Bangaly Koita

Bangaly Koita is a SOC Analyst and  Cyber Security researcher . As a passionate in cyber security,  he spends most of the time  writing articles and making videos online to share his knowledge and experience to the vast community of IT but in general Cyber Security. Feel free to contact me in case.
protect

How to protect your data?

 

The confidential data are any types of data if leaked could cause several damages to any company such as data lost, loss of reputation or a person.

Data are categorized in the following ways:

PII (Personal identifiable Information) – Consist of data such as Username and password, date of birthday, social security number, credit card number and others.

PHI (Personal Health Information) – Consist of data such as data related to human health (medical record).

Sensitive or confidential Information – Consist of data related managed by private institution, public institution, military institution or army or data that belong to a person such as personal data that could be used to blackmail someone (Pictures, message, voice call, video and others).

Financial Data - Consist of data managed by financial institution such as Banks, any institution storing financial information (Organization, Insurance companies and others)

The data are protected by regulations or standards based on the countries where the data reside such as the African Union’s Convention on Cyber Security and Personal Data Protection, GDRP, The Gramm-Leach-Bliley, HIPAA, PCI DSS and others.

 

Below, you can get some tips about how to protect your data:

Don't share confidential data sensitive data via public file transfer and storage.

Don’t put data such as password, key, source code on public GitHub or other code repositories.

Use 2FA.

Use encryption while sharing confidential data

Don't put any confidential data over social media

Don't upload file on virus total or others similar sources unless you are sure that it does not contain any confidential data

Use the hash to check the file reputation on VT

Monitor confidential data leaked on dark web or data leaked issue from source such as Havebeepwned

Monitor your key word on different social media

Perform a vulnerability assessment and patching

Perform a threat hunting to detect any threat that can be exploited

 

1

Les hackers sont entrain de voler le mot de passe des utilisateurs lors du process du 28 Septembre 2009 en Guinee

Le monde braque sur le process du 28 Septembre 2009 en Guinee, les hackers le sont aussi.

Notre equipe a pu detecter des utilisateurs malvaillants sur des chaines Youtube   des televisions Guineenes  telles que  Djoma TV, Espace FM, FIM FM qui sont devenues des vecteurs dattaques pour les hackers.

Des liens ou domains malvaillants sont distribues sur ces chaines pour attirer lattention des utilisateurs en vue d’y cliquer .

Exemple 1

Sur la chaine Youtube de Djoma Media, des liens malvaillants partages aux utlisateurs pour voler leur mot de passe.

Sur la photo au dessus, le domain GIRLS18[.]XZY (NE PAS CLIQUER SUR LE LIEN) apres examination par notre equipe de  Cyber Threat Intelligence.

Les resultast suivants ont ete obtenus:

Le domain  a ete cree il ya 8 jours heberge sur GO DADDY.

Apres soumission du domain, VirusTotal na pas detecte le domain comme malvaillant.

Le meme domain sur URLSCAN.IO nous redirige vers un notre domain que nous pouvons apercevoir sur l’image .

Apres une analyse faite sur ce domain, nous avions obtenu plus d’information sur les techniques utilisees par les attaqueurs .

Nous pouvons voir maintenant que ce domain a ete classifie par des anti-virus comme Fortinet, Sophos et dautres  comme Phishing .

URLSCAN montre le meme resultat.

Le domain a ete classifie comme malvaillant.

 

Exemple 2 

Le second exemple  vient de la chaine Youtube de la chaine TV Espace FM.

Comme vous le voyez,  le lien  mavaillant girls69[.]xyz  (ne pas cliquer sur le lien) a ete partage (Jespere que les utilisateurs nont pas clique 😊).

 

Les meme techniques et meme indicators ont ete trouves.

Le domain a ete cree il ya 6 jours.

Virustotal  resultat  RAS

Notre grand ami URLSCAN nous revele que le domain est redirige vers le meme domain que le cas precedant.

Le Meme domain produit le meme resultat.

Nous voyons que les meme bandits causent les meme effets 😊.

A ce effet nous pouvons conclure que les auteurs ont pour objectif de voler les information personels des utilisateurs et sy possible aussi installer un fichier malvaillant pour dautres objectifs.

Soyez virgillants mes chers auditeurs.

 

Recommendations:

Ne jamais cliquer sur un lien que vous ne connaissez pas.

Verifiez le lien sur Virustotal comme on vous a montre dans nos exemples.

Utilisez 2FA sur vos comptes Youtube, Facebook, Instagram et autres.

Ne jamais utilizer les meme mots de passes sur different comptes.

Ne jamais partager vos information personnelles le mot de passe, email addresse, date de naissance publiquement.

 

Protect your brand

How to find different domains mimicking your brand?

Nowadays, the threat actors are using different technics to steal users PII (personal identifiable information).

One of the easiest ways of doing that is to create a fake web page that looks like a well-known webpage such as Facebook, Twitter, YouTube, Instagram, LinkedIn, Netflix and others services (Banks, gaming platforms etc.)

Let’s give some example:

URLscan URL and website scanner - urlscan.io

Is a well-known URL and website scanner used by most of security professional

The examples below, will teach us about how to find the website mimicking our brands.

1 – Netflix brand mimicking by threat actors to steal users credentials

The first to do is to connect to type the domain “netflix.com”  - www.netflix.com - urlscan.io

Next, go to “HTPPtransaction”, click on the “image” button

Now, you need to expand the image view and  click on “Show image”

Once clicked, you will see the image

As we can see the image now, if you want to find other webpages with the same image, follow the next steps.

Click right on the “Hash” Of the image and “choose open on the new tab “

You will get the following page

Scroll down the page, you will find some domains different from the one we submitted which is the legitimate one

Open in the new tab the domain that are different from the legitimate one (Netflix.com)

Now as you can see, we found some domains malicious domains mimicking Netflix.com.

You can use the same technic for your brand or organization.

Recommendation

Check the URL or the domain before connecting to a domain

Use 2FA for your login

Use different password for different account

Use a platform like Virus Total to check the domain if you are not sure before connection