorded and stored. Every time someone creates a new profile, they provide personal information which includes name, birthdate, geographical location and personal interest. In addition to this, the company collects other informations like when, where and how users interact with the platform. This is an invisible process. These data are shared to a third-party entity who owns a share on the particular media. Without users consent this is then used for advertising purposes.

  • Phishing attempts

This is one of the criminal ways to access someone’s personal information. Often phishing attacks are carried out in the form of emails, text messages or phone calls that tend to present themselves as a legitimate organization. People unknowingly fall/respond to these tricks which lead to the sharing of sensitive content including passwords, bank account details or credit card details.

In August 2019, a massive phishing campaign targeted Instagram users by posing a two factor authentication system, prompting users to login into a false Instagram page.

  • Malware sharing

Malware are softwares designed to steal sensitive information, extort money or to profit from forced advertising by infiltrating a user’s computer.

Social media serves an ideal platform for malwares to spread. Once an account has been compromised, cyber criminals can take over that account to distribute malware to all of the user’s friends and contacts.

  • Botnet attack

Botnets are nothing but programmed bots that exist in social platforms. They create their own posts and follow new people whenever they are activated to perform such actions.

A large of bots to form a network is known as botnet.. Botnets are generally used to steal data, send spams and launch Distributed Denial of Service attacks (DDoS) that helps the cyber hacks to take control over the device.

Different data access methods

  • Share it with third parties

Nearly almost every application on Facebook has been sharing users information with advertising and tracking companies. Even though Facebook’s privacy policy says that they can provide, “any of the non-personally identifiable attributes we have collected” to advertisers, they violate this policy.

If a user clicked on a specific ad in a page, Facebook will send the users address of this page to advertisers, which will directly lead to a profile page.

  • API

API or Application Programming Interface is a tool used to build software applications. An API can collect and provide information that is not publicly accessible. The use of an API for data collection can be a focal point of the privacy conservation, because while the data can be anonymous, the difficulty is in understanding when it becomes an invasion of privacy.

  • Search engines

Search engine is an easy way to find information without scanning every site. Keywords typed in the search box will lead to results. Most of the search engines lead the user to fake sites which may obtain personal information or are attacked with virus.

  • Location data

In social media, geographical location can be gathered either by users or by applications. As a result, the content produced is coupled with the geographical location where the user produced it. Additionally many applications attach the contents of other forms like OS language device type and capture time. As a result an enormous amount of personal information is shared by the user.

  • Email and phone number leaks

Many large platforms reveal a part of user’s email address or phone number is stored while using the ‘forgotten password’ function. Often the whole email address can be derived from the hint and the phone digits can be compared with known numbers.

Tips for social media security and privacy


·        Use unique password for each social network
·        Watch your mailbox
·        Don’t be too personal
·        Use the black button to respond to spams
·        Use two factor authentication method
·        Perform frequent audits
·        Data back up
·        Avoid participating in surveys & questionnaire
·        Protect your location privacy

Categories
CYBER CRIMES IN INDIA

Cybercrimes in India; steep increase by the quarter of 2020, reveals RTI

Cybercrimes in India

As per the reports of the Nagpur crime branch, more than 50% of cybercrimes complaints registered are based on issues related to online banking, credit card, debit card fraud, cheating through mobile phone and other means under information technology.

RTI reported that from January –September 2020, the cyber cell registered 13 cases pertaining to online cheating, 3 cases of debit and credit card fraud, 6 cases of cheating through OTP and 49 cases of other frauds.

So what actually are cybercrimes and how to defend them?

Cybercrime or computer-oriented crime is a crime that involves computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may

threaten a person, company or a nation’s security and financial health.

Most, but not all, cybercrime is committed by hackers who want to make money. Some cybercriminals are organized and use well advanced techniques but some are mere novice hackers.

In some cases, cybercrime aims to damage the system and the data for reasons other than profit, may be a personal revenge or political issue.

Types of cybercrimes

  • Identity theft

Identity theft is an act of wrongfully obtaining someone’s personal information without their permission. The personal information may include their name, phone number, address, bank account number, Aadhaar number or credit/debit card number etc.

  • Psychological tricks

Psychological tricks are where attackers play with the minds of the user to trap them with attractive offers. Once trapped, the attacker can exploit the victim by either stealing money or personal information or harm the victim in any other way. The entire basis of this kind of attack is to make the victim fall into their tarp by sending fake emails, calls or sms.

  • Social media frauds

Social media has become an integral part of our life. It is the new of communicating, sharing and informing people about the events in our lives. One can understand the entire history of an individual through their social media profile. This poses a threat

to an individual as unwanted access to social media profile can cause loss of information, defamation or even worse consequences such as physical or sexual assault, robbery etc.

  • Mobile application frauds

With the increase of the use of smartphones and the consequent rise in the use of mobile application, associated security risks have also increased. People become habitual users of certain mobile applications. As a result, they ignore security warnings. Fraudsters use this to attack the victim by infiltration through such popular mobile applications.

  • Online banking frauds

Nowadays, all banking services are shifted online. Services like retrieving account statement, fund transfer to other account, requesting a check book, preparing demand draft etc. can all be done online. As the services are shifting towards online platforms, cyber frauds related to banking are also increasing. This includes Digital payments application related attacks, hacking of bank account due to weak password, Hacking of multiple accounts due to the same password etc.

Generally all of these cyber-attacks come under two sub categories. They include:

  • Criminal activity that targets computer

These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these crimes require technical knowledge. These crimes are relatively new, having been in existence for only as long as computer has-which explains how unprepared society and the world in general is towards combating these crimes.

  • Criminal activity that uses computer to commit other crimes.

When the individual is the main target of the cybercrime, the computer can be considered as a tool rather than the target. These crimes generally involve less technical expertise as the damage done manifest itself in the real world.

Based on harmful activities, cybercrime can be further categorized in four:

  1. Cyber-trespass

The crossing of cyber boundaries into other people’s computer systems where rights of ownership or title have already been established and causing damage. This includes hacking and virus transmission.

  • Cyber-deception and theft

The different types of acquisitive harm that can take place within cyber space.

  • Cyber-pornography

The breaching of laws on obscenity and decency.

  • Cyber-violence

The violent impact of the cyber activities of others upon individual, social or political grouping.

Cybercrime that stops the users from using a system or network or prevents a business from happening is called Denial of Service attack (DoS).

How to shut out yourself from cybercrimes?

  • Always keep your system/devices updated with latest patches.
  • Protect systems through security softwares such as anti-virus with latest version.
  • Always download applications/softwares from known trusted sources.
  • Ensure all devices/accounts are protected by a strong PIN or passcode. Never share it with anyone.
  • Do not share your net banking password, OTP, ATM pin, CVV number etc. with any person if he/she claims to be an employee or representative of the bank and report such instances to your bank.
  • Always change the default admin password on your Wi-Fi router to a strong password known only to you.
  • Be cautious while browsing through a public Wi-Fi and avoid logging into personal & professional accounts such as email or banking through these networks.
  • Do scan all email attachments for viruses before opening them. Avoid opening attachments received from strangers.
  • Observe your surroundings for skimmers or people observing your pin before using an ATM.
  • Do not save your card or account details in your e-wallet as it increases the risk of theft or fraudulent transactions.

If you think you are being compromised, inform authorities immediately!

Categories
whatsapp privacy breach

Whatsapp privacy breach; people’s outburst found light!

Whatsapp privacy breach

Mobile instant messaging applications are now understood as an essential component of everyday communication routines. Unlike SMS or Short Message Services from 20 years ago, applications such Whatsapp allow their users to send and receive not only text, but also to share real time locations, images, voice recordings, documents and videos.

Since its release in August 2009, Whatsapp has played a key role in the fast development and expansion of the contemporary environment within which humans interact with each other. People in the media and journalism has taken this platform to use it in a way to share information as well as to maintain regular, and sometimes more private contact with their sources.

The new privacy policy of whatsapp has brought about a drastic outburst among the users. The policy takes away the choice of the users to share personal information as these data’s are being used by the Facebook owned Business groups. This was claimed openly by

the co-founder of Facebook, Mark Zuckerberg. When analysed deeply, this announcement is kind of security breach and the privacy of the users is brought at stake.

While Facebook owned whatsapp’s updated privacy policy has been stocking concerns about privacy and data sharing with other apps, what is being questioned is if India had a strong law for data protection, whatsapp would not have been able to go ahead with this update in the first place. In fact India’s data protection law has been deteriorating for the past two years. 

Considering the case of European countries, they don’t have to accept the privacy policies of whatsapp since they have a strong data protection law. Whatsapp is legally bound to not share data with Facebook in the European region because it is a contravention of the provisions of the General Data Protection Regulation (GDPR). GDPR is a regulation in the European Union Law on data protection and privacy.

The Clause

The policy was announced on January 4, 2021 by Mark Zuckerberg to share the user’s personal information to any company associated with Facebook. If the user does not agree with the updated policy, they will have to quit whatsapp by February 8, until new term of services has not come into effect.

Indian Data Protection Act

As per Indian Data Protection act, one can only use information for the purposes that are reasonably linked to the purpose for which the information was given. In December 2019, the Govt. introduced the Personal Data Protection Bill in the Parliament which would create the first cross-sectorial legal framework for data protection in India

The updated privacy policy of Whatsapp can be seen as a move to ensure its seeming less expansion into retail. It is quite clear that

under a single package Whatsapp is trying to bring Facebook, Instagram and Whatsapp.

Whatsapp claims to have end-to-end encryption and ensures that it can’t see your messages or share it with anyone but with the new policy whatsapp can share one’s metadata beyond the actual text of conversation with Facebook and other apps.

Whatsapp responds to the outcry of users

  • We can’t see your personal messages or hear your calls and neither can Facebook: Whatsapp ensures that the messages sent will stay between you. The messages are totally end-to-end encrypted. They guarantee to never weaken the security and clearly label each chat knowing their commitment.
  • We don’t keep logs of who everyone is messaging or calling: Unlike the traditional mobile carriers, Whatsapp ensures that they don’t not keep any record of calls or messages. Keeping the log of two billion users would be both privacy and security risk.
  • We can’t see your shared location and neither can Facebook:  Location can only be encrypted by the receiver and the sender. No others can do this, even Whatsapp or Facebook.
  • We can’t share your contacts with Facebook: When given permission, we can only access the numbers from your address book to make messaging fast and reliable, and we don’t share this information with any others.
  • Groups remain private: Information’s shared in groups remains private and intact. Whatsapp ensures to protect them from spam and abuse.
  • You can set your messages to disappear: For additional privacy you can choose to set your messages to disappear from chats after you send them.
  • You can download your data: Data of any form can be downloaded and viewed with complete security.

Conclusion

About 85% of Whatsapp users in India are not really bothered about the policy. They just click the agree button with even reading the terms and conditions. This probably may be due to the unawareness of the details given in the policy. Whereas the rest, who are aware of this, did raise their voice which brought about the decision to withdraw the policy by the concerned authorities.

Categories
Instagram hack

Instagram hacking tools; a quick look

Instagram hack

Many of today’s social media platforms are on target of various paid hackers who are hired on dark web to break inside someone’s profile.

As Instagram is a leading social network of today in the world, many hackers decide to steal valuable accounts with thousands of followers so they can sell it for a descent price.

Instagram is an American photo and video sharing social networking service owned by Facebook. The app allows users to upload media that can be edited with filters and organized by hashtags and geographical tagging. Posts can be shared publicly or with pre-approved followers.

Markets are usually placed on dark web too, and accounts are paid in crypto currencies so sellers can remain hidden.

Unfortunately the privacy of Instagram has started to decline steeply. Instagram hacking tools are widely available in the internet that is safe and reliable. InstaHacker is one of them.

Instagram hacking tool was developed solely for the purpose to recover forgotten passwords and lost accounts and not meant in any way to be used for malicious purposes. Since every coin has two sides, every invention has an adverse effect.

Who can hack an instagram account?

Frankly, anyone who can use a smartphone can use the tool to hack account/ retrieve lost accounts. The basic thing which you need before attempting to hack an account is an active internet connection and an Intagram account’s username.

Why InstaHacker?

  • Free hacking tool: This tool is free of cost. It is free to retrieve any number of passwords and hack any number of passwords.
  • Single solution: The tool works on its own and does not rely on any other software for support.
  • Security bypass: It is sufficient enough to break the strong Instagram HTTPS security protocol without compromising user information at any stage.
  • Multiple protection: Protect against malware and virus threats.

What are the other tools to hack Instagram?

mspy

mspy is the most suitable app made to hack  Instagram passwords from a phone number or an email. Its capacity to hack Instagram password from database vulnerabilities makes this tool the best hacking tool.

  • Cocospy

Cocospy works same as mspy does, hacking Instagram account with ease. But what makes cocospy the best Instagram hacking tool is because of its salient features

  1. Web based interface: Because of this feature, you won’t have to download the application on your PC or phone for accessing it. You can use them through any web browser. This increases portability while ensuring system safety.
  2. No rooting or jail breaking: Most of the hacking application requires jail breaking to get into the target’s phone. This compromises the safety and security of data.
  3. Security: Cocospy does not store hacked data and ensures the servers of the app remains clean.
  • Spyic

This is a web based application that can provide you with all the data on the targeted phone. This includes private messages too. The advantage of spyic is that no technical knowledge is required to use this software. This software stands unique compared to rest of the hacking soft wares due to its discreet and secure nature.

Sprier

Instagram hacking found a new path when Spyier was introduced. Apart from hacking, you can also track their calls, messages and locations using this application. The Spyier also helps you to check text messages from another phone. You can use this application with the most modern iOS and android devices.

Minspy

Minspy is a hidden app that is secure and browser based. Since you will be keeping tabs through the web browser, you don’t have to be near the device for monitoring it. Any internet enabled device will do the task.

Spyine

Spyine is another popular application that can be used to hack Instagram without password. This is a cutting edge app that helps to enter into the target’s account without any jailbreak.

As per the current statistics, Cocospy takes the lead making it the best application to hack social media.

Categories
cyber bullying

Cyber bullying; serious threat among teenagers

Cyber bullying

Cyber bullying or cyber harassment is a form of bullying using electronic means/mediums like social media. It is also known as online bullying. This tendency is found increasingly common among teenagers. Harmful bullying behaviour includes posting rumours, threats, sexual remarks, a victim’s personal information or hate speech.

There are many outcomes related to cyber bullying that reach into the real world. Many targets reported feeling depressed, angry and frustrated. Cyber bullying causes both mental and physical damage. Those who are victimized by cyber bullying also reveals that they are often afraid or embarrassed to go to school. In addition, research has revealed a link between cyber bullying and low self-esteem, family

problems, academic difficulties, school violence and various abnormal behaviours.

Cyber bullying may seem like a prank and not very serious but the effects on people being bullied is very serious.

Where does cyber bullying commonly occur?

The tendency is found commonly among the teenagers and the youth of the society. Initially, many kids hang out in chat rooms and as a result that is where more harassment takes place. In recent years more youths have been drawn to social media (such as Facebook, what Sapp, instagram etc.) and video sharing sites such as YouTube. Voice chat, textual chat and texting via phones and tablets also can provide an environment in which hate and harm is expressed.

Why is it on the rise?

It is because the electronic technology is on the rise. It can happen anonymously and sometimes it is difficult to trace.

Difference from Traditional bullying

There are a few aspects that differentiate traditional bullying from cyber bullying. They include:

  • Anonymity: The attacker can hide the identity online. The anonymity of the internet can lead to crueller or harsher abuses from the bully, while the victim will have no clue about who the attacker is.
  • Relentless: Due to the advancement in technology, any person can contact another at any time from any part of the globe. Cyber bullies may be able to torment their victim twenty-four hours per day and nearly from any location making it difficult for the victims to escape it by even changing home or school.
  • Public: Since cyber bullying take place through online media, the abuse is sometimes posted public. This opens up the victim to more pain from strangers.
  • Permanent: Since the online content is impossible to delete entirely, the damage caused may remain a permanent scar inside the target. Even if the content is removed or deleted from the original site, someone may find it posted elsewhere later, reposting them. This may negatively affect the future of the victim.
  • Easy to overlook: Cyber bullying causes mental disturbances. Parents and teachers may find it difficult discover them because the target may hesitate to express the abuse they have gone through openly.

Types of cyber bullying

  • Harassment: This involves sending abusive or offensive messages to individual or groups. It is intentional, repeated and constant. Over a period of time the harassment messages may have a negative impact on the victim’s self-esteem and confidence.
  • Cyber stalking: In this category the message are more threatening than harassment. This may even question the physical safety of the target.
  • Exclusion: This includes casting out/ boycotting people from social media groups, chat rooms, events or activities. The group may then go on to say cruel or rude things about the excluded person behind their back.
  • Outing: This happens when bully publically shares private messages, pictures or other personal information about the victim in the internet. This is done without the consent or permission of the victim.

Frapping: Frapping is an act of logging into someone’s social media account and posting anti-social contents under their name in order to defame the person or for a funny purpose.

Signs of being cyber bullied


v Anxiety or anger
v Secretive
v Avoiding technology
v Withdrawal behaviour
v Increase in messages
v Depression

Let’s overcome cyber bullying

  • Don’t engage: Teach the teenagers to avoid engaging with cyber bullies. It can be difficult to ignore the posts and comments while it is happening in front of you, but educate them by explaining the no response could stop the people from bullying you. Just ignore them.
  • Block them: When you feel the limit is crossed, just block them and live in peace.
  • Change contact info: If ignoring or blocking does not help or intensifies the bullying activity, try changing your contact (email or phone number) and share them only with trusted people and make sure the new number or mail ID does not reach the bullies again.
  • Make a record: Ask the teens to document all the messages, abuses and comments. Teach them to take screenshot of all the filthy activity the bully does before they delete them. Having a proof helps them in the long run.

Cyber bullying laws in India

  • Section 354D – stalking and contacting or attempting to contact a women
  • Section 499– sending defamatory messages by email
  • Section 500– Email abuse
  • Section 503– sending threatening messages through email
  • Section 509– Words, gestures or act intended to insult the modesty of women
  • Section 507– Criminal intimidation by an anonymous communication.
Categories
Brute force attack

Brute force attack; the probability strategy

Brute force attack

Brute force is a hacking technique used for find out the user credentials by trying various other possible credentials. Here the exploitation or vulnerability of a web application does not take place. Rather, the attacker tries all the possible permutations and combinations of usernames and passwords, to find a way to the target’s account/personal information.

Brute force attack basically uses a trial and error method to execute their operation. An attacker first gathers the fundamental information about the user. The hacker continuously tries random passwords on the basis of the user’s personal information until the login is successful.

Tools used for Brute force attack

  • Metasploit
  • John the ripper
  • Aircrack-ng
  • Hydra
  • Medusa

How does this work?

If your website requires user authentication to go through it, then it will be a fine target for a brute force attack. The attack is an attempt to determine a password by analytically trying every possible combination of letters, numbers, symbols etc. But the hindrance is that it could take a long period of time (may be years) to find depending upon the complexity and length of the password.

If the attacker attacks on the basis of exact dictionary words, then it is known as “Dictionary attack” and if the attacker slightly modifies the dictionary words and performs the attack, it is called “Hybrid Brute force attack”.

The tools used for the attack uses different IP addresses on each try. So it is hard to trace a single account for unsuccessful password attacks.

In the beginning, the brute force tool feeds different possible combination of username and passwords. In some cases it may be a single username and a list of passwords, in others it may be a list of usernames and passwords. The tool then sends the combination to the web application where it is checked and authenticated.

Depending upon the response of the application, the tool decides whether the credentials were right or wrong. If the login is successful then the credentials were considered right and they are stored inside the tool. If the login was unsuccessful, the credentials were discarded.

The attacker systematically checks all the possible passwords with the hope of eventually guessing the combination correctly.

Different categories of Brute force attacks

  • Dictionary attack: Here the attacker works through a dictionary of possible combinations and tries them. Considering the technological growth we have today, these types of attacks are out-dated. Today’s systems are so fast that they can decrypt a weak encryption in mere months. This is known as exhaustive key search.
  • Credential recycling: This method reuses usernames and passwords from other data breaches to try to break into other systems.
  • Reverse brute force attack: This type of attack uses a common password like “password” and tries different combination of user name. This kind of attack was so common by the end of 2017.

Strength & weakness

The biggest advantage of brute force attack is that they are relatively simple to perform. Every password based system and encryption key can be cracked using this method.

On the other hand, brute force attacks are very slow, as they may have to run through every possible combination before achieving their goal.

   Systematic methods to prevent Brute force


Today, a most common way to avoid Brute force is to lock account on certain numbers of incorrect password attempts. This lock can last up to a specific duration.
In some cases, the account is locked until the administrator unlocks it. But this is not a proper and practical solution to this attack because someone can easily abuse the security and lockout hundreds of account with proper tools.
Increase the password length. More the characters equals more time to brute force crack.
Increase password complexity.
Implement CAPTCHA. Captcha is a common system to verify a human login and prevents bot activities.
Use multi-factor authentication. Multi factor authentication adds a second layer of security to each login attempts that requires human intervention.
Use proactive software’s like Active dictionary and VPN traffic to prevent these attacks.
Categories
Uncategorized

Insider threat; the black sheep around us!

SQL injection is a web security vulnerability that allows the attackers to interfere with the queries that an application makes to its databases. It allows the attacker to grab the data that cannot be retrieved further.

In many cases the attacker can delete the data permanently or make effective changes in them. Many high profile data breaches that occurred recently were due to SQL injection.

This attack can exist for a long time. When the attacker successfully injects malware into an organization’s system, it may take time to track it down or even may go unnoticed for an extended period.


SQL injection is one of the simple and ethical hacking techniques that need an application that uses a database. Generally a web application receives data from the users and stores in the database

or vice versa. In both these case, a query is generated. The cyber hacks manipulates this query to carry out malicious activities.

Once the hacker successfully manipulates the query, it is sent to the database, executed there and relevant results are returned.

Patterns of SQL injection attack

  • Retrieving hidden data

Here you can modify an SQL query to return additional results.

  • Subverting application logic

In this you can change a query to interfere with the application’s logic.

  • UNION attacks

Where you can retrieve data from different database tables.

  • Examining the database

Here you can extract information about the version and structure of the database.

  • Blind SQL injection

The results of a query you control are not returned in the application’s responses. SQL injection was considered one of the top 10 web application vulnerabilities of 2007 and 2010 by Open Web Application Security Project. In 2013 SQLI was rated the number one attack on the OWASP top ten.

Sub Classes of SQL injection

  • Classic SQLI
  • Blind or interference SQL injection
  • Database management system-specific SQLI
  • Compound SQLI

Types of SQL injections

SQL generally falls under three categories: In-band SQLI (classic), Inferential SQLI (Blind) and Out-of-band SQLI. This classification is based on the methods they used to access backend data and their damage potential.

In In-band SQLI the attacker uses the same channel of communication to launch their attacks and to gather their results. This is the most common type of SQLI attack. This is further divided into two, Error based SQLI and Union based SQLI.

In the case of Inferential SQLI the hacker sends payload malware to the server to observe the behaviour and structure of the response. Here the data is not transferred from the website database to the attacker, hence the attacker cannot see the information about the attack in-band.

Out-of-band SQLI can be carried out only when some features of the database server are enabled. Here the attacker can’t use the same channel to launch the attack and gather information or a server is too slow or unstable for these actions to be performed.

Consequences

  • Confidentiality: As these attacks holds sensitive data, loss of confidentiality is one of the major problem with SQLI.
  • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of password.
  • Authorization: If authorization information is held on a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability.
  • Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack.

  Stay Away from SQL injection attacks

  1. Stop using dynamic queries
  2. Integrate security checks (input validation)
  3. Provide parameterized database queries
  4. Use stored procedures
  5. Use the input validations of a whitelist
  6. Use captcha queries

Happenings

  • In February 2002, Jermiah Jacks discovered that Guess.com was vulnerable to an SQL injection attack, permitting anyone to construct a properly crafted URL to pull-down 200,00+ names, credit card numbers and expiration dates in the site’s customer database.

On March 29, 2006 a SQL injection attack was discovered in one of the tourism sites of Indian Government

Categories
watering hole attacks

Watering hole attacks; be aware! Doesn’t just be a thirsty prey.

Watering hole attacks

Watering hole is a cyber-attacking technique where the hacker observes/guesses the websites an organization uses often and then contaminates it with malware. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacker harder to detect and research.

The word ‘watering hole’ was procured from the animal habitat where the predator eagerly waits to attack the prey, while they are gathered near the watering hole to quench their thirst.

The attacker grabs the opportunity to gain access to even the most secure & sophisticated enterprises and Govt. agencies. This poses a severe threat to the network security.

How do they do this?

Step 1: Attackers first profiles the victim and identifies the websites they often visit (eg.sandwich ordering site) by narrowing in on frequented websites of employees or customers of a company. The hacks then begin to select the perfect site to exploit.

Step 2: The hackers will identify and test vulnerabilities of the website.

Step 3: Once they have identified, they infect them with malware.

Step 4: The attackers wait for the target to visit the website.

Step 5: Once the target enters the website, they are redirected to another website that contains malware and thereby making their system to compromise.

Now the attacker has access to company files including the private data. The website is then used to jump-off from system to the company’s network.

In January 2017, hackers hacked 4 different top organizations from different geographies of the world. They include National Banking and Stock commission of Mexico, Polish Financial Supervision authority, Stock Commission of Mexico and State owned bank of Uruguay.

In these examples there were malicious JavaScript files that were installed on these web servers and once entered into these websites the JavaScript were activated and gave complete access to the hackers.

In 2019, a watering hole attack named Holy water campaign targeted the Asian religious and charity group. Here the victims were prompted to use Adobe Flash software due to its amazing features and creativity. The motive of this attack still remains a mystery.

While watering hole attacks are uncommon they pose a considerable threat since they are difficult to detect and specifically target high-security organizations through their low security employees, vendors or an unsecured wireless network.

Hackers will even prompt the users to visit the websites by sending spam emails with the link of the website attached in it. The spam mails may not come from the attackers themselves but through the compromised websites, automatic email notifications go out on a constant basis.

Protect yourself!

  • Keep system vulnerability to minimum. Make sure the websites used are safe and trustworthy.
  • Confirm the security analysis of third party websites.
  • Invest in secured anti-malware software’s and quality hardware.
  • Configuring the hardware’s with company’s priority.
  • Constant update of signatures and other private information.
  • Discuss a legitimate cyber plan and implement them in every organization.

Once the attack is carried out, the user’s system is transparently compromised via a drive-by download attack that provides no clue to the user that an attack has been executed.

Mostly, the malware used in these cases is Remote Access Trojan (RAT) enabling the attackers to gain remote access to the target system. 

Phishing is like giving random people poisoned candy and hoping they would have it but watering hole attack is like poisoning the whole village water supply. Causalities will be more in the second case.

Don’t drink from the watering hole. Stay alert.