Sunday, January 31, 2016

Issue 49 - Week of Jan 25th


1.       Wendy's investigates possible data breach: Wendy's is an American international fast food restaurant chain, like McDonald and Burger King. Last week, Wendy's confirmed in a statement that they have launched a comprehensive investigation - after learning of reports that fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some of its restaurants. Target data breach -probably tops the PoS hacks; P.F. Chang's and Dairy Queen are other recent victims in the food business. EMV cards (Chip and PIN Credit card), contact-less credit cards with NFC (Near Field Communication) and RFID technology which do not require swiping of card  - lower the chances of data leakage.

2.       Another Angler exploit kit victim: Last issue we discussed Officeholiday[.]com, on similar lines - a famous European transport company's website was hacked and visitors were silently redirected to Angler EK, which then exploited the latest known vulnerabilities in Adobe Flash Player to downloaded and execute CryptoWall 4.0 ransomware. Angler EK continues to be one of the biggest threats, it tends to exploit newest vulnerabilities in Adobe Flash Player and uses high profile websites. It is important to keep up to date with software updates, especially for Adobe Flash Player which is often the weapon of choice for malware actors when it comes to finding vulnerabilities.

3.       Bumper week for Ransomware: Apart from the above transport company, other big victims of Ransomware last week were - Israeli Electric Authority & Lincolnshire County Council (in UK). It also surfaced that hackers are now using fake salesforce notifications to LURE users to click links or download malicious attachments leading to ransomware. Android ransomware - Lockdroid was in news, New ransomware detected called 7ev3n, which demands 13 bitcoins which is a deviation from the usual demand of 1 bitcoin.

4.       Hackers launch cyberattack against cPanel systems: cPanel, is a Texas based company that offers Web hosting platform management tool and is used by millions. Last week, the company said in a statement that one of the cPanel customer databases "may" have been breached. cPanel was able to "interrupt" the breach, and so it is not known whether customer data was exposed. The database included names, contact information and passwords. However, luckily for users, the passwords were encrypted and salted, which makes it difficult for cyberattackers to crack and elicit this account data. All users of this service are advised to change their passwords.

5.       Critical Open SSL bug patched: OpenSSL is an open-source library that is the most widely used in applications and Websites for secure data transfers using SSL or TLS encryption. However, after serious security vulnerabilities were discovered in OpenSSL over the last few years, the crypto library has been under much investigation by security researchers. The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS & TLS based communications. The latest bugs affect OpenSSL versions 1.0.1 and 1.0.2, which has been patched in new releases of OpenSSL, versions 1.0.1r and 1.0.2f.

6.       Lenovo used third 'worst password' in file-sharing backdoor flaw: Recall the image that we used in Issue 48, '12345678' is the third worst password and Lenovo has hardcoded that to its  file sharing software SHAREit that could be exploited by anyone who can guess this password. Researchers have disclosed four vulnerabilities in Lenovo ShareIT, the worst of which is – ‘Lenovo ShareIt for Windows’, which when configured to receive files, a Wi-Fi HotSpot is set with the hardcoded password, any system with a Wi-Fi Network card could connect to that Hotspot by using '12345678' as password. The vulnerabilities were discovered and privately disclosed to Lenovo in Oct’15 and have been patched last week.

7.       Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk: If you are using Magento to run your e-commerce website, it's time for you to update it now. Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento. Virtually all versions of Magento Community and Enterprise Edition, are vulnerable to the Stored Cross-Site Scripting (XSS) flaws. The flaws are awful as they allow attackers to take over the site, Escalate user privileges, Siphon customers’ data and Steal credit card information. However, the good news is that the vulnerabilities are patched, and an update has been made available to the public after a security firm discovered and privately reported the vulnerability to the company.

8.       Dridex Trojan targets UK banks, avoids two factor authentication checks: The latest version of Dridex was first detected this month, it is believed to be responsible for stealing up to £20 million from UK accounts. Dridex spreads through email phishing campaigns and includes features such as the ability to spy on victim PCs, with the overall aim of stealing credentials which can be used to access bank accounts and cash reserves. When the victim tries to access any banks, the Trojan will redirect the user to a fake replica and harvest credentials including the 2FA codes.

9.       FinFisher spyware linked to Indonesian government found in Sydney: This spyware is capable of remotely controlling any computer it infects, copy files, intercept Skype calls, and log keystrokes. The sophisticated spyware suite is usually sold to government agencies. Last week, an instance of this belonging to the Indonesian government was found in Australian Datacenter. That would mean -Information from users infected by an Indonesian department was going through Australia. In 2013, the Australian government was accused of spying on Indonesia thanks to the documents leaked by Edward Snowden. Now, it looks like the Indonesians are taking revenge from the kangaroos.


10.   If your SIM stops working, check your bank account: A tech entrepreneur in Bangalore has joined the long list of victims of phishing. Criminals procured a duplicate SIM card of the victim and siphoned off ₹ 45 lakh (≈$70k) between January 13 and January 18. A few days after his mobile phone stopped functioning, he went to the Reliance store to enquire about the reason. He was informed about the issue of a duplicate SIM card. Criminals procured a duplicate SIM card from a Reliance store at Jayanagar by producing a copy of his Aadhaar card. This new SIM card was used to siphon the money.  Service providers should be more careful in issuing duplicate SIMs, maybe they should call the number once or have some other sensible checks.

Sunday, January 24, 2016

Issue 48 - Week of Jan 18th

1.       Cyber-scammers steal $54 million from Austrian Airplane manufacturer: Last week, FACC announced that its finance department had become a victim to cyber-crime executed from outside of the company in which it roughly lost $54 million. According to experts, the incident is a classic CEO Fraud incident, also known as Business Email Compromise (BEC), in which, attackers send emails to company employees or CEOs, posing as other employees or partners, asking for urgent money transfers. If staff members don't double-check big money transfers via telephone calls, fraudsters can trick employees into sending large amounts of cash to accounts under their control.

2.       Linux malware: Malware researchers have identified a new Trojan (Linux.BackDoor.Xunpes.1) for Linux devices  that takes screenshots and logs keystrokes. The malware runs a package creating a backdoor that establishes an encrypted connection to a remote server that executes several commands, including ones for taking screenshots and logging keystrokes, and then re-transmits the resulting data. Last week another Linux malware was also detected (Linux.Ekoms.1). This takes screenshots every 30 seconds and sends them to a remote server. Nov’15 - thousands of sites infected with Linux encryption ransomware were detected.

3.       Public Holidays Website Leads to RIG EK & Drive-by Download of Qakbot Malware: Researchers have found evidence that a famous 'public holiday' website called Officeholiday[.]com was hacked last week and visitors to this site were silently redirected to an exploit kit called RIG. This kit attempts to find and exploit vulnerabilities in Adobe Flash Player on the system in order to download the Qakbot malware. Qakbot is capable of stealing passwords, certificates, cookies & browser traffic. The malware was also in news last week after it downed Melbourne Health's systems.

4.       Angler exploit kit & CryptoWall 4.0 ransomware update: We discussed this combo in issue 41, since then, Angler has become one of the largest exploit kit found in the market and has been making news for its ransomware campaigns. It is estimated that Angler now infects 90,000 victims a day and generates more than $60M annually. Several servers running these campaigns have been identified and details published, it is believed that this will dent Angler income by 50%.

5.       TeslaCrypt 2.0 cracked, victims need not pay ransom: The flaw leveraged by researchers to crack the ransomware - is not in the encryption algorithm itself, but rather how encryption keys are stashed on a victim's PC. Given today computing capabilities, researchers were able to build tools that could retrieve the keys and decrypt the machines without having to pay any ransom. Unfortunately, the latest 3.0 version of the malware has patched the design flaw.

6.       Kovter Actors Now Turning Machines Into Zombies: Kovter is one of the oldest malware strains around, one that has adapted to fit various needs and niches, and survived mainly as a click-fraud toolkit, ideal for making a quick buck out of online ads. The malware is distributed using malicious emails with ZIP attachments and subject lines like ‘Notice to Appear in Court’ or 'You have received a new fax'. When opened, these ZIP files automatically execute a JavaScript file which connects to a Web server and downloads the Kovter malware, which could then either - run a proxy or a bot on the machine to create ad impressions that are seen by no one but often get charged to marketers as a viewed promotion. It is estimated that bots will inflict $7.2 billion in damages to digital advertisers in the coming year.

7.       Ad blockers - Google reveals it now has over 1,000 staff just fighting bad ads: Google says last year it eliminated 780 million "plain bad" ads carrying malware, promoting fake goods or leading to phishing sites. Malvertising has become a popular mechanism for distributing malware, it harms internet users and threatens the multi-billion dollar ad industry. Google developed a similar humans and machine strategy for combating bad apps on Google Play, last year hiring its first human reviewers to help identify apps that violate its store policies.

8.       AMX fixes backdoor vulnerability 10 months on: AMX, owned by HARMAN International, is a manufacturer of video switching and control devices. Way back in March last year it was discovered that an administrative account with hardcoded credentials was added to an internal user database that can be used to access SSH and its web interface. This "Black Widow" account was deliberately hidden and had additional features like- ‘packet capture’ on the network interface which not even an administrator account could perform. The company claims they have released firmware updates for the affected products, while denying the account was deliberately hidden. AMX's client portfolio includes The White House, Fortune 100 companies and various other departments. Juniper and Fortinet have had similar issues.

9.       'Asacub' Trojan converted to mobile banking weapon: This Trojan has been around since last June and was originally used for stealing browser histories, contact lists, and other data from infected mobiles- including incoming SMS messages. Last week it was found that the new versions of the Trojan contained phishing screens with the logos of major European banks - designed to steal credentials. It also had additional capabilities like tracking and sending current location data, and taking a snapshot using the device camera. Other Mobile malware discovered recently include - Bankosy, Faketoken (Steals OTP) & SlemBunk, Marcher (steals credentials using rigged lookalike apps).

Phishing attack could steal LastPass password manager details: LastPass stores user’s passwords in the cloud in an encrypted protected vault. A security researcher has released a tool (calling it LostPass) that can steal the login details and two-factor authentication key. The attack relies on a user visiting a malicious website, it will detect if the browser is using LastPass, mimic a LastPass notification, remotely log-out the user and request the password and two-factor authentication key. The hacker would then be able to gain full access to every password stored in a LastPass user’s vault. The company has responded and a primary change was made - LastPass now requires all users to perform the email verification step, which  will significantly mitigate a LostPass-type attack.

Tuesday, January 19, 2016

Issue 47 - Week of Jan 11th


1.       Hyatt Hack: In Issue 45, we spoke about Hyatt hack. More details emerged last week. According to Hyatt, 318 hotels out of 627 in the firm's portfolio were infected last year. Hyatt has published the list of properties that were compromised across 54 countries - China, India and the United States are at the top of the list for malware-ridden hotel systems, with 22, 20 and 99 infected sites respectively.  The malware stole financial data including cardholder names, card numbers, expiration dates as they passed through Hyatt's infected payment processing systems. Hyatt Regency Lost Pines, also figures in the list and had suffered infection from Aug to Dec 2015.

2.       US intelligence chief's personal email, phone hacked: The hacker that targeted a CIA director last year is back to claim another senior government scalp: the Director of National Intelligence. Hackers claim to have broken into a series of accounts associated with Director, including his personal email account. The FBI warned last year that US police and officials were targets of hacktivist groups, and should in particular "be aware of their online presence and exposure."

3.       Suspected members of Bitcoin extortion group DD4BC arrested: DD4BC -- otherwise known as Distributed denial-of-service for Bitcoin -- is a group dedicated to extorting virtual currency from companies. Emerging in the middle of 2014, DD4BC used the threat of DDoS attacks and held companies to ransom unless they agreed to pay a fee in Bitcoin. For organizations such as banks, financial institutions and even gambling websites, network downtime is equated with an immediate loss of revenue, which can lead them to give in to demands. European law enforcement has arrested and detained two alleged members of a hacking group.

4.       Windows users face a dangerous world with end of support for older Internet Explorer versions: Microsoft ends support of Windows 7, 8 and IE 8,9,10. The tens of millions of IE users, will be at risk almost immediately, considering nearly every month IE remains one of the most likely target of hackers and attackers. IE 11 would be the last version of the aging browser, which first debuted in 1995. The browser has long been known for its security flaws and issues, which have bogged both Microsoft and its users down for years. When Windows 10 was released, the company began pushing its new Edge browser more aggressively as an alternative. The browser was heralded as being safer than its predecessor as it prevents adware and toolbars from hijacking dynamic link libraries.

5.       Serious security flaw in OpenSSH puts private keys at risk: A major vulnerability has been found and fixed in OpenSSH, an open-source remote connectivity tool using the Secure Shell protocol. The flaw was the result of an "experimental" feature that allows users to resume connections. The malicious server can trick an affected client to leak client memory, including a client's private user keys. The software is used on many commercial routers and firewalls, some versions of Ubuntu & Red Hat  operating system are affected by the flaw. Developers and admins are advised to regenerate and rotate keys, the Bottom line is - Patch now, and patch fast.

6.       Simple eBay security flaw exposed millions of users to spear phishing campaigns: EBay has patched a severe XSS security vulnerability which exposed potentially millions of users to phishing campaigns and subsequent data theft. Despite being informed of the bug privately, the online auction trading site allegedly left a critical XSS flaw open to abuse on the ebay.com domain, and only rallied to fix the issue after the media caught wind of the flaw. The Cross-Site Scripting (XSS) vulnerability, implemented through Java, allowed an attacker to inject their own malicious page within eBay via an iframe.

7.       Brazilian cyber-crime flourishes, catching up to Russian, Chinese groups: For years Brazilian operators used to be customers of Russian hackers but now they have started using their own homegrown tools. In terms of technical expertise - they seem to have caught up and they are now placed just behind Russia and China. Like the Russians, they focus on financial institutions but unlike the Russians or Chinese they do not have a relationship with their govt. While the basic skills in each country are the same, there are regional differences - Japan's hackers are focused on forging documents, Germany's underground is strong in encryption, the U.S. underground focuses on illicit goods, and while Russia and China are known for their espionage attacks against U.S. systems and focus on financial crimes and the creation of criminal tools.

8.       Juniper Networks moves to replace vulnerable code: At the end of 2015, Juniper Networks publicly disclosed that it had found previously unknown backdoor code on some of its firewalls. Juniper patched the issues and is now going a step further by replacing a core cryptography component in its ScreenOS operating system to further reduce any potential risk. Last week, a security researcher discovered a highly suspicious code in Fortinet's FortiOS. A SSH backdoor with a hardcoded password (now leaked) that can be used to access the firewall. A fact to be noted is anyone using this backdoor account doesn't appear in the device's access logs, as the backdoor might be tied to its FortiManager maintenance platform.

9.       Hack WiFi password from smart doorbells: The buzz around Internet of Things (IoT) is rapidly growing. Another household device to join the IoT world is a Smart Doorbell. With these Internet-connected Smart Doorbells, one can get an alert on the smartphone app every time a visitor presses the doorbell and also view who's in front of the door. Security researchers have discovered a critical security hole in  Wi-Fi-enabled video doorbell that could be used to expose the home network password. Hackers can access a button behind the doorbell to slip the device in setup mode and access the password in the config file using their mobile's wifi.


10.   Indian Banks & Big industry targeted in Ransomware racket demanding Bitcoin: Three banks and a pharmaceutical company in India have been revealed as targets of a ransomware that saw a ransom demand in bitcoin. In what is now the first known instance of an online extortionist demanding ransom in bitcoins from Indian targets, the Economic Times has revealed that hackers disrupted operations by crippling computers at three banks and a pharma company. In all four cases, the hackers are said to have used the Lechiffre ransomware. Having encrypted all files, the hackers demanded one bitcoin each (about Rs 30,000 at current prices) per computer for a total running into millions of dollars.

Sunday, January 10, 2016

Issue 46 - Week of Jan 4th

1.       Time Warner Cable says 320,000 customers may have been breached: The company said there are ‘no indications’ its systems were breached, but pointed the finger at third-party firms that may have stored customer information. The company also said that email addresses and passwords may have been taken in the breach. Affected customers have been notified by email and direct mail. The company did not say if the breach was connected to a similar attack against Comcast, which led to 200,000 accounts being reset in November.

2.       Fake Tech Support scams evolve to include support, purchase history: The fake tech support scam is more than a decade old but it has now become more vicious, with  scammers having access to purchase history of the victims and other records that make them look authentic. There have been several cases reported wherein people have been getting calls from fake DELL tech support or R&D department and these scammers are able to share details that, it would seem, only Dell or perhaps its contractors would know. Once they gain trust, they remotely install malware and in some cases they have installed ransomware and tried to extract a lot of money.

3.       Former director of Basketball team (St. Louis Cardinals), pleads guilty to Cyber-Espionage charges: When an employee with the basketball team (Cardinals) quit to join a competing team (Houston Astros), he had to hand over his official laptop and password. Using a variation of this password the director accessed the employee's Astros email account and other details. He was charged with five counts of unauthorized access of a protected computer. Each conviction carries a maximum possible sentence of five years in federal prison and a possible $250,000 fine. Sentencing is set for April 11.

4.       New technique permits Trojan to be delivered via a .JPG file: Last week researchers noticed a Spam email that contained a Macro file which downloaded a Kangaroo image from C&C site. The image had the Ursnif malware appended to it, which is known to steal credentials and banking information. Hackers are always looking for new ways to fool victims and trick researchers and investigators. Their motivation is your money and they will use any means necessary to obtain user credentials and banking information. It is important to be aware of suspicious e-mails that you receive and to never open anything that you are unsure about.

5.       BBC, Trump web attacks "just the start," says hacktivist group: 'New World Hacking' has claimed responsibility for downing BBC and Trump's campaign website last week using DDoS attacks. One of the members of the group, told that the attacks were a "test of power" and server strength and their main target was ISIS. The hacktivist said the group is compiling a list of Islamic State-related targets and plans to release the list this week. Prior to these attacks, the group was involved in a number of activities, including unmasking members of the Ku Klux Klan. The group also said it was involved in the hacking of a major US retailer.

6.       Japanese Banks Targeted With New Rovnix Trojan: Researchers have begun to detect Rovnix attacks in Japan as well, hitherto a European malware. The hack begins with an email message containing the Rovnix downloader as an attachment. Recipients who click on the attachment -typically disguised as a package delivery waybill from an international transport company -end up downloading the malware. It uses a Web injection mechanism that is capable of perfectly imitating a targeted bank’s Web pages. Later, when the victim goes to a bank online - the malware will serve a page that looks and feels exactly like the bank’s actual site and steal credentials. In some cases it tries to get victims to download a malicious Android app on their smartphone so it can intercept authorization codes send via SMS by the bank.

7.       Apple, Google, Microsoft attack UK government hacking plans: Few provisions in the draft Investigatory Powers Bill would allow the intelligence and security services, police and the armed forces to hack into devices to obtain data, such as communications, when they have a warrant to do so. While the Govt. argues that these are required to intercept encrypted communications of Criminals, the tech companies have warned that the plan would be in the wrong direction which will set a dangerous precedent that would be followed by other countries and will damage trust in their services.

8.       Cloud host Linode resets user passwords after suspected hack: The company said that it found two Linode user credentials on an 'external machine', implying that usernames and passwords could have been read from its database, either offline or online. This statement came last week, after a massive distributed denial-of-service (DDoS) attack was launched  against its systems - by a 'bad actor' who purchased a large amount of botnet capacity in an attempt to significantly damage company’s business. In 2012, the accounts of eight Linode customers that held bitcoin electronic currency were compromised and roughly 40,000 bitcoins were stolen. In 2013, Linode’s web servers were accessed and the company had reset all account passwords.

9.       Social media survey results: 9% of users weren't aware that people outside their friends list could be seeing their posts on Facebook, leaving them vulnerable to identity theft and other security related concerns. This has nothing to do with Facebook or its security, but merely the ignorance of the users. There are several privacy related options on Facebook that allows users to hide their posts from those who aren't on their friends list. If you were one among the 9% mentioned above, make sure you make the changes accordingly. It is also advised to be cautious about whom you befriend and trust on in social media and never click on a link that you are not expecting.


10.   Indian hackers attack Pakistani websites as a tribute to Lt Col Niranjan Kumar: As a tribute to Pathankot terror attack martyr, National Security Guard (NSG) officer Lieutenant Colonel Niranjan Kumar, a group of Indian hackers have attacked a host of Pakistani websites last week. The Indian Black Hats hacker group has attacked more than six websites, and it is being dedicated to the officer's two-year-old daughter. However, the hackers haven't deleted the contents of the websites as it is not a cyber-war and their intention is only to give Pakistan a warning. The group had defaced Pakistani websites during seventh anniversary of 26/11 Mumbai attacks.


Sunday, January 3, 2016

Issue 45 - Week of Dec 28th

1.       In TalkTalk aftermath: After Target, Home Depot, JPMC were breached their stocks showed no noticeable impact, but when UK telecom giant TalkTalk joined the breach victim club in Oct'15, its stock took a jaw-dropping beating, and it hasn't recovered. A lot of people are wondering "why"? Was something different about talk Talk’s break-in, or are we now entering the era where cyber-attacks can damage more than a company's reputation. In the past there have been few examples like Heartland Payment Systems & Global Payment Systems, whose stock value eroded post cyber-attacks but in general, Shareholders don't have good metrics, tools, and approaches to measure the impact of cyber-attacks on businesses and hence it does not translate into a dollar value erosion.

2.       191 Million US Voters' Personal Info Exposed by Misconfigured Database: The database includes voters' full names, their home addresses, unique voter IDs, date of births and phone numbers. The database was discovered by a white hat hacker, fortunately, the database doesn't contain Social Security Numbers, driver license numbers, or any financial data, but it's still a massive amount of data when it comes to protecting users privacy and security. The crazy part of the data breach is no one is taking responsibility for the exposed database.

3.       Steam confirms DoS revealed user details: Gaming platform Steam has confirmed that a denial-of-service (DoS) attack took place on Christmas Day, has caused around 34,000 users to have their sensitive personal information returned and possibly seen by other users. The company is working on identifying affected users. Earlier in Dec'15, it was admitted that up to 77,000 accounts each month are hijacked on Steam, with users having their digital items stolen and sold, resulting in the company implementing increased security such as implementing two-factor authentication, Mobile Authenticator, self-locking features, and user notifications of any risk.

4.       BBC says website knocked down due to apparent DDoS attack: Service was out for more than three hours last week. Users received an error message and the broadcaster said on Twitter the outage was due to technical problems. BBC later apologized for the outage. A news story posted on the website said it had been due to a "distributed denial of service" attack in which a website is swamped with more traffic than it can handle. This is a relatively common way to target a website and temporarily make it inaccessible.

5.       Hyatt Hotels Reports Data Breach: Hyatt Hotels has announced a data breach affecting its customers' financial data, which at a later investigation proved to originate from a malware infection on its PoS systems. Hotel representatives did not specify what brands were affected, what hotel properties, and what kind of data was stolen. It is yet unknown if the malware infection was found on the hotels' own reservation system PoS, or on the payment processing system used by gift shops and restaurants located on the hotels' premises. In the past, data breaches have been reported by the Trump Hotel Collection, Starwood Hotels, and Hilton Hotels.

6.       Convenience meets continuing complexities: The Internet Of Things will help (and hurt) us all. The websites, apps and electronic devices that comprise the Internet of Things (IoT), make navigating personal and business tasks more convenient than ever, but their popularity also means a wider attack surface, expanse of data and range of vulnerabilities for threat actors to exploit. Industries, such as healthcare and manufacturing , that utilize a large number of connected devices and networked systems in the course of their everyday business are likely to face a wider range of security vulnerabilities and threats.

7.       Microsoft has pledged to inform users if their online communications (Outlook.com email and OneDrive) are being targeted and monitored by government entities: MS is the latest to follow the foot-steps of Facebook, Twitter, Google and more recently Yahoo to warn its users of state attacks. Experts’ advice the additional ways to keep personal data and accounts safe, is by not opening suspicious emails and clicking on links or downloading attachments. The links in the fraudulent emails will REDIRECT the users to malicious websites and attachments will deliver malware payloads, both of these can steal user credentials as well as compromise their systems.

8.       Tor Project launches bug bounty program: Anonymizing network Tor has secured the help of sponsors to launch a bug bounty network designed to stamp out vulnerabilities which may risk user privacy. The Tor Project is a non-profit organization which operates the Onion network, a relay-and-node system designed to make user tracking online very difficult. However no system is completely full-proof and there have been reports of Tor users being identified. There are several Govt. and people that are interested cracking Tor, for eg: A Cybersecurity firm offers up to $30,000 for previously unreported zero-day vulnerabilities impacting the Tor network.

9.       Indian Financial services continue to face high number of cyber threats: The scale and size of cyber-attacks on BFSI is the highest among all verticals. The technological changes such as mobile banking, mobile wallets, payment gateways have increased the potential attack vectors. Hackers continue to steal credentials and other sensitive information thru Phishing emails and Phishing websites, DDoS attacks are not infrequent, Internal threats are becoming serious. The solution for BFSI is comprehensive investment in PPT (People Process and Technology).


10.   Everything about you is already known (most probably): Increasing frequency of data breaches, such as the many seen in 2015 (780 breaches), are changing the way we think about PII - Personally Identifiable Information (177 million data records exposed in 2015). We are, in fact, moving to a “post-privacy” society, where it is not uncommon for an attacker to have access to information that we have previously considered as personal. Data Theft Prevention and post breach activities will become increasingly important though it will be hard to be fully prepared for such an unknown. Defenders must take careful stock of their data handling processes, be nimble in this changing technology landscape and invest in (re)training key personnel.