Corporate Espionage through Social Engineering

Are you working in a company that was a victim of Corporate Espionage recently? If yes, then you need to read this. Even if you don’t, still you need to read this.

What is Corporate Espionage?

Process of spying business competitor or intelligence agency or internal organisation for vested interests is called Corporate Espionage or Economic Espionage.

One of the recent high profile cases of Economic Espionage, six Chinese citizens were arrested on charges of stealing sensitive wireless technology from US Companies. To know more click here http://on.wsj.com/1JXw2C8

What is Social Engineering?

Social Engineering is an art and science of getting people reveal their sensitive information. It is broadly classified into three categories namely Human based, Computer based and Mobile based.

Human based Social Engineering: This type of social engineering involves person to person interaction. The US-CERT definition of Social Engineering is more appropriate here, i.e., any attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

Computer based Social Engineering: Making use of computer software to carry out Social Engineering attack.

1 Phishing: It involves cyber-criminal sending an email to the recipient.  The email requests the recipient to confirm banking transaction or reset password or PIN.  The victim opens the link thinking that the email is genuine. The victim is re-directed to a malicious website, which captures the information. Both eScan corporate products (eScan Corporate Edition with Hybrid Network Support and eScan Corporate 360 with MDM and Hybrid Network Support) provide an anti-phishing filter which protects users from both Phishing and Spear Phishing (as explained below).

1.1   Spear Phishing: This type of phishing is intended to target a single user or specific organisation seeking unauthorised access to confidential data by using email as its methodology. Spear Phished emails can be sent in numerous forms. Some of them inform the recipient that the previous email has failed and a link is also provided, which would make the recipient feel that the email is genuine.  The link opened by the victim will be re-directed to website which would request the victim to enter their email address and password or click on the link will download a Trojan. eScan recommends its readers to never open an email attachment sent from an unknown sender, open it only if you are positive about the source and never send or reply to emails which ask for sensitive information to an unauthorized person.

1.2   Identity Theft: Hackers steal victim’s personal information such as name, mobile number, email id etc. for any fraudulent or illegal purpose which is done with the help of keylogger. The best example of an identity theft was a written article about NSA spying users of some of the top Hard disk manufacturing companies for more than a decade. Corporate products of eScan provide Virtual Keyboard which stimulates the user’s keyboard and acts as a secure mechanism for the user to enter sensitive information such as login credentials, banking password and many more. Identity theft also occurs when data is leaked from client’s system either by copying the data to USB, CD/DVD or any other medium. eScan Corporate products and eScan Endpoint Security (with MDM & Hybrid Network Support) addresses the problem of endpoint by providing features such as Recording of files copied to USB, Blocking of CD/DVD, USB Blocking with Password Management and Blocking of auto-play of USB devices etc.

Mobile based Social Engineering

1 Malicious App: Mobile users are tricked by downloading malicious app which pretend to be a genuine one, but ends up posing as illegitimate one. eScan Corporate 360 (with MDM & Hybrid Network Support) has a unique feature to cater to this. The MDM (Mobile Device Management) consists of App Protection, blocks third party applications by default when eScan app is deployed.

 

Posted in eScan 14, Security | Tagged , , | Leave a comment

Malicious Malware

eScan, one of the leading Anti-Virus and Content Security Solution providers, has studied on a recent poll that says 32% of the top IT professionals agreed that data breaches and malware are the top threats that any organization faces.

According to the further enquiry poll, the trends have been noticed that the adverse effect of security programs is likely to get worse in future specifically because of continuous evolution of BYOD practices and increase in adoption of cloud technology, both public and private.

Let us see how malwares are baring their heinous fangs to cripple different sectors of IT industry.

  • Malware threat to Virtual Currencies: Extensive research has found that virtual transactions could result in entrenchment with malware and other prohibited data like child abuse images, pornographic content etc. Bitcoin, a form of electronic currency, uses P2P (peer-to-peer) networks to track and verify such transactions. Most Bitcoin-mining malware arrive via malicious downloads or sometimes through social media. Exploitation of system and/or application vulnerabilities mainly leads to such infection. As a result the ‘cyber hygiene’ gets seriously affected and it becomes an ideal place to host unlawful data or images.
  • Malware attack to Chat rooms: Cyber criminals are always trying to target various Chat-rooms, specially gaming chat-rooms. These are always a matter of entertainment to the kids and teens resulting in easy access for the crooks to convert the chat session into a cyber-trouble. Any malware which is usually associated with web-based delivery are responsible for this. However, there are some genuine chat-rooms which are useful. The guardians’ role is important here. They need to teach their kids about how to remain safe from these hazards. The children should learn not to enter any unauthorized chat-rooms that might appear as a pop-up!
  • Malware target hotel Wi-Fi: Hotel Wi-Fi is sometimes prone to malware attack. Thousands of hotel chains rely on such wireless networks for hospitality of the customers. Very recently researchers had found vulnerabilities in the wireless routers mostly used by the hotel industry which allowed a hacker to spread malware through a hotel’s Wi-Fi network. These malwares can also track sensitive data and attack the hotel’s Internet-connected operational systems. Such vulnerabilities allow the malware to get injected into the guests’ devices and even monitor and steal data transferred through the network.
  • Macro-based Malware: Macros are a series of commands used to complete a task automatically and are generally found in Word Documents and in Spreadsheets. The culprits have once again made use of this capability to compose malware-laden macros. Macros execute immediately after the file is opened; the victim who opens the file remains unaware that anything unnatural happened to his/ her system. Cyber felons prefer macro-based malware because it is versatile and requires minimum effort.
  • “NewPosThings” Malware: The ‘NewPosThings’ malware has been found recently trying to control the hub of IP addresses associated with certain airports. POS malware are always a threat since credit and debit card transactions happen throughout the year. A POS intrusion mainly happens when a card is swiped at any ecommerce transaction. These malware have RAM scraper capabilities, key-logging routines, dumping Virtual Network Computing (VNC) passwords and sensitive information gathering. Most POS systems are Windows-based which makes it simpler to create such malware to run on them. The devices used in such industry are open to the web and sometimes protected with easy passwords making it vulnerable for such attacks. Recently, researchers have detected that the latest malware even de-activates security warnings on systems and creates anti-debugging methods.
Posted in Security | Tagged , , | Leave a comment

Beware of Surprises from QR Codes

QR (Quick Response) codes that look like graphic black and white squares have become very popular lately. They can be seen in a magazine, on a TV show, on tickets, business cards, product boxes, websites, etc. In short, they are present on almost everything that we might want to know more about.

qr-demoQR codes have made it very easy and convenient especially for manufacturing and service companies who want their customers to know more about their products and services, just by scanning the QR code with their Smartphones. A user needs a QR reader app on the Smartphone in order to scan the code. Once the QR code is scanned, user is then directed to online content / website that has information on a product or service.

Steps-to-scan-QR-code

QR codes that are meant to be a convenient way for brands / companies to provide details to their customers are also a boon to cyber criminals. These codes can be used by scammers to spread malware, steal personal information or for phishing attacks, as they can easily be redirected to a malicious website or application, thus putting your mobile security at risk. For this, scammers only need to go online, create their own QR code and embed a link to a malicious web address. They can then use this code online, or in the form of stickers and place them in public.

As codes typically lead to a website, cyber-criminals use this method to redirect you to malicious websites that ask you to download malicious applications which when downloaded may display your calendar, contacts and credit card information to cyber-criminals. And hence, it then makes it easy for these scammers to get your mailing account and social network account details.

Once this malicious app is downloaded in your Smartphone, it can surreptitiously send spam messages to people on your contact list. This app can even send malicious links to people in your contact list resulting in a Smishing attack. And after sending messages to people, it will leave you with a hefty phone bill.

However, the real danger of these codes is the surprise element. That is, until you scan the code, you will have no way of finding out whether the web address where it redirected is genuine or not.

Experts advise people to stay away from QR codes that are displayed on shops, stalls, walls or even from websites that appear suspicious and only scan codes that are from trusted sources such as the ones that appear on product packaging, TV shows, newspapers or magazines.

Here’s some practical advice on how to spot / avoid malicious QR codes and stay protected from evolving cyber threats:

  • Use and maintain anti-virus software, a firewall as well as an anti-spyware software and keep them up-to-date.
  • Use a mobile QR code / bar-code scanning app with a URL preview function.
  • Do a reality check, before scanning a QR code. Research if the company has come up with a QR campaign.
  • Do not scan suspicious codes and links that do not seem to match the information you are looking for. Malicious codes often appear with little or no text.
  • Long URLs have already proved to be an excellent USP for phishing syndicates. Hence, be careful if the link is too long and looks suspicious.
  • Scammers create malicious codes and stick them in public places. Do not scan QR codes in the form of stickers placed elsewhere.
  • After scanning the code, if you are redirected to a website that asks for your details, never provide your personal details and log in information on any such sites as it can be a phishing attempt.
  • Android-based Smartphones have become targets of most malicious apps spread via QR codes so be extra cautious if you’re using an Android-based Smartphone. Moreover, always keep your Android browser up-to-date.

Enjoy the convenience of QR codes and at the same time stay protected from potential dangers.

Posted in Security | Tagged , , , | 2 Comments

Have A Happy World Book Day!!!

First of all, I would like to take this opportunity to wish all the readers across the globe,

A VERY HAPPY WORLD BOOK DAY!!!

As I think of the earlier times, I realize that the world of books is so different today. As I always say that we live in a digital era, our books have become digital too!

EBOOKToday, for almost every book that reaches the stands, there is an e-book available. To many of the avid readers opinion, electronic books (e-books) lack of consensus in regards to advantages of e-books over regular paper books. However, as they help overcome space limitations faced by many, e-books appear to be an efficient means of storage. Infinite books can be simply stored in just one Laptop / computer / Tablet. Moreover, e-books facilitate readers with an up-to-date content and easy access. There are many online libraries that avail e-books at a minimal membership fee using electronic licenses. Many books are available for free access as well. The most preferred format used by the readers for these e-books is the PDF format. And hence, cyber criminals have not spared this as well with their malicious intentions.

Adobe Acrobat is the free global standard that is used reliably for viewing, printing, and commenting on PDF documents. Many features of PDF can be used in malicious ways without exploiting vulnerability. In case of PDF, whether a file is malicious or not, it does not depend on the file extension but on the vulnerabilities in the software that are parsing it. For instance, if the PDF reader which that you are using contains a buffer overflow vulnerability, in that case the hacker can create a special PDF file to exploit that vulnerability. A virus can be embedded inside a PDF document.

The capability to embed documents or applications inside a PDF document has been taking place since Adobe Acrobat 4, and Adobe realized long back about this. Hence, as a precaution, a quite severe error message is shown before any embedded document or application that is opened. Many of us feel that the risk of being infected by a virus inside a PDF document is comparatively small. However, it is indeed possible to embed malicious applications inside a PDF document. Also, many PDF viruses in the wild, spread via e-mail as attachments or with the help of a compromised website in order to launch a cyber-attack.

List of the PDF virus threats include Troj/PDFEx-DF, which is a malware PDF file that takes advantage of vulnerability of Adobe Reader. An Adobe Reader is used to open a PDF file that is specially created to launch a non-PDF file attachment that includes external applications. Moreover, a compromised website of fake anti-virus programs is used to infect visitors of the website by using malicious JavaScript. Here, the applet and JavaScript checks if a PDF reader plug-in exists in the browser that allows its malicious PDF file to load. In addition to Adobe Reader, FoxIt Reader and Nuance PDF Reader are also vulnerable to PDF viruses. Whenever a program has vulnerability and its exploited code is released, it can surely be used to attack end-users of the PDF reader.

To ensure that all the e-book readers enjoy their reading experience to the fullest, eScan suggest few tips as below:

  • Always be weary of attachments to email messages.
  • If you need a PDF reader, always ensure that you have the current version of the PDF reader program installed. The latest version of the PDF reader with security and bug fixes will secure you from PDF viruses or any kind of such cyber-attacks.
  • Always ensure to install the important updates for Windows as well as all other software that are in your system.
  • Disable any start-up entry of PDF reader programs.
  • In case you do not need a PDF program to read or view a PDF file, it is always better to remove it from your computer.
  • It is advisable to disable the PDF plug-in for your web browser.
  • Make sure that you download PDF files only from trusted sources.
  • Never open PDF file attachments if you are not expecting one.
  • Ensure that your antivirus program facilitates web content and e-mails scanning for viruses.
  • Configure your PDF reader to not launch non-PDF file attachments with external applications.
  • Also, disable the Acrobat JavaScript in Adobe Reader’s preferences in order to be secured against any future vulnerability that may use this feature to execute any kind of malicious code.

Have A Happy and Safe Reading…!

Posted in Security | Leave a comment