Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday 22 March 2016

Chinese Hackers Behind U.S. Ransomware Attacks Security Firms


A group of four security firm investigating the cyber attacks on the U.S. based companies has found that most of the hackers make use of the same tactics and tools which were once associated with the Chinese government supported cyber attacks. Ransomware has become a major tool for unleashing the cyber attacks on the unsuspecting common users. Ransomware as the name suggests simply take over the control of the system and very carefully encrypts all the data stored on the system which leaves it inaccessible to the users. In order to get back the access users are required to a ransom of few Bitcoins.

Hackers tricks users into installing Ransomware

Security firms have stated that hackers use various complex and highly intelligent ways to spread ransomware by actively exploiting the vulnerabilities found in the application servers. Once vulnerability has been compromised hackers tricks users into installing ransomware on their devices. In one of the recent attacks more than 30% of the machines at transportation and a technology firm were infected with the ransomware.

The rise of ransomware over the years

Ransomeware aren’t something new as it has been in wide usage by the cyber criminals over a decade. In the beginning unsuspecting users were lured into downloading infected programs or antivirus suits which when installed happens to overtake the device and requires a ransom of certain amount in order to get back the access.

However in the recent years cyber criminals has got hand at the better encryption techniques which ensures that users wouldn’t be able to get access to their files without paying the ransom. Formatting the devices is a great way to do away with the ransomware but it comes at the cost of losing all the data associated with device. Ransomware payments are mainly made in the virtual currency Bitcoin which offers secrecy from governmental agencies and others.

‘Mind’ game behind ransom

Ransomware happens to be one of the most successful tools of the cyber criminals as a greater percentage of infected users end up in paying the modest ransom amount for their inaccessible data. Cyber criminals usually set a modest price as a ransom in order to give back the access to the users. Most of the victims are willing to pay this amount in order to get back their data and it also results in getting positive response in the online sphere. Assume a victim pays about 1 or 2 Bitcoin which amounts to $600 and he gets back the access to its data and he give a feedback on the online forums that he was relieved to get access to data finally after paying then ransom operators. In short all the other victims searching for this malady online will be more willing to pay on basis of this feedback.

On other hand security firms have warned victims that paying ransom will only end up in making cyber criminals much more ambitious. Very soon they will shift from asking ransoms of few Bitcoins to performing some complicated scams and credit card theft as well.

Tuesday 28 July 2015

United Hackers Given Million Free Flight Miles

United Continental Holdings, a US airline has rewarded the two hackers under their bug bounty program because they have spotted security holes in the company website and they disclose the security flaw privately rather than sharing it online.

As a part of reward hackers have received the maximum reward of a million miles on flight, which is worth of hundreds free domestic flights and it is for two people. According to tech experts, its big and very good step in the domain of online security. In conversation with Reuters United Continental Holdings confirmed that they have paid the reward of one millions mile to each hacker, but they didn’t respond on the tweets of individuals which is saying that they have been also paid the small cash reward. This Chicago based carrier is hoping that its bug bounty program will help the company to uncover the cyber risks in the area of airline web security. With the help of bug bounty program web researchers solved the problem before hackers can exploit them and due to that the cost is much less than hiring outside consultancies.

However; all the three major competitors of United have declined any comment on the bug bounty programs and fourth was not available for commenting. Whereas; Trade group Airlines stated that in US all the air carriers should conduct these kinds of tests to make sure that system is secure. United adopted this strategy in the month of May when due to technology glitches they have grounded its fleet more than two times. In one incident company locked its airline reservations system and prevents customers from checking in, however; due to other zapped functionality of the software this air carrier dispatches its entire flight plan. According to spokesperson of United, “We believe that with the help of this program we will continue to provide best, secure and most excellent service”.

Jordan Wiens, who is working on the cyber vulnerabilities, tweeted that last month he received a reward of 1 million miles from United for exposing a security flaw which can allow hackers to control the website of airline. The more he added in an interview that there are not many companies in industry which are doing bug bounty programs, however; according to Wiens it’s normal for big companies such as; United to offer bug bounty program for their websites. Beyond the bug bounty program, United stated that its perfect test system which internally engages the cybersecurity firms to keep its website and online security secure.

According to Dr Jessica Barker, who is security consultant, “Schemes which are rewarding the hackers are perfect way to find and disclose the online security problems in right way and it help us to make the internet safe for all of us”. The more he added that bug bounty programs are common for tech companies because they understand online security and due to certain benefits now other industries are catching them.

Thursday 4 September 2014

Getting To Grips with Online Security

Online Security
For any business security is important, yet small companies often face a more difficult challenge than larger firms. As a business with limited financial resources, you can't always afford large in-house IT teams or rely on custom-built software.

As a result, the best entrepreneur needs to find cost effective methods that remain just as efficient. In an age dominated by online data protection, performance is something that cannot be compromised. Fortunately, there are a number of steps you can take, such as an SSL certificate.

What is SSL? 

SSL stands for Secure Sockets Layer and refers to private communications between your server and other users. This is what keeps customer information from leaking: by encrypting the data sent back and forth, it is all the more difficult for would-be data thieves to listen in. Consequently, the better the SSL, the more difficult it is for thieves to intercept, which makes it more likely that hackers will look elsewhere.

OpenSSL is an open-source version which is ideal for use with smaller businesses. As an open-source variant, OpenSSL is easy to tailor and customise to your needs. Many companies use this across the globe because it is affordable, regularly updated and enables your company to obtain an SSL certificate.

 Online Security
How do certificates help? 

Having security in place is pointless if people are not aware of it, so you need a way to show off your efforts. Not only does it provide official proof of your protection, an SSL certificate can keep your business secure at the same time. A certificate represents a certain recognised grade of achievement, which will often result in a green padlock symbol appearing in various web browsers. This small symbol reassures customers that the information they give you is safe, helping to build further trust between you and them.

There are different certificates available. Depending on the nature of your business, you may want to invest in an Extended Validation Secure Sockets Layer certificate, or EV SSL for short. EV SSL goes even further to check information being sent back and forth. If anything happens in between, such as someone trying to steal data, you’ll be aware.

When dealing with the likes of B2B, this extra precaution is something many will expect as standard practise. The right SSL certificate proves you take your business and its data protection obligations seriously without breaking the bank.