|
||
1) Russia's
Fancy Bear APT Group Gets More Dangerous – Fancy
Bear, the Russian advanced persistent threat group associated with the
infamous intrusion at the Democratic National Committee last year among
numerous other break-ins, may have become just a little bit more dangerous. Encryption and code refreshes to group's
main attack tool have made it stealthier and harder to stop, ESET says. The fourth and latest version of
the malware comes with new techniques for obfuscating strings and all
run-time type information. The techniques, according to ESET, have significantly
improved the malware's encryption abilities. The Fancy Bear/Sednit group also
has upgraded some of the code used for command and control (C&C) purposes
and added a new domain generation algorithm (DGA) feature for quickly
creating fallback C&C domains.
2) Cybersecurity:
A priority area for the Indian Government - India’s
rapid transition towards digital economy coupled with national projects like
Digital India, Smart Cities, National Broadband Network and so on are
altering the digital landscape rapidly with direct impact on governance,
transparency, and accountability. With
the drive towards a digital economy, a large amount of consumer and citizen
data will be stored digitally, and many transactions will be carried out
online, by individuals, companies, as well as government departments. This
rapid change towards a digital environment has brought to fore the challenges
of certain security risks and concerns, particularly to human and nation’s
cybersecurity.
3) Comprehensive
Endpoint Protection Requires the Right Cyber Threat Intelligence
- A recent report from Grand View Research predicts that the cyber threat
intelligence (CTI) market will reach $12.6 billion by 2025. This growth in
demand isn't surprising when you consider the ongoing success of so many
high-profile and extremely damaging attacks. This climate of increasingly
sophisticated breaches has moved many organizations — particularly, those
that handle and retain sensitive data — to upgrade their cybersecurity
measures by adding CTI and incident forensics. CTI falls into three main categories -- tactical, operational, and
strategic -- and answers questions related to the "who, what, and
why" of a cyber-attack.
4) Fileless
Malware Attacks Hit Milestone in 2017 -
Fileless malware attacks using PowerShell or Windows Management
Instrumentation (WMI) tools accounted for 52% of all attacks this year,
beating out malware-based attacks for the first time, according to Carbon
Black's 2017 Threat Report. Non-malware
attacks account for the majority of all attacks this year, and ransomware
grows to a $5 billion industry, new data shows. Kryptik, Strictor, Nemucod, Emotet, and Skeeyah were the five top
malware families this year, according to the report. And the top three industries hit this year by
malware authors included finance, healthcare, and retail.
5) Google
Sheds Light on Data Encryption Practices - Google
explains the details of how it secures information in the cloud and encrypts
data in transit. Following a year of major cyberattacks and security threats,
Google has published two whitepapers to explain how it secures data. One
focuses on encryption of data in transit; the other on service-to-service
communication using Application Layer Transport Security (ALTS).
6) What's
next for cybersecurity in 2018? - We live in a world that is networked
together, where companies rely on networked systems and their data is stored
in the cloud. The year 2018 will bring
more connectivity, digital transformation initiatives, and data to companies,
along with a number of new cybersecurity threats and landscape changes
making cybersecurity one of the most crucial issues that need to be addressed
in the present scenario.
7) CROOKS
SWITCH FROM RANSOMWARE TO CRYPTOCURRENCY MINING
- Criminals behind the VenusLocker ransomware have switched to cryptocurrency
mining in their latest campaign targeting computer users in South Korea.
Instead of attempting to infect targeted computers with ransomware, the group is now trying to install
malware on PCs that mines for Monero, an open-source cryptocurrency.
Researchers said the shift by threat actors is also spurred by
anti-ransomware mitigation efforts that have made infecting systems with
malware harder.
8) Digital
Transformation Emboldens Cyber Adversaries—Can Cybersecurity Keep Up? - Businesses are accelerating their
digital transformation, seeking to leverage their online presence to enrich
products, deepen customer relationships, and boost their brand ecosystems.
However, with this rapid growth comes difficulty. As organizations expand
into digital channels, their digital footprint, i.e., all their
external-facing assets including websites, email servers, social landing
pages, and pages created outside proper protocol, also expands to potentially
unmanageable proportions.
9) The
Internet of Things Is Going to Change Everything About Cybersecurity
- Cybersecurity can cause organizational migraines. In 2016, breaches cost
businesses nearly $4 billion and exposed an average of 24,000 records per
incident. In 2017, the number of breaches is anticipated to rise by 36%. The
constant drumbeat of threats and attacks is becoming so mainstream that
businesses are expected to invest more than $93 billion in cyber defenses by
2018. Even Congress is acting more quickly to pass laws that will — hopefully
— improve the situation. Despite
increased spending and innovation in the cybersecurity market, there is every
indication that the situation will only worsen. The number of unmanaged
devices being introduced onto networks daily is increasing by orders of
magnitude, with Gartner predicting there will be 20 billion in use by 2020.
10) How
AI is the Future of Cybersecurity - The frightening truth about
increasingly common cyber-attacks is that most businesses and the
cybersecurity industry itself is not prepared. Beyond the lack of
preparedness on the business level, the
cybersecurity workforce itself is also having an incredibly hard time keeping
up with demand. By 2021, there are estimated to be an astounding 3.5
million unfilled cybersecurity positions worldwide.
|
||
|
Weekly blog that sums up the interesting Cyber Security developments of the past week.
Tuesday, December 26, 2017
iNews - Around The World This Week
Thursday, December 21, 2017
Right to Privacy:
Right to Privacy: Why This Is a Big Win for People and Security of Their Personal Data
“You can’t have privacy without security” Larry Page, Google’s CEO, famously said at a TED Conference, a few years ago.
Today, closer home, that rings true.
A few months ago when Right to Privacy found its way into the Indian Constitution, it marked a great first step towards recognizing the increasing—and often neglected—need to strengthen security to protect data and privacy.
Never before has there been a clarion call to create a robust regime for data protection. That’s something the Supreme Court has demanded of Indian organizations and the government. I think that’s quite significant.
That presents a remarkable opportunity for Indian organizations to step up their security efforts, and at the same time, build a culture that upholds the need to protect customer data.
It evidently means here’s a chance for Indian companies to create a solid framework and a strong cybersecurity policy that ensures data protection. That, in itself, is a big win for the privacy of personal data.
Much to Gain
In the age of social media and e-commerce, as data increasingly becomes a commodity, protecting this data also becomes an imperative.
Simply put, the more important data becomes, the more important are the tools to protect data.
And when customers are confident that their data is in safe hands, they are more than willing to part with it. For businesses, this is an indicator of customer trust, which boosts customer retention and new customer acquisition, leading to increased revenue.
Recently, Nasscom’s President R. Chandrashekhar said that the Supreme Court ruling significantly boosts India’s attractiveness as a safe destination for global sourcing which according to him is “another win”. As a growing digital economy, that’s great news for Indian businesses who can take advantage of increased customer confidence.
Outside Indian shores, the European Union’s General Data Protection Regulation (GDPR) requires all businesses—across the world--collecting data of EU citizens to become fully accountable for protecting any data categorized as ‘personal.’ With the Right to Privacy ruling, Indian businesses that cater to the European market will feel a step closer to ensuring they comply with GDPR.
Protecting Customer Privacy
In order to preserve the essence of privacy, Indian organizations need to provide an increased sense of visibility and control over confidential customer data.
To do so, they need to first recognize and assess the hands that hold customer data: Your employees.
That means there needs to be an increased focus on the people who create, touch and move customer data. One way to do that is to turn to Behavioral Analytics. It helps organizations monitor how their employees are handling customer data and detect suspicious behaviour.
That’s even more pertinent now that customer data has become the lifeline of most organizations. Industries like telecom, financial and healthcare services, e-commerce firms and government agencies that collect a large amount of sensitive personal data will have to re-evaluate their data strategy.
They will have to provision for new norms that vow to protect customer data and privacy, first and foremost. The Right to Privacy ruling has opened new doors for businesses by providing an opportunity to strengthen security to protect privacy, and thereby gain customer confidence.
Source: https://tinyurl.com/y9bpsqlf
Monday, December 18, 2017
iNews - Around The World This Week
1)
TRITON
Malware Targeting Critical Infrastructure Could Cause Physical Damage
– Security researchers have uncovered another nasty piece of malware designed
specifically to target industrial control systems (ICS) with a potential to
cause health and life-threatening accidents. Dubbed Triton, also known as Trisis,
the ICS malware has been designed to target Triconex Safety Instrumented
System (SIS) controllers —an autonomous control system that independently
monitors the performance of critical systems and takes immediate actions
automatically, if a dangerous state is detected. According to separate
research conducted by ICS cybersecurity firm Dragos, which calls this malware
"TRISIS," the attack was launched against an industrial
organization in the Middle East.
2)
Newly Uncovered
'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks
- Security researchers have uncovered a previously undetected group of
Russian-speaking hackers that has silently been targeting Banks, financial
institutions, and legal firms, primarily in the United States, UK, and
Russia. In the past 18 months, the hacking group is believed to have
conducted more than 20 attacks against various financial organizations—stolen
more than $11 Million and sensitive documents that could be used for next
attacks. Since its first successful attack in May last year, MoneyTaker
has targeted banks in California, Illinois, Utah, Oklahoma, Colorado, South
Carolina, Missouri, North Carolina, Virginia and Florida, primarily targeting
small community banks with limited cyber defenses.
3)
Security
Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL - A
team of security researchers has discovered a critical implementation flaw in
major mobile banking applications that left banking credentials of millions
of users vulnerable to hackers. The affected banking apps include HSBC,
NatWest, Co-op, Santander, and Allied Irish bank, which have now been updated
after researchers reported them of the issue. SSL pinning is a security
feature that prevents man-in-the-middle (MITM) attacks by enabling an
additional layer of trust between the listed hosts and devices. When
implemented, SSL pinning helps to neutralize network-based attacks wherein
attackers could attempt to use valid certificates issued by rogue
certification authorities.
4)
Here's
where 'Smart Hospitals' will make big tech investments in the near future
- Building on top of today’s digital infrastructure, Smart Hospitals will
focus on patient experience, outcomes, the Triple Aim and they’ll make
expensive acquisitions between now and 2025. Smart hospitals optimize,
redesign, or build new clinical processes, management systems and potentially
infrastructure, enabled by underlying digitized networking of interconnected
assets, to provide a valuable service or insight, which was not possible or
available earlier, to achieve better patient care, experience, and
operational efficiency. Digital transformation is happening in almost
every industry and healthcare is no exception. Analyst house IDC earlier
this year pegged the global DX market at escalating as high as $20 trillion
in the coming years.
5)
The
next big thing in pharmacy supply chain: Blockchain - With $200
billion lost to counterfeit drugs annually and patient safety issues, a
chain-of-custody log that blockchain could enable holds promise. Blockchain
has the potential to transform healthcare in general and the pharmacy supply
chain in particular. The distributed ledger technology could offer
legislative, logistical and patient safety benefits for pharmaceutical supply
chain management. From a regulatory perspective in the United States,
blockchain technological and structural capabilities, in fact,
extraordinarily map to the key requirements of the Drug Supply Chain Security
Act.
6)
Healthcare
Faces Poor Cybersecurity Prognosis - The healthcare industry is
underestimating security threats as attackers continue to seek data and
monetary gain. Threat actors rarely attack with the intent of causing
physical harm, most are looking for financial gain. eSentire reports
patient records are worth between $0.05 and $2.42 USD each. Attackers can
sell them on the Dark Web, use them for tax fraud or blackmail, or for
conducting spear phishing campaigns. Opportunistic attacks are common because
of the amount of vulnerable devices.
7)
As
India Surveys Bitcoin Exchanges, West Toughens Its Regulations - Once
voiced by a cryptocurrency enthusiast, “Bitcoin will do to banks what
email did to the postal industry” has now been raised by Israel’s Prime
Minister Benjamin Netanyahu while speaking of cryptocurrencies, exchanges and
cryptocurrency regulations. “Is the fate of banks that they will eventually
disappear? Yes. The answer is Yes. Does it need to happen tomorrow? And do we
need to do it through Bitcoin? That’s a question mark!” stated the PM.
8)
Kaspersky
Lab Detects 360,000 new Malicious Files Daily - The number of daily
detected malicious files reflects the average activity of cybercriminals
involved in the creation and distribution of malware. The number of daily
detected malicious files reflects the average activity of cybercriminals
involved in the creation and distribution of malware. This figure was
calculated for the first time in 2011 and totaled 70,000 at that time. Since
then it has grown five-fold, and as the 2017 data shows, it is still
increasing. Most of the files identified as dangerous fall into the
malware category (78 percent). However, viruses – whose prevalence
significantly dropped 5-7 years ago, due to their complex development and low
efficiency - still constitute 14 percent of daily detections.
9)
USB
Encryption and Security Falls Well Short - A recent survey from
Apricorn of more than 400 IT professionals from industries including education,
finance, government, healthcare, legal, manufacturing, retail and
manufacturing, reveals that most employees use USB drives, but that companies
are leaving themselves open to data breaches and leaks by not effectively
monitoring these devices and the data that gets written to them. However,
eight out of 10 employees use non-encrypted USB drives such as those received
free at conferences, tradeshow events or business meetings, which could be
easily lost or stolen and fall into the wrong hands, or introduce malware
into a company’s host system.
10)
We
need to talk about mathematical backdoors in encryption algorithms -
Governments and intelligence agencies strive to control and bypass or
circumvent cryptographic protection of data and communications. Backdooring
encryption algorithms is considered as the best way to enforce cryptographic
control. Security researchers regularly set out to find implementation
problems in cryptographic algorithms, but not enough effort is going towards
the search for mathematical backdoors, two cryptography professors have
argued.
|
Credits - Nagesh of Ivalue.
Tuesday, November 21, 2017
Another Business Email Compromise
Export company’s email ID hacked, $36.8k siphoned off
Bengaluru: Tech-savvy fraudsters allegedly hacked the official email ID of a citybased fruits and vegetables export company and siphoned off $36,800 that customers owed the firm. In his complaint to the cybercrime police station attached to the Criminal Investigation Department (CID), Nikhil Menon, an executive of IQF Foods Private Limited, HRBR Layout, northeast Bengaluru, said the fraud was committed between October 31and November 9.
Cybercrime police sourcessaidthecompany’s official email ID — office@iqffoods.com — was hacked by the criminals, who used to contact the firm’s customers based in the US and Europe. The mailer asked the customers to deposit their dues to the Benglauru firm in a newly opened bank account in the US instead of the account where they’d usually deposit money“According to the complainant, the fraudsters succeeded in convincing the customers to deposit money in an account opened in the US in the name of Simple Investments. The customers deposited $36,800 (Rs 23,55,200) in this account,” a police officer said.
The Bengaluru firm learnt about the fraud only when it began following up on payment of dues with their customers. The firm learnt that its email ID was hacked and the customers were contacted through it. The firm approached cybercrime police on November 17. Police registered a case under various sections of IPC and Information Technology Act 2000. “We have sought more information from the company, including how many customers deposited money in the US account and other details for further investigation,” a police officer said. Police said IQF Foods was established by a Keralabased businessman and the company has a quick freezing process unit in Kolar district. It exports Indian fruits and vegetables to several customers globally, especially in the US, West Asia, Europe and Canada.
Times of India - Bangalore Edition - 21 Nov 2017
Friday, October 6, 2017
To Err is Human or The Insider?
What’s the similarity between Bradley Manning and
Edward Snowden? Well, apart from the fact that both disclosed sensitive
information about the US government or its various arms and were hailed as
“whistleblowers” by some and slammed and persecuted by their own government,
they were also quintessential “insiders”. Or, to put it simply, people who
ended up leaking classified information about the very same organization that
they worked for.
Surprised? Welcome to the
world of insider threats, a kind that is perhaps the most under-appreciated of
cyber threats since they mostly fly under the radar as stories about hackers and
other criminal actors grab the headlines.
According to the SANS
Institute, one-third of enterprises have suffered from an insider caused
breach, with possible losses from each incident amounting to more than $5
million. Research firm Gartner says that more than 70% of unauthorized access
to data is committed by an organization's own employees. These are good enough
indicators to gauge the level of threat that insiders pose.
Insider attacks, be it from a
disgruntled employee or an absent-minded manager, are more insidious because
they betray the trust the organization has in its employees and partners. They
are also harder to detect and take longer to discover than any other type of
threat. Also, this threat simply can’t be wished away as every organization
needs employees and partners who will need access to sensitive information to
do their jobs effectively.
Besides, not all insiders have
a malicious intent. Often, data loss happens due to unintentional mistakes made
by people—accidental insiders—or users whose credentials have been compromised
or stolen—compromised insiders.
Alas, the existing approach to
information security relies heavily on protecting the technology
infrastructure, which while needed will not solve this insider threat.
So, what can organizations do
about it? How can they counter such threats?
The Human Point
The answer perhaps lies in
having a more human-centric approach. To protect and secure data from such
insider threats, a new approach is required where the focus needs to be on understanding
the points in which trusted people – employees, partners, and contractors –
interact with critical business data and intellectual property. It is human
points of interaction where businesses see critical data as most valuable. And
these are precisely the points where the data is also the most vulnerable.
Learning how users interact
with critical data has to become a priority for security professionals. And
while there’s agreement that understanding behavior and intent is vital to
cyber security, most security professionals are unable to do so effectively as
it is an entirely new security paradigm.
To effectively counter insider
threats, intelligent integrated systems are needed that provide visibility into
user behavior and uncover intent by providing the context behind a user’s
actions. These systems of integrated solutions, when coupled with comprehensive
cyber security programs, can secure today’s mobile workforce, reduce the
incident management burden on IT teams, increase the value of new security
investments, and provide proactive security that promotes innovation within the
organization.
It’s time businesses start
adopting this new approach to security and have intelligent systems that allow
good employee behavior and facilitate business while stopping bad cyber
behaviors.
And the time to start was
perhaps yesterday. Else, tomorrow the next Bradley Manning or Edward Snowden
might come from your organization.
reproduced from - https://tinyurl.com/y9jjf467
Sunday, January 8, 2017
Issue 98- Week of Jan 2nd
1. KillDisk - the world's biggest Ransomware?: KillDisk malware was originally used in the Ukraine
energy attacks of 2015. Now researchers have found a Linux variant of it, which
makes the Linux machine unbootable. It also demands an unusual high Ransom of
222 BTC (approx. $200K). Prevention is the best solution to Ransomware. Regular
Backups & good Web Security solutions recommended.
2. Koolova Ransomware:
Users infected with this Ransomware can obtain the decryption key for free if
they read two articles about Ransomware. This certainly is not the best way to
build awareness about Ransomware. 'Popcorn
time', another interesting Ransomware in news last month required the
victim to infect two others to obtain the decryption key for free.
3. Ransomware in Schools:
In UK, cybercriminals pretending to be Govt. officials have been cold-calling
schools to obtain email ids of key staff, to email them 'Supposedly' important
docs. These docs actually contain malware which encrypts the school's machines.
The hackers then demand a ransom of £8000. Similar scams are run by sending malware
infected fake POs to sales organizations and fake resumes to HR depts..
4. Mongo DB under attack:
MongoDB had an vulnerability in which the database could be accessed without
any authentication. A patch was later made available but some of the admins did
not patch. Hackers are now deleting such databases before making a copy, they
are willing to return the data for a Ransom of 0.2BTC ($150). Thousands have
been affected; Upgrade of MongoDB strongly recommended.
5. Tech support scam hits Mac: Users not on the latest Mac OS are prone to this malware
infection, which opens several draft email windows with subject line
"Virus detected call support on +1-800-xyz). This goes on till the laptop
suffers memory issue and crashes. The trick is to get the victims to call,
scare them to sell support which they really do not need. See image below.
6. D-Link Sued: After
the recent
massive DDoS
attacks, the US watchdog FTC has sued D-Link for its poor security.
This move by FTC will go a long way in improving the security of IoT devices which
the manufactures have not taken very seriously - most likely to keep their
costs low. Usage of default passwords allows hackers to break-in easily; it is
strongly recommended to avoid using default passwords.
7. FTC announces $25K reward: Keeping in mind the role IoT played in the recent
massive DDoS
attacks, FTC has announced a reward of $25K to anyone who can create a
solution that will patch all vulnerable IoT devices. A serious challenge in IoT
is that many of these devices do not have ability to be patched remotely. Issue
88 - we saw a Chinese company admitting its products were misused to
launch the DYN attack, later the company recalled some of the devices.
8. Netgear announces Bug Bounty program: Last week, Netgear launched its Bug Bounty program in
which it will reward hackers up-to $15K for responsible reporting of flaws
found in its products. Several companies offer such programs the biggest one
being that of Zerodium which offers $1.5M
for bugs in iOS 10 Zero-day exploits.
9. Critical RCE bugs patched: Websites using PHPmailer/ Swiftmailer/ Zendmail, were
vulnerable to a RCE (Remote Code Execution) bug. Using contact/registration
forms - hackers could run arbitrary code thereby compromising the site. All the
vulnerabilities have now been patched. Admins can consider updating.
Sunday, January 1, 2017
Issue 97- Week of Dec 26th - Happy New Year
Issue 97- Week of Dec 26th
1. US Election hacking fallout: US expelled 35 diplomatic personnel from Russia embassy
last week, it is alleged these Russians interfered in US presidential election
by hacking
the DNC. Russia did not do the usual tit for tat but it trolled
President Obama by calling him a Lame duck.
2. Super Mario Run APK is a malware: Nintendo's 'Super Mario Run' was released recently for
iOS devices only. Some of the Mario lovers went looking for the Android version
of the game outside the Goggle play store and ended up with malware. This
malware can take full control of the Android device. It is advised to wait for
the official version on Play Store.
3. Lithuania computers infected with Russian Spyware: Reuters reports that Lithuania has accused Russia of cyber-attacks
on it Government networks. Lithuania fears Russia is trying to infiltrate its political
sphere. Russia has rejected this as Laughable and unsubstantiated. Meanwhile in
Germany, its intelligence believes Russia may interfere in its National
elections in 2017.
4. Application for Marijuana seller's details leaked: Recreational marijuana is legal in Nevada. Details from
the 11700 reseller applications that Nevada state government had received was
easily accessible via Google on the State Government's Website. Experts are not
willing to call this a cyber-hack. The site is currently down.
5. Another DDoS attack:
For most part of 2016 - DDoS attacks was launched using Mirai botnet in hacked
IoT devices. Last week - A 650Gbps attack was launched using a new botnet
called Leet Botnet. Issue
84 - A 1.5Tbps attack was launched on France-based hosting provider OVH
and Issue
87 - DNS provider DYN suffered massive DDoS attack.
6. Android Trojan infects Wi-Fi router: A new Android Trojan called Switcher comes in disguised
apps and does not affect the device but targets the Wi-Fi router it is
connected to. It changes the DNS settings of the router to redirect traffic to
malicious websites. Issue 95 - we saw something similar called 'DNS
Changer' - where the router was attacked via a PC. Issue
94 - we saw Stegano Malvertising redirecting traffic.
7. Amazon Echo's help required to solve murder case: Amazon Echo is a smart device that responds to voice
commands. This device was being used in a home where a murder took place. The
police have issued a Warrant to Amazon to handover the voice recordings during
the suspected time of murder. Amazon has declined. Sounds very similar to Apple
v/s FBI case wherein Apple declined to unlock the San Bernardino
terrorist's iPhone.
8. InterContinental Hotels may have been hacked: After a debit and credit card fraud pattern was found at
some of the InterContinental properties - the hotel has launched an
investigation. Kimpton
Hotels & HEI Hotels & Resorts (which operates Marriott, Hyatt
and Sheraton and Westin hotels) recently suffered PoS breach.
9. Critical flaws in PHP 7 detected: Experts have found 3 critical 'Zero Day' vulnerabilities
in PHP 7. Two of the flaws allow hackers to take full control of the web server
and steal data. The third flaw helps in DoS attack shutting down the server.
PHP was notified about these flaws in Sep and as of now they all have been
patched.
10. Security and demonetization: Recall the story we discussed in Issue
49 - wherein a Bangalore businessman's account was hacked and $70K was
stolen. The hackers were able to very easily obtain a duplicate SIM card of the
businessman's phone number and then hack the bank account as the OTP was now
being delivered to the criminals. With Demonetization and Digital India - thousands
are embracing e-wallets and online transactions every day. Criminals now have a
much wider attack surface, one should stay alert to prevent such hacks.
Source - idtheftcenter.org
Subscribe to:
Posts (Atom)