Thursday, April 5, 2018

Man-in-the-middle attack

Often, we have conversations where there's confidential information flow between two parties. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late.

In other words, man-in-the-middle attacks are a common type of cybersecurity attack that allows attackers to eavesdrop on the communication between two targets.
A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.

In a man-in-the-middle-attack, the attacker becomes an intermediary between all communications happening between victim systems and the gateway. He can easily sniff and modify information at will. A man in the middle attack happens in both wired and wireless networks.

How does it work?

Here is an example of how it goes:

Jane and Peter are having a conversation; Eve wants to eavesdrop on the conversation but also remain transparent. Eve could tell Jane that she was Peter and tell Peter that she was Jane. This would lead Jane to believe she’s speaking to Peter, while revealing her part of the conversation to Jane. Jane could then gather information from this, alter the response, and pass the message along to Peter (who thinks he’s talking to Alice). As a result, Eve can transparently hijack their conversation.

Different Types of man-in-the-middle-attack

There is not just simply one type of man-in-the-middle-attack. Rather, there are several types of MITM attacks:

  •          ARP poisoning
  •          WiFi WEP/ WPA/2 Hacking
  •          DNS spoofing
  •          STP mangling
  •          Port stealing

ARP poisoning

A successful ARP spoofing (poisoning) attack allows an attacker to alter routing on a network, effectively enabling a man-in-the-middle attack.

In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network.

Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

WiFi WEP/ WPA/2 Hacking

Once the WEP or WPA encryption process starts, the attacker can commence his own operation by using a sniffer program to find wireless gadgets running in peer mode. This should enable him to gain root access to a system in the long run - he has already bypassed the main defenses of your mobile or wireless connection).

After that, he can deploy a key logger or a precisely placed Trojan horse that will allow him to gain complete control over your network system, exploiting every weakness that's been outlined thus far. 

The WiFi client hacking attack described above can be done even if the victim is traveling and only using his laptop at an airport or hotel lobby. It will have to expose itself to hackers as well; that's the true price of using a complimentary WiFi service.

DNS spoofing

DNS Spoofing is a type of computer attack wherein a user is forced to visit a fake website disguised to look like a real one, with the intention of diverting traffic or stealing credentials of the users. Spoofing attacks can go on for an extended period without being detected and can cause serious security issues.

DNS spoofing is done by replacing the IP addresses stored in the DNS server with the ones under control of the attacker.

Therefore, every time users try to go to a certain website, they get directed to the false websites placed by the attacker in the spoofed DNS server. This way your computer is convinced that the attacker’s site is to be trusted and that it is the site you requested.

STP mangling

STP (Spanning-Tree Protocol) mangling refers to the technique used by the attacker host to be elected as the new root bridge of the spanning tree. The attacker may start either by creating BPDUs (Bridge Protocol Data Units) with high priority assuming to be the new root, or by broadcasting STP Configuration/Topology Change Acknowledgement BPDUs to get his host elected as the new root bridge. By taking over the root bridge, the attacker will be able to intercept most of the traffic.

Port stealing

Port stealing is a kind of attack where someone "steals" traffic that is directed to another port of an Ethernet switch. This attack allows someone to receive packets that were originally directed to another computer. It does so by making the switch believe that the attacker's port is the correct destination for the packet.

This is how the port stealing technique works:

1. Steal the port,
2. Receive some data,
3. Give the port back,
4. Forward the data to the real destination,
5. Go back in step 1 by stealing the port again.

Man-in-the-middle attack prevention

Your best defense against man-in-the-middle attack is to be very cautious when connecting to free or unsecured Wi-Fi networks. When visiting a website, make sure “HTTPS” is always in the URL bar of the websites you visit.

Be aware of the potential phishing emails from attackers asking you to update your password or any other log in credentials. Instead of clicking in the link provided in the email, you can manually type the website in questions address into the URL bar of your browser and proceed from there.

The best way to protect your PC from any type of malware on time is installing an antivirus solution, as a basic protection tool and an anti-malware solution as a necessary additional layer of protection. Be sure to keep the programs up to date.

To protect against man-in-the-middle attacks, you can consider using an anti-keylogger or rootkit detection software as well.

You can try our Zemana AntiLogger, a pioneer in anti-keylogging software or our Zemana AntiMalware, which proved to be the best anti-ransomware tool and the best rootkit and bootkit remediator according to MRG Effitas.

The most famous man-in-the-middle attack

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom.

The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. The malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers.

Documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist.

Thursday, March 29, 2018

The Biggest Cyber Crimes in Our Recent History

What is a cyber-attack?

A cyber-attack is an attempt by hackers to damage or destroy a computer network or system. It is a deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

There are many forms of a cyber-attack and ransomware is just one of them. Cyber-attacks usually occur when hackers create a malicious code known as malware and distribute it through spam email campaigns or phishing campaigns.

Cyber-attacks might be divided into two broad types:

- attacks where the goal is to disable the target computer or knock it offline, or
- attacks where the goal is to get access to the target computer's data and perhaps gain admin privileges on it

Victims of cyber -attacks can be random or targeted, depending on cyber criminals’ intentions.

Biggest cybercrimes in history

Cybercrime is on the up and today it’s more prevalent than ever. As cybercrime becomes more of an issue many organizations seek to protect themselves using courses to train employees in the very real risks of the online world. Check out some of the biggest cyber attacks in the last 5 years.

Target Breach in 2013

In 2013 personal data from 70 million Target customers got stolen before Christmas. Personal data included customers’ names and their credit cards and debit cards information. After this, Target experienced a decrease in their sales.

Yahoo Breach in 2013

One of the largest data thefts occurred in 2013 when personal information such as names, phone numbers, passwords and email addresses from one billion users got stolen. Then in 2014, another 500 million accounts were compromised. The Yahoo hacking scandal is without a doubt one of the largest security breaches of the modern day.

Sony Pictures virus attack in 2014

Sony Pictures Entertainment got hit with a virus in 2014 by hackers allegedly connected with North Korea. They stole employee e-mails, information on executive salaries and copies of unreleased movies. There was a widespread speculation that the group was trying to disrupt release of the film, The Interview, a comedy depicting a plot to assassinate North Korean leader Kim Jong-un.

JP Morgan breach in 2014

Hackers hijacked one of ­JPMorgan Chase’s servers and stole data about millions of the bank’s accounts and thought to have made hundred million dollars in illegal profits.
Along with personal data, the hacking group also stole information related to company performance and news, which allowed them to manipulate stock prices and make enormous financial gain.

NHS virus attack in 2017

Ransomware named "WannaCry" was delivered via email in the form of an attachment and caused chaos among the UK's medical system.
Once a user clicked on the attachment, the virus was spread through their computer, locking up all their files and demanding money before they could be accessed again.
This became one of the most widespread cyber attacks ever leaving the NHS system disabled for weeks.

Friday, March 9, 2018

Safe online or?

Technology completely changed our today's lifestyle, which can be evident from the fact that most parts of our everyday lives go on in the digital world.

However, this represents numerous possibilites for online abuse or misusage of our private data.

There are more than 4000 ransomware attacks happening every day and around 1 million new malicious programs. Only last year, the percentage of cyber criminal increased from 67% to 72%.

Amnesty International did a research on 4000 women, which showed that 1 out of 5 women in the world experienced some type of online abuse. Therefore, more than 80% of hacker victims are women. Experts state that most of online herrasment occurs on social media networks.

Even though the big social media companies such as Twitter and Facebook are constantly trying harder to fight the online abuse, they are not dealing with this problem in an adequate way.

70% of online abuse, harrasment or stealing of private data happens via mobile devices. When we buy a new phone, we are all very excited and the first thing we do is buy a new phone mask - which means we are so conscious about protecting our phone's hardware. However, not many of us are so consicous when it comes to protecting the software.

This March, we at Zemana started our new #safeonline campaign together with our partner BH Telecom, one of the biggest telecommunication companies to increase awareness about the importance of women protecting their PCs and mobile devices. Don't be another victim of hackers. Protect your privacy now because malware doesn't care if you are a he or a she.

Wednesday, February 28, 2018

Zemana official ad video is OUT!

This February, Zemana team decided to show love for our loyal users by creating a campaign #zemanalove. This campaign gave our users a chance to win amazing gifts by showing their love for Zemana through many different fun activities.

The first activity was making our first official video ad, where we decided to honor our users by featuring them in the video instead of featuring our products!

We want to THANK everyone who participated in the making of the video ad. We truly enjoyed all of them! Your support and recommendation is very important to us and we will continue improving our technology and service to keep you safe and protected!

Unfortunately, due to the big number of videos we received, we couldn't feature all of you because the ad would be too long. The official video ad came out TODAY as a special treat for the closing of our #zemanalove campaign.

We hope you will like it!                                         

Help us in sharing our official ad and win a free license for our Zemana Mobile Antivirus!

All you have to do is:

1. Subscribe to our Youtube channel
2. Share our official video ad on YOUR social media

After that, send us your

1. Name and your user nickname on Youtube
2. Link of your Facebook, Instagram or Twitter post where you shared our official ad

to the following email address:

Stay safe with Zemana :) 

Tuesday, February 20, 2018

VB100 award for Zemana Endpoint Security

The need for a better IT security is continuously growing because today even small businesses experience different virus outbreaks. That is why the number of antivirus products is also continuously growing in order to fulfill the need for a greater protection. However, in the sea of so many different brands and products, it is sometimes difficult to find the best one.

When choosing for an antivirus protection, it is crucial to choose a product best suited for your company's needs. It needs to be easy to install, easy to manage but at the same time very effective in detecting viruses and in providing you with the protection your business needs.

Therefore, evaluation of antivirus products is of high importance. This way, you will be certain that a product satisfies important expectations and standards. At the same time, once certified, a product is being continuously tested and checked.

Comparative Review by Virus Bulletin

One of the best known testing organizations, Virus Bulletin conducted their new Comparative Review in December 2017.

Our Zemana Endpoint Security was one of the 31 products that were tested. It successfully received a VB100 award.

''For those with purchasing power, we recommend looking for products that pass the VB100 test regularly.''

The review also included RAP (Reactive and Proactive) tests on how quickly the products detect new malware.

Zemana Endpoint Security successfuly detected several different types of malware based on its unique behaviour based malware detection, which allows it to evaluate an object based on its intended actions before it can actually execute that behavior.

Below you can see the results of Zemana Endpoint Security:

If you want to learn more and check the results of other products, click on the links below:

Stay safe with Zemana :) 

Wednesday, February 14, 2018

Our Heart Hunt game is ON!

Great news everyone! The Heart Hunt game begins today on February 14.

All you have to do is explore our website and collect 20 hearts out of total 25 that we placed on different pages of our website.

If you collect 20 hearts, you will receive a FREE LICENSE for our Zemana AntiMalware!
Use this opportunity to have fun and win this exclusive gift.

How to play the game

Below you can find screenshots of the game - all you have to do is click on the moving hearts. This way you will collect them.

In the lower left corner you will see a big heart that serves as a counter. It will show you how many hearts you collected.

Once it reaches 20, an arrow will appear inside the counter heart - click on it and enter your name and email address. The license will be sent to your email address.

Wednesday, February 7, 2018

Join the HEART HUNT game on our website!

Our #zemanalove campaign continues!

That is why we have prepared a special treat for you on Valentine's Day!

Don't worry if you haven't found your Valentine yet - show your love for Zemana by finding 20 out of 25 hearts that we have hidden all over our website and win a FREE LICENSE!

If you find 20 hearts, we will award you with a free license for Zemana AntiMalware!

The game begins on February 14 and ends on February 18.

Have fun  :)