Article | February 12, 2020
On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.
Article | January 19, 2021
For years, we have been told that cyber-attacks happen due to human-errors. Almost every person has stressed about training to prevent cyber-attacks from taking place. We have always been on the alert to dodge errant clicks or online downloads that might infect devices with security threats.
However, not all attacks need a user’s oversight to open the door. Although avoiding clicking on phishing emails is still significant but there is a cyber threat that does not need any human error and has been in the recent news. It is known as Zero-Click attack where some vulnerabilities can be misused by hackers to launch attacks even without interaction from the victim.
Rather than depending on the hardware or software flaws to get access to the victim’s device, zero-click attacks eliminate the human error equation. There is nothing a victim can do once coming into the limelight of the hacker. Also, with the flourishing use of smartphones around the world that entails all the personal information and data, this thread has expanded enormously.
How Zero-Click Attacks Occur?
The core condition for successfully pulling off a zero-click is creating a specially designed piece of data which is then sent to the targeted device over a wireless network connection including mobile internet or wifi. This then hit a scarcely documented vulnerability on the software or hardware level.
The vulnerability majorly affects the messaging or emailing apps. The attacks that have begun from Apple’s mail app on iPhone or iPad, have now moved ahead on Whatsapp and Samsung devices. In iOS 13, the vulnerability allowed zero-click when the mail runs in the background. It enables attackers to read, edit, delete, or leak the email inside the app.
Later these attacks moved to Samsung’s android devices having version 4.4.4 or above. The successful attacks provide similar access to the hackers as an owner, entailing contacts, SMS, and call logs.
In 2019, a breach on Whatsapp used the voice call functionality of the app to ring the victim’s phone. Even if the victim didn’t pick the call and later deleted it, the attacks still installed malicious data packets. These grants access to the hacker to take complete control of call logs, locations, data, camera, and even microphone of the device. Another similar attack had happened due to the frangibility in the chipset of WI-FI that is used in streaming, gaming, smart home devices, and laptops. The zero-click attack blooms on the increase of mobile devices as the number of smartphones have reached above 3 billion.
How To Avoid Zero-Click Attacks?
Most of the attacks of zero-click target certain victims including corporate executives, government officials, and journalists. But anyone using a smartphone is a possible target. These attacks cannot be spotted due to the lack of vulnerabilities. So the users have to keep the operating system along with the third-party software updated. Also, it is a must to give minimal permissions to apps that are being installed on the device.
Moreover, if you own a business and are afraid of the zero-click attacks on your company’s app, you can always seek IT consultations from top-notch companies orhire developersthat will help in developing applications with hard-to-creep-into programming languages where detecting an attack is efficient.
Article | February 20, 2020
Technology is reshaping society – artificial intelligence (AI) is enabling us to increase crop yields, protect endangered animals and improve access to healthcare. Technology is also transforming criminal enterprises, which are developing increasingly targeted attacks against a growing range of devices and services. Using the cloud to harness the largest and most diverse set of signals – with the right mix of AI and human defenders – we can turn the tide in cybersecurity. Microsoft is announcing new capabilities in AI and automation available today to accelerate that change. Cybersecurity always comes down to people – good and bad. Our optimism is grounded in our belief in the potential for good people and technology to work in harmony to accomplish amazing things. After years of investment and engineering work, the data now shows that Microsoft is delivering on the potential of AI to enable defenders to protect data and manage risk across the full breadth of their digital estates.
Article | March 19, 2020
Measures to mitigate the outbreak of COVID-19 have led to an unprecedented increase in remote working across the board. Our guest author Philip Blake, European Regional Director at EC-Council and cybersecurity expert, outlines key challenges and tips for staying secure while away from the office. As governments and businesses work on mitigating the impact of the ongoing COVID-19 outbreak, social distancing measures are leading to an increase in remote working across all sectors. The reasoning behind the measures is best left to health authorities, and are discussed at length elsewhere. The purpose of this article is to shed light on some of the key cybersecurity challenges around the sudden spike in remote work arrangements, and propose potential measures to keep networks as secure as possible during these times.