Tuesday, 26 April 2022

Ethical hacking

What is ethical hacking?

Ethical hacking involves a collection of processes where organizations authorize individuals to exploit a system’s vulnerabilities for a deeper understanding of their existing security posture. When performing an ethical hack, a security professional or researcher replicates the actions and strategies of a malicious hacker. This helps development and security teams to detect and identify security risks before hackers can exploit them.

Ethical hacking, also known as White Hat Hacking, is a fundamental step for assessing the effectiveness of an organization’s security strategy. To separate themselves from malicious hackers, white hat hackers rely on four principle values:

1)  Keeping the exploits legal by obtaining client approval before conducting the vulnerability assessment.

2)  Predefining the scope of the attack so that the security assessments stay within the approved legal boundaries.

3)  Reporting all discovered vulnerabilities and providing remediation recommendations to the

organization administering the system.

4) Agreeing to the set terms and conditions regarding respect for data privacy and confidentiality.

The aim of ethical hacking is to mimic the actions of hackers and identify both existing and potential vulnerabilities that may arise in the future. To accomplish this, an ethical hacker undertakes multiple stages of assessment to gain as much in-depth knowledge of the system as possible.

What are the Phases of Ethical Hacking?

Finding and fully exploiting system vulnerabilities takes a great deal of time and patience. A typical penetration testing requires the ethical hacker to bypass authorization & authentication
mechanisms, then probe the network for potential data breaches and network security threats. As a real-world black hat hacker consistently devises new ways to exploit vulnerabilities an effective ethical hack should be carefully thought out considering the changing threat landscape.

To find such vulnerabilities, ethical hackers undertake several steps of the ethical hacking methodology. 
These steps of hacking include: 
Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Clearing Track. While not every hacker follows these steps in sequential order, they offer a systematic approach that yields better results. Let us take a closer look at what these hack phases really offer.


1) Reconnaissance

When it comes to penetration testing, the first natural question to ask is – What is the first phase of hacking
Before performing any actual penetration tests, hackers footprint the system and gather as much information as they can. Reconnaissance is a preparatory phase where the hacker documents the organization’s request, finds valuable configuration and login information of the system, and probes the networks. This information is crucial to performing the attacks and includes:

  • Naming conventions
  • Services on the network
  • Servers handling workloads in the network
  • IP Addresses
  • Names and Login credentials of users connected to the network
  • The physical location of the target machine
2) Scanning

In this stage, the ethical hacker begins testing the networks and machines to identify potential attack surfaces. This involves gathering information on all machines, users, and services within the network using automated scanning tools. Penetration testing typically undertakes three types of scans:

Network Mapping

This involves discovering the network topology, including host information, servers, routers, and firewalls within the host network. Once mapped, white hat hackers can visualize and strategize the next steps of the ethical hacking process.

Port Scanning

Ethical hackers use automated tools to identify any open ports on the network. This makes it an efficient mechanism to enumerate the services and live systems in a network, and how to establish a connection with these components.

Vulnerability Scanning

The use of automated tools to detect weaknesses that can be exploited to orchestrate attacks.
While there are a number of tools available, here are a few popular ethical hacking tools commonly used during the scanning phase:

  • SNMP Sweepers
  • Ping sweeps
  • Network mappers
  • Vulnerability scanners
3) Gaining Access

Once ethical hackers expose vulnerabilities through the first and second hacking phases of the process, they now attempt to exploit them for administrative access.
The third phase involves attempting to send a malicious payload to the application through the network, an adjacent subnetwork, or physically using a connected computer. Hackers typically use a number of hacking tools and techniques to simulate attempted unauthorized access, including:

  • Buffer overflows
  • Phishing
  • Injection Attacks
  • XML External Entity Processing
  • Using components with known vulnerabilities

If the attacks are successful, the hacker has control of the whole or part of the system and may stimulate further attacks such as data breaches and Distributed Denial of Service (DDoS).

4) Maintaining Access

The fourth phase of the ethical hacking process involves processes used to ensure the hacker can access the application for future use. A white-hat hacker continuously exploits the system for further vulnerabilities and escalates privileges to understand how much control attackers can gain once they get past security clearance. Some attackers may also try to hide their identity by removing any evidence of an attack and installing a backdoor for future access.

5) Clearing Tracks

To avoid any evidence that leads back to their malicious activity, hackers perform tasks that erase all traces of their actions. These include:

  • Uninstalling scripts/applications used to carry out attacks
  • Modifying registry values
  • Clearing logs
  • Deleting folders created during the attack

For those hackers looking to maintain undetected access, they tend to hide their identity using techniques such as:

  • Tunneling
  • Stenography





Birthday Attack

A birthday attack is a type of cryptographic attack that belongs to a class of brute force attacks. It exploits the mathematics behind the birthday problem in probability theory. The success of this attack largely depends upon the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations, as described in the birthday paradox problem.

Birthday paradox problem  

Let us consider the example of a classroom of 30 students and a teacher. The teacher wishes to find pairs of students that have the same birthday. Hence the teacher asks for everyone’s birthday to find such pairs. Intuitively this value may seem small. For example, if the teacher fixes a particular date say October 10, then the probability that at least one student is born on that day is 1 – (364/365)30 which is about 7.9%. However, the probability that at least one student has the same birthday as any other student is around 70% using the following formula


1 - 365!/((365 - n!) * (365n))  (substituting n = 30 here) 

Derivation of the above term: 

Assumptions – 
1. Assuming a non leap year(hence 365 days). 
2. Assuming that a person has an equally likely chance of being born on any day of the year. 
Let us consider n = 2. 
P(Two people have the same birthday) = 1 – P(Two people having different birthday) 
                                                              = 1 – (365/365)*(364/365) 
                                                              = 1 – 1*(364/365) 
                                                              = 1 – 364/365 
                                                              = 1/365. 
So for n people, the probability that all of them have different birthdays is: 
P(N people having different birthdays) = (365/365)*(365-1/365)*(365-2/365)*….(365-n+1)/365. 
                                                              = 365!/((365-n)! * 365n)



Hash function – 


A hash function H is a transformation that takes a variable sized input m and returns a fixed size string called a hash value(h = H(m)). Hash functions chosen in cryptography must satisfy the following requirements: 
 

  • The input is of variable length,
  • The output has a fixed length,
  • H(x) is relatively easy to compute for any given x,
  • H(x) is one-way,
  • H(x) is collision-free. 

A hash function H is said to be one-way if it is hard to invert, where “hard to invert” means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h

If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y) then H is said to be a weakly collision-free hash function. 

A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y)

Let H: M => {0, 1}n be a hash function (|M| >> 2n ) 

Following is a generic algorithm to find a collision in time O(2n/2) hashes. 

Algorithm: 
 

  1. Choose 2n/2 random messages in M: m1, m2, …., mn/2
  2. For i = 1, 2, …, 2n/2 compute ti = H(mi) => {0, 1}n
  3. Look for a collision (ti = tj). If not found, go back to step 1 
     

We consider the following experiment. From a set of H values, we choose n values uniformly at random thereby allowing repetitions. Let p(n; H) be the probability that during this experiment at least one value is chosen more than once. This probability can be approximated as: 

 

p(n; H) = 1 - ( (365-1)/365) * (365-2)/365) * ...(365-n+1/365))
p(n; H) = e-n(n-1)/(2H) = e-n2/(2H) 


Digital signature susceptibility – 


Digital signatures can be susceptible to birthday attacks. A message m is typically signed by first computing H(m), where H is a cryptographic hash function, and then using some secret key to sign H(m). Suppose Alice wants to trick Bob into signing a fraudulent contract. Alice prepares a fair contract m and fraudulent one m’. She then finds a number of positions where m can be changed without changing the meaning, such as inserting commas, empty lines, one versus two spaces after a sentence, replacing synonyms, etc. By combining these changes she can create a huge number of variations on m which are all fair contracts. 

Similarly, Alice can also make some of these changes on m’ to take it, even more, closer towards m, that is H(m) = H(m’). Hence, Alice can now present the fair version m to Bob for signing. After Bob has signed, Alice takes the signature and attaches to it the fraudulent contract. This signature proves that Bob has signed the fraudulent contract. 

To avoid such an attack the output of the hash function should be a very long sequence of bits such that the birthday attack now becomes computationally infeasible.


Monday, 25 April 2022

Internet of Things (IoT) Attacks

Internet of Things (IoT)?

Internet of Things is a catchall phrase for all the various internet-connected devices that are not traditional computers. This includes everything from fitness trackers and smartwatches to smart refrigerators, headphones, cameras, washing machines, cars, traffic lights, airplane engines, and home security systems.

As the access to broadband Internet service grows and processors become more affordable, more and more gadgets with Wi-Fi capabilities are being created. Today there are billions of IoT devices in existence.

This network of devices produces great benefits and convenience for users, but IoT devices can also be targeted by attackers as well as used to carry out cyber attacks. As with internet-connected computers, these devices are perfectly safe to use, but precautions should be taken to ensure they aren’t compromised.

History of the Internet of Things?

A British technology researcher named Kevin Ashton coined the term ‘Internet of Things in 1999, but developers have been playing with the idea of internet-connected devices since the early 1980s. In fact, the first IoT device was a modified soda machine made in 1982 that transmitted data about its inventory and the temperature of the drinks inside. This was a one-off prototype, and the widespread proliferation of IoT devices didn’t start for another 25 years.

Two technologies helped pave the way for the mass manufacture of IoT devices: RFID tags and IPv6 IP addresses. RFID tags are small, lightweight electronic sensors that can transmit information without a power source, and they can be produced at a very low cost. These tags can be as small as a grain of rice, and their use has been widely adopted in the industrial sector. RFID tags used in conjunction with IoT devices have been used to track inventory in a warehouse, parts on an assembly line, and even patients in a hospital. This practice has saved countless hours of labor. The industrial sector was also the first to use IoT-based security systems, incorporating devices like smart cameras and smart locks.

The introduction of IPv6 addresses meant that the dwindling number of IP addresses for internet devices was a problem of the past, and helped open the floodgates for the mass production of consumer IoT devices. The ‘smart home’ concept has also been a major driving factor in bringing IoT devices to the hands of consumers, creating a heavy demand for things like smart home security systems, cameras, televisions, speakers (e.g. Google Home), lighting, and thermostats.

IoT devices are used in cyber attacks?

The firmware in most IoT devices does not have the same level of protection as do the modern operating systems running on most computers and smartphones. In many cases, these devices run on firmware that cannot be patched. As a result, IoT devices are often seen as easy targets by attackers.

A prime example of this is the Mirai botnet Mirai is a malware suite that can take control of IoT devices for the purpose of creating a botnet to conduct DDoS attacks. Mirai works by scanning large portions of the Internet for IoT devices and then attempting to log into those devices using a series of username/password combinations that are the preconfigured defaults for several devices. Since many people never bother to change the login credentials on their devices, Mirai is able to build a large network of compromised devices, which it then infects with the software used to overload a target server with malicious traffic.

IoT security

Internet of Things (IoT) devices are computerized Internet-connected objects, such as networked security cameras, smart refrigerators, and WiFi-capable automobiles. IoT security is the process of securing these devices and ensuring they do not introduce threats into a network.

Anything connected to the Internet is likely to face an attack at some point. Attackers can try to remotely compromise IoT devices using a variety of methods, from credential theft to vulnerability exploits. Once they control an IoT device, they can use it to steal data, conduct distributed denial-of-service (DDoS) attacks, or attempt to compromise the rest of the connected network.

IoT security can be particularly challenging because many IoT devices are not built with strong security in place — typically, the manufacturer's focus is on features and usability, rather than security, so that the devices can get to market quickly.

IoT devices are increasingly part of everyday life, and both consumers and businesses may face IoT security challenges.

What attacks are IoT devices most susceptible to?

Firmware vulnerability exploits

All computerized devices have firmware, which is the software that operates the hardware. In computers and smartphones, operating systems run on top of the firmware; for the majority of IoT devices, the firmware is essentially the operating system.

Most IoT firmware does not have as many security protections in place as the sophisticated operating systems running on computers. And often this firmware is rife with known vulnerabilities that in some cases cannot be patched. This leaves IoT devices open to attacks that target these vulnerabilities.

Credential-based attacks

Many IoT devices come with default administrator usernames and passwords. These usernames and passwords are often not very secure — for instance, "password" as the password — and worse, sometimes all IoT devices of a given model share these same credentials. In some cases, these credentials cannot be reset.

Attackers are well aware of these default usernames and passwords, and many successful IoT device attacks occur simply because an attacker guesses the right credentials.

On-path attacks

 On-path Attackers position themselves between two parties that trust each other — for example, an IoT security camera and the camera's cloud server — and intercept communications between the two. IoT devices are particularly vulnerable to such attacks because many of them do not encrypt their communications by default (encryption scrambles data so that it cannot be interpreted by unauthorized parties).

Physical hardware-based attacks

Many IoT devices, like IoT security cameras, stoplights, and fire alarms, are placed in more or less permanent positions in public areas. If an attacker has physical access to an IoT device's hardware, they can steal its data or take over the device. This approach would affect only one device at a time, but a physical attack could have a larger effect if the attacker gains information that enables them to compromise additional devices on the network.

How are IoT devices used in DDoS attacks?

Malicious parties often use unsecured IoT devices to generate network traffic in a DDoS attack. DDoS attacks are more powerful when the attacking parties can send traffic to their target from a wide range of devices. Such attacks are harder to block because there are so many IP addresses involved (each device has its own IP address). One of the biggest DDoS Botnets on record, the Mirai botnet, is largely made up of IoT devices.

What are some of the main aspects of IoT device security?

Software and firmware updates

IoT devices need to be updated whenever the manufacturer issues a vulnerability patch or software update. These updates eliminate vulnerabilities that attackers could exploit. Not having the latest software can make a device more vulnerable to attack, even if it is outdated by only a few days. In many cases, IoT firmware updates are controlled by the manufacturer, not the device owner, and it is the manufacturer's responsibility to ensure vulnerabilities are patched.

Credential security

IoT device admin credentials should be updated if possible. It is best to avoid reusing credentials across multiple devices and applications — each device should have a unique password. This helps prevent credential-based attacks.

Device authentication

IoT devices connect to each other, to servers, and to various other networked devices. Every connected device needs to be authenticated to ensure they do not accept inputs or requests from unauthorized parties.

For example, an attacker could pretend to be an IoT device and request confidential data from a server, but if the server first requires them to present an authentic TLS Certificate (more on this concept below), then this attack will not be successful.

For the most part, this type of authentication needs to be configured by the device manufacturer.


Encryption

IoT device data exchanges are vulnerable to external parties and on-path attackers as they pass over the network — unless encryption is used to protect the data. Think of encryption as being like an envelope that protects a letter's contents as it travels through the postal service.

Encryption must be combined with authentication to fully prevent on-path attacks. Otherwise, the attacker could set up separate encrypted connections between one IoT device and another, and neither would be aware that their communications are being intercepted.

Turning off unneeded features

Most IoT devices come with multiple features, some of which may go unused by the owner. But even when features are not used, they may keep additional ports open on the device in case of use. The more ports an Internet-connected device leaves open, the greater the attack surface — often attackers simply ping different ports on a device, looking for an opening. Turning off unnecessary device features will close these extra ports.


DNS filtering

 DNS Filtering is the process of using the Domain Name System to block malicious websites. Adding DNS filtering as a security measure to a network with IoT devices prevents those devices from reaching out to places on the Internet they should not (i.e. an attacker's domain).

What is mutual TLS ( MTLS)?

 Mutual Transport Layer Security (MTLS) is a type of Mutual Authentication, which is when both sides of a network connection authenticate each other.TLS is a protocol for verifying the server in a Client-Server connection; MTLS verifies both connected devices, instead of just one.

mTLS is important for IoT security because it ensures only legitimate devices and servers can send commands or request data. It also encrypts all communications over the network so that attackers cannot intercept them.

mTLS requires issuing TLS certificates to all authenticated devices and servers. A TLS certificate contains the device's Public Key and information about who issued the certificate. Showing a TLS certificate to initiate a network connection can be compared to a person showing their ID card to prove their identity.


Rootkits Attacks

What Is a Rootkit?

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.

What Can a Rootkit Do?

A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage.

Rootkit Detection

It is difficult to detect rootkits. There are no commercial products available that can find and remove all known and unknown rootkits. There are various ways to look for a rootkit on an infected machine. Detection methods include behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning, and memory dump analysis. Often, the only option to remove a rootkit is to completely rebuild the compromised system.


Rootkit Protection

Many rootkits penetrate computer systems by piggybacking with software you trust or with a virus. You can safeguard your system from rootkits by ensuring it is kept patched against known vulnerabilities. This includes patches of your OS, applications, and up-to-date virus definitions. Don't accept files or open email file attachments from unknown sources. Be careful when installing software and carefully read the end-user license agreements.

Well-Known Rootkit Examples

  • * Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s.
  • * NTRootkit – one of the first malicious rootkits targeted at Windows OS.
  • * HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls.
  • * Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads.
  • * Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX.
  • * Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man-in-the-browser keystroke logging and form grabbing.
  • * Stuxnet - the first known rootkit for industrial control systems
  • * Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity, and network traffic.









Sunday, 24 April 2022

Man-in-the-Middle (MitM) Attacks

Man-in-the-Middle Attack

You may have heard the term ‘Man-in-the-middle (MiTM) Attack.’ You may even have a blurred idea of it. But you’re still wondering ‘What exactly is a Man-in-the-middle attack?’ Right? Let us hash it out for you. As implied in the name itself, this kind of attack occurs when an unauthorized entity places him/herself in between two communicating systems and tries to intercept the ongoing transfer of information. To put it simply, a MiTM attack is a modern-day version of bugging.

We’ll get more into the man-in-the-middle (MiTM) attacks in a minute but first, look around you. Look at your smartphone, look at the apps in it, look at your PC, look at those smart-connected devices gossiping with each other, and look at the website you’re on right now. Had a good look at them? Good. Now take a step back and think about everything you just looked at. What’s driving all these things? The answer would be data/information. The thing about data is that it travels. Whether it’s from one PC to another, one server to another, one country to another – data knows no bounds.

Unfortunately, all this traveling brings in the inevitable questions of security and privacy. When data leaves from one end-point to another, the period of transmission is where the control over it is somewhat lost. When an attacker positions him/herself in between the end-points and intercepts and/or tampers with this data-in-transit, it’s called a man-in-the-middle (MiTM) attack. In layman’s terms, it’s a lot like eavesdropping.

So, What Exactly is a Man-in-the-middle Attack?

While data transmission is taking place between a device (PC/Phone) and a web server, an attacker using his skills and tools places him/herself between two endpoints and intercepts the data. While the two parties believe that they’re talking to each other, they’re communicating with (and through) the perpetrator in reality. That’s what a man-in-the-middle attack is.

Basically, it’s a con trick. These attacks not only take place during device-server communication, but they also can occur wherever two systems are exchanging data virtually.

How does it work?

When it comes to MiTM attacks, there isn’t just one single method that can cause damage—there are four! Generally speaking, there are Sniffing, Packet Injection, Session Hijacking, and SSL Stripping. Let’s have a brief look at them.

  • SniffingSniffing or Packet Sniffing is a technique used to capture the packets of data flowing in and out of a system/network. Packet Sniffing in networks is equivalent to wiretapping on telephones. Keep in mind that Packet Sniffing is legal if employed correctly, and many enterprises do it for “security purposes.”

  • Packet Injection: In this technique, an attacker injects malicious packets of data along with regular data. This way a user doesn’t even notice the files/malware because they come as a part of a legitimate communication stream. These files are a common commodity in man-in-the-middle attacks as well as denial-of-service attacks.

  • Session Hijacking: Have you ever come across a “Session Expired” error? If you’ve ever made an online payment or filled out a form, you’d know this term. The time between when you log in to your bank account and log out of it is called a session. These sessions are often the targets of hackers as they potentially contain discreet information. In most instances, a hacker establishes his/her presence in the session, and ultimately takes control of it. These attacks can be executed in various ways.

  • SSL Stripping: SSL Stripping or SSL Downgrade attacks are a rare species when it comes to MiTM attacks, but also the most dangerous one. As we all know, SSL/TLS certificates keep our communication safe online via encryption. In SSL Stripping attacks, the attacker strips off the SSL/TLS connection and the protocol is turned from secure HTTPS to insecure HTTP.

How do prevent man-in-the-middle attacks?

Keep in mind that these attacks are not as easy as turning your headphones off, they’re highly complicated in nature. You need to have some serious skills and must be aided by the right tools. But just because a MiTM attack is difficult to pull off, doesn’t mean you shouldn’t actively protect against them.

Here are our recommended practices to protect against man-in-the-middle attacks:

  • Make sure that the websites you visit have HTTPS in front of the URL
  • Before clicking on emails, check the sender of the email
  • If you’re a website admin, you should implement HSTS
  • DO NOT make a purchase or send sensitive data on a public Wi-Fi network.
  • Make sure your website doesn’t have any mixed content
  • If your website is using SSL, make sure you have disabled insecure SSL/TLS protocols. You should only have enabled TLS 1.1 and TLS 1.2
  • Don’t click on malicious links or emails
  • Do not download pirated content
  • Secure your home/work network
  • Have proper security tools installed on your systems

#winsondigitalmarketing

Password attacks

Password attacks involve exploiting a broken authorization vulnerability in the system combined with automatic password attack tools that speed up the guessing and cracking of passwords. The attacker uses various techniques to access and expose the credentials of a legitimate user, assuming their identity and privileges. The username-password combination is one of the oldest known account authentication techniques, so adversaries have had time to craft multiple methods of obtaining guessable passwords. Additionally, applications that use passwords as the sole authentication factor are vulnerable to password attacks since the vulnerabilities are well understood.

Password attacks have far-reaching consequences since malicious users only require unauthorized access to a single privileged account or a few users' accounts to compromise the web application. Depending on the data hosted by the application, compromised passwords can pave the way for exposure of sensitive information, distributed denial-of-service, financial fraud, and other sophisticated attacks.

Types of Password Attacks

Hackers typically rely on different techniques to obtain and authenticate with a legitimate user’s password. These include

Phishing Attacks

By far the most common form of password attack, a phishing attack involves a social engineering technique in which the hacker masquerades as a trusted site by sending the victim a malicious link. After assuming they are authenticating to a legitimate web server, the victim clicks on this link, providing the attacker with their account credentials. Besides identity theft, phishing attacks also foster Advanced persistent Threats by allowing the threat actor to gain permissions of an internal user, thereby allowing the attacker to compromise more profound components of the system while remaining undetected. In phishing attacks, adversaries commonly use multiple methods to trick the user into clicking the malicious link, including:


DNS cache poisoning – Attackers leverage vulnerabilities in the application’s DNS server to redirect user requests to a malicious site with a similar-looking domain name.

URL hijacking/typosquatting – The attacker creates a genuine-looking URL with subtle differences from the website they want to impersonate. The attack then depends on users making typing mistakes, so they land on the malicious page. 

 Tabnabbing – The attacker rewrites unattended browser tabs with malicious sites that look like legitimate web pages.

UI redressing/iFrame overlay – The attacker places a link to the malicious page over a legitimate, clickable button using transparent layers. 

Clone phishing – In this attack, the attacker sends a copy of a legitimate email where the links within the original email are replaced with URLs to malicious sites. 

Brute-Force Password Attacks

This type of password attack employs trial-and-error methods to guess a user’s authentication information. The bad actor uses automated scripts to work through as many permutations as possible to guess the user’s password correctly. While it is a relatively old method that requires a lot of patience and time, a Brute force attack is still standard in account breach attempts since they are automated and straightforward. There are several types of brute force attacks:

Simple brute force attacks – A hacker uses logic and data about a user to guess the most likely password. This technique is used for relatively simple passwords, such as those containing a combination of pet name-year and birth.

Credential stuffing – This involves using previously exposed login combinations that were maliciously obtained across vulnerable websites. In such attacks, hackers typically take advantage of the fact that entities tend to re-use their username-password combinations across multiple services.

Hybrid brute force attacks – An attacker combines simple weak password- guessing with automated software that performs credential stuffing to uncover complex passwords. In most production systems, entities use slight variations of passwords across different websites. Attackers also rely on user data patterns across services to improve the accuracy of credential stuffing tools.

Reverse brute force attacks – In this form of attack, a hacker starts with a known password and then searches for usernames that match it. As threat actors often have access to multiple databases of leaked credentials, it is easy to identify common passwords within a particular group of users.


Dictionary Password Attacks

This attack method uses a predefined list of words  most likely to be used as passwords by a specific target network. The predefined list is built from a website user’s behavioral patterns and passwords obtained from previous data breaches. The lists are created by varying common combinations of words by case, adding numeric suffixes & prefixes, and using common phrases. These lists are passed to an automated tool, which attempts to authenticate against a list of known usernames.


Password Spraying Attack

In this type of attack, the hacker attempts to authenticate using the same password on various accounts before moving to another password. Password spraying is most effective since most website users set simple passwords, and the technique doe not violate lockout policies since it uses several different accounts. Attackers mostly orchestrate password spraying in websites where administrators set a standard default password for new users and unregistered accounts. 

Keylogging

While orchestrating a Keylogging attack, a hacker installs monitoring tools in the user’s computer to record the keys struck by the user covertly. A keylogger records all information that users type into input forms and then sends it to the malicious third party. While keyloggers often have essential uses in enterprise settings (UX improvement, employee monitoring, etc.), attackers often use them to extract information such as login credentials for unauthorized access maliciously.


Password Attack Example

One of the most common examples of a phishing password attack involves lying to the victim that their account will be deactivated if they do not confirm their login details.
The attacker crafts phishing emails to the users, informing them that their account has been compromised and their credit card and login details are needed to retain the account. The email includes a link similar to

The victim clicks on this link and is redirected to the fake confirmation page, where they supply their legitimate login credentials. The hacker then collects these credentials and uses them to access the victim’s legitimate account

How to Prevent Password Attacks

Some best practices to prevent password attacks include:

Enforce strong password policies

Security administrators must enforce policies that ensure users follow set criteria to prevent malicious actors from cracking their passwords. For example, the password should be a minimum of 8 characters long and include special characters to avoid brute force attempts. Additionally, passwords should not contain any personally identifying information, as this may foster dictionary attacks. Users should also use unique passwords for each service and rotate the passwords frequently to prevent attackers from using exposed credential databases for password attacks

Organization-wide password security training

It is vital to ensure every user understands the criticality of a strong password policy and follows the organization-wide awareness on password security. Additionally, every application user should be aware of social engineering attacks that trick them into submitting their credentials to malicious third parties

Enable Multifactor Authentication

Passwords in themselves generally do not offer a complete user authentication solution. Multifactor authentication involves the use of passwords in combination with extra security checks. Some MFA implementations include the One-Time Password (OTP), biometric authentication, software tokens, and behavioral analysis.

Use a password manager

The primary function of a password manager is to help web administrators store and manage user credentials. Password management solutions also generate passwords for users following strong policies and best practices. In addition, these tools store user credentials in strongly encrypted databases, making them robustly secured from exposure in a data breach.

FAQ

What are the differences between broken authentication and password attacks?

Broken authentication encompasses a collection of vulnerabilities that allow hackers to assume the identity of an application’s legitimate user. These weaknesses often arise due to poor session and credential management. On the other hand, password attacks involve strategies orchestrated by exploiting credential management vulnerabilities, granting the attacker access to a use

Saturday, 23 April 2022

Technical SEO Increase Organic Visibility

Technical SEO is a necessity. Here are four key technical tasks SEOs should take care of to help increase organic visibility.

Driving revenue and awareness from search relies on your website health — today’s success in organic search is about a lot more than just keywords and content,” said Shachar Radin Shomrat, CMO of Deepcrawl, in her presentation at The MarTech Conference. “It demands technically sound websites in today’s marketing landscape.”

“Over a longer timeframe, the technical aspects of your website play a huge role in how well your content performs,” she added.

If SEOs don’t take the time to optimize critical technical aspects of your site that influence page speed, indexing, and more, it could mean lost traffic and revenue.

Here are four key technical tasks SEOs should take care of to help increase organic visibility.

1. Optimize site architecture

“Architecture is your foundational stage,” Shomrat said. “If the overall website structure is not optimized for search performance, then any individual page on that site is not set up to have its best chance at being crawled, appearing with search results and ultimately converting into a revenue-driving asset.”

No two sites are the same, but most search professionals agree site architectures should generally have a logical flow with a hierarchy of pages. This helps users and crawlers make sense of your site.

2. Ensure pages are crawlable

Your pages should be accessible to search engines and users via valid status codes. SEOs should make sure the pages they want to be included in the index have a 200 HTTP status code.

Search marketers should also ensure their robots.txt files aren’t blocking pages they want to be indexed. A misplaced disallow directive could prevent crawlers from viewing your pages at all.

3. Check which pages allow indexing

Just because your pages are crawlable doesn’t mean they’re indexable. Marketers need to make sure their pages’ robots tags allow for indexing.

“If a page is not indexed by search engines, then it will not appear to users in their search results at all,” Shomrat said.

4. Improve page experience

People are less likely to convert to sites that offer poor experiences, such as slow-loading pages. Google and other search engines encourage site owners to optimize their technical structures to prevent this from happening, allowing their content to shine in the search results.

“If you do not fix your [technical] foundation, your content and keyword investments are not going to get the return that you expect,” Shomrat said.

The necessity of technical SEO

Paying attention to the technical quality of your site is vital to SEO success. Yet getting company team members and executives on board can be a tricky task.

“Creating a strong technical foundation for your website to rank well in Google and to provide an excellent experience to your site users involves a lot of moving parts,” Shomrat said.

“It expands beyond the boundaries of most marketing teams,” she added.

She encourages marketers to prove the worth of technical SEO to their teams by establishing clear goals and showing how their efforts are meeting them. She also recommends providing colleagues and executives with studies and other educational resources to show the full impact of technically sound sites for organic search.

“Get the support you need from leadership by promoting organic and website health KPIs as business-wide OKRs [objectives and key results],” she said. “There is great data out there about the impact website health and technical SEO can have as a comparatively low-cost customer acquisition channel.”

Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...