Month: February 2021

Phishing attacks – what are they and how to protect yourself

No Comments Phishing , ,

The phishing attacks start innocently. Somebody sent you a link with a video of a puppy or an email asking you to verify your password for a service. You click it and… 

You got phished! 

If you have phishing problems, I recommend you to take a look at this article too – DMARC, the solution for your phishing problems

You got the bait, the cybercriminal tricked you successfully, and now you are in trouble! 

You could have prevented it. If only you knew what a phishing attack is and how to protect yourself. 

What a phishing attack is? 

A phishing attack is a variety of cyberattack where the cybercriminals are trying to make you do one of the following actions: 

  • Download a file. The file can be a virus that can affect your computer or ransomware that disables your device until you paid the ransom. 
  • Enter data. You could be taken to a fake site, visually very similar to a well-known one, and ask you to fill in data. Often the data they want are passwords, usernames, emails, and bank information. 

They are doing it with a message that looks normal, and it is very hard to distinguish from any other. The text usually looks very professional, and it is something that the victim wants, like free software or something that they need, like to change their password in X amount of time. 

Hackers are using this strategy for a long time. The term “phish” came from the word fish and got popular in the late 90s. It refers to the way we lure a fish with bait and is written with “PH”, because it was a trend of the 90s hackers to write “PH” instead of “F”. 

Types of phishing attacks 

Spear-phishing/whaling 

The spear-phishing attack and the whaling bet on social and public data that users leave open. The criminals create a very personalized message that uses a lot of personal data. Those attacks could often evade the spam filter and are very effective. The big difference between the two is that the whaling is targeting bigger fish like CEOs and CFOs. 

Clone phishing

This one is very tricky. It uses previous email data and modifies it. The victim receives an email, looking like an earlier mail he or she had, but with a changed attachment (virus) or changed link (to fake external site). 

Voice phishing and SMS phishing 

Those threats are most commonly after your bank data. There are fake calls from people who pretend to be from your bank, asking you for data of your bank card and PIN. 

It could happen through voice calls or SMS.  

Suggested article: 5 types of Apps you shouldn’t download on your smartphone

How to protect from phishing attacks?

The National Cyber Security Centre of the UK has a complex multi-level security method that I think makes a lot of sense.  

To defend your organization, NCSC suggests 4 layers:

Layer 1 Make it difficult for hackers to reach you.

  • If less dangerous messages could reach your server, there is a lower chance of a successful attack. Don’t let the guard down! Implement anti-spoofing measures like DMARC, DKIM, and SPF. 
  • Reduce the amount of public information about your organization and employee. Explain to your team that unnecessary sharing of information could be used against the organization and lead to a data breach. 
  • Anti-spam filter. Use software that can intelligently detect spam and directly discard it before it gets to some of your teammates.  

Layer 2 Show to your users how to identify the threat and report it.

  • Teach your staff about the problems related to a phishing attack, distinguish one, and what to do if it happens. Show examples of popular phishing messages. 
  • Explain what information should not be shared at any cost. 
  • Create a system for reporting the possible attacks. 

Layer 3 Protection from undetected phishing attacks

  • Limit as much as possible the damages. Allow your employees only to use specific devices from whitelisted IP addresses. 
  • Use anti-virus software that can act in case someone accidentally downloads malicious software.  
  • Blacklist websites. Restrict access to websites that could only bring trouble. The other approach is whitelisting, just allow certain websites, but it could disturb your workflow.
  • Use additional verification. The two-factor authentication or 2FA requires a second step, apart from the password. This could be a mobile phone message or a flash drive. 

Layer 4 Quick reaction in case of a successful attack

Create a reaction plan, “What to do in case of a security breach”. Act according to it and lower the damage or evade it entirely. 

Conclusion

The phishing attacks are everywhere, and they happen all the time. Be prepared and prepare your team too. Everybody should be aware of them and stop trusting any link they see. Even one click from a low-level employee could lead to severe consequences. Use appropriate security and educate your employees.

What is a DDoS attack?

No Comments DNS , , ,

It is Black Friday, Christmas, or Easter, and you are expecting to sell thousands of products on your e-commerce site. You check the site and, what do you see? It is down! It does not load, and all those potential clients can’t spend their money there. They will go elsewhere, and just because a DDoS attack completely brought down your site. 

You should have been prepared! 

What is a DDoS attack?

DDoS – Denial of service. The DDoS attack has a variety of forms, but they all are a deliberate attempt to harm the target computer/server, usually with massive traffic towards the targeted. The cybercriminals are most commonly creating a botnet, a group of infected devices, long before the attack. They build this network and keep it on standby until they are hired to target a specific site.  

Different DDoS attacks

There are 3 categories, the typical volume-based attacks, the protocol type attacks, and the application layer attacks. Let’s check an example of each type of DDoS attack. 

Teardrop attack (volume-based)

The hackers are preparing corrupted packets. They exploit a bug that exists in the TCP/IP fragmentation re-assembly. The packets reach the targeted server, but the server can’t understand them. Finally, the server can’t take it anymore and goes down. 

ICMP Flood, a.k.a Ping Flood (protocol-based)

First, there is malware that infects many devices all around the world. They become a part of the hackers’ botnet. When the criminals want to use those bots, they can redirect the traffic to the selected server (the target). Each of the bots starts to ping the target (send packets of data) continuously without carrying about the answers. The server gets overwhelmed by the traffic and can’t react to its usual traffic. 

Slowloris (application layer attack)

Just a single computer could bring down a server. You can’t believe it? In this DDoS attack, the attacker uses one device to open as many connections as possible. The trick is that the cybercriminal keeps them open for as long as possible. It does that with incomplete HTTP requests. This attack’s final goal is to open many connections and not leave any possibility for regular clients to connect.  

Other popular names of attack you can see on the Internet are Ping of Death, Smurf Attack, SYN Flood, UDP Flood, HTTP Flood, SNMP Reflection Attack, Fork Bomb, and many more. Some have cool names, others no, but all of them can severely cripple your server. 

There are even newer that has no name yet. They are called Zero-day DDoS attacks and are potentially the worse. 

So you better watch out and find a way to truly protect your server and not let any downtime caused by DDoS attacks. 

Phishing attacks – what are they and how to protect yourself

Can we really protect ourselves from DDoS attacks? 

Ok, I got you scared but, now you take a breath. There is a way to protect yourself from DDoS attacks and keep up your precious e-commerce site. You will need a DDoS protected DNS. It is a network of servers that are strategically located in important points. They can intelligently balance the load. If one gets an attack, the rest of the network could distribute the load. Even if a server goes down completely, the rest will still resolve your domain for all of your eager clients. 

Anycast DNS – Why start using it today?

Conclusion 

The DDoS attacks are a serious matter. They are capable to completely bring down your website for a long period of time. Be prepared! Find a DDoS protected DNS provider with a sufficiently large network of servers. Only with such protection, you can be calmer.