Category: Cyber Security

CRITICAL STEPS FOR SECURING API KEYS

Automation authorizes organizations and Industries to hold the dynamic capabilities of the cloud. Today’s, enterprises are expanding by holding automation tools and DevOps initiatives to drive improved efficiency, bigger business agility and optimize business processes. To achieve this activity securely, automation tools pass credentials through APIs to make sure that only authenticated automation tools, applications, etc. can get authorized access to the organization’s cloud resources, infrastructure, customer data and other applications. All of the public cloud vendors make use of secure credentials, generically referred to as API keys or Access keys, which are private and unique to the organization’s cloud environment and are enabled during set up of the cloud environment.

For example, Amazon Web Services environments, scripts use Amazon Web Services Access Keys for auto-scaling, accessing data and other functions. With Azure, Azure Application Keys play a same role, and API Keys for Google Cloud Platform. These API keys are very much powerful, enabling, for example, a script or user to start or stop a virtual server, copy or wipe out entire workloads and database. With API keys, a script or user can do anything they want within the cloud environment. In the wrong hands, they represent a major vulnerability.

API keys represent the “keys of the cloud kingdom,” but in spite of this far outreaching power, these keys are not safe. For example, attackers use spoofing to steal API keys by authorizing access to unsafe endpoints. Keys are also often plant within orchestration tools, applications and automation scripts. As a result, they are all frequently unchanged and static, they are strongly hard coded and available in any copy of the code or app script. Attackers also try to steal API keys from public directories, like GitHub. In this case, from code that is accidentally dropped into public directories without removing the API keys. It can be an easy fault for a developer to make, and attackers use bots to troll these directories leaving little time for the developer to correct the fault.

API keys are such mandatory and effective credentials and so widely used in cloud workloads, powerfully securing them and applying the principle of least privilege is necessary.

Steps for Securing API Keys

To help secure API of the enterprise cloud workloads, enterprises should take the following steps for API keys security:

Discover and enumerate all keys: Control learning tool that can scan your cloud environment to spot where API keys and other secrets are hidden. Evaluate and prioritize the API key and infrastructure vulnerabilities and collect dependent and complete audit information.

Remove embedded API keys: Securely eliminate API keys from script, automation tools and application. Similarly, intercept human users from straight accessing the API keys.

Secure API keys: Proactively protect API keys by keeping them in a secure, concentrate vault that supports strong controls access permitting only authorized applications and user to reach them.

Automate securing credentials: Control API Key access to the digital vault and use combination with automation scripts and tools to automate and make sure to secure use of the API keys. To ensure that authorized application has access to the API keys use application authentication and machine IDs.

While migrating workloads to the cloud can lead significant business benefits, it can also enlarge the attack surface by permitting unprotected API keys, Credentials, and other secrets to become damaging security vulnerabilities. In the hands of an external attacker or malicious insider, API keys could allow attackers to take full control of an organization’s cloud infrastructure for attacker and malicious insider and also disrupt operations, steal confidential information and disable security controls.

However, while this post focuses on vulnerabilities that attackers can utilize, organizations that efficiently manage their API keys, secrets and other credentials can reduce these vulnerabilities and protect their cloud workloads. In fact, with the right approach the cloud can be more protective and secure than on-premises environments.


Weborion™ – Penetration Testing and Its Importance

Penetration Testing

Penetration testing is kind of Security Testing used to check the unprotected portions of the system or applications. The goal of this testing is to find all security vulnerabilities that are existing in the system being tested. Vulnerability is the possibility that a cyber-attacker can interrupt or gain authorized access to the system or any data contained within it. It is also called pen test or pen testing.

Vulnerabilities are usually introduced by problems during software development and implementation phase. Common vulnerabilities include software bugs, configuration errors, design errors etc.

Penetration is essential in an enterprise because

Banks, Investment Banking, and Stock Trading Exchanges and other financial sectors want penetration testing for secure their data and is also essential to ensure security

In case if the software system was hacked already and organization wants to determine whether any threats are still available or not in the system to avoid future hacks.

Proactive Penetration Testing is the best security against hackers.

Types of Penetration testing:

The type of penetration test selected usually depends on the scope and whether the organization wants to simulate an attack by an Employee, by External Sources, or by Internal Sources. There are three types of Penetration testing and they are

  • Black Box Testing
  • Grey Box Penetration Testing
  • White Box Penetration testing

In black box penetration testing, the tester has unknown about the systems to be tested. They are responsible to gather information about the target system or network.

In a grey box penetration testing, the tester is given partial knowledge of the system or network. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization’s network infrastructure documents.

In a white-box penetration testing, the tester is usually given complete information about the system or network to be tested, including the OS details, IP address schema, source code etc. This can be considered as a simulation of an attack by any internal sources.

Penetration Testing cannot find all vulnerabilities in the system. There are limitations of time, budget, scope, skills of Penetration Testers

The following will be common effects when tester is doing penetration testing:

  • Down Time
  • Data Loss and Corruption
  • Increase costs

Role and Responsibilities of Penetration Testers:

The penetration Tester job is to:

  • Testers should gather essential information from the Organization to enable penetration tests
  • To Find flaws that could enable hackers to attack a target machine
  • Pen Testers should act & think like a real hacker albeit ethically.
  • Work by Penetration testers should be logically done so that it will be easy for developers to fix it.
  • Start date and End date of test execution should be defined in advance.
  • Testers should be responsible for any loss in the system or information during the testing
  • Testers should keep data and information private.

Weborion Cyber Security Solutions:

Weborion is providing web security services. Weborion provide penetration testing for Web Appliaction, Websites, Mobile Application, etc.

Check Details : http://weborion.in/#contact


WannaCry Ransomware Attack

May 12th 2017 saw the monstrous ever cyber-attack in Internet historical events (yes, bigger than the Dyn DDoS).  A ransomware named WannaCry charge through the web, with the damage epicenter being in Europe.

How the ransomware spread

WannaCry leveraged a vulnerability in Windows OS, determine by the NSA, and then publicly disclosed to the world by the Shadow Brokers.

In the first few hours, 0.2 millions machines were attacked. Biggest organizations such as Renault, Dacia, FedEx, Nissan, Cambrian College, and Petro China were bang and crush by the attackers. Thousands of ATMs and ticketing machines were also targeted and encrypted.

The ransomware encrypts the infected user’s files like photos and videos to documents and databases. After the user gets infected red ransomware note is then displayed, demanding approximately $300-$600 via Bitcoin payment in order to decrypt the user’s files.

Ransomware has been a rising trend for the past two years, and this is just a climax, a grand release to the whole world of just how big of a threat it is. But we’ve been writing about this for a while now.

Five Best Practices to Alleviate Risk

Though WannaCry is in the highlight today, ransomware will extend to spread, and more advanced methods will find their way into attackers’ Dictionary. So, how can an organization protect their systems against WannaCry and other types of ransomware that will definitely evolve in the future? Here are five best practices to follow to reduce risk:

Follow the Least Privilege Principle

Regular configuration of access controls of file, directory and network sharing permissions with the least privilege principle in mind. Most users do not need administrative privileges to do their required task on their corporate endpoint devices, so user access should remain at the minimal point that will allow regular functioning. With the help of a non-privileged user access will not make you immune to WannaCry ransomware, it can stop the malware from doing some certain malicious tasks, such as deleting copies of the infected system’s files.

Apply Application Control

By controlling which executables have access to your files can also help in defensive efforts. For example, if you put the word document executable in a white list as write access to your documentation files, then if a ransomware’s executable tries to encrypt and overwrite the files, it will be denied (as it is not on the “approved” whitelist). It’s important to also establish policies based on trusts that will protect these “trusted” or whitelisted applications.

Disable SMB v1 and Apply Patches

To protect against the specific WannaCry strain, immediately disable and stop the services of the outdated Microsoft SMB protocol, or simply apply the new patch MS17-010 that Microsoft released a few months ago.

Block Internet Access

The Microsoft SMB protocol helps your network, so that your network should not be open to SMB packets from the internet. Implementing port filtering to block all versions of SMB at the network boundary.

Always Backup

Whenever you’re attacked by a ransomware, or your hard drive of your system suddenly dies unexpectedly, backing up your important and privileged data is an essential, table-stakes best practice. But remember that with the help of backups you are not enough to protect against data loss from ransomware attacks, especially if organizations are reveling privileged credentials to attackers.

As we advised in the wake of the initial attacks, organizations should immediately implement a combination of least privilege and application control policies on endpoints and servers throughout their organizations to reduce risk. This can help prevent ransomware from encrypting files and deleting the snapshots. This is an important layer in defending against future ransomware attacks.


Common ways hackers try to steal credentials

We are living in a digital era and depend and trust network and devices with our private data.

From making friends on social media to paying our bills through online banking, we continue to share intimate details of our lives using online networks.  This increased use of personal data online, has resulted in an increase in the number of security companies tasked to protect private information on networks and end-use devices. An online cat and mouse game exists as technology is promptly evolving and responding to the strategy used by cyber criminals to steal data.

How hackers steal your password

While it is not the norm, as an online user, one should start following cyber security blogs to learn about the best ways to safeguard your data. Listed below are common ways cyber criminals steal confidential credentials from unknowing users online:

  • Keystroke logging: Seizing everything that a user types, including their confidential passwords.
  • Memory scraping: Inspecting the memory on desktops and finding credentials that may be saved in plain text, or in Windows environments. Finding for certain hashes that can be used in pass-the-hash.
  • Password spreadsheets: Finding path of spreadsheets which containing passwords. (Yes, If you have one, get rid of it today.)
  • Password cracking: Trying to guess or “crack” confidential or confidential with brute force. Industry reports have disclosed network administrators, database administrators and system administrators are frequently the worst sinners (and therefore key targets in an attack) when it comes to having easy to crack passwords.
  • Social engineering: Cheating or double-crossing  a user into giving up their confidential credentials directly.
  • Hard-coded application credentials: Passwords that are within application configuration files that enable far-reaching access but frequently remain unchanged for years at a time.

These methodologies and techniques make it easy for attackers to bypass and avoid the security.

Even if an organization devotes significant time and resources building and executing strong passwords, complexity rules, and policies, it takes one keystroke logger to cause everything to fall apart.