Sea Turtle Campaign is Hijacking DNS and Harvesting Credentials in UAE

A new cyber threat campaign has been discovered by Cisco Talos which goes by the name Sea Turtle. This cyber threat is not only targeting public and private entities but also national security organizations in UAE and North Africa. The actors behind this campaign use DNS hijacking to achieve their objectives.

It has been discovered by cybersecurity experts that Sea Turtle, a malicious campaign, aims at hijacking DNS to steal credentials and other sensitive information.

What is DNS Hijacking?

It is a malicious attack wherein a query to a Domain Name server are redirected to a server owned by malicious agents, rather than the server the request was originally meant for. In many cases, actors hack websites and change the DNS addresses so that the visitors end up visiting a completely different online destination.

Let’s take a look:

According to cyber security experts, Sea Turtle has affected 40 different national security organizations in the Middle East and North Africa. The geographic locations of sea turtle victims show countries like Turkey, Armenia, Syria, Iraq, Jordan, UAE, Egypt, Libya, Lebanon, Cyprus, Albania as primary targets. On 24^th of January, 2019 The Department of Homeland Security issued an alert about this activity warning about the attackers’ intentions.

Who is most affected by this?

Sea Turtle most targets the third-party entities such as DNS registrars, telecommunication companies, and internet service providers in the US and Sweden. Their primary victims are usually national security organizations, ministries of foreign affairs, and energy organizations from the Middle East and North Africa.

By now you may be wondering how does the attacker work?

Let me explain:

1. The attacker gets initial access to the entity.

2. Next, the attacker moves through the network and gets access to the credentials.

3. The attacker exfiltrates material from the network.

4. Then through the compromised credentials, the attacker gets access to the DNS registry.

5. Later the attacker issues an UPDATE command to use the actor-controlled name server.

6. So, when the victim sends a DNS request to a target domain it receives a response from the actor- controlled server.

7. Next, the actor-controlled server sends a falsified record pointed by the MitM (Man- in -the -Middle) server.

8. The victim unknowingly enters his credentials in the MitM server.

9. Next, the attacker harvests the victim’s credentials from the MitM server.

10. And then the attacker passes the victims credentials to the legitimate server.

11. And finally, the attacker gains authentication that of as the victim.

The truth is:

That Sea Turtle campaigns have been operating over two years now and these cyber-attacks are continuing despite clear documentation of this methodology by cyber-security experts.
This clearly highlights the need for security focussed organizations to have a robust safety net which safeguards against the Sea Turtle like attacks.

Buzinessware the #1 Web Hosting Dubai, UAE is well equipped to tackle such threats and provide security to its customers data from such attackers. To learn more about our cybersecurity plans CONTACT US NOW!

This is how Buzinessware protects you from Sea Turtle!

A mobile – friendly website plays a pivotal role in a mobile web world. We spend almost 3 hours a day on our mobile devices. Top websites are optimized for smartphone users for a mobile friendly web experience.

Believe it or not:

Google has made it clear that it will only cater to mobile users’ mobile- friendly web pages. Most of us prefer to browse the internet on our mobile phone rather than a desktop. So, optimizing your website content for smartphone users is a must even though it might cost you some additional labor and cost.

Now: Let us guide you step- by- step on how to can make your website mobile- friendly.

#1 Responsive Website Design

A responsive design is also known as mobile- friendly design. To build a responsive website you will need the help of a professional or look for a website builder with mobile-friendly templates. Responsive website design takes care of screen size. The screen size will adjust the content to match the screen size.

#2 Easily Accessible Menus

One needs to keep in mind that mobile screens are smaller than desktop screens. Therefore, you must take great care to make them mobile- friendly while designing your menus. On a desktop, the menus usually have a lot of options. But the same cannot be the case with a mobile-friendly website as the mobile screens are small. Try to keep the menu design simple and concise for better mobile user experience.

#3 Avoid Flash

The major disadvantage of flash is that it slows down a page’s load time. Due to this, a user might refuse to work on a device. Android and iOS devices don’t support flash.

Note: If you build your website using flash animation, then your users won’t be able to access your website. So, it would be wise to replace flash with some other web design that will work without it.

#4 Include a Viewport Meta Tag

Viewport is a browser rendering engine determines how a content is scaled and sized on a mobile screen. Hence, it is an important code without which your site will not work on a mobile device. The viewport meta tag informs your browser to fit the width of your page on your mobile screen. You can also specify various configurations for the viewport to control.

#5 Usage of Large Fonts

Reading on a mobile screen is so much harder if the font is tiny. So, to avoid constraint on your eyes it would be best to use a mobile-friendly font size of 14px. This will help the users to waste no time zooming and reading the content on the screen directly. You may use a smaller font for labels or forms. So, sticking to standard fonts is the best option. Also, avoid using large blocks of text. Large blocks of text are difficult to read and are overwhelming.

#6 Compressed Images and CSS

Many users leave a webpage due to its slow loading time. This is that one thing which we don’t want to happen to us. So, to avoid this you need to use compressed high-resolution images and CSS. This is a good feature for a mobile-friendly website. Try to compress anything which might take up a lot of space. Also, ensure fast loading of the website without compromising the quality.

#7 Perform Mobile Testing

Make sure to repeatedly test your website on your mobile. Spend time browsing your website on your mobile to check if there is content visibility. Try testing your website several times on Android, iPhone, Windows phone, and on a tablet. By doing this you will have a better idea of your website and can easily incorporate changes to make it mobile-friendly.

In a nutshell:

To make a website mobile-friendly you need to keep in mind the above-mentioned steps. Always remember that a responsive website needs to be user-friendly keeping in mind a good quality mobile web experience.

At Buzinessware we make mobile web experience quality oriented and easily accessible from different devices. Faster loading time and readable content are one of the many mobile- friendly features we provide our customers’.

General