Module 05

Module 5 

This week we learn about the types of scanning and how to gather information about the targets. It is very difficult to protect the organization against scanning attempts. From my own experience, I learn that there are a few ways that help with scanning. One of the good strategies is GEO Fencing. By blocking some of the bad countries like Rusia and China you can minimize the scans from thousands to several. The other simple technique is to use IDS/IPS systems, create specific rules which will stop excessive ping and DNS requests. If the scan is performed internally, the enterprise Antivirus software will usually spot and stop the scan. However, if the scan is performed very slowly there is almost no way to find that the network is being scanned.

This week I found an interesting article about a new malware spam campaign that targets multiple companies. The attack was performed by embedded malware in office file attachments. Once the malicious file is open it drops the Adwind 3.0 which is set to stole sensitive information. Please check the article at  https://cyware.com/news/adwind-30-found-in-ongoing-malspam-campaign-targeting-over-80-turkish-companies-1d8eb706

Module 04

Module 04

This week we learn about the reconnaissance and some of the techniques used in gathering the information. It is critical for any of the organizations to limit their employees what they post on social media since that information can be easily used against the organization. With tools like Maltengo and Echosec, a hacker can easily target a company and find all of the information coming from social media. These tools pull information from multiple social sites correlate the details and reveal the relationships with the company and where the posts were created. This type of intel can help to create very sophisticated phishing campaigns or target the employees through Facebook or LinkedIn. 

I was researching the hacks which come through social media websites and I found this article https://www.fastcompany.com/90372829/im-a-hacker-and-heres-how-your-social-media-posts-help-me-break-into-your-company  The author point that people do not pay attention when taking selfies in work they may reveal critical information to the outside world. From employee pictures, the hacker can learn the environment the building structure, can see the employee's badges, and how computers are setup.  

Module 03

Module 03

This chapter talks in detail about the social engineering tactics and attacks. The social engineering it’s very difficult to stop since mostly we fight against human weaknesses. There is no technical measure that can totally stop social engineering attacks. The best way to secure the system against social engineering is a combination of spam filtering as well as user education. The security team has also developed its own phishing campaigns to find the clickers and users who do not follow the best practices. For HR and financial departments, there is a need for more sophisticated training on how to handle personal information. Moreover, the financial team has to have multiple approvers to process the payments and be trained on how to properly check the identity. The approval process needs to include multiple systems and cannot only rely on email or phone since these two media are very vulnerable to social engineering attacks and spoofs. 

For this week's article, I chose the Deepfake software which allows us to fake the person's voice and video image. This type of software can be easily used for faking voice calls or even videoconferencing. Usage of deep fake software moves social engineering on a different level.

Please take a look at this link which talks about deep fake technology and the risk which comes with them.

https://www.theguardian.com/technology/2020/jan/13/what-are-deepfakes-and-how-can-you-spot-them

https://www.online-tech-tips.com/computer-tips/what-is-a-deepfake-and-how-are-they-made/

Module 02

Module 02
Net 185 - Ethical Hacking

 This section  talks about the fundamentals of pen testing procedure as well about different compliance and regulations which pen testers have to know when performing pen tests. The chapter also talks about how to prepare the risk assessment and which type of pen tests to use ( internal, external, white box and black box tests). I learn that the scope of the assessment has to be documented in detail in the SOW document (scope of work). The SOW has to include what will be tested and when and if there are any exclusions. I learn from my own experience that there will be exclusions and not all the  targets can be scanned. Even when scanning is usual non-intrusive for some production systems like mainframe scanning can produce a denial of service which can cause access and monetary loss.

This week I was researching the latest ransomware attacks and I found that one of the crystal lake high schools gets hit by ransomware attacks. A lot of these attacks are random mostly started by internal users opening malicious files from the email. It seems the Crystal Lake School District 155 High school was lucky and was able to discover the ransomware in the beginning stage which didn't spread to the whole organization. Some of the victims of these attacks have limited ways to recover which tends them to pay the ransom.

https://www.nwherald.com/2020/01/29/district-155-hasnt-communicated-with-hackers-paid-ransom-following-ransomware-attack/avdxsgz/