Avast blog: Return of the Mirai botnet

Remember Mirai? This four-year old botnet was the scourge of the internet and used as the launching pad for numerous DDoS attacks. It continues to be the basis for new attacks, and I blog about this for Avast here. There are several mitigation measures you can take, including  using a free tool from F-Secure that can check your router for any potential weaknesses. You might also use this to put a more complete program in place to ensure all critical network infrastructure has appropriately complex and unique passwords. 

Network Solutions blog: What is Identity and Access Management and How Does It Protect High-Profile Users?

Microsoft AccountGuard banner Image

My latest blog for Network Solutions is about identity and access management. Our email accounts have become our identity, for better and worse. Hackers exploit this dependency by using more clever phishing lures. Until recently, enterprises have employed very complex and sophisticated mechanisms to manage and protect our corporate identities and control access to our files and other network resources. What has changed recently are two programs from Microsoft and Google that are designed to help combat phishing. They are aimed at helping higher-risk users who want enterprise-grade identity and access management security without the added extra cost and effort to maintain it. The two programs are called AccountGuard (Microsoft) and Advanced Security (Google). In my blog post, I explain what these two programs are all about.

Network Solutions blog: Honeypot Network Security, What It Is and How to Use It Defensively

What is a Honeypot | Honeynets, Spam Traps & more | ImpervaThe original idea behind honeypot security was to place a server on some random Internet link and sit back and wait until some hacker happened by. The server’s sole purpose would be to record the break-in attempt — it would not be part of a normal applications infrastructure. Then a researcher would observe what happened to the server and what exploit was being used. A honeypot is essentially bait (passwords, vulnerabilities, fake sensitive data) that’s intentionally made very tempting and accessible. The goal is to deceive and attract a hacker who attempts to gain unauthorized access to your network.

In this blog for Network Solutions, I describe their role in modern network security, compare the features of various commercial and open source products, and provide a series of tips on how to pick the right kind of deception product to fit your business’ needs.

Avast blog: Understanding and preventing Cross-Site Scripting attacks

You wouldn’t think an attack method that was first found more than 20 years ago would be at the top of anyone’s list of popular current attacks. But that is the case for Cross-Site Scripting (XSS), a method that was first discovered by Microsoft engineers at the turn of the century. Avast’s XSS explainer webpage goes into more detail about the different attack types and some of the more notable attacks and victims down through the years. Top marks were issued by MITRE’s Common Weakness Enumeration group, which also listed 24 other dangerous software weaknesses.

I describe what all is involved with XSS attacks and some of the more notable ones of recent memory, along with how you can prevent them, in my blog post for Avast here.

RSA Blog: your endpoints are the new perimeter

Remember when firewalls first became popular? When enterprises began installing firewalls in earnest, they quickly defined our network’s protective perimeter. Over the years, this perimeter has evolved from a hardware focus to one more defined by software, to where Bruce Schneier officially proclaimed their ultimate death a few years ago.

Part of this evolution is the changing nature of the attacks we experience along with the changing nature of our enterprise networks. In my blog post for RSA today, I review this evolution and talk about how we are all out, as that wise infosec sage Jerry Seinfeld mentions in his first monologue for his TV series above. What we have come to is that endpoint detection and response tools have to do a lot more these days than just scan for malware and compromises.

 

 

Network Solutions blog: Ways to Identify and Prevent Vishing Attacks

In my latest blog post for Network Solutions, I explain vishing, or voice-based phishing attacks. It is a more modern and sophisticated version of a crank call. Only instead of being placed by bored teenagers, it is a very targeted and dangerous call that can get you to do the caller’s bidding. The vishers are getting more clever at constructing their lures and scams. Spoofing isn’t the only tool these guys abuse. Another is the underpinning of any good social engineering effort: collecting as much data about you as possible, to make their request more personal and more believable. My post has several suggestions to keep in mind the next time you get one of these calls.

Network Solutions blog: How to identify and prevent smishing attacks

By now we are all too familiar with phishing attacks. They have received lots of press coverage and are at the heart of many cyberattacks. But hackers are getting more specialized and have turned towards other variations, one of which goes by the term smishing. This is a combination of social engineering techniques that are sent over SMS texts rather than using the typical emails that traditional phishing lures use. SMS phishing, get it? In Verizon’s 2020 mobile security index, they found that 15% of enterprise users encountered a smishing link in Q3 2019. In my latest post for Network Solutions’ blog, I demonstrate how these kinds of attacks work, how the criminals have upped their game, and what you can do to protect yourself.

Avast blog: One mo’ election update: ransomware

We’re less than a week away from the 2020 U.S. election, and there has been news of a ransomware attack in northern Georgia. The attack hit a network that supports the Hall County government infrastructure and includes election and telephone systems. It was the first time that systems were brought down, although it wasn’t the first time election systems have been targeted by ransomware. Those happened in Louisiana and Washington State, both unsuccessful. In my blog post today for Avast, I go into the details about these attacks and some of the deficient cybersecurity practices also happening in Georgia.

Avast blog: Your data is for sale from election data brokers

By now, many of you know that your online shopping and social media usage patterns can be tracked and recorded. This includes data about your political preferences, which is especially relevant given the approaching elections. Data brokers can use and abuse this information by bundling and selling your data to third parties who are interested in targeting you as a consumer, a buyer, or as a potential voter.

You can read more about this issue in my blog for Avast today and how you can use one of their products, BreachGuard, to help hide your data from brokers and keep improve your privacy posture on social media.

Network Solutions blog: How to Recognize and Prevent Homograph Attacks

I have written a few times about ways to prevent brandjacking. In this blog post for Network Solutions, I discuss the use of homoglyph or homograph attacks by cybercriminals. These attacks involve exploiting international domain names and the idea is simple to explain once you know a bit of Internet history.

When the Internet was first created, it was based on using Roman alphabet characters in domain names. This is the character set that is used by many of the world’s languages, but not all of them. As the Internet expanded across the globe, it connected countries where other alphabets were in use, such as Arabic or Mandarin. 

Several years ago, researchers discovered the homograph ploy, and since then all modern browsers have been updated to recognize the homograph attack methods of using “xn–80ak6aa92e.com” instead of “apple.com.” I go into the details in my blog post and you can see an example of how a browser responds above.

There is an important lesson here for IT professionals: watch out for injection-style attacks across your web infrastructure. Every element of your web pages can be compromised, even rarely-used tiny icon files. By paying attention to all possible threats today, you’ll save yourself and your organization a lot of trouble tomorrow.