Light in darkness

February 20, 2024

image Light in darkness Hey people, This is the part-26 of our series, Hoping that the day was good. Today we’ll have a look at a few topics as always, let’s see them! 1. Malware analysis with wireshark We know that malware is just a set of code which makes the affected device do certain tasks without Authorization or permission. These tasks include stealing data, setting up an active keylogger on the device, encrypting the data available etc. Coming to wireshark, It is a tool to monitor the network traffic that is going on, on a connected network. You may wonder why I included these two together, when a malware has been activated in a device, the first thing it’ll do is, interacting with the given websites to mark it’s status, or uploading the data it had fetched. By this way, the attackers get the data from you. We can identify the device’s IP and the network protocol with their activity details. For better understanding, go through this. 2. Self sustaining Malware Ecosystem This is a type of Malware which is automated from the starting to the very end that’s why the name “self sustaining” , Let’s see a quick chain-like flow:

  • The accounts get compromised from different domains such as YouTube, Facebook, GitHub. The malware is posted by attackers from them, It is spreaded via social media or content Sharing platform with delightful titles “Free software to download - 100% legal” to attract victims.
  • The victim clicks on the URL and downloads the .exe/.deb/.apk expecting to avail free service(this is designed by the attackers to make victim download the payload according to their system specifications).
  • The victim opens the payload, no change occurs and there would be no visible operations, but the data is secretly being distributed to a safe network without the user’s notice.
  • The victim continues being ignorant and lets the attacker harvest the user’s information and sell them for a good price to willing buyers.
  • All these steps are automated using the help of various scripts, additionally there is a high chance that these groups add “exceptional handling” techniques to avoid possible errors and service disruption among other victims. That’s the small look, this one is a very broad topic. We can talk about this in a long manner which I do want to do, but don’t have the sufficient time to do so. 3. GRC GRC is short for Governance, Risk and Compliance. This is a famously used and referred field in a company, most of the companies cannot allocate a huge budget and pay for different Security roles’ employees, instead of that they hire a GRC professional via third party services or onboard them to their company. GRC is good for mid to low level companies, security roles demand a huge monthly pay because of the sheer skill and knowledge-set the said individual possess. The terms I’ve mentioned in the starting have their own different meanings, to be precise they are broad in nature. GRC combines them altogether and makes the work possible. It can be a great place to start your career too! 4. Compliance Security Compliance Security is the practice of making sure the company is following each and every rules/regulations according to the government’s cyberlaws, Ensuring that the employees’ information is secure and away from potential pwnage, and most importantly making a free-flow of security related concerns to the higher teams from time-to-time. Compliance is a must-have field in every company, because of it’s advantages and hiring the right people can make a big impact(Shout out to my friend Smrita for working as a compliance intern and sharin’ some industry knowledge to me). 5. Self Signed Digital Certificates Digital certificates are used to verify the authenticity of the webpage we are visiting, we all are aware of the “Hyper Text Transfer Protocol Secure” (HTTPS makes the content encrypted before sending it to the server), this and that work together to provide the secure interaction between users and the host. Digital certificates are issued by legit hosting companies after verifying the domain and their purposes (making sure their data handling is secure enough and after no data tampering is found). There are ways where the attackers are leveraging this service and creating a fake certificate on their own and putting it aside their domain, even if they do, the HTTPS protocol marks it as a “Potentially Unsafe”. These things are done to spread different kinds of malware and money laundering (phishing). These are the things I had learnt from attending a good Security meet-up in offline (My first ever meet-up!), I had explained them very briefly, I wish, I could talk more about them. Maybe soon If time permits. I’ll see you tomorrow then.