There is no doubt that this COVID-19 pandemic has changed the daily life of humanity, not only while the pandemic lasts, but forever. Many companies are seeking to implement teleworking as a permanent method for their employees.
This fact is increasing the time we stay connected, as observed in the connectivity statistics from the months of confinement and beyond, opening multiple possibilities for users and employers who need to use technology for such everyday things as food shopping. However, this is also a great opportunity for cybercriminals to carry out scam-based attacks, that we have discussed in previous articles and that Microsoft has reported as very serious on its security blog.
In many articles we have been told about the consequences of these risks materializing, but in many cases we do not know which tools we should set up or how to mitigate them. In this article we will see what free tools we can use and what they protect us from.
Attacks While Surfing the Internet
When using the browser, we are exposed to many different threats. When you make a typing mistake or receive a DNS attack you may end up on fraudulent websites. When you are at home, without a business protection system, it is very difficult to detect them.
To avoid this, it is necessary to set up a system that controls DNS (Domain Name System) spoofing attacks. By doing so, the URL requested in the browser is manipulated to avoid fraudulent sites due to a scanning error or by following a malicious link.
In Firefox, all you have to do is install our EasyDoH extension, recently updated to simplify the configuration of the DNS server that the user wants to use. With a simple configuration in the extension, we can see in the following image how it protects from malicious sites:
The second threat is when some malicious executable on the website runs a process without “touching the disk”. This means that, without us downloading or directly executing anything, they perform actions from the browser’s memory. This is a very critical threat, because when it does not reach the disk protection systems such as AntiVirus or EndPoint Response cannot detect the threat.
For this we have recently developed an extension that, like the previous one, just needs to be installed for the browser to start controlling this threat. This extension is called AMSIext and is available for Chrome and Firefox. Once installed, it connects the browser to the system called AMSI, which allows to validate the programs to be executed in memory before their execution.
File-Based Attacks
There is no doubt that file-based scams are one of the techniques most widely used by cybercriminals and have increased significantly in recent times. Criminals use two mechanisms that, although they seem simple, are very effective in bypassing some of our PC’s controls.
- The first technique we are going to focus on is the change of file extensions. Windows trusts file extensions too much and, for example, if the extension is .docx, it opens the file with MS Word regardless of the content. To avoid this risk, we have developed a program to validate that the extension matches the Magic Numbers (forensic technique for full file identification).
This program called MEC only needs to be installed on your computer and, automatically, every time the user tries to open a file, the system compares the Magic Numbers with the extension. If they do not match, the program shows the user that the file cannot be opened with the program that the extension suggests. - The second file-based threat that has increased exponentially in recent months is malware hidden within Macros and JavaScript in MS Word, MS Excel and PDF documents. This time, if the user opens the files and grants execution permissions, it is actually opening the door for cybercriminals to execute actions or connect to the machine.
To combat this type of threat we have developed DIARIO, a free tool for users to check all documents they receive by email or download from the Internet before opening them, and thus validate whether or not they contain malicious macros. To protect users’ privacy, DIARIO’s artificial intelligence only uses the macro for analysis, protecting the sensitive information that the file may contain.
The tool can be used directly on the website or you can download the installer depending on your machine’s operating system. The suspicious file is uploaded and then the tool provides information about whether or not it has any executable processes and whether or not they are malicious, as it can be seen in the image below:
As we can see, we have several free and simple tools to significantly increase our security levels, closing the door to the most common attacks currently being executed. Nowadays, we are all searching for information, so cybercriminals take advantage of the circumstances to make a profit and attack us. This is why it is necessary to be more protected than ever.
