StartupTalky

Tag: attack

  • Why Password manager is Essential for your Business in 2021

    Password Managers are considered to be essential even if it for your personal use or a business. In the recent years with the increase of cyber crimes and various other cyber related activities, it is always wise to choose a password manager for your business or an enterprise. Let’s look at some of the reasons why password management is important for your business.

    Strong passwords
    Unique Passwords
    Remembering passwords
    Password Retrievals
    Browser Password management
    Phishing attacks
    Multi-factor authentication and syncing of devices
    FAQ

    Strong passwords

    Your employees are most likely not to use any strong passwords. Most of them would not like to create new passwords and most likely they would choose to go with a simpler one. As we tend to forget passwords many of us use the password that we have already used across various platforms.

    Nowadays with password-cracking software, it is easy to crack all the passwords and it is said that passwords which were considered strong and safe 5 years back are considered to be easy to crack now. Hence password manager is important for setting up of strong passwords and automation of logins.

    India- Third most affected country due to cyber attacks.
    Firstly we need to understand that what a cyber-attack is- A cyber-attack can bedefined as the malicious activity or planned attempt by any organization or anindividual to steal or corrupt the information of the system of anotherorganization or individual. Cybercriminals or hackers generally use …
    StartupTalkyAditi Chawda

    Unique Passwords

    You will have to invest some of your time to create a unique password and most of them would randomly make a unique password. The carelessness of some employees may lead to the breach of data. Passwords aren’t considered secure unless and until it has 12 characters with a combination of upper, lower case, special characters, and numbers.

    Some of them would take initiative and patience to create a unique password but they will have to ensure that they memorize them. Because of this the people again try to repeat the same passwords across different platforms.

    Password managers have inbuilt algorithms that can generate unique passwords and store them securely which will let you use the platforms without remembering the passwords.

    Remembering passwords

    Most of the companies try to make a secure environment by asking the employees to change passwords after regular intervals. This sounds to be secure, but when put into practical use it is not.

    When the employees are asked for a frequent password change, your employees would find it hard to remember and they would save the passwords for an easy access to it.

    They may note it down in some platform or physically write it down. This is again considered to be risky. Whereas the password managers provide an option to not have to remember the passwords.

    List of Top 15 Cyber Security Companies in India
    In this digital world, as technologies harm most industries, Cybersecurity worksas a shield for the industries at risk. As technology evolves, the adversariesare also enhancing their attack methods, tools, and techniques to exploitindividuals and organizations which calls for a strong cybersecuri…
    StartupTalkyDisha

    Password Retrievals

    It is considered by the IT departments that the major task they undertake is retrieving the passwords on a daily basis. The employees may forget their passwords because of frequent changing of passwords or because they tried creating a unique password and couldn’t memorize it.

    The retrieval of passwords would take a lot of time of the help desk and this is not a cost-effective task for a company. Whereas password managers have features where you wouldn’t have to remember or memorize your unique password.

    Browser Password management

    Most of the browsers offer a feature for password management. They will provide you an option to remember your passwords, so that you can easily log in to your frequently used platforms. But this is not a password manager and does not ensure safety. This feature is only for ease of use of the browser and to increase the number of people to use the browser.

    It means that your login credentials and details are easily accessible by any hacker and are left out in the open.

    Cost of data breach in India
    Cost of data breach in India

    Phishing attacks

    Phishing attacks are the most effective ways through which cyber criminals try getting access to your login credentials. Phishing emails or forwarded messages would seem like its from a legitimate source. But that actually is a way to get access to your login credential and will solely capture your passwords.

    Phishing Attack
    Phishing Attack

    It is most likely that a human being gets into a phishing attack than a password manager. Password managers will have a record of trusted websites and if the domain name doesn’t match, they wouldn’t provide the login credentials.

    Top 5 Technologies That Can Change The Future Of Cybersecurity
    Cybersecurity is at the tipping point entering 2021. Advances in AI and ML areaccelerating its technological progress. Technology which can take us forwardand empower us, can also show the flip side that is Cyber Crime. By creating cybersecurity systems that encourage diversity and value equality…
    StartupTalkyAvantika Bhardwaj

    Multi-factor authentication and syncing of devices

    You will most probably need to login through various devices such as mobile phones, desktops, tablets, etc. and there are no specific platforms or an application which will easily let you login through devices other than password managers. Password managers will provide an option to sync between various devices of your choice.

    Two-factor authentication provides an extra layer of security to your passwords. It is a feature which is provided by various password managers which uses an extra step to access your login credentials such as answering a question or sending an OTP to your mobile phone. This will add an extra layer of protection to every data stored in your password manager.

    FAQ

    Is it good to have a password manager?

    Many people re-use the same password on multiple websites. Password managers makes it possible and easy to use a different random password for every account.

    Can malware change your password?

    A malware in your computer with the help of the third party could reset your passwords on other websites and gain access to almost any of your online accounts.

    What is the best Password Manager 2020?

    LastPass is considered the best Password Manager, because of its ease of use convenience, security and price.

    Conclusion

    There are a lot more benefits of using a password manager for your business.  It can be one of the effective tools which are required by your business.

  • IT Services giant Cognizant Hit by ‘Maze’ Ransomware

    New-Jersey headquartered Cognizant Technology Solutions Corporation is one of the world’s largest providers of IT services. But on April 18, it became a victim of Maze ransomware attack that has caused disruptions to its clients. The incident comes at a time when businesses have been already disrupted by coronavirus pandemic that has forced companies to turn to initiatives like work from home to ensure business continuity.

    Cognizant released a statement on Saturday on its official website which stated, “Cognizant can confirm that a security incident involving our internal systems and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.

    Cognizant has around 300,000 employees and over $16.8 billion in revenues. It handles the IT services for many of the top Fortune 500 companies. Cognizant has majority of its employees in India and the Philippines working from homes during the lockdown caused by Covid-19.

    Among other services, Cognizant provides a wide range of outsourced IT services for the financial services sector. The financial sector accounted for over $5.8 billion of its total revenues in 2019. The company, that has 3 lakh employees working worldwide, said it was hit by the Maze ransomware group and is engaging law enforcement authorities to take some legal actions against the group.

    In January, 2020, the Federal Bureau of Investigation(FBI) had issued an alert warning to all U.S. companies about the Maze’s ill practices of threatening to release company information if the desired ransom is not paid to them.

    Even after being attacked, Cognizant has not yet been named on a website that is associated with Maze attackers. The website has named other companies in the past for failing to fulfil the Maze related ransomware demand. Brett Callow, security analyst, said that the group could simply be A/B testing alternative negotiating strategies to see whether permitting companies to control the release of information results in better outcomes or not.

    What is the Maze Ransomware?

    The infamous Maze ransomware was discovered in 2019 and since then, it has gained notoriety. The anonymous hackers behind Maze have made headlines in recent months for publicly holding its victims hostage. The group is known for threatening to leak company’s valuable information if the target doesn’t pay its desired ransom.

    The cyber criminals behind the Maze ransomware use a range of different techniques to gain entry to the companies it is targeting. It includes exploits kits, remote desktop connections with weak passwords or sophisticated fraudulent campaigns. The ransomware itself is sophisticated so that its code avoids detection by security programmes.

    According to March 2020 McAfee analysis, Maze malware is a binary file of 32 bits usually packed as an EXE or a DLL file. This indicates that the Maze ransomware can also terminate debugging tools used to analyse its behaviour, including the IDA debugger, x32dbg, OllyDbg and more processes. So it is almost impossible for a ordinary firewall software to detect the threat.

    Also Read: Sequretek is Working Hard and Smart to Secure Your Startup

    What does Maze Group do?

    Typically the goal of any ransomware attack is to infect computers in a private network and encrypt files on these computers and then demand a ransom to recover the files. According to experts Maze is different. The attacker in this case has the ability to format or transfer the data onto his or her server. The data is then held on this server until a ransom is paid to recover it. If the victim does not pay the expected ransom, the attackers then publish the data online in public.

    According to Beenu Arora, CEO & co-founder of US-based cyber security company, Cyble, Maze ransomware operators are known to conduct their attack below the surface. They are known for stealing the company’s data first followed by locking their target systems. They fully understand their victim’s reputational risks and hence their approach is basically “steal, lock and inform.”

    According to a report, the attackers even justified their actions in a statement saying:

    We want to show that the system is unreliable. The cybersecurity is weak. The people who should care about the security of the information are unreliable. We want to show that nobody cares about the users. Now it’s our turn. We will change the situation by making irresponsible companies pay for every data leak.”

    Arora further added that the notorious ransomware group understands the brand value of the organization it plans to attack. It has turned into a well-funded network in recent months. The reason behind this is successful ransomware attacks due to growth in their group and organizations increasingly paying ransomware extortions as no options are left. Also, some certain cyber insurance companies are negotiating with the ransomware operators to make payments.

    Maze Ransomware
    Maze has tried to target many U.S. Companies

    The alleged targets of Maze have included the city of Pensacola in Florida, cybersecurity insurance provider Chubb Ltd. and Canadian construction company Bird Construction Inc., according to various media reports. The Maze group has claimed to post files from all three companies on its website. Now, the same might be done in case of Cognizant.

    According to Brett Callow, a threat analyst at Emisoft, even though hackers linked to Maze have denied their involvement in the attack on Cognizant, it does not mean that Maze isn’t responsible for the attack. For the moment though, no Cognizant data has been advertised for sale or published online.

    What are Steps being taken by Cognizant?

    Cognizant has about 200,000 employees based in India. This means it must take the necessary steps to contain the ransomware in order to not cause any furthermore disruptions as its clients are spread across the world.

    As a solution to this, Cognizant has said that it is looking into the incident and the company is also communicating with clients on the measures to be taken by them to deal with the disruptions. Cognizant quoted that their internal security teams along with the leading cyber defense firms are actively taking steps to contain this incident.

    Also Read: 9 Battle-Tested Hacks to Market your New Startup Organically

    Cognizant has also engaged with the appropriate law enforcement authorities to take required legal actions. Cognizant is in ongoing communication with our clients. They have provided them with Indicators of Compromise (IOCs) which identify potentially malicious activity on a system and other technical information of a defensive nature.