Author name: wcsec54

Protecting your mail like a PRO !!! To be true as a tech enthusiast who has been tinkering around with computers longer than I can remember, typing out this blog seems kind of ridiculous. I nearly moved away from my desk and had dropped the idea of writing this but then this happened. The podcast that I listen to occasionally started discussing the hacks that have been going around. You might say it’s a coincidence but right then they started discussing this major email-based phishing attack that was carried out against OpenSea users who bought NFTs on their platform. The attackers had sent an email to the customers of OpenSea that seemed legit at first glance and asked them to migrate their listings with the added bonus of gas-free transactions. If you know anything about the crypto world you know that gas fees (the cost of computing to carry out a transaction) can be pretty high and this bait of “gas-free” migration tempted users to fall for the trap and they ended up losing their NFTs. The total amount of the NFTs that was lost was worth around 1.7 million US dollars. It was then that I realized no matter how many blogs are already up there on the web regarding this. I am going to write one more, to maybe better educate my regular blog readers. Why does phishing exist in the first place? It’s 2022, on one side tech folks are busy creating Web3.0 infrastructure and then there are people still falling for phishing attacks that belong to the Web1.0 days. This begs us to ask the question why do phishing attacks still work in this day and age? People need to understand that email-based phishing attacks still exist cause email as technology was built with trust as an inherent factor. It was built in the early days of the internet when there were only a handful of people using it. They never saw the potential of what email could be and hence they never developed it keeping in mind the millions of spam emails that traverse the internet on a daily basis.It would have been fine if only that was the issue, but then comes in the other reason that’s a bigger contributing factor to why phishing attacks still persist. The reason is that we humans as a species are by default encoded to trust others rather than be suspicious of them. It is only after several mishaps that we learn that goes against our nature and start being suspicious of things that happen around us. So if you ever find yourself shocked by listening to the extent of phishing attacks that are still prevalent in 2022, remember the points that I just mentioned above. “I won’t fall for it” syndrome! One other issue that I have faced when it comes to phishing attacks is that people somehow disregard other peoples’ experiences and think that for some reason they are not vulnerable to such attacks and will easily be able to detect them. Now, read the next few words very carefully. “You are as likely to be vulnerable to a phishing attack just like any other person on this earth”. Please get rid of the “I won’t fall for it” syndrome. People who have written books on phishing attacks and such schemes have failed to detect phishing attacks and fall for it themselves. Side Note: I myself have been duped of a hefty sum of money. They used one of my shortcomings against me. I was unemployed at the time and they somehow managed to convince me to pay them upfront as they can help me land a respectful job. Thinking about it today makes me laugh at how I could have fallen for it. So, trust me when I say greed & fear will somehow make you do things that you can’t even imagine yourself doing in the future. So let me reiterate that it is only when you understand your own shortcomings that you have any chance to securely navigate through the spam and malicious mail that floods your inbox on a regular basis. Now let’s try and find a solution for it! What should we do then? I am glad you asked, now that you properly understand why phishing still exists. Let’s dive into how can we really eradicate it and what we need to do to get that done! One thing you must have understood by now is that phishing will exist as long as we humans continue to utilize emails. It’s a double whammy both from the technological side as well as the psychological side. As a cybersecurity professional I would advise the following good practices to avoid falling for phishing attacks:- Now, if you read the above points and you are able to properly implement them it will keep you secure from every single phishing attack that you might face. The issue is that most people already know these but they feel it to be a hassle every time they have to check these things while using their email. So now let me give you other solutions which aren’t exactly hassle-free but they will help you if you are not able to follow the tips mentioned above and they can also protect you against advanced levels of phishing attacks too. Conclusion If you manage to follow these rules that I just mentioned you should be secure even against the most targeted and advanced phishing attacks and maybe just because of that won’t lose out on thousands of dollars of worth of NFTs, cryptos, and other extremely important personal data. If you think you need more help on this or you need to make your company members aware of these points, feel free to reach out to us. Let us help you up to your security game and make your business and startup feel more trustworthy to your customers. We are eagerly waiting for your call! Reach out to us at SECUREU & let’s

The 5 most important phases of a Penetration Test A penetration test attempts to identify the vulnerabilities in security systems or networks by trying to exploit them. It is different from hacking in the sense that a pen-tester has permission to attack a system. Hacking aims to harm a system, whereas pen-testing (also known as ethical hacking) aims to secure a system by finding its weaknesses. The results of penetration tests are essential for finding and patching security flaws. The Responsibilities of an Ethical Hacker Ethical hackers are responsible for finding vulnerabilities in systems while also deciding which penetration testing method is the best fit for the situation out of the many methods available. This task is challenging and requires great skills, knowledge, and experience. Penetration testers need to be comfortable with various hacking methods and have thorough network security knowledge. They must also be aware of different hacking tools and their uses and know how to appraise the target system’s security posture. Penetration Testing Phases A penetration test can be divided into 5 stages, namely, reconnaissance, vulnerability assessment, exploitation, and reporting. Reconnaissance This is the first stage of penetration testing. This phase requires that the penetration tester or ethical hacker gathers as much information about the system to be targeted as possible. So the hacker will gather information about the OS and applications, the network topology, user accounts, and other relevant info. The goal of this stage is to gather as much relevant data as possible to help the tester plan a potent attack strategy. In this step, the scope and goals of the penetration test are also defined, along with the systems to be addressed. Scanning In the second stage, after all the necessary data has been accumulated in the reconnaissance phase, the tester moves on to scanning. The tester uses different tools to recognize open ports and check the network traffic on the targeted system. Open ports are possible entry points for attackers and so, this stage aims to find as many of the ports as possible so that the tester can use them in the following phase. In this stage, the tester tries to understand how the target system will respond to different threats. The methods to do so are static analysis and dynamic analysis. Vulnerability Assessment Vulnerability assessment is the third phase of the penetration testing process. In this stage, the ethical hacker uses all the information collected in the reconnaissance and scanning phases to pinpoint potential weaknesses and determine if they can be exploited. Vulnerability assessment is used to gain initial knowledge and identify possible security weaknesses that may make it possible for potential attackers to gain access to the system. This is the penultimate stage of a penetration test. As soon as all the vulnerabilities have been identified, the tester can now attempt to exploit them. The tester aims to gain access to the target system through these vulnerabilities. Various tools such as Metasploit can be used for this purpose. Tools can help simulate real-world attacks. Reporting or Analysis After the exploitation, the ethical hacker creates a report that documents all of the pentest’s results. These findings can be used to patch vulnerabilities in the system and improve the system’s security. The report must detail the specific vulnerabilities that were attacked, sensitive data that was retrieved, and the amount of time the tester was able to remain undetected in the target system. This information is used by security personnel to help protect against future attacks. Benefits of Penetration Testing Penetration testing has multiple benefits which makes it extremely attractive to companies. Some of these benefits are listed below. Compliance: Many regulatory standards require organizations to regularly conduct penetration tests and audits. If an organization does not comply, it may have to pay heavy fines. Performing penetration tests can help companies save money and make sure that all vulnerabilities are found and subsequently fixed. Vulnerability Identification: One of the biggest benefits of penetration testing is that it allows you to find vulnerabilities in your system before they get exploited by a hacker. Breaches are detrimental to a company’s reputation and cause massive monetary loss. Penetration testing can help prevent these losses. Keeping Cyber-security Professionals Up-to-Date: To be a successful penetration tester, one has to stay abreast in a world of constantly changing trends and techniques. Regular penetration tests are helpful to security professionals in that they allow them to keep up with the latest cyber threats and learn how to defend against them. Final Thoughts Penetration tests are indispensable for organizations. It is a fundamental step to help secure companies and start-ups and can in no way be overlooked. A well-performed penetration test can be the difference between terrible losses because of attacks or a well-reputed organization known for its security that gains the trust of its customers. Reach out to us at SECUREU & let’s talk about how we can help you! Website: https://secureu.in | E-mail: contact-us@secureu.in | Contact us: Telegram, Twitter Youtube & LinkedIn