Azure Archives - Hack Ware News https://hackwarenews.com/tag/azure/ News, ethical hacking, cyber crime, network security Mon, 08 Oct 2018 15:41:34 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 Azure Blob Storage phishing attack impersonates Microsoft https://hackwarenews.com/azure-blob-storage-phishing-attack-impersonates-microsoft/ https://hackwarenews.com/azure-blob-storage-phishing-attack-impersonates-microsoft/#respond Thu, 04 Oct 2018 14:53:58 +0000 https://hackwarenews.com/?p=5338 Azure Blob Storage phishing attack impersonates Microsoft. Although phishing attacks can often be quite believable, some more tech savvy users recognise something isn’t right when they see that the login form is unsecured or the SSL certificate doesn’t match the company being impersonated. However, there is a new phishing attack that stores their phishing form […]

The post Azure Blob Storage phishing attack impersonates Microsoft appeared first on Hack Ware News.

]]>
Azure Blob Storage phishing attack impersonates Microsoft. Although phishing attacks can often be quite believable, some more tech savvy users recognise something isn’t right when they see that the login form is unsecured or the SSL certificate doesn’t match the company being impersonated.
However, there is a new phishing attack that stores their phishing form on Azure Blob Storage, so that it is secured by a Microsoft SSL certificate, giving an air of legitimacy to its victims. The phishing attack is an Office 365 based attack.

 

Azure Blob storage is a service that allows for storing large amounts of unstructured object data, such as text or binary data. This data can then be accessed anywhere in the world using HTTP or HTTPS. When the user connects via HTTP or HTTPS, a SSL certificate will be displayed, making it difficult for even competent users to tell it’s a phishing attack.

 

Cloud security provider Nekskope recently discovered this method being used. The attackers have been sending victims emails with a PDF attachment that pretend to be from a law firm in Denver. The attachments are innocently named “Scanned document. Please review” and contains a button to download the PDF. When the target clicks on the button they are brought to a HTML page masquerading as an Office 365 login form. The URL may trigger some savvy users to be suspicious, but the SSL may be enough to convinced them that this is a secured and legitimate Microsoft site.

Azure Blob Storage phishing attack impersonates Microsoft_1

Once Clicked on the “Download PDF”button, you are presented with message that the document is trying to connect to Azure blob storage

Azure Blob Storage phishing attack impersonates Microsoft_2

Azure Blob Storage phishing attack impersonates Microsoft_3

In order to protect yourself from this type of attack Netskope advises that companies would properly educate their users to recognise non-standard URL addresses. If users could easily recognise the legitimate address and be suspicious of any change in the web address then they would be less likely to fall victim to this type of phishing scam.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

 

The post Azure Blob Storage phishing attack impersonates Microsoft appeared first on Hack Ware News.

]]>
https://hackwarenews.com/azure-blob-storage-phishing-attack-impersonates-microsoft/feed/ 0
Annus horribilis or Annus Mirabilis for cybersecurity in 2018 https://hackwarenews.com/annus-horribilis-annus-mirabilis-cybersecurity-2018/ https://hackwarenews.com/annus-horribilis-annus-mirabilis-cybersecurity-2018/#respond Thu, 08 Feb 2018 10:38:28 +0000 https://hackwarenews.com/?p=3527 Annus horribilis or Annus Mirabilis for cybersecurity in 2018. We entered the New Year of 2018  full of promises and hope, but will this “new year euphoria” going to last and will prove to be short-live joy? So far as 2018 progresses, the year seems rather promising with the exception of recurrence of “Black Monday” […]

The post Annus horribilis or Annus Mirabilis for cybersecurity in 2018 appeared first on Hack Ware News.

]]>
Annus horribilis or Annus Mirabilis for cybersecurity in 2018. We entered the New Year of 2018  full of promises and hope, but will this “new year euphoria” going to last and will prove to be short-live joy?

So far as 2018 progresses, the year seems rather promising with the exception of recurrence of “Black Monday” on 5 February 2018 which witnessed the biggest Dow Jones drop of all time over the stock markets. Cryptocurrency also went with the dive since achieving historical high late last year.

For the cybersecurity sector, no boom and bust cycle yet as the year entered the second month. However, US-headquartered security technology firm, A10 Networks highlighted to Hackwarenews on the cyber threats trend ahead for 2018.

 

Bigger, bolder and costlier cyber-attacks expected in 2018

Song Tang Yih, vice president Asia Pacific of A10 Networks told Hackwarenews that cyber-attacks in 2018, will be bigger, bolder and much costlier for victims.

“For 2017, spending on cybersecurity reached USD86 billion which was a humongous amount,” said Song.

Furthermore, he noted that the average data breach cost in 2017 accounted to around USD 4 million, while the annual cyber-attack cost ballooned to USD 400 billion alone. Using these past data, Song expected an increasing volumes of cyber-attacks in 2018, as hackers used more sophisticated approaches such as “Reaper malware” to breach vulnerabilities in systems for financial benefits.

 

More state-sponsored attacks expected

Some of these cyber-attacks were believed to be state-sponsored in nature at a bid to obtain hard currency as voiced out by Jonathan Tan, regional vice president, ASEAN and Pakistan of A10 Networks.

“There is no good time or bad time, where the hackers will rest. In fact, more so during the bad time, hackers will hack for finance gains.” commented Tan.

Some of the cyber-attacks were believed by Tan to be inspired by regional tensions among countries which eventually conducted cyberwars to breach each other systems. To Tan, Singapore is in the forefront of this battle due to the connectivity among its various governmental services and its ambition of becoming an IT-savvy Smart Nation.

 

Telco Operators on the hit list

Beside government networks, Tan expected Telecommunication (telecom) operator to be next victims due to its role in serving as the conduit for businesses. In his opinion, the hackers will seek to exploit Internet Protocol version 6 (IPv6) or Internet of Things (IOT) vulnerabilities.

Cameras and surveillance system run via the telecom network will also be another vulnerable spots for attacks to compromises corporates securities or simply to bring the whole network down to the attackers’ advantages.

 

The Challenges of merging various Cloud platforms

In 2018, Song estimated more corporations and organisation to merge their private clouds with public clouds into multi-cloud environments for scalability purposes. The merging processes, however might provide more vulnerabilities for data breaches and the call for the protection of personal data online is more needed than ever.

The good news is that there are already some partnership and technology development set in motions to smooth out the merging of private and public cloud. For instance, software giants like Microsoft, Azure and Google have come together to provide uniform set of infrastructures and application program interface (API) for hybrid clouds to further improve efficiency.

 

Deceptive technology to act as sheepdog against cyber-attacks

Despite the various threats, security services providers like A10 Networks has something in their sleeves against cyber-attacks. One of the weapons will be using adaptive, deceptive and predictive security products to prevent cyber-attacks.

To certain extent, Tan even dubbed the deceptive and predictive technology into a “Top Five Technology” in 2018. As these know-hows give security operators the ability to predict a cyber-attack that is yet to happen.

“Deceptive and predictive technology allows the security firm to trick the hackers to stay ahead of them and protect systems,” concluded Tan.

In his opinion, the digital security will eventually become a basic human right issue as our world gets more interconnected and our dependence on safe communication become close to our needs for clean air, water and food.

The post Annus horribilis or Annus Mirabilis for cybersecurity in 2018 appeared first on Hack Ware News.

]]>
https://hackwarenews.com/annus-horribilis-annus-mirabilis-cybersecurity-2018/feed/ 0