Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label VPN. Show all posts
VPN
Bitcoin BTC Chivo Wallet Code Leak cryptocurrency Cyberattacks CyberCrime Cybersecurity El Salvador Privacy Security Breach Technical Breach VPN

Cryptocurrency Chaos: El Salvador's Bitcoin Wallet Code Leaked, Privacy at Risk

 


There was a security breach with El Salvador's state Bitcoin wallet, Chivo, after hackers from the group CiberInteligenciaSV leaked a part of its source code to a hacking forum. In the earlier leak of personal data belonging to nearly all of El Salvador's adults, the code from Chivo Wallet ATMs as well as VPN credentials had been exposed. According to the wallet administration, there has been no compromise with the security of the wallet's data. 

Chivo Wallet had several challenges since it was revealed that it would be the official Bitcoin storage tool after its launch, so this event has become another blight on the Chivo Wallet. President Nayib Bukele set Bitcoin (BTC) as legal tender in El Salvador in 2021 to make digital payments more convenient. However, security breaches and technical issues have made the adoption of Bitcoin (BTC) difficult. 

The Chivo Wallet has been criticized by consumers for its slow operation, app crashes, vulnerabilities to exploitation, and lack of official backing, despite its official backing. The Chivo Wallet company has responded to allegations that it was linked to a data breach in which over 5 million Salvadorans' personal information was allegedly exposed. 

In addition to full names, unique identifiers, dates of birth, addresses, phone numbers, emails, and photographs, all of this data was leaked. The data had been rumoured to be related to the KYC processes that the Salvadoran government required its citizens to complete before they could be offered incentives, such as $30 in Bitcoin at the wallet’s launch, by the Salvadoran government. 

On April 6, the hacker group CiberInteligenciaSV compromised 5.1 million Salvadoran data. Recently, the same hackers leaked the source code for Chivo Wallet and the VPN credentials for the ATM network. The Chuvo Bitcoin wallet, backed by the government, has caused controversy among peer-to-peer money enthusiasts and crypto punks alike for its custodial status. 

In a press release published on X (formerly Twitter) on April 24, the company commented on the matter, describing it as “fake news.” Furthermore, a group of individuals from the Salvadoran community who downloaded the wallet have released over 144 GB of data containing their personal information. Even though it was available for purchase on various channels since August, it was only leaked for download on April 5. 

This data includes a user's full name, unique identifier, date of birth, address, and a high-definition picture of their face, as well as their full name, unique identifier, and date of birth. Also included in this week's leaked information was the file Codigo.rar, which contained information on El Salvador's Chivo ATM network, including the code and VPN credentials for the network.

Government officials have yet to come out with a formal statement regarding either of the hacks that took place this month. As a result of the leak of the code and VPN details of the source, the Chivo wallet system is at risk of being compromised, making hackers able to gain access to users' accounts or control them unauthorizedly. 

The particularity of the data exposed previously affects almost the entire adult population of El Salvador, which makes them fear identity theft and fraud as a result of the exposure of personal data previously exposed. In light of these breaches, security experts advise users to be vigilant and to monitor their accounts for any suspicious behaviour if they see anything strange. 

El Salvador is a country where incompetence is prevalent and there is a good chance that this will have a significant impact on the financial ecosystem as well, as trust in the government's digital solutions might wane as a result. In the beginning, the Chivo software was plagued with numerous software bugs and technical glitches as users reported numerous problems with the software. 

Despite the President's promise to give them $30 for downloading the Chivo wallet, some people were not able to withdraw money from Chivo because some had trouble getting it. The Salvadoran government announced last year that over 100 ATMs across the country will be equipped with lightning network technology in Q4 2024. 

Over 100 ATMs across the country will be equipped with this technology. In theory, this technology could allow Salvadorians to withdraw and deposit Bitcoins in an easier and faster manner with a lower fee. It was reported in October by a Salvadoran newspaper that only about 2% of the Salvadoran population was making remittance payments through the wallet, which had been its main selling point for a long time. 

It has yet to be decided whether or not the Salvadoran government will declare a policy on this issue or formally address the issue. The state of El Salvador has become the first in the world to adopt Bitcoin as a legal tender in 2021, promoting the Chivo wallet as one of the official mediums used to engage with Bitcoin by its citizens. 

The fact that these security issues exist in addition to the absence of communication from the authorities leaves the Salvadorans with an uncomfortable sense of uncertainty as to whether or not their personal information is safe and if this digital wallet offered by the state is reliable.
Read more »
VPN security
Safe Browsing Technology VPN VPN Hacking VPN security

Is Your VPN Safe? Or Can It be Hacked?


A virtual private network is one of the simplest ways for consumers to secure their internet activity. VPNs utilize tunneling technology to encrypt a user's online traffic and make it unreadable to prying eyes.

This additional layer of security has become a popular choice for both businesses and customers seeking to secure their privacy. According to Statista, more than 24% of all internet users in 2023 utilized a VPN to protect their internet connection.

With such widespread use, one might wonder if VPNs are impervious to hacking. Are they susceptible to hacking? Can VPNs be used to steal user data instead of securing it?

Can VPNs be hacked?

VPNs, like any other software, can be hacked. No software is perfect, and VPNs, like all internet-based technologies, are vulnerable to various threats. That being said, a good VPN will be extremely difficult to crack, especially if it has a secure server infrastructure and application.

VPNs function by creating a secret connection via which your internet activity is encrypted and rendered unreadable. Your internet traffic is routed via a VPN server, which masks your IP address and gives you an extra degree of privacy online.

This encryption protects critical user data including your IP address, device location, browsing history, and online searches from your internet service provider, government agencies, and cybercriminals.

VPNs provide simple safety for your online activity by encrypting user data and routing it over a secure channel. However, this does not render them invincible.

There are a few vulnerabilities in VPNs that hackers can exploit or target. Let's look at a few of them:

How VPNs Can Be Hacked

Breaking the VPN encryption

One approach to hack VPNs is to break through the encryption. Hackers can employ cryptographic attacks to break poorly constructed encryption ciphers. However, breaking encryption requires a significant amount of effort, time, and resources.

Most current VPNs use the Advanced Encryption Standard (AES-256) encryption method. This encryption standard encrypts and decrypts data with 256-bit keys and is commonly regarded as the gold standard in encryption.

This is because AES-256 is nearly impregnable, taking millions to billions of years to brute force and crack even with today's technology. That is why many governments and banks employ AES-256 encryption to protect their data.

In any event, most modern VPN companies use AES-256 encryption, so there isn't anything to worry about.

VPNs employing outdated tunneling protocols

Hackers can also attack older VPN tunneling standards. Tunneling protocols are simply a set of rules governing how your data is processed and transmitted via a certain network.

We wish to avoid utilizing old protocols like PPTP and L2TP/IPSec. These protocols are outdated and are regarded as medium to low security by modern standards.

PPTP, in example, is an older technology with documented weaknesses that unscrupulous actors can exploit. In contrast, L2TP/IPSec provides better security but slower performance than newer protocols.

Fortunately, more recent VPN protocols such as OpenVPN, WireGuard, and IKEv2 offer an excellent balance of high-level security and speed.

DNS, IP, and WebRTC leaks

Malicious actors can also steal user data via VPN leaks. VPN leaks occur when user data is "leaked" from the secure VPN tunnel as a result of a bug or vulnerability inside the software. The primary types of VPN leaks include the following:

DNS leaks occur when the VPN reveals your internet activity, such as DNS queries or browsing history, to the ISP DNS server despite being connected over an encrypted VPN connection.

IP leaks occur when your IP address is accidentally leaked or exposed to the internet, undermining the primary function of a VPN in disguising your true IP address and location.

WebRTC leaks are browser-based leaks in which websites gain unauthorized access to your actual IP address by bypassing the encrypted VPN connection.

VPNs inherently log user data

Finally, hacking is possible when VPN providers access customer data without their authorization.

While many VPN services promise to have no-logs policies, indicating that they are not keeping user data, VPNs have been shown to store user information notwithstanding these rules.

Why should you still invest in a VPN?

Even after understanding the various ways VPNs can be exploited, utilizing a VPN is significantly more secure than not using one. VPNs enable you and your organization to mask your IP address with the touch of a button.

Hiding your IP address is critical because criminal actors can exploit it to send you invasive adverts, learn your location, and collect information about your personal identity. VPNs are one of the simplest and most accessible ways to accomplish this.

VPNs are also an excellent solution for larger enterprises to maintain the security of company data, especially if your company has distant employees who access company resources via the Internet.

Read more »
VPN
Antivirus Cyber Security Digital Privacy NordVPN Norton VPN

Are VPNs Undertaking To Oversee All Digital Security?

 




In the past decade, the services of Virtual Private Networks (VPNs) have drastically transformed. Once solely focused on providing secure internet connections, VPN companies are now expanding their offerings into comprehensive privacy and security suites. This shift reflects a growing trend towards convenience and a desire for centralised solutions in the realm of digital privacy.

All-in-One Security Suites

Traditionally, users selected separate software for various privacy needs, such as antivirus, email encryption, and cloud storage. However, VPN providers like ProtonVPN, NordVPN, and PureVPN are now consolidating these services into all-encompassing suites. For instance, Proton's suite includes Proton Drive, Calendar, Pass, and SimpleLogin, with recent acquisitions like Standard Notes further broadening its set of attributes.

The Appeal of Comprehensive Solutions

The allure of all-in-one suites lies in their simplicity and integration. For users seeking convenience, having a unified ecosystem of software provides a seamless experience across devices. Moreover, opting for a suite from a trusted VPN provider ensures a semblance of stability in data protection, reducing the need to entrust personal information to multiple companies.

Suite or Standalone?

While broad-gauged suites offer convenience, there are trade-offs to consider. For instance, bundled antivirus software may not match the quality of standalone solutions from established brands like Norton or Kaspersky. However, for casual users primarily interested in accessing geo-restricted content, the added privacy benefits of a suite may outweigh any performance drawbacks.

Do People Want Security Suites?

The increasing prevalence of all-in-one security suites suggests a demand among consumers for integrated privacy solutions. VPN providers, driven by market demand and profitability, continue to build up their course of offerings to cater to diverse user needs. The success of multi-billion dollar enterprises like NordVPN pinpoints the viability of this business model.


As VPN companies diversify and find their centre in becoming a go-to destination for online security, consumers are urged to trace their steps with caution and conduct thorough research before subscribing to a security suite. While the convenience of a cohesive ecosystem is undeniable, it's essential to prioritise individual needs and preferences. By making informed decisions, users can maximise the benefits of all-in-one security suites while minimising potential drawbacks.

Conclusion 

The transformation of VPNs into all-in-one security suites reflects a broader trend towards integrated privacy solutions. While these suites offer utility and unified protection, users should carefully evaluate their options to reach a choice that agrees with their privacy priorities. Then, if you decide to shake hands with a cohesive suite, you might just have all your security concerns moored to the other side, which pronounces a safe and sound experience. As technology continues to take breadth, staying educated and proactive remains the crucial step in establishing a secure digital presence. 


Read more »
VPN
2024 cyber crimes CISA Cyber crimes cybersecurity advisory Cybersecurity Experts Data Breach Data protection FBI IMF VPN

Rising Cybercrime Threats and Prevention Measures Ahead of 2024

 

According to projections from Statista, the FBI, and the IMF, the global cost of cybercrime is anticipated to experience a substantial increase. By 2027, it is estimated to surge to $23.84 trillion, marking a significant rise from the $8.44 trillion reported in 2022. 

Security expert James Milin-Ashmore, from Independent Advisor VPN, has provided a comprehensive list of 10 crucial guidelines aimed at enhancing digital safety by avoiding sharing sensitive information online. 

These guidelines serve as proactive measures to combat the rising threat of cybercrime and safeguard personal and confidential data from potential exploitation. 

1. Avoid Sharing Your Phone Number on Random Sites 

Sharing your phone number online can expose you to a range of security risks, warns an expert. Cybercriminals could exploit this information to gather personal details, increasing the likelihood of identity theft and other malicious scams: 

  • Subscriber Fraud: Scammers set up fake cell phone accounts with stolen info. 
  • Smishing: Fraudsters send text messages to trick victims into revealing data or visiting harmful sites.
  • Fake Call Frauds: Scammers pose as legitimate entities to extract sensitive information. 
  • Identity Theft: Phone numbers are exploited to commit financial fraud and impersonate individuals. 

2. Do Not Update Your Current Location 

It is not new or unknown that people share their current locations on social media handles however, experts caution against sharing personal addresses or current locations online, citing heightened risks of theft, stalking, and malicious online activity. 

Such information can be exploited to tailor phishing attempts, rendering them more convincing and increasing the likelihood of falling victim to scams. 

3. Do Not Post Your Holiday Plans 

As the holiday season approaches, many individuals may feel inclined to share their vacation plans on social media platforms. However, security experts are warning against this seemingly innocent practice, pointing out the potential risks associated with broadcasting one's absence from home. 

Announcing your vacation on social media not only informs friends and family of your whereabouts but also alerts criminals that your residence will be unoccupied. This information could make your home a target for burglary or other criminal activities. 

4. Do Not Take Risks of Sharing Password Online 

Passwords serve as the primary defense mechanism for safeguarding online accounts, making them crucial components of digital security. However, security expert emphasizes the importance of protecting passwords and refraining from sharing them online under any circumstances. Sharing passwords, regardless of the requester's identity, poses a significant risk to online security. 

Unauthorized access to sensitive accounts can lead to various forms of cybercrime, including identity theft, financial fraud, and data breaches. 

 5. Protect Your Financial and Employment Information 

Experts caution against sharing sensitive financial or employment details online, highlighting the potential risks associated with divulging such information. Financial details, including credit card numbers and bank account details, are highly sought after by online fraudsters. Similarly, sharing employment information can inadvertently provide criminals with valuable data for social engineering scams. 

 6. Protect Your ID Documentation 

Expert urges individuals to refrain from posting images of essential identification documents such as passports, birth certificates, or driver's licenses online. These documents contain sensitive information that could be exploited by identity thieves for various criminal activities, including opening unauthorized bank accounts or applying for credit cards. 

7. Stop Sharing Names of Your Loved Ones/Family/Pets 

Security experts advise against sharing personal details such as the names of loved ones or pets online. Hackers frequently attempt to exploit these details when guessing passwords or answering security questions. 

 8. Protect Your Medical Privacy 

Your medical history is a confidential matter and should be treated as such, caution experts. Sharing details about the hospitals or medical facilities you visit can inadvertently lead to a data breach, exposing personal information such as your name and address. 

 9. Protect Your Child's Privacy 

Expert warns against sharing information about your child's school online, as it can potentially put them at risk from online predators and expose them to identity theft. 

 10. Protect Your Ticket Information 

Expert advises against sharing pictures or details of tickets for concerts, events, or travel online. Scammers can exploit this information to impersonate legitimate representatives and deceive you into disclosing additional personal data. 

Furthermore, in 2023, the Internet Crime Complaint Center (IC3) reported a staggering surge in complaints from the American public. A total of 880,418 complaints were filed, marking a significant uptick of nearly 10% compared to the previous year. 

These complaints reflected potential losses exceeding $12.5 billion, representing a substantial increase of 22% in losses suffered compared to 2022. Also, according to the Forbes Advisors, Ransomware, Misconfigurations and Unpatched Systems, Credential Stuffing, and Social Engineering will be the most common threats in 2024.
Read more »
Wifi vulnerability
Cyber Security Hacking Risk Information Security Public Wifi VPN WiFi Wifi vulnerability

Hidden Dangers of Public Wi-Fi: What A Traveler Needs To Know

 

Public Wi-Fi networks have become ubiquitous in our modern world, offering convenience and connectivity to travellers and commuters alike. However, beneath the surface lies a web of hidden dangers that could compromise your privacy and security. As an expert in cybersecurity, it's crucial to shed light on these risks and provide travellers with the knowledge they need to protect themselves in an increasingly connected world. 

One of the most significant dangers of connecting to public Wi-Fi is the risk of falling victim to a cyberattack. These networks are often unsecured, making it easy for hackers to intercept sensitive information transmitted over them. From passwords to financial data, travellers risk exposing their most personal information to prying eyes. Another hidden danger of public Wi-Fi is the prevalence of rogue hotspots. 

These malicious networks are designed to mimic legitimate Wi-Fi networks, tricking unsuspecting users into connecting to them. Once connected, hackers can launch various attacks, from phishing scams to malware downloads, putting travellers' devices and data at risk. Furthermore, public Wi-Fi networks are often monitored by cybercriminals looking to steal valuable information from unsuspecting users. 

By intercepting unencrypted data packets, hackers can gain access to usernames, passwords, and other sensitive information, leaving travellers vulnerable to identity theft and fraud. To mitigate the risks associated with public Wi-Fi, travellers should take proactive measures to protect themselves and their data. One of the most effective ways to stay safe is to avoid connecting to public Wi-Fi networks altogether, especially when handling sensitive information such as online banking or email access. 

If connecting to public Wi-Fi is unavoidable, travellers should use a virtual private network (VPN) to encrypt their internet traffic and protect their data from prying eyes. Additionally, travellers should enable two-factor authentication on all their accounts to add an extra layer of security against unauthorized access. It's also essential for travellers to keep their devices and software up-to-date with the latest security patches and updates. 

By regularly updating their devices, travellers can patch known vulnerabilities and reduce the risk of falling victim to cyberattacks. In conclusion, while public Wi-Fi networks offer convenience and connectivity to travellers, they also pose significant risks to privacy and security. By staying vigilant and taking proactive measures to protect themselves and their data, travellers can minimize the hidden dangers of public Wi-Fi and enjoy a safer and more secure travel experience.
Read more »
VPN
Antivirus Cybersecurity Data Breach malware Public Wifi VPN

The Cyber Risks Of Using Unsecured Wi-Fi Networks And How To Avoid Them

 



In the hustle and bustle of our daily lives, public Wi-Fi has become a lifeline for many. Whether in coffee shops, airports, or local hangouts, the convenience of free Wi-Fi is undeniable. However, a recent study by NordVPN draws light on a concerning trend – 41% of Brits risk connecting to unsecured public Wi-Fi, despite being aware of the potential cyber threats. Let's break down why this matters and what you can do to protect yourself.


Understanding the Risks

Connecting to public Wi-Fi might seem harmless, but cybercriminals are ingenious opportunists. They can infiltrate your devices and compromise sensitive information. Even on seemingly secure sites, hackers can access your data, deposit malware, and use tactics like ARP spoofing and DNS poisoning. These techniques allow them to pretend to be your device, intercept data, and even lead you to malicious sites without your knowledge.

Recent advancements include malware components using Wi-Fi triangulation to determine your device's real-world location. The purpose of this geolocation remains unclear, but it could potentially be used for intimidation tactics. The good news is that having malware removal and antivirus programs installed can effectively combat infections and safeguard your device.


Safety Measures

To combat the risks associated with unsecured public Wi-Fi, consider using Virtual Private Networks (VPNs). These tools act as your cyber bodyguard by encrypting your online identity. This ensures your browsing history is not stored on your device. VPNs establish a secure connection between your device and a remote server, adding an extra layer of protection against potential threats on unsecured networks. They also allow you to hide your IP address and bypass content blocks or firewalls, enhancing both privacy and security. It's akin to sending a sealed letter through the internet. Choose reputable websites with secure connections when entering personal information online. 

Understanding the risks is crucial, but taking steps to protect yourself is equally important. Here's a user-friendly guide:

1. Avoid Unsecured Wi-Fi:

When possible, steer clear of unsecured public Wi-Fi. If you must connect, be mindful of the information you access.

2. Use VPNs:

Consider using a VPN to encrypt your online data, safeguarding your privacy while using public Wi-Fi.

3. Keep Software Updated:

Ensure your device has updated antivirus and malware removal tools to detect and prevent potential threats.

4. Stay Informed: 

Stay updated on the latest cybersecurity threats and best practices to navigate the digital landscape safely.


Public Wi-Fi is like leaving your front door unlocked; it's convenient, but it invites trouble. Hackers love unsecured Wi-Fi because it's an easy way to grab your sensitive data. By understanding these risks and implementing simple yet effective cybersecurity measures, you can enjoy the benefits of public Wi-Fi without falling victim to cyber threats. Prioritise your online safety and navigate the cyber world with confidence.


Read more »
Vulnerabilities and Exploits
cyber attack Cyberattacks Ivanti system hacked USA VPN Vulnerabilities Vulnerabilities and Exploits

Ivanti US Faces Security Crisis, Threatening Worldwide Systems


In a recent development, a critical server-side request forgery (SSRF) vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being actively exploited by multiple attackers, raising concerns over the security of affected systems worldwide. 

Let's Understand SSRF and Its Impact 

SSRF vulnerabilities allow attackers to send crafted requests from the vulnerable server, potentially leading to unauthorized access to internal resources, sensitive data exposure, or even full system compromise. Imagine you have a key to open doors in a building. Now, imagine someone tricks you into using that key to open doors you are not supposed to. That is what happens in an SSRF attack. 

Normally, a website can only talk to the outside world through your web browser. But in an SSRF attack, the bad guys make the website talk to other places it is not supposed to, like secret internal parts of a company's network or even random outside websites. This can lead to big problems. 

For example, if the website connects to a secret part of a company's network, the bad guys might steal important information. Or if it connects to a random website, it might give away sensitive data, like your passwords or credit card numbers. 

Ivanti and the Vulnerabilities 

Ivanti raised the alarm about a critical flaw in the gateway's SAML components on January 31, 2024. This vulnerability, identified as CVE-2024-21893, was immediately classified as a zero-day exploit, indicating that hackers were already taking advantage of it. Initially, the impact seemed limited, affecting only a small number of customers. 

However, the exploitation of CVE-2024-21893 opened the door for attackers to sidestep authentication measures and gain unauthorized access to restricted resources on vulnerable devices, specifically those operating on versions 9.x and 22.x. 

Now, according to the threat monitoring service Shadowserver, the situation has escalated. They have detected numerous attackers capitalizing on the SSRF bug, with a staggering 170 unique IP addresses attempting to exploit the vulnerability. This widespread exploitation poses a significant threat to the security of affected systems and the data they hold. 

The disclosure of CVE-2024-21893 revealed a series of critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure VPN appliances. Alongside CVE-2024-21893, two other zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, were also identified on January 10, 2024, prompting Ivanti to release temporary mitigations. 

These vulnerabilities were exploited by the Chinese espionage threat group UTA0178/UNC5221, resulting in the installation of webshells and backdoors on compromised devices. Despite initial mitigations, attackers managed to bypass defenses, compromising even device configuration files. 

What Measures Company is Taking? 

Ivanti postponed firmware patches scheduled for January 22 due to the sophisticated nature of the threat. Given the active exploitation of multiple critical zero-days, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has mandated federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances. 

Only devices that have been factory reset and updated to the latest firmware should be reconnected. However, older versions without a patch remain vulnerable. While this directive is not compulsory for private organizations, they are strongly advised to assess the security status of their Ivanti deployments and overall environment, considering the potential risks posed by these vulnerabilities. 

About the Company 

Ivanti is a company based in Utah, USA, that makes different kinds of computer software for things like keeping your computer safe, managing IT services, tracking IT assets, managing all your devices from one place, controlling who has access to what, and managing the supply chain. It was created in 2017 when two companies, LANDESK and HEAT Software, joined together. Later, they also bought another company called Cherwell Software. Ivanti became more famous because of some big problems with the security of the VPN hardware they sell.
Read more »
VPN
Microsoft Security Service Edge SSE SSE vs VPN Technology Virtual Private Network VPN

Which is Better: VPN or Microsoft Security Service Edge (SSE)?


In the ever-evolving world of artificial intelligence and cybersecurity threats, Microsoft has unveiled Microsoft Global safe Access, also known as Security Service Edge (SSE), serving as a ground-breaking solution for safe remote access. 

Designed to improve the connectivity between workplaces, cutting-edge technology provides a safe and convenient substitute for conventional VPNs. 

In response to the changing needs of network security, Microsoft has released Global Secure Access, which is presently in preview. Microsoft Entra Internet Access and Microsoft Entra Private Access are its two primary components. These elements combine network, identity, and endpoint access restrictions into a comprehensive solution when combined with Microsoft Defender for Cloud Apps. This makes it possible to access any program or resource securely from anywhere.

Microsoft Entra Internet Access

This service secures access to Microsoft 365, SaaS, and public interest applications. It protect online users, devices, and data against online threats, offering top-level security and visibility. 

Its features involves:

  • Prevention of token replay with compliant network checks. 
  • Application of universal tenant restrictions. 
  • Enriched logs for enhanced security. 
  • Deployment alongside third-party SSE solutions. 
  • Protection of user access to the public internet through a cloud-delivered, identity-aware Secure Web Gateway (SWG).

Microsoft Entra Private Access

Whether working remotely or in an office, Microsoft Entra Private Access guarantees secure access to corporate and private resources for users. Without the need for a VPN, it increases access to any private resource, port, and protocol. Important characteristics consist of:

  • Zero Trust-based quick access to a range of IP addresses and/or FQDNs. 
  • Per-app access for TCP apps. 
  • Modernization of legacy app authentication. 
  • Seamless end-user experience with integration into existing third-party SSE solutions.

Security Security Edge (SSE) vs VPN 

To illustrate the differences between Security Service Edge (SSE) and Virtual Private Networks (VPN), below is a brief comparison:

Security Service Edge (SSE)

  • Definition: SSE is a comprehensive framework for cloud-based security that combines several security services. It is intended to safeguard user-accessed data, apps, and resources regardless of where they are located. 
  • Components: Includes services like Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS). 
  • Security Approach: Emphasizes identification and context-based security. It ensures secure access based on user identification and context by operating under the principle of "never trust, always verify." 
  • Deployment: Cloud-native, offering global scalability and ease of deployment without the need for on-premise hardware. 
  • Access Control: Provides granular access control to applications and data, often integrating with existing identity management systems. 
  • User Experience: provides an unparalleled user experience because it does not need consumers to join a particular network. When it operates, it is transparent.

Virtual Private Network (VPN)

  • Definition: VPN technology connects distant users to an organization's network by building a safe, encrypted tunnel across the internet. 
  • Components: Primarily consists of VPN client software and VPN servers. 
  • Security Approach: Encrypts data in transit from the user to the VPN server. Once users authenticate and establish a VPN connection, it starts to trust them. 
  • Deployment: Can be cloud-based or on-premise, often requires specific hardware and software setup. 
  • Access Control: Usually grant access to the entire network, which can be a security risk if not managed properly. 
  • User Experience: Since users must establish a VPN connection in order to access corporate resources, the user experience may be less effortless. Performance problems and slower connections may occasionally occur.

Key Differences

  • Security Scope: SSE provides much better and a range of security services than the primarily encryption-based VPN. 
  • Access Control: Whereas VPNs frequently allow for more extensive network access, SSE offers more context-based and granular access management. 
  • Deployment and Scalability: SSE is scalable and cloud-native by nature, whereas VPNs may have hardware and network capacity limitations. 
  • User Experience: Compared to VPNs, which need an active connection and might reduce internet speeds, SSE often provides a more transparent and frequently faster user experience.

Overall, while VPNs provide secure network access, SSC offers a rather accurate, flexible and contemporary approach to security, appropriate for cloud-based organizations and distant work scenarios. In summary, while VPNs are effective for secure network access, SSE offers a more comprehensive, flexible, and modern approach to security, especially suitable for cloud-based environments and remote work scenarios.  

Read more »
VPN
Anonymous Hacker Crypto cryptocurrency Data Breach. Decentralization Digital Tokens IP Address Online Data Server User Privacy VPN

Nym's Decentralized VPN: A Game-Changer for Online Privacy


Nym, a privacy technology company, is getting ready to introduce a decentralized VPN (Virtual Private Network) that aims to completely change how we safeguard our online data and preserve our privacy in a quickly changing digital environment where online privacy is getting harder to define. An industry game-changer in the field of online security, this breakthrough is scheduled to launch in early 2024.

Nym's ambitious project has garnered significant attention from the tech and cryptocurrency community. With concerns about surveillance, data breaches, and cyberattacks on the rise, the need for robust online privacy solutions is more critical than ever. Traditional VPNs have long been a popular choice for protecting one's online identity and data. However, Nym's decentralized VPN takes privacy to the next level.

One of the key features of Nym's VPN is its decentralized nature. Unlike traditional VPNs that rely on centralized servers, Nym's VPN leverages a decentralized network, making it far more resistant to censorship and government intervention. This feature is particularly important in regions where internet freedom is limited.

Furthermore, Nym's VPN is powered by a privacy-centric cryptocurrency called NYM tokens. Users can stake these tokens to access the VPN service or earn rewards for supporting the network. This innovative approach not only incentivizes network participation but also ensures a high level of privacy and security.

The decentralized VPN is designed to protect users from surveillance and data harvesting by hiding their IP addresses and routing their internet traffic through a network of anonymous servers. This means that users can browse the web, communicate, and access online services without revealing their true identity or location.

In addition to its privacy features, Nym's VPN is being developed with a strong focus on speed and usability. This means that users can enjoy the benefits of online privacy without sacrificing their internet connection's speed and performance.

Since Nym is a big step toward a more secure and private internet, the IT industry is excited about its impending introduction. Users seeking to protect their online activity will have access to a cutting-edge, decentralized solution as 2024 draws near.

Nym's decentralized VPN stands out as a ray of light in a world where threats to internet privacy are omnipresent. Its distinctive approach to privacy, robust security features, and intuitive design have the power to revolutionize the way we safeguard our personal information and identities online. When Nym launches in early 2024, it will surely be a turning point in the continuous struggle to protect internet privacy in a connected society.

Read more »
VPN
Chrome Cyberattacks CyberCrime Data Cookies data threat Google IP Address Privacy VPN

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.
Read more »
Wi-Fi Networks
Cyber Security Cyberattacks CyberCrime Data Privacy Data Safety Free Wi-Fi Google Public Networks VPN Wi-Fi Networks

Guard Your Data: The Pitfalls to Avoid on Public Wi-Fi Networks

 


Since remote and hybrid working has become increasingly prevalent, many office workers no longer have to be in the office constantly. Many people can work from their homes, but sometimes it is nice to change scenery – which is why some people work from cafes, coffee shops, or even unconventional locations such as a boat or van – even though working from home is a great option for many people. 

It is possible that working people may be on their way to work, or even on vacation, and need to be able to check in on e-mail, social media, or banking applications from an airport, hotel lobby, or conference centre as they go, such as while in an airport, hotel lobby, or conference centre.  

This will make it likely that the public spaces in which they stay will have free Wi-Fi available to all visitors. As a result of the venue's free Wi-Fi, customers can make use of the internet, which is useful for them, and could encourage them to stay in public areas for a longer period.  

It is common for public Wi-Fi networks not to be equipped with the necessary security measures called encryption, which scrambles the information that is sent from their computer or device to the router so strangers cannot access it. 

Cybercrooks could intercept the information that they send over these networks if there is no security measure in place to protect it from them. There are several security risks associated with public Wi-Fi, including hackers taking advantage of the lax security of the network to monitor users' Wi-Fi connection and steal their personal information and passwords, or even take over their accounts online if proper precautions are not taken.

Among the information gathered could be the passwords of bank accounts and social media accounts, as well as personal information. An internet snoop could also observe which websites the users visit and the data they enter into web forms, which could help access the information gathered. 

At the time, the conventional wisdom was that one should not access a bank website or social media account on a WiFi network while on a public Wi-Fi network. Today, they do not have to be as strict, however, that does not mean they should not be cautious. 

Their data should be protected by at least one layer of encryption so that at least one layer of encryption is applied to all of their data. To steal sensitive information from unsecured networks, cybercriminals use both their professional know-how and free tools to sneak in and take control of the network. 

Some of the information that they steal will include passwords, banking information, and personal information that could be used to steal someone's identity. Generally, bank websites and social media websites use Hypertext Transfer Protocol Secure (HTTPS), which is a secure version of the HTTP protocol, which is indicated in the address bar by the prefix "https://" or the lock icon. 

The data that you send to and from a website is encrypted in transit when you log into it with the HTTPS version of that website. A virtual private network (VPN) is a technology that allows WiFi users to route all their internet traffic through a trusted network such as a virtual private network (VPN). 

Although VPNs are often used to bypass geo-blocked content, they have many other great advantages including being secure. As a result, the traffic is encrypted and hidden, as well as routed through one of their servers. Whether Wi-Fi users are looking for a VPN that is reliable, secure, and convenient, the list of 2023's best VPNs is a good starting point, but Google One subscriptions also have a VPN that comes included with them. 

To make sure that the device does not automatically reconnect when people use public Wi-Fi, they must ensure they have disabled auto-reconnecting or have chosen the "forget this network" option when they are using public Wi-Fi. 

When auto-reconnect is enabled and the users' device is connected to a nearby network, their device is broadcasting to potential bad actors that they accept nearby networks as being on par with their home network and treat them as such. Threat actors may connect stealthily to their devices with the help of their SSIDs (network names) because devices recognize known networks by their SSIDs. 

How to Use Public Wi-Fi Safely  


Confirm the Network's Legitimacy

To ensure that the Wi-Fi network people are connecting to is authentic, make sure they look for official signs or consult the establishment staff to confirm its authenticity. Trustworthy networks reduce the risk of cyber threats. 

Steer Clear of Entering Sensitive Data

Do not enter confidential data, such as credit card details or passwords, while using public Wi-Fi. Keep your personal information private by refusing to enter sensitive data, such as passwords. By taking this precaution, there will be less chance of a breach of personal information. 

Employ a VPN for Added Security

Whenever people connect to a public Wi-Fi network, it is strongly advised that they should use a Virtual Private Network (VPN). VPNs encrypt their data and shield their digital activities from prying eyes.
Read more »
VPN
Cyber Attacks CyberCrime Cybersecurity FBI Security Threats VPN

VPN Intrusions From North Korea Expose Businesses to New Security Threats

 


FBI and Department of Justice officials revealed that several U.S.-based companies with employees working in information technology have hidden the fact that millions of dollars of wages are being sent secretly to North Korea for the purposes of its missile programs for years. 

In an announcement on Wednesday, the Justice Department announced that North Korean IT workers were used to provide remote and in-office assistance to companies in St. Louis and other parts of the country under false identities, the department said. 

A news conference held by FBI officials in St. Louis revealed that most of the money earned by these individuals was funnelled into the North Korean weapons program. It is still unclear when such a campaign began, however, investigators are convinced that thousands of North Korean freelancers have succeeded in securing jobs in US companies by concealing their identities for at least the last 5 years, even if they have only succeeded for a short period. 

The workers are suspected of using this money to buy weapons for Kim Jong Un, steal company secrets, and plant malware on company computers and devices. Both the South Korean and US authorities have updated their recommendations to employers following the latest evidence of North Korean agents working as freelancers for a company, in an attempt to help them avoid hiring them.     

An investigation involving the seizure of $1.5 million, as well as 17 domain names, has recently been announced by federal authorities as part of the ongoing investigation. A special agent with the FBI's office in St. Louis, Jay Greenberg, said that any company that hires freelance IT workers has a greater chance of hiring someone to take part in the scheme since they hire many freelance workers. 

Neither the officials nor the companies that have unknowingly hired North Korean workers have named the companies. According to court documents, the government of North Korea has dispatched thousands of skilled IT workers to live mainly in China and Russia as a means of deceiving businesses all over the world into believing they would be eligible for remote employment under a freelancer contract. 

It is estimated that North Korea's weapons programs receive millions of dollars in wages every year from the IT workers. The Justice Department asserts that in some cases, the North Korean workers gained access to computer networks and stole information from the companies they worked for to achieve their goals. 

As part of a hacking and extortion scheme that they kept access to, the agency asserted that they also retained access to future hacks. To make it appear as if they were working in the United States, Greenberg said the workers utilized various methods, including paying American citizens to use their Wi-Fi connections at home to make it look as if they were there. 

Since the start of 2022, there have been over 100 missile tests carried out by North Korea and the United States has expanded its military exercises with its Asian allies, in response to these test-firings in tit-for-tat response. Tensions on the Korean Peninsula have increased as a result of North Korea's testing. 

A joint statement made by state media, the North Korean government, and the North Korean military has come to the conclusion that the leader of the country Kim Jong Un believes nuclear weapons should be produced at an exponential rate, as well as that North Korea should be an important component of a coalition of nations opposed to the United States in a "new Cold War."

North Korean hackers working for the government claimed in February that they stole record-breaking virtual assets worth between $630 million and over $1 billion last year which was estimated by United Nations experts to be worth between $630 million and over $1 billion. 

An expert panel from the University of Chicago reported that hackers were using increasingly sophisticated techniques to access digital networks that were involved with cyberfinance, and they used those tools to steal information that could have been useful to North Korea's nuclear and ballistic missile programs from government officials, individuals and companies to build up the nuclear and ballistic missile programs. 

According to the FBI, employers should conduct an online background check when recruiting new employees to see if the same identity is linked to multiple profiles, and they should also record all interactions with prospective employees as necessary. 

If employers are concerned about online security, then they should always require their freelancers to turn off their private VPN when they access company networks to protect their data. In addition, business owners are also advised to adopt a strict zero-trust cybersecurity policy, in which sensitive proprietary information should not be accessed by remote employees when possible. 

Aside from the fact that North Korean hackers are mostly targeting the technology industry because of high salaries, it is also important to remember that it is just one of the areas in which North Korean hackers operate – John Hultquist, director of threat intelligence at Cybersecurity firm Mandiant, told the Associated Press on Monday. 

This FBI investigation reveals a covert channel for funnelling millions to North Korean missile programs via unsuspecting U.S. companies employing information technology staff. This alarming discovery highlights the urgency of safeguarding against such international cyber threats due to freelancers who work under false identities, raising security concerns and requiring enhanced hiring practices.
Read more »
VPN
Customer Service Issues Cyber Security Free VPN IP Address Phising Attacks security threat VPN

Risks of Free VPNs: Proceed with Caution

Virtual Private Networks (VPNs) have developed into an essential tool for protecting online security and privacy in today's digitally connected society. Despite the wide range of options, a sizable portion of consumers favour free VPN services. However, it's important to be aware of any risks connected to these ostensibly cost-effective alternatives before jumping on the bandwagon.

Free VPN services frequently have restrictions that limit how much security and privacy they can offer. They might impose a data cap, slow connection rates, or impose server access restrictions. 'You get what you pay for,' is true in the world of VPNs. 

Free VPNs' data logging rules are among their most alarming features. Numerous of these services gather and keep track of user data, including browsing patterns, IP addresses, and even private data. Data breaches or targeted advertising may result from the sale of this information to outside parties. This lack of transparency poses a serious threat to user privacy.

  • Security Vulnerabilities: An additional weakness of free VPNs is their insufficient security measures. The strong encryption methods that paying equivalents offer are frequently absent from these sites. Users become more vulnerable to online dangers as a result, leaving them open to potential hacks or attacks from online criminals.
  • Malware and Adware ConcernsFree: VPNs have a reputation for injecting viruses or bothersome adverts during customers' browsing sessions. These intrusive activities, not only damage user experience but also offer serious security threats. 
  • Unreliable Customer Support: Free VPN providers typically offer limited or no customer support, leaving users on their own if they encounter technical issues or need assistance with the service. This lack of support can be frustrating and potentially detrimental in critical situations.

With VPNs, quality is a function of price. Although they may be alluring, free VPN services carry a number of dangers that could jeopardize your online privacy and security. Prioritizing trustworthy, paid VPN services with strong security, open policies, and dependable customer support is crucial. Keeping your online identity secure is ultimately a worthwhile investment. 





Read more »
VPN
Cyber Security Encrypted Email encrypted messaging apps Encryption End-to-End Encryption internet Security private browser Protonmail Signal app Telegram Tor Browser TutaNota VPN

Top 5 Ways to Encrypt Your Internet Traffic for Enhanced Securit

 

Encryption involves converting data into a format that is unreadable without the corresponding decryption key, thereby bolstering security and preventing unauthorized access.

Securing your internet connection with encryption is indeed possible, but it necessitates a multi-pronged strategy. Here are five approaches to encrypting your internet traffic:

1. Utilize a Private Browser:

Your browser serves as the primary gateway to the internet. If it doesn't shield you from tracking, other security measures won't be as effective. The Tor Browser stands out as a truly private option. It redirects traffic through a series of relays, encrypting it at each step. While it's indispensable for privacy-conscious tasks, its speed may be a limitation for everyday use. In such cases, browsers like Brave or Firefox, while not as robust as Tor, offer enhanced privacy and tracking protection compared to mainstream options like Chrome or Microsoft Edge.

2. Employ a VPN:

The use of a Virtual Private Network (VPN) is recommended, especially when combined with browsers other than Tor. A VPN enhances privacy and complicates efforts to track online activities. However, not all VPN providers are equal. It's crucial to choose one with robust encryption, a strict no-logs policy, protection against DNS leaks, a kill-switch feature, and reliable performance. Ensure thorough testing after selection, and extend VPN use to all devices, not just computers.

3. Embrace Encrypted Messaging Apps:

While a secure browser and VPN are crucial, using an encrypted messaging app is equally important. Opt for apps with end-to-end encryption, ensuring only the sender and recipient can read messages. Signal is highly recommended due to its reputation and emphasis on user privacy. Telegram offers a good alternative, especially for those seeking social features. WhatsApp, despite being owned by Meta, also provides end-to-end encryption and is more secure than many mainstream messaging apps.

4. Switch to an Encrypted Email Provider:

Email services from major companies like Google, Microsoft, and Yahoo collect substantial amounts of user data. By using their services, you not only contribute to Big Tech profits but also expose yourself to potential risks. Consider migrating to an encrypted email provider, which typically offer superior encryption, advanced security measures, and a focus on user privacy. While some advanced features may require payment, providers like ProtonMail, TutaNota, and Mailfence enjoy excellent reputations.

5. Invest in Encrypted Cloud Storage:

File storage plays a crucial role in internet traffic encryption, especially with the widespread use of cloud storage for personal data. Opt for providers offering end-to-end encryption and robust security practices. While numerous options are available, paid encrypted cloud storage services like Icedrive, pCloud, Tresorit, and Proton Drive provide reliable and secure solutions. Free options are scarce due to the substantial costs associated with providing this level of security and infrastructure.

By implementing these measures, you can significantly enhance the encryption of your internet traffic and fortify your overall cyber infrastructure. Additionally, consider local encryption and encrypting your entire hard drive for added security.
Read more »
WiFi
Airport Security Cyber Security Hackers IT Network Public Network security measures Sensitive Information VPN WiFi

Navigating the Risks: Is Airport Wi-Fi Safe for Travelers?

Airport Wi-Fi has become a need for travelers in a time when keeping connected is crucial. It acts as a lifeline for anything from last-minute travel adjustments to professional correspondence. However, worries about its security have led some people to wonder whether utilizing public networks comes with any inherent risks.

According to a report by Explore.com, accessing airport Wi-Fi networks might not be as secure as one would hope. The convenience it offers often comes at the cost of compromised cybersecurity. Cybercriminals can exploit vulnerabilities in these networks, potentially gaining access to sensitive information.

Aura, a cybersecurity company, emphasizes that travelers should exercise caution when connecting to airport Wi-Fi. "Public networks are prime targets for cyberattacks. It's like leaving your front door unlocked in a high-crime area," warns their security expert. Hackers can employ various techniques, such as "Man-in-the-Middle" attacks, to intercept data transmitted over these networks.

MarketSplash echoes these concerns, urging travelers to take proactive measures. Using a Virtual Private Network (VPN) is one of the most effective ways to secure online activities. A VPN creates a secure tunnel between the device and the internet, encrypting data and making it significantly harder for cybercriminals to intercept.

Additionally, it's advised to avoid accessing sensitive information, like banking accounts or private emails, while on public Wi-Fi. Instead, it's safer to use cellular data or wait until connecting to a trusted network.

While these warnings might sound alarming, it's important to note that not all airport Wi-Fi networks are equally risky. Some airports invest heavily in cybersecurity measures, offering safer browsing experiences. As a rule of thumb, using well-known airports and verifying the network's legitimacy can reduce risks.

Airport Wi-Fi is a useful tool for travelers, but it's important to be aware of any security hazards. One can find a balance between staying connected and remaining secure by taking steps like using a VPN and avoiding important tasks on public networks. Better safe than sorry, as the saying goes. Travelers can avoid future hassles by making a minor investment in cybersecurity.
Read more »
Vulnerabilities and Exploits
Akira Ransomware Cisco COTS Cyberattacks CyberCrime Data Loss LSASS Malicious Attacks MFA Ransomware VPN Vulnerabilities and Exploits

Akira Ransomware Unleashes a New Wave of Attacks via Compromised Cisco VPNs

 


The Cisco Network Security Division is aware of reports suggesting that malicious individuals are infiltrating organizations through Cisco VPNs that are not configured for multi-factor authentication with the Akira ransomware threat. In some instances, threat actors are targeting organizations that do not configure multi-factor authentication for their VPN users. Some instances have been observed where threat actors are targeting organizations that are not doing so. 

It has been verified by several cybersecurity firms that Cisco VPN products are being targeted with ransomware, and there are reports that the perpetrators are members of a relatively new gang known as Akira who have perpetrated the attack. 

Typically, this ransomware campaign is targeted at corporate entities to gain sensitive information about them and make money through charging ransoms as a means of obtaining this sensitive information. All members of Akira have to do to access their accounts is to log in to the VPN service by using their Akira account details. 

As part of Cisco's investigation of similar attack tactics, the company has actively collaborated with Rapid7. Thanks to Rapid7 for providing Cisco with a valuable collaboration over the last few months. To provide secure, encrypted data transmission between users and corporate networks, Cisco VPN solutions are widely adopted across a wide range of industries, primarily by employees who work remotely and rely on these solutions to do so. 

The Akira Ransomware Attack 


As of March 2023, there have been multiple instances of the Akira ransomware. To attack VMware ESXi servers, the group developed an encryptor for Linux that, like many other ransomware gangs, targets this server type.

If the ransom demands are not met, the threat actors responsible for the Akira ransomware will employ a variety of extortion strategies and they will run a website using the Tor network (with an IP address ending in .onion) that lists victims and the information they have stolen from them. To begin negotiations, victims are instructed to contact the attackers via a TOR-based website, through a unique identifier provided in the ransom message, that can be used to contact them. 

It was first discovered by Sophos researchers in May that the ransomware gang was abusing VPN accounts to breach a network with the use of "VPN access using Single Factor authentication." A person known as 'Aura', who responded to multiple Akira attacks as part of the Akira operation, shared on Twitter further information about how he and other incident responders dealt with incidents that were carried out using Cisco VPN accounts that were not protected by multi-factor authentication. 

Akira is a malicious program that targets not only corporations but also educational institutions, real estate, healthcare, manufacturing, as well as the financial sector. As part of its encryption capabilities, the Linux versions of Akira ransomware make use of the Crypto++ library to enable the encryption process on the target device. Akira offers only a limited number of commands, but there are no options to shut down VMs before encrypting them using Akira. 

With the -n parameter of the command, there is still the possibility of the attacker modifying the encryption speed and the chance that the victim's data can be recovered. Consequently, if the encryption speed is high, there is a slim chance that the victim who is hiding the data will be able to recover it with the help of a decryption tool. 

The first indication of Akira's activities was picked up by a cybersecurity firm based in the US in March 2023, called Arctic Wolf. Their research shows that small and medium-sized businesses worldwide have been the main target of attackers and that they have paid particular attention to the US and Canada in particular. Akira, as well as Conti's operators, have also been linked between the researchers. 

There was a recent report from the SentinelOne WatchTower, shared privately with BleepingComputer, that looked at the same attack method and speculated that Akira may have exploited a newly discovered vulnerability in Cisco VPN software that may be able to bypass authentication in the absence of the multi-factor authentication mechanism. 

In leaked data posted on the Akira group's extortion page, SentinelOne found evidence that the ransomware group used Cisco VPN gateways. At least eight instances were observed that displayed Cisco VPN-related characteristics, which shows that the ransomware gang is continuing to use Cisco VPN gateways as part of their ongoing extortion scheme. 

Implementing VPNs Without MFA


As a general rule, when an attacker tries to target VPNs or any other type of network services or applications, the first stage of their attack is to exploit an exposed service or application. In many cases, attackers focus on the fact that there is no multi-factor authentication (MFA) or there is a known vulnerability in VPN software in the form of software that has multi-factor authentication. 

Once the attackers have gained access to a target network, they attempt to breach the network using LSASS dumps (Local Security Authority Subsystem Service) to obtain credentials that will enable them to move further within the network and raise privileges if necessary. 

There have also been reports that this group has been using other tools, such as Living-Off-The-Land Binaries (LOLBins) or Commercial Off-The-Shelf (COTS) tools, or creating minidump files, to gather further intelligence about or pivot within the target network, as well as using other tools commonly referred to as Living-Off-The-Land Binaries (LOLBins) or Commercial Off-The-Shelf tools (COTS). 

Moreover, SentinelOne researchers observed that Akira operators maintained access to compromised networks by using the legitimate open-source remote access tool RustDesk which works similarly to RustDesk. It has been announced that cybersecurity company Avast has released a free decryptor that can be used by victims of the Akira ransomware to restore their valuable data without having to pay a ransom.

It was decided by the threat actors to encrypt their encryptors by patching them. By doing so, they would prevent victims from using them to recover data that was encrypted by the newer version of the encryption. Business users prefer Cisco VPN products due to their reliability and ease of use. 

Data transmission between networks/users can be made more secure with this technique, which is relied upon by organizations. Those who work in a hybrid or remote environment are expected to comply with it as a matter of course. That is why there might be a desire on the part of threat actors to exploit the vulnerability. Data loss and computer extortion attempts from ransomware operators can be prevented by organizations remaining vigilant and ensuring foolproof digital security measures.
Read more »
Subscribe to: Posts (Atom)