Catching a Digital Thief
DETECTING YOUR THIEF - All computer devices connected to a network or internet must have an Internet Protocol Address or, IP address as it is known. 218.33.11.582 is an IP address format you may recognize. Each IP address is unique to the user’s device and their network connection point in use at that time. Some IP addresses never change and some change constantly. Data packets containing information travel to and from these IP addresses negotiating security barriers and software applications by computer coded rule set. Network data travel in “packets” or, blocks of data. These packets contain detailed information about the sender, its’ travel path across the network and, its’ executable data code. These packets are usually innocent, until they reveal themselves as thieves and frauds. Only You can detect your IP thief and you MUST implement the right tool sets in catching them. All computer data conform to coded rules. If one can look inside every data packet and its’ contents, in real time, unpacking and analyzing these packets, then, no thief or fraudster can enter a company network or device undetected and unmolested; including all IOT devices. By trapping, reading and analyzing every data packet, the AmerAsia Data Drill Intrusion Detection System automatically detects Bad Actor packets, executing alert actions/notifications when all priority 1 or 2 threats are detected. Without this Data Drill detection server system and agent software, any thief or fraudster invading your enterprise will remain undetected until it is too late for your company. Most victims are notified only by the damages caused. Not so with Data Drill by AmerAsia Company......................... STOPPING YOUR THIEF - A recent Data Drill case study demonstrates how Data Drills’ detection and prevention modes react to a priority 1 or 2 (Highest/High Risk) Theft or Fraud attacks in progress. The first stage was a penetration test by the bad cyber actor looking to identify a vulnerable system, IP port, to exploit. Most often this is done by performing a network scan. As a result of the network scan on our clients’ network, a malicious actor penetrated a vulnerable version of Samba running on their host computer, IP address 192.168.254.30, port 445 (a port and ip address managed by Data Drill). The cyber thieves exploited this Samba vulnerability using a tool common to cyber work, Metasploit, a type of scan/penetration tester software tool: There is a known vulnerability for Samba version 4.1.3 Metasploit and others exploit Samba by uploading a data packet (malicious code) into the Server operating system through Samba and thus, exploiting this vulnerability; commonly known as an “is_known_pipe”. Then, the thief selected the vulnerable target, with data (IP address, Port, etc) captured from their vulnerability scan of our clients’ network: The thief then must configure their payload to the client environment and, readied for attack. This takes time. The thiefs’ vulnerability scan results showed available target options: the thief chose option 3 for a Centos 7 server..................... DATA DRILL - Data Drill automatically identified the exploit at the root shell when the thief opened the target server: Data Drill Intrusion detection system, unmasked this thief from the beginning, vulnerability scan. Data Drill scanned all incoming scans, unpacked and analyzed the network file packets identifying this Level 1 threat, alerting the Company security officer by auto alert notification: The Data Drill IPS (Intrusion Prevention System) mode was enabled causing the IPS System Server into sending commands to any host system running the Data Drill agent. Data Drill will automatically block the source IP address for any Priority 1 or 2 threat (Highest, High Risk) attempting exploitation of the company network and servers! Data Drill provided the cyber eyes and ears detecting all malicious cyber attackers; the automatic coding shutting down malicious digital actions, automatically. Without Data Drill, a company only discovers a successful cyber invader by the damage caused.
AmerAsia Company - Beijing AmerAsia China IT Consulting – Data Drill – CaliCoin.io – AmerAsia Report – Reciprocity Project