The Infosec Lab Blog

Information Security

Defense in Depth – A user’s perspective

We are surrounded by personal digital devices everywhere we go. Due to this prevalence, Cyber threats also abound. This is why we need to take our personal information security seriously in order to keep up with our daily activities without disruptions.

Defense in depth also termed layered security is a principle where different measures are put in place at different layers or levels to protect an asset from cyber threats. The aim is t reduce risks to the barest minimum.

Layered security at a power plant

With respect to this write-up, asset refers to anything of value which when disrupted, causes some kind of loss to the owner. It ranges from the physical device to the data stored on these devices.

Defense in depth is usually employed by businesses and corporate network infrastructure. A single individual user can however take cues from this principle to stay protected.

Use genuine software

Unfortunately, many people fail in this respect. Using pirated software means you are unable to access the developer’s server to receive updates and patches for vulnerabilities. This opens your system’s doors to harmful threats. By using genuine software, you benefit from a stable system and are assured of the latest patches on your application whenever a vulnerability is identified.

Operating System and software Update

Always ensure that your system is updated with the latest patches. These updates are released mostly to fix vulnerabilities which when exploited may cause varying levels of harm to the user. Microsoft Windows 10 for instance releases security updates regularly to keep your system secure.

Antivirus and Endpoint Protection

An antivirus is a software application that protects your device from malware. Modern antiviruses now come with more than just detecting and eliminating viruses. By using optimized algorithms for Microsoft updates installations automatically. Always ensure that your antivirus is always updated to provide you optimal and up-to-date protection from the latest malware.

Active Firewall

Your first point of protection is your firewall. Just like how a fence wall protects intruders from entering your house, a firewall prevents intruders from entering your PC from a network. Ensure it is always on and avoid software installations that ask you to turn it off.

Password Protection

For many years, users have been advised to use strong passwords for their logins. This cannot be overemphasized enough even to this day. As an extra security measure, where applicable, always make use of multi-factor authentication.

User Access Control

Whenever a user installs an operating system, the default user is automatically the administrator. For Microsoft windows, anything done in the profile of this user is effective with the blessings of the administrator. This is different in Linux where you need to login to a root shell or use sudo to perform some actions.

With this level of privilege, a remote hacker who has gained access to your system has the same authority as you, who is the administrator of your system. This gives the attacker a leeway to install executables without you noticing. The user access control setting on your computer is there to protect you from this. Search for it in your windows search bar and drag the bar to the top like in the image below. When you do this, you are given an extra alert so you are sure of what is happening on your device.

Guest Account

In cases where someone borrows your computer, you depend on your trust for this person to do the right thing. Not to sound paranoid, you should have a guest account on your computer with restrictions. When that is done, you don’t have to worry about sharing your password with the person you are sharing your computer with. With a guest account, any guest requires your approval to perform highly privileged actions.

Fix Human Weakness

As mentioned above, cyber threats abound, and humans are said to be the weakest in any security infrastructure. When you have all the best technology but fail to do your part as a human, everything crumbles. A lot of attacks happen through payloads delivered via phishing emails. Email anti-viruses and spam filters may miss some of these malicious emails. This is where your diligence comes to play. Before you click any link from any email, be careful where that link is taking you to. Be extra careful when asked to enter some credentials into that site. Think before your click any link, even when it comes from a trusted contact.

All the measures listered above are summarised in the image below

Stay safe

Defense in Depth – A user’s perspective Read More »

Whatsapp Account Hijacking

With over 2 billion users worldwide, WhatsApp has become undeniably the primary messaging application for almost every smartphone user. Bad people have been around from the beginning of time to date. Just like with other older communication technologies, these bad are now taking advantage of vulnerabilities to target innocent users via Whatsapp.

In the past, software applications weren’t created with security in mind (DevOps). Developers now have no option but to incorporate security at every stage (DevSecOps). Whatsapp has tried to catch up by providing a couple of security features to keep its users safe and their data safe. It’s up to the users to take advantage of these safety features for their benefit.

Staying safe now is a shared responsibility of the user and the Application. As mentioned above, Whatsapp has done its part. The rest lies on the shoulders of the user.

Scammers now use the re-registration process to hijack WhatsApp accounts.

WhatsApp’s Re-registration Process

User accounts are tied to the phone numbers of WhatsApp users. A temporary code is sent to the user’s phone number for verification in order to connect the device to the WhatsApp network.

How scammers Hijack a User’s Account

The victim usually receives a message from a compromised account of a known person, which could be Facebook, Twitter, SMS, or WhatsApp asking for a six-digit code you may have received.

Once the victim sends the code the attacker enters it and takes over the account. To make matters worse, the attacker may go on to set up two-factor authentication to prevent the victim from taking back his account. This attacker now poses as the victim to contact the other contacts of the victim and uses the same procedure to hijack their accounts.

Consequences

Privilege Escalation: There is an automatic case of privilege escalation when the victim is an admin of a WhatsApp group. This attacker gets to be the admin of the group and can choose to delete all other admins.

Information Breach: For WhatsApp groups where sensitive information is shared, this could mean a serious breach information breach.

Lateral Movement: With Whatsapp being a part of a larger family of social media applications like Facebook and Instagram, there is a possibility of the attacker taking over such accounts as well. For a start, if the victim’s Facebook page is connected to the WhatsApp number, the attacker may be receiving messages from the users of the Facebook page.

Impersonation and spoofing: All unsuspecting contacts of the victim are likely to be tricked into performing various actions due to the trust they have in the victim.

Mitigation

All is not lost when your account is hijacked. What matters when your account is breached is to quickly act to get it back. It is understandable that no matter how paranoid you may be, there is a 1% moment of weakness that could be exploited at a certain time. You can follow some of the steps below to get back to your account.

Information dissemination: Inform those who matter about the situation. If you belong to any WhatsApp group, ask the administrator to take you out of the group until the issue is resolved. 

Login Again: Log in to your WhatsApp again, like setting it up again.  This will automatically log the attacker out of your account. The situation however becomes a bit complicated when the attacker sets a two-factor authentication. There is no need to be alarmed if that is the case. You and the attacker won’t be able to use your account for 7 days, after which you will have your account back.

Way Forward

Set up two-step verification on your WhatsApp account
As a safety rule, Never give out any PIN or One- Password/PIN to anyone again

Whatsapp Account Hijacking Read More »

Solverwp- WordPress Theme and Plugin