Category: Cybersecurity

Flint Tech’s Cybersecurity Awareness Series: Session Hijacking and DNS poisoning

Home / Flint Tech’s Cybersecurity Awareness Series: Session Hijacking and DNS poisoning

Flint Tech’s Cybersecurity Awareness Series: Session Hijacking and DNS poisoning

Post author By Anastasia Wilson
Post date October 29, 2021

Thanks for joining us for our month-long series on cybersecurity! Check out our social media pages and let us know what you think.

To wrap up our cybersecurity awareness series, we’re going to look at two attacks that can seriously hurt your small business: Session Hijacking and DNS Poisoning.

Session Hijacking is an advanced attack that has become easier to accomplish over time. Every time somebody logs into a website, a session is created (this involves two systems communicating with each other). When the user ends communication, the session becomes inactive.

A session is hijacked when an attacker takes control of the session using cookies. This can be accomplished by different methods:

Cross-site scripting (CSS): As we described in our last post, CSS is when attackers use a server or application’s vulnerabilities to inject script into a website for malicious purposes. If the server does not set HTTP Only in session cookies, injected scripts can gain access to the session key, which gives attackers all they need to hijack the session.
Session side jacking: This is when an attacker monitors the traffic within a network and intercepts the session cookies after the user has authenticated it. Unsecured Wifi Hotspots usually allow for this kind of attack.

Ultimately, encryption is the best line of defense against these attacks. The most effective ones include:

Secure Sockets Layer (SSL): This is the standard technology for securing an internet connection and protecting sensitive data being sent between two systems.
Transport Layer Security (TLS): This is an updated, more secure version of SSL.

DNS Poisoning is one of the trickiest attacks out there. DNS servers are compromised when the attacker substitutes the address of a valid website for a fake so that users are redirected to malicious websites, including phishing sites. Attackers can either collect passwords and other sensitive information, or simply refuse to load the site. The Chinese government uses this method to block access to sites they find objectionable.

Attackers are able to execute this attack by:

Mimicking a server: When your DNS server submits a query, the attacker responds quickly with the wrong answer before the legitimate server is able to respond.
Bombarding a server: Attackers send thousands of queries to a caching server, then send thousands of false responses, gaining control of the domain and the entire site over time.
Taking advantage of open ports: Again, attackers send thousands of queries to DNS resolver ports. Over time, they discover which port is open and focus future attacks only on that port.

Secure web hosting is crucial to guarding against this attack. Options for protection include:

Control your DNS server: This takes time, expertise, and determination to do properly. If you don’t have the time or knowledge, Flint Tech Solutions can help.
Limit queries: This means refusing DNS requests over open ports. This limits how much you get bombarded with queries that could compromise your data.
Find the best software: Again, this is an area where Flint Tech can help. Some DNS software comes with protections built in, and this is an area where you want to make sure you’re getting what you pay for.

We hope you’ve enjoyed this series and learned more than you knew before about cybersecurity. Stay tuned to our blog for more great content to come!

To learn more about how Flint Tech can help defend your small business, click on our logo below:

Flint Tech’s Cybersecurity Awareness Series: Web Attacks

Home / Flint Tech’s Cybersecurity Awareness Series: Web Attacks

Flint Tech’s Cybersecurity Awareness Series: Web Attacks

Post author By Anastasia Wilson
Post date October 27, 2021

credit: Christina at wocintechchat on Unsplash

If you’re still with us, we really appreciate your time and attention as we explore the issue of cybersecurity this month!

Now let’s look at something a little different from passwords and malware: Web attacks.

This is any attempt to breach your web site. As we said before, hackers are financially motivated, and anything from an eCommerce site to a small-business site is equally attractive. They tend to look for vulnerabilities that include a system flaw or weakness that can be exploited.

So let’s look at the most common types of web attacks:

Injection Attacks: These pose the highest risk for websites. The SQL (pronounced “sequel”) Injection is the most popular among hackers. Any injection attack directly targets the website and server database. The hacker inserts code that shows hidden data and user input, allows for data modification, and otherwise compromises the application as a whole.
Cross-Site Scripting: Whereas SQL attacks go after a vulnerable website’s data, a cross-site scripting attack goes after the website’s users. This also involves injecting code into a website, but it only runs in the user’s browser when they visit the compromised site and only goes after the users directly. Comments on blogs are one example of the ways an attacker could deploy this kind of attack.
Fuzzing: Also known as Fuzz Testing, this is used legitimately by software developers to test for coding errors and security loopholes. But attackers also use it to look for vulnerabilities in a website they want to target. At first, copious amounts of random data are fed into an application to force it to crash, then the fuzzer tool is used to identify weaknesses. Any loopholes in the website’s security can be further exploited by the attacker.
Path/Directory Traversal: This attack is less common than the others, but it’s still pretty serious. It’s a little more technical than the others too. Attackers attempt to access unauthorized files or directories outside the web root folder by injecting patterns to move up in the server hierarchy. This can allow for compromised access to all kinds of sensitive data, files, databases, and more on the same physical server.

As with the other types of cyber threats, any one of these attacks can result in catastrophic loses for your business. The best way to protect yourself is to enlist the help of a trusted tech partner like Flint Tech Solutions to monitor, protect, and help you recover in the event of an attack.

Here are some ways you can protect yourself:

Validation: Implementing advanced validation techniques for anyone who visits your website will help reduce your risk of attack.
Security Testing: Web application security testing tools are something any small business owner can use, and there are a number of open source tools available.
Firewall: Setting up a web application firewall (WAF) can help protect against web attacks.
Stay Up-to-Date: Make sure your security applications get updated regularly.

The bottom line for small business owners today is that cyber attacks are getting more and more sophisticated, and having a tech partner you can rely on to have your back is essential.

At Flint Tech, our goal is to take the pressure off when it comes to your small-business tech needs so that you’re free to pursue your goals, because your success is our success. Click on our icon below to find out more.

We hope you’re enjoying this month’s series on cybersecurity! Stay tuned to learn about more cybersecurity threats and what you can do to protect your business.

Tags cross-site scripting, Cybersecurity, ecommerce, fuzzing, path traversal, SQL Injection, web application firewall, web attacks

Flint Tech’s Cybersecurity Awareness Series: Denial of Service Attacks

Home / Flint Tech’s Cybersecurity Awareness Series: Denial of Service Attacks

Flint Tech’s Cybersecurity Awareness Series: Denial of Service Attacks

Post author By Anastasia Wilson
Post date October 20, 2021

Thanks for reading this month! We hope you’re learning more about cybersecurity. As you’ve hopefully observed, it’s never been more important for businesses to have an effective security plan.

Let’s get back at it with the next type of threat on the list: Denial of Service (DOS) Attacks.

Yes, this one’s pretty scary too. It happens when legitimate users cannot access information systems, devices, and other network resources because hackers have shut them down and seized control. There’s also a Distributed Denial of Service (DDOS) Attack, which happens when multiple computer systems flood their target with enough traffic from a “botnet” (a group of malware-infected private computers across the internet) to crash the server. If you’ve ever been asked to prove you’re not a robot when entering a website, this is the reason why.

These attacks are rudimentary, but they can cost organizations time and money while their people are unable to access resources for anywhere from days to weeks. The record for the number of DDOS attacks launched per year was broken in 2020 with 10 million, a 20% increase from 2019.

Ransomware is probably the most intimidating form of DOS attack, as the Colonial Pipeline found out earlier this year. The sad thing is, that attack happened because of one compromised password.

Can it really be that hard to keep your passwords secure? The truth is there are at least 7 types of password attacks, and it takes a strong, dynamic password management plan to guard against them.

The more well-known attacks include:

Brute Force: Much like it sounds, numerous guesses are made to crack the password and gain access. A simple but usually automated form of attack.
Credential Stuffing: Another type of brute-force attack involving trial-and-error using stolen credentials.
Dictionary: A variation on the brute-force attack that involves commonly used words and phrases and oft-used passwords.
Man-in-the-Middle: An attack involving the user, the attacker, and a third party. Cyber criminals imitate a legitimate third party, usually via phishing emails that try to convince the third party to click on a link leading to an apparently legitimate website, thus allowing the attacker to collect user log-ins.
Keylogger: Spyware that records the user’s keystrokes.
Password Spraying: Yet another form of brute-force attack where a large number of common passwords are used on a small number of accounts, even just one.
Phishing: A versatile attack that can be as simple as one email or as complicated as a multi-step attack involving voice calls.

So how do you protect your company’s passwords? The only choice is to create and carry out a password management plan that is up to date with best practices. This includes:

Creating lengthy, complicated passwords for every account
Using multi-factor authentication everywhere you can (this creates an additional barrier to keep out hackers)
Utilizing a password manager to safely manage and store all passwords

Managing your passwords, limiting access to privileged accounts, and adding additional layers of security is something a solid tech partner can do to help back up your plan. Having employees and other company players learn about password security is also a crucial step.

Next we’ll be examining what happens when your company’s website is attacked, and what you can do about it. Stay tuned!

Tags Colonial Pipeline attack, Denial of Service, Distributed Denial of Service, DOS attack, Keylogger, Man-in-the-middle attack, Password attacks, Phishing

Flint Tech’s Cybersecurity Awareness Series: Security Breaches

Home / Flint Tech’s Cybersecurity Awareness Series: Security Breaches

Flint Tech’s Cybersecurity Awareness Series: Security Breaches

Post author By Anastasia Wilson
Post date October 15, 2021

[image credit: VIN JD on Unsplash.com]

We’re so glad you’ve joined us for our month-long series on cybersecurity! Today we’re moving beyond the well-known threats to something a little more sinister: security breaches.

As we wrote about before, security breaches include any attempt to gain unauthorized access to your system, also known as “hacking.” Cracking passwords, elevating privileges, and breaking into a server are all examples.

Hackers generally attack by means of assessing their target, using network or social-based attack methods, and extracting confidential data.

Security breaches can happen at any time, and when they involve the exposure of customer or client data, they are difficult to keep private. The loss of business that often results from a breach can be devastating for a small business.

Often, breaches are caused by the human errors of insiders, whether it’s clicking on a malicious e-mail or not keeping passwords secure enough (too weak, not changed often enough, etc.).

There are several types of processes that, if handled properly, could prevent a breach:

Weak Passwords: As stated earlier, overly simplistic passwords are prime targets for hackers. Making up something you can remember is no longer an option: the longer and more complex, the better.

Orphan Accounts: After an employee has left a company and moved on, their access to accounts is often left inactive rather than being terminated. If a malicious user were to gain access to an account via the unused credentials, nobody in the company would know unless appropriate controls were in place to monitor such activity.

Over-entitled Identities: Unregulated access to sensitive information and systems can create areas of weakness if not managed carefully. Executive and low-risk system and data users alike are equally valuable targets for hacking.

“Ok, so I just set reminders to change the passwords regularly,” you say. “Boom. Done. No extra money splashed out on a fancy Tech company I can’t afford. Next question…”

But hear us out: why burden yourself and your people with taking partially effective measures when a solid IT team can provide the kind of wide-ranging protection your company needs?

There are certainly things you can do yourself, like…

Establish better security habits: For instance, make it a policy to have strong passwords that get changed routinely. Establishing this habit alone will substantially cut down the risk–the longer it takes a hacker to get through, the more likely it is they’ll be caught.

But there are other things your people may not have the right kind of support or resources to accomplish, such as…

Solid Identity Protection: Allow your IT team (be they in-house or hired from outside) to have a holistic view of your systems and data so they can assess your risk and create a plan to detect attacks as quickly as possible.

If you haven’t developed a cybersecurity plan for your company or even budgeted for cybersecurity in the first place, there’s no time like the present to start. A few questions to ask yourself when considering your plan include:

What will it cost us if a breach occurs?
What controls/protections do we currently have in place?
What will we do if a breach takes place?
What can be done now to offer the best protection?

And of course, keep following our blog as we continue to discuss cyber crimes and solutions this month. Stay tuned!

Tags Cybersecurity, hackers, hacking, Security Breach, web attacks

Flint Tech’s Cybersecurity Awareness Series: Malware Threats and Defenses

Home / Flint Tech’s Cybersecurity Awareness Series: Malware Threats and Defenses

Flint Tech’s Cybersecurity Awareness Series: Malware Threats and Defenses

Post author By Anastasia Wilson
Post date October 13, 2021

[image credit: Ales Nesetril on Unsplash.com]

Thanks for joining us during Cybersecurity Awareness Month!

As you know from our last post, cybercrime is a growing trend affecting big and small businesses alike. We’ll be examining each of the most common network threats this month, including what business owners like you can do to defend yourselves.

So let’s get started with the most well-known threat:

Malware is a standard term for software with a malicious purpose. This includes viruses, adware, worms, the Trojan horse program, and spyware. Cyber criminals install their weapon of choice on your computers and other devices, which allows them to spy on your company’s online activities, obtain passwords and files, or attack others from your system.

This is not just a threat to Windows users—Mac devices, all types of smartphones, even security cameras are all at risk. And speaking of security cameras, if your business is connected to the internet of things (Smart in-home devices, like Amazon’s Alexa, that are connected to everything from your computers to your fridge and coffee maker), those are also at risk of attack. Anything with an IP address is fair game.

In the case of ransomware, criminals can lock your out of your files until you pay a ransom. There’s lots of money to be made for cybercriminals the more devices they affect, which means this is one threat that everyone should take seriously.

So what to do?

If you’ve ever booted up a brand-new computer, chances are you’re familiar with the ubiquitous McAfee antivirus software offers that last as long as the device itself (until you get your tech-expert cousin or brother-in-law to remove them). If you’ve ever caved in and purchased that or any other antivirus protection subscription, turns out you were only handling part of the problem.

Viruses are only one type of malware, and cybercriminals are continuously developing new, cutting-edge threats that are harder to catch. Antivirus software needs to be constantly updated to detect the newest types of malware. In addition, the best way to ensure you never lose anything to a malware attack is to back up everything either on Cloud-based services or on offline external hard drives.

Additionally, there is another way to protect yourself: Managed Security Services (MSS).

Simply put, MSS is what happens when a trusted tech partner (the Managed Service Provider, or MSP) handles cybersecurity for an organization, be it big or small. Their services monitor the organization’s devices for signs of potentially threatening activity, but they’re able to filter out false positives and only deal with real issues. This saves the organization time and effort in reviewing potential threats, which allows them to spend more time focusing on their mission.

MSP’s often create and implement a high level IT strategy, backup the organization’s data, update their systems, fix any technical issues, and arrange security controls. Far beyond trusting in a few antivirus programs, they provide many layers of security to their clients.

“Why does this matter to a small business?” you may wonder. “It sounds like pointless expense. After all, McAfee’s not that bad.”

And we get it–time is money, and small business owners rarely have enough of either.

But why worry about cybersecurity all on your own when investing in a solid tech partnership can give you peace of mind as well as more time to devote to your business? Properly handled, MSS can minimize the human errors we all make that will leave your business open to a costly attack.

To learn more, stick around for our next post highlighting another common cyber threat–security breaches.

Stay tuned!

Tags adware, computer virus, Cybersecurity, DOS, internet of things, malware, ransomware, spyware, trojan horse

Quick Links

Contact Us