Spooky Cyber Security Stories
With Halloween just around the corner, there are lots of scary network security stories you might hear or even worse have experienced first hand. Don't let these stories spook you, but be prepared, they can be unbearable.
The Night that Krack Attacked: A Flawed WPA2
One cold and cloudy October night, an employee comes back to their office to complete a project with a tight deadline. The lights don't seem to turn on and it's awfully quiet, with only the sounds of hard drives humming at each workstation. The employee connects to the corporate Wi-Fi network via their computer and so begins the WPA2 security protocol and the process of the four-way handshake, the protocol used in most modern WiFi systems. As this process begins, to ensure the user and access point have the correct credentials to be granted network access, the newly discovered flaw, KRACK, is used by an attacker to intercept this handshake process, force install the same encryption key, and then follow through with an attack and decryption of data. This late October night just grew darker with credit card and password information now exposed and a nightmare for IT the following morning. This was the night that KRACK attacked...
Don't get spooked, here are 3 ways you can enhance your Wi-Fi security against threats like KRACK: https://blog.pulsesecure.net/krack-wpa-vulnerability-3-ways-to-enhance-wi-fi-security/
Magniber, It's Alive and Only Wants A Few
A monster with unusual tendencies, that of targeting only very specific users in a particular region and ignoring the rest, waiting for its chance to pounce. Now taking over the distribution method of Cerber ransomware, Magniber is a new monster that performs language and geolocation checks to specifically target South Korea. The attack is executed through malvertising and exploiting a memory corruption vulnerability in Internet Explorer. Are you safe in your geolocation?
These monsters will continue to be born to attack. Contact us to learn how to beat them: https://www.pulsesecure.net/contact-us/