Category: Noticias

Remote work brings security problems

A group of security researchers has discovered hundreds of thousands of servers, ports and cloud services that are insecure. They can especially put children at risk remote workers, which have increased considerably in recent months. They are widely used services that are part of the day-to-day life of many companies and organizations.

It is especially necessary to highlight the danger of cloud services. We live in an age where it has become very popular. We have a wide range of possibilities and we are increasingly using this type of tool more and more. However, everything related to the pandemic has exposed many companies when using cloud services.

In many cases remote work was introduced without much margin. This meant that there was no adequate preparation, that the systems were not properly updated or protected. Many services had vulnerabilities And the fact that more users are using them has opened a significant opportunity for hackers.

We speak for example of remote desktop, the use of VPN or applications to work from home in a group with other users. All this has gained a very important weight in the last year. This allowed workers to perform their duties away from the corporate network. But of course, this has also brought certain complications in the form of vulnerabilities and bugs.

The cybercriminals they can exploit these exposed cloud services and servers to steal information, passwords, or sneak malware. They are based on existing vulnerabilities that are not fixed. They could, for example, log in remotely as if they were actually the victim and gain access to inside information of an organization.

Servers and cloud services, the most affected

These security researchers of which we echo have discovered a total of 392,298 servers that are exposed, 214,230 ports and 60,572 services in the cloud. All this after analyzing hundreds of companies.

In most cases, organizations are unaware that they really have servers, ports or services exposed on the network. They do not update the equipment and do not correct any bugs that may be present. Even in many cases they do not use correct encryption for the networks.

They have detected many vulnerabilities rated as high or critical severity Uncorrected. Should an attacker discover these flaws, they could carry out cyber attacks such as stealing information, passwords, or even carrying out ransomware strategies.

We must be aware that today a large amount of sensitive data is shared over the Internet. This means that in case of suffering any vulnerability that affects cloud services, it can seriously compromise all this information that we send and receive.

Many VPN programs are not patched

First of all, it should be noted that the vulnerabilities and security flaws they are very present in our day to day. We can run into problems that affect the operating system and the different programs we use. This means that we must always keep everything updated, with all available patches.

The problem now affects VPNs. According to a safety report from SpiderLabs of which we echo, remote work has led to a considerable increase in the use of this type of program. It is something that we have been able to see a lot in the last year.

However, the important point is that 5% of all installed VPNs have uncorrected vulnerabilities. This means that there are many users who, without knowing it, are using a program that has a flaw that can be exploited by a third party. This logically puts security and privacy at risk.

It should be noted that a VPN will manage all the our network traffic. This means that our personal information, the sites we visit or the programs we use on the web, could be exposed. If we use a tool that has a security flaw, which can be easily exploited, we could run the risk that our privacy is affected.

We have seen on occasion that cracked programs are dangerous. We can also apply this to VPNs. Many of them are free and we can even find supposed offers or ways to download them from the Internet without paying. However, with this we would also be putting security at risk.

More VPN usage, more attacks

This is something that happens frequently. The hackers they set their sights on what has the most users or what is most used at any given time. Ultimately in this way they will have a greater chance of success.

And if we talk about VPN, in recent times its use has grown a lot. This has also sparked increased interest from cybercriminals. We have more and more possibilities for our day to day, but not all of them are going to be safe. Not all the services that we use are going to be guaranteed and we could even run into certain vulnerabilities without correcting, as we have seen.

Our advice is to choose the VPN very well. But beyond that, it is essential keep safe and do a periodic review. In this way we can solve certain errors that may appear and avoid attacks against our devices. A VPN could even allow you to use Google as if you were in another country. This is very useful at certain times, but it must be done safely.

A hacker can fool the antivirus

Antiviruses are the main security bar that users install on their computers. However, we must bear in mind that it is not the only thing we can count on. We can also install firewalls and other tools that will also help increase protection.

Keep in mind that many antivirus have ransomware protection. It is one of the threats that have been most present in recent years. There are also Trojans that are capable of hiding themselves on a computer and waiting until the right moment to attack or serve as a gateway for cybercriminals.

However an attacker, through a malware, it could manage to fool the antivirus. You can do it so that it allows the entry of a specific malicious software, but also so that this malware is the one that activates the button so that other different types of threats, such as ransomware, could penetrate without being detected by the security program .

One of the most used methods to cheat the antivirus is control an app make it reliable. The security program will not detect this tool as dangerous. Therefore, what the cybercriminal is going to do is control that legitimate software, link it to malware, and thus enter the computer without being detected.

This could even allow ransomware to enter. After all, there are legitimate programs that have access to certain folders. If the attacker manages to control them, they could encrypt them through a variety of ransomware.

I could also just stop the antivirus. It could in some way modify certain functions of the computer or even simulate the movements of the mouse to go to the security program and stop it. This would allow free entry for other varieties of threats.

Antivirus is not enough for security

This we mentioned makes it not enough to have an antivirus to maintain security. It is necessary that we have other programs, tools and of course take into account certain recommendations to maintain maximum protection.

First of all, remember the importance of always keeping the updated equipment. Hackers can take advantage of many vulnerabilities that appear in the computers and applications that we use. They could exploit those glitches. Thanks to patches and updates we can easily fix them and make everything work fine.

Another essential point is not to trust everything to the antivirus in terms of security programs it means. We can have other tools, such as a firewall or even extensions for the browser that can detect the entry of malware.

But without a doubt something that cannot be missing is the fact that avoid making mistakes. Maintaining common sense is always going to be the best protection of all. Avoid downloading files that may be malicious or clicking on links that may be Phishing in order to steal information.

VPN management with Asuswrt-Merlin

The Asuswrt-Merlin firmware has VPN servers such as OpenVPN and IPsec, as well as different advanced VPN clients, including an OpenVPN client. One of the most important characteristics of this firmware is that we can forward all the traffic of a certain client on the LAN through an OpenVPN tunnel that we build. Now, the Asuswrt-Merlin developer has done a full review on OpenVPN routing, serving as the basis for the new VPN Director functionality, which is coming soon, and which is currently in beta for testing.

Starting with the new version 386.3, all OpenVPN routing will be done directly by the firmware, instead of the OpenVPN client that we configure and the firmware modifies later. Now the internal routing will be cleaner, it will no longer be necessary to remove unwanted routes that were incorporated by the OpenVPN server. Thanks to this revision, now the possibility of “redirecting Internet traffic” will behave much better, because the remote server will not override it silently, in addition, we can allow or not certain routes to be installed from the OpenVPN server (when we we act as a customer). Now there will no longer be a policy and a strict policy as previously in the Asuswrt-Merlin firmware, now we will simply have a single policy.

Another feature that has changed is the operation of the so-called Kill-Switch, a function that allows you to block traffic if it does not go to a remote OpenVPN server, with the aim of protecting us from possible tunnel drops and filtering information. Now the Kill-switch will not activate if we manually stop the VPN tunnel, either through the graphical user interface or via SSH by commands. Now the Kill-switch works in these cases:

• If the VPN client is configured to connect to the router startup, and the kill-switch is enabled, then all traffic will be blocked until the OpenVPN client connects.
• If the VPN client terminates the connection abruptly, then this Kill-switch will work too.

In addition, this Kill-switch would also work in the case of configuring a policy of “redirect all traffic through a VPN client”.

What is VPN Director?

VPN Director replaces the strict policy and policy-based routing policies that we had up to now. Now all the rules will be configured in a centralized location that will be in charge of managing all the VPN client connections (only with the OpenVPN protocol), ideal for making it easier for users to configure them. The new menu will be in the “Advanced / VPN Settings” section, as you can see below:

This new functionality will allow us to configure in detail all the policies we want, up to 199 rules in total, and assign which VPN tunnel we want a specific client on the LAN to access. In this way, we can easily configure certain clients to go to the Internet through different VPN services, or to go directly if we select the Internet WAN interface. In this menu we can also start the different VPN clients, see if we have the kill-switch enabled and much more.

A very important detail is that the “policy” to be followed by this VPN Director will be:

• OpenVPN clients to redirect all traffic will have the highest priority.
• WAN rules will also have high priority, but below total traffic redirection.
• The OpenVPN 1 client rules will take precedence over the OpenVPN 5 client rules.
• The rules can be easily enabled and disabled by clicking on the “Enable” section in the rules.

Another important aspect is that we can “mark” specific IP addresses, or using CIDR notation to put subnets.

As you have seen, for users who use the OpenVPN client with VPN services such as Surfshark, PureVPN, NordVPN and many other services, this new functionality is ideal because we can see all the rules directly in a single menu. All these rules will be stored directly in JFFS (internal FLASH memory), and not in NVRAM, with the aim of saving space and being able to store up to 199 rules in total. We recommend you access the VPN Director beta thread where you will find all the details.

Data they can collect on the Internet

As we have mentioned, when surfing the net, when registering on sites, making purchases or using different services, we can leave a lot personal information. Here we can include our name and surname, email address, telephone number and even the purchase details of the bank card.

By registering on an online platform we are trusting that that site is legitimate and will not use that information for bad purposes. For example, when we enter a web page to make a purchase, the normal thing is that we put at least our e-mail, home address, name and surname, as well as the telephone number.

In case that site is attacked or there is some kind of filtration, all that data could end up in the wrong hands or end up being public on the network. We have seen numerous such cases. But one of the most common problems is that we forget a social network or a forum in which we registered years ago. That service may have been forgotten, that it is no longer used by users, but our data is still there.

Keep in mind that our personal information has great value on the net. It can be used for different techniques that hackers use, as we will see. Hence, it is very important to avoid leaving a trace and control the information that we make public.

What can they do with our personal data

If a hacker manages to get hold of our personal data on the Internet, they could have a wide range of possibilities to use it and profit from it. An example is the fact of being able to include ourselves in spam campaigns. At the end of the day they could know our email address, name and even phone number. They can also have information about our tastes, since they will obtain data from pages we have visited, stores where we have bought, etc.

Another very important question is that all this could be used to launch custom phishing attacks. This is important, as the probability of success is greatly increased. That is, it is not the same as a hypothetical victim receiving a generic email to log into a site and that it is actually a trap, to a more personalized email, with our name and even with a platform that we use as bait. They could be significantly more likely to succeed.

They could even reach impersonate our identity. This is dangerous since they could create profiles on social networks with our data, add friends or relatives who would not suspect anything and, in this way, attack them as well. For example, they could do this if they send messages through social networks that contain malware or malicious links. That is why it is always important to detect bots on social networks.

Therefore, as we have seen, it is very important to prevent our personal data from remaining on the network on platforms that we stop using. You always have to protect the information and not take risks of any kind. Otherwise we could be victims of multiple cyber attacks.

DeadHash, a program to analyze the hash of a file

DeadHash is a program Open Source that we can use on both Linux and Windows systems, as well as Android. It is completely free and allows us to check if the hash of a file that we have downloaded from the Internet is legitimate.

Keep in mind that many developers provide this information precisely so that users can verify that they are looking at the correct file. One way to ensure install legitimate software and that it has not been maliciously modified.

Using DeadHash is very simple. The first thing we have to do is download it. There we will meet the different versions. For Windows we can also see the portable version alternative, so as not to have to install it.

How DeadHash works

The mode of use of DeadHash It is very simple. Once we install it or run it through its portable file, we will find a first screen like the one we see in the image below.

On the left we will see the section of File. There we have to click to select the file that we want to analyze. You just have to go to the route where we have it saved and that’s it. We can also simply drag the file that interests us there. Later we will give Calculate, to show us the information.

Keep in mind that the time it takes for DeadHash to process it will depend on the File size. However, it is usually not more than a few seconds. Once it is finished we will see the list of hash values ​​of the file.

We can easily copy the values ​​or give it to export in a CSV file and be able to use it in the future. DeadHash supports hash algorithms such as MD4, MD5, SHA1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD160, and CRC32. It is an option to generate hashes of files.

If we enter the menu we can change the language, as well as other parameters of the program. We can also select or remove different algorithms to show them or not. This is useful if we only want something specific. We will not find many more options, since it is a simple application that has the essentials.

In short, DeadHash is a simple program to analyze hashes of files that we have downloaded. A way to maintain security at all times and not have problems when installing a program that we have downloaded and that we do not know if it has really been modified in a malicious way and be a problem for our security.

Attacks against VPN on the rise

The hackers they are constantly looking for a way to steal information and attack what is most used. Without a doubt, VPN services are today, so they have a possibility there to carry out different strategies and attack users.

According to data provided by NuspireSpecifically, attacks against Fortinet SSL-VPNs increased by 1,916% and against Pulse Connect VPNs by 1,527% during the first quarter. In the first case, they took advantage of the CVE-2018-13379 vulnerability and in the second, CVE-2019-11510. These flaws could allow malicious file download and disclosure.

In both cases they launched security patches, as usual. It is very important to always have the latest versions and updates that may be available. In this way we can correct possible bugs that may appear and preserve privacy when using VPN or any program.

However, not only have attacks increased through these two vulnerabilities that we mentioned. The truth is that they have done it against different VPN programs, the amount of fake software that tries to look like legitimate programs and scams targeting both private users and companies that use this tool has increased.

It is a fact that in recent times the use of VPNs has grown due to the rise of teleworking as well. We need to connect to computer equipment that we do not have physical access to. This also opens the door for hackers to carry out attacks.

Decrease in malware and other attacks

It should be noted that, unlike what has happened with attacks against VPN, in general malware has decreased in the first quarter of the year. According to the Nuspire report, malware has decreased by more than 54%. Keep in mind that there are many varieties of viruses.

There has also been fewer botnet attacks and similar threats. Much of this significant decline has been due to the dismantling of Emotet. This has been a fact of great importance in cybersecurity so far in 2021.

However, security researchers indicate that it is not ruled out that hackers devise new formulas to distribute malware, through new threats that they can distribute on the network.

This means that we must be protected at all times. We must avoid the entry of malicious software, for which we will need to have security programs, such as an antivirus or firewall. It is also very important to update the equipment and in this way prevent them from exploiting vulnerabilities.