Home Blog

How Hackers Can Hack Your Phone to Steal Pictures

0

phone hacked

We store a lot of data on our mobile phones including our family and ‘private’ pictures and leave no stone unturned to prevent them from evil eyes.

But no matter how cautious you are, someone can snag your photos with a little effort and access to your public information.

Here’s how one can hack your phone and steal the pictures.

Cloud Storage:

Cloud Storages like Google Drive lets you store and transfer the pictures and other files and share them across other devices.

While all the cloud services promise to ensure the safety of your data, many of them are vulnerable to attacks.

There are several examples in which hackers contacted cloud support, requested for a password reset by answering some security questions using their targets’ information gathered from their social media accounts and remotely wiped all of their data.

Email:

Almost everyone uses the Email application on the mobile device to send and receive files. While remotely breaking into someone’s device and getting access to pictures and other data is very difficult, it is much easier to hack an email account.

With an email address in hand, a hacker can try different password combinations to break into it. Otherwise, if the hacker gets some basic information about you through your social media accounts or other sources, he or she can use forget password option and answer security questions to set a new password.

While by accessing your email, the hacker may not get the pictures directly but can collect other sensitive information which could help him/her in hacking your phone. An example of such information is billing, particularly the cell phone bills.

Days of paper billing are long gone and most of the people today prefer to receive and pay their bills online.

The cell phone bills not only contain the number of the holder but also a bundle of other information such as details of incoming and outgoing calls. By utilizing this information, the hacker can hack your phone to steal your pictures.

Cellular Company:

Your cellular provider may also make your phone venerable to the attacks. Some companies allow you to set your user ID as your wireless number.

If a hacker has your number, he/she can use the “forgot my password” to request a new password. All he/she needs to the do for this is to answer a few security questions.

Various study reports have shown that the many people use terrible PINs, with “1234” being the most common one. Some people set their birthday as their 4-digit unlock-code while some others use their vehicle number for this purpose.

So if your PIN code is easily guessable, the hacker can break into your account and get access to your data you sent or received on your phone during the recent billing period.

Spoofing:

If a hacker has managed to access the numbers you have contacted from your phone or the text messages you’ve sent, it isn’t too difficult for him/her to spoof your number.

In this way, the hacker has no need to hack your phone to steal photos and he/she can trap you to send them directly to him/her. There are many Caller ID apps and cell phone spoofs out there with the help of which the hackers can appear in your contacts posing as someone else.

So, What I Should Do?

Apart from the abovementioned methods, there are many other ways through which the hackers can steal your pictures and other data.

What you need to do to make your data secure is to use strong passwords on your cloud service, email accounts and avoid giving away much information about yourself on social media platforms.

Top Three Cyber Security Threats of 2016 and How To Counter Them

0

cyber securityThe increasing threat of cybercrime is a major concern not only for bigger companies but the entire global community.

The criminals use various methods to infect our systems, either to steal money or sensitive information.

Let’s have a look at the top three cyber security threats on the rise at present, how they work and how you can secure yourself from them.

(1) CEO Fraud

What it is?

This is one of the common internet frauds these days in which the fraudsters try to trigger an unauthorised transfer of funds.

How It Works:

A fraudster posing as a Chief Executive Officer (CEO) sends an email to Chief Financial Officer (CFO) with a request to transfer a considerable amount to an account. There may or may not be a reason elaborated in the email for the request.

Sometimes, extra instructions are also provided to the victim while in most cases, only the email proves enough.

These emails look legitimate to CFO, and he transfers the amount. When CEO returns to the office, he finds that fraudster has caused a huge loss to the company.

According to Federal Bureau of Investigation (FBI), around 1200 companies fell victim to such fraudulent activity in the US in the last three years, losing a total of 2.3 billion dollars.

How to Counter It:

Since this type of attack technically not falls into the category of cyber crimes, there is not a technical solution of it.

The only thing you can do to make that this never happen in your company is to ask your CFO not to transfer funds just on email instructions and also make a conformation phone call to CEO.

(2) Ransomware:

What it is:

Ransomware is a piece of malware that blocks the users from accessing their system until they pay a certain amount of money.

How It Works:

It all begins when you click on an infected popup advertisement visit an infected website, allowing the malware to penetrate in your computer.

As a result, the cyber criminals hold your computer hostage and ask you pay a certain amount of ransom through an online payment method to get a key to unlock it. Ransomware attack puts pressure on victims, stating that an increasing number of files would be deleted after every 30 minutes if you do not pay up.

The amount of ransom varies but most often the criminals ask for a small payment, which the victim prefers to pay to avoid the hassle of coping with the malware.

How to Counter it:

Always keep an off-line back-up of all of your important data and make sure that it can be restored when required.

A major drawback of connecting your back-up to the network is that it could also be encrypted by the criminals.

With a backup available, you have no need to worry if your system comes under ransomware attack.

(3) Advanced Persistent Threat

What it is:

This is a highly customised and sophisticated attack in which an unauthorised person gets access to a network and stays there for a long time without being detected.

How it Works:

Unlike many traditional threats, APT is are planned and designed with an objective of targeting a specific company to steal its data.

In these attacks, the attackers use different techniques to break into to a network. A common method to carry out such attack is spear phishing, an e-mail spoofing fraud to spread malware to the machines of a company/ organisation.

After getting access to the network, the attacker can monitor its activities and navigate from system to system to obtain desired data while remaining undetected.

In past, APT attacks were used primarily to gather sensitive data of high-profile organisations or companies. However, these days, the criminals also target small or less-known companies/organisations using this method.

How to Detect and Counter APT:

As mentioned above, such attacks are very difficult to detect. However, a constant network analysis tells you that is your network is working normally or there are unusual activities happening inside it.

Increased in log-ins at the time when the employees usually not access the network, large flows of data and transportation of unexpected data bundles in the network are some of the key indicators of APT attack.

It is unarguably very important to Implement sophisticated security measures capable of detecting these threats on the network and responding to them. But the more important measure is to monitor the behaviour of the network and take immediate action if there is any warning indicator.

Six Tips That Will Help Your Employees Counter Cyber Security Threats

0

cyber securityThe corporate hacking attacks continue to haunt the businesses across the globe. In the recent years, the data breaches at the companies like Target, eBay, and Sony have led to the theft of personal identity, credit card and security information of hundreds of millions of compromised accounts.

However, that is the tip of the creepy iceberg as hacking attacks at the little or less known companies do not get news coverage.

The small and mid-sized companies frequently fall prey to the corporate hacking attacks because of inadequate cyber security measures.

Here are the six tips by following which you can help your employees tackle the hacking threat more effectively and ensure the safety of your company’s data.

Require Use of Strong Passwords: 

Most of the cyber attacks begin with a compromised password. So make your passwords strong before it is too late. It would be better to require your employees to use passwords that comprise both upper and lower case alphabets, numeric letters as well as the symbols.

But make sure that besides being strong, the passwords your employees use are also easy to recall, You can suggest them to use some numbers or symbols in place of letters for example “C@1iforni@” instead of “California.”

Also, ask your employees to not use the same password for every site and change it after every four to eight weeks.

Make Sure that Mobile Devices are PIN/Password Protected:

These days, most of the employees conduct company’s businesses using their own smartphones or tablets. Many of them access company or client’s data without adding a password or PIN to their devices which could put the sensitive information at risk. So, ask your employees using their devices for business purposes to use a strong password to keep the data safe.

Help Employees Foil the Phisers:

Many cyber thieves make phone calls or send emails to company’s employees posing as bankers or customer account officials in a bid to get the sensitive login information. So, inform the employees that giving account information through phone or emails may be risky.

Ask Employees to Watch out for Malware:

The cyber criminals lure employees to download or install malware on their computers, laptops or mobile devices and use it to access company’s sensitive information. So strictly prohibit the downloading of any unauthorized software without the permission from the administrator.

Make Sure That All Unattended Devices are Logged-Off:

Most often, the employees do not shut down the browser while leaving their laptops or desktops for some time. However, it is extremely dangerous practice as someone can collect login details and copy passwords from an open browser in a few moments. So make sure that every employee knows that it is very important to close the browser and lock computer’s screen when they are going away.

 Arrange Cyber Safety Classes:

Hold regular cyber security classes for the employees to make sure that they know how to keep company’s information under locks. Also, provide them with a manual that spells out company’s cyber security policies.

 

 

 

Cyber Crimes Risks associated with software piracy

0
copyright-Piracy-CyberCrimes-Risks

International Software Laws defines software piracy as “An illegal act of copying, using and distributing software by individuals or organizations”.

Individual and organizational users

Companies or individuals when install particular software must purchase license. When agreeing to certain terms and condition the user is supposed not to violate. Each client (a company or an individual) has to pay against the license. In the case of companies, software license provides networking of the software, hence, each employee logs on to the company network to have an access to the program. In both cases the software key is either given to some friends by individuals or company’s employees. This is unethical act and is called “violation of agreement”. When purchasing a software we should follow suit by not violating the terms and conditions.

Facts

According to Business Software Alliance (BSA) software survey the fact is:

  • In 2015 out of all the software installed all around the world 39% were found pirated.
  • The commercial value of all the pirated software was decreased from $62.7 billion to $52.2 billion.
  • By the region the commercial value of pirated or counterfeit software was calculated as maximum in USA $20.5 billion to the minimum in UAE $ 3.7 billion.

Dangers of using counterfeit software

Using counterfeit software is good for nothing except the cheap rates.

System crash

When pirated software crashes your system the worst possibility could be the data loss and sometimes it can hit the other software as well.

Spyware

Pirated software contain spyware, the intention behind the creation of these spywares is to attack one’s system to steal data. This is the high-tech way of stealing passwords, bank account information and organization’s confidential information.

Deceptive sellers

The deceptive sellers not only deceive the manufacturing company by violating law and stealing intellectual property of the company but they deceive their customer at the same time. These sellers are disguised thieves. When sharing credit card or account information to purchase a software all information is hacked subsequently exploited by seller.

Threat of getting used

There is always possibility of getting caught and having law suit by the company subsequently the culprit is send to jail.

What should we do?

However the subject of pirated software is a hot potato but still we can manage to avoid it if we are careful in our choices.

  • Put your best foot forward to purchase software from authorized website.
  • In case of online purchase if you doubt contact manufacturers of the software for confirmation and stump up for it if the cap fits.
  • Avoid purchasing loose products.

CYBER CRIME: A MAJOR THREAT TO SMALL BANKS

0
cyber-crime-in-banking-sector

The term cybercrime has emerged with the phenomenal growth of the social interaction on internet and its unscrupulous users. Basically it is the virtual way of committing crimes by the means of computers and internet. Cybercrimes are carried out to steal the intellectual property at individual, corporate and sometimes at the state level.

Cybercrime has become a threat for financial industry especially for small banks and financial institutions .where online banking facilitates its costumers on one side, it has opened new door for criminals on the other side. Hacking customer account information through distributed denial-of- service attack and…….. the reason behind the hacking and cracking of the computer systems is the greed motivation of the group to earn quick money. It is commonly believed that the financial industry is so armed in their security system that they can protect their infrastructure but till now in only US the companies face an average estimated financial damage of $ 195,000 each year.

Ease of access to a compromised server made financial institutes and banks a preferred target. A variety of pre- equipped software is used for this purpose. The most common example is the hacking of customer account information and withdrawing the money with fake vouchers. According to Juniper Research the cost of cybercrime in financial sector could be as high as 2 trillion by 2019.

Over the past decade the financial industries of  US, UK, Japan, China , UAE , were the focal targets for cyber criminals, but when it comes to the security system of small banks of Asian and African countries it becomes much easier for offenders to hack systems. In Bangladesh, Pakistan and India there are hundreds of such cases. Why? Because small financial institutes and banks cannot afford high- tech cyber security plans to trace espionage.

When the small banks interact with big banks in UK and US, it becomes easy for the criminals to commit fraud of millions and billions of dollars. These malicious malware are increasing because small banking system are compromised ending up with irremediable damage. On the other side unsecure and outdated system allow the hacker to approach the target easily e.g. similar passwords in outdated systems can play a vital role to hack the account easily.

Nevertheless insurance can refund the money of the costumers but cannot mitigate the risk of wreckage in future. Employee training courses on identification of risk, risk assessment and data loss prevention should be conducted. A sophisticated internal security task team should work along with management and other employees to support the online banking without any crash. The strategic starting point of all the data flow should be threat intelligence to avoid the vulnerability of accounts at the cost of data encryption.

CEH v9: Certified Ethical Hacker Version 9 Study Guide 3rd Edition

0
CEHv9-study-guide

If you’re preparing to take the CEH exam, you’ll undoubtedly want to find as much information as you can about computers, networks, applications, and physical security.The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when taking the exam. This study guide was written with that goal in mind—to provide enough information to prepare you for the test, but not so much that you’ll be overloaded with information that is too far outside the scope of the exam. To make the information more understandable, I’ve included practical examples and experience that supplement the theory.

This book presents the material at an advanced technical level. An understanding of network concepts and issues, computer hardware and operating systems, and applications will come in handy when you read this book. While every attempt has been made to present the concepts and exercises in an easy-to-understand format, you will need to have experience with IT and networking technology to get the best results.

Before You Begin Studying

Before you begin preparing for the exam, it’s imperative that you understand a few things about the CEH certification. CEH is a certification from the International Council of Electronic Commerce Consultants (EC-Council) granted to those who obtain a passing score on a single exam (number 312-50). The exam is predominantly multiple choice, with some questions including diagrams and sketches that you must analyze to arrive at an answer. This exam requires intermediate- to advanced-level experience; you’re expected to know a great deal about security from an implementation and theory perspective as well as a practical perspective.

Download

Certified Ethical Hacker Version 9 Study Guide 3rd Edition PDF

 

TOP 4 CYBER SECURITY THREATS TO ANDROID MOBILE DEVICES

0
protection-against-threats-android

Understand the Impact of Exploits and How to Protect Your Organization

A recent study by Check Point Mobile Security and a global cellular network provider found that one in 1000 devices were infected with mobile surveillance and mobile Remote Access Trojans (mRATs). These attacks were found on both Android and iOS devices; the prevalence of Android-based devices (over 80% of the worldwide phone market; 60% of the tablet market) makes it important to understand the risks they can pose to an organization. The following is a high-level overview of the four most common types of attacks that impact Android mobile devices and the basic requirements for protecting against them:
1. MOBILE REMOTE ACCESS TROJANS (MRATS)

These attacks, as their name implies, can give an attacker the ability to remotely gain access to everything stored on and flowing through the device.

These attacks are typically downloaded from application markets, including Google marketplaces, such as Google Play. Legitimate and seemingly innocuous apps can contain the malicious functionality. Once downloaded, the malicious code can be activated by the attacker and used to do almost anything on the device.

A device of an executive or critical employee infected with an mRAT can have a severe impact on the business – the attacker could be privy to all sorts of sensitive information. They could turn on the device’s recording functionality to listen in on boardroom discussions, forward emails or text messages sent to or by the device, take photos of whiteboard diagrams from meetings, access phone calls and voice mails, and even track that individual’s whereabouts.

While Google has been working hard to protect the Google Marketplaces from mRATs, with regular security code checks, there are simply too many apps to monitor. (There are more than 1.2 billion Android apps in the Google Play market, with approximately 30,000 being added monthly.) Plus, there are no built-in security code checks for those apps downloaded through secondary markets

As a result, it is important to have a solution that can analyze the behavior of applications on the device, as well as correlate events on the device and in the network to identify suspicious activity – such as traffic going to unknown servers.

2. SYSTEM EXPLOITS – ELEVATED PRIVILEGES

System vulnerabilities can be exploited by an attacker to gain elevated privileges (equivalent to ‘rooting’ the device) without leaving a trace. In the past year, a dozen such exploits were released, including a tool that exploited a vulnerability on devices running Android 4.0-4.4, a vulnerability in the pre-installed backup software on LG devices, and a vulnerability in the drivers used by the camera and multimedia devices on Exynos 4-powered devices. (Learn about the 2013 Android vulnerability of the year.)

The attacks take advantage of opportunities created by the fragmentation of the Android operating system and the openness and vastness of its eco-system. All the different devices and vendor implementations of Android have fragmented the operating system and broken the security patch delivery model. The irregularity of hardware patching cycles and the variances from platform to platform offer attackers ample infection vectors to exploit.

In addition, while Google has been working hard to protect its Marketplace from attacks, such as mRATs, by performing security code checks, Google does not perform any built-in security code checks for the apps downloaded from the dozens of secondary open app markets.

Protecting Android devices requires a solution that can cover all the different potential threat vectors. It needs to be able to detect malicious applications and vulnerability exploits that could impact a specific device (given the device type, OS version, patch levels, and implementation). It should also be able to correlate device, network and event information to detect and prevent system-level attacks.

3. WIFI MAN IN THE MIDDLE (MITM)

A MitM attack occurs when the device connects to a rogue WiFi hotspot. Since all communications are passed through the attacker-controlled network device, they can eavesdrop and even alter the network’s communication.

MitM attacks have always been a concern for wireless devices, however, the prevalence of smartphones in an individual’s personal and business life has made mobile devices much more attractive targets for this attack.

Unfortunately, the typical alert and warning signs that individuals are used to seeing on PCs and laptops are much more subtle in their mobile counterparts. For example, the limited screen real-estate of mobile devices often hides URLs from the user, so they don’t validate the URL the browser is pointing to is actually the intended one.

The best way to thwart these types of attacks is through the use of a VPN to encrypt and isolate the communications. Ideally the VPN would be triggered only when rogue hotspots and other risk factors are detected to maximize the user experience.

4. ZERO-DAY ATTACKS

Zero-day attacks represent exploits of vulnerabilities that have been uncovered – but not yet released. Many times, these vulnerabilities lead to the silent installation of attacks, such as mRATs, on a device through a remote exploitation technique.

Once on the device, they may enable the attacker to steal passwords, corporate data and emails, as well as capture all keyboard activity (key logging) and screen information (screen scraping). They may also activate the microphone to listen in on conversations and meetings, or act as a botnet to steal contacts or text messages (SMS texts).

AV solutions, which rely on known attack patterns to detect attacks, are unable to provide protection for unknown attacks. Organizations need a solution that can identify any suspicious behavior from an app, a device or the network to find and mitigate the impact of zero-day mobile exploits.

protection-against-threats-android

Check Point Mobile Security provides a mobile threat management platform that allows enterprises to easily manage and mitigate the risks of BYOD and protect their corporate assets from mobile cyber threats, such as malicious applications, targeted network attacks and advanced persistent threats (APTs). Check Point not only provides the most comprehensive solution for iOS and Android, but also delivers real-time mobile security and intelligence to an organization’s existing security and mobility infrastructures. Its patented technology detects device, application and in-network threats that others will miss and quantifies the risks and vulnerabilities that BYOD exposes to the enterprise. With Check Point, enterprises can balance the needs of mobile security and protection, without impacting the end user’s experience and privacy, to confidently embrace BYOD and other mobility initiatives to fuel their business.

Source by checkpoint = Source PDF

Tips and tools for white-hat Ethical Hackers

0
Ethical Hacker

The first picture materialize in mind after hearing the word ‘hacker’ is a bad character who steals the information from the computers of other people and use it in his execrable deeds, but that’s just dark side of story. The hackers are of two sorts – black-hat or malicious hackers, who exactly fit upon the aforesaid lines and white-hat, a security professional who strives to make internet a safer place for. The White-hat hacker exploits his skills to enhance the security by divulging vulnerabilities before unethical can detect and utilize them.

The security professionals break into a system or network to discover voids, and then fill those with policies, patches and other security measures. The penetrating assess teams include the individuals with an all-embracing combination of diverse skills, from hardware and software engineers to social engineers and network experts.

Making a white-hat hacker

Becoming a certified security analyst is not a piece of cake. It requires a certain level of professional paranoia, for getting which one would need to trade a soul with devil. If not identical, the methods used by those malicious and ethical hackers, are almost same but the mentalities and aspirations are starkly different.

The ways of thinking of a security analyst and other people are diverse as well because the former observes everything on security perspective. Let’s take the example of a USB Charging port, for you it may just a way to get your phone charged, but for a security analyst it is a conundrum and he will be counting port’s connections and astonishing that using just a USB connection, how much data could one steal from a phone. The penetration tests exploit that approach.

The ethical hackers, working for the security companies attempt to exploit their sculpture to discover ways into a business network. If you owning a big organization that has a data that is needed to be secured you will most probably need certification from a prestigious consultant before securing any insurance. And that certification will need at least one primary penetration test.

Penetration testing

A thing you should remember about penetration test is that having success in it isn’t a pushover. At lot of tools and tactics that the security team uses to perform a test might have been used a long ago by the black-hat hackers. The malicious hackers are equipped with advanced tools, with the help of which they make inroads into systems and networks. In a network, a penetration test can address many problems but not all. An assessed network could be more secured, but certainly not fully protected from every threat.