New Age Phishing via Social Media App

 New age Phishing through social media applications

A simple attack presently helped cyber criminals to carry out globally with rise of use of the social media apps during this pandemic time of Covid. Now FB messengers, telegram, Instagram, WhatsApp became the playground for the hackers. This WhatsApp attack shows us that social engineering is not limited to phishing emails only. 

One of the key indicators of a social engineering attack can be how the message makes you feel. It focuses on emotional response of the victim to act quickly.

How they target;

Basically, through suspicious links either directly or through embedded to image or video or pdf files. It can be, believe me. 

Scene-1

Once the attackers have access to your WhatsApp account, they do have access to all of your WhatsApp contacts and groups and will receive any new messages sent to your account. From there the attackers can message your contacts posturing as you are sending those messages and may ask your friends and family for money for an emergency need.

Scene-2

When you get a new device and download and install WhatsApp from Play store, WhatsApp will then send a 6 digit verification code to the mobile number you have entered. This code verifies that you own the mobile number and device. Once the 6-digit code has been entered that device will then receive WhatsApp messages for that account.

In this attack, the attacker will have already compromised someone’s WhatsApp account (they could have done this via Facebook, not necessarily WhatsApp itself). 

Here, the account they had compromised belonged to an old friend or known person. The attacker then sends a message to the friends of the initial victim stating they have accidentally sent the code to them, or they have issues in receiving the code. 

Here you can see that the attacker tells they 'sent' you the code by mistake, please send back to me. If You sent back 6-digit code, the attackers will successfully compromise the WhatsApp account, too.

Scene-3

Since November 2021, this has came to notice some messages in WhatsApp being received that “Is it you in the Video” with a suspicious link. This is a social engineering or phishing attack where, if you click on the link, it will provide a user credential fake page for your FB or messenger. Then if you try to log in to that fake account, then your original account gets compromised. 

Similarly, the attacker sends the same message to all your contacts to follow the same steps. 

What to Do?

• Use (Two Factor Authentication) 2FA on any account for safety.
• Use Password Manager.
• Use Anti-virus for mobile too.
• Do not receive any WhatsApp calls. 

Please refer to below a State Government guidelines shared here for awareness purpose. 

Please follow guidelines and stay safe!

-DR

SSO and MFA authentication

SSO and MFA Authentication

There was a time where, we were using simple combination of a user name and password to protect our most vulnerable information, accounts. But the hackers are always one step ahead, they do Phishing, Identity theft, data breaches, malware attack to compromise the system at any time around the globe.

Now a days many new technologies introduced to provide additional layer of protection to our confidential and personal information over web.

SSO

Single-sign on (SSO) is a login technique or security solution in which users have one set of credentials (Username and passwords) to access multiple applications at a single time. The main benefit of SSO is the efficient centralized approach. Users can access multiple services without pausing to enter new credentials or to remember multiple username and passwords which are complex in nature. 

The SSO solution internally stores the multiple credentials for every section of software users need to access and then validates the users with those systems when they need to be accessed. This can improve user experience when used externally and boost workflow when used internally. It utilizes industry standards like Kerberos, X.509 or SAML 2.0 and replaces the passwords with security tokens.

The advantage of SSO is, users only need to remember one password at all times for login.

However there is one key risk for adopting this technology is, if a hacker or malicious actor hacks your one account, then he will be able to take other associated accounts or applications to its control. Loss of availability of SSO application means a user will not be able to access any other applications, becoming a single point of failure.

MFA

Multi factor Authentication (MFA) uses numerous different factors to verify a person’s identity and grant access to multiple software, systems, and data. Generally, MFA systems use two or more techniques to authenticate individuals with its concept such as What you know, What you Have, Who you are, What you do. 

Now, we aware that many applications are using MFA such as Google uses 2FA and MFA for securing its products. The advantage of multi-factor authentication is that, in most cases, it’s very secure. The combination of a password, physical token, and biometric can significantly reduce the risk of security breaches.

When implementing MFA, organizations typically choose two of the concepts as described above. So, a user might need to enter a password and a Short Message Service (SMS) code. The system might require MFA with every login or only when users login on a new device.

In organizations while using different applications under SAP systems while using the Employee Self Service Portal, you need to log in through SSO + MFA in your active directory, but you also need to connect through the firm provided VPN to keep your system more secured. 

So, we can optimally use both technology at one place to strengthen our security perimeter which can further improves both user experience and security.

Do you have any further suggestions, please do comment!

-DR

Orchestration Basics

Orchestration

Orchestration is an integrated system for automated EMS system, configuration management, patch management, cloud management and coordination of computer systems, applications, Security management and services. Orchestration helps IT system to manage complex tasks and workflows easily. So, it suits for large scale network or virtual environment. The orchestration differs from automation. 

Orchestration layer also provides Role-based policy management, administration, configure and enforce role based policies. It helps in automated creation of virtual and physical instances and assignment of virtual infrastructure through appropriate tooling to support end-to-end automated provisioning and bare metal provisioning.

Cloud orchestration can be used to provision or deploy resources such as servers, assign or increase storage capacity, create virtual machines and manage networking among other tasks.

In IT Orchestration tool, it ranges from simple script-based app deployment tool to more specialized offerings like Kubernetes’ container orchestration solution. In the past few years, these containers have dramatically transformed the way software organizations build, ship, and maintain their applications.

 The key benefits of orchestration 

• Limited downtime or system outage
• Speed and accuracy in operation
• It can save developer time
• It has reduced errors
• Increased productivity
• Reduced IT cost
• Centralized policy management
• Auto scaling of resources

Example of some orchestration tools as; Rancher, Kubernetes, Meshosphere, Marathon, Nomad, Docker swarm, Minikube, Cloudfy, AZK, AKS, GKE. Many tools come as open source also. 

Kubernetes

The most popular orchestration tool is Kubernetes. It is an open source platform and designed by Google. It can help in automate deployment, containerized workload and services.

Some Key features of Kubernetes

• It is self healing
• Configuration management
• Storage orchestration
• Service discovery
• Load balancing

OpenShift

Similarly, OpenShift is made on the top of Kubernetes with community version as well as enterprise edition by Red Hat. It also offers container management and orchestration. It comes as in below layer;

• Red Hat Open Shift Kubernetes Engine
• Red Hat Open Shift Container Platform
• Red Hat Open Shift Platform Plus

Red Hat OpenShift Container Platform is based on Docker-formatted Linux containers, Kubernetes orchestration, and Red Hat Enterprise Linux (RHEL). It is available at AWS cloud platform.

So this is for basic understanding for orchestration. Refer further reads for in depth knowledge. 

Feel free to share your feedback through comments below. Like and share. 

-DR