Project

General

Profile

News

What is extortionware?

Added by dewi IT over 3 years ago

Extortionware is the latest stage in the evolution of ransomware. No longer content with simply encrypting a victim’s files, threat actors are increasingly using ransomware incidents as an opportunity to steal huge swathes of senditive data, which is then used as leverage in high-stakes extortion attempts.

In this post, we’ll go over the different types of extortionware, how extortionware has quickly become the norm among ransomware groups and why prevention – rather than reaction – is imperative when dealing with extortionware.

What is extortionware?

Extortionware is a form of cyberattack in which threat actors threaten to harm a target in some way if their demands are not met. Extortionware attacks tend to be highly targeted and typically impact industries that deal with sensitive or high-value data, including the medical, financial and educational sectors.

There are a few different types of extortionware, including:

  • Release of compromised data: Threat actors gain unauthorized access to a target system, exfiltrate sensitive information and threaten to release or sell the stolen data unless the victim complies with demand. High-value stolen data may include financial records, intellectual property and personally identifiable information of the victim company’s customers, employees or suppliers. This type of extortionware may also be referred to as “doxware” and is comparable in many ways to traditional blackmailing.
  • Threat of DDoS: Threat actors disrupt a target’s website or online service by launching a distributed denial-of service (DDoS attack), whereby a massive network of compromised systems is used to overwhelm a target web server. The attack, which blocks legitimate traffic and often completely disables an organization’s normal online operations, is continued until the target pays up. DDoS attacks have been around for more than 20 years and can now be readily purchased on the dark web.
  •  
  • Why do attackers use extortionware?

Extortionware is typically financially motivated. Victims of extortionware are usually extorted for money, and payments are made almost exclusively in cryptocurrency, which is faster and more anonymous than fiat currencies. While cyber extortion is not a new concept, it has become increasingly popular among ransomware groups in recent years as threat actors look for new strategies to apply additional pressure to victims.

The rise of extortionware ransomware

The Maze ransomware gang was the first to incorporate extortionware into the ransomware business model. In late 2019, Maze published almost 700 MB of data stolen during a ransomware attack on security services company Allied Universal and announced that more data would follow if the company refused to pay the 300 bitcoin ransom. Data theft and extortionware standard practice, with dozens of other ransomware groups adopting similar tactics over the course of 2020.

What makes extortionware so valuable for ransomware groups? It mostly comes down to leverage.

Traditional ransomware – that is, malware that encrypts files and does nothing more – can largely be mitigated with an affective backup. While a successful attack is undeniably disruptive, it usually isn’t financially crippling, and victims can often restore their systems relatively easily and get back to business without paying for decryption.

Data theft and extortionware nullify the effectiveness of backups. Regardless of whether the victim can recover their encrypted files from backups, threat actors will always have a copy of the stolen data to use as leverage. The stolen data can be published on the web, sold to other cybercriminals or leaked to industry competitors, which can each lead to enormous reputational damage, loss of business and potential litigation.

Consequently, the victims of ransomware extortionware face enormous pressure to pay the ransom in order to not only decrypt their files but, more importantly, also stop the release of sensitive information. We have even seen some ransomware groups use extortionware as a way to double down on their chances of a payout, demanding one payment for decryption and another for the non-release of stolen data.

What’s the difference between ransomware and extortionware?

While “extortionware” is often used to describe modern ransomware attacks that include a data theft component, we believe that this definition is an imperfect one. The suffix “ware” implies a product, whereas data theft is more of an action – and one which can be accomplished in any number of ways.

So, while “extortionware” is sometimes used interchangeably with “ransomware”, there are some important differences between the two terms.

  • Ransomware: Ransomware is a type of malware that blocks access to a target’s system or personal files and demands a ransom payment to restore access.
  • Extortionware: Extortionware is a broad category of attack that encompasses all forms of cyber extortion. Ransomware groups use extortionware to weaponize stolen data and coerce victims into paying.
  •  
  • Prevention is the key to stopping extortionware

While a robust backup strategy is an important part of any cybersecurity strategy, the threat of a data leak ultimately makes backups and other disaster recovery tools ineffective for combating extortionware. Instead, organizations must strengthen their perimeters and focus on preventing the initial compromise.

The following best practices may help prevent or limit the impact of extortionware:

  1. Update software when available
  2. Encrypt sensitive data
  3. Segment the network to limit access to valuable data
  4. Implement and maintain BYOD Security policies
  5. Enforce the use of MFA and strong passwords
  6. Train employees on cybersecurity hygiene and social engineering attacks
  7. Secure RDP
  8. Restrict remote access
  9. Monitor network traffic
  10. Install an update antivirus, which features a dedicated anti-ransomware component and a reliable cybersecurity solution

How a VPN (Virtual Private Network) Works

Added by dewi IT almost 4 years ago

How Virtual Private Networks Work

A VPN connection to a business's main office can help its employees be productive when they're on the go.

As a business grows such as Tuntex, it might expand to multiple workshops or offices across the country and around the world. But there is one thing that all companies need: a way to maintain fast, secure, and reliable communications wherever their offices are located. Traveling employees like salespeople, CEO (Chief Executive Officer), CTO (Chief Technical Officer), etc need an equally secure and reliable way to connect to their business's computer network from remote locations. Even while on leisure, people want to keep their computers safe when on an unfamiliar or unsecured network.

One popular technology to accomplish these goals is a VPN (virtual private network). A VPN is a private network that uses a public network (usually the internet) to connect remote sites (outside network) or users together. The VPN uses "virtual" connections routed through the internet from the business's private network or a third-party VPN service to the remote site, distant offices or person. VPNs help ensure security — anyone intercepting the encrypted data can't read it.

A typical VPN might have a main local-area network (LAN) at the corporate headquarters of a company, other LANs at remote offices or facilities, and individual users that connect from out in the field.

A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection, such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.

What Makes a VPN?

A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations.

An example of a company that needs a site-to-site VPN is a growing corporation with dozens of branch offices around the world.

A well-designed VPN can greatly benefit a company. For example, it can:

  • Extend geographic connectivity

  • Reduce operational costs versus traditional WANs

  • Reduce transit times and traveling costs for remote users

  • Improve productivity

  • Simplify network topology

  • Provide global networking opportunities

  • Provide telecommuter support

  • Provide faster Return On Investment (ROI) than traditional WAN

What features are needed in a well-designed VPN? It should incorporate these items:

  • Security

  • Reliability

  • Scalability

  • Network Management

  • Policy Management

Analogy Each LAN is an IsLANd

Imagine that you live on an island in a huge ocean. There are thousands of other islands all around you, some very close and others farther away. The normal way to travel is to take a ferry from your island to whichever island you wish to visit. Traveling on a ferry means that you have almost no privacy. Anything you do can be seen by someone else.

Assume that each island represents a private LAN and the ocean is the Internet. Traveling by ferry is like connecting to a web server or to another device through the Internet. You have no control over the wires and routers that make up the Internet, just like you have no control over the other people on the ferry. This leaves you susceptible to security issues if you try to connect between two private networks using a public resource.

Your island decides to build a bridge to another island so that there is an easier, more secure and direct way for people to travel between the two. It is expensive to build and maintain the bridge, even though the island you are connecting with is very close. But the need for a reliable, secure path is so great that you do it anyway. Your island would like to connect to a second island that is much farther away, but you decide that it is too expensive.

This situation is very much like having a leased line. The bridges (leased lines) are separate from the ocean (Internet), yet they are able to connect the islands (LANs). Many companies have chosen this route because of the need for security and reliability in connecting their remote offices. However, if the offices are very far apart, the cost can be prohibitively high - just like trying to build a bridge that spans a great distance.

So how does VPN fit in to this analogy? We could give each inhabitant of our islands their own small submarine with these properties.

  • It is fast.

  • It is easy to take with you wherever you go.

  • It is able to completely hide you from any other boats or submarines.

  • It is dependable.

  • It costs little to add additional submarines to your fleet once the first is purchased.

Although they are traveling in the ocean along with other traffic, the inhabitants of our two islands could travel back and forth whenever they wanted to with privacy and security. That is essentially how a VPN works. Each remote member of your network can communicate in a secure and reliable manner using the Internet as the medium to connect to the private LAN. A VPN can grow to accommodate more users and different locations much easier. Moreover, the distance doesn't matter, because VPNs can easily connect multiple geographic locations worldwide. 

Tuntex-SYS IT Div Originally Published: Feb 10, 2021

Sources

  • Cisco. "How Virtual Private Networks Work." Oct. 13, 2008. (May 6, 2019)
  • Friedl, Stephen J. "Steve Friedl's Unixwiz.net Tech Tips: An Illustrated Guide to IPSec." Aug. 24, 2005. (May 6, 2019)
  • Microsoft. "TechNect: VPN Tunneling Protocols." 2011. (May 6, 2019)
  • Pandya, Hiten M. "FreeBSD Handbook: Understanding IPSec." The FreeBSD Documentation Project. (May 6, 2019)

Apa Perbedaan Antara Hacker, Cracker, dan Scammer?

Added by IT Div about 4 years ago

1. Hacker / Peretas

  • Definisi Peretas

Hacker adalah seseorang yang menggunakan keterampilan khusus untuk mengidentifikasi kekurangan dalam sistem komputer dan berupaya untuk memperbaikinya. Keahlian tersebut dapat berupa keterampilan jaringan, keterampilan keamanan komputer atau bahkan keterampilan perangkat keras sistem. Jika seorang hacker mengidentifikasi kelemahan keamanan dalam suatu sistem, ia akan berupaya memecahkannya untuk mencegah insiden lain dari akses yang tidak sah. Meskipun kami telah mendefinisikan peretas dari sudut pandang positif, ini tidak selalu terjadi. Ini karena peretas dibagi menjadi beberapa grup. Ada 2 tipe peretas yaitu peretas topi putih dan peretas topi hitam.

  • Tipe Peretas

Peretas topi putih adalah kelompok peretas yang tetap berada dalam batas-batas hukum saat melakukan pekerjaan mereka. Mereka adalah representasi sebenarnya dari apa itu peretasan. Mereka tidak menggunakan keterampilan mereka untuk mengakses sistem apa pun secara ilegal. Sebaliknya, mereka hanya melakukan apa yang diminta oleh suatu organisasi. Peretas topi hitam adalah yang orang-orang pikirkan ketika mereka mendengar kata hacker. Mereka menggunakan kekuatan dan kecerdasan mereka untuk menghasilkan uang melalui cara ilegal. Setiap kali mereka menemukan kerentanan, mereka menyalahgunakan untuk keuntungan mereka sendiri dan jangan biarkan pemilik tahu tentang ancaman dan kerentanan. Mereka mencoba mencuri kata sandi pengguna, email, dan detail pribadi lainnya dan menjualnya di Dark Web. Peretas adalah profesional dan mereka biasanya disewa oleh perusahaan untuk menguji sistem keamanan. Mereka menyoroti titik-titik lemah dalam suatu sistem atau jaringan dan merekomendasikan langkah-langkah keamanan yang tepat untuk diambil.

  • Tujuan Seorang Peretas

Peretas, cracker, dan scammers dapat dibedakan berdasarkan tujuan yang mereka miliki. Peretas terutama tertarik mempelajari cara kerja sistem komputer dan jaringan. Mereka akrab dengan semua alat yang diperlukan yang dibutuhkan untuk masuk ke suatu sistem. Seorang hacker juga mengetahui teknik-teknik yang akan digunakan cracker untuk masuk ke sistem dengan tujuan melakukan aktivitas jahat. Mereka merancang berbagai langkah untuk mencegah aktivitas kerupuk. Tujuan keseluruhan seorang peretas adalah meningkatkan sistem dengan membuatnya lebih aman.

2. Cracker

  • Definisi Cracker

Cracker dan peretas hampir merujuk pada orang yang sama. Namun, ada beberapa perbedaan dalam cara mereka melakukan pekerjaan mereka. Sementara peretas bertindak dengan cara yang ada dalam kerangka hukum, para cracker sangat ingin melanggar hukum yang ada. Mereka menggunakan pengetahuan dan keterampilan mereka untuk menembus keamanan sistem dan jaringan komputer. Cracker mendapatkan akses ke data pribadi orang atau organisasi dan melakukan beberapa tingkat kerusakan. Kerusakan yang disebabkan dapat bervariasi. Yang paling umum termasuk mencuri informasi kartu kredit, mencuri detail pribadi dan informasi yang akan mereka jual, menghancurkan atau mengenkripsi file penting, membuat sistem tidak dapat diakses oleh orang lain di antara banyak kegiatan berbahaya lainnya.

  • Tujuan Seorang Cracker

Cracker dimotivasi oleh berbagai faktor. Utamanya adalah keuntungan finansial. Mereka dapat menyerang sistem dengan tujuan mendapatkan informasi keuangan. Beberapa dibayar oleh pesaing bisnis untuk tujuan mendapatkan informasi sensitif tentang suatu organisasi. Beberapa cracker melakukan gerakan mereka demi mendapatkan publisitas atau menunjukkan betapa kuatnya mereka.

3. Scammer / Penipu

  • Definisi Scammer

Scammer adalah orang yang menggunakan trik dan skema penipuan untuk mendapatkan bantuan dari seseorang. Seorang scammer akan selalu berpura-pura menjadi orang lain dan akan selalu bertindak dengan cara yang akan memenangkan kepercayaanmu. Kebanyakan scammer menggunakan internet untuk memikat korban mereka melakukan sesuatu. Dalam kebanyakan kasus, scammers tidak memiliki keterampilan pemrograman yang unik. Sebaliknya, mereka mengandalkan penggunaan permainan pikiran. Mereka bermain dengan pikiran calon korban sampai korban akhirnya menyerah pada tuntutan mereka.

Tuntex-SYS IT Div Updated 8/6/2020

HOW TO COMBAT DISPLAY NAME SPOOFING

Added by IT Div about 4 years ago

WHAT IS DISPLAY NAME SPOOFING?

 

Display name spoofing is a tactic used by phishers where the email being sent looks like it's coming from a trusted source, like your boss or a co-worker.... A common tactic employed by cyber-criminals when they go on phishing expeditions is to impersonate someone you know or a source that you trust. Their goal is to get personal data, passwords, money transfers or gift cards, just to name a few. In fact, billions of dollars have been lost because of simple emails that impersonate your bosses and co-workers and ask for wire‐transfers or credibly request that other sensitive data be sent back to the impersonator. Display Name Spoofing can be dangerous, because the sender’s email address is not forged per se, so it is difficult to block emails with forged display names.

 

HERE’S HOW IT WORKS:

For illustrative purposes, let us say our person in a position of authority at your company we wish to impersonate is J. Piers Rawling, and his real email address is PRawling@FSU.edu

 

Cybercriminals simply register a new email address with a free email provider, we will use g-mail for this example. Using the same name above, J. Piers Rawling our person of authority at your company, the hacker creates an email on a g-mail account (e.g. J. Piers Rawling <js465636@gmail.com>) Technically, the email address is valid, so emails sent from these accounts will slip through anti-spam filtering. No e-mail program will not block these phishing emails, because the email address is not forged.

 

The hope is that the recipient won’t look at the sending address (js465636@gmail.com), and instead just look at the sending display name (J. Piers Rawling.) Some recipients may even assume that the sending email is the personal email of the executive and believe it to be real. But beware.

 

Also, employees may believe that because the email looks like it has come from someone they are familiar with and with the standard company email signature signoff from that person, that the email is legitimate. Unfortunately, attackers can also use the same email signatures at the bottom of emails sign-offs as legitimate senders.

 

EXAMPLE:

To add insult to injury, many email clients – especially smartphone email clients – only display the sender’s name by default, but not the email address. For example, the Mail app on the iPhone requires you to tap on the sender’s name to reveal an email address.

 

 

HOW TO PREVENT THIS?

Well, you can’t. As a result, the first and last line of defense is your employees. everyone needs to be vigilant and be prepared to identify emails using the Display Name Spoofing technique. Sadly, this is prone to human error as employees may not verify the full details of every single incoming email under certain circumstances – like in stressful situations such as fast-approaching deadlines or lack of attention to detail. Employees should be trained to identify deceptive emails with forged “display names.”

The first step to not being a victim is awareness, and for organizations, employee awareness training.

Know the whowhatwherewhen, and why of every email you receive.

Here are some things to look and think about:

  • When you receive an email, look at both the name and the sender's email address. Is it correct?

  • Look for red flags, such as does my boss normally send me emails about wire transfers or gift cards.

  • Look to see if there are misspellings.

  • Ask yourself, would your boss ask me this?

  • Why would your boss ask for your personal passwords or personal information?

  • Don't post the email address of employees and leaders at your company on your website.

  • Never click blindly on an attachment/link.

  • Beware messages that seem too good to be true or too urgent.

  • Hover over the display name to see the sender’s email address.

  • Check not only the email address but all email header information.

  • If using a mobile device and unsure of a message, open it on a computer as well.

  • If suspicious of an email, contact the sender another way.

 

If you are not sure about the email you received, CALL THEM. Do not email, as the cyber-criminal will be the one to respond.

 

There is no way to prevent these types of emails from coming through. Staying vigilant and looking for the signs of these hackers is the only way to stay safe

Why Cyber-security Policies is Good For Business

Added by IT Div about 4 years ago

Cybersecurity has had to evolve drastically over the past few decades as tools and methods used by hackers have gotten more and more sophisticated.

Even the best cybersecurity strategy, however, isn’t foolproof without proper employee training.

Fraud Watch International states that 95% of breaches are due to human error or what is known as the “human factor.” Without preparation, awareness, and enforcement, the best laid security plan can fall flat, leaving you and your employees vulnerable to hacking.

Why are employees the weakest link in the security chain?

Employees, rather than computer systems, are the easiest to compromise of any business. This is even more so today with the proliferation of smart or IoT (Internet of Things) devices for personal and business-related purposes.

Individuals can easily be exploited through phishing, social engineering, and related efforts. These tactics are used to exploit human weaknesses and vulnerabilities by deceiving or misleading people.

One of the most popular tactics is display name spoofing attacks, where the cyber criminal changes the display name of the malicious emails sent to one the recipient may trust – often C-level executives for large organizations.

The result is blind clicks and downloads by employees thinking they are just following orders from their boss.

Employees that lack training and awareness, therefore, must be a top concern.

What is cybersecurity training?

Cybersecurity training defines what is needed from each employee and increases readiness to face and block cyber attacks. Employees will be able to recognize and halt attacks before they cause damage.

Having a good cybersecurity training program in place means Management have:

  • identified all requirements for training
  • determined the best method for Management and employees
  • set expectations at the beginning and followed through
  • covered such topics as current threats and defensive procedures
  • ensured that your employees know who to contact if a breach does occur
  • looked for feedback and re-evaluated IT/Management program as needed
  • repeated as necessary

Good cybersecurity training is repetitive, always up-to-date, and constantly tested.

Where can Management start?

Begin by revisit/make polices  to tailor a cybersecurity and employee training program to safeguard Management data. Along with email encryption and inbound security, employee awareness is crucial to strengthening Management security program as a whole.

Investing Management time and effort from the beginning will help to turn the “human factor” from a weak link into a strong one.

Information and Technology Services Office

Added by IT Div over 4 years ago

Tuntex Information and Technology Services Office is the Office of Business Operations provides administrative support to the Office and Efficiency. The mission is to provide a foundation of information technology and business management systems to support development and deployment of innovative, efficiency and renewable technologies and practices.

Tuntex SYS has IT division that support this mission: Information Technology and Business Management Systems. These teams lead the development and implementation of information and business management systems that improve the efficiency and effectiveness of business processes and operations.

This includes the following:

  •  Conducting assessments programs and management approaches and formulating findings, recommendations, and action plans to improve the effectiveness and efficiency of  management of programs.

  • Implementing and adhering to program and project management best business practices to enhance Tuntex's ability to implement research, development, demonstration, and deployment projects by accelerating commercialization and maximizing deployment.

  • Developing and maintaining information technology systems, hardware, software, and associated policies that support the mission requirements in a cost-effective manner.

  • Streamlining and standardizing processes and procedures and providing more systematic management of program and project data, resulting in the technology offices requiring less time to reinvent new requirements or reports for management requests.

  • Ensuring the security of information and information systems.

  • Maintaining compliance with the Federal Information Security Management Act of Standards and Technology guidance, Office of Management and Budget, and DOE cyber security directives. Note: Department of Energy (DOE) released its cybersecurity strategy.

Tuntex-SYS IT Div Updated 1/24/2020

    (1-6/6)

    Also available in: Atom