No Retreat, Go Succeed!

February 7, 2024

image Photo by Nejc Soklič on Unsplash > There’s no retreat, go believe, you got it in you. You can do anything that you think, that you need. Don’t be scared, go succeed, the only people who compete are the ones who don’t retreat.

Hey folks, How was the day? same thing over and over i guess. But It’s part of the grind, gotta survive through the week. This is the part-13 of our series, Let’s see what we have in the store for today!

  • Password Management The good old password management, passwords are important and they are a crucial part of our digital life. We use almost an uncountable amount of applications/services, in where we need to signup for an account and blah blah to start using their services. We are lazy to think of a unique complex password each time we signup for a new service, that’s why most people use the same password for almost all of their accounts. It’s not a good practice, when one of the applications/services that you use suffers a database breach, all the available data inside the database will be dumped and would be in the hands of the attacker. Then they (as a group) can perform various bruteforce attacks on a majorly used applications/services. If you search for top 100 websites with any context such as OTT streaming sites, eCommerce webs and personal usage webs, many would pop up quickly. Now, the attackers can create a simple script that checks for the user accounts which were already used in the website they are trying to get(with breached credentials). It may time take sometime for them to get hits, but it’s highly used formula for account takeover of poorly secured applications/services that has no MFA/2FA. Some webs force us to enable Multi factor authentication(MFA) while some don’t even bother. It’s important to keep the MFA always turned on, be it whatever kind of service you’re using. Let’s take the eCommerce giant, flipkart as an example. Let’s say you got a lot of added credit cards, personal information and mostly your supercoins in it, after a successful hit the attackers can access all of the information furnished by you. Why flipkart? they don’t even send a push message to alert the user when he/she login to a new device. The same goes to myntra/ajio and many other eCom giants. The least possible protection you can spend on is a normal message or a security alert via mail. But oh no, they are ready to do whatever to spam your mail with offers you hate. That’s about the importance. image Photo by Jordan Andrews on Unsplash Let’s see on management, It’s recommended to use password managers. There are a bunch of them, choose one which suits your needs financially and allows flexible access. Don’t assume that the passwords are much safer in your head, You, me and everyone else are human beings, as the great homosapien species we are bound to forget things. I suggest a no for browser based password manager, there are literally n number ways to hijack your web browser and saving passwords on them is like saying “i don’t care if i lose them.” You can make a pattern of uniquely connected passwords with each of them being complex and different but in such a way that the link can only be seen by you. 2. Threat Actors and Groups What are threats? Threats are a group of risk factors that does damage to a certain networks/applications. In simple essence, It means the probability of a network being attacked, the more the threat ratio the higher the chance of the network being completely demolished. Let’s say you are walking in the suburbs in a fine evening, you notice a guy following you with a .45 on his hip, at this moment that guy is a threat to your life. because he can shoot you at a point blank range. He “may not”, but he “can”. That’s about threats. The threat actors a bunch of people who exploit these vulnerable parts and their only goal is to benefit(financially) from said activities, they often attack global organizations, popular websites(by the means of getting attention or sending a message), the exploits can ranged in a wide genre. They just wanna cause a ruckus, so why bother sticking with only one thing? They try every possible attack, there’s an old saying “It doesn’t matter what kind of rock you use, to bash your head.” image Photo by Thomas Tucker on Unsplash Coming to the threat groups, these are just a meticulously sorted grouped individuals(threat actors). They focus on breaking down the workload between the members and allocating certain tasks for each member. Like a group consisting of 5 members, would be having a group leader and the other 4 follow his orders. It’s beneficial for them because it makes the work done easier and in a faster way. Common goals include, money laundering, extortion, bank frauds, global communication disruption etc. Some popular threat groups are Lazarus, Lapsu$$, sandworm team, fox kitten etc. 3. Credential Access Protection Just like as we had discussed in password security above, the number of people or services which have access to your credentials should be you and you alone. No others, the access should be restricted to you only. That way we can avoid any potential account takeovers and identity thefts. Don’t share your passwords to your friends/girlfriends/boyfriends/family. I’m not saying this because of “trust issues”, I’m saying this because they may unknowingly compromise your account by using unwanted/unrequited services in their own system(malware), passwords are not like birthday candies, you mustn’t pass them to people. image Photo by Markus Spiske on Unsplash The same should be followed for password manager access, If you have little to no authentication for its usage, anyone can use it and see your passwords, for them It’s like finding a hidden treasure. Not even those highly secured managers would be of any use, If you disclose them by this means. It’s simple, be mindful not to disclose your passwords, be cautious of using same password twice, authenticate your pwd managers and control who can manage it. If you believe that, your family comes before anything, you have to start by educating them first about the risk factors and everything. 4. Data Loss Protection Data can be lost, corrupted, stolen and even burned. To better protect it, we have to follow a set of methods. I believe that “prevention is better than cure”, which is the best one? Losing the data initially and trying to recover it? or Implementing and following correct security practices? even after following everything, It’s still not guaranteed(data safety), while the probability will always be lower but that doesn’t mean that it simply isn’t there. image Photo by Ray Hennessy on Unsplash We can regularly backup our data and upload in any cloud storage facilities, It’s not that hard, find a good secure Wi-Fi spot and sit backing up the data. while google can be a bit stingy sometimes, they still provide a good amount of space to permanently store and access our data. Regularly audit your system/device for any unwanted or potential malware which would cause memory corruption and always keep in mind that “you may wake up one day to find your mobile/PC corrupted and memory damaged.” Feels bad? get your mind used it. It may help someday. 5. Execution Prevention We should be vary of giving code execution permissions to unknown applications/services, they may get exploited/compromised themselves or can serve as a supply chain attacks, It’s not they will but they can. Let’s say you have an application with execution permissions, It may serve as a bridge for another attacks, or some external scripts/malware can try to take a hold of it. image Photo by Sigmund on Unsplash Why is it important? because malicious scripts can steal and eavesdrop on the data. It’s really simple, if you can refrain from using a lot of unnecessary applications. The less you expose yourself to, the lesser the chances of a compromise. That’s that, I hope some information got into your head atleast, I’ll see you tomorrow.