Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hacking Techniques. Show all posts

Cyber Unsafe: How not to be the target of cybercriminals

 

The cyber threat landscape continues to evolve and grow more sophisticated as netizens are being proactively targeted by cybercriminals. It is the browsing habits of users that make cybercrime possible and perhaps more convenient for cybercriminals. Cyber intrusions and online crimes could be prevented by taking correct security measures and being more alert and aware of the tactics employed by criminals, asserts Gaurav Gupta, Manager Clients Services in an IT MNC. 
 
Convergence of technology; the rapid speed at which the internet and technology are evolving has cushioned malicious cyber activities, providing a stronger and more interconnected base for criminals to target users who heavily rely on advanced technology. Gaurav notes that cyber criminals deceive the human mind by manipulating emotions. The various ways in which users do so involve luring users via lucrative deals, lottery schemes, fear of missing out, and other tactics that generate panic among users leading them to become a victim of cyber fraud. 
 
The author and cyber security enthusiast with 9 years of corporate experience working with different MNCs, Gaurav Gupta, further alerts the users to “take everything with a pinch of salt” in cyberspace as the level of cybercrime has skyrocketed at an unprecedented speed, scale, and volume. The emerging trends in cybercrime require a whole new level of expertise and awareness. Understanding and recognizing the cyber threat via studying the patterns is one effective way towards curbing the scope of cybercrime, as per Gupta. He explains that criminals leave traces behind and the artifacts could be quantified to assume the root cause which further could be instrumental for security researchers in developing potential solutions. 
 
Criminals are creative but lazy thereby ensuring basic preventive measures are in place, and exercising the simplest of precautions would significantly reduce one’s chances of being targeted as the ones who are more carefree and careless would be more susceptible to the threat, Gaurav said while giving examples of criminals’ creativity viz. internet and gaming addiction (malware links), exploiting technology like AI, machine language to develop deep fakes, robotic arms, and privacy violations.
 
Perspective is a many-leveled thing, once a user understands and starts seeing things through a researcher and awareness perspective, he’ll be able to protect himself against a wide range of cybercrimes, according to Gupta. He further notes that the human mind is wired to instinctively click and proceed/agree to everything that appears as a formality without paying much heed, cybercriminals exploit these muscle and motor movements of the users while weaponizing their intelligence against themselves. ‘Haste’ in cyberspace, as per the author, could prove to be lethal; in case of doubts users are suggested to be careful, take a step back and go back to verify the doubt while refraining from acting in a hurry. 
 
Users should constantly update themselves and keep up with the latest advancements in technology as it will allow them to stay abreast of the solutions that exist both commercially as well as in academics and research. Users will come across tools, techniques, stories, and methodologies on how to be cyber safe – as elaborately mentioned by Gaurav Gupta in his book “Cyber Unsafe: A Handbook for Preventing Computer Frauds and Cyber Crimes”, co-authored by Garima Gupta. 

Students shall be counseled that ‘social engineering, design flaws, and keylogger’ are the most commonly exploited aspects by criminals as they commit NFC based new frauds – cloning/concealing/synthetic identity theft, cloned plastic cards/skimmers/using fake documents, doctored stills/videos to conduct cyber frauds. Gupta strongly advises against using unknown USB cables to charge as it entails the risk of ‘juice jacking’. Prevention is indeed better than cure in the digital world as well. In order to actively combat the cyber threats, users shall think of it as an obligation to stay updated and exercise the very basic preventive measures to keep themselves and their families safe.

NSA: Risks Linked with Wildcard TLS Certificates and ALPACA Techniques

 

The National Security Agency issued a technical alert cautioning businesses against using wildcard TLS certificates and the new ALPACA TLS attack. 

The NSA advised companies to follow the technical recommendations in its alert and safeguard servers against situations in which attackers may obtain access and decrypt encrypted online traffic. 

While several instances and techniques might aid attackers in decrypting TLS-encrypted data, the NSA clearly specified the usage of wildcard TLS certificates, which many researchers have also warned against in the past.

A wildcard certificate is a digital TLS certificate obtained by a company from a certificate authority that allows the owner to apply it to a domain and all of its subdomains simultaneously (*.example.com). Companies have used wildcard certificates for years because they are less expensive and easier to administer, so administrators apply the same certificate to all servers instead of having to manage several certificates. 

The NSA stated, “A malicious cyber actor who gains control of the private key associated with a wildcard certificate will provide them the ability to impersonate any of the sites represented, and gain access to valid user credentials and protected information.” 

The agency is now advising administrators of both public and private networks to evaluate the necessity for a wildcard certificate inside their networks and prepare to install individual certificates to isolate and restrict potential breaches. 

About ALPACA attack 

Furthermore, the NSA's alert cautions of the new Application Layer Protocol Content Confusion Attack (ALPACA), which was revealed earlier this summer and is similarly vulnerable due to the usage of wildcard certificates. 

The problem was not taken seriously when it was revealed in June because carrying out an ALPACA attack needed threat actors to be able to intercept web traffic, which is challenging in some circumstances. 

However, the research team that identified the assault stated that over 119,000 web servers were exposed to ALPACA attacks, which is a significant amount. Four months later, the NSA is encouraging companies to take the matter seriously, determine whether their servers are susceptible, and reduce the risk, particularly if the organizations deal with sensitive information or are connected to the US government network. 

On October 7, the NSA stated, “NSA recommends NSS, DoD, and DIB administrators ensure their organization’s wildcard certificate usage does not create unmitigated risks, making their web servers vulnerable to ALPACA techniques.”

Here's A Quick Look Into Some Interesting Facts About Website Hacking

 

How many websites are hacked every day? How frequently do hackers attack? Are there any solutions to fix the vulnerabilities? Which are the most hacked websites? These are some basic questions that arise in the reader’s mind. So, in this article, you will get to know the latest statistics regarding website hacking.

Sadly, cyber-attacks are the harsh reality of today’s world and have become so rampant that it’s impossible to count the number of attacks. It requires thorough research, manpower, time, equipment’s and money to conduct a global study that reaches out to millions of people and organizations.

 Number of websites hacked in a year

You will be surprised to know that nearly 1.2 billion sites are running across the globe. It is such a large web that it is impossible to keep watch over. Google’s Safe Browsing tries to alert users about malicious websites and it currently conveys nearly 3 million warnings per day. Out of 1.2 billion sites, between 1-2% have some Indicator of Compromise (IoC) that indicates a website attack.

According to a recent study, nearly 66% of the organizations are not equipped to handle cyber-attacks nor with the financial or reputation damage of a security breach. Threat actors install the malware in sites and such websites get excludes by firms like Google every day.

Different methods of hacking the websites 

Threat actor generally uses 3 methods to hack the website: 

• Access control 

• Software vulnerabilities

• Third-party integrations

Access control indicates particularly the process of authentication and authorization, in simple terms how you log in. Login not only refers to your website’s login, but it also refers to the number of interconnected logins tied together behind the scenes. Threat actors generally use brute force attacks by guessing the possible username and password combinations to log in as the user. 

Software vulnerability, the most reliable method for hackers to breach security. Threat actors use Remote Code Execution (RCE) to hack the website and discover vulnerabilities in the website application code, web development framework, and operating system.

Threat actors also hack the website via third-party integration techniques. Threat actors exploit the vulnerability in the servers of third-party and use it as a doorway to exploit to gain access to your website. These can involve services that you use particularly with your website and its hosting. 

3 simple techniques to protect your website 

• Keep track of frequently compromised vulnerabilities. Every security patch will make it harder for hackers to target your website. 

• Use Web Application Firewall for limiting the exploitation of software vulnerabilities. This firewall also acts as a shield between web traffic and web patches.

• Take the guidance of certified security professionals who manages regular security audits.

Nespresso Prepaid Vending Machines Hacked by a Belgian Researcher for Free Coffee

 

Polle Vanhoof, a Belgian cybersecurity researcher discovered there a flaw in the older Nespresso prepaid coffee machine smart cards and exploited the vulnerability to acquire virtually limitless free drinks.

Vanhoof revealed the vulnerability in Nespresso coffee machine smart cards back in September 2020 and he openly lauded the efforts of Nespresso for managing the issue and now with Nespresso’s approval, he has published his article regarding the flaws in the payment system. Nespresso is unperturbed that other coffee vendors can use this vulnerability to their advantage because this hacking method can only be applied on the older payment cards that have a network connection. 

Modus operandi of this hack

Nespresso payment system operates on ‘stored-value wireless payment card’, it is identical but different from how the modern credit card works. Here wireless refers to the card which uses Near Field Communication (NFC), NFC is used by credit cards, modern door security cards, and nearly in every passport issued in the past decade. 

When someone waves an NFC card close to the NFC reader, the card begins to power up due to the electromagnetic emissions from the reader (which needs to be attached to the power supply), the card powers up due to the antenna present on it in the form of a metal coil that produces electricity as it moves via a magnetic field. The electrical energy which is left in the charged-up card is utilized for a short, wireless exchange of cryptographic data with the NFC reader. It means that NFC cards do not require a battery so they can be tiny, flat, light, and cheap. 

Vanhoof disclosed that older Nespresso cards operate on the Mifare Classic NFC chip and this chip does not have strong enough cryptography which makes the NFC cards vulnerable. NFC cards require a delicate balance of low power consumption with high cryptographic power and in the case of Mifare classic, this balance is more in the favor of the attacker. Mifare Classic runs on a stripped-down 48-bit cipher called Cryptol instead of a well-acknowledged and publicly documented algorithm called AES-128.

Cyber Security Researcher Exposes the Biggest Threat Regarding YouTube Users Privacy

 

David Schutz, a security researcher uncovered the potential unauthorized access to a user’s viewing history, favorites, and playlists by the threat actors. Threat actors manipulated the website and embedded a YouTube video to secure access to a user’s viewing history and playlists.

Threat actors managed to earn $1,337 via the security bug, Schutz explained that he discovered the vulnerabilities by linking two things – in a somewhat “unexpected” manner. Website developers utilize YouTube embedded player to embed videos into their own site and this player also has a feature known as API (Application Programming Interface). 

API lets users embed functions commonly executed on YouTube into their personal website or application. API also allows the users to retrieve, insert, delete or update many of these resources. A resource constitutes a kind of item that comprises part of the YouTube experience which includes loading a new video or playlist, subscription, play/pause the player.

Every user on YouTube has a few personal playlists, for example, the playlist with the ID ‘HL’ comprises the user’s viewing history and the ID with ‘WL’ contains the user’s view later and so on.

David Schutz explained the vulnerabilities via blog post: “Since the YT embedded player is also logged in to YT, a malicious website could have embedded a player, instructed it to play e.g., the ‘HL’ playlist (which would start playing the currently visiting user’s watch history), and get the contents of the playlists using the API the embedded player has, thereby stealing the watch history of the user who opened the website”.

“The attacker could also have prepared a page for a specific victim, which when opened by that victim, would steal the victim’s unlisted videos (which otherwise would require knowing the ID to watch). The main issue was that you were able to load private playlists into the player in the name of the victim, and later steal the contents of those private playlists,” the post further read.