Search This Blog

Showing posts with label India. Show all posts

QUAD Nations to Assist Each Other in Taking Action Against Malicious Cyber Activities

 

On Saturday, the leaders of India, the United States, Japan, and Australia, known as the Quad, vowed to work together to ensure the security and resilience of regional cyberinfrastructure.

Following a meeting on the sidelines of the UN General Assembly session in New York, the leaders of the four countries issued a joint statement on the subject. External Affairs Minister S Jaishankar, along with his counterparts Penny Wong of Australia, Hayashi Yoshimasa of Japan, and US Secretary of State Tony Blinken, issued a statement urging states to take reasonable steps to address ransomware operations originating from within their borders.

The Quadrilateral Security Dialogue, comprised of India, the United States, Japan, and Australia, was established in 2017 to counter China's aggressive behaviour in the Indo-Pacific region. According to the statement, the leaders believe that focused initiatives to strengthen Indo-Pacific countries' cyber capabilities will ensure the security and resilience of regional cyberinfrastructure.

"The transnational nature of ransomware can adversely affect our national security, finance sector and business enterprise, critical infrastructure, and the protection of personal data. We appreciate the progress made by the 36 countries supporting the US-led Counter Ransomware Initiative and the regular, practical-oriented consultations against cybercrime in the Indo-Pacific region," they said.

The ministers emphasised that practical cooperation in countering ransomware among Indo-Pacific partners would result in ransomware actors in the region being denied a safe haven.

Recalling the last Quad Foreign Ministers' Meeting on February 11 of this year, the ministers stated their commitment to addressing the global threat of ransomware, which has hampered Indo-Pacific economic development and security.

U.S. Citizens Lost $39.5 Billion to Phone Frauds Alone Over the Past Year

 

A recent study estimates that scams have increased threefold in the US in the last 12 months resulting in the loss of $39.5 billion, which is the highest number registered since Truecaller, Swedish caller identification and spam blocking app, began researching scam and spam calls in the U.S. eight years ago. 

According to the report, which was undertaken in partnership with The Harris Poll in March 2022, 33% of US citizens reported having fallen victim to phone scams, and 20% on more than one occasion. 55.6% of those who fell victim to a phone scam were men, compared to only 42.2% of those who were women. 

Furthermore, men aged 65 and above, and Hispanics were more likely to fall for scams and phone frauds than those aged below or belonging to any other ethnicity. Nearly, 74% of Hispanic people were targeted and lost money in the last 12 months when compared to Black or White adult individuals.

Approximately 63% of Americans feel like they may miss legitimate calls due to the fear of spam calls. To protect themselves, 43% of people reported they downloaded a spam blocker and/or caller ID. A whopping 86% of Americans said only pick up when the caller is recognizable, 60% have stopped picking up calls altogether and have shifted to other methods of communicating. These include texts, emails, social media apps, faxes, etc. 

To mitigate risks, adults preferred to take action by downloading Spam Blocker/Caller ID apps while people above the age of 65 preferred blocking their credit cards or altering account numbers after being scammed. 

The study suggests that despite the Federal Communication Commission’s (FCC) efforts to regulate via the STIR/SHAKEN framework (a set of FCC standards aimed at protecting Americans from robocalls/scammers) nearly 68.4 million Americans fell victim to at least a phone scam in the last 12 months, indicating fraudsters are bypassing government regulation and finding more sophisticated methods to target users. 

“The findings from this year are concerning and shed light on the fact that fraudsters and scammers continue to outsmart increased government regulation. Additionally, with many robocalls coming from overseas, the increase in regulation will need to work in parallel with technological advancements provided by caller ID and spam-blocking apps, such as Truecaller,” stated Alan Mamedi, CEO of Truecaller. 

India: 4th most spammed nation 

According to Truecaller’s Global Scam Report 2021, India received 4th position in spam sales and telemarketing calls and was placed right behind Brazil, Peru, and Ukraine. 

The sales-related calls made up a vast majority (93.5%) of all incoming spam calls in the country. The report also made a special mention of a single number in India that apparently made over 202 Mn spam calls – more than 664,000 calls every day or 27,000 calls every hour.

Chinese Hackers Targeted Indian State Power Grid

 

Chinese state-sponsored malicious actors launched “probing cyberattacks” on Indian electricity distribution centers near Ladakh thrice since December 2021. On Wednesday a report by private intelligence firm Recorded Future confirmed the attack. 

The hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area contested by the two nuclear neighbors, the report added. This attack came to light while the military standoff between the two countries in the region had already deteriorated the relationship. However, the government sources affirmed that the attacks were not successful. 

''In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh," the group said. 

The hackers employed the trojan ShadowPad, which the experts claimed has been developed by contractors for China's Ministry of State Security, thereby concluding  that it was a state-sponsored hacking effort. 

"In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group," Recorded Future said.

Phorpiex Variant Used for Cryptocurrency Assaults in Ethiopia, Nigeria, India, and Other Countries

 

Check Point Research has found new cryptocurrency-related assaults in Ethiopia, Nigeria, India, and 93 other countries. The attackers are employing a variation of the Phorpiex botnet known as "Twizt" by Check Point to steal cryptocurrency through a technique known as "crypto clipping." Because wallet addresses are so long, most systems copy them and allow you to just paste them in during transactions. Cybercriminals have used Twizt to replace the intended wallet address with the wallet address of the threat actor. 

Phorpiex, a long-lasting botnet known for extortion tactics and the use of old-school worms delivered via removable USB drives and instant messaging apps, began broadening its infrastructure in recent years in order to become more durable and deliver more hazardous payloads. The Phorphiex botnet is still active today, with a massive network of bots generating a wide range of malicious activities. These operations, which previously comprised extortion and spamming, have grown to encompass cryptocurrency mining. Researchers also saw a surge in data exfiltration and ransomware delivery in 2018, with the bot installer releasing Avaddon, Knot, BitRansomware (DSoftCrypt/ReadMe), Nemty, GandCrab, and Pony ransomware, among other malware. 

Check Point researchers reported intercepting 969 transactions, stating that Twizt "can operate without active command and control servers, enabling it to bypass security systems," implying that each computer infected can expand the botnet. 

Twizt operators have stolen 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens in the last year, totaling around $500,000. 26 ETG were stolen in one incident alone. Phorpiex bots hijacked over 3,000 transactions worth nearly 38 Bitcoin and 133 Ether between April 2016 and November 2021. The cybersecurity firm stated that this was merely a subset of the attacks that were taking place. 

According to Alexander Chailytko, cybersecurity research and innovation manager at Check Point Software, the new variant of Phorpiex poses two major concerns. "First, Tiwzt is able to operate without any communication with C&C; therefore, it is easier to evade security mechanisms, such as firewalls, in order to do damage. Second, Twizt supports more than 30 different cryptocurrency wallets from different blockchains, including major ones such as Bitcoin, Ethereum, Dash, Monero," Chailytko said. 

"This makes for a huge attack surface, and basically anyone who is utilizing crypto could be affected. I strongly urge all cryptocurrency users to double-check the wallet addresses they copy and paste, as you could very well be inadvertently sending your crypto into the wrong hands," Chailytko added.

Software-as-a-Service: Next Big Thing in Tech, Could be Worth $1 Trillion

 

Since the late 1980s, India has been a destination for low-cost, outsourced software and support services and that was the time when the labor force became a cost-effective solution for multinational companies globally. Historically, the labor arbitrage model has increased the country's wealth, also providing employment and fuelling urbanization. 

Because of the world pandemic, global industries are forced to increase their investment in digital infrastructure, boosting the influence of companies providing software-as-a-service, or SaaS. According to a KPMG survey, last year organizations spent an extra $15 billion per week on technology to improve safe remote working environments. 

While India’s software-as-a-service industry will be worth $1 trillion by 2030, it will also likely increase employment by nearly half a million new jobs, according to a recent report compiled by consulting firm McKinsey & Co. and SaaSBoomi, a community of industry leaders. 

SaaS companies are also known as "on-demand software" and Web-based/Web-hosted software facilitates applications that take care of the software. There are some best-known SaaS companies including Zoom (ZM), Salesforce (CRM), SAP Concur, and the messaging app Slack. 

SaaS has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software. 

According to the report, there are thousands of such companies in India, of which 10 are unicorns, their startups' worth is $1 billion in value. 

"This can be as big an opportunity as the IT services industry was in the 90s," said Girish Mathrubootham, CEO of Freshworks India’s best-known SaaS Company. Last month, the company (Freshworks) filed for an IPO, joining the league of other Indian unicorns that are going public this year.

Banking Trojan Posing as I-T Refund hits 27 Indian Banks

 

In India, cyberspace has identified a banking Trojan virus that lurks at attacking bankers using Android smartphones, stated the country’s federal cyber security agency, CERT-In, in an advisory alert. Further, the Indian Computer Emergency Response Team (CERT-In ) has claimed that the virus has attacked clients from over 27 public and private sector banks. 

The phishing malware seems to masquerade as the 'income tax refund' – a social engineering piece of malware which targets personal information – and can 'effectually endanger the confidentiality of sensitive customer information and lead to massive attacks and financial frauds,' the CERT-In said, adding: “It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik Android malware.” 

While explaining the invasion operation, the agency said that a victim would have been prompted to fill in personally identifiable information, download and install malicious APK files to finish the requisite verification on a phishing website (as it is on the website of the tax service). The victim would get a link redirecting it to a phishing website. 

“If the user does not enter any information on the website, the same screen with the form is displayed in the Android application and the user is asked to fill in to proceed,” they said. 

Furthermore, Full name, PAN number, Aadhaar number, permanent addresses, birthdates, cell phone number, and financial information, such as bank details, account number, IFSC code, CIF number, debit cards, expiration date, CVV, and PINs, are included as part of the data asked to be filled by the user. 

Once the user has submitted the details, the program claims that a refund amount may be deposited to the user's bank account, and the application exhibits an error and displays a false upgrade page whenever the user enters the amount and selects the "transfer" options. 

During the display of the screen to install the update, Trojan will forward the information about the user to the attacker. 

"These details are then used by the attacker to generate the bank-specific mobile banking screen and render it on the user's machine. The user is then requested to enter the mobile banking credentials which are captured by the attacker," it said. 

The advisory proposes several counter efforts to stop such attacks and malware, such as downloading apps from the official app shops, installing suitable updates and patches on Android, using secured internet browsing tools, carrying out detailed research before clicking on a link in the message, and looking for true certificates of encryption by checking for a green browser lock.

Chinese Military Unit Linked to Cyber Espionage Campaign Targeting India

 

Recorded Future, a US security firm, revealed a cyber espionage campaign linked to a suspected Chinese state-sponsored threat activity group, named RedFoxtrot. Recorded Future's threat research arm Insikt Group, discovered evidence dating back to 2014 that interconnects RedFoxtrot and Chinese military-intelligence apparatus, the People's Liberation Army (PLA) Unit 69010. 

Before restructuring in 2015, PLA’s cyber-attack unit 69010 was known as the Lanzhou Military Region’s Second Technical Reconnaissance Bureau, and now it has been incorporated into the Network Systems Department of the PLA’s Strategic Support Force (SSF). According to a report published by Recorded Future’s Insikt Group, cybersecurity experts have detected intrusions targeting aerospace, defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan.

“Notable RedFoxtrot victims over the past 6 months include multiple Indian aerospace and defense contractors; telecommunications companies in Afghanistan, India, Kazakhstan, and Pakistan; and several national and state institutions in the region. Activity over this [past six-month] period showed a particular focus on Indian targets, which occurred at a time of heightened border tensions between India and the People’s Republic of China (PRC,” analysts explained.

According to the research team, for its attacks, the RedFoxtrot group employs both bespoke and publicly available malware families, including IceFog, ShadowPad, Royal Road, PCShare, PlugX, and web server infrastructure to host and deliver payloads and to collect stolen information. Some of the group’s past campaigns have been previously documented by other security firms under different names in something that has become a common sight in modern-day threat hunting.

“The recent activity of the People's Liberation Army has largely been a black box for the intelligence community. Being able to provide this rare end-to-end glimpse into PLA activity and Chinese military tactics and motivations provides invaluable insight into the global threat landscape. The persistent and pervasive monitoring and collection of intelligence is crucial in order to disrupt adversaries and inform an organization or government's security posture", Christopher Ahlberg, CEO, and Co-Founder of Recorded Future, stated.

Recorded Future researchers were successful in making connections inside this nebula of Chinese state-sponsored hacking activity to RedFoxtrot (and subsequently to PLA Unit 69010) due to lax operational security (OpSec) measures of one of its members. 

“Insikt Group is not publicly disclosing the identity of this individual; however, an extensive online presence provided corroborating evidence indicating that this individual is located in Ürümqi, has an interest in hacking, and also has a suspected historical affiliation with the PLA’s former Communications Command Academy located in Wuhan,” the researchers further stated.

Cisco Smart Install Protocol is Still Being Exploited in Cyber-Attacks

 

Five years after Cisco issued its first warning, the Smart Install protocol is still being utilized in assaults, and there are around 18,000 internet-exposed devices that might be targeted by hackers. Smart Install is a plug-and-play configuration and image-management technology from Cisco that allows new switches to be deployed with zero-touch. Smart Install can be extremely important to organizations, but it can also be a significant security concern. 

A Smart Install network consists of a group of networking devices known as clients that are served by a common Layer 3 switch or router that serves as a director. You can use the Zero-Touch Installation process in a Smart Install network to install new access layer switches without the help of the network administrator. The director acts as a central management point for client switch images and configuration. When a new client switch is added to the network, the director immediately recognizes it and determines which Cisco IOS image and configuration file should be downloaded. 

The function remains enabled and can be accessed without authentication once a device has been set up via Smart Install. Malicious actors have been able to remotely target devices with Smart Install enabled, including reloading devices, loading a new operating system image, and running arbitrary commands with elevated privileges. 

After an exploitation tool was made public in 2016, Cisco issued a warning on the misuse of Smart Install. In 2017 and 2018, the company sent more alerts, identifying hundreds of thousands of vulnerable devices, including those in critical infrastructure organizations. In 2018, it was revealed that hacktivists targeted the Smart Install function in assaults on Cisco switches in Iran and Russia as part of an ostensibly pro-US attack, as well as a state-sponsored cyberespionage group affiliated to Russia. 

In 2016, the number of networking equipment vulnerable to Smart Install assaults surpassed 250,000, but by 2018 it had reduced to 168,000. The Shadowserver Foundation is still keeping track of the number of potentially susceptible devices, reporting that almost 18,000 are currently online, including many in North America, South Korea, the United Kingdom, India, and Russia. 

Last month, Lumen Technologies' Black Lotus Labs cybersecurity unit discovered that a hacktivist group had compromised at least 100 internet-exposed routers belonging to both public and private sector entities, most of which were based in the United States.

Uttarakhand, India Special Task Force Exposed a China Based Money Laundering Racket

 

The Police of Uttarakhand, India claimed that the web racket has duped naïve investors with at least 250cr Rs by guaranteeing to almost double their money in just 15 days but rather by turning it out in the cryptocurrency. 

Pawan Kumar Pandey was detained on a Monday night from Gautam Buddh Nagar, Noida a district in Uttar Pradesh, who is accused of running a ghost corporation to transfer his defrauded money to his alleged "handler in China." He has been caught with his 19 laptops, 592 SIM, 5 mobile phones, 4 ATM cards, and a passport. 

Uttarakhand police chief (DGP) Ashok Kumar said that after two Haridwar locals, Rohit Kumar and Rahul Kumar Goyal had complained about this scam the racket was scrutinized. 

“A week ago, they claimed that one of their friends told them about a mobile app on Google Play Store named Power Bank, which doubled returns on investment within 15 days. Believing him, they downloaded the app and deposited ₹91,200 and ₹73000,” said Kumar. 

However, after one month of making the deposit, when they didn't receive any returns, they realized that they were tricked, he added. 

The special task force launched a test to find out that the relevant mobile app was available on the Google Play Store from February 2021 to May 12, 2021, during which a minimum of 50 lakh individuals installed the application. Police also established that the money deposited through the app was moved to the detained person's bank accounts via payment gates. 

He said the money was subsequently converted into cryptocurrencies. The application was connected to China during the cyber forensic examination, where Pandey's operators reside. They used to cash the cryptocurrencies into their local currencies to complete the money laundering chain, that began with the Indians being duped by the app. 

“In this case too, they partnered with Pandey and used his identity documents to register a shadow company with the Registrar of Companies (RoC) and to open two bank accounts, where the money siphoned off from the victims was deposited. They opened a shadow company in Noida named Purple Hui Zing Zihao. Pandey was registered as the company’s owner and the firm was shown as the developer of the fraudulent app,” said Bharne, Uttarakhand’s deputy inspector general (law & order). 

Pandey added that though he earned commissions from the Chinese accused, the bank accounts and the business was handled remotely. He had received a salary payment of 1.50 lakh from the Chinese. He also told cops that his operators are using the same modus operandi, as there are many other identical apps. Initially, however, the accused doubled certain investments to win the confidence of future investors. 

“We have taken at least 20 such shadow companies under our radar for suspected fraudulent activities like the above-mentioned one. We have received 20 other similar complaints from people in the state and they [the complaints] are under probe,” the senior police officer said.

Fake Oximeter Apps For Smart Devices, Here’s How To Check If It’s Safe Or Not

 

In recent days the demand for oximeters has gone up owing to the deadly second wave of Covid-19 in India. Earlier today, cybersecurity intelligence has reported that many fake oximeter apps are available on the Play Store. 

The researchers’ group from Quick Heal Security Labs has discovered that the threat actors were exploiting the official apps with a trojan to get access to users’ banking credentials.

“Threat actors use reliable tools to deploy payload and third-party app stores for distribution of these fake apps,” the researchers said in a statement. 

These days Oximeter device has become very crucial to fight the Coronavirus as this device helps in monitoring blood oxygen levels in the human body. Meanwhile, various Oximeter apps are available on Android mobile devices that can help you in measuring your blood oxygen levels without any charge. 

However, these fake apps can cost you more than you can expect. According to the Quick Heal report, fake oximeter apps can exploit your online financial data for PhonePe, Google Pay, Paytm, etc. The Indian government has also warned against these apps. 

According to the findings, threat actors target those app stores where they can find both free and paid apps. They use several different tools such as GitHub or firebase to employ fake apps and various types of app markets like QooApp, Huawei, etc. 

How you can protect your financial data from fake oximeter apps? 

Here are some things to remember before downloading an oximeter app on your device: 

•  Don’t open links shared through messages or on social media platforms. 

• Check for grammar errors in the app descriptions as attackers usually use the wrong English.

•  Reviews and ratings can also be fake, focus more on reviews with low ratings. 

"Avoid approaching to third-party app stores for downloading apps or through links shared via SMSs, emails, and WhatsApp. These avenues don`t invest in security and hence make space for any type of app, including the infected ones,” researchers further added. 

643GB of Customer Information Exposed in a Data Breach Suffered by Bizongo

 

The issue of data fraud has been on a rapid rise, as of late, and evidently so as data breaches are a matter of serious concern for data applications in all aspects of life. In recent days, few Indian start-ups have suffered several data violations. 

In the light of that, an alarming data violation within the packaging acquisition company Bizongo, a digital platform located in Mumbai, India, was discovered by the Website Planet Security Team. As just at end of December 2020, the team disclosed an incorrect bucket belonging to Bizongo that leaves highly confidential data potentially exposed to hackers and other unauthentic sources. Due to the complexity of the breach, more than a thousand organizations and hundreds of thousands of people could be affected. 

The key concern of Bizongo is serving Indian firms and there is no indication that their facilities extend beyond Indian borders. While its website domain has just been altered to 'dotcom,' it indicates that international companies have the potential of becoming a part of Bizongo. 

With more than 400 customers across multiple sectors, Bizongo is an online packing market, with over 860 million packings shipped to date. With customers using their Business to Business (B2B) supply chain and vendor management systems, Bizongo has disclosed almost 2.5 million (643Gb) data files that contain names, addresses, billing numbers, and customer payment information, with Amazon, Flipkart, Myntra, Swiggy and Zomato being some of their prime customers. 

A malfunctioning Amazon Web Services (AWS) S3 bucket operated by Bizongo was indeed the cause of the data leak as per the security team of Website Planet. There were two kinds of files in the bucket — customer bills and dispatch labeling. 

In a blog post, the Website Planet wrote, “With clear examples of branded shipping labels and customer receipts, finding the owner of the breached database was reasonably straightforward. All of the exposed data was identified as accurate, with the data belonging to real individuals.” 

The exact period during which this data wasn’t secured is currently unclear. The team, nevertheless, noted that the violation was detected and registered on 30 December 2020. While Bizongo has never responded to this data breach, on 8 January 2021, when the breach was closed, the website planet security staff revised the bucket anyway. 

Although the Indian data security legislation has not been enforced yet, Bizongo remains guilty of almost any misreporting of personal data. Affected individuals have a legitimate right to pursue civil proceedings and reimbursement. 

Any Indian company or packaging provider using the Bizongo platform also faces the possibility of this infringement affecting them. Concerned parties should seek further clarification from Bizongo themselves on their data and this violation. Since they cannot be sure if non-ethical attackers and fraudsters access unsecured data. However, the information leaked is likely to be detected, so users should be mindful of a variety of risks. 

“We take data security very seriously and implement best security practices to keep our and our customer data secure. We have taken strong measures to prevent such accidental misconfiguration from happening in the future,” the Bizongo added.

Almost 80% Of Indians Consider Moving To Alternatives After “Take It or Leave It Policy” WhatsApp

 

WhatsApp, the most popular messaging platform is suffering from the biggest storm with its users because of its new set of policies, although WhatsApp (organization) has stalled its upcoming terms and conditions until May. Even in India, WhatsApp users are jumping on alternatives including Telegram and signal messaging platforms. 

As well as the Indian government has strongly recommended Facebook-owned platform to re-consider upcoming policies. 

India alone comprises a large number of WhatsApp's userbase. Recently in response to cyberMedia Analysis (CMR) research, 79% of WhatsApp users are only in eight cities of India, including Delhi, Mumbai, Kolkata, Chennai, Bengaluru, Hyderabad, Pune, and Ahmedabad. Out of this huge percentage, 28% of people are reconsidering to depart the platform after the execution of its ‘take it or depart it coverage’ in Might 2021. 

Further, 51% of users have stated that they are reconsidering whether they should use this platform or not and would choose Telegram as its alternative or other messaging apps whereas 28% of respondents stated that they are not going to proceed with WhatsApp in any respect. 

In new terms and conditions of WhatsApp, it will share credentials of people with its parent company ‘Facebook’. Although the company has stated that it will not affect your private chat lives with your family and friends in any approach. The larger concern is that there is no specific technique that will decide this out. The new policies are not applied on the European market due to its (EU’s) stern privateness pointers that WhatsApp has obeyed to adjust. 

The government of India has explicitly highlighted in its response to WhatsApp, “the platform can’t unilaterally put in such coverage in its greatest market and that WhatsApp is obliged to respect the privateness of its largest person base”. 

“What’s outstanding is, most Indians (76%) had been conscious of the coverage,” Prabhu Ram, Head, Trade Intelligence Group (IIG), CMR instructed Monetary Categorical On-line. 

“WhatsApp has been the default messaging software for shoppers, much more than the conventional SMS. It was free, it was intimate, and it was one thing we owned. However now due to this take it or depart its coverage, the shoppers have gotten conscious that it was not free, in any case.” He added.

Cyber Attacks in India At A Steady Rise as Per India's Cybersecurity Chief

 

National Cyber Security Coordinator Lt Gen (retd) Rajesh Pant recently discussed cyberattacks in India 'having gone up a multifold' in the current environment and alluded to 'China' as a "major challenge" from a cybersecurity perspective for India.

"In such unprecedented times, you mentioned two Cs the challenge of corona and the challenge of cyber. Actually, at the perch which I sit, there are 3 Cs. The third 'C' of course is on our northern border, which is another challenge that we are facing”, Pant said at an event coordinated by the largest private sector lender HDFC Bank. 

He had assumed control over the role of India's cybersecurity chief, later added that almost consistently, 4 lakh malwares are found and 375 cyber-attacks are witnessed. 

Apart from falling prey to voice call-based frauds, individuals ought to likewise be cautious about the click-baits, which are conveyed to extract data from an internet user. 

"This disease of just clicking on the link, this is another reason where the malware drops,” he stated, requesting everyone to contemplate the ongoing cases of frauds at City Union Bank where an individual entered the core banking system through a simple click, and furthermore the ones at Bangladesh Bank and Cosmos Bank. 

"The issue is some of us get unaware and that's how problems start occurring. It's a question of being conscious all the time, not a question of not knowing," said chief risk officer of HDFC Bank Jimmy Tata, as HDFC Bank launched the 'Mooh Bandh Rakho' campaign with the Bank authorities stating that the objective is to zero in on the youth, to spread awareness through different mediums, including more than 1,000 secure banking workshops and furthermore even a rap-song.

Pant had likewise before called for setting up a dedicated industry forum for cybersecurity to develop trusted indigenous solutions for check cyber-attacks. 

“Last year, our official figures were Rs 1.25 lakh crore lost due to cybercrimes in India. Ransomware attacks are increasing every day and these criminals have been working from home. They have no qualms. They are heartless people. They are attacking hospitals because they know in an emergency hospital will pay,” Pant had said at an event organized by industry body Ficci.

India And Japan Agree on The Need for Robust and Resilient Digital and Cyber Systems

 

India and Japan finalize a cybersecurity deal as both agreed to the need for vigorous and 'resilient digital and cyber systems'. 

Their ambitious agreement accommodates participation in 5G technology, AI and a variety of other critical regions as the two strategic partners pledged to broad base their ties including in the Indo-Pacific area. 

The foreign ministers of the two nations – S Jaishankar of India and Motegi Toshimitsu of Japan – were of the view that a free, open, and comprehensive Indo-Pacific region “must be premised on diversified and resilient supply chains."

The two ministers “welcomed the Supply Chain Resilience Initiative between India, Japan, Australia, and other like-minded countries." 

Their initiative comes with regards to nations hoping to enhance supply chains out of China subsequent to Beijing suddenly closing factories and units in the repercussions of the Coronavirus pandemic, sending economic activities into a dump. 

The move hurled the subject of dependability of supply chains situated in China with nations hoping to widen the hotspots for critical procurement. In September, the trade ministers of India, Australia, and Japan had consented upon to dispatch an initiative on supply chain resilience.


Jaishankar, in a tweet, said further expansion of India-Japan cooperation in third nations centering around development projects likewise figured in the thirteenth India-Japan foreign minister's strategic dialogue.

The two “welcomed the finalization of the text of the cybersecurity agreement. The agreement promotes cooperation in capacity building, research, and development, security and resilience in the areas of Critical Information Infrastructure, 5G, Internet of Things (IoT), Artificial Intelligence (AI), among others," the statement said. 

In New Delhi, the agreement was cleared at a Cabinet meeting headed by PM Narendra Modi, as per Information and Broadcasting Minister Prakash Javadekar. 

The ministers concurred that the following annual bilateral summit between the leaders of India and Japan would be facilitated by the Indian government “at a mutually convenient time for the two Prime Ministers."

A Hacker Collective Based in Pakistan, Being Backed by China to Gather Intelligence Against India

 

In a rather coordinated attempt in order to steal strategic data and critical infrastructure by sending phishing mails a campaign was launched by a Pakistan-backed hacker, Transparent Tribe. 

The campaign, dubbed as 'Operation Sidecopy' utilizes a remote access malware that can heighten its privilege in undermined systems, and thus, easily steal data by infiltrating a computer. 

Cyber Security researchers at Seqrite, the cyber security solutions arm of Quick Heal, believe that the main tools utilized in Operation Sidecopy shows the association of Transparent Tribe which Seqrite believes is being backed by China to accumulate insight against India. 

One of the main characteristics that Seqrite believes can be associated with Pakistan's Transparent Tribe is the remote server facilitating that the 'collective uses'. 

As per researchers Kalpesh Mantri, Pawan Chaudhari and Goutam Tripathy at Seqrite, Operation Sidecopy utilizes Contabo GmbH to 'host' the remote server through which the malware is instructed and information inflow is controlled, which Transparent Tribe is accounted for to have done already.

Himanshu Dubey, director of Quick Heal Security Labs, affirmed that alongside the Operation Sidecopy cyber attacks are highly targeted towards India in nature and have been continuously observed since 2019.

'Till now, this attack has been only seen targeting India.The Tactics, Techniques and Procedures (TTPs), as well as Decoy documents that we analysed, were crafted specifically in Indian context,” he says. 

Clarifying the Pakistan and China connection in the series of cyber attacks taken note of, Quick Heal's Dubey says, “We have considered several factors such as infrastructure used for command servers, registered domain naming patterns and recently created domains, command and control server names are similar to the names used by APT36 in past, and APT36’s history of attacks targeting Indian defence organisations.Also, one domain that hosted HTML stager applications is registered to a user in Rawalpindi, Pakistan.” 

 Dubey avows that the entirety of Seqrite's discoveries under Operation Sidecopy have been shared with the authorities of the Indian government in order to assist them with taking proper digital protection steps and forestall loss of important data.

Iranian Threat Actors Have Modified Their Strategies, Attacks Now More Effective


Since the dawn of the digital age, Iranian hackers have been infamous for their attacks on critical infrastructures, targeting governments, and hacking large corporate networks. The main motive behind these attacks is getting espionage intelligence, steal confidential information, ransomware attacks, and target massive data networks. Since 2019, the hackers have been using developed strategies that are more effective in causing damage to the targets, resulting in better monetary benefits, says the Bloomsbury news.


Attack details

  • Earlier this year in April, hacking group APT34 (otherwise knowns as OilRig) launched a modified version of the backdoor named 'RDAT.' The backdoor uses the C2 channel, which can hide commands and data under images via attachments. 
  • Earlier this year in May, APT34 also added a new tool to its hacking inventory, known as DNSExfiltrator. The tool has allowed hackers to become the first hacking group that uses the DoH (DNS-over-HTTPS) protocol in its attacks. 

Keeping view of these new modifications in the hacking realm, organizations should know that the criminals are evolving and modifying their methods over time. It suggests that hackers have become more powerful and possess a more significant threat to the cybersecurity world.

Other developments 

  • In August 2020, the FBI issued a security alert about the hacking group going by the name of 'Fox Kitten' attacking potentially weak F5 networks. The hacker's purpose was to attack private and public U.S. government organizations. 
  • In July 2020, making its comeback, threat actor Charming Kitten launched a cyberespionage campaign, using WhatsApp and LinkedIn to imitate Persian speaking journalists. The targets included the U.S. government, Israeli scholars belonging to Tel Aviv and Haifa universities. 
  • In June 2020, an amateur hacking group from Iran attacked Asian companies using 'Dharma' ransomware. 

According to intelligence reports, the hackers used widely available hacking tools to target companies in China, Russia, Japan, and India. From July 2020, threat actor Fox Kitten is also infamous for giving small corporate networks access on hacking forums. According to experts, it is just trying to generate revenue using other income channels, using systems that lack any intelligence value but provide Iran money.

Indian Prime Minister Announces a New Cyber Security Policy for the Country


On the celebration of India's 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. 

While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India's society, economy, and development. 

He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn't be taken for granted. The prime minister's comments come against the ever-increasing cyber threats and psychological warfare radiating from nations like Pakistan and China. 

As per news reports, during the border tensions at Ladakh, China and Pakistani social media activists had apparently joined hands to dispatch fake news and misinformation campaigns against India. 

At the point when the conflict happened along the Pangong Lake on 5-6 May, Weibo, the Chinese version of Twitter, had featured images of Indian fighters tied up and lying on the ground, with correlations made to Bollywood's 'muscular portrayal' of the Indian Armed forces.

 "The government is alert on this," Modi reassured the nation, later adding that the government will soon come out with a strong policy on this.

Apart from this, phishing attacks offering info on Covid-19 and equipment, or free testing with the aim to steal personal information have additionally been on a steady rise in India over the last few months. 

As indicated by a Kaspersky report, there is a 37% increase in cyber-attacks against Indian companies in April-June quarter, when compared with January-March quarter, with the reason being the implementation of a nationwide lockdown from March which made organizations and companies permit their employees to work from home.

Indian Organizations Suffer the Most in Public Cloud Security Incidents



In a survey of 26 countries for public Cloud security incidents, India emerges as the nation which endured the hardest hits the previous year with 93 percent of the nation's organizations encountering the problem.

The survey included more than 3,500 IT managers across 26 nations in Europe, the Americas, Asia Pacific, the Center East, and Africa that currently host data and workloads at hand in the Public Cloud.

The cybersecurity incidents that Indian organizations suffered most included ransomware (53 percent) and other malware (49 percent), exposed data (49 percent), compromised accounts (48 percent), and cryptojacking (36 percent), said the report titled "The State of Cloud Security 2020" by cybersecurity company Sophos.

While Europeans seem to have endured the least level of security incidents in the Cloud, an indicator that compliance with General Data Protection Regulation (GDPR) guidelines are assisting with protecting organizations from being undermined.

However, India still hasn't enforced a data protection law.

Chester Wisniewski, Principal Research Scientist at Sophos said in a statement, "Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public Cloud."

 "The recent increase in remote working provides extra motivation to disable Cloud infrastructure that is being relied on more than ever, so it's worrisome that many organizations still don't understand their responsibility in securing Cloud data and workloads," Wisniewski added later.

"Cloud security is a shared responsibility, and organizations need to carefully manage and monitor Cloud environments in order to stay one step ahead of determined attackers."

According to the report, more than 55 percent of Indian organizations and businesses revealed that cybercriminals obtained access through the stolen Cloud provider account credentials.

Regardless of this, only 29 percent said managing access to Cloud accounts is a top area of concern. Albeit 'accidental exposure' keeps on plaguing organizations, with misconfigurations exploited in 44 percent of reported attacks on Indian organizations.

With 76 percent of organizations utilizing the Public Cloud, detection and response are driving the Cloud security concern for IT managers in India while data security still stays as a top concern across the world for organizations.

The Trauma of Securing a Code Signing Certificate - The Government of India needs to Intervene against hegemony of MNCs


A boutique Indian cyber security firm (a proprietorship) just went through a nightmarish experience with an MNC when it sought to secure a Code Signing Certificate (CSC). The MNC simply refused to recognise several valid documents issued by the Government of India.

The Indian firm has a GST registration, a MSME registration and has over the last few years continuously offered protection against cyber security threats to over a dozen blue chip firms in the Banking & Financial Services Sector. Most of the firm’s business is repeat business on an annual subscription model.

The firm wrote a small executable which can dig into viruses on hard disks and wanted a secure a code signing certificate in this connection.

The first code signing vendor said that they can only issue a certificate to a company incorporated with the Ministry of Company Affairs and thus rejected the application. Fortunately, no application fee has been paid and the matter ended there.

A second vendor was approached, an application was filed on a website and a fee of approximately US $ 200 paid. Then the nightmare started. The firm received a verification email seeking to know if it were a private limited company. It said that it was a proprietorship, with a GST and MSME registration, and even offered to show the Purchase Orders (POs) from clients in order to prove its legitimacy. However, the vendor was firm and said that it could only issue a certificate to a Private Limited firm. When a refund was sought, there was no reply.

The vendor then said that GST and MSME registrations were not acceptable and sought alternative verification. This involved securing a landline, a certification from the firm’s CA about its existence as a registered and genuine entity, CA’s certification of physical location at the same place as the landline, Aadhar card photocopy (front and back), and also a selfie with the front and back display of the Aadhar card. Further, the firm’s representative was required to be at the landline location to receive a call which proved to be a complication because of the lockdown. Finally, the CA himself had to go through a verification process.

This whole experience highlights the importance of a intervention by the Government of India in the area of code signing certification and a localisation of the same. Otherwise MNCs will end up controlling the process, with the power to even disregard official registrations issued by the Government of India.

Beware of Stalkerware That Has Eyes On All of Your Social Media!


Dear social media mongers, amidst all the talk about the Coronavirus and keeping your body’s health in check, your digital safety needs kicking up a notch too.

Because, pretty recently, security researchers discovered, what is being called as a “Stalkerware”, which stalks your activities over various social platforms like WhatsApp, Instagram, Gmail, Facebook, and others.

‘MonitorMinor’, per the sources, is definitely the most formidable one in its line.

Stalkerware are “monitoring software” or ‘Spyware’ that are employed either by people with serious trust issues or officials who need to spy for legitimate reasons.

Via this extremely creepy spyware kind, gathering information like the target’s ‘Geographical location’ and Messaging and call data is a cakewalk. Geo-fencing is another spent feature of it.

This particular stalkerware is hitting the headlines this hard because, MonitorMinor has the competence to spy on ‘Communication channels’, like most of our beloved messaging applications.

The discoverers of this stalkerware issued a report in which they mentioned that in a “clean” Android system, direct communication between applications is blocked by the “Sandbox” to kill the possibilities of the likes of this spyware gaining access to any social media platform’s data. This is because of the model called “Discretionary Access Control” (DAC).

Per sources, the author of the stalkerware in question manipulates the “SuperUser-type app” (SU utility) (if present) allowing them root-access to the system.

The presence of the SU utility makes all the difference for the worse. Because owing to it and its manipulation, MonitorMinor gains root access to the system.

The applications on the radar are BOTIM, Facebook, Gmail, Hangouts, Hike News & Content, Instagram, JusTalk, Kik, LINE, Skype, Snapchat, Viber, and Zalo-Video Call.

From lock patterns to passwords, MonitorMinor has the power to dig out files that exist in the system as ‘data’. And it obviously can use them to unlock devices. This happens to be the first stalkerware to be able to do so, mention sources.

Per reports, the procedure is such that the “persistence mechanism” as a result of the malware manipulates the root access. The stalkerware then reverts the system section to read/write from the initial read-only mode, copies itself on it, deletes itself from the user section, and conveniently goes back to read-only mode again.

Reports mention that even without the root access, MonitorMinor can do a consequential amount of harm to targets. It can control events in apps by manipulating the “Accessibility Services”. A “keylogger” is also effected via the API to permit forwarding of contents.
Unfortunately, victims can’t do much to eradicate the stalkerware form their systems, yet.

Other functions of the stalkerware include:
• Access to real-time videos from the device’s camera
• Access to the system log, contact lists, internal storage contents, browsing history of on Chrome, usage stats of particular apps
• Access to sound recordings from the device’s microphone
• Control over the device’s SMS commands.

The security researchers released a report by the contents of which, it was clear that the installation rate of it was the maximum in India, closely followed by Mexico and then Germany, Saudi Arabia, and the UK.

The researchers also per reports have reasons to believe that possibly the MonitorMinor might have been developed by an Indian because they allegedly found a ‘Gmail account with an Indian name’ in the body of MonitorMinor.