We Save You Time and Resources By Curating Relevant Information and News About Cybersecurity.

best-cyber-security-news

Sock Safety: Don’t Overlook This Everyday Risk

By Tom Seest

Are Your Socks Putting You At Risk?

At BestCybersecurityNews, we help entrepreneurs, solopreneurs, young learners, and seniors learn more about cybersecurity.

SOCKS proxies can be used for various purposes without being tied to specific protocols, making them especially helpful when looking to bypass firewalls.
Cyber attackers have taken advantage of this flexibility by employing SOCKS5 proxy servers with random ports to establish connections to its attack command and control servers – for instance, Dark Nexus IoT botnet employed proxies as part of its botnet infrastructure to establish connections to its attack servers.

Are Your Socks Putting You At Risk?

Are Your Socks Putting You At Risk?

Is Your Computer Being Used for Cryptomining?

Cryptojacking, also known as cryptocurrency mining through people’s computers or mobile devices, or servers is an increasingly common hacking tactic used by hackers who don’t wish to invest in dedicated mining hardware and can instead profit from exploiting computing resources on victims’ devices without incurring costs themselves.
Early instances of crypto-jacking involved websites that explicitly encouraged visitors to mine for bitcoin while browsing them, while more sophisticated exploits used JavaScript code hidden within websites to quietly mine for cryptocurrency while users were unaware. This method is known as drive-by cryptojacking.
Hackers take advantage of cloud services‘ scalability to conduct cryptojacking at scale. For instance, they could take advantage of multiple servers configured for continuous integration and deployment (CI/CD) workflows to utilize CPU power for distributed cryptomining workloads that result in increased fees for cloud service providers.

Is Your Computer Being Used for Cryptomining?

Is Your Computer Being Used for Cryptomining?

Is Your Network Vulnerable to DDoS Attacks?

Distributed Denial of Service (DDoS) attacks are cyberattacks that use cyber traffic to overwhelm websites with an overwhelming volume of traffic and prevent legitimate visitors from accessing them. Attackers use malware to build large botnets of compromised computers that flood a website with fake traffic saturating its bandwidth – an effective and widely utilized strategy used to harm brands, disrupt customer experiences, and cause business outages.
Hackers employ various types of DDoS attacks to exploit vulnerabilities in Internet protocols. For instance, ICMP flood attacks use fake ping packets sent from many IP addresses to overwhelm target servers – this type of assault can shut down websites and disrupt service for thousands of users at the same time.
SYN floods attack victims by overwhelming open ports with traffic via three-way handshake spoofing. This consumes all available connection ports, rendering any attempt at communication impossible; Slowloris and SlowDroid are prime examples of such threats.
Application layer attacks have also gained in popularity and are harder to detect than network or bandwidth-based DDoS attacks. They involve taking advantage of CPU, memory or resource amplification and typically combine this strategy with other DDoS attack techniques for greater effect.
IoT devices present a huge security risk against DDoS attacks. Home routers, security cameras and even smart TVs may all be compromised to create botnets for DDoS attacks – the Mirai botnet was constructed of infiltrated IoT devices.
DDoS attacks may also occur unwittingly. For instance, an exceptionally popular website might unwittingly post a link to another, less prepared website that draws an enormous surge of clicks immediately, creating a DDoS attack that might have been prevented if its original host had anticipated this sudden influx of traffic and planned accordingly.
Protecting your organization against DDoS attacks requires creating a profile of normal traffic so you know how to recognize abnormal patterns quickly. Furthermore, rate limiting should be put in place as part of an incoming traffic filtering mechanism to validate any traffic before it reaches servers and users.

Is Your Network Vulnerable to DDoS Attacks?

Is Your Network Vulnerable to DDoS Attacks?

What Lurks in the Cloud?

Cloud snooper attacks can compromise the security of your data, leading to identity theft or other criminal activities. Unfortunately, such attacks are difficult to detect or prevent without an effective security plan that includes penetration testing and vulnerability assessments; multi-factor authentication; encryption of data in transit and at rest; monitoring and logging cloud activities as well as reviewing logs for unusual activity that might indicate an attack, including large data transfers or suspicious login attempts.
Sophos recently identified an attack, known as “Cloud Snooper,” targeting multiple Linux EC2 instances hosted on Amazon Web Services. Attackers deployed complex malware – including rootkit and remote access Trojan (RAT) software – that bypassed firewall settings to transfer customer data directly to attacker servers.
Attackers utilize a rootkit that inspects network traffic to gain entry to compromised servers and use a RAT backdoor to send data directly back to them, funneling keyloggers, banking credential and password thieves, antivirus disablers and bots used for DDoS attacks into their domain.
Cloud Snooper Rootkit creates a communications handler designed to conceal its payload within a fake Linux driver called snd_floppy and listen for any pings that match its preconfigured port numbers – should such an event occur, the communications handler decrypts embedded files and executes their commands.
This process continues until a compromised server becomes overwhelmed by requests from the RAT’s Command and Control (C2) servers, depending on their configuration; such requests could range from simple “pinging” requests up to full-scale DDoS attacks.
If your company relies on AWS cloud, one way of mitigating these threats is by configuring all SGs to only accept HTTP or HTTPS traffic and making sure your web application is secured both front and back end.

What Lurks in the Cloud?

What Lurks in the Cloud?

Is Your Online Security at Risk with SOCKS Cybersecurity?

SOCKS proxy servers provide essential internet connectivity tools, from daily tasks like email to cryptocurrency mining and supercomputing. Unfortunately, however, SOCKS proxy services have recently become targeted by cyber attackers who use them to build botnets, steal data and commit other unlawful acts. News Break AFP reported that SOCKS exploits are increasingly being utilized by criminals in attacks targeting SOCKS proxy users and gain entry to networks allowing them to launch attacks with malicious intent against businesses online.
QNAPCrypt ransomware recently infiltrated network-attached storage Linux devices using SOCKS proxy servers to connect with the internet, before encrypting files on them and demanding ransom payments of between $100-300 from victims for decryption keys – an uncommon behavior as most ransomware targets Windows systems instead.
Other attackers also make use of SOCKS proxies to cloak their activities. The Gwmndy botnet found in Fiberhome routers was known to add 200 routers daily to its web and used them as SSH tunneling proxy nodes and local SOCKS5 proxy service nodes before attacking other networks, according to 360 Netlab researchers.
QNAPCrypt ransomware instead targets Linux network-attached storage devices by exploiting authentication methods used by companies and connecting through SOCKS proxies – this allows attackers to gain a foothold in networks before spreading their attack code onto additional computers.
Exploitation of SOCKS can be particularly risky as its security can often be weak and many do not understand how to set them up correctly. Attackers use SOCKS servers to collect information on user operating systems and vulnerabilities before sending out targeted phishing messages designed to gain passwords and personal data from targeted victims.
SOCKS may be problematic, but its abuse can be minimized. Most threats that use SOCKS, such as phishing attacks, can be quickly identified and blocked with ease; additionally VPN protection provides additional safeguards. However, threat actors remain determined to find ways around such measures and attack businesses or consumers anyway.

Is Your Online Security at Risk with SOCKS Cybersecurity?

Is Your Online Security at Risk with SOCKS Cybersecurity?

Please share this post with your friends, family, or business associates who may encounter cybersecurity attacks.