Journal
Jan, 2023
Keylogging
I find keyloggers, and more specifically hardware keyloggers, to be very interesting because hardware keyloggers do not require any software to be downloaded, so they do not require any login information or require tricking the user to perform a task. They only require physical access to a computer. The computer does not need to be turned on or logged in to deploy the keylogger. More on hardware keyloggers and how to prevent/detect them later.
What is a Keylogger
A keylogger is a type of malicious software or hardware device that records every keystroke made on a keyboard. By recording keystrokes, a keylogger is able to collect sensitive information such as passwords, credit card numbers, and other personal information. The recorded data is then sent to the attacker, who can use it for illegal purposes such as identity theft, fraud, or other malicious activity.
There are two types of keyloggers: software and hardware. The difference is software keyloggers are programs installed on a computer that run in the background, while hardware keyloggers are physical devices that are plugged in, often between the keyboard and computer.
Software keyloggers can be installed on a computer through a variety of methods, including email attachments, infected websites, or via a Trojan horse. Once installed, the software can be difficult to detect, as it runs in the background and does not display any obvious signs of its presence. Keystroke payloads are sent to the attacker over the internet.
Hardware keyloggers are less common. They can be easily hidden and are very difficult to detect, unless actively looking for one. As mentioned previously, hardware keyloggers do not require any software to be downloaded, so they do not require any login information or require tricking the user to perform a task. Worse yet, while hardware keyloggers can require the attacker to have physical access to the hardware in order to retrieve the keystroke payloads, some hardware keyloggers have wireless capability and do not require physical access to the keylogger after deploying it on a target. This means having physical access to a computer just once is enough.
This also means that attackers deploying hardware keyloggers are often performing targeted attacks and are located close by in proximity.
Defense
To protect against software keyloggers, it is important to follow good security practices, such as keeping your operating system and anti-virus software up to date, avoiding suspicious emails and websites (Phishing), and using strong, unique passwords for every account. In addition, you can use anti-malware software to detect and remove keyloggers. These security practices help protect against most types of malicious software, so make sure to follow them as a general rule.
To protect against hardware keyloggers, it is important to monitor and restrict access to any locations where computers are being kept. As well as routinely check computer hardware to ensure no foreign devices are present. For personal devices, this means not leaving your computer unattended in any public locations. And for businesses, this means implementing physical access control systems like security gate systems, turnstiles, door locks, and other access control systems.
In conclusion, follow good security practices and restrict access to your computers.
Feb, 2023
Phishing
One of the most important Cyber Security topics to be thoroughly informed about is Phishing. This is because it effects everyone and can have major consequences if a user takes the bait. For an individual, this can mean loss of money, identity fraud, or catching a virus. For a corporation, this can mean loss of data for potentially millions of users.
What is Phishing
Phishing is a type of social engineering cyber attack that aims to works by tricking users to perform a task such as clicking a link, opening an attachment, or sharing sensitive personal information, such as passwords and credit card numbers. Phishing accomplishes this by posing as a trustworthy entity. This is typically done through emails or websites that look identical to a legitimate source, such as a bank or well-known company. They may also deploy other tactics like urgency, authority, scarcity, and familiarity.
Defense
To protect against phishing, it is important to be vigilant and cautious when providing personal information online. Here are some steps individuals can take to reduce their risk of falling victim to phishing attacks:
Be skeptical of unsolicited emails or messages. If you receive an email or message from an unfamiliar sender, especially one that asks for sensitive information, be cautious.
Look closely at the sender's email address, as it may contain slight variations from the actual email address of a trusted source.
Check for typos, grammar, and other oddities.
Verify URLs, as links in phishing emails often redirect to fake websites. Before entering any sensitive information on a website, verify that the URL is legitimate by hovering over the link and checking the destination URL. And if possible, use a direct link to any websites that are linked, instead of using any email links.
Regularly update your software and use anti-virus software to detect and block malicious emails and websites.
If possible, enable multi-factor authentication for your accounts, which adds an extra layer of security beyond just a password.
Call to confirm. For example, if an email claiming to be from a bank is emailing about a payment due immediately, stop and call the bank, using a phone number found on the bank's official website, to verify if the email is legitimate or not.
In conclusion, phishing is a serious threat to individuals and organizations alike. Remember to always be skeptical of unsolicited emails or messages, check sender email addresses and URLs, keep software updated, and use multi-factor authentication where available.
Mar, 2023
Zero Trust
A Zero Trust model is becoming ever more necessary as organizations move to cloud platforms and hybrid/remote work options, in contrast to the traditional security model that relied on a perimeter-based defense strategy, where organizations established a secure perimeter around their network or physical building and only granted access to those who were within that perimeter. Cloud platforms and hybrid/remote work options render it near impossible to maintain any sort of secure perimeter, thus creating the need for Zero Trust.
What is Zero Trust?
Zero Trust is a security model that assumes that all users, devices, and applications are not to be trusted by default, regardless of factors like their location, user identity, behavior patterns, or OS version. Instead, they are authenticated and authorized continuously for each and every access attempt.
In addition to continuous verification, Zero Trust also applies the principle of least privilege by only granting each user or application access to what they need to access to be able to perform a job function, and hide everything else so that ideally they are not even aware of the resources they do not have access to. This approach significantly reduces the risk of a breach because attackers can only access limited resources even if they manage to breach the perimeter.
How to implement?
Implementing Zero Trust requires a comprehensive approach that encompasses people, processes, and technology. Organizations need to create a comprehensive inventory of their assets, including devices, applications, and data, and then classify them according to their level of sensitivity. As well as mandating that all access requests must be logged, and any anomalies must be investigated promptly. Additionally, Zero Trust works alongside several other security technologies such as identity and access management (IAM), multi-factor authentication (MFA), endpoint protection, and security analytics.
In conclusion, Zero Trust is an essential security model that has become more and more of a necessity in recent years. It is based on the principle of least privilege and requires organizations to continuously verify the identity and context of all entities that request access to resources. By adopting Zero Trust, organizations can significantly reduce the risk of a breach and improve their overall security posture.