Wednesday, 27 April 2022

Eavesdropping attack

Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an attacker can obtain passwords, credit card numbers, and other confidential information that a user might be sending over the network. Eavesdropping can be passive or active


Passive eavesdropping — A hacker detects the information by listening to the message transmission in the network.

Active eavesdropping — A hacker actively grabs the information by disguising himself as a friendly unit and by sending queries to transmitters. This is called probing, scanning, or tampering.


Detecting passive eavesdropping attacks is often more important than spotting active ones since active attacks require the attacker to gain knowledge of the friendly units by conducting passive eavesdropping before.

Data encryption is the best countermeasure for eavesdropping.

An eavesdropping attack starts with a piece of malware that allows attackers to plant the eavesdropping software or the packet sniffer on victims’ computers. The malware could enter devices when users click a malicious link in a phishing email. It could also be obtained by downloading infected software or applications. The sniffer could also be planted on an unsecured network.

The attackers can then monitor the software or preprogram it to send the data automatically. A hypothetical scenario that is not too far-fetched is this: A payroll officer was at the airport when he remembered he needed to send the company’s payroll report to his manager. He connected to the airport’s open Wi-Fi network and emailed the report. Unbeknownst to the payroll officer, an attacker was able to intercept the email and download the report that contains attendance logs and employees’ banking information.

An eavesdropping attack can also make way for man-in-the-middle (MitM) attacks where threat actors can modify messages and impersonate one of the communicating parties. In our hypothetical scenario, the attackers could alter the message and enter their bank details, so the payroll payments go to them.

Eavesdropping Attack Effects

The theft of sensitive details can result in account takeovers, identity theft, and financial damage. Attackers also stand to gain more by selling the stolen personal information on the Dark Web. Here are a few effects of eavesdropping attacks:

Privacy loss: Every company has confidential information that can damage its reputation if the data is made public. Eavesdropping attacks allow criminals to obtain vital business information, ideas, and conversations exchanged within a target organization, thus encroaching on its privacy.

Identity theft: Attackers can listen to any employees’ private conversations to get login credentials and use them to access restricted storage devices. The individuals don’t only lose their identity but cause their organization harm as well.

Financial loss: Cybercriminals who have confidential data can access vital business applications anytime. They can threaten to expose the information unless the victim pays a high price or sell it to competitors. They earn while the information’s owners lose money.

Avoiding an Eavesdropping Attack: Best Practices

Avoiding eavesdropping attacks calls for several tried-and-tested cybersecurity measures, including the following:

Do not connect to unsecured networks, especially when conducting sensitive transactions, as attackers can easily exploit them. As much as possible, avoid connecting to open Wi-Fi networks available in airports, coffee shops, and hotels.

Use different passwords for every account and change them regularly. That way, even when attackers get hold of one of your passwords, they won’t be able to take over your other accounts.

Use military-grade encryption (256-bit), so even if an eavesdropping attack occurs, attackers won’t be able to see the encrypted data. Using virtual private networks (VPNs) is one way to encrypt your network traffic.

For organizations, network segmentation or dividing the network so each department has different access rights may help. The sales team, for example, does not need access to the payroll system.

Tuesday, 26 April 2022

SEO Techniques For Organic Growth

Growth involves a company increasing its revenues through internal operations, such as marketing and promotion, sales and distribution, and product innovation and development. While organic growth is often a slow process, it is generally more sustainable and long-lasting. Inorganic growth involves a company increasing its revenues through more aggressive tactics, such as acquisitions, mergers, and joint ventures. Inorganic growth has the advantage of instantaneous market share gain, but it often requires a much steeper financial investment with a greater risk of diminishing returns over time. 

 For any business operating in the online space (and, really, what business isn’t nowadays?), one of the best ways to generate organic growth is through SEO. 
The tricky thing about SEO, however, is that it’s an ever-changing landscape. Every year sees advancements that render previously reliable digital marketing techniques obsolete. Staying ahead of your competition often means staying at the forefront of the latest SEO trends. 
Below is a list of nine (count ‘em: nine!) new SEO techniques you absolutely need to adopt to grow your business in 2022. 
SEO Trends:
It used to be that if you saw someone standing around talking to themselves, you’d probably try to avoid them. Now, thanks to voice-activated apps like Google Assistant, Apple’s Siri, and Amazon’s Alexa, everyone is doing it! It’s even begun changing the way online businesses do SEO. With the number of households that own a smart speaker expected to reach 55% this year, there’s no better time to rethink your approach to keywords. People speak search queries differently than they type them, which means long-tail keywords that utilize natural language are increasingly preferable to shorter, choppier ones. Additionally, voice search makes it so that page content that has a more conversational tone is likely to do better than more dry or technical material.

Certainly, something to keep in mind during the content creation process. When you have a pressing question that needs answering, the first person you find with a useful solution instantly becomes your new best friend. If you want that person to be you, then featured snippets are one of the top SEO techniques in your arsenal. Rolled out by Google in 2017, featured snippets are excerpts from a page’s content that are featured at the very top of a SERP, a coveted spot for anyone looking to attract visitors. Users are invariably attracted to pages with featured snippets, making them a huge boon to a company’s web traffic and conversions. So, how do you get a featured snippet for your page? Aside from targeting high-volume, low-competition keywords, the shape and structure of your content play a major role. Some types of content that can help you optimize for Google featured snippets include lists, how-to guides, glossaries, and FAQs. 

 Shakespeare famously said that “brevity is the soul of wit.” Of course, the Bard of Avon didn’t have to worry about search engine ranking factors back in the 16th century. In modern times, brevity and wit take a backseat to authoritative informational value. While “longer” doesn’t always mean “better,” long-form content is generally favored by users who view it as more comprehensive. As a result, pages whose content is around 3,000 words in length tend to have longer dwell times and also receive more shares on social media. Additionally, long-form content gets more backlinks, and it makes keyword optimization a much easier process for creators. That’s not to say you should overwhelm users with giant walls of text.

 Quite the opposite: breaking longer pieces of content down into several smaller sections, or even using them as hub pages, lends itself better to audience engagement. Even better, it communicates to search engines that this is the material you consider important for audiences to see. What once is science fiction is now science fact. 
The robot revolution isn’t imminent; it’s already here! Instead of chrome-plated Terminators, though, today’s artificial intelligence takes the form of enterprise-scaling business automation and hyper-advanced search algorithms. With each passing year, AI programs become smarter, faster, more efficient, and more human. To wit, since its unveiling in 2015, Google’s RankBrain system has risen to become one of the most important ranking factors for SERPs, a trend that is expected to continue well into the future. Although Google keeps the details of how exactly RankBrain works under wraps, careful study suggests it favors pages with high click-through rates and well-curated content organization. A poor user experience, therefore, translates to a lower PageRank score. 

 One of the best ways of driving traffic to your website and boosting your search engine ranking is with backlinks. Links today, though, aren’t merely limited solely to directing users to a specific page; they can also be used to direct users to a specific section, passage, or sentence. This is called deep linking, and it’s becoming more and more common. In fact, Google recently introduced passage ranking, a system by which its crawlers can individuate a page into separate parts, then rank each of those parts in response to user search queries. 

 By getting not just backlinks but deep links, it’s possible to turn a single page of content into a multi-headed hydra, one capable of actively engaging users without ever disrupting the conversion funnel. No, you’re not hallucinating from hunger; the header above really does suggest EATing as an organic SEO technique. In this case, though, it doesn’t have anything to do with gorging yourself on delicious Old Forge-style pizza. In digital marketing, EAT stands for “expertise, authoritativeness, and trustworthiness.” More than just a cute acronym, EAT is a principle used by Google to score pages in relation to certain user searches. As noted earlier, the informational value of a piece of content is equally as important as how many keywords and backlinks it has. Actually, scratch that. It’s more important. 
 Google is no longer easily manipulated by spammy content, and visitors are no longer satisfied with impersonal, general, bare-minimum coverage. They want details. They want to hear your voice. And they want to feel like you know what you’re talking about better than anyone else. 
 Future of SEO is Not Just Global, But Local It used to be that the goal of smaller businesses was to expand their reach to a more national or even international level. While broadening brand awareness in order to reach a more global audience remains key, today the dynamic has somewhat shifted. Now, big and small businesses alike recognize the growing importance of local SEO. 

 More and more, people are using search engines to find local solutions, with “near me” becoming an extremely keyword modifier in recent years. This has subsequently caused search engines to prioritize local businesses (or, at the very least, businesses with local service access) in their SERPs. 
 This makes updating and maintaining your local citations more important than ever. It also highlights the importance of doing dedicated local-oriented keyword research and developing local backlinks. Don’t skimp on your regional customers; they’re your bread and butter. 

 Optimize Keywords for Intent & Semantic Search Once upon a time, search engines were very, very stupid. Early on, they could really only analyze the exact phrase a user queried, then they’d go looking for pages that contained that same phrase. Fast forward to the current year, and search engines have gotten a lot smarter. They’re now very good at thinking like human beings, which means they know how to factor in search intent and semantic context. As the search continues to evolve, user intent and the semantic search will only become more prominent aspects of digital marketing. To keep up with this evolution, you can’t keep using the same old keyword-targeting tactics.
 It’s essential to embrace modern SEO techniques to stimulate fresh organic growth opportunities. Simply put, you have to think about your audience. Identify not just their demographics, but their psychographics: their personality traits, lifestyles, interests, and online behaviors. When used hand-in-hand with intent-based keyword tiers, this kind of data is just as useful to marketing as age, sex, and location statistics. 

 Every Page of our Site Should Be Mobile-Friendly It’s no secret that the vast majority of people’s web usage these days is facilitated by mobile devices like smartphones and tablets. Amazingly, though, there are still a surprising number of businesses whose websites aren’t specifically optimized to be mobile-friendly. Mobile web design isn’t simply a matter of translating a horizontal page format into a vertical one. It may acquire you to readjust text sizes and image placements, simplify layouts, limit pop-ups, and reduce the number of slow-loading elements in favor of universal compatibility. Just a few short years ago, Google announced the implementation of mobile-first indexing. This effectively makes the mobile versions of a page its defaults, not the desktop version. Simply put, if your pages aren’t optimized for mobile, then they’re not optimized. 

Period. Leverage Today’s Top SEO Trends for Organic Growth Trying to stay ahead of societal and technological progress sometimes feels like trying to outrun a racecar. With the right digital marketing professionals by your side, however, your business can benefit from all the hottest new SEO techniques before they become commonplace or obsolete.

Ethical hacking

What is ethical hacking?

Ethical hacking involves a collection of processes where organizations authorize individuals to exploit a system’s vulnerabilities for a deeper understanding of their existing security posture. When performing an ethical hack, a security professional or researcher replicates the actions and strategies of a malicious hacker. This helps development and security teams to detect and identify security risks before hackers can exploit them.

Ethical hacking, also known as White Hat Hacking, is a fundamental step for assessing the effectiveness of an organization’s security strategy. To separate themselves from malicious hackers, white hat hackers rely on four principle values:

1)  Keeping the exploits legal by obtaining client approval before conducting the vulnerability assessment.

2)  Predefining the scope of the attack so that the security assessments stay within the approved legal boundaries.

3)  Reporting all discovered vulnerabilities and providing remediation recommendations to the

organization administering the system.

4) Agreeing to the set terms and conditions regarding respect for data privacy and confidentiality.

The aim of ethical hacking is to mimic the actions of hackers and identify both existing and potential vulnerabilities that may arise in the future. To accomplish this, an ethical hacker undertakes multiple stages of assessment to gain as much in-depth knowledge of the system as possible.

What are the Phases of Ethical Hacking?

Finding and fully exploiting system vulnerabilities takes a great deal of time and patience. A typical penetration testing requires the ethical hacker to bypass authorization & authentication
mechanisms, then probe the network for potential data breaches and network security threats. As a real-world black hat hacker consistently devises new ways to exploit vulnerabilities an effective ethical hack should be carefully thought out considering the changing threat landscape.

To find such vulnerabilities, ethical hackers undertake several steps of the ethical hacking methodology. 
These steps of hacking include: 
Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Clearing Track. While not every hacker follows these steps in sequential order, they offer a systematic approach that yields better results. Let us take a closer look at what these hack phases really offer.


1) Reconnaissance

When it comes to penetration testing, the first natural question to ask is – What is the first phase of hacking
Before performing any actual penetration tests, hackers footprint the system and gather as much information as they can. Reconnaissance is a preparatory phase where the hacker documents the organization’s request, finds valuable configuration and login information of the system, and probes the networks. This information is crucial to performing the attacks and includes:

  • Naming conventions
  • Services on the network
  • Servers handling workloads in the network
  • IP Addresses
  • Names and Login credentials of users connected to the network
  • The physical location of the target machine
2) Scanning

In this stage, the ethical hacker begins testing the networks and machines to identify potential attack surfaces. This involves gathering information on all machines, users, and services within the network using automated scanning tools. Penetration testing typically undertakes three types of scans:

Network Mapping

This involves discovering the network topology, including host information, servers, routers, and firewalls within the host network. Once mapped, white hat hackers can visualize and strategize the next steps of the ethical hacking process.

Port Scanning

Ethical hackers use automated tools to identify any open ports on the network. This makes it an efficient mechanism to enumerate the services and live systems in a network, and how to establish a connection with these components.

Vulnerability Scanning

The use of automated tools to detect weaknesses that can be exploited to orchestrate attacks.
While there are a number of tools available, here are a few popular ethical hacking tools commonly used during the scanning phase:

  • SNMP Sweepers
  • Ping sweeps
  • Network mappers
  • Vulnerability scanners
3) Gaining Access

Once ethical hackers expose vulnerabilities through the first and second hacking phases of the process, they now attempt to exploit them for administrative access.
The third phase involves attempting to send a malicious payload to the application through the network, an adjacent subnetwork, or physically using a connected computer. Hackers typically use a number of hacking tools and techniques to simulate attempted unauthorized access, including:

  • Buffer overflows
  • Phishing
  • Injection Attacks
  • XML External Entity Processing
  • Using components with known vulnerabilities

If the attacks are successful, the hacker has control of the whole or part of the system and may stimulate further attacks such as data breaches and Distributed Denial of Service (DDoS).

4) Maintaining Access

The fourth phase of the ethical hacking process involves processes used to ensure the hacker can access the application for future use. A white-hat hacker continuously exploits the system for further vulnerabilities and escalates privileges to understand how much control attackers can gain once they get past security clearance. Some attackers may also try to hide their identity by removing any evidence of an attack and installing a backdoor for future access.

5) Clearing Tracks

To avoid any evidence that leads back to their malicious activity, hackers perform tasks that erase all traces of their actions. These include:

  • Uninstalling scripts/applications used to carry out attacks
  • Modifying registry values
  • Clearing logs
  • Deleting folders created during the attack

For those hackers looking to maintain undetected access, they tend to hide their identity using techniques such as:

  • Tunneling
  • Stenography





Birthday Attack

A birthday attack is a type of cryptographic attack that belongs to a class of brute force attacks. It exploits the mathematics behind the birthday problem in probability theory. The success of this attack largely depends upon the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations, as described in the birthday paradox problem.

Birthday paradox problem  

Let us consider the example of a classroom of 30 students and a teacher. The teacher wishes to find pairs of students that have the same birthday. Hence the teacher asks for everyone’s birthday to find such pairs. Intuitively this value may seem small. For example, if the teacher fixes a particular date say October 10, then the probability that at least one student is born on that day is 1 – (364/365)30 which is about 7.9%. However, the probability that at least one student has the same birthday as any other student is around 70% using the following formula


1 - 365!/((365 - n!) * (365n))  (substituting n = 30 here) 

Derivation of the above term: 

Assumptions – 
1. Assuming a non leap year(hence 365 days). 
2. Assuming that a person has an equally likely chance of being born on any day of the year. 
Let us consider n = 2. 
P(Two people have the same birthday) = 1 – P(Two people having different birthday) 
                                                              = 1 – (365/365)*(364/365) 
                                                              = 1 – 1*(364/365) 
                                                              = 1 – 364/365 
                                                              = 1/365. 
So for n people, the probability that all of them have different birthdays is: 
P(N people having different birthdays) = (365/365)*(365-1/365)*(365-2/365)*….(365-n+1)/365. 
                                                              = 365!/((365-n)! * 365n)



Hash function – 


A hash function H is a transformation that takes a variable sized input m and returns a fixed size string called a hash value(h = H(m)). Hash functions chosen in cryptography must satisfy the following requirements: 
 

  • The input is of variable length,
  • The output has a fixed length,
  • H(x) is relatively easy to compute for any given x,
  • H(x) is one-way,
  • H(x) is collision-free. 

A hash function H is said to be one-way if it is hard to invert, where “hard to invert” means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h

If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y) then H is said to be a weakly collision-free hash function. 

A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x) = H(y)

Let H: M => {0, 1}n be a hash function (|M| >> 2n ) 

Following is a generic algorithm to find a collision in time O(2n/2) hashes. 

Algorithm: 
 

  1. Choose 2n/2 random messages in M: m1, m2, …., mn/2
  2. For i = 1, 2, …, 2n/2 compute ti = H(mi) => {0, 1}n
  3. Look for a collision (ti = tj). If not found, go back to step 1 
     

We consider the following experiment. From a set of H values, we choose n values uniformly at random thereby allowing repetitions. Let p(n; H) be the probability that during this experiment at least one value is chosen more than once. This probability can be approximated as: 

 

p(n; H) = 1 - ( (365-1)/365) * (365-2)/365) * ...(365-n+1/365))
p(n; H) = e-n(n-1)/(2H) = e-n2/(2H) 


Digital signature susceptibility – 


Digital signatures can be susceptible to birthday attacks. A message m is typically signed by first computing H(m), where H is a cryptographic hash function, and then using some secret key to sign H(m). Suppose Alice wants to trick Bob into signing a fraudulent contract. Alice prepares a fair contract m and fraudulent one m’. She then finds a number of positions where m can be changed without changing the meaning, such as inserting commas, empty lines, one versus two spaces after a sentence, replacing synonyms, etc. By combining these changes she can create a huge number of variations on m which are all fair contracts. 

Similarly, Alice can also make some of these changes on m’ to take it, even more, closer towards m, that is H(m) = H(m’). Hence, Alice can now present the fair version m to Bob for signing. After Bob has signed, Alice takes the signature and attaches to it the fraudulent contract. This signature proves that Bob has signed the fraudulent contract. 

To avoid such an attack the output of the hash function should be a very long sequence of bits such that the birthday attack now becomes computationally infeasible.


Monday, 25 April 2022

Internet of Things (IoT) Attacks

Internet of Things (IoT)?

Internet of Things is a catchall phrase for all the various internet-connected devices that are not traditional computers. This includes everything from fitness trackers and smartwatches to smart refrigerators, headphones, cameras, washing machines, cars, traffic lights, airplane engines, and home security systems.

As the access to broadband Internet service grows and processors become more affordable, more and more gadgets with Wi-Fi capabilities are being created. Today there are billions of IoT devices in existence.

This network of devices produces great benefits and convenience for users, but IoT devices can also be targeted by attackers as well as used to carry out cyber attacks. As with internet-connected computers, these devices are perfectly safe to use, but precautions should be taken to ensure they aren’t compromised.

History of the Internet of Things?

A British technology researcher named Kevin Ashton coined the term ‘Internet of Things in 1999, but developers have been playing with the idea of internet-connected devices since the early 1980s. In fact, the first IoT device was a modified soda machine made in 1982 that transmitted data about its inventory and the temperature of the drinks inside. This was a one-off prototype, and the widespread proliferation of IoT devices didn’t start for another 25 years.

Two technologies helped pave the way for the mass manufacture of IoT devices: RFID tags and IPv6 IP addresses. RFID tags are small, lightweight electronic sensors that can transmit information without a power source, and they can be produced at a very low cost. These tags can be as small as a grain of rice, and their use has been widely adopted in the industrial sector. RFID tags used in conjunction with IoT devices have been used to track inventory in a warehouse, parts on an assembly line, and even patients in a hospital. This practice has saved countless hours of labor. The industrial sector was also the first to use IoT-based security systems, incorporating devices like smart cameras and smart locks.

The introduction of IPv6 addresses meant that the dwindling number of IP addresses for internet devices was a problem of the past, and helped open the floodgates for the mass production of consumer IoT devices. The ‘smart home’ concept has also been a major driving factor in bringing IoT devices to the hands of consumers, creating a heavy demand for things like smart home security systems, cameras, televisions, speakers (e.g. Google Home), lighting, and thermostats.

IoT devices are used in cyber attacks?

The firmware in most IoT devices does not have the same level of protection as do the modern operating systems running on most computers and smartphones. In many cases, these devices run on firmware that cannot be patched. As a result, IoT devices are often seen as easy targets by attackers.

A prime example of this is the Mirai botnet Mirai is a malware suite that can take control of IoT devices for the purpose of creating a botnet to conduct DDoS attacks. Mirai works by scanning large portions of the Internet for IoT devices and then attempting to log into those devices using a series of username/password combinations that are the preconfigured defaults for several devices. Since many people never bother to change the login credentials on their devices, Mirai is able to build a large network of compromised devices, which it then infects with the software used to overload a target server with malicious traffic.

IoT security

Internet of Things (IoT) devices are computerized Internet-connected objects, such as networked security cameras, smart refrigerators, and WiFi-capable automobiles. IoT security is the process of securing these devices and ensuring they do not introduce threats into a network.

Anything connected to the Internet is likely to face an attack at some point. Attackers can try to remotely compromise IoT devices using a variety of methods, from credential theft to vulnerability exploits. Once they control an IoT device, they can use it to steal data, conduct distributed denial-of-service (DDoS) attacks, or attempt to compromise the rest of the connected network.

IoT security can be particularly challenging because many IoT devices are not built with strong security in place — typically, the manufacturer's focus is on features and usability, rather than security, so that the devices can get to market quickly.

IoT devices are increasingly part of everyday life, and both consumers and businesses may face IoT security challenges.

What attacks are IoT devices most susceptible to?

Firmware vulnerability exploits

All computerized devices have firmware, which is the software that operates the hardware. In computers and smartphones, operating systems run on top of the firmware; for the majority of IoT devices, the firmware is essentially the operating system.

Most IoT firmware does not have as many security protections in place as the sophisticated operating systems running on computers. And often this firmware is rife with known vulnerabilities that in some cases cannot be patched. This leaves IoT devices open to attacks that target these vulnerabilities.

Credential-based attacks

Many IoT devices come with default administrator usernames and passwords. These usernames and passwords are often not very secure — for instance, "password" as the password — and worse, sometimes all IoT devices of a given model share these same credentials. In some cases, these credentials cannot be reset.

Attackers are well aware of these default usernames and passwords, and many successful IoT device attacks occur simply because an attacker guesses the right credentials.

On-path attacks

 On-path Attackers position themselves between two parties that trust each other — for example, an IoT security camera and the camera's cloud server — and intercept communications between the two. IoT devices are particularly vulnerable to such attacks because many of them do not encrypt their communications by default (encryption scrambles data so that it cannot be interpreted by unauthorized parties).

Physical hardware-based attacks

Many IoT devices, like IoT security cameras, stoplights, and fire alarms, are placed in more or less permanent positions in public areas. If an attacker has physical access to an IoT device's hardware, they can steal its data or take over the device. This approach would affect only one device at a time, but a physical attack could have a larger effect if the attacker gains information that enables them to compromise additional devices on the network.

How are IoT devices used in DDoS attacks?

Malicious parties often use unsecured IoT devices to generate network traffic in a DDoS attack. DDoS attacks are more powerful when the attacking parties can send traffic to their target from a wide range of devices. Such attacks are harder to block because there are so many IP addresses involved (each device has its own IP address). One of the biggest DDoS Botnets on record, the Mirai botnet, is largely made up of IoT devices.

What are some of the main aspects of IoT device security?

Software and firmware updates

IoT devices need to be updated whenever the manufacturer issues a vulnerability patch or software update. These updates eliminate vulnerabilities that attackers could exploit. Not having the latest software can make a device more vulnerable to attack, even if it is outdated by only a few days. In many cases, IoT firmware updates are controlled by the manufacturer, not the device owner, and it is the manufacturer's responsibility to ensure vulnerabilities are patched.

Credential security

IoT device admin credentials should be updated if possible. It is best to avoid reusing credentials across multiple devices and applications — each device should have a unique password. This helps prevent credential-based attacks.

Device authentication

IoT devices connect to each other, to servers, and to various other networked devices. Every connected device needs to be authenticated to ensure they do not accept inputs or requests from unauthorized parties.

For example, an attacker could pretend to be an IoT device and request confidential data from a server, but if the server first requires them to present an authentic TLS Certificate (more on this concept below), then this attack will not be successful.

For the most part, this type of authentication needs to be configured by the device manufacturer.


Encryption

IoT device data exchanges are vulnerable to external parties and on-path attackers as they pass over the network — unless encryption is used to protect the data. Think of encryption as being like an envelope that protects a letter's contents as it travels through the postal service.

Encryption must be combined with authentication to fully prevent on-path attacks. Otherwise, the attacker could set up separate encrypted connections between one IoT device and another, and neither would be aware that their communications are being intercepted.

Turning off unneeded features

Most IoT devices come with multiple features, some of which may go unused by the owner. But even when features are not used, they may keep additional ports open on the device in case of use. The more ports an Internet-connected device leaves open, the greater the attack surface — often attackers simply ping different ports on a device, looking for an opening. Turning off unnecessary device features will close these extra ports.


DNS filtering

 DNS Filtering is the process of using the Domain Name System to block malicious websites. Adding DNS filtering as a security measure to a network with IoT devices prevents those devices from reaching out to places on the Internet they should not (i.e. an attacker's domain).

What is mutual TLS ( MTLS)?

 Mutual Transport Layer Security (MTLS) is a type of Mutual Authentication, which is when both sides of a network connection authenticate each other.TLS is a protocol for verifying the server in a Client-Server connection; MTLS verifies both connected devices, instead of just one.

mTLS is important for IoT security because it ensures only legitimate devices and servers can send commands or request data. It also encrypts all communications over the network so that attackers cannot intercept them.

mTLS requires issuing TLS certificates to all authenticated devices and servers. A TLS certificate contains the device's Public Key and information about who issued the certificate. Showing a TLS certificate to initiate a network connection can be compared to a person showing their ID card to prove their identity.


Rootkits Attacks

What Is a Rootkit?

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.

What Can a Rootkit Do?

A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage.

Rootkit Detection

It is difficult to detect rootkits. There are no commercial products available that can find and remove all known and unknown rootkits. There are various ways to look for a rootkit on an infected machine. Detection methods include behavioral-based methods (e.g., looking for strange behavior on a computer system), signature scanning, and memory dump analysis. Often, the only option to remove a rootkit is to completely rebuild the compromised system.


Rootkit Protection

Many rootkits penetrate computer systems by piggybacking with software you trust or with a virus. You can safeguard your system from rootkits by ensuring it is kept patched against known vulnerabilities. This includes patches of your OS, applications, and up-to-date virus definitions. Don't accept files or open email file attachments from unknown sources. Be careful when installing software and carefully read the end-user license agreements.

Well-Known Rootkit Examples

  • * Lane Davis and Steven Dake - wrote the earliest known rootkit in the early 1990s.
  • * NTRootkit – one of the first malicious rootkits targeted at Windows OS.
  • * HackerDefender – this early Trojan altered/augmented the OS at a very low level of functions calls.
  • * Machiavelli - the first rootkit targeting Mac OS X appeared in 2009. This rootkit creates hidden system calls and kernel threads.
  • * Greek wiretapping – in 2004/05, intruders installed a rootkit that targeted Ericsson's AXE PBX.
  • * Zeus, first identified in July 2007, is a Trojan horse that steals banking information by man-in-the-browser keystroke logging and form grabbing.
  • * Stuxnet - the first known rootkit for industrial control systems
  • * Flame - a computer malware discovered in 2012 that attacks computers running Windows OS. It can record audio, screenshots, keyboard activity, and network traffic.









Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...