Photo by Collin on Unsplash
Hey there Boyz and Girlz,
How was your day? Good? Bad?
Tiring and repetitive i presume. You’ve come to the right place to get some energy and a knowledge boost! Let’s dig straight ahead and explore some topics. Today i have quite a lot of interesting ones to discuss.
- Nation-Level Cyberattacks
From the heading alone, you may have got some gist on the topic. “Nation-Level Cyberattacks” is the term used to refer cyberattacks that aren’t focused on a certain organization/company but an entire country. The attacks focus on a particular country’s infrastructure, defense department, Financial plannings for the future, Confidential military data on Commanders, High positional authorities, Government Servants/Officials etc. These attacks often come without any open affiliation with the counter country that is doing this covert operation. Like obviously, if you stole a few hundreds from your dad’s pocket would you tell him that you’ve done it? No you wouldn’t! Let’s take Russia and Ukraine as an example, In the previous year they had a real war conflict with each other, Both countries waged a cyber-warfare on their counterparts, Russia disrupted the telecomms and internet services in Ukraine. They did it to gain the upper hand on the ongoing war-crisis. That’s how they do this.
Photo by Dawid Małecki on Unsplash
Not only in the means of a war-like situations but they happen in secrecy. Often equipped with a political agenda or the aim to gain sensitive information through vulnerable security points. Governments don’t spend much money on keeping their data secure except for the (front line departments). It has become a common issue, countries peeking on each other throwing privacy into the bin. I guess we are in no position to change certain things, we can only discuss and hope that one day it will be changed.
2. Cloud Incident Response
First things first, What’s a Cloud? It’s a place where we can store our digital data and access it from anywhere(By using our credentials on the cloud service provider’s application) Unlike a traditional disk storage the data is very easy to access. In the disk, we need to constantly check for data corruptions and data anomalies which would lead to our precious data being bricked. But the disk is a hardware and can only be touched by your fingers, various this “cloud” is floating in the sky available for attackers to try various attacks to see what’s in our tiny cloud, I’m not saying that security is little in cloud, But i go with the term “Better safe than sorry”, If there’s a possibility of your account being pwned then it’d happen someday. I suggest you to not use cloud except for your data backup and that too with a MFA!
Photo by Rodion Kutsaiev on Unsplash
That’s the small intro to cloud, Let’s see what’s cloud incident response is, As the name suggests it’s literal aim is to keep auditing the cloud’s server side and application side for vulnerabilities, security compromises, weak points, Endpoint Evasions etc. The terms include Detection, prevention and resolution. Simple yet hard to maintain because of the environment it is being implemented on to. The team checks and automates these tasks to mitigate any plausible attacks on their cloud services. The attacks might be not be sophisticated but the amount of attacks, It’s very easy to create a simple script that DDOS’s the cloud’s server and specific parts. It’s very irritating and anti-customer approach for the companies to implement cloudflare protection on every corner right? “But the cloudflare protection is only implemented into the forefront of the cloud service!!”, Yes, you’re correct. I was referring to the other parts of the cloud application such as neighboring sub-domains which are connected to the cloud network and the hardware networks connected to company’s infra/employees’ etc. They are still a prey for attacks, Attackers think out of the box that’s how the vulnerabilities gets into the air.
I mean i don’t like to wait a 10 seconds every time for the cloudflare to load whenever i click a section on the web-application, I’m the one paying them money, so why would i? that’s how a customers think, and companies knows it. Time is money, The more you have it the wealthier you are.
3. SEO Poisoning
SEO Poisoning is a Search Engine manipulation attack where the attackers meticulously create a completely identical clone for a popular website to attract people into their honeypot and steal their credentials. Just like a phishing attack but a bit complex, because you wouldn’t be cautious when you’re the one looking for that specific website, like what could possibly go wrong we trust google, hell yeah! That’s where we fall into the gutter. Let me explain about domain registering and how hard it is to spot the real and fake ones. The domains are distributed and bought by people from the web-hosting services such as go-daddy etc, an e.g site is “dandelion.co.uk” and “dаndelion.co.uk”, You’ve just seen a cozy hoodie in Facebook ads now you are going to look it up on google. The fake one pops up as the first result because the attackers are using adsense and google-ads(google literally doesn’t care about a company’s background whether they are fake or not as long as they are paying), You get into a fastest-fingers first competition with other 10 victims who fell into the same trick and enter your Credit Card details/Personal details.
Photo by charlesdeluvio on Unsplash
Now you might be wondering : “Is he stupid? those two websites are literally the same!”, No, those two are different. The first website contains Latin Alphabet (ASCII): “a” and the second website contains Cyrillic Alphabet (Unicode): “а”. These two “a” are different on the context of domain-registering, If the Latin one is bought by a huge revenue’d company the attackers can do so too with same name with Cyrillic. That’s why you must always cross check the domain you are facing front, It’s impossible for the human eye to catch the different one between Latin alphabet and the Cyrillic alphabet. So, Be safe and cyber-cautious always.
4. SSL Stripping
SSL stripping is a security attack where the attacker uses various man-in-the-middle attacks combined on a victim contacting other party to eavesdrop on their conversations and digital transactions (often in cryptocurrency). The victim may not be aware of the network header changed from HTTPS to HTTP, it happens when the attacker manually takes control of the network the victims connected into, or by the means of compromising devices or key logging.
Photo by Alina Grubnyak on Unsplash
It is important for the victims to not know that they and their devices are compromised, if they are aware of their situation that they are hacked, they’d be immediately be alarmed and brick their own devices. That’s why even after compromising them, the attackers sit patiently to do all the parts.
5.Banking Trojans and Multi-Stage Attacks
Banks are the go-to for the cyber criminals or any hacktivist groups to target, you possibly know why, Because they are easy to blackmail and get money from! Banks don’t bother on their critical online infrastructure they only bother about how their competitors are doing, you can go to any bank and see what kind of web-servers and server applications they are using. To your surprise, you will find them using a decade old web-design and a java script with a bunch of security vulnerabilities already disclosed. Coming to Trojans, they are just like any other malware. They serve as a bridge for the payload to get infected into the bank’s networks. The payload most probably would be ransomware, worms and Troll viruses. Once they get hit by a ransomware attack, services come to a halt because of the files being encrypted. The encrypted files cannot be decrypted, only the malware developers know the right keys. They often embed a bomb that will brick the files and system once a set of wrong-keys had been entered. These guys definitely don’t play around. In such cases, banks deliberately pay that hefty amount to the attackers in the hope of them giving their keys, but sadly the keys never come and the systems stay as they are. I can say a few scenarios on how the Trojans can be installed on the bank’s systems without notice, but let’s keep that for another day.
Photo by Michael Geiger on Unsplash
Coming to Multi-stage attacks, these attacks not only have one single goal but many in a hierarchical way. In simple terms, the goal is to climb a mountain without dying. That’s how mountaineering works right? Yes, the same ways in here. After a successful compromise of a system, the attacker’s end goal is to own the whole network of devices and company’s infra, So the attacker goes on a spree of pwning each obstacle! These kind of attacks are easy to detect and prevent because of the complex process one needs to go without getting caught. The developers may make a few GitHub copy & paste here and there we all do, it’s common. But the firewalls, intrusion detection systems and Automated tools won’t stop for rest. To successfully pwn the entire infra by a single intrusion, one may need a group of skilled attackers taking care of each category.
Looks like I went quite deep today, don’t you think so? but it’s all good. I’ll see you tomorrow then!