Tag Archives: Windows

“IP address key in countering brute force cyber attacks” asserts Verizon

Verizon’s 2020 Data Breach Investigations Report shows that 80% of the breaches caused by hacking involve brute force tactics or the use of lost or stolen credentials. Content Management Systems (CMS) are the usual targets of brute force attacks as over 39% of all websites run on WordPress, the most popular CMS of all.

Cyber criminals choose to attack pages built on CMS because they usually have the same admin page URL across websites and the default login credentials are identical, making these pages a vulnerable target. However, developers and admins can mitigate the risk by reducing IP access to the admin site login page. 

A brute force attack (sometimes referred to as brute force ‘cracking’) is a method of trying various possible passwords until the right one is found. Despite being old, the method is still widely used by hackers who attempt to gain access to a valid account. It allows bad actors to compromise the whole website and use it as a part of their network.

With more people now working remotely amid the ongoing Coronavirus pandemic, the number of brute force attacks against remote desktops via Windows’ Remote Desktop Protocol (RDP) has soared. Indeed, that number reached nigh on 100,000 attacks each day during last April and May.

In the worse case scenario, criminals can steal important data, such as passwords, pass phrases, e-mail addresses or PINs. They also use compromised websites for various fraud schemes, whereas pages themselves can be included in Google’s #blacklist’ and, as such, become invisible in search results.

Failed authentications

“Developers and admins can indicate an ongoing brute force attack by looking at failed authentications,” explained Juta Gurinaviciute, CTO at NordVPN Teams. “If the same IP address unsuccessfully tries to login to various accounts or different IP addresses are attempting to access one account in a short period of time, this is a clear sign of a data breach attempt.”

As the IP address is one of the indicators of a cyber attack, it can also be a cure. On that basis, it’s wise for companies to reduce the ‘surface area’ available for attack and limit access to the login page. This can be done by making use of IP allowlist, blocklist and fixed IP techniques.

Previously known as whitelist, IP allowlist is a set of IP addresses that have access to a specific website. The developer can specify which IP addresses are allowed to reach an admin login page and perform actions there. It’s also possible to indicate a range of IP addresses that can obtain authorised access. The latter solution is useful within bigger organizations or if numerous people require access to the website. 

However, Internet Service Providers may be changing IP addresses frequently and, as a result, the allowlist might constantly become outdated. This solution only works, then, if there’s a pool of limited IP addresses in use or the changes take place within the specific range.

Intrusion prevention frameworks

Also known as blacklist, IP blocklist is the exact opposite of the previously mentioned IP address directory as it blocks access to websites from the specified IP addresses. As this is difficult to do on a manual basis, admins and developers may employ intrusion prevention frameworks such as Fail2Ban. The framework automatically blocks IP addresses after a few unsuccessful authorisation attempts.

On the other hand, website owners can block the particular IP addresses as well as the whole IP address range. If a company notices that suspicious attacks from specific IP addresses persist, the management team should consider adding them to the blocklist.

Further, IP blocklist can also be used for geo-blocking as the IP address carries the information about where the request was sent from in the first instance. 

The third solution for minimising unauthorised access is the fixed IP method. As already mentioned, developers can limit availability of the login page to a set of trusted IP addresses. With fixed IP, they reduce the risk of IP sharing when a number of devices use the same IP address. This often leads to the ‘bad neighbour effect’ as, due to the deeds of other users, IP addresses end up in various blocked or spam lists.

The fixed IP method can be offered by Internet Service Providers and VPN services alike, but the latter ensures browsing privacy as an additional benefit.

Leave a comment

Filed under Security Matters

New Malware variant threatens smart devices in 84 different countries

A new variant of the InterPlanetary Storm malware has infected roughly 13,500 machines across no less than 84 different countries and counting. That is the core message emanating from e-mail security business Barracuda Networks in its latest Threat Spotlight research.

The malware was initially uncovered in May 2019 as a malicious attack designed to target Windows machines. This new variant, which Barracuda researchers first detected in late August, is now also targeting Internet of Things (IoT) devices, such as TVs that run on Android operating systems, and also Linux-based machines.

Essentially, this new variant gains access to machines by running a dictionary attack against SSH servers similar to FritzFrog, another peer-to-peer malware. It can also gain entry by accessing open Android Debug Bridge (ADB) servers. The malware detects the CPU architecture and running OS of its victims. It can run on ARM-based machines, an architecture that is quite common with routers and other IoT devices.

While the function of this malware is not yet known, it’s likely that campaign operators will be able to gain access to infected devices so they can later be used for cryptomining, DDoS or other large-scale attacks.

Including the UK, some of the 84 countries which have so far reported cases of the InterPlanetary Storm malware include Argentina, Australia, Belgium, Brazil, Canada, France, Germany, India, Spain and the United States.

Malware spread

The malware spreads using SSH brute force and open ADB ports, duly serving malware files to other nodes in the network. The malware also enables reverse shell and can run bash shell.

Fleming Shi, CTO at Barracuda Networks, commented: “This new variant of malware is extremely infectious and malicious, and it’s very likely that it will spread beyond the 84 countries which have already been impacted. Moving forward, it’s essential that tech users properly configure Secure Shell access on all devices. This means using keys instead of passwords, which will make access more secure.”

In conclusion, Shi stated: “Furthermore, deploying a multi-factor authentication enabled VPN connection to a segmented network, instead of granting access to broad IP networks, is absolutely vital, particularly so if users wish to share access to secure shells without exposing the resource on the Internet.” 

Leave a comment

Filed under Security Matters

Videx introduces online Product Builder application for security professionals

Door entry and access control solutions specialist Videx has launched its renowned Product Builder application online. The digital variant includes all of the features contained in the original CD Product Builder that enables the end user to create an access control solution meeting their needs in an easy-to-use format.

Commenting on the move, Rob Sands (technical director at Videx UK) explained: “The online Product Builder is both desktop and mobile friendly and can be used with any browser on Windows, Android and Apple iOS devices and with any size screen. It’s just the same as the CD version and works via a log-in system whereby users can keep track of their system builds and share details with others if they’d like to via e-mail.”

VidexOnlineProductBuilder

Key features of the online Product Builder include a dashboard where users can see their current and previous builds. They can create, view, edit and then print a PDF of their build. The online version provides a very simple six-step wizard to build any type of system and create a parts list with prices, parts descriptions and images.

Sands added: “Users can also customise printouts and PDFs with their company logo and address, set discount structures and mark up prices and also stipulate what systems they prefer. The tool provides a tailored experience for each user.”

*To register for the online Product Builder visit www.videxbuilder.com and choose the ‘Register’ option

Leave a comment

Filed under Risk Xtra

Tyco’s Illustra Edge cameras with exacqVision recording software deliver “complete IP solution” for end users

Tyco Security Products has now introduced Illustra Edge, a complete HD video system combining an IP camera, pre-installed exacqVision Edge video management software (VMS) and SD storage in one out-of-the-box solution.

Ideal for smaller installations of up to ten cameras or remote sites where server hardware installations are rendered impractical, the Illustra Edge solution provides an easy and effective means to deploy an HD IP video system without incurring separate server hardware installation and configuration costs as the server software and video storage capability reside on board the camera.

For system set-up, simply mount the camera, connect and start monitoring live and recorded video. Illustra Edge is supplied pre-configured with an included server licence for simple and automatic installation.

For larger applications and enterprise solutions, a simple licence upgrade to exacqVision Edge+ makes this solution expandable to unlimited servers.

With the included exacqVision Edge software, end users have the ability to view live or recorded video from multiple Illustra Edge devices or server-based recorders simultaneously. The included VMS allows users to export video search results, display alarm events on screen and access instant replay of both video and audio events via exacqReplay.

Tyco Security Products' Illustra camera in detail

Tyco Security Products’ Illustra camera in detail

Windows, Linux and Mac computers

The exacqVision client software runs on Windows, Linux and Mac computers. Additionally, end users can install the free web service software on a separate PC in order to view video on a web browser, tablet or smart phone.

The Illustra Edge recording solution offers high reliability as there is no single point of server failure. If one camera fails, the others will continue to stream and record video. The camera-to-server traffic is internal and not on the customer’s network, thus yielding low overall network traffic.

“This is a complete solution for end user customers looking to create their own video surveillance solution without the added costs of servers and complex installation,” said Julian Inman (video product marketing manager for the EMEA at Tyco Security Products).

“Whether it’s a small business or retail store, or an end user who needs to supplement their enterprise system because of a remote location or intermittent wireless coverage, the Illustra Edge solution can be deployed to fit their needs.”

Illustra Edge is available in three camera models: the Illustra Pro 5 Megapixel Fisheye, the Illustra Pro 2 Megapixel Compact Mini-Dome and the Illustra Pro 2 Megapixel Compact Mini-Bullet. The Illustra Edge Fisheye camera boasts in-camera de-warping offering real-time 180º/360º panoramic views or a quad view delivering four independent ‘Quad’ 4×3 normalised video streams. Its 5 Megapixel capacity affords this camera solution the power of two-to-four cameras for many indoor applications.

The Compact Mini-Dome and Mini-Bullet offer end users HD video with a wide field of view, IR illumination and wide dynamic range. Although discreet, these versatile cameras are equipped with multiple viewing angles including corridor mode, making them highly useful for hallways, aisles and alleyways.

*For more information about Illustra and the new Edge solutions line visit: www.illustracameras.com

Leave a comment

Filed under Risk UK News