Cyber Security

6 Ways to avoid a Punycode attack

Photo by Arsyad Basyarudin on Unsplash

Research shows a new phishing site is created every 20 seconds and they are usually only live for four hours before hackers take them down and move on to create another deceiving domain. A clever way to cover their tracks and evade detection.

  1. Be cautious if the site presses you to do something quickly. This is a classic strategy by hackers to rush their potential victims so that they are less likely to notice anything suspicious. Often they will offer a “limited time only” deal, and make it difficult to exit the page with ‘are you sure you want to exit’ pop-ups: these are all tactics to make you stay on their site longer and give them your details.
  2. If you are being offered a deal, go to the original company site and check if it’s available there as well, if not it’s most likely a scam doing its best to mimic the established brand and trick visitors into handing over their details.
  3. If some of the letters in the address bar look weird, or the website design looks different, rewrite it or visit the original company URL in a new tab to compare. The letters in the address bar looking strange is a key indicator that punycode is being used to trick you into thinking you are visiting a well-established brand site when in fact you are being taken to a malicious site.
  4. Use a password manager; this reduces the risk of pasting passwords into dodgy sites.
  5. Force your browser to display Punycode names, this option is available in Firefox.
  6. Click on the padlock to view and inspect the HTTPS certificate.

February 5, 2025 by Cyber Security 0

What is Punycode?

Photo by Mika Baumeister on Unsplash

Punycode
noun
Unicode that converts words that cannot be written in ASCII, like the Greek word for thank you ‘ευχαριστώ’ into an ASCII encoding, like ‘xn--mxahn5algcq2e’ for use as domain names.
What does this actually mean?!

Writing with numbers

As with all things computers, it all boils down to numbers. Every letter, character, or emoji we type has a unique binary number associated with it so that our computers can process them. ASCII, a character encoding standard, uses 7 bits to code up to 127 characters, enough to code the Alphabet in upper and lower case, numbers 0-9 and some additional special characters. Where ASCII falls down is that it does not support languages such as Greek, Hebrew, and Arabic for example, this is where Unicode comes in; it uses 32 bits to code up to 2,147,483,647 characters! Unicode gives us enough options to support any language and even our ever-growing collection of emojis.

So where does Punycode come in?

Punycode is a way of converting words that cannot be written in ASCII, into a Unicode ASCII encoding. Why would you want to do this? The global Domain Name System (DNS), the naming system for any resource connected to the internet, is limited to ASCII characters. With punycode, you can include non-ASCII characters within a domain name by creating “bootstring” encoding of Unicode as part of a complicated encoding process.

January 28, 2025 by Cyber Security 0

Why Do You Need an Incident Response Plan?

Photo by Glenn Carstens-Peters on Unsplash

Not long ago, many organizations thought that security incidents only affected others. However, the recent surge of cyber attacks targeting infrastructure used by thousands of organizations has revealed the vulnerabilities in information security practices. The consequences of a successful cyber attack can vary significantly, ranging from minor disruptions in business operations to severe financial and legal repercussions. Therefore, when incidents occur, it’s crucial to understand who is responsible for what. Having an effective incident response plan is essential to keep your actions organized and minimize operational risks.

An Incident Response Plan (IRP) is essential for organizations to effectively manage and mitigate security incidents. Here’s why having one is crucial:

1. Minimizes Damage and Downtime

  • A well-prepared IRP allows for quick containment and resolution of security breaches, reducing operational disruptions and financial losses.

2. Ensures Regulatory Compliance

  • Many industries, such as healthcare (HIPAA), finance (PCI-DSS), and government (NIST, GDPR), require an incident response plan to meet legal and regulatory obligations.

3. Protects Sensitive Data

  • A structured response helps prevent data breaches, reducing the risk of exposure for confidential business or customer information.

4. Enhances Incident Detection and Response

  • Clear guidelines help security teams quickly identify, analyze, and respond to threats before they escalate.

5. Reduces Financial and Reputational Impact

  • Cyber incidents can be costly, both in direct financial terms (fines, legal fees) and reputation loss. An IRP helps minimize these risks.

6. Facilitates Coordination and Communication

  • Provides a clear framework for internal teams and external stakeholders (law enforcement, customers, vendors) to follow during an incident.

7. Improves Post-Incident Learning

  • An IRP includes post-incident analysis to understand what happened, improve defenses, and prevent future occurrences.

8. Mitigates Legal Risks

  • A documented and well-executed response plan can demonstrate due diligence, potentially reducing liability in case of legal action.
January 9, 2025 by Cyber Security 0

What is the Red Team?

Photo by Shamin Haky on Unsplash

The world has reached a point where you can’t live without technology. Technology to communicate, to travel, to escape unbearable weather, to have clean water, to ease up the digging of earth, to increase up the flames of fire, to have a cleansed and cool air, and so much more. Wherever you go, you’ll always find technology around you spread around like air. You complete most of the tasks using technology like shopping, selling, calling, messaging, listening to music, watching a movie, capturing a photograph, and the list goes on. Since the world runs on the effect of cause and causality, this digital and technical world has cons too. The flaws and vulnerabilities in technology become the cons in this world. These vulnerabilities are the reasons you fall victim to cyber crimes. The bigger reason for you to fall victim to cyber crimes is cyber criminals. This issue present in the world brings up the term “Red Team”.

Let’s discuss it. The first question that arises is, “What is Red Team?”.

“Red Team” is basically a term that focuses on the security of a system regardless of whether it is for an individual or an organization itself. “Red Team” is a military term that is given to a team of experts that specialize and prioritize in the penetration testing, assessment, and designing of secure systems. Red Teaming is a process that follows steps to detect vulnerabilities in a system or a network and exploit those vulnerabilities by stepping into the shoes of an attacker just to get to know how can an attacker exploit those vulnerabilities and intrude the system. Following the path of an attacker is an important step in red teaming because, by this step only, a designer can get to know how can an attacker intrude into a system and what steps will be necessary to prevent that intrusion.

There’s a lot of stuff across the world regarding cybersecurity. The question that is often asked is “Why is Red Team necessary?”.

Cyber threats have been spread all across the world causing trouble and harm to a huge population. There have been a lot of cyber attacks in the past that has cost a great loss of either money or life. There were attacks in past, there will be in the future. That’s how the world works. Therefore, it is necessary to take steps to prevent the attacks that are hovering above us. Red Teaming is necessary because of the way this process works. Security policies, efficient configuration, secure system and network designs, security patches applied, removal of vulnerabilities, and so much more layers are added into a system to make it secure and prevent it from being attacked. A thorough red teaming process will include testing of a system, a network and all the networking devices used in a system.

A lot of words but one thing in conclusion. Red Teaming is basically an overall process where all the steps are taken that are necessary to provide security.

December 15, 2024 by Cyber Security 0

Why All Non-Profit’s Should Undergo Penetration Testing

Photo by KeepCoding on Unsplash

While the number of organizations that have suffered a cyber attack goes up, the clock for when it’s your turn is ticking down. In fact, it’s likely that your clock has already run out, you just haven’t noticed it yet.

As each day passes, hacking is becoming a more automated process, allowing unskilled computer users to become successful cyber criminals. The effort required to download hacking software and get it up and running is worryingly low.

An effective form of defense against these automated cyber attacks is regular penetration testing. An organization that conducts regular penetration tests stands a much larger chance of blocking cyber attacks due to their knowledge of vulnerabilities.

Uncover Hidden System Vulnerabilities Before the Criminals Do

The most surefire way to measure your security level is by studying how it can be hacked. A penetration test offers an ability to safely test your system’s resistance to external hacking attempts. It models the actions of a potential intruder by trying to exploit the vulnerabilities caused by code mistakes, software bugs, insecure settings, service configuration errors and/or operational weaknesses.

The major difference between a penetration test and a real hacking experience rests in its safe and controlled manner. It simulates a real attack scenario and exploits the vulnerabilities only to showcase the potential harm of a malicious hacking attempt. Moreover, the client company can pre-define the scope and timing of a penetration test and is informed beforehand about any active exploitation of vulnerabilities in its IT infrastructure.

Organizations usually conduct penetration tests right after the deployment of new infrastructure and applications or after the introduction of major changes to their infrastructure (e.g. changes in firewall rules, firmware updates, patches and software upgrades). This service can help them identify and validate potential security loopholes in their IT systems before cyber criminals can make use of them and successfully bring new products to the market.

Preserve Non-Profits Image and Customer Loyalty

Security attacks may compromise your sensitive data, which leads to the loss of trusted customers and serious reputational damages. Penetration testing can help you avoid costly security breaches that put your organization’s reputation and customers’ loyalty at stake. Moreover, a pen test may grow in time and complexity if the system requires an additional scope. It may be also conducted in combination with vulnerability scanning to provide even more meaningful insights on vulnerabilities and potential breach points in your IT infrastructure.

Hacking has now become an automated process

Hacking tools have grown in popularity and a catalogue of exploitable vulnerabilities is readily available online. Such tools permit even novice hackers to gain access to complex exploits for opportunistic attacks.

COMPLY WITH SECURITY REGULATIONS

Pen testing will help protect your assets from potential hackers and keep you safe online. Regular pen tests follow standards such as PCI, HIPAA and ISO 27001. Following these standards will help you avoid fines. Moreover, it is advisable to stage regular penetration tests and security audits by taking the services, professional security analysts.

October 15, 2024 by Cyber Security 0

Best Practices for Sock Puppets

Creating research accounts can be a challenging task, and it often requires a lot of effort and experimentation to get it right. Trial and error is often the key to success in this process. There is no step-by-step process when setting up accounts, but these are some considerations before creating a research account; some points may seem basic but are equally important.

The best approach is to create an account as a regular user. Quick entry of email and password is critical.

  • IP Address: To avoid getting flagged by social media platforms, it’s best not to use a Virtual Private Network (VPN) when creating a sock account. After making the account, signing in from different locations using free Wi-Fi connections (like those available at coffee shops) is essential, as this will show the platform that you are a legitimate user. By using a variety of IP addresses, you’ll be less likely to get flagged.
  • Name: Use fictional details when considering a name for your sock account. Avoid using your real identity. Consider what name would blend in with your target group because you want to make sure your account stands out if you are suggested as a friend.
  • Email address: You have several email provider options (Mail.com, Gmail.com, Yandex.com, Outlook.com). Do not use a previously created email address – always start fresh and create a new email that has not been once used.
  • Phone verification: If you cannot bypass the verification, use a burner phone and SIM card to create accounts.
  • Profile photo: When choosing images to post on social media, it’s best to use generic landscapes like mountains, beaches, etc. It’s important to avoid using someone else’s identity or photos. Stock images can be helpful in some cases, but you should always crop the photo to delete any previously stored data before uploading. Social media platforms have algorithms that can detect the use of stock images, and your account may be flagged if this is seen.
  • Activity: Once your account is created, you must start interacting naturally, such as posting links, liking pages, etc. The main objective is to mimic how a natural person would use a new account and convince the platform that you are a natural person.
  • Setting/Privacy settings: Immediately review and set the privacy settings for the platform and choose the most secure privacy settings that will allow people to see as little information as possible.
February 16, 2024 by Cyber Security 0

What is Attack Surface Management?

Photo by Possessed Photography on Unsplash

Attack surface management (ASM) is the continuous discovery, inventory, classification, prioritization, and security monitoring of external digital assets that contain, transmit, or process sensitive data. In short, it is everything outside of the firewall that attackers can and will discover as they research the threat landscape for vulnerable organizations. In 2018, Gartner urged security leaders to start reducing, monitoring and managing their attack surface as part of a holistic cybersecurity risk management program.

Today, attack surface management is a top priority for CIOs, CTOs, CISOs, and security teams. What is an Attack Surface?

Your attack surface is all the hardware, software, SaaS, and cloud assets accessible from the Internet that process or store your data. Think of it as the total number of attack vectors cybercriminals could use to manipulate a network or system to extract data. Your attack surface includes:

Known assets: Inventoried and managed assets such as your corporate website, servers, and the dependencies running on them.

Unknown assets: Shadow IT or orphaned IT infrastructure that stood outside the purview of your security teams, such as forgotten development websites or marketing sites.

Rogue assets: Malicious infrastructure spun up by threat actors such as malware, typosquatting domains, or a website or mobile app that impersonates your domain.

Vendors: Your attack surface doesn’t stop with your organization; third-party and fourth-party vendors introduce significant and fourth-party risks. Even small vendors can lead to large data breaches; look at the HVAC vendor that eventually led to Target’s exposure of credit card and personal data on more than 110 million consumers.

Millions of these assets appear on the Internet daily and are outside the scope of firewall and endpoint protection services. Other names include external attack surface and digital attack surface.

January 29, 2024 by Cyber Security 0

What are Sock Puppets in OSINT

Sock puppets, or research accounts, are fictitious online identities that conceal an OSINT investigator’s true identity. They are created to gain access to information that requires an account to access. However, it is essential to note that creating fake accounts goes against the Terms of Service of some websites. Therefore, the users are responsible for reading and understanding the Terms of Service of their websites. Although creating sock puppets is not usually illegal, it is equally important to check with your organization’s policies to ensure you have permission to create and use them.

Purpose of Sock Puppets

Sock puppets are created to keep OSINT research separate from personal life. This ensures that OSINT investigators maintain anonymity and practice good Operational Security (OPSEC). It is crucial to emphasize the importance of separating an OSINT investigator’s real identity from their research accounts.

Some social media platforms, such as Facebook, may expose your identity to a target being investigated through friend recommendations. Additionally, if you use your account to conduct online research, you may accidentally like a post or send a friend request to your target. To avoid these risks, it would help if you created sock puppets before starting your research. To put it in perspective, imagine yourself as a police officer conducting surveillance using your vehicle, which would reveal your identity. You would not do that, right? Similarly, using your personal social media accounts to research a subject could be better because it can expose your real identity.

What are the Sock Puppet Functions?

When you are passive, it means that you do not interact with a particular target. However, your profile might still show up in the “suggested friends” or “people to follow” results, so it is advisable to try blending in a little. One way to do this is by choosing a name that fits well with your target group.

Engaging with your target in some way, such as by adding them as friends on Facebook, is essential to conducting active research. Blending in with the target group during active research is even more crucial. If you plan on engaging with your target, creating a few accounts on different platforms is recommended to make it appear like you are a natural person.

January 4, 2024 by Cyber Security 0

Attack Surface: How can I reduce the attack surface?

Photo by Azamat E on Unsplash

There are various ways to decrease the attack surface. Let’s take a look at some of the more widely used techniques.

The digital side

The easiest target to attack is the digital attack surface. Let’s explore effective strategies to reduce the attack surface.

Less code, less software attack surface

When you reduce the code you’re running in your desktop, server, or cloud instance, you’re reducing the possibilities for entry points to be discovered and later exploited. Turn off, disable, or remove unnecessary software features, and simplify your code. Fewer codes also mean fewer software bugs and vulnerabilities; at the end of the day, that equals fewer security risks overall.

Remove unnecessary OS software and services.

Cleaning the OS includes removing unnecessary functions, applications, and system tools. Do you need a printing service running if you don’t use a printer? What about that MYSQL server running on the 3306 port? Do you need it if you don’t host any databases? And is Adobe Suite required if you don’t work with any PDF files? Install only the strictly necessary applications for your employees’ daily work, and turn off all unused protocols or services. The same advice goes for servers.

Scan your network ports.

Scanning the open ports in your public IP addresses is often the first thing attackers do when performing infosec reconnaissance on any target.

Luckily, there are many ways for you to stay one step ahead of your attackers. And your best bet is to begin auditing your network ports before they do. In our previous article about most scanned ports, we showed a quick way to get famous using the almighty Nmap command.

While using the Nmap top-ports option helps audit your port exposure, this activity can be done using different port scanners such as Unicornscan, Angry IP Scanner, or Netcat.

Analyze your SSL certificates.

People often see SSL certificates as a way to prove a website is secure, but that can be a big mistake.

How hardened are your SSL certificates? Are you keeping your SSL chains complete and well-secured? Are you using strong cipher suites? These are fundamental questions that all developers, system administrators, and technical managers should ask themselves more often. Additional information can be found in our article: Is SSL a real sign of security?

But SSL security doesn’t end up in your hardening, chain, and overall security score. You also need to consider the data you’re exposing to the public.

Have you ever thought about your SSL certificate expiration and validity? Your attack surface includes all your SSL certificates—valid, active, and expired ones.

Of course, the bad guys can explore such public information. So, remember that while SSL certificates are suitable for encrypting your information…not having a thorough audit or control over them can lead to some of your worst nightmares.

Segmentation your network

Keeping all your assets within a single network is often one of the biggest mistakes you can make. Splitting and segmenting your network is one of the easiest ways to reduce your attack surface.

This will help increase your network barriers and, at the same time, help you gain better and more effective server or desktop controls over all machines connected to the network.

Audit your software, network, and traffic.

Auditing your software is one of the oldest known tactics for reducing your attack surface. This will help detect misconfigurations and outdated software, test the security system, and keep users’ activity under control.

Analyzing the network, protocols, OS services, and current and past traffic over the network is a great way to detect factors that could expose your attack surface even more.

Log analysis plays a critical role in reducing your attack surface. Also, running scheduled audits on overlooked services (such as the DNS service) can help keep your exposure under control, as we covered in our previous article: Why should I perform a DNS audit?

The human side

The physical attack surface involves our world, making its most significant component none other than the human being.

As we’ve said before, company staff is often one of the weakest links in the cybersecurity chain of your online business.

Let’s see what can be done to avoid exposing your physical attack surface as much as possible:

Train all your employees to avoid getting tricked by social engineering calls or phishing emails. These are two of the most common ways to sabotage networks, routers, and other physical hardware, most of the time allowed by your human capital. 

While nothing can prevent rogue employees from stealing sensitive information about your company (including email or user logins), human resource and hiring departments do have psychological tests in hand for screening applicants. These tests may reveal the true nature (including many unconscious aspects) of the people in line to work with your team.

Teaching your employees correct policies concerning using unknown and unauthorized devices in the office can also help reduce baiting attacks. 

There are more social engineering techniques we’ll explore in future posts. Fortunately, they all rely on following company-based security practices and constant employee education.

November 15, 2023 by Cyber Security 0

Attack Surface: What is an attack surface?

Photo by Bernd 📷 Dittrich on Unsplash

What does “attack surface” mean? I see the attack surface as the entire network and software environment exposed to remote or local attacks. For others, it’s the sum of compromised points—although that’s not the attack surface, but the attack vectors.

An attack surface refers to all the ways attackers can exploit your apps. This includes software, operating systems, network services and protocols, domain names, and SSL certificates.

A classic example to help illustrate the concept of attack surface is your business’s physical office. What’s the attack surface of your local office?

The answer is simple: doors, windows, safe boxes, etc. What about your home? Even simpler: front and back doors, windows, garage doors, climbable trees or tables, etc.

The difference between detecting a breach in your home and a violation in your company’s online attack surface can be characterized by the size of the area and its inclusion of multiple complex regions to explore.

You’d clearly notice if someone had broken a window or forced open the door in your home. It’s even easier to have a home alarm system that notifies you immediately.

However, due to the extensive network, software, protocols, and services running within an online company, detecting what part of the attack surface was the origin of the breach or intrusion can be tricky, even with a solid IDS in place, application firewalls, and notification alerts. Most of the time, it may pass unnoticed.

November 7, 2023 by Cyber Security 0

Recent Comments

No comments to show.