Nov 6, 2022

How to secure yourself from online event phishing links? - CyberSecurity

    Online communities and the things around them are growing. It's becoming a trend. The flexibility and convenience are more. But these event calendars are being misused to attack online users and steal data. They are being used for phishing people. So this blog post is to make you aware of which event invite is a phishing scheme and which one is safe to open to accept the invitation. Use these four pointers to see if it's legitimate.

  1. Is the source of the invitation legit?
A sudden surprising invite from your favorite brand or an event organizer isn't all hoax since most of the small and local businesses along with the corporates are using online invitations especially posts covid as an accessible way to invite people to their events. It's easy to navigate from home, but it doesn't mean you delete it. But make sure the sender is a verified or legit sender address before accepting an invite or even thinking about clicking the link. Alternatively, make sure that it actually came from that particular business. Try to recall if you ever subscribed or signed up for membership at their venue, store, or website. Then go and online search for that event, if the event is legit it should be posted somewhere on the company website or some event organizer like Eventbrite and more. If you cannot find anything then the invitation is indeed fake and report the email before you mark and delete it as spam. 
Furthermore, you can reach out to the company using the phone or email given on their contact us page on their website and ask if there's such an event and they would be more than happy to tell you about it. Also, if you are always known to go to these events then you would be familiar with the emails or invites you receive from this sender address. 

    
    2. Secure your device

Securing your device is one other way to stay protected. So make sure your computer's antivirus software and a network firewall are up-to-date or at least turned on. This software helps to block spam or malicious links, emails, and attacks that are about to take place on the device if you happen to end up clicking the link anyway. It's okay to invest in antivirus software as some of them also offer backup protection and protection from ransomware too. There isn't that latest of at least technology of antivirus pieces for mobiles and tablets but it's good to at least have downloaded some basic ones. Since it will help to have that additional layer of security to protect you and your data.
When you continue to open the link, the network is protected from any sort of threat when you click the link to RSVP for that invitation.


    3. Giving your personal information

Phishing emails/invites look legit and that's the whole reason why we even fall for this stuff in the first place. Hackers and cybercriminals have mastered this art of deceiving and know very well how to copy the model of emails and SMS or for that matter any similar-looking thing to get you to click the link in the first place. They even make use of Google calendars, Gmail, and other sites to make it seem as real as possible. They sneak them into our inboxes. The way the email looks doesn't have to make it legit. The sender will more or less always ask for some kind of personal information. Do not give any personal information at all.
In case, if you think the event is legit and they request personal information then it's always advised to contact them yourself via the event page or website and give them those details instead of falling into this trap.




    4. Look at the URL before proceeding

Most of the time the URL itself will help you make it clear if that URL is even legit or not. All the brand and event or corporate invites start with their domain name and then an extension of the rest of the things. Usually, popular domains and HTTPS are protected by Google Crawlers, and hence phishing the main site would last for barely 5-10 minutes at max before it's taken down on hosting sites. Didn't understand a thing? well, don't worry. I do cover this in upcoming blog posts but for now, just know that popular sites cannot be replicated so

Oct 27, 2022

What is hacking? and what are the types of it?

 


Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.


A traditional view of hackers is a lone rogue programmer who is highly skilled in coding and modifying computer software and hardware systems. But this narrow view does not cover the true technical nature of hacking. Hackers are increasingly growing in sophistication, using stealthy attack methods designed to go completely unnoticed by cybersecurity software and IT teams. They are also highly skilled in creating attack vectors that trick users into opening malicious attachments or links and freely giving up their sensitive personal data.

As a result, modern-day hacking involves far more than just an angry kid in their bedroom. It is a multibillion-dollar industry with extremely sophisticated and successful techniques.

Types of Hacking/Hackers

There are typically four key drivers that lead to bad actors hacking websites or systems: (1) financial gain through the theft of credit card details or by defrauding financial services, (2) corporate espionage, (3) to gain notoriety or respect for their hacking talents, and (4) state-sponsored hacking that aims to steal business information and national intelligence. On top of that, there are politically motivated hackers—or hacktivists—who aim to raise public attention by leaking sensitive information, such as Anonymous, LulzSec, and WikiLeaks.

A few of the most common types of hackers that carry out these activities involve:


Black Hat Hackers
Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign.

These individuals’ actions can inflict serious damage on both computer users and the organizations they work for. They can steal sensitive personal information, compromise computer and financial systems, and alter or take down the functionality of websites and critical networks.


White Hat Hackers
White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers through proactive hacking. They use their technical skills to break into systems to assess and test the level of network security, also known as ethical hacking. This helps expose vulnerabilities in systems before black hat hackers can detect and exploit them.

The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these individuals are hired by organizations to test and discover potential holes in their security defenses.


Grey Hat Hackers
Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers, they attempt to violate standards and principles but without intending to do harm or gain financially. Their actions are typically carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it exists, but unlike white hat hackers, they do so publicly. This alerts malicious actors to the existence of the vulnerability.


Oct 25, 2022

Ethical Hacking Certifications to Boost Your Career

 Ethical hackers play the role of an intruder by attempting to gain access to a computer system or network, application, or data. They do this legally and with authorization from the company as a way to identify vulnerabilities. Working in this field means you need to think like a hacker and use your best offensive cybersecurity skills to help improve the security of your company. 

If you’re interested in a career as an ethical hacker, you might consider earning a certification as a way to:

  • Build new offensive security skills

  • Validate your skills to potential employers

  • Enhance your resume

  • Qualify for new job opportunities

  • Boost your confidence on the job

In this article, we’ll outline four popular certification options for ethical hackers (or aspiring ethical hackers). Learn more about what to expect from each certification exam, and get tips for how to prepare yourself for success.

These four well-respected cybersecurity certifications are particularly relevant for careers in ethical hacking, penetration testing, and other areas of offensive cybersecurity. 

1. Certified Ethical Hacker (CEH)

This ethical hacking certification from the EC-Council ranks among the top cybersecurity certifications companies are hiring for, appearing in nearly 10,000 job search results. The CEH is designed to help you think like a hacker and build skills in penetration testing and attack vectors, detection, and prevention.  

Requirements: To qualify for the CEH exam, you need two years of work experience in information security. You can waive this requirement by completing an official EC-Council training. 

Cost: $950 to $1,199 depending on testing location

Salary: $92,000

2. GIAC Penetration Tester (GPEN)

If you’re interested in penetration testing, a task within the umbrella of ethical hacking, then the GPEN certification could be a good fit. Earning your GPEN demonstrates your ability to perform penetration tests with the latest techniques and methodologies. Topics covered include test planning, scoping, and recon; scanning and exploitation; password attacks; and web application pen testing.

Requirements: There are no prerequisites for taking the GPEN exam.

Cost: $1,699

Salary: $104,000

3. CompTIA PenTest+

The PenTest+ exam from CompTIA is unique in that it features both multiple-choice and performance-based questions (questions that test your ability to solve problems in a simulated environment). The exam covers your ability to perform penetration tests in a variety of situations, including cloud, hybrid, web application, onsite, and internet of things (IoT) environments.

Requirements: There are no required prerequisites, but CompTIA recommends that you have three to four years of information security experience, and that you’ve mastered the materials covered in the Network+ and Security+ exams.

Cost: $370

Salary: $88,206 (for penetration tester)

Tip for passing the exam: The PenTest+ exam tests your knowledge in different ways, so it’s a good idea to prepare using a variety of different study resources. Here’s a few resources that come recommended by previous test takers:

4. Offensive Security Certified Professional (OSCP)

Another highly sought-after certification for pen testers, ethical hackers, and other offensive-minded security pros, the OSCP tests your ability to breach a series of target machines and produce detailed reports for each attack.

Requirements: There are no formal requirements to sit the exam, though Offensive Security recommends that you be familiar with networking, bash scripting, Perl or Python, and Linux. You may also consider taking the Penetration Testing with Kali course prior to taking the exam.

Cost: From $999

Salary: $96,000

Tip for passing the exam: Practice taking technical notes as you work through boxes or challenges during your preparation. Organize your notes with a table of contents so you can quickly access what you need on test day if you encounter a challenge that looks familiar. It’s also a good idea to prepare a report template for exploits ahead of the exam.


Oct 21, 2022

What is cybercrime? and types of cybercrime?



What is Cybercrime?

Cybercrime is defined as an unlawful action against any person using a computer, its systems, and its online or offline applications. It occurs when information technology is used to commit or cover an offense. However, the act is only considered Cybercrime if it is intentional and not accidental.

Cybercrime is a criminal activity that either targets or uses a computer, a computer network or a networked device. Most cybercrime is committed by cybercriminals or hackers who want to make money. However, occasionally cybercrime aims to damage computers or networks for reasons other than profit. These could be political or personal.
Cybercrime can be carried out by individuals or organizations. Some cybercriminals are organized, use advanced techniques, and are highly technically skilled. Others are novice hackers

Example of Cybercrime
  • Email and internet fraud.
  • Identity fraud (where personal information is stolen and used).
  • Theft of financial or card payment data.
  • Theft and sale of corporate data.
  • Cyberextortion (demanding money to prevent a threatened attack).
  • Ransomware attacks (a type of cyberextortion).
  • Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
  • Cyberespionage (where hackers access government or company data).
  • Interfering with systems in a way that compromises a network.
  • Infringing copyright.
  • Illegal gambling.
  • Selling illegal items online.
  • The fraud is done, by manipulating the computer network
  • Unauthorized access to or modification of data or application
  • Intellectual property theft that includes software piracy
  • Industrial spying and access to or theft of computer materials
  • Writing or spreading computer viruses or malware
  • Digitally distributing child pornography

Type of Cybercrime

Hacking: It is an act of gaining unauthorized access to a computer system or network.

Denial Of Service Attack: In this cyberattack, the cyber-criminal uses the bandwidth of the victim’s network or fills their e-mail box with spam emails. Here, the intention is to disrupt their regular services. Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a system or network. Sometimes connected IoT (Internet of Things) devices are used to launch DDoS attacks.

A DDoS attack overwhelms a system by using one of the standard communication protocols it uses to spam the system with connection requests. Cybercriminals who are carrying out cyberextortion may use the threat of a DDoS attack to demand money. Alternatively, a DDoS may be used as a distraction tactic while another type of cybercrime takes place.

A famous example of this type of attack is the 2017 DDoS attack on the UK National Lottery website. This brought the lottery’s website and mobile app offline, preventing UK citizens from playing. The reason behind the attack remains unknown, however, it is suspected that the attack was an attempt to blackmail the National Lottery.



Malware attacks: A malware attack is where a computer system or network is infected with a computer virus or other type of malware. A computer compromised by malware could be used by cybercriminals for several purposes. These include stealing confidential data, using 

Oct 1, 2022

What is Red team and Blue team in cybersecurity? Part 1

 Red Teams are internal or external organisations that aim to assess the efficacy of an organisation's security system by copying the methods and strategies of likely attackers in a realistic manner. It is similar to Penetration Testing, but involves attempting one or more targets as part of a campaign. For those on the Blue Team, having Adversarial Empathy - the capacity to think from the point-of-view of their adversary usually gained from attack experience - is essential.

Blue Teams refer to the internal security team that defends against both real attackers and Red Teams. This group should be separated from standard security operations teams on account of their attitude, which is characterised by constant caution against attack. Purple Teams are a further way of ensuring the efficacy of both Red and Blue; they incorporate measures designed by the Blue Team with threats and weaknesses pinpointed by the Red Team for a greater level of coverage. Ideally, it isn't necessary to have a dedicated Purple Team but instead a sustained interaction between Red and Blue.


Although Red Teams and Penetration Testers share many skills and functions, they are not the same. There are a number of attributes that distinguish Red Teams from other offensive security teams. These include:

It is possible to emulate the TTPs utilized by adversaries the target is likely to face, such as utilizing analogous tools, exploits and pivoting methodologies, as well as constructing analogous goals. This is known as campaign-based testing and runs for an extensive period of time, often several weeks or months. In contrast, a Penetration Test tends to rely on conventional pentesting tools and is truncated - typically lasting one to two weeks with a distinct set of aims like pivoting to the internal network, obtaining confidential data or acquiring administrative rights. A Red Team engagement draws upon a more tailored selection of TTPs together with specific objectives over an extended timeline.

In addition to testing for vulnerabilities, red teams use the TTPs of their likely threat actors in campaigns that run continuously over an extended period of time

It is of course possible to create a Red Team campaign that uses the best-of-the-best TTPs known to the Red Team, which uses a combination of common pentesting tools, techniques, and goals, and to run it as a campaign (modeling a Pentester adversary). A Red Team campaign should emulate the tactics of a specific threat actor, but those tactics won't necessarily be the same as the attack of the Red Team.

Cybersecurity Blue Teams are proactive defenders of a company. n InfoSec, there are some tasks which are not considered Blue-Team-worthy due to their defense-oriented nature, such as tier-1 SOC analysts who aren't trained or interested in offensive techniques, aren't curious about what they're looking at, and aren't creative about following up on alerts. 

The difference between a Blue Team and just doing defensive things is the mentality. Here's how I differentiate: Blue Teams / Blue Teamers possess: A proactive vs. reactive mindsetEndless curiosity regarding things that are out of the ordinaryContinuous improvement in detection and responseIt's not about whether someone is a self-taught tier-1 SOC analyst or some hotshot former Red Teamer from Carnegie Mellon. Continually improving and being curious are the key.

Teams in purple: Rather than a dedicated team, purple is a cooperative mindset between attackers and defenders. Purple Teams are not necessary in organizations where the Red Team / Blue Team interaction is healthy and working well. A Red Team's purpose is to improve the Blue Team.A group that is not familiar with offensive techniques and wants to learn about how attackers think is best utilizing the term. A Purple Team exercise can involve good guys trying to learn from whitehat hackers. It could be an incident response group, a detection group, or a developer group. The solution to this problem is to fix the Red Team / Blue Team interaction dynamics-not to create a separate group that does their job for them.


Yellow, Orange, and Green Teams: what are they?

April Wright brilliantly introduced a few other team types in a Blackhat talk called Orange is the New Purple, in addition to the well-known Red, Blue, and Purple team concepts. It was during her talk that she introduced the Yellow team, which is the builder, and combined it with Blue and Red to come up with the other colors. I think this is extremely smart, but disagree somewhat with some of the characterizations of the combinations. In what I'm calling the BAD Pyramid above, which is a derivative of April's work, I captured my own interpretation of these interactions. I don't much care for the word "team" being assigned to all these colors, since I believe in most cases they are mindsets, or functions, rather than dedicated groups of people. Developers, for example, already have a name. Green, Orange, and Purple behaviors should be changed to either Developers or Blue Team behaviors.