SEO Texas, Web Development, Website Designing, SEM, Internet Marketing Killeen, Central Texas
SEO, Networking, Electronic Medical Records, E - Discovery, Litigation Support, IT Consultancy
Centextech
NAVIGATION - SEARCH

BEC: Business Email Compromise Attacks Are On The Rise

The BEC (Business Email Compromise) attack is a scam that usually targets corporates that conduct wire transfers to overseas suppliers. They target official email accounts of executives and high-level employees working in administration or finance departments. Such email addresses, involved with conducting wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks. Corporations lose hundreds of thousands of their revenue every year via these fraudulent transfers.

Attackers in the BEC, also known as the Man-in-the-Email scam, rely on social engineering tactics. They trick the employees and executives working in non-tech roles. They usually impersonate employees from the board of directors/management, or executives who are authorized to do wire transfers. Additionally, fraudsters also research and closely monitor their potential target victims, their organizational movements, and likewise.

Security Professionals in any organization usually encounter these 5 types of BEC scams:

  1. Fraud invoice: Firms with overseas suppliers are targeted wherein attackers impersonate suppliers requesting fund transfers for payments to account(s) owned by fraudsters.
  2. Executive fraud: Attackers impersonating executives send the email(s) to finance, administration, or procurement department employees requesting them to transfer money to account(s) that the hackers’ control.
  3. Account compromise: Executive(s) or employees’ email account(s) are hacked to request invoice payments to vendors or clients listed in their email contacts.
  4. Attorney impersonation: Attackers impersonate any person from the legal team or from any legal firm in charge of important and urgent matters regarding your organization.
  5. PII theft: PII (Personally Identifiable Information) of employees and tax-related statements in possession of the HR department are harvested to carry out future targeted attacks on potential individual victims.

GreatHorn, a cloud email security provider, released a BEC landscape report in 2021 that is based on information provided by 270 IT and cybersecurity professionals. 30% of them confirmed receiving 50% of malicious links in emails while a similar number of participants from the BFSI sector revealed being a victim of spear-phishing attacks. 35% of organizations disclosed that BEC attacks account for 50%+ of their incidents while a similar percentage of firms encounter spear-phishing emails on a weekly basis. Half of the professionals have dealt with a security incident in the past 12 months where every 1 out of 4 companies received at least 76% of the malware they detected via email. Usually, these email(s) do not contain any malicious links or attachments, hence they easily evade traditional as well as advanced security solutions deployed. BEC attacks are becoming more expensive than ransomware and are usually unbeatable.

 How would you protect yourself from getting tricked by these cyber fraudsters? 

  1. Check the source of email including the domain name from where it has been sent.
  2. Be alert to see anything suspicious regarding payment requests over emails.
  3. Protect email systems with advanced software capable of tracking spam and filtering out emails.
  4. Don’t make presumptions over the email, always confirm the wire transfer requests with the sender over a phone call or a video call.
  5. When in doubt, contact cybersecurity teams in your organizations as you encounter such emails in your inbox.
  6. By training the employee staff, executives, partners, clients, and customers in end-user security awareness. This can help detect and prevent being a victim of BEC attacks.

For cybersecurity and IT solutions for business, contact Centex Technologies at (972) 375 - 9654

What Is A Fuzzing Attack?

Fuzzing is a software testing technique which is used to find implementation bugs that can be hacked by using malformed/semi-malformed data injection in an automated fashion. The data injection consists of different permutations of data that are fed into target program until one of these permutations reveals a vulnerability that can be exploited by the cyber criminals.

A fuzzer may try different combinations of attacks on:

  • Numbers (signed or unsigned integers, floats, etc.)
  • Characters (urls, command line inputs, etc.)
  • Metadata (user input text such as id3 tag)
  • Pure Binary Sequences

The most common approach for a fuzzing attack is to define a list of ‘fuzz vectors’ (known to be dangerous values) for each type and inject these vectors or their recombination into the program.

Here is a list of common fuzz vectors:

  • For Integers: Zero, possibly negative or very big numbers
  • For Chars: Escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands…)
  • For Binary: Random ones
  • For Chars: Escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands…)

Types Of Fuzzing Attacks:

Application Fuzzing: A web application fuzzer tests for buffer overflow conditions, error handling issues, boundary checks, and parameter format checks. Irrespective of the type of system to be fuzzed, the attack vectors are in it’s Input or Output system. Attack vectors for a desktop app are:

  • The UI (testing all the buttons sequences / text inputs)
  • The command-line options
  • The import/export capabilities

In case of a web app, attack vectors can be found in urls, forms, user-generated content, RPC requests, etc.

Protocol Fuzzing: To launch a protocol fuzzing attack, a fuzzer sends forged packets to the tested application and eventually acts as a proxy to modify requests sent to the server and replay them to find a vulnerability.

File Format Fuzzing: In a file format fuzzing attack, the fuzzer generates multiple malformed samples and opens them in a sequence. When the program crashes, the sample is kept for further investigation. Using a file format fuzzing attack, hackers can attack-

  • The Parser Layer (Container Layer): These attacks target file format constraints, structure, conventions, field sizes, flags, etc.
  • The Codec/Application Layer: These are lower-level attacks which aim at the program’s deep rooted information.

Centex Technologies provide complete IT security solution to clients. For more information, contact Centex Technologies at (972) 375 - 9654.              

Reasons Why A Business Needs VoIP

Voice over Internet Protocol or VoIP is also known as IP Telephony. It is a method of delivering voice communications and multimedia messages over Internet Protocol networks. The technology converts the voice signals into digital signals allowing the user to make a call directly from a computer, VoIP phone, smartphone or any other digital device with an internet connection and VoIP application.

Switching to a VoIP telecommunication system offers an array of benefits for businesses:

  • Low Cost-Per-Call: A VoIP telecommunication system converts the communication data into packets and sends it over the IP network as opposed to the traditional telephonic communication channels. In case of traditional methods, calls are placed using phone lines which means a line is taken up by two callers. Since there is a limit to number of phone lines, the calls are expensive, specifically if they are long distance. On the other hand, in case of VoIP, the use of office internet connection to relay communication data makes domestic as well as international calls cheaper.
  • Service Mobility: In case of traditional phone system, a line that runs to a business is assigned its own phone number. This results in limited mobility as user is required to remember right codes for accessing the messages sent to that phone number (when receiving messages on a separate device outside the office). However, VoIP system eliminates the physical limitations and the users can move freely as per the business requirements and avail the communication services on any device equipped with an internet connection and the VoIP application.
  • Efficient Client Interaction: Business needs may require employees to travel which may result in missing important client calls or communications, if using traditional phone systems that are wired to the employee desk inside the office. On the contrary, when using a VoIP system, employees can choose where the call rings and how. For example, the system settings can be made in a way that first few rings are sent to the office. If the employee doesn’t answer, further rings can be forwarded to another device, say a mobile phone or laptop. This helps employees to attend important calls irrespective of their location which improves the efficiency of client interactions.
  • Multi-Functionality: VoIP systems offer an array of additional communication services like instant messaging, presence status, teleconferencing, video conferencing, etc. The systems also allow the users to receive voicemail and faxes over their email. These services enhance the efficiency of business communication within and across the teams.

For more information on why a business needs VoIP, call Centex Technologies at (972) 375 - 9654.          

Ways To Manage 5G Security Challenges

Wireless networks have grown a lot from the first generation (1G) to 4G/LTE networks that offer faster speeds. Now, the stage is being set for 5G that will connect a large number of new devices and sensors with future communication technologies while introducing new capabilities and services.

But with great transformation come great risks! Some security professionals are warning that 5G will also empower the hackers with speed and capabilities to launch high-speed malicious activity across larger number of devices in a short span. A survey indicates that approximately 73% of security professionals have shown high to medium concern on potential impact of 5G on cyber security.

Professionals indicate that 5G will introduce new vulnerabilities in:

  • Supply Chain: 5G supply chain will be at risk of vulnerabilities such as malicious software and hardware, counterfeit components, and poor designs, manufacturing processes and maintenance procedures.
  • Deployment: 5G is expected to use more information and communication technology components, so improperly deployment, configuration or management of equipment and networks may be at risk of disruption & manipulation.
  • Network Security: Since 5G builds upon previous generations, it may be expected to carry forward legacy vulnerabilities such as DDoS attacks, etc.

In lieu of potential 5G risks and vulnerabilities, here are some ways to help you manage 5G security challenges:

  • Prioritize Security: Organizations with security-first mindset are prepared to adopt 5G and other emerging technologies. But, also focus on your customers and in case they don’t have a culture that prioritizes security, help them adopt solutions and services that cover all the aspects of cyber security including incident response strategy.
  • Deploy Standards-Based Devices: Organizations should focus on helping their customers and employees choose IoT devices that are embedded with in-built security features and meet established industry standards for security. It is important to make sure that the devices are capable of offering protection, detection, and mitigation.
  • Adopt Virtualization: A large number of connected devices paired with the speed of 5G can act as a perfect playground for hackers and compound the security issues. Organizations can consider introducing virtualized security controls to help their customers in applying security policies across their environment at a quick speed, while employing automated remediation to help mitigate threats.
  • Combine Threat Intelligence With AI: New capabilities of 5G will introduce new types of vulnerabilities and attacks. Organizations should infuse threat intelligence with AI or Machine Learning to immediately identify, detect and response at the point of attack.
  • Zero-Trust: Organizations should implement zero-trust security policies. It includes verifying everything including user login, data access, incoming data, outgoing data, access requests, etc. without any exceptions.

5G can be used to garner business growth and profits, provided appropriate security measures are adopted.

At Centex Technologies, we educate our clients on the security challenges of 5G and required measures. To know more, call Centex Technologies at (972) 375 - 9654.

Use Of Pirated Games To Spread Cryptojacking Malware

Pirated versions of popular games such as Grand Theft Auto V, NBA 2K19 and Pro Evolution Soccer 2018 attract a large number of gamers as they can download these versions free from different forums. However, there might be a hidden cost associated with these pirated versions of popular games. It has been reported that threat artists are using the cracked or pirated versions of popular games to distribute malware. This malware aims at secretly mining cryptocurrency using the infected systems.

The threat has been identified as Crackonosh and has been found to be active since June 2018. The malware wipes out the antivirus programs installed on the target system and uses the system for mining cryptocurrency.

Understanding Crackonosh

The main aim of Crackonosh is to install XMRig on the infected system. XMRig is a coin miner which is then used by the threat actors to secretly mine Monero cryptocurrency using the cracked software downloaded on the infected machine. Reports suggest that the threat actors have mined over $2 Million, or 9000 XMR in total. As of May 2021, the malware was reported to be still getting about 1000 hits a day.

Here is a brief account of how the malware operates:

Disabling Antivirus

Crackonosh caught the eyes of researchers when a large number of people reported that Avast Antivirus programs were removed from their systems. The malware has the capability to remove antivirus software and disabling security software & updates in addition to the use of other anti-analysis techniques. This makes it harder to discover, detect and remove the malware. Crackonosh can delete antivirus programs that use the command - rd <AV directory> /s /q; where <AV directory> is the default directory name that specific antivirus product uses, for example Adaware, Bitdefender, Escan, F-secure, Kaspersky, McAfee (scanner only), Norton and Panda.

Infection Chain

Here is the brief infection process:

  • The target downloads and installs the cracked or pirated software.
  • The installer runs maintenance vbs and starts the installation process using msi.
  • msi registers and runs the main malware executable serviceinstaller.exe.
  • The executable installs a file titled DLL, which extracts winlogui.exe and downloads winscomrssrv.dll and winrmsrv.exe.
  • These files are contained, decrypted and placed in the folder.

Disabling Windows Defender

The malware deletes Windows Defender and Windows Update by deleting a list of registry entries. The motive is to stop Windows Defender and turn off automatic updates. Later, it installs its own MSASCuiL.exe instead of Windows Defender, which adds a Windows Security icon to the system tray. This tricks the user and prevents him from discovering the removal of original Windows Defender.

Conclusion:

Crackonosh attack re-emphasizes on the fact ‘when you try to steal a software, chances are someone is trying to steal from you.’ Such attacks can be prevented by steering away from downloading and using pirated or cracked software. Also, stay cautious and download software from authentic developer.

Centex Technologies has a team of cyber security professionals who help clients in understanding latest cyber security threats and formulate an effective defense strategy. To know more about latest malware attacks, call Centex Technologies at (972) 375 - 9654.

What Is Disaster Recovery As A Service?

“Disaster Recovery As A Service” or DRaaS can be defined as a cloud computing service model which allows an organization to back-up its data and IT infrastructure on a third party cloud computing environment. It also provides disaster recovery through a SaaS solution to help an organization regain access and functionality to IT infrastructure after a disaster.

Benefits of DRaaS:

Cost Efficiency:

The most important components of disaster recovery include:

  • Preventive measures that reduce the risk of man-made disasters
  • Detective measures aimed at identifying disasters at the earliest
  • Corrective measures to restore lost data and allow affected organization to resume business operations at the earliest, in case a disaster occurs
  • Disaster recovery planning includes using innovative hardware, software and performing on-time updates.

In order to achieve these goals, organizations need to run regular analysis of potential threats, maintain IT systems in optimal conditions, and seek innovative solutions focused on cybersecurity. DRaaS providers take care of these requirements with high efficiency. They also include cloud-based data management where resources are replicated to many different sites to ensure continuous backup even if one site is not available. This helps in reducing the risk of disaster and reduces the cost incurred due to downtime after disaster.

Increased Employee Productivity: In order to execute a disaster recovery plan, it is important that employees should know their roles and responsibilities. When specific roles and responsibilities are assigned in advance, it will increase effectiveness and productivity of the plan. It is important for organizations to have at least two employees who can perform one task. This allows the organization to implement disaster recovery plan even if one of the employees is not available.  Opting for DRaaS allows the organization’s employees to focus on their own tasks as the disaster recovery is managed by the well-trained team of the service provider. Most managed service providers also train employees of the client to handle disaster recovery plan.

Scalability: When a disaster recovery plan is designed, organizations also take scalability into account. The recovery plan should be able to manage increased organizational resources resulting from business growth. Opting for DRaaS allows easy scalability as organizations are just required to convey increased requirements to the service provider and pay accordingly.

Centex Technologies offers an array of managed services to its clients. The services are aimed at ensuring smooth operations and security of clients. To know more about Disaster Recover As A Service (DRaaS), call Centex Technologies at (972) 375 - 9654.

How To Protect Organization's Data?

Protecting data is one of the top priorities for an organization as data theft can lead to leaked user credentials, financial loss, etc., among other notable damages. Cybersecurity teams of an organization need to be proactive in protecting the organization’s data to prevent the repercussions.

Here are five data protection steps to protect your business:

  • Identify What Needs To Be Protected: When formulating a data protection strategy, it is first important to know what you are protecting. There might be some hidden or lost assets connected to the organization’s network. Employ an IT asset management system and run a discovery of organization’s environment to identify every asset that can be a potential source of vulnerability. Additionally, be aware of any software downloaded by employees on their devices and keep a track of shadow IT. Shadow IT on home computers or remote devices used by employees may pose a threat as these are not managed by IT team of organization. IT teams need to learn about software being used by employees and how to protect it.
  • Patch & Update: Installing latest updates helps to keep a software protected as the updates contain patches to any vulnerabilities present in previous versions. Unpatched vulnerabilities are a significant problem. A study has indicated that unpatched vulnerabilities account for approximately 60% of all data breaches. Create a well-defined policy to evaluate and schedule updates and patches. This helps in minimizing downtime and increasing protection.
  • Review The Tools: Efficient integration of information security tools such as antivirus, firewalls, and IDP/IPS into systems can improve data protection. Another important factor is to scale the protection as per the environment, for example consumer grade antivirus software used for securing a home computer would not be effective in case of an organization’s network. Organizations can monitor their environment using a SIEM tool aided by 24/7 security operations center.
  • Spread Security Awareness: The famous Colonial Pipeline data breach was most likely caused by a phishing email. Employees may act as an entry point for a malware and are often targeted by cyber criminals by sending phishing emails or messages. Phishing emails are designed to look more realistic and the sender’s address is usually spoofed to look like a co-worker’s. It is important to educate employees to be able to identify phishing signs and take the required steps. Organize cybersecurity training at every level of hierarchy to keep employees updated about changing cybersecurity protocols.

Centex Technologies assists organizations in identifying their cybersecurity needs and provides services to strengthen the IT security of its clients. To know more about ways to protect an organization’s data, call Centex Technologies at (972) 375 - 9654.