Categories
Entradas Seguridad

Analyze and disinfect your computer with Microsoft Safety Scanner

Microsoft Safety Scanner is a tool (developed by Microsoft as its name indicates) that will allow us to carry out this type of analysis in search of viruses on our computer using its own databases without having to install additional software or maintain a continuous analysis process as they do. the main antivirus applications. Microsoft Safety Scanner could be defined as a portable antivirus.

We can download Microsoft Safety Scanner from the following link. This application does not need installation and will expire automatically 10 days after downloading it, after which we will have to download it again from its website to be able to analyze our system again. This helps users to always use modern, up-to-date versions with the latest virus signatures.

Once the download is finished, we run the application. The first thing we will see is a window with the license terms. We accept them and continue.

The next window will inform us that although some data will be copied to our hard drive, Microsoft Safety Scanner will not replace any security tool previously installed on our computer.

Microsoft Safety Scanner Notice

We click on «Next» and the program will ask us what type of analysis we want to carry out. As with the main antivirus on the market, we can choose between a quick scan (scan only the items prone to being infected), a full scan (scan all files and folders on the computer one by one) and a personalized scan with which we can scan only a specific folder.

Microsoft Safety Scanner scan type

In our case we are going to carry out a quick analysis. We continue and automatically Microsoft Safety Scanner will begin to analyze the computer. The process may take several minutes depending on the performance of the computer and the items to be analyzed.

Analyzing the system with Microsoft Safety Scanner

When the process is finished we will see a summary window where the antivirus itself will tell us if threats have been detected or if our system is clean and protected.

Microsoft Safety Scanner scan results

As we said this tool is not an antivirus solution to run in the background analyzing all activity. If what we are looking for is a constant security application, we must choose to install complete antivirus software such as, speaking of Microsoft, Windows Defender (for the most recent versions of Windows) or Microsoft Security Essentials (for Windows Vista and 7).

How about Microsoft Safety Scanner? Do you use other portable antivirus to check the security of your computer?

You may be interested in:

Categories
Entradas Seguridad

know the changes of the best distro for Wi-Fi audits

Another of the strengths of Wifislax64 is that it is LiveDVD, so we will not have to install it on our real computer to do the audits, we can simply take the image on a DVD or USB memory to load it on any computer. If we choose to flash the image to a USB memory, we have the option of making certain data persistent, ideal for pausing the wireless audit and continuing later even if we turn off the machine.

Wifislax64 gets along very well with VMware, so we can load the ISO image in a virtual machine with VMware and run it on our Windows computer without any problem. In this way, we will not even need a USB memory to copy the image or a DVD to burn the image.

In another article we talked about what a passive Wi-Fi is.

Main changes in Wifislax64 1.1

This new version of Wifislax64 continues to use the Slackware64 distribution in version 14.2 as a base, but incorporating all its security updates, so the stability of the new Wifislax64 is guaranteed. The Linux kernel version of this new version of Wifislax64 is 4.9.40 of the 4.9 LTS branch, so we will have support for a long time.

In this new version, the overall performance of the operating system has been improved, each and every one of the available applications has been updated, and some new applications have also been added, as well as correction of errors reported by users.

A very interesting novelty of this version is that Wifislax in Live mode is able to see if the real system where it is being used has a SWAP partition. If it detects such a SWAP partition, it will automatically take it into account if the system runs out of RAM. We can deactivate this function if we want, putting the «noswap» parameter on the start line.

Other interesting changes to this new Wifislax64 is the incorporation of hashcat 3.6.0 + hashcat-utils, although to use it optimally we must install the proprietary driver of our NVIDIA or AMD graphics card. The developer of Wifislax64 provides us with the drivers for NVIDIA and AMD as extra modules, for their incorporation into the distribution, although with limitations in the use of different card models.

We recommend access the official Wifislax64 forum at SeguridadWireless.net, you can also visit this link where you have a complete list of changes of Wifislax64 since version 1.0 that came out 7 months ago.

Categories
Entradas Seguridad

Files that we must encrypt or destroy to protect our identity

The main types of files that can pose a risk to our privacy

Surely we all save on our computer personal photos that we have taken over the years of our life and everything that surrounds it. Photos, although they may seem harmless, are one of the easiest ways to identify them and break our privacy, since they can reveal a large amount of information about our tastes and interests, in addition to allowing anyone to identify us with great ease. If we also have saved any photo to our passwords or credit cards, the risk increases exponentially, and we must delete these photos as soon as possible if we do not want to have problems.

We also usually save all kinds of documents. Most of the time they are harmless documents, such as jobs or a report that does not have personal or extremely important information, however, some document may contain more sensitive information, such as personal data, bank details or financial data. Also if we usually save on the computer our train or plane tickets, the tickers and invoices of what we buy and even several versions of our curriculum, we can be making it easier for anyone to do with everything related to our identity.

Other types of files that may have a large amount of personal information about us are, for example, data from our browser or a plain text document that we can save, for example, with a key or password (something incredible but, unfortunately, very common).

What should we do to protect these files

When it comes to protecting the previous files and preventing them from falling, in different ways, into the hands of unauthorized users, the first thing to consider is whether we really need to save that file or, otherwise, we don’t need it and, in that case, we can remove it.

We may keep documents from a few years ago that we will never need, tickets, invoices and even resumes that, although old and outdated, may pose a risk to our privacy. If we don’t need these files, the best we can do is remove them safely from our computer or device so that no one can access them, not even with forensic analysis techniques, thus protecting our privacy.

If, on the other hand, we have personal files on our computer that we do not want to lose, such as, for example, documents that we do need or personal photos, then the best way to protect it is by using an encryption system that protects the files we want with a password. One of the best tools for this purpose is VeraCrypt.

Finally, we remind you that we should never sell a hard drive over the Internet because the data, even if we erase it, is always there. And if we have bought a new hard drive and we are going to replace the old one, the best we can do is wreck it safely with a hammer or drill. Prevention is better than cure.

Can the cloud help us protect our privacy and identity?

Although we still keep saving a lot of data on our computer, little by little it is gaining a lot of popularity cloud storage on platforms such as Google Drive, OneDrive or Dropbox. These platforms can be very useful to save our personal data, such as photos (in Google Photos, for example) or our documents so that, in addition to having a backup in the cloud, we can access them at any time from anywhere . However, does this really protect our identity?

Cloud storage platforms are usually safe, we cannot deny that, at least as long as we use a strong password and double authentication system. It is rare that a hacker can access the data that we have stored in the cloud if it is not for our weakness. However, saving personal data in the cloud is not the best option either.

When we upload any file to Google Drive, OneDrive, Dropbox or whatever cloud, we are transferring ownership of the file to the company responsible for said cloud, file that we are copying to a server located hundreds or thousands of kilometers from us and over which we have absolutely no control. Hackers will not access our files, but it has not yet been proven that companies, especially Google, do not analyze our files and use them for commercial purposes.

Do you take care of your personal files to protect your identity and privacy?

Categories
Seguridad Tutoriales

what to do and tips to avoid it

What is ransomware and what consequences does it have

When we suffer a ransomware attack, the malware is responsible for encrypting all our data on the PC where it has been run, and it is also possible that all data shared on the local network is encrypted, therefore, we must not only protect our computer , but all the teams in the company and properly check the write permissions that they have.

If we want to return to normality, we will have to erase and restore the servers and PCs using our backup copies, if we have applied a good backup policy. The other option is to use a decryption key to be able to unlock files and data. The downside is that to obtain that decryption key, in the vast majority of cases we have to pay a ransom to cybercriminals.

Ransomware causes a huge negative impact that disrupts business operations, and can also cause permanent data loss. The causes that it causes to the company are: downtime, loss of productivity, income and reputation. But that’s not all, also your confidential business information can be destroyed or publicly disclosed.

Evolution of ransomware attacks

The ransomware attacks in the first 6 months of this year 2020 have increased at a dizzying rate. According to him report mid-year of Bitdefender 2020, the number of global ransomware reports increased by 715% year-on-year. If we classify by the number of attacks received, the United States ranks first, followed by the United Kingdom. This is a graph of the ransomware worldwide:

In Spain, also during this first half of 2020, ransomware attacks have been on the rise, as you can see here:

Another thing to keep in mind is that a ransomware attack is rarely targeted. In that sense, 99% of them do not stalk their victims or do a deep examination. Their tactic is to send e-mails indiscriminately and then wait to see who they have hit.

Pay the ransom or restore data from backups

As we have already mentioned before, cybercriminals seek to collect a ransom, and if we pay it, then they will give us the key. This ransom is normally paid in cryptocurrencies such as Bitcoin, although the attackers could stipulate another. Despite the fact that working with Bitcoin is relatively simple, it can take days to get everything ready. In addition, during that period you will not be able to operate normally on the infected system, or at least, you will do so in a very limited way.

In the case of paying the ransom, there is no guarantee of data recovery. Sometimes ransomware decryption doesn’t work, or you lose some of your data. Even if your files are decrypted well, it is also likely that you are still infected by malware, Trojans, and keyloggers. Therefore, our system will not be clean and unreliable after the decryption process is finished.

To summarize, we are going to give you a series of negative points for which paying the ransomware ransom is not a good idea:

  • You are helping cybercriminals with their extortion business.
  • Nobody guarantees that the decryption key works, first you pay, and then they may not send you anything or it may not work.
  • Cybercriminals could have introduced additional malware, to infect you after a while, and you have to pay again (because you have already paid once).
  • It will always be cheaper to have a good backup policy, and not have to pay cybercriminals.

Restoring from backups, even if it takes longer, may be the solution. However, it is only possible if we have:

  1. A robust backup procedure, ideally with the 3-2-1 backup scheme.
  2. The established procedure has been followed.
  3. Backups have been tested in drills and simulated incidents.

However, the cybercriminals behind ransomware also have ways to ensure that our backups are infected as well. For this reason, companies need to plan and safeguard their backups in a way that guarantees their integrity when we have to use them.

Prevention and staff awareness

Prevention against ransomware attacks involves having an incident response plan. In the same way that, for example, we have home or other insurance, we hope not to have to use it, but in the event of a misfortune we are covered. Another important element is the awareness of the workers of a company to avoid a ransomware attack. Most infections of this type are due to an employee falling for a phishing attack.

In this sense, the personnel of a company must have training in cybersecurity awareness, in this way, they will be able to identify phishing emails, other scams and threats of various kinds. One way to reduce risks is to try to reduce internal email, so it will be easier to concentrate and pay attention to external email that are the ones that carry danger. Some applications like Slack could contribute to this reduction of internal emails.

On the other hand, employees must be prepared doing courses of security awareness. In addition, if we hire a private company that tests workers with a surprise phishing campaign, it can add a security bonus. It does not pose any risk, and so we check if they have learned to act correctly.

How to improve security in our company

An important element is the application of principle of least privilege. Here we must ensure that employees have the minimum access rights to perform the functions defined by their role. They should not be able to access functions that do not correspond to them, thus, if their account is compromised, as their functions are more limited, it is less dangerous. In this sense, it is necessary to properly limit the people who have access to an administrator account.

A good configuration of the spam filter It can also help, thus, by reducing the volume of spam, it will allow us to spend more time looking for anomalies in the emails we receive.

We must also have a good antivirus and antimalware that must be updated every day. In addition, the operating system and the programs we use must be up to date with the latest security patches. To this we must also add that our network equipment has the latest available firmware installed to avoid security breaches.

Regarding the network topology, it is best to work with sections segmented into VLANs and with access controls. In case of problems, if a segment is infected, it is easier to solve, and mitigate the impact, than a network where we have all the equipment connected.

Good backup policy

In a ransomware attack, one of the things that will allow us to emerge triumphant from the attack is have a good backup or backup policy. This should be based on:

  • We should have three copies of our data: the live system, plus two backups.
  • Those two backups must be on different media.
  • One of those backups must be done off-site.

The regularity with which we make these backups will determine the information that we can lose, therefore, it is highly recommended to make daily backups, and for critical systems, it is essential to make backup copies every hour.

Backup - Backup

In addition, a very important detail is that backups must be encrypted. However, none of this will help if cybercriminals manage to infect your backups. The ransomware is set to take a while before it activates so your copies could be infected. If we want to combat this, we can use immutable backups. These are backups that cannot be written to once made. This means that they cannot be infected by ransomware or any other type of malware. The problem you have is that it is expensive, but it could save your business.

Report and have an incident response plan

If we want to guarantee a coordinated and efficient response to a ransomware attack, we must have a incident response plan. This plan must include the following phases:

  • Preparation. Fine-tuning what has been mentioned in this tutorial is a good place to start. Also, rehearsing the plan with simulated incidents and seeing how an attacker could attack our company can be a good starting point.
  • ID. Identify as soon as possible what is happening, who and what is infected, what the extent of the problem is, and if data has been leaked.
  • Containment. We must prevent the infection from spreading and quarantine the infected systems.
  • Eradication. We have to make sure that malicious software has been removed from all compromised computers.
  • Recovery. Here we must restore data from immutable backups if we own them. Otherwise, we must check that the backups are free of malware before restoring them.
  • Final analysis. Once we have solved the problem, we must find out how the infection occurred and what could have stopped it. It would also be necessary to discern whether it was the consequence of an exploited vulnerability, or of human error. Finally, take measures so that it does not happen again.

When we suffer a ransomware attack we must report it, since it is a crime. Additionally, you may have to report the incident to your regional or national data protection authority. Finally, remember that paying the ransom is not usually the best option because your system could still be infected after decryption.

Categories
Entradas Seguridad

Massive attack against Telefónica’s internal networks

Although at the moment there is no official information, as we can read by social networksIt seems that a Phishing attack against Telefónica has managed to sneak a virus, yet to be identified, into the network that is causing havoc. This malware is causing many of the employees’ computers to be giving all kinds of errors (blue screens) and may even be encrypting the data on the hard drives (ransomware) of all the computers.

From Telefónica there is talk of thousands of infected computers, so the company is ordering all workers to turn off the computers to prevent the infection from continuing to spread over the network. The problem is at the national level and does not affect only the headquarters, but affects all national subsidiaries.

Tweet ransomware attack Telefonica BBVA 2

Although at the moment only the infection of the Telefónica network has been confirmed, there is talk that the networks of Vodafone and BBVA could also be infected, as well as other companies that, little by little, are coming to light.

Users are not in danger

As we have said, the infection is located within the internal networks of the companies. Although the type of malware and how it works have not yet been identified, it is most likely that it will not get out of the internal network, so users are not in danger of being infected or the Internet access service will be cut off.

In the case of BBVA, the result is the same, since it is a centralized computer attack in the branches, the safest thing is that it does not affect online banking, although, as a precaution, we would prefer not to use this service, at least until that more details can be known about it.

We will update the article when we learn more about what is probably the most serious cyber attack so far this year.

Upgrade.

Telefónica has just sent its workers home. The attack is very serious and it will be very difficult to mitigate it. The attack appears to have also exploited an unresolved Zero-Day vulnerability in Windows.

Since BBVA They seem to ensure that, although they have been the targets of the attack, their firewalls have blocked it and they have not ended up infected.

At first it was believed that other companies, such as Capgemini, They had also been attacked, but ultimately these companies have not suffered this cyber attack.

Banco Popular may also be infected.

Iberdrola and Gas Natural Fenosa have also confirmed to be affected by the attack.

The cyber attack is believed to be of Chinese origin, and is concealed as a fake Windows update.

Last minute:

Telefónica’s internal sources claim to have already controlled the computer attack. The scope, finally, seems to have not been as wide as was initially assured. Hackers have exploited a serious security flaw in Windows 10 and, when there were more computers and virtual machines connected at the same time, they have launched the attack against large companies.

The computer attack was carried out through a vulnerability in the Windows 10 SMB protocol. Microsoft patched this vulnerability last March, so if Windows is up to date there is no danger. If we use a Windows without updating we can be in danger.

Categories
Entradas Seguridad

What should a smartphone have to give maximum security and privacy

When we carry a smartphone in our pocket, without realizing it, we are giving away a large amount of information to the Internet giants, such as Google Y Facebook giving them our GPS location at all times, the location that is used to make recommendations, show ads, etc.

Just as companies constantly grab hold of this information, hackers want to take advantage of the slightest oversight to gain our most valuable personal data as well. Therefore, if we want to prevent this from happening, when choosing a new mobile we must look at the following.

What should we take into account when choosing a new mobile if we are concerned about our privacy

Each user may have some preferences or others when deciding what is most important when buying a new mobile, so, although we will try to cover all the necessary aspects to choose a safe and reliable smartphone, the order of the characteristics it can be quite relative.

One of the most important factors to consider when choosing a new safe and reliable smartphone is that it has good update support, especially security and long term. In recent years we have been able to see how vulnerabilities such as KRACK, Blueborne or the security flaws that the FBI It has hidden in millions of devices it has put everything related to security in check. If we want to be protected every time a new vulnerability appears, it is necessary to choose a manufacturer that guarantees us long-term updates, especially periodic security patches that guarantee that we are not exposed to new vulnerabilities that appear.

Our smartphone must also have good hardware security. Therefore, we must seek that it has the latest in biometric systems (such as the Face ID Apple) and avoid imitations that can impersonate our identity using a simple mask, as well as looking for a device that has a high-level encryption (AES 256-bit), which stores the keys in the hardware and has advanced security modules.

Face ID Apple

Android or iOS? The security of the operating system that we use does not depend so much on the system as such, but on how the manufacturer has configured the system, the bloatware that you have installed and the functions that you have enabled or not. It is important to look for a system that has isolated user accounts (something that only Android does), in addition to allowing us fully encrypt backups that we do from our system and be able to safely delete the data from the system after several unsuccessful attempts to unlock the device.

In addition, in terms of connectivity, we must also know if it offers safe and reliable connections Through VPN, it gives us control over the applications that can or cannot go to the Internet (such as a firewall), it is compatible with the latest security standards (such as DNS over TLS or private DNS) and if it allows us to restrict the tracking of advertising.

DNS-over-TLS in Android 9.0 - 4

Finally, we must also think about the official security apps that are installed by default on the device, such as a password manager, a generator of random and secure keys, if it allows us to protect the other installed applications by passwords or biometric systems or protect access to certain files saved in the memory of the device.

Which mobiles meet most of these requirements to be able to use them with maximum security and privacy?

If we are Apple users, or we are thinking of giving this manufacturer a chance, which, of course, respects privacy much more than any other manufacturer allied with Google (Apple’s business model is not based on user data) , so he iPhone XS It will offer us biometric systems to protect access, hardware-based security modules and updates, both in terms of security and version, which will surely go beyond 5 years.

If, on the contrary, we are faithful followers of Android, then we must think much more about the model we should choose. Of course, if we want security, privacy and long-term updates, we must avoid above all low-cost Chinese manufacturers that offer us very powerful hardware for a low price; the mobile can work well and get a record in the benchmarks, but its security and support will be disastrous.

Although no Android is going to offer the same long-term update support as Apple, the Google Pixel 3 XLAlthough, paradoxically, it is from Google, it is one of the models that offers more security and privacy measures to users. Monthly updates that we can receive the same day of its launch, in addition to the latest security features, such as DNS over TLS, which can already be used on this device. If the Google mobile does not convince us, another very interesting, safe and reliable option is the Samsung Galaxy Note 9, very similar in security features to the Pixel 3 but with functions and applications of this manufacturer to allow us to apply a more extreme encryption to the data and passwords saved on the device.

What should we do to preserve the security and privacy of our smartphone?

One of the best features of smartphones is the large number of applications and games that we can find, both free and paid, in official stores. This allows us to find the tools that best suit our needs, however, this also implies a serious problem for our security and privacy. It is not the first time they sneak into the application stores malware that, although they seem safe applications, endanger all our security. That is without taking into account the large number of abusive permissions that many applications ask for and the continuous tracking and tracking functions they have, even when we have them closed.

Junk apps WannaCry Play Store Android

If we want to strengthen our security and privacy when using our smartphone, it is necessary to install only the applications we need, no more, in addition to be 100% sure that they are official apps and reliable, trying to put aside, for example, the Facebook app or Google applications that have us controlled 24 × 7. Although it is less common, these applications can also have vulnerabilities, so it is advisable to make sure that they are always updated to avoid problems.

Both in the case of Manzana As in the case of Android, it also depends on the user to be attentive to new software updates to be able to install them as soon as possible and to be able to keep their device up to date and protected from all types of computer attacks.

Is your mobile really safe? Do you take care of the security and privacy of your smartphone?

Categories
Noticias Seguridad

Amazon Echo and Kindle devices affected by a vulnerability

Wi-Fi vulnerability affects Amazon Echo and Kindle

Specifically, this problem affects the first generation of Amazon Echo and the eighth generation of Amazon Kindle. They are susceptible to an old vulnerability that many readers will remember: KRACK. Yes, the one that allowed an attacker to break the protection of a Wi-Fi network encrypted with WPA-2.

This vulnerability could allow an attacker steal the packages sent by the victim through these devices. It could decipher the confidential information they carry.

The bug has been discovered by a group of security researchers from ESET Smart Home. As we have mentioned, they discovered that the first generation Amazon Echo devices and the second generation Amazon Kindle devices continue to be affected by the KRACK vulnerability.

To reach this conclusion they have carried out a series of tests. From ESET they discovered that both devices are vulnerable to CVE-2017-13077 and CVE-2017-13078. They state that by using the Vanhoef scripts, they were able to replicate the reinstallation of the peer encryption key (PTK-TK) on the CVE-2017-13077 four-way handshake and the reinstallation of the group key (GTK) on the CVE-2017-13078 four-way handshake.

How can this affect users? From ESET they indicate that an attacker could perform DoS attacks and disrupt network communication or attack to decrypt any data or information transmitted by the victim. It could also intercept confidential information, steal passwords or session cookies.

Security update available

Luckily users of these devices who have the latest updates and patches will not have problems. However, the reality is that many users do not update these computers. It is something that affects many IoT devices and other secondary computers that have access to the network.

For those who have a first-generation Amazon Echo or an eighth-generation Amazon Kindle, from RedesZone we recommend that update to the latest version as soon as possible. In this way they will be protected from this type of problem that can put privacy and security at risk.

As we always say, it is very important that our devices are always up to date. In this way we can deal with these types of vulnerabilities that can be exploited by hackers to carry out their attacks. Normally, it is the manufacturers themselves who launch patches and security updates that we must install regardless of the type of device or operating system that we are using. Safety is a factor that must be taken care of so as not to compromise the proper functioning of our equipment.

Categories
Entradas Seguridad

uBO Scope, the extension for Firefox and Chrome that scores privacy

When we surf the Internet, we constantly expose our privacy. Whether we want to or not, we leave some kind of trace when we connect. It is because of that uBO Scope, a new extension that is available for Mozilla Firefox and Google Chrome, two of the most widely used browsers in the world, is responsible for telling us if we are exposing our privacy too much. What it basically does is analyze the traffic and calculate a score for our privacy exposure.

Measure privacy with uBO Scope

When we visit a specific web page, uBO Scope acts by analyzing that site. It collects all the traffic we send and returns us a score with which we can tell if we are exposing our privacy a lot or a little.

The extension grabs the base domain name for any third-party connection a site makes, even if it’s not allowed. What it collects from the primary domain name and third-party connections is stored in an extension database to calculate overall Internet exposure. The data are stored locally only.

The score is based on the browsing history, as well as content blockers if used.

uBO-Scope is essentially a tool to measure different points that they collect to calculate our privacy and its exposure. It is measured according to our own browsing history, so the results are completely relevant to us (unlike other external ones that most likely do not match our own browsing history). The goal is to increase awareness of our own level of exposure to third parties.

Heat map

The extension shows a heatmap when we click on the score general in the browser interface. Each square in the heat map represents a third-party connection. The cells are color-coded; red means that the connection was allowed, gray that it was rejected.

The interface ready two scores. The one on the right is the actual exposure score if you hadn’t used a content blocking extension, the one on the left the actual score that takes into account the content blocking.

When we hover over a cell, we get the domain name and the percentage values ​​that indicate how many sites visited that day made that connection.

We can change the display from heatmap to list view showing third-party connection domain names and scores directly. To do this we must click on the icon in the upper left part of the heat map to do so.

Change interval

The only options that the extension comes with, allow us to change the time interval in days that the extension uses to calculate the third-party exposure score and the color of the heat map.

Thus, with uBO Scope we can find out if we expose a lot of personal data when browsing a certain website. As we have mentioned, this extension is available for two of the most used browsers in the world. These are Mozilla Firefox and Google Chrome.

Categories
Noticias Seguridad

Sell ​​network access through remote management applications

Sell ​​network access in remote management applications

According to a group of security researchers, the remote monitoring and management software (RMM) is starting to get the attention of hackers. These types of tools can offer the ability to access multiple computers on the network.

They have detected cybercriminals who are advertising the access to organization networks in different parts of the world. This affects companies using Windows, Linux and Mac systems. Many of these companies that have been attacked are an attractive target for ransomware operators, who can use this opportunity.

It should be noted that among these organizations there are also Spanish. This vendor that the researchers that we echo are aware of has been announcing access since July. In September it already had 36 accesses and accumulated earnings close to 100,000 euros.

They also report that hackers do not exclusively sell access to such remote management applications, but also offer credentials for servers remote desktop.

KELA, a cyber intelligence company, identified multiple victims. They also indicate that the activity sector of the companies is very varied. Here we must mention education, construction, manufacturing, health, public administrations …

The main method of attack is unknown

With respect to main hacking method, this remains unknown at the moment. However, researchers believe it could be anything from attacking a managed service provider, direct brute force attacks, or exploiting the remote code execution vulnerability CVE-2020-10189 revealed in March.

We already know that there are many strategies and methods that hackers can use to attack. That is why we must always preserve our safety and avoid being victims.

Cybercriminals typically target vulnerabilities that may exist. Security flaws that are present in servers, devices, operating systems … In this way they manage to infect computers and carry out their attacks.

This makes it essential to always have the latest versions. Security patches can be used to correct these vulnerabilities that can be exploited. So we can protect our equipment. It is something that we must apply regardless of the type of operating system we are using or the type of device.

We leave you a tutorial where we show the best vulnerability scanners. A selection to be able to find those security flaws that we mentioned and to be able to correct them before the attackers can exploit them.

Categories
Noticias Seguridad

Mozi, the new botnet made up of three different malware

Mozi, the threat that combines three malware

A group of security researchers from CenturyLink has detected a new threat called Mozi. It is a combination of three different previously known malware that directly attack devices of what is known as the Internet of Things.

These Mazi-infected devices they form a botnet that can be used to carry out DDoS attacks, collect data and steal information. From CenturyLink they do not know if this botnet has been used or not for what we comment.

Mozi has source code for Gafgyt, Mirai and IoT Reaper. These are malware families that have targeted IoT devices. As with these older IoT malware strains, Mozi also primarily targets home routers and devices that are not properly patched or have weak or default passwords.

The main difference from previous threats is that they had a centralized command and control infrastructure and now Mozi-infected devices have come together to form a P2P botnet.

This brings important changes and that is that the Mozi botnet is, therefore, more difficult to eliminate in its entirety. So believes Michael Benjamin, a member of CenturyLink. When the command and control function of a botnet is centralized to a single server or even a handful of them, the botnet can be disabled by targeting those servers.

This is more complicated being a P2P botnet. There is no single point to remove the entire botnet completely. Mozi is a major threat to businesses due to its resilience and the large number of devices it can infect.

CenturyLink discovered Mozi months ago

It should be mentioned that CenturyLink discovered the Mozi threat in December. From the beginning they saw that it had a link with IoT Reaper. Later, and seeing that they shared code, they also linked it with a variant of Mirai and Gafgyt.

Mozi has grown to have more than 2,200 nodes in the month of February. From there the figure began to gradually decrease. CenturyLink estimates that in the last four months, malware has compromised around 15,850 IoT devices. This has affected several countries.

Experts indicate that this botnet is not large enough to carry out DDoS attacks but is large enough to be a concern.

DDoS attacks are very present on the network. They can compromise the security and reliability of the devices. We leave you an article where we talk about the most important DDoS attacks.