Posted on November 14th, 2018
Cyber-threats are a constantly evolving issue, which are becoming stronger more resistant and somewhat indiscriminate their targets. It seems we hear more and more tales of business infrastructure being victim of cyber-attacks. with high profile attacks consistently making it into mainstream news.
With the significant increase in malicious activity, developers and IT leaders are under more pressure than ever to ensure that data is both available and secure. Resiliency and security can come at a high cost, though this is generally not as high as the impact of losing the integrity of your data or access to it not to mention the damage cyber-attacks can cause between business and end user relationships.
One of the most recent examples of these types of attacks target passwords. Originally, brute-force password attacks were a popular option to gain access, but this is generally no longer as effective with standard security measures such as locking accounts after minimal password attempts. To try and circumvent such measures, many opportunist hackers now use password spray attacks to disarm their targets infrastructure.
What is a password spray attack?
Password spray attacks are not new, but their occurrence is growing rapidly.
Password spraying is quite the opposite of a brute-force attack. This method takes a large number of usernames and loops them with a single password. This is when multiple iterations using a number of different passwords can be used, but the passwords attempted is usually low in comparison to the number of users attempted, ultimately avoiding password lockouts, a method that is often effective at uncovering weak passwords.
If a password spray attack is successful, US-CERT advises that these attacks can have a huge impact on a business including:
- Exposure of sensitive information
- Disruptions to a company’s operations
- Huge financial losses
- Potential damage to an organisation’s reputation
How to prevent password spray attacks
Both Brute Force Attacks and Password Spray Attacks can be halted before full exploitation – if there are related security policies in place. The first step is to being alert to the warning signs of a spray attack. US-CERT say that warning signs of a password spray attack include:
- Huge rises in attempted logins SSO portals or web-based applications.
- IP addresses of employee logins coming from suspicious locations. For example if your business is based in the South East of England and you see an attempted login from an IP address in another country unrelated to your business or that employee, this should be treated as suspicious.
Microsoft recommend that to keep password spray attacks from being successful, there are basic groundwork steps that include:
- Use cloud authentication: The cloud can employ procedures that detect and block potential attacks and uses a greater landscape to look at suspicious activity.
- Multifactor authentication: An additional security layer for your business – helping to address the vulnerabilities of a standard password-only approach.
- Discourage weak passwords: Discouraging weak passwords is very important these days; somebody trying to breach your system will have a far more difficult time if the password doesn’t resemble anything obvious such as the company name or the employee name or date of birth. Where possible policies should be implemented that actively reject any password from being used which does not conform to the required standards.
Some providers are also generating a list of common passwords including passwords from leaked databases and blocking them from use, making it that much harder for malicious actors to guess in these attacks.
Microsoft are a leader when it comes to security and a driver behind many of the advancements being made to combat the growth of cyber-threats. Microsoft CISO Bret Arsenault believes the company is on its way to preventing spray attacks and to a secure future with fewer passwords.
“If you have a password filter, if you have MFA and if you have strong proofing, then you’re really in a great state,” Arsenault said.
For more information on security or for advice on any of our services please feel free to contact us on 01622 524200.
Posted on March 27th, 2018
There is a huge growth in hyper scale datacentres, which has led to an increase in the price of memory in recent months. According to DRAMeXchange, Server DRAM revenue rose by 76% in 2017, and it is expected to increase by an additional 30% in 2018. This increase is good news for the suppliers of these components, as the market for DRAM sees a tight supply since mid-2017. This is due to large structure projects by the datacentre market, particularly the hyperscale datacentres.
In the past year, the demand for memory has risen beyond expectancy, which has led to supply issues, increasing pricing across the board. Large corporations providing cloud options such as Amazon and Microsoft are purchasing hundreds of thousands of server components every year as demand grows, which could be exacerbating shortages in stock.
Datacentre growth has a huge impact. Deloitte Technology reported that spending on IT services for datacentres for software and services will reach over half a billion dollars by the end of 2018, which represents more than half of IT spending by 2021/2022.
Cloud computing on the rise
With more and more SMB/ large/ corporate organisations now heavily involved in cloud computing, there is now potentially an exponential growth in the need for hyper scale datacentres.
What is a hyperscale datacentre?
A hyperscale datacentre by definition is a datacentre with a minimum of 5,000 servers and that covers a minimum 10,000 square feet in size, although they are usually larger. According to Synergy Research, there are nearly 400 hyperscale datacentres around the world, which is expected to rise to 500 within the next two years, and at least 69 more in various stages of planning or construction.
Large global corporations such as Amazon, Microsoft and Google are building the most hyper scale datacentres as well as being the biggest players in the public cloud market. The hardware requirements are on a grand scale. For example, Amazon alone are estimated to have purchased 1/4 million servers within 3 months of 2017.
According to Synergy Research 44% of datacentres world are located in the U.S. On average, each of the cloud providers (Amazon, Google etc.) has 45 or more datacentre locations with at least three in each of the four regions of America. Computer software giants Oracle also have a wide datacentre presence.
In light of the largest organisations looking to source memory from an already highly demanding market, it could be some time before the price of memory stabilises.
If you or your business have high memory requirements, VooServers are able to provide single chassis’ with support for up to 2Tb of RAM each, in any of our global points of operation. Please contact our Sales Team on email@example.com to discuss available options.
Posted on October 20th, 2017
There seems to be no end to evolving security attacks aimed at computers and servers in these times. Every system is at risk of malicious attacks via a growing landscape of viruses and malwares created with different intentions however most recently the focus has strongly shifted to those of financial gains.
The increase in the problem can be partly contributed to the significant growth in the use of mobile devices and cloud based applications across the internet, increasing the number of targets and subsequently the profitability of creating and distributing malware. This makes securing your business’ vital resources more important than ever whilst still trying to keep the flexibility of mobile devices that we desire in the modern world. In my last post on the IPv4 to IPv6 Protocol Upgrade I touched on the growing digital threats that have taken off as a result to the lack of security built into IPv4. And today I am going to expand on some specific threats.
A malware attack in its simplest form is a piece software designed to run on a computer or device with or without the computer owner knowing. Although the growth of malware has been substantial in the past few years it is known to have been a security issue since as early as 1982. Types of malware include spyware, key loggers, viruses, worms, adware, scareware, trojan horses or any type of malicious code that unintentionally runs on a computer. These programs can perform many different functions which include stealing, encrypting or deleting sensitive data, altering or highjacking core computing functions and monitoring users’ activity without their permission.
How does malware spread?
One of the problems with malware is that writing it is not a difficult task, and there are various ways that malware spreads through a system. One example is social networks. Third party software and applications can appear when browsing the internet and even when using a social networking site, you need to be careful not to give permissions to them to use your profile.
Pirated software is another example which spreads malicious code through a system. This is also an easy way for malware to be spread because these pirated software seems legitimate when you download them, but can damage your computer enormously.
Other ways in which malware can spread include e-mails, USB sticks, websites, outdated software, Local Area Networks, pop-ups and mobile devices.
Fake CV’s and invoices are by far the most popular place that malware is received. If a job is advertised; it is not difficult for a cybercriminal to send through a malicious attachment which can appear as an ordinary CV on an e-mail.
A Russian fraudster utilised a technique in 2005, sending a trojan to various addresses sourced via a job recruitment site. Many of the CV applicants went on to receive spoof job offers as a result of the trojan. The attack was aimed mainly at corporations as the criminal knew that staff receiving the trojan would likely hide this from their employer as the trojan attack was as a result of their job searching on company assets.
Signs of a malware infection
- Frequent crashes
- Running out of hard drive space
- Unfamiliar icons on your desktop
- Unusual error messages
- Unable to access the Control Panel
- Your friends receive strange messages from you
- Your security solution is disabled
- Programs and messages being generated automatically
- High network activity
- Your system slowing down
- Files disappearing
- File names changing or becoming inaccessible
Address spoofing is quite a simple threat but can be very effective if targeted at the correct people. Spoofing allows people to send e-mails/messages that look like they come from a legitimate source such as one of your suppliers or clients.
Address Spoofing is actually rather easy to do. All a person will need is an SMTP (Simple Mail Transfer Protocol) server and the suitable e-mail software to spoof an e-mail address. Most e-mail providers we use today have protection against the vast majority of these types of e-mails however the threat landscape is constantly changing and as a result some are still likely to make it through.
How do they get your e-mail?
One way your e-mail may end up being listed in an e-mail database is by you clicking a link in a phishing e-mail which leads to you unknowingly submitting your e-mail to the list. Another way your e-mail may end up on a spoofing list is sending forwards to a large group of people which exposes everyone involved e-mail address. All you need is for one of those receiving e-mail boxes to have a scraper in it which pulls all the e-mail addresses it can find and logs them for nefarious use. Another common method is through high profile data leaks such as those at Ashley Madison, Yahoo and Sony where a list of e-mail addresses may be generated from registered users and published online.
How to avoid malware through e-mails
- If there is a link in the e-mail, don’t click on it unless you are sure it is from a legitimate source, checking the e-mail domain can point towards fraudulent e-mails as they often have small variances from the real company.
- Do not download any attachments without being sure they are genuine.
- Do not download an attachment such as a CV or Invoice if you do not work in departments responsible for them.
- Read e-mail message headers and check domain names and IP addresses.
- Look for differences in the language you would usually expect. As an example ‘Resume’ instead of ‘CV’.
- Review the signature at the end of the e-mail
The main aim of a Reconnaissance attack is to ascertain information about a network including active targets, networking services that are running, operating system platform, trust relationships, file permissions and user account information. They can be active or passive and are used preliminarily to gain information about attacked systems as a step towards a further attack. Port scanning is a common technique to find active targets such as networking devices and user endpoints.
What do Reconnaissance Attacks aim to achieve?
Some objectives of these types of attacks is to discover information about a network which could then lead to a further attack, seeking information such as: file permissions, operating system platform, trust relationships and user account information.
How to avoid these attacks
Testing the network to see how much it would reveal in a reconnaissance attack. Penetration testing works by discovering vulnerabilities across a given solution within a controlled environment. The ultimate goal is the prevention of current and potential security issues that may affect networks, firewalls, operating systems and applications. The testing can also provide information on irresponsible end user behaviour as well as errors in system configuration.
Port Scanning Tools:
Other tools which can scan the vulnerability of a system help find where a network is vulnerable.
- Network Mapper (Nmap)
Vulnerability Scanning Tools:
To find out more on DDoS (Distributed Denial of Service) Attacks you can also see our First Response Engineer Luke Germano’s take by reading The Dangers of DDoS Attacks and How to prevent them.
- Microsoft Baseline Security Analyzer (MBSA)
- Security Adminstrator’s Integrated Network Tool (SAINT)
Posted on August 2nd, 2017
IPv4 (Internet Protocol Version 4)
IPv4 is the current version of internet protocol which is used to send data over the internet. It is well known to have significant restrictions; the main one being the maximum addressing space which has made IPv4 resources very valuable over recent years. Due to these restrictions the IETF (Internet Engineering Task Force) designed a project for a new IP in the early 90’s, with performance and security in mind.
Regardless of enhancements from new technologies such as SSL, TLS and IPSec, the whole design still lacks the level of security and flexibility expected. IPv4 was designed with no security in mind which has led to various different digital threats that have taken off such as:
IPv6 is how internet communication will be controlled for the conceivable future.
- Reconnaissance attacks
- Denial of service
- Man-in-the-middle attacks
- ARP poisoning
- Address spoofing
- Malware attacks
What is IPv6?
The basics of IPv6 are similar to those of IPv4, however devices can use IPv6 as source and destination addresses to pass packets over a network.
Features of IPv6:
- Larger Address Space
- Simplified Header
- End-to-end Connectivity
- Faster Forwarding/Routing
- IPSec Security (Optional)
- No broadcast
- Anycast support
- Enhanced priority support
- Smooth transition
Why should you switch to IPv6?
The key feature of IPv6 is extending IP addresses from 32 bits to 128 bits, which releases the lessening number of available network addresses.
Our Technical Director, Matt Parkinson concisely explains the IPv6 platform. “The main advantage to IPv6 is the increase in the number of bits which makes up the IP address. The increase is from 32 to 128 bits which significantly increases the size of the address pool creating an incomprehensible to most number of IP addresses even when broken down to however many trillions per person on earth today. With the growth of the Internet of Things and an increasing number of sensors in the world gathering data, IPv6 adoption is becoming increasingly important in allowing networks to not only continue growing but to increase the rate of growth.”
Other benefits of IPv6 include:
Directed Data Flows. “IPv6 supports multicast rather than broadcast. Multicast allows bandwidth-intensive packet flows (like multimedia streams) to be sent to multiple destinations simultaneously, saving network bandwidth. Disinterested hosts no longer must process broadcast packets. In addition, the IPv6 header has a new field, named ‘Flow Label’, that can identify packets belonging to the same flow”.
Simplified Network Configuration. “Address auto-configuration (address assignment) is built in to IPv6. A router will send the prefix of the local link in its router advertisements. A host can generate its own IP address by appending its link-layer (MAC) address, converted into Extended Universal Identifier (EUI) 64-bit format, to the 64 bits of the local link prefix.”
Security. “IPSec, which provides confidentiality, authentication and data integrity, is baked into in IPv6. Because of their potential to carry malware, IPv4 ICMP packets are often blocked by corporate firewalls, but ICMPv6, the implementation of the Internet Control Message Protocol for IPv6, may be permitted because IPSec can be applied to the ICMPv6 packets”.
Over the past 4 years VooServers has deployed many setups with IPv6 meaning our staff are well versed in the benefits, and have knowledge of deploying and routing IPv6 for our customer base and so there should be no concerns about moving over to the new platform in the future.
For any further information please contact us via firstname.lastname@example.org or call 01622 524200 and select support to speak to one of our technicians.