Codechef4u is a community for computer professionals,by computer professionals,just like you; who loves sharing and helping each others,Join them
Share your post

Preventive guidelines to stay safe from Wannacry Ransomware or any other cyber-attack

Preventive guidelines from Wannacry Ransomware or any other cyber-attack


Previously I shared around seven post on computer and web security, toady I am sharing this post on latest hot topic Wannacry Ransomware attack and prevention. You can use these guidelines as preventive steps for any other cyber-attacks. Before sharing all steps, I will explain some security terms related to cyberattack.  

What is malware?

This is type of virus(software) which is specifically designed to disrupt, damage, or gain authorized access to a computer system.

What is Ransomware?

This is a malicious software designed to block access to a computer system until a sum of money is paid, Software uses cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it.

What is cryptovirology:

Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.

What is Wanna Cry Ransomware?

A type of virus that infect computers, and then prevent the user from accessing the operating system, or encrypts all the data stored on the computer,
The user asks the ransom to pay a fixed amount of money, as opposed to decrypting files or allowing access again to the operating system.

Top 10 Preventive Measures from Wannacry malware or any other cyber-attack,

    1.  Keep your computers updated

Most cyberattacks targets out-of-date systems frequently, best example is WannaCrypt ransomware worm.

a.      Best preventive measure is keep your computer updated.

b.      Keep all security software’s updated, if you are using any third-party security software/tool keep that updated. 

c.       Keep all your important software’s updated.

Almost all infected computers from Wannacry Ransomware are not updated with Microsoft latest security update or using old XP,2003 operating systems.

Microsoft guidelines to prevent Wannacry are,

To prevent infection, users and organizations are advised to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010.

https://technet.microsoft.com/library/security/MS17-010

For those using Windows Defender, please use following update

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

 2.  Create an internal policy

a.      Create data and internet use policy for your employees.

d.      Cerate policy for employees to avoid clicking spam and harmful links/fraudulent messages in email or using a poor password.

e.      Avoid using untrusted videos and attachments from emails and websites.

f.        Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems, check regularly for the integrity of the information stored in the databases.

g.      Restrict users install and run unwanted and not trusted software applications.

h.      Make policy for remote connections and least privileged users.

 

  3.  Regular important data and files backup

 Keep your files backed up regularly and periodically, that includes important database,  software, files/documents backup.

  4.  Security software and required security tools

Its recommended to use Firewalls, network security tools and anti-virus software’s.

  5.  Safe web browsing and external data policy

a.      Block harmful and not trusted website in your network or computer.

b.      Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.

c.       Deploy web and email filters on the network, Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.

d.      Implement strict External Device (USB drive) usage policy.

  6.  Employee awareness, education and knowledge sharing about information and data  security

a.       Be aware of fraudulent and fake advertise/spam e-mail messages that use names like popular services such as PayePal like PayPal,google like gogle or use popular service names without commas or excessive characters.

b.      Educate employee about data security and security flaws.

c.       Educate people how to use your business system and company data.

d.      Restrict execution of not trusted powershell /WSCRIPT, executable code and Disable macros in MS Office products.

  7.  Hire security experts

a.      There is not a single software\tool available in market with 100% secure, invest in security experts that helps to prevent your business from security risks.

b.      One of the best ways for you to discover if there are any holes or security risks present in your infrastructure is to hire a security consultant.

 

  8.  Create strong passwords and change them frequently

a.      Change your password frequently never use the same password for all your accounts, if you are doing that then you are inviting for attack.

b.      Try to create complex and unique passwords that combine numbers, symbols and other factors to ensure it is safe and secure.

  9.  Security review on your applications

a.      Review your web/mobile application security frequently.

b.      Penetration and full security testing is must for your web and mobile applications.

  10.  Ensure and confirm external links and messages

a.      Never click on a link that you do not trust on a web page and websites, never click links from social media that you do not trust.

b.      If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links).

 

References:

https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07

http://www.business2community.com/cybersecurity/8-ways-businesses-can-prevent-cyber-attacks-01251164#CdjMTEc9iYyq2pqu.97

http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.001pbez1210y9d1510v9ukijwjrbf

HTML Encode and Decode in web application

WebUtility.HtmlEncode and WebUtility.HtmlDecode

Introduction

Previously I shared around six articles on security , in this article I am going to explain what is html encoding and how It prevent from xss attacks in web application and also I a am going to explain html decoding with sample example.

HtmlEncode

WebUtility.HtmlEncode Method converts a string to an HTML-encoded string.

The HTMLEncode method applies HTML encoding to a specified string. This is useful as a quick method of encoding form data and other client request data before using it in your Web application.

WebUtility.HtmlEncode converts characters as follows,

=> The apostrophe character (‘) is converted to '
=> The less-than character (<) is converted to &lt;.
=> The greater-than character (>) is converted to &gt;.
=> The ampersand character (&) is converted to &amp;.
=> The double-quote character (") is converted to &quot;.

Any ASCII code character whose code is greater-than or equal to 0x80 is converted to &#<number>, where is the ASCII character value.

HTML encode and Cross Site Scripting

What is XSS?

Cross Site Scripting (often abbreviated as XSS) when attacker uses web application send or injects malicious code like browser script, to different user. This malicious script executes and access user resources, trusted website data, website critical information. More info… http://www.codechef4u.com/post/2015/06/29/Anti-Cross-Site-Scripting-Library

HTML encode used to prevent possible XSS attack?

Encoding data converts potentially unsafe characters to their HTML-encoded equivalent.

It prevents XSS (cross site scripting) attacks, means that if you are going to save some data In database that allow following script and you used WebUtility.HtmlEncode method to encode string in that case following actual string special characters (i.e “< “is converted to “&lt”) converted into safe plain string.

  In web environment this script will be rendered safely rather than actually executing script.

Actual Script:

<script type="text/javascript">
    function FetchSomeCriticlInfo() { /* some dangerous script code */ }
</script>

In this case, Server.HTMLEncode would encode the <, >, and " characters leaving this:

Encoded Script:

&lt;script type=&quot;text/javascript&quot;&gt;
    function FetchSomeCriticlInfo() { /* some dangerous script code*/ }
&lt;/script&gt;

 

 

This script, if rendered in the browser will look like this

 

<script type="text/javascript"> function FetchSomeCriticlInfo() { /* some dangerous script code */ }
</script>

 

 

HTML Decode

 

WebUtility.HtmlDecode(String) Method converts a string that has been HTML-encoded for HTTP transmission into a decoded string.

 

HtmlDecode(String, TextWriter) overloaded method converts a string that has been HTML-encoded into a decoded string, and sends the decoded string to a TextWriter output stream.

 

Example

Follwing address is encoded using WebUtility.HtmlEncode Method

Encoded Address:

Bill Address
Nagnath Kendre
Kendre&apos;s Villa,Kendrewadi
Mahrashtra,India.

 

If I want to use this address into email or display to user I require to decode this &apos; string to actual character.

 

Following Address is Decoded using WebUtility.HtmlDecode Method

Decoded Address:

Bill Address
Nagnath Kendre
Kendres Villa,Kendrewadi
Mahrashtra,India.

 

धन्यवाद मित्रानो !! Thanks  friends !!

Price manipulation OR Web parameter tampering

Price manipulation OR Web parameter tempering:

Mostly ecommerce web application has risk of price manipulation or web parameter tempering attack.

Defination:

The Web Parameter Tampering attack is based on the editing or modification of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, orders, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.

Example with URL tempering:

 Hackers in week day or on offer day edit price information products and orders bulk products using eCommerce application. Shopping carts will often pass on price data in HTTP headers or through cookies. For example, the header might say something like “www.mayecomapp.com\orders.aspx?price=200.50&orderid=nk138530&custname=nagnathkendre.” The first variable being passed along is the price.
With above URL attacker can easily change price value, lowering price value and pass order for payments, such kind of attacks is called as price manipulation or web parameter tempering.

Example with Hidden fields:

With following example in coding programmer used hidden field to store order total item cost data.
Now hacker can easily tamper with the value stored on his browser and change the total cost price and proceed to submit order for payment.
<input type="hidden" id="TotalitesmCost" name="TotalCost" value="5000.25">

Example with Form fields:

Asp.net or other web programming languages also support Form and form fields like combo, checkbox, listbox.When user selects these form fields data submit form, for hacker manipulating or editing these form fields value is easy task.

Example with cookies:

An attacker or hacker can steal the cookies and gain access to restricted area, and manipulate financial data.

Prevention:

1.  Always use SSL certificates (https) for all pages on finance based web application, use
HTTS to enforce all pages from http to https. More info..http://codechef4u.com/post/2015/06/10/HSTS
2.  Don’t trust user data, validate user input data.
3.   Use proper encryption for URL or Encode URL.
4.   Set ValidateRequest=true in asp.net web config.
5.     Don’t use persistent cookies for storing authentication tokens (session ids) and don’t select “Remember password” option in Logon screen in a public computer. 
6. We recommend to avoid using HiddenField,  if you are using ViewState or HiddenField Data encrypt it or encode it with best industry standards.