MitB (Man-in-the-Browser) attacks are variants of MitM (Man-in-the-Middle) attacks in which an attacker compromises a user's Web browser in order to eavesdrop, steal data, and/or interfere with a user session. MitB is regularly used by attackers to perform different financial scams, the most prevalent of which being interfering with online banking systems.

Adversaries can use security holes and/or modify built-in browser capabilities to change content, shift behaviors, and intercept data in order to damage the browser. The attack may be carried out with a variety of malware, the most common of which is a Trojan.

MitB malware / attack campaigns targeting online banking and other internet services include Zeus, Spyeye, Bugat, Carberp, Silon, and Tatanga. MitB attacks, also known as man-in-the-mobile attacks, can occur on mobile devices. Two well-known Mit Mobile hacks are ZitMo (Zeus-in-the-Mobile) and SpitMo (Spyeye-in-the-Mobile).

How do MitB attackers use proxy trojans to target their victims?

A proxy trojan is a type of Trojan horse that is meant to function as a proxy server on the victim's computer. It may intercept all requests to the legitimate programme, like as the victim's Web browser, and determine whether or not it can handle them. If it is unable to process a query, it forwards the request to the real application code. The attacker now has complete control of the victim's computer and can do almost anything with it. Some MitB variants contain the ability to act as a proxy trojan.

MitB hackers taking huge advantage of clickjacking vulnerabilities on webpages

When a hacker employs malicious code included in a webpage to trick a user into clicking on something other than what the user expects, this is known as clickjacking. It is most commonly used on eCommerce sites to entice users to click on links or images. These fraudulent links take users to another commerce site, which might be a competitor's portal or a phishing site.

 Why installing a trojan horse required for a successful MitB attack?

Because a MitB attack requires the installation of Trojan software on the target system, attackers utilise a variety of phishing tactics to convince their victims to comply. The attacker gains access to all of the user's internet destinations after the Trojan Horse has infected the system. Many Trojans designed for MitB attacks can then generate code for additional input forms. These input forms are subsequently shown on the websites that the visitor visits. As a result, attackers can gather a wide variety of personal information.

How is MitB carried out in any browser?

MitB attacks are launched via a user script, a Browser Helper Object (BHO), or an unprotected browser plugin. The virus enables the creator to circumvent the web browser's security features. The trojan then facilitates the interception of calls between the user and the website they are viewing. The trojan has the ability to conduct the following activities in particular:

1. Modify or add new columns and fields to your website.
2. Modify financial transaction data such as account and purchase information.
3. Suspend or seize an ongoing transaction in real time.
4. Modify the style and feel of a website
5. Modify the server responses, such as thank-you pages
6. Capture information put into webpage fields
7. The entire transaction may also be altered if the user returns to the website.

How Boy-in-the-Browser attacks differ from Man-in-the-Browser attacks?

BitB (Boy-in-the-Browser) attacks utilise malware to change the network routing tables of victims' devices, allowing a standard MitM attack to be carried out. Once the routing modifications are implemented, the virus may attempt to delete itself in order to conceal its tracks and make detection more difficult.

Centex Technologies offers online portals and businesses comprehensive web development and cybersecurity solutions. Call Centex Technologies at (855) 375-9654 for additional information on how to safeguard your website.

View Full Image

Clickjacking is a type of cyberattack that deceives users into believing they're clicking on one thing while they're actually clicking on something else. Also known as UI (User Interface) Redressing where users believe they are using the standard UI of a web page, but actually, that is a concealed UI in control. The hidden UI takes a different behavior when consumers click something they think is safe.

This attack's final objective is to lure victims into disclosing their PII (Personally Identifiable Information) or even infect their devices with malware. The real objectives can be almost anything that can be done through web pages. This includes blackhat hacker behaviors such as installing malware and stealing credentials or even conducting a ransomware attack on infected devices. Benign activities like raising click counts to increase advertisement income on sites, getting likes and views on Facebook and YouTube are also possible.

How will you prevent your website’s users from getting click jacked?

Web developers can use one of these two methods: -

1. Client-side techniques include Frame Busting, which is the most prevalent one. Such techniques can be useful in some situations, but they are not recommended because they can be readily circumvented.
2. X-Frame-Options is the most often used server-side approach. Security experts advise using server-side approaches to combat clickjacking.

So, how does anyone get click jacked?
First, any attacker produces a visually appealing website that offers visitors a free trip to any overseas country. In the background, the attacker is actually checking if the users are signed into the banking site via cookies stored in the browser. If so, the attacker opens the page that allows for fund transfers, inserting the attacker's bank data into the form using query parameters. The bank transfer page appears in an invisible iframe above the free trip page, with the "Confirm Transfer" button perfectly positioned over the user-visible "Receive Free Trip" button. The user arrives at the website and selects the "Book My Free Trip" option. In actuality, the user is clicking on the "Confirm Transfer" button on the unseen iframe. The funds are sent to the attacker. The user is taken to a website where they might learn more about the free trip (not knowing about what happened actually in the background).

How to check whether your website is vulnerable to clickjacking?
Create an HTML page and try to incorporate a sensitive page from your website in an iframe to see if your site is vulnerable to clickjacking. This is common behavior in a clickjacking assault, it's critical to run the test code on a different web server.

<html>
<head>
<title>Clickjacking Cyberattack Vulnerability Test</title>
</head>
<body>
<p><b>Website is Vulnerable to Clickjacking Cyberattack.!<b></p>
<iframe src="<entire website link>" width="300" height="300"></iframe>
</body>
</html>

In a browser, open the HTML page and assess it as follows:

1. The content of your sensitive page is vulnerable to clickjacking if the words “Website is Vulnerable to Clickjacking Cyberattack.!” appear underneath it.
2. The page is not vulnerable to the basic kind of clickjacking if you simply see the words “Website is Vulnerable to Clickjacking Cyberattack.!” and do not view the content of your sensitive page.
   Additional testing is required to determine which anti-clickjacking measures are employed on the page and whether they may be circumvented by attackers.

How web developers could use the X-Frame-Options HTTP Header?
It allows an application to declare whether frame usage is merely banned, as indicated by the DENY value, or whether frame use is permitted, as shown by the SAMEORIGIN and ALLOW-FROM values. This header option is supported by most current browsers. X-Frame-Options your web developers can use:
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM <entire website link>

The ultimate solution for addressing clickjacking vulnerability
CSP (Content Security Policy) allows the developers to disable frame usage entirely or define where it is permitted. CSP isn't supported by all browsers, and a few browser plugins and add-ons may be able to get around it. Browsers are expected to favor CSP's directives if both the X-Frame-Options header and CSP frame-ancestors are utilized, however not all do. Defense-in-depth is a smart practice, and there's nothing wrong with utilizing all three defenses on your websites because none of them are flawless. Web application developers can utilize these CSP frame-ancestors setting- to prevent clickjacking:
Content-Security-Policy: frame-ancestors 'none'
Content-Security-Policy: frame-ancestors 'self'
Content-Security-Policy: frame-ancestors <website link>

To know more about web development practices to safeguard your websites, contact Centex Technologies at (254) 213 – 4740.

View Full Image

View Full Image

View Full Image

Zero-Day also mentioned as 0-Day indicates that the vendor or developer has very recently got to know about that flaw. Since the hackers have exploited the flaw before developers can discover & patch it, the Vendor has Zero Days to fix it. Some meaningful terms to understand 0-Day better:

1. 0-Day Vulnerability is discovered by hackers before the developers and hence they cannot be patched. However, developers can implement and notify workaround techniques to temporarily address it.
2. 0-Day Exploits are the TTPs (Tactics-Techniques-Procedures) used by hackers to attack IT infrastructure.
3. 0-Day Attack involves using 0-Day Exploit targetting 0-Day Vulnerability inflicting damage to IT resources.

Cybercriminals and hacktivists with malicious intentions such as espionage and theft, financial gains, cyber warfare, service disruption, and likewise usually carry out such 0-Day attacks. Its victims could be anyone and everyone across the globe ranging from an individual to an organization and even a nation-state. Operating systems and software applications, hardware and firmware, IoT (Internet of Things) devices, household appliances, automobiles are the usual targets. Attacks carried out against potentially valuable targets such as MNCs (Multi-National Companies), government and intelligence agencies, or VVIPs (Very Very Important Persons) are targeted 0-Day attacks. Vulnerable systems-servers or applications and hardware are the usual victims of non-targeted 0-Day attacks. Sometimes the LEAs (Law Enforcement Agencies) are unable to comprehend the collateral damage caused by attackers.

Zero-Day exploits are considered the ultimate cyber weapon to inflict heavy and often irreparable damage. Poor cybersecurity hygiene, ignorance & lethargy of security professionals, inadequate budgets, skill gaps in the availability of skilled and qualified cybersecurity workforce are some of the reasons behind getting victimized by a 0-Day vulnerability. When victims get to know about a 0-Day vulnerability in their environment, it is often too late to mitigate them. The course of action is to either accept the risk and threats of attack(s) or shut down the crucial components/facilities of their operations and services.

So, how would you try to protect yourself, as much as possible, from getting affected by the 0-Day exploits?

Prevention is however almost impossible for 0-Day vulnerabilities but detection and mitigation strategies are still relevant here. 4 proactive and protective best practices might help you and your firm stay resilient against most 0-Day attacks: -

1. Educate and be aware against social engineering: Employees and business partners need to understand the bigger picture of business risk. Everyone must take moral ownership to keep the business services and daily operations safe & secure in their individual capacities. User awareness training must be conducted to prevent the staff from getting targeted by social engineering attacks. 
2. Implement 2FA / MFA with biometrics: Deploy 2FA (2-Factor Authentication) and MFA (Multi-Factor Authentication) along with biometric locks will keep unauthorized users or hackers at bay. It is advised to periodically change the credentials used to access the various digital resources across your organization. Modify and update the vendor-supplied default security configuration to customize as per the business requirements. 
3. Strict ACL (Access Control List): Be vigilant when you grant any user the read and/or write access or elevate their privileges from user to admin and likewise. Grant or assign the privileges or access on a Need-to-Know basis only.! Deploying an appropriate IAM (Identity and Access Management) plan prevents accidental information modification from unauthorized employees. It also limits the scope of access for hackers having stolen the employees’ credentials. Implement a systematic de-provisioning process for employees leaving the company so their access to the IT systems, applications, and data is curtailed. Revoking the access rights of someone who has left the organization is very much a crucial security responsibility that must be completed on the LWD (Last Working Day) & not get delayed. 
4. Depth-in-defense & defense-in-depth approches: Maintaining your organization’s credibility in the market is very important. Comply with various regulatory standards & frameworks to protect highly sensitive business information. The in-house SOC (Security Operations Center) team can monitor the real-time activities of users, services, and applications in your IT environment. Alternatively, to facilitate inadequate budgets & lack of resources, you can hire an MSSP (Managed Security Service Provider). They help you to outsource your security logging & monitoring requirements. They prevent, detect, analyze, & mitigate security risks, threats, vulnerabilities, & incidents for your business. Protect your data & devices with various security solutions such as NGAVs (Next-Gen Anti-Virus), DLP (Data Loss Prevention), XDR (Extended Detection and Response), Honeypot, and likewise. Training and securing your users and employees would give hackers a hard time targeting your IT infrastructure with 0-Day vulnerabilities. 

Centex Technologies provides a variety of cybersecurity solutions to companies. For a free audit of your enterprise's IT systems, call (855) 375-9654.

Fuzzing is a software testing technique which is used to find implementation bugs that can be hacked by using malformed/semi-malformed data injection in an automated fashion. The data injection consists of different permutations of data that are fed into target program until one of these permutations reveals a vulnerability that can be exploited by the cyber criminals.

A fuzzer may try different combinations of attacks on:

• Numbers (signed or unsigned integers, floats, etc.)
• Characters (urls, command line inputs, etc.)
• Metadata (user input text such as id3 tag)
• Pure Binary Sequences

The most common approach for a fuzzing attack is to define a list of ‘fuzz vectors’ (known to be dangerous values) for each type and inject these vectors or their recombination into the program.

Here is a list of common fuzz vectors:

• For Integers: Zero, possibly negative or very big numbers
• For Chars: Escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands…)
• For Binary: Random ones
• For Chars: Escaped, interpretable characters / instructions (ex: For SQL Requests, quotes / commands…)

Types Of Fuzzing Attacks:

Application Fuzzing: A web application fuzzer tests for buffer overflow conditions, error handling issues, boundary checks, and parameter format checks. Irrespective of the type of system to be fuzzed, the attack vectors are in it’s Input or Output system. Attack vectors for a desktop app are:

• The UI (testing all the buttons sequences / text inputs)
• The command-line options
• The import/export capabilities

In case of a web app, attack vectors can be found in urls, forms, user-generated content, RPC requests, etc.

Protocol Fuzzing: To launch a protocol fuzzing attack, a fuzzer sends forged packets to the tested application and eventually acts as a proxy to modify requests sent to the server and replay them to find a vulnerability.

File Format Fuzzing: In a file format fuzzing attack, the fuzzer generates multiple malformed samples and opens them in a sequence. When the program crashes, the sample is kept for further investigation. Using a file format fuzzing attack, hackers can attack-

• The Parser Layer (Container Layer): These attacks target file format constraints, structure, conventions, field sizes, flags, etc.
• The Codec/Application Layer: These are lower-level attacks which aim at the program’s deep rooted information.

Centex Technologies provide complete IT security solution to clients. For more information, contact Centex Technologies at (972) 375 - 9654.              

Wireless networks have grown a lot from the first generation (1G) to 4G/LTE networks that offer faster speeds. Now, the stage is being set for 5G that will connect a large number of new devices and sensors with future communication technologies while introducing new capabilities and services.

But with great transformation come great risks! Some security professionals are warning that 5G will also empower the hackers with speed and capabilities to launch high-speed malicious activity across larger number of devices in a short span. A survey indicates that approximately 73% of security professionals have shown high to medium concern on potential impact of 5G on cyber security.

Professionals indicate that 5G will introduce new vulnerabilities in:

• Supply Chain: 5G supply chain will be at risk of vulnerabilities such as malicious software and hardware, counterfeit components, and poor designs, manufacturing processes and maintenance procedures.
• Deployment: 5G is expected to use more information and communication technology components, so improperly deployment, configuration or management of equipment and networks may be at risk of disruption & manipulation.
• Network Security: Since 5G builds upon previous generations, it may be expected to carry forward legacy vulnerabilities such as DDoS attacks, etc.

In lieu of potential 5G risks and vulnerabilities, here are some ways to help you manage 5G security challenges:

• Prioritize Security: Organizations with security-first mindset are prepared to adopt 5G and other emerging technologies. But, also focus on your customers and in case they don’t have a culture that prioritizes security, help them adopt solutions and services that cover all the aspects of cyber security including incident response strategy.
• Deploy Standards-Based Devices: Organizations should focus on helping their customers and employees choose IoT devices that are embedded with in-built security features and meet established industry standards for security. It is important to make sure that the devices are capable of offering protection, detection, and mitigation.
• Adopt Virtualization: A large number of connected devices paired with the speed of 5G can act as a perfect playground for hackers and compound the security issues. Organizations can consider introducing virtualized security controls to help their customers in applying security policies across their environment at a quick speed, while employing automated remediation to help mitigate threats.
• Combine Threat Intelligence With AI: New capabilities of 5G will introduce new types of vulnerabilities and attacks. Organizations should infuse threat intelligence with AI or Machine Learning to immediately identify, detect and response at the point of attack.
• Zero-Trust: Organizations should implement zero-trust security policies. It includes verifying everything including user login, data access, incoming data, outgoing data, access requests, etc. without any exceptions.

5G can be used to garner business growth and profits, provided appropriate security measures are adopted.

At Centex Technologies, we educate our clients on the security challenges of 5G and required measures. To know more, call Centex Technologies at (972) 375 - 9654.

View Full Image