Happy weekend community I hope you had a great week full of success, in my first article I had talked about some tips that recommended to avoid the attack of ransomwares to windows 7 and windows 10, this time I will talk about attacks massive from ransomwares to banking entities and my contribution to prevent these attacks from spreading and stopping them at the moment they are presented. Once again a massive register of ransomware attacks has been made to banking entities similar to previous opportunities as it was with Interbank, BBVA and Scotiabank, the modus operandi of these attacks is usually recorded in the early hours of the morning which are hours of greater vulnerability, the hours covered for these attacks are usually disclosed between 12 am. and 3 am in these hours the cyber attackers or hackers are more active.
The modus operandi or the steps so that hackers can initiate the attack on banking entities is divided in the following way:
1 The Jigsaw removes the files periodically to increase the amount of a ransom increasing the pressure so that the affected bank entity is in need of recovering the information stolen as a matter of urgency.
2 The Kimcilware encrypts the web servers in order to leave the Web servers inactive.
3 The Keranger allows access to the device and after this is partially blocked.
4 The Cerber generates any type of threat to users who have been affected by the attack in order to generate collective chaos.
5 The Tox allows hackers to create the type of threat specific to each user or to a specific group of victim users.
Also, spam mails that arrive directly to the user are filtered for the purpose of making an invitation underneath where they make the person believe that the bank communicates with them or they need to verify the accounts by sending them a link to access the user, once that the user accesses the link the cyber attacker manages to access all their personal data and extract all their finances silently.
My contribution and the tips to prevent this kind of massive attacks from being stopped in time are the following:
Continuously update Windows, Linux, depending on the operating system that the security department manages and how it is structured, it is also recommended perform a test in OS, applications to verify vulnerable sectors.
Fragment the architecture of the network is always advisable to keep separately the network of ATMs and the network of the agencies even though both use Windowsreinforcing the protection of anti-malware in turn.
Reinforce anti-malwares system for windows traffic and constant monitoring of firewalls since the firewall usually becomes vulnerable to these attacks when it is not monitored continuously.
The blocking of unknown IPs and monitor them to know their origin since these attacks are usually also filtered to countries that are not related to any type of banking transactions.
When carrying out all these procedures, the vulnerability or the impact of 65% to 70% is reduced, which is an advantage always trying to reach 100%, which is the objective in terms of security.
A very important fact that I personally suggest is to make use of Symantec Endpoint Protection Manager since it had a great role in one of the cases that I had to attend here in my country in which a bank suffered massive ransomware attacks in the middle of last year. . I hope it helps them to combat this kind of dawns that today are more than latent.