Photo by José Martín Ramírez Carrasco on Unsplash
Hey there boyz and girlz,
Good day? boring day? It’s always boring if you don’t do anything out of ordinary, Maybe do that one thing which you were always thinking about. Talk more with that one girl/guy you like, Start that right amount of diet and remove extra fats and carbs. I have a lot too, I’m doing it one thing at a time. Somedays it’s all about winning, but somedays we fall down too hard in that kind of days, we just gotta survive. And don’t forget that in-order to win you gotta score, defense can only take you so far.
Let’s start, shall we?
- Enterprise Risk Management
Now, What is a risk? Being in a state where there is a probability of your system/device getting compromised or even destroyed. Risks are not worth the rewards, It’s not that much hard to flood a web-application with huge traffic, not having any anti-dos/ddos measures can land companies in a huge loss of profits, once the customer/client feels like “these guys don’t even know how to keep themselves safe, how can i trust them and give them my own data?” Trust is an important thing in our life be it professionally or personally, we should be careful not to break someone’s trust. Let’s not take the simple ddos as the main context here, we can replace it with any cyber attack and it’d still make sense, so that’s how it is out there. How can we manage all these risks? Brain is going awol isn’t it? Let’s dissolve it much into simpler steps.
Photo by Sean Pollock on Unsplash
The risks are each disintegrated into different categories, departments and teams. It makes sense, a normal company with a 500/1000 employees cannot focus on few things, that’s how they are spread across. Risks can have consequences and the average loss on a hit can vary, Let’s say a successful social engineering attack let an attacker gain access into the network, from here the attacker will try various ways to escalate his privilege and cause more ruckus. The risks in here, are the employees’ lack of security awareness, the company might have taught some basic foundational knowledge, but the attacker successfully manipulated the employee to reveal his identification and credentials. We can mitigate these possibilities by starting at the basic things, such as good security management, Training employees on latest cybersecurity threats and trends, using good security software, setting up proper firewalls, intrusion detection systems(IDS) and intrusion prevention systems(IPS).
2.Dynamic DNS
First of all, what is a DNS? DNS is short for domain name system, When you visit any website you’ll be faced with a domain name such as “https://www.example.com” the human readable “example.com” is the domain name, these domain names are assigned and chosen by their respective web-hosting services providers’, They host these websites on behalf of their real owners, so that the web managing gets easier for normal users. Whenever we visit a website our IP address can be seen in visitor log files and the entire analytics, This can be useful to prevent and blacklist scam/fraud IPs which are reported by their concerned authorities, DNS works by converting Domain’s human readable name into a dedicated IP address for the given time being. It’s easier for other services to work alongside with many others, like a single user can integrate different services into his website, For all of these services he cannot give his DNS, the machines can only process the IPs, why? It’s easier this way and removes confusion between other likely-way’d websites.
Photo by Igor Miske on Unsplash
Now that you know the traditional DNS, let’s see what’s a dynamic DNS. The ISP(internet service provider) can allocate different IPs for it’s clients and users, Whenever it has been changed the dynamic DNS service identifies the Changed IP and returns a handshake with the DNS, just making everything work as they are intended to do.
3.Ransom Denial of service
Ransom is the term used when a person blackmails another person and gets money out of them, ransomware is a part of this family. Now, how it’s done? The group of attackers target a company with little to less protection against DOS attacks, or even with big companies if they had found a way to compromise their pre-existing DOS security measures, The attackers will send a formal mail stating that they will start a dos flood in a few hours unless the company pays them money. It seems very childish and stupid for a dos ransom right? Let me say these are very common in third world countries where there is little to no education on cybersecurity and it’s importance, the attackers can target little businesses/ companies/NGOs etc. Let’s be honest, even in advanced first world countries cybercrimes aren’t easily investigated or got any good leads, It’s just how the attackers are. Advanced than the police, I can surely say that they are much more dedicated on this field than the counter-parts do.
Photo by cyrus gomez on Unsplash
There is no rule that even after that company pays them the money, they wouldn’t still end-up destroying those valuable assets and causing those http request floods, it can make their company’s service come to a halt. Enough to be down unless there are helping hands, these days they are the most hardest ones to find.
4. Zero-click attacks
These attacks are very interesting to know, because they doesn’t require you to do anything. Your mobile/PC devices can be compromised without you clicking some link or doing some particular tasks. How? Zero-click attacks are the by-products of badly constructed applications in both mobile and PC, When an attacker finds a critical vulnerability in those supplication’s design, he/she might inform to that said application’s team or can sneak inside to create a chain-like attacks. The application that a user is using has the granted permissions right? Suppose i gave the permission to see and modify my files for an app in my phone, if that application has been compromised it might be used to do some bad stuff while pretending to be the legit application developers. He can say that they(company) are conducting a survey to know their users well(to get some personal details), maybe special offers saying that these transactions are secure and robust(obviously not) and many more.
Photo by the blowup on Unsplash
It’s hard to differ if they really mimic the real application’s behavior and do a good job, we might never notice or know the application’s real intent. It’s good to perform auditing checks once in a while and updating those applications to the latest versions as the older ones are more easier to fall as prey. I must say that these are classified as 0-day vulnerabilities which are very hard to find, state sponsored hacktivists spend months reverse engineering the application and searching for backdoor access. While it can be a hard job, once you hit the jackpot, it’s yours to keep right? Patience is the key.
5. Enterprise Security Architecture
As we had discussed quite the necessary things related to enterprise security above, I’ll cover some basic and good-to-know things about the architecture. The architecture consists of threat intel, Latest malware and trojan details, assessing the ongoing pre-exisitng data and network security. Companies have a bad habbit of leaving/firing people easily, let’s say an employee worked as a security team lead and knows each and everything about the company X, he can reveal that information to people that would pay him hefty money, Suspicion can be on the employees’ who were fired, but without concrete proof there is nothing that makes anything bad, Remember how in courtrooms they blind fold the statue of justice? Same here.
Photo by Anders Jildén on Unsplash
The common tasks include making the audit efficient and less time consuming, performing security checks at API endpoints, login/signup fields and finally making the security team sleep a few more hours peacefully!
These are the little things we had seen, I’ll see you tomorrow!