Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Indian Cyber Security. Show all posts

Vietnamese Hackers Target Indian Users with Fake WhatsApp E-Challan Messages

 

A highly technical Android malware campaign orchestrated by Vietnamese hackers is currently targeting Indian users via fake traffic e-challan messages on WhatsApp. Researchers from CloudSEK, a cybersecurity firm, have identified this malware as part of the Wromba family. So far, it has infected over 4,400 devices, resulting in fraudulent transactions amounting to more than ₹16 lakh by just one scam operator. 

Vikas Kundu, a threat researcher at CloudSEK, reported that these scammers send messages impersonating Parivahan Sewa or Karnataka Police, tricking recipients into downloading a malicious app. Once the link in the WhatsApp message is clicked, it leads to the download of a harmful APK disguised as a legitimate application. This malware then requests excessive permissions, including access to contacts, phone calls, SMS messages, and even the ability to become the default messaging app. By intercepting OTPs and other sensitive messages, the attackers can log into victims’ e-commerce accounts, purchase gift cards, and redeem them undetected. 

Kundu explained that once the app is installed, it extracts all contacts from the infected device, enabling the scam to propagate further. Additionally, all SMS messages are forwarded to the attackers, allowing them access to various e-commerce and financial apps. The attackers cleverly use proxy IPs to avoid detection and maintain a low transaction profile. The report indicates that the attackers have accessed 271 unique gift cards, conducting transactions worth ₹16,31,000. 

Gujarat has been identified as the most affected region, followed by Karnataka. To guard against such malware threats, CloudSEK advises users to stay vigilant and adopt security best practices. These include installing apps only from trusted sources like the Google Play Store, regularly reviewing and limiting app permissions, maintaining updated systems, and enabling alerts for banking and sensitive services. This campaign underscores the growing sophistication of cyber threats and the importance of robust cybersecurity measures. 

As cybercriminals continue to develop new methods to exploit vulnerabilities, it is crucial for users to remain cautious and proactive in protecting their personal and financial information. Collaboration between cybersecurity firms and users is essential to effectively combat these evolving threats and safeguard against future incidents. By staying informed and adopting best practices, users can significantly reduce their risk of falling victim to such malicious campaigns.

UGC Offers Cyber Security Program for UG&PG Students

 

The University Grants Commission (UGC) has released the undergraduate (UG) and postgraduate (PG) cyber security course syllabus as part of Cyber Jaagrookta Diwas 2022. UGC Chairman M. Jagadesh Kumar remarked.
 
Cybersecurity as a discipline needs to be included at the undergraduate and graduate levels in all streams, according to Professor M. Jagadesh Kumar. The curriculum of these courses seeks to develop aware, receptive, and responsible digital citizens, thereby enhancing a robust ecosystem and posture for cyber security.

Higher Education Institutions (HEIS) may invite qualified professors or industry professionals/subject matter experts to take the lectures, practicals, and tutorials for these courses at the UG and PG levels in the classroom.

According to the UGC's syllabus, undergraduate students should learn fundamental and intermediate concepts, while graduate students should study intermediate and advanced concepts.

UG Cyber Security Course
  • Cybersecurity Introduction
  • Law and Cybercrime
  • Overview and security of social media
  • Online shopping and digital payments
  • Cybersecurity tools, techniques, and protection for digital devices
PG Syllabus for Cybersecurity
  • Introduction to Cyber Security
  • Online Crimes
  • Data Privacy & Security under Cyber Law
  • Management, compliance, and governance of cybersecurity
Vice-chancellors, principals, faculty members, and students from HEIs around the nation attended the occasion.

Additionally, Deepak Virmani, Deputy Secretary, Indian Cyber Crime Coordination Centre (14C), Ministry of Home Affairs, gave a lecture on cybercrime prevention and the adoption of cyber hygiene. Among the subjects covered in the presentation were cyber hygiene, safeguarding digital personal funds, appropriate social media use, projected future cyberattacks, email security, mobile and internet security, and computer security.

Students will also be able to comprehend the cyber security threat landscape and have a greater grasp of numerous cyberattacks, cybercrimes, vulnerabilities, and cures after completing the degree program.

The purpose of the Syllabus is to produce more responsible, responsive, and aware digital citizens. The fundamentals of cyber security and the threat landscape should be taught to students. Technical training and expertise for implementing and maintaining cyber security measures will be given to students. Students will learn more about and be more familiar with different kinds of cyberattacks.

Universities and colleges will offer the courses as elective or optional courses. It will also feature exercises on how to set privacy preferences on social media sites, file complaints about social media sites, and create password policies for computers and mobile devices, among several other things.



Whistleblower Charged Twitter for Cybersecurity Misconduct

As per a whistleblower complaint submitted to U.S. officials, Twitter's former head of security claimed that the firm deceived regulators about its inadequate cybersecurity defenses and its recklessness in seeking to filter out fake accounts that promote misinformation. 

Peiter Zatko, who managed security at Twitter before his dismissal at the beginning of the year, filed the allegations with the Department of Justice, the Federal Trade Commission, and the Securities and Exchange Commission last month. A revised version of the complaint published online by the Washington Post was authenticated by the legal group Whistleblower Aid, which is collaborating with Zatko.

While alarming for anyone using Twitter, the revelation could be especially problematic for individuals who use it to engage with constituents, disseminate information in times of crisis, and political dissidents and activists targeted by hackers or their own governments.

Prateek Waghre, policy director at the Internet Freedom Foundation, a digital rights NGO in India, said, "We tend to look at these businesses as enormous, well-resourced institutions who know how to operate — but you realize that a lot of their actions are ad hoc and reactionary, driven by crises." In essence, chewing gum or cello tape are frequently used to hold them together.

One of Zatko's most severe allegations is that Twitter broke the terms of a 2011 FTC settlement by misrepresenting the extent of its security and privacy protections for its users.

The claims in the case about India, stating that Twitter intentionally permitted the Indian government to hire its agents, giving them direct unsupervised access to the company's servers and user data, are very concerning. It also mentioned a recent incident in which a former Twitter employee was found guilty of providing private user information to Saudi Arabian royal family members in exchange for bribery.

Allegations by whistelblower

Setback and disgrace may be the results of privacy and security breaches, as was the case earlier this year when the Indiana State Police account was hacked. 

A Saudi humanitarian relief worker was given a 20-year prison sentence in October 2021 as a result of what the kingdom claims were the operation of an anonymous, satirical Twitter account. The men accused of spying for the kingdom while employed at Twitter may be related to this case.

Bethany Al-Haidari has been worried about Twitter's user privacy safeguards for years as an advocate for dissidents and others held in Saudi Arabia. 

"According to what we learn about how social media is utilized globally," said Al-Haidari, "a representative of the American human rights organization The Freedom Initiative. It is quite disturbing to me, because hackers or governments may leverage the alleged cybersecurity flaws at Twitter to obtain users' identities, private conversations, or other sensitive information."

The Chinese-Australian artist and activist Badiucao expressed concern about the whistleblower's claims, adding that many users give their phone numbers and email addresses to Twitter. Badiucao frequently publishes artwork that opposes the Chinese Communist Party. He warned that once your personal information is exposed, it might be exploited to track you down. Badiucao claimed that he frequently gets propaganda and death threats from what appears to be a botnet or spam. 

Twitter claims that the whistleblower alleges a lack of context and offers a false narrative about the business and its privacy and data security protocols. Twitter stated in response that "security and privacy have always been, and will continue to be company-wide priorities."

Despite the disturbing nature of the whistleblower's allegations, security experts say there is no justification for individual users to deactivate their accounts. 

Professor of communications at Syracuse University Jennifer Grygiel, who closely monitors Twitter, was alarmed by yet another security breach. On their last day of work in 2017, a Twitter customer service representative briefly canceled then-President Donald Trump's account. Grygiel claimed that although the account was swiftly restored, the incident demonstrated Twitter's vulnerability of being used by governments, heads of state, and military branches.

However, the administration must balance that risk against how crucial Twitter has become for informing the public about emergencies. Real-time information on fires, the resulting road closures, injuries, and retweets from other agencies alerting the public to threats like flash floods are all available on the department's Twitter feed.

Imperva: Majority of Indian Organisations Don't Have a Strategy for Stopping Insider Threats Despite Growing Risk

 

New research from Forrester (commissioned by Imperva) has found that three-quarters (74%) of APAC organisations do not have an insider risk management strategy or policy. In India, it is 69%. 
 
This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher due to the rapid shift to remote work and ‘The Great Resignation’. The research backs this up, with insider threats being the cause of the majority (58%) of incidents that negatively impacted sensitive data in the last 12 months. 
 
Other key findings of the report include: 
 
· The majority of APAC respondents blame lack of budget (41%) and internal expertise (38%) 
 
· The main strategies being used to protect against insider threats are encryption (54%) and periodical manual monitoring/auditing of employee activity (44%) 
 
New research, commissioned by Imperva and conducted by Forrester, found that the majority (58%) of incidents that negatively impacted sensitive data in the last 12 months was caused by insider threats, and yet more than half (59%) of APAC organisations do not prioritise insider threats the way they prioritise external threats. 
 
“This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher,” says George Lee, Vice President, Asia Pacific and Japan, Imperva. “The rapid shift to remote working means many employees are now outside the typical security controls that organisations employ, making it harder to detect and prevent insider threats. 
 
“Further, ‘The Great Resignation’ is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, or it could be taken inadvertently when an employee leaves the organisation.” 
 
Why are organisations not prioritising insider threats? The majority of APAC respondents blame lack of budget (41%) and internal expertise (38%), but other problems abound. A third (33%) of firms do not perceive insiders as a substantial threat, and 24% say their organisational indifference to insider threats is due to internal blockers such as a lack of executive sponsorship. In fact, three-quarters (74%) of APAC organisations do not have an insider risk management strategy or policy, and 70% do not have a dedicated insider threat team. 
 
Previous analysis by Imperva into the biggest data breaches of the last five years found one quarter (24%) of these were caused by human error (defined as the accidental or malicious use of credentials for fraud, theft, ransom or data loss) or compromised credentials. 
 
APAC firms are prioritising external threats over insider threats, despite the fact that insider events occur more often, says Lee, “Insider threats are hard to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions like firewalls and intrusion detection systems. This lack of visibility is a significant risk to the security of an organisation's data. That is why leaders need to focus on the potential threats lurking within their own network.” 
 
The main strategies currently being used by APAC organisations to protect against insider threats and unauthorised usage of credentials are encryption (54%) and periodical manual monitoring/auditing of employee activity (44%). Many are also training employees to ensure they comply with data protection/data loss prevention policies (57%). Despite these efforts, breaches and other data security incidents are still occurring and more than half (55%) of respondents said that end users have devised ways to circumvent their data protection policies. 
 
“If your organisation hasn’t created a focused strategy to adequately address insider risk, this needs to be a priority for 2022. An effective insider threat detection system needs to be diverse, combining several tools to not only monitor insider behaviour, but also filter through the large number of alerts and eliminate false positives. Also, as protection of a companies’ intellectual property begins at the data layer, a comprehensive data protection plan must include a security tool that protects the data layer,” says Lee. 
 
According to Imperva, organisations looking to better protect against insider threats should take the following steps: 
 
● Gain stakeholder buy-in to invest in an insider risk program. Insider risk is a human problem, not a technology issue, and must be treated as such. It is also a risk that cuts across all parts of the business. Therefore it is important to get senior executives from across the company to endorse and support the insider risk program for it to be successful. Start at the top to gain buy-in and sponsorship, then engage with leaders from HR, Legal, IT, and other parts of the organisation. 
 
● Follow Zero Trust principles to address insider risk. Following a Zero Trust approach helps protect data and users while limiting the ability of insiders to use sensitive resources not required by their function. 
 
● Build a dedicated function to address insider risk. Since insider risk is a human problem and very sensitive in nature, it requires dedicated resources. These may be part of the security team or, better yet, a separate dedicated function. Either way, this team needs a specific mandate for insider risk and training to recognize and respond to insider threats. 
 
● Create processes for your insider risk program and follow them. The sensitivity of insider risk and its associated privacy concerns require that strict policies are implemented and followed. Treat every investigation as if it will end up in court and apply policies consistently. 
 
● Implement a comprehensive data security solution. A complete solution goes beyond DLP to include monitoring, advanced analytics, and automated response to prevent unauthorised, accidental, or malicious data access. The technologies you deploy should support the processes you’ve created and the mandate for your insider risk function. Your organisation will see cost savings and a reduction of risk from business impacting security events. 
 

Indian Copyright Office Asks for Executable File for Website Code?


India copyright office grants a series of rights to the developer of a computer program that protects his original creation legally. Under the Copyright Act, computer programming codes can be registered as ‘literary works’. As the program is safeguarded by copyrights, each subsequent modification or addition to the code containing sufficient originality will also be protected under the law. Generally, a computer program is preserved not by just one copyright but by a set of copyrights beginning from the first source code written till the last addition by the creator.

Although, source code and object code differ from each other, the copyright office views both of the code forms as equal for registration purposes – maintaining the notion that the source code and object code are just two distinct forms of the same copyrighted program.

Copyright ownership refers to a collection of rights that gives the creator an exclusive right to use the original creation like a song, literary work, movie, or software. It means that the original authors of works and the people/company to whom they have given authorization to are the only ones having exclusive right to reproduce the creation.

Recently, a company director applied for copyrights for his PHP and python program. However, to his surprise, the Indian copyright office started asking for an executable file. It’s a well-known fact that PHP code used in websites does not have an executable file, hence there was no possible way that the director could have provided the executable file for his PHP program. The question still remains how the officials at the Indian copyright office are not aware of the fact that there is no executable file for website code, moreover, why do they even require it in the first place?

In India, the Copyright Act, 1957 grants protection to the Intellectual Property Rights (IPR) of computer software. As per the definition in the Indian Copyright Act, Computer programs are classified as ‘literary works’. Accordingly, the rights of computer software are protected under the provisions of the Act.

Estonia started cooperation with India in the field of cybersecurity


The Estonian Information System Authority (RIA) signed a cyber security cooperation agreement with India last Wednesday.

In accordance with the new Agreement, the parties will provide security in the field of cyberspace with doubled efficiency.

The Ministry of Electronics and Information Technology of India agreed on the Agreement and Margus Noormaa, the Head of Estonian RIA (Information System Authority), endorsed it.

The contract involves the exchange of operational information, conducting special consultations, as well as providing extensive assistance to the parties and communication with experts and specialists in addressing the complex issues.

It is worth noting that on August 21, Vice-President of India Muppavarapu Venkaiah Naidu, who is visiting Estonia, met with the Head of the Estonian Government Juri Ratas.

"I am very pleased that the relations between Estonia and India have become closer in recent years. For example, interest in Estonia has been noticeably increased for both Indian students and start-up entrepreneurs," Juri Ratas said.

During a conversation with the Vice-President of India, the Estonian Prime Minister said that in recent decades Estonia has made a huge leap in economic development and has become a world leader in the field of e-state. Also, as Ratas noted, there are impressive achievements in the field of cybersecurity and blockchain technologies.

"We are happy to share our experience with India. Many local companies have already become excellent investment partners for us, and even wider cooperation in many areas of the economy can grow from this,” the Estonian Prime Minister said.

At the moment, Estonia is one of the most active countries in the field of IT-development.

So, this year the first summer school of cyber diplomacy begins in Tallinn for about 80 diplomats, scientists and experts from 26 countries of the world. The participants of the school will consider the law and norms in cyberspace, the role of cyber operations in modern conflicts and other relevant topics.

The total cost of creating the Cybersecurity Training Center exceeded 18 million Euros. NATO itself invested six million, and Estonia’s alliance partners donated two million.

However, the political scientist Vitaly Gaychonok said that this is crazy. According to the expert, it is extremely difficult to use the same laws in the cybersphere that are applied in real life.

Estonian authorities and the military are focusing on ensuring cybersecurity. In April this year, a Training Center on Cybersecurity was opened in Tallinn, where it is planned to train NATO specialists and conduct international cyber studies.

Cybercrime goes out of control in India



Phishing, data theft, identity theft, online lottery, cyber attacks, job frauds, banking frauds, cyberbullying, online blackmailing, morphing, revenge porn, cyber hacking, child pornography, cyber grooming, cyberstalking, data diddling, software piracy, online radicalisation — the dark web of cybercrimes is spreading across the world and India is one of the hotspots of this digital crime.

With increasing mobile coverage and cheaper data, more and more Indians now access the internet even while on the move. This has exposed unsuspecting ones to fall prey to online fraudsters. Many become victims of sexual exploitation after being made to share personal details while some others use the new media like WhatsApp to spread fake news to create trouble for political and other gains. There have been several lynching incidents in the country in the past couple of years after fake messages about child lifting and cow slaughter were spread through social media.

In spite of an alarming rise in cybercrime in the country, the most recent Government statistics available on this is from 2016. Cybercrimes touched 12,317 cases in 2016 which was an increase from 9,622 reported in 2014. The National Crimes Record Bureau is yet to release the statistics for 2017 and 2018.

The data available is just a tip of the iceberg and the numbers might be much more, says a senior government official. “Many even do not report loss of money or honour out of shame. Many cannot even tell their families that they have lost money in online frauds,” the official said.

Officials say the problem is that common people are not aware of the risks involved while dealing with the internet. Many are unaware, they say, and exercise no caution while using the net. They click unwanted links, unknowingly give the cyber fraudster their personal details and get cheated.

Security flaw in India Post server revealed by researcher

French security researcher Robert Baptiste who goes by Elliot Anderson on Twitter has been revealing cybersecurity flaws in the Indian scene for a while now. This time, he has reported a vulnerability on the India Post server that allows remote code execution.

Baptiste has in fact reported this flaw in place of an Indian researcher who chose to remain anonymous because of legal implications in face of Indian law.

The subdomain of India Post — digitization.indiapost.gov.in — was vulnerable to an Apache vulnerability i.e. CVE 2017-5638. It meant that the attacker would be able to run code on India Post server, as shown below:




The flaws led to exposed bank details of employees as well as databases of sensitive information. He posted several screenshots of the files he was able to access by exploiting the flaw.


He also revealed that he was not the first person to exploit these flaws and posted screenshots that show activity from almost a year ago on 14th April, 2017.


The vulnerability has since been fixed, leading to Elliot Anderson tweeting out the details of this recent hack.



Jharkhand Police launch Responsible Disclosure


Good News to Bug Hutners - Jharkhand Police's Cyber Defence Research Center(CDRC) launched a facility for Responsible disclosure. 

One of the major issues faced by Bug hunters after finding a vulnerability in a website is a safe method to disclose vulnerabilities.

Usually, Researchers get frustrated about the lack of action by the organization when they report a vulnerability.  Sometimes, Organization will horrify researchers with a legal notice on you and accuse you of all sorts of cyber crimes.

To make an end to these issues, the Jharkhand Police has launched a service where security researchers can submit their vulnerability finding.

CDRC will contact the organization on behalf of you and help them to correct the reported security flaw.

You can use this service for reporting vulnerability in websites of any Indian Ministry , public/private organization or Government department.

You can submit your vulnerability finding here:
http://cdrc.jhpolice.gov.in/responsible-disclosure-submission/

Researchers should really thank Jharkhand Police for creating such a wonderful service to help security researchers and organization.