MitB (Man-in-the-Browser) attacks are variants of MitM (Man-in-the-Middle) attacks in which an attacker compromises a user's Web browser in order to eavesdrop, steal data, and/or interfere with a user session. MitB is regularly used by attackers to perform different financial scams, the most prevalent of which being interfering with online banking systems.

Adversaries can use security holes and/or modify built-in browser capabilities to change content, shift behaviors, and intercept data in order to damage the browser. The attack may be carried out with a variety of malware, the most common of which is a Trojan.

MitB malware / attack campaigns targeting online banking and other internet services include Zeus, Spyeye, Bugat, Carberp, Silon, and Tatanga. MitB attacks, also known as man-in-the-mobile attacks, can occur on mobile devices. Two well-known Mit Mobile hacks are ZitMo (Zeus-in-the-Mobile) and SpitMo (Spyeye-in-the-Mobile).

How do MitB attackers use proxy trojans to target their victims?

A proxy trojan is a type of Trojan horse that is meant to function as a proxy server on the victim's computer. It may intercept all requests to the legitimate programme, like as the victim's Web browser, and determine whether or not it can handle them. If it is unable to process a query, it forwards the request to the real application code. The attacker now has complete control of the victim's computer and can do almost anything with it. Some MitB variants contain the ability to act as a proxy trojan.

MitB hackers taking huge advantage of clickjacking vulnerabilities on webpages

When a hacker employs malicious code included in a webpage to trick a user into clicking on something other than what the user expects, this is known as clickjacking. It is most commonly used on eCommerce sites to entice users to click on links or images. These fraudulent links take users to another commerce site, which might be a competitor's portal or a phishing site.

 Why installing a trojan horse required for a successful MitB attack?

Because a MitB attack requires the installation of Trojan software on the target system, attackers utilise a variety of phishing tactics to convince their victims to comply. The attacker gains access to all of the user's internet destinations after the Trojan Horse has infected the system. Many Trojans designed for MitB attacks can then generate code for additional input forms. These input forms are subsequently shown on the websites that the visitor visits. As a result, attackers can gather a wide variety of personal information.

How is MitB carried out in any browser?

MitB attacks are launched via a user script, a Browser Helper Object (BHO), or an unprotected browser plugin. The virus enables the creator to circumvent the web browser's security features. The trojan then facilitates the interception of calls between the user and the website they are viewing. The trojan has the ability to conduct the following activities in particular:

1. Modify or add new columns and fields to your website.
2. Modify financial transaction data such as account and purchase information.
3. Suspend or seize an ongoing transaction in real time.
4. Modify the style and feel of a website
5. Modify the server responses, such as thank-you pages
6. Capture information put into webpage fields
7. The entire transaction may also be altered if the user returns to the website.

How Boy-in-the-Browser attacks differ from Man-in-the-Browser attacks?

BitB (Boy-in-the-Browser) attacks utilise malware to change the network routing tables of victims' devices, allowing a standard MitM attack to be carried out. Once the routing modifications are implemented, the virus may attempt to delete itself in order to conceal its tracks and make detection more difficult.

Centex Technologies offers online portals and businesses comprehensive web development and cybersecurity solutions. Call Centex Technologies at (855) 375-9654 for additional information on how to safeguard your website.

While a lot of attention is paid to technical vulnerabilities such as SQL injection, CSRF, and cross site scripting, modern applications are equally susceptible to business logic flaws. As business logic flaws can defy easy categorization, discovering these flaws can be difficult. Business constraint bypass vulnerability is a unique case of business logic vulnerability.

In order to understand business constraint bypass vulnerability, let us take a simple example. Let us consider a website that provides information about top cyber security software. The users may be able to read top three results as a free version but they are required to either pay or subscribe to access complete information.

Business constraint bypass attack tries to circumvent the constraints set by the website to retrieve as much information as possible. Even if the attack is not able to access the information unlawfully, the attack might cause small application based Denial of Service (DoS) attack. In case the attacker is able to distribute the attack, it may result in a DDoS attack.

How Is Business Constraint Attack Launched?

Launching a business constraint attack is a stepwise process.

• Recon: The first step is to find a parameter that can be modified to return more data than allowed. For example, if a page shows 10 results and the only way to load more results is to go to ‘Next Page’ of the app or website; this can be used as a candidate for bypass constraint attack by cyber criminals. In modern applications, when a user requests data, an API request is called for n values of data (where n is allowed value of data that can be accessed in return of the request).
• Exploitation: Once target API call is identified, the motive is to attack the variable ‘n’. If the call is coded to return 10 results, it may look like /api/v1/get_books/10/site/all_books. The hackers execute this call in a new browser or by using cURL to check if it returns data. If yes, they modify the number (10 in this case) to their desired number to fetch more data or results.

How To Remediate Business Constraint Attack?

• An API call may be designed to be invisible to the user, but it is not invisible to everyone and can be manipulated. So, always check the data being requested by API.
• To make an API dynamic in nature, make sure to either limit it by user or use-case, including the session in request.

For more information on business constraint bypass vulnerability, contact Centex Technologies at (254) 213 – 4740.

View Full Image

Clickjacking is a type of cyberattack that deceives users into believing they're clicking on one thing while they're actually clicking on something else. Also known as UI (User Interface) Redressing where users believe they are using the standard UI of a web page, but actually, that is a concealed UI in control. The hidden UI takes a different behavior when consumers click something they think is safe.

This attack's final objective is to lure victims into disclosing their PII (Personally Identifiable Information) or even infect their devices with malware. The real objectives can be almost anything that can be done through web pages. This includes blackhat hacker behaviors such as installing malware and stealing credentials or even conducting a ransomware attack on infected devices. Benign activities like raising click counts to increase advertisement income on sites, getting likes and views on Facebook and YouTube are also possible.

How will you prevent your website’s users from getting click jacked?

Web developers can use one of these two methods: -

1. Client-side techniques include Frame Busting, which is the most prevalent one. Such techniques can be useful in some situations, but they are not recommended because they can be readily circumvented.
2. X-Frame-Options is the most often used server-side approach. Security experts advise using server-side approaches to combat clickjacking.

So, how does anyone get click jacked?
First, any attacker produces a visually appealing website that offers visitors a free trip to any overseas country. In the background, the attacker is actually checking if the users are signed into the banking site via cookies stored in the browser. If so, the attacker opens the page that allows for fund transfers, inserting the attacker's bank data into the form using query parameters. The bank transfer page appears in an invisible iframe above the free trip page, with the "Confirm Transfer" button perfectly positioned over the user-visible "Receive Free Trip" button. The user arrives at the website and selects the "Book My Free Trip" option. In actuality, the user is clicking on the "Confirm Transfer" button on the unseen iframe. The funds are sent to the attacker. The user is taken to a website where they might learn more about the free trip (not knowing about what happened actually in the background).

How to check whether your website is vulnerable to clickjacking?
Create an HTML page and try to incorporate a sensitive page from your website in an iframe to see if your site is vulnerable to clickjacking. This is common behavior in a clickjacking assault, it's critical to run the test code on a different web server.

<html>
<head>
<title>Clickjacking Cyberattack Vulnerability Test</title>
</head>
<body>
<p><b>Website is Vulnerable to Clickjacking Cyberattack.!<b></p>
<iframe src="<entire website link>" width="300" height="300"></iframe>
</body>
</html>

In a browser, open the HTML page and assess it as follows:

1. The content of your sensitive page is vulnerable to clickjacking if the words “Website is Vulnerable to Clickjacking Cyberattack.!” appear underneath it.
2. The page is not vulnerable to the basic kind of clickjacking if you simply see the words “Website is Vulnerable to Clickjacking Cyberattack.!” and do not view the content of your sensitive page.
   Additional testing is required to determine which anti-clickjacking measures are employed on the page and whether they may be circumvented by attackers.

How web developers could use the X-Frame-Options HTTP Header?
It allows an application to declare whether frame usage is merely banned, as indicated by the DENY value, or whether frame use is permitted, as shown by the SAMEORIGIN and ALLOW-FROM values. This header option is supported by most current browsers. X-Frame-Options your web developers can use:
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM <entire website link>

The ultimate solution for addressing clickjacking vulnerability
CSP (Content Security Policy) allows the developers to disable frame usage entirely or define where it is permitted. CSP isn't supported by all browsers, and a few browser plugins and add-ons may be able to get around it. Browsers are expected to favor CSP's directives if both the X-Frame-Options header and CSP frame-ancestors are utilized, however not all do. Defense-in-depth is a smart practice, and there's nothing wrong with utilizing all three defenses on your websites because none of them are flawless. Web application developers can utilize these CSP frame-ancestors setting- to prevent clickjacking:
Content-Security-Policy: frame-ancestors 'none'
Content-Security-Policy: frame-ancestors 'self'
Content-Security-Policy: frame-ancestors <website link>

To know more about web development practices to safeguard your websites, contact Centex Technologies at (254) 213 – 4740.

View Full Image

Deepfake is a type of artificial intelligence created by combining the phrases deep learning and fake that facilitates in developing videos that have been fabricated via using deep learning techniques. It is a subset of AI that refers to algorithms that can learn and make intelligent judgments without human intervention. A deep-learning system can create convincing impersonations by examining images and videos of a target person from various perspectives and then copying their behavior and voice patterns. Once a prototype fake has been created, GANs (Generative Adversarial Networks) are used to make it more credible. The GANs method aims to find faults in the system and make adjustments to fix them.

How can you stay away from deepfake videos?

1. Deepfake videos are much simpler to spot than deepfake photographs. And you may accomplish so with the assistance of two factors. When a deepfake video of a person is created, for example, there is little difference between the person and the backdrop. However, you may spot a false video if the attention is solely on the face in the video and the surrounding is purposefully obscured.
2. Deepfake can be easily avoided by restricting personal images on social media and avoiding close-up photos of your face as much as possible.
3. Advanced artificial intelligence algorithms are under development which can swiftly identify deepfake videos thereby preventing people from falling prey to fake news and fake films.

When and where did deepfake start?

Deep Fake was a user on Reddit in 2017 who began employing face modification technology for pornography. It was from here that the term Deepfake was coined, and videos like this were known as Deepfake Videos. 

Deepfake as a boon to technology

MyHeritage, a software program, has been in the headlines for transforming any image into a 10-second movie. With this app, you may also breathe new life into old images using this program. With the use of this program, images of prominent personalities from past were transformed into movies. And these films show that if Artificial Intelligence is applied correctly, this approach may be beneficial to humans.

Deepfake as a threat to humanity

A.  Deepfakes were used to subvert democracy in the United States 

Facebook decided to prohibit the use of deep fakes after fake videos of politicians began spreading on social media. They allowed a few loopholes, such as the ability to keep sarcastic films and photos, but distinguishing between satire and agenda-driven content is difficult.

B.  Deepfakes began to be exploited by internet predators 

People began leveraging the ability to substitute anyone's face in an image or video to make pornographic content without their consent. As the deep fake technology allows them to do so by replacing face and expressions; all cybercriminals need is a profile photograph on social media to produce fake material to produce fake videos.

C.  Deepfake to tarnishing reputation of individuals 

A Pennsylvania mom, for example, was prosecuted for harassing cheerleaders at her daughter's school by employing deep fakes. The mother used manipulated recordings to carry out a cyberbullying campaign against girls she viewed as competitors to her daughter.

Deepfakes still continues pushing the digital media envelope where researchers suggest using NFTs (Non-Fungible Tokens) is the most effective strategy to combat deep fake. But NFTs, on the other hand, are still far away from being the standard on blockchains like Ethereum.

To know more about various cyber threats and methods to prevent them, contact Centex Technologies at (972) 375-9654.

View Full Image

The capacity to tap into enormous volumes of data to enable real-time, intelligent decision-making is of crucial importance for any smart building. Builders need a dependable and adaptable communications infrastructure that can serve both current and future use cases. Security is paramount to all digital technologies as traditional WiFi deployment architecture has become vulnerable. Builders and contractors must consider addressing these constraints to improve the experience of residents using WiFi in smart buildings.

Constraints over deploying WiFi in smart buildings: -

1. Leave no blind-spot - Someone might require network access in lobbies, meeting rooms, and other common areas. Physical security management teams increasingly require comprehensive coverage. Wireless IoT sensors could be deployed at elevator shafts, maintenance rooms, roofs, & parking garages. 
   
2. Cabling and installation - Twisted pair cabling improves the WiFi 6 and 6E performance. Category 6A cable should be installed as PoE (Power over Ethernet) devices get more complex, and frequently require more power to function. Ensure safe delivery of high electric watt supply to WiFi APs (Access Points), UHD (Ultra-HD) security cameras, IoT sensors, and PoEs.
   
3. Antenna and Radar - Antenna types such as yagi, panel, and parabolic are better alternatives for coverage and performance in regions with concrete or plaster walls or huge metal machinery. The interior-exterior environment such as office spaces, atriums, parking garages, maintenance, or engineering floors often decides the type of antenna to be deployed. WiFi access points with built-in antennas must be created for conventional office area deployments. This will bypass the physical obstacles such as drywall, cubicle barriers, office-grade doors, and glass panes.
4. Network subnetting - Strict WiFi access controls must be implemented by employing micro-segmentation to mitigate malware outbreaks and service disruptions. LPWAN (Low-Power-Wide-Area Networks) provides ease of deployment, and ultra-low power consumption is required to scale with low-computing, battery-operated IoT sensor devices. LPWAN system requires a single base station to link thousands of scattered endpoints across the building utilizing the basic star topology. LPWAN utilizes sub-GHz frequencies. This helps to avoid excessive interference from old wireless systems functioning in the building at 2.4 GHz range. This ensures long-term network dependability. At the end of the day, the robustness and reliability of your WiFi systems will determine whether your smart building architecture succeeds or fails.

The range of smart building applications is enormous, and it's developing all the time. As a result, in order to take advantage of everything that this transition has to offer, both existing broadband networks and future low-power IoT connections will need to coexist in the wireless architecture.

WiFi deployment in smart buildings helps in: -

1. Occupancy and damage detection - Integrating different systems over WiFi in smart buildings can help in regulation of safe distance measure and sanitation operations. It can also detect faults in time and prevent avoidable maintenance and energy expenditures.
2. HVAC and access control systems - Smart building systems can reduce utility expenditures, carbon emissions and increase tenant satisfaction by installing AI-enabled HVAC (Heating Ventilation and Air Conditioning) systems. Smoke detectors, window/door sensors, intrusion, and fire alarm systems can also integrate with HVAC and the system can identify irregularities proactively to resolve them early on.
3. Monitoring of the environment & consumables - Smart building systems can monitor IAQ (Indoor Air Quality) conditions to enhance the health, comfort, and well-being of building occupants and to lower the risk of respiratory complaints. The WiFi enabled system can also monitor in real-time how much hand sanitizer, soap, paper towels, and toilet paper is being used in the building. To guarantee timely refills and the health and safety of tenants, receive notifications when products are running short.

Centex Technologies provide IT and networking solutions for establishments. For more information on deployment of WiFi for smart buildings, call Centex Technologies at (972) 375 - 9654.

What Is Multi-Cloud?

Multi-cloud means utilization of two or more public cloud service providers to serve the needs of IT services and infrastructure of an organization. The organizations may choose the best services from different cloud service providers based on multiple factors such as cost, technical requirements, geographic availability, security, etc. A simple example is where an organization uses one cloud service provider for development/test, one for disaster recovery, and another to process business analytics data.

Alternatively, an organization may leverage multiple public clouds in combination with private cloud deployments and traditional on-premise infrastructure.

What Is The Purpose Of Multi-Cloud Approach?

Here are the reasons why an organization should adopt a multi-cloud approach:

• Overcoming Data Gravity: Data gravity refers to the idea that it is difficult to move or migrate large data sets and thus, it is important to store the data in proximity with applications and services used to analyze them. Using a cloud-attached storage solution that connects to multiple clouds simultaneously can help in overcoming data gravity. Efficient solutions help in reducing latency by hosting data in close proximity to cloud data centers.
• Optimizing Work Loads: Every cloud service provider offers its own set of physical infrastructure components and application services, while releasing new features on a regular basis. Thus, no cloud service provider can provide cost-optimized services. By adopting multi-cloud approach, organizations have an option to select most suitable provider for every workload leading to enhanced application performance.
• Avoiding Vendor Lock-In: Vendor lock-in refers to a situation where it becomes difficult for an organization to transfer its business away from one service provider to another service provider or back to on-premise infrastructure. However, by adopting multi-cloud approach, an organization has the flexibility to transfer its application to any cloud service provider which allows the organization to take advantage of new technologies.
• Additional Benefits: Multi-cloud approach serves the purpose of enhancing disaster recovery capabilities, meeting regulatory compliance, curbing shadow IT, elevating application performance, etc.

How To Monitor Multi-Cloud Strategy?

• Use monitoring tools designed specifically for multi-cloud environment.
• Leverage a configuration management database.
• Adopt a mechanism that can sense, analyze, adapt, and visualize to help admins resolve outages.
• Use monitoring tools that support automation.

For more information on implementation of multi-cloud for organization, call Centex Technologies at (972) 375 - 9654.    

View Full Image