Article | November 3, 2020
The ongoing pandemic has forced organizations across the globe to install work-from-home policies. A majority of the workforce in various industries, especially IT, have already adapting to working remotely. With a sudden rise in remote users and growing need and demand for cloud services, a huge volume of data is being transmitted between datacenters and cloud services. This has also given rise to the increased need for network security and a safer means of data transmission. The existing network security approaches and techniques are no longer dependable for the required levels of security and access control. To secure these surging digital needs, Gartner debuted an emerging cybersecurity framework in the form of what it calls SASE.
Article | February 21, 2020
Researchers have identified eight malicious Android apps in the official Google Play marketplace distributing a new malware family. The “Haken” malware exfiltrates sensitive data from victims and covertly signs them up for expensive premium subscription services. The eight apps in question, which have since been removed, had collectively been downloaded 50,000 times. The apps were mostly camera utilities and children’s games, including “Kids Coloring,” “Compass,” “qrcode,” “Fruits coloring book,” “soccer coloring book,” “fruit jump tower,” “ball number shooter” and “Inongdan.” The apps legitimately function as advertised, but in the background covertly perform an array of malicious functions. “Haken has shown clicking capabilities while staying under the radar of Google Play,” said researchers with Check Point Research, in an analysis on Friday. “Even with a relatively low download count of 50,000+, this campaign has shown the ability that malicious actors have to generate revenue from fraudulent advertising campaigns.
Article | February 20, 2020
The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why? Information security risks and challenges in the healthcare industry are well documented and much maligned. There are several reasons why the healthcare sector is particularly vulnerable, but one of the chief causations is the high amount of connected yet insecure devices commonly used within hospitals, clinics and medical centers. For example, a report from researchers at healthcare cybersecurity company CyberMDX discovered that connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit compared to other devices on hospital networks.
Article | January 19, 2021
For years, we have been told that cyber-attacks happen due to human-errors. Almost every person has stressed about training to prevent cyber-attacks from taking place. We have always been on the alert to dodge errant clicks or online downloads that might infect devices with security threats.
However, not all attacks need a user’s oversight to open the door. Although avoiding clicking on phishing emails is still significant but there is a cyber threat that does not need any human error and has been in the recent news. It is known as Zero-Click attack where some vulnerabilities can be misused by hackers to launch attacks even without interaction from the victim.
Rather than depending on the hardware or software flaws to get access to the victim’s device, zero-click attacks eliminate the human error equation. There is nothing a victim can do once coming into the limelight of the hacker. Also, with the flourishing use of smartphones around the world that entails all the personal information and data, this thread has expanded enormously.
How Zero-Click Attacks Occur?
The core condition for successfully pulling off a zero-click is creating a specially designed piece of data which is then sent to the targeted device over a wireless network connection including mobile internet or wifi. This then hit a scarcely documented vulnerability on the software or hardware level.
The vulnerability majorly affects the messaging or emailing apps. The attacks that have begun from Apple’s mail app on iPhone or iPad, have now moved ahead on Whatsapp and Samsung devices. In iOS 13, the vulnerability allowed zero-click when the mail runs in the background. It enables attackers to read, edit, delete, or leak the email inside the app.
Later these attacks moved to Samsung’s android devices having version 4.4.4 or above. The successful attacks provide similar access to the hackers as an owner, entailing contacts, SMS, and call logs.
In 2019, a breach on Whatsapp used the voice call functionality of the app to ring the victim’s phone. Even if the victim didn’t pick the call and later deleted it, the attacks still installed malicious data packets. These grants access to the hacker to take complete control of call logs, locations, data, camera, and even microphone of the device. Another similar attack had happened due to the frangibility in the chipset of WI-FI that is used in streaming, gaming, smart home devices, and laptops. The zero-click attack blooms on the increase of mobile devices as the number of smartphones have reached above 3 billion.
How To Avoid Zero-Click Attacks?
Most of the attacks of zero-click target certain victims including corporate executives, government officials, and journalists. But anyone using a smartphone is a possible target. These attacks cannot be spotted due to the lack of vulnerabilities. So the users have to keep the operating system along with the third-party software updated. Also, it is a must to give minimal permissions to apps that are being installed on the device.
Moreover, if you own a business and are afraid of the zero-click attacks on your company’s app, you can always seek IT consultations from top-notch companies orhire developersthat will help in developing applications with hard-to-creep-into programming languages where detecting an attack is efficient.