Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Cyber attacks to get worse in 2017

(pc-Google Images)
Data breaches in 2016 were not unexpected as cyber security experts had already made predictions for a year full of cyber warfare. There were hacking of presidential candidates and security dangers posed by the Internet of Things, ransomware, complex malware being sold by cybercriminals to less sophisticated cybercriminals, data breaches in the health care industry and the explosion of "spear phishing" as a method of initiating cybercrimes.

Given this state, it’s no wonder that cybercrime is bad – and it’s going to get worse. During 2016 there were several indications of what might be more prevalent in 2017.

1. Savvy attackers will use their ability to hack information systems to cause long-term, reputational damage to individuals or groups through the erosion of trust in the data itself.

2. Growth of the business model in which criminal cyber geniuses use the Dark Web to sell and lease malware — ransomware, botnets and the tech support necessary to effectively perpetrate massive cybercrimes. — to less savvy cybercriminals.

3. Ransomware attacks will increase and evolve to include taking control of companies’ computer-operated systems.

4. Distributed Denial of Service (DDoS) attacks such as we saw in October that temporarily took down Amazon, Twitter, Netflix and others will increase, fueled by botnets of infected computers.

5. IoT devices will serve as a growing entry point for external attackers wanting to gain access to private networks. Potential targets include hospitals, manufacturing companies and any facilities security cameras or climate control systems.

6. Cybersecurity of cars and medical devices in particular will become major issues in 2017.
Read more »

Two states confirm alleged cyberattacks linked to DHS


Election agencies of two states have confirmed that the suspected cyber attacks were linked to U.S. Department of Homeland Security IP address as last month’s massive attack in Georgia.

The two states reporting the suspected cyberattacks were West Virginia and Kentucky.

West Virginia wrote in a letter, "This IP address did access our election night results on November 7, 2016." Kentucky responded the same IP address “did touch the KY (online voter registration) system on one occasion, 11/1/16.”

The 10 separate cyberattacks on its network over the past 10 months were traced back to DHS address. The most recent one was an attempt to look at the voter registration database.

On Friday (December 16), DHS said that the cyberattack was caused by an employee at the state's Federal Law Enforcement Training Center by copying-and-pasting some information from a state website onto an Excel sheet. Apparently, this person was doing a simple background check on new armed guards and wanted to make sure these people had the correct certification. That meant going to a Georgia state website to review the license numbers. This reportedly prompted a “medium-priority alert.” Excel sent out what’s known as an HTTP option command, a request for server information. DHS officials said Microsoft verified its conclusions.

The training centre regularly accesses that database to verify that potential employees are licensed.

Option commands are not rare; DHS claims its systems send out more than 4,200 every business day.

Last week, Georgia Secretary of State Brian Kemp sent a letter DHS head Jeh Johnson asking why the state’s systems had logged what he called an attempt to breach its network coming from a DHS internet address. Kemp said an attacker had tried to scan his systems.

DHS has yet to explain at least nine other suspected network scans linked to DHS IP addresses over the last year on or around important primary and presidential election dates.
Read more »

CBI files FIR against Paytm customers for cheating


In a rare case, popular digital wallet, Paytm has filed a complaint against its customers from Delhi for allegedly cheating the company to the tune of Rupees 615, 000 ($ 9, 064.78). India’s national investigation agency, Central Bureau of Investigation (CBI) had filed a first information report (FIR) regarding the case after Paytm’s legal Manager, M Sivakumar, claimed that the company made payments for defective products received by customers and arranged for pickup of the damaged product which was sent to the merchant.

It is rare for CBI to take up such cases unless they have been referred by the central government or directed to do so by the Supreme Court or a high court because it is mostly overburdened with work and short-staffed. However, the CBI can register cases under IT Act in the territory of Delhi even on complaints from and against private individuals. This has been happening since 2000.

The digital wallet company has claimed that nearly 48 of its customers have duped it but the CBI has registered cases only against 15 customers who are residents of Kalkaji, Govindpuri and Saket areas besides unknown officials of One97 Communications - parent company of Paytm. The cases have been registered under various sections of the Indian Penal Code (IPC) and the Information Technology (IT) Act.

It was found that these 48 customers had allegedly received “refunds” for products that had successfully been delivered to them. The process is done by a team of customer care executives who have been assigned specific IDs and passwords to handle such complaints from the customers and arrange refund and pick up.

The CBI confirmed that the complaints were received that customers had “illegally” appropriated money refunded to their bank accounts and wallets between 2015-16. The company alleged that most of these customers had taken deliveries of products at common or similar addresses.

As a matter of fact, wherein delivery of orders was successful and satisfactory to the customer, the refund should not happen.

“Paytm has identified about 48 fraudulent users in the physical goods marketplace business who were trying to game the company’s consumer-friendly practices. Paytm regularly monitors its marketplace business to identify any fraudulent or suspicious behaviour. This is a part of the company’s security practices to ensure that genuine users are able to continuously avail the benefits brought to it by Paytm marketplace. We have robust risk management practices and regularly report users who try to game the company’s fair usage policies,” said Paytm officials.

A CBI official said that the agency has investigated complaints from Paytm and private banks such as ICICI Bank in the past, too.

The $5 billion digital wallet company which got a big boost in transactions after demonetisation of Rs 500 and Rs 1,000 notes announced by Prime Minister Narendra Modi on November 08 claimed that the accused first got details of the internal working of the company and then executed their plans.
Read more »

Student to face trial for ‘abusing’ on Facebook

Do we have right to write and share anything on social media? Or there should be some kind of censorship? If there should be censorship, then what kind of censorship and who would ensure this?

An engineering college student in Bengaluru has been charged for writing an offensive comment against South Indians on his Facebook account. He moved to the Karnataka High Court to quash the case against him but the HC refuses the plea and said he has to face the trial. The court further added that the case was registered in lower court so it is for the lower court to decide whether his comments constitute an offense or not.

Pritish Kumar Patil, 22,  the accused is an engineering student from Maharashtra. The case if filed against him under  Section 505 of the IPC for “statements conducting to public mischief”. The complaint was filed by Sandeep Parswanath, president of the Samanya Kannadiga, a Kannada organization. The case is pending before the VIII Additional Chief Metropolitan Magistrate.

After a severe backlashing he was forced to retract his statements and apologize for the comments he made earlier this year. However, a police complaint against him has resulted in the case.

While, refusing  to quash the proceedings in the lower court, the HC in its order on December 6, said: “The content of the post which the petitioner (Patil) is said to have placed on his Facebook account, is the subject matter of the complaint by a Trust which is supposedly working for the betterment of the Kannada language. Therefore, the offense alleged could be made out with reference to the statement in the post and is to be tested at the trial. There is no warrant for quashing the proceedings.”

 The Facebook post was against a  BMTC bus conductor for conversing only in Kannada.  Following suggestions by local people, the post was altered to remove the offensive lines.

The fuel to this was added by one of his comments about ‘south Indians’ not learning Hindi and English but asking outsiders to learn their language.

After this, he was trolled and his personal information and address was widely shared online. To calm the situation he even issued an apology letter.

This is not the first time after a Facebook post someone is facing a legal action. In the past, there have been many cases in which accused even faced a jail term.

Read more »

Obama on Russia hacking US election: 'We Need To Take Action. And We Will'

Recently US intelligence agencies confirmed that Russia hacked the US Presidential election and helped Donald Trump in winning the election. Russia attacked the democracy of the US, everyone wonder will the US retaliate for this when they have pro-Russian President in the elect.

 But Barack Obama has some other plans. In an interview with National Public Radio that will be aired today,  he warned Russia that the US will retaliate for its cyberattacks  during the presidential election.

The US president said he was waiting for a final report he has ordered into a range of Russian hacking attacks, but promised there would be a response.

"I think there is no doubt that when any foreign government tries to impact the integrity of our elections ... we need to take action. And we will — at a time and place of our own choosing. Some of it may be explicit and publicized; some of it may not be."

Last week only, The CIA has judged that the Russians were behind all the cyber attacks, including the hacking of emails from the Democratic National Committee, and their main aim was to influence the election in Donald Trump’s favor. However, the FBI has not concluded anything yet but they also gave hint that it was intended to favor the Republican contender.

Senators from both parties have called for a congressional inquiry, while Trump has rejected the reports.

The president-elect weighed in on Twitter to ask: “If Russia, or some other entity, was hacking, why did the White House wait so long to act? Why did they only complain after Hillary lost?”

Obama said that he won't say anything against Moscow till he gets a final report about the incidence but he said the impact of the intervention was clear. He said, “does not in any way, I think, detract from the basic point that everyone during the election perceived accurately – that in fact what the Russian hack had done was create more problems for the Clinton campaign than it had for the Trump campaign”.

He added: “There’s no doubt that it contributed to an atmosphere in which the only focus for weeks at a time, months at a time were Hillary’s emails, the Clinton Foundation, political gossip surrounding the DNC.”

“Elections can always turn out differently,” he said. “You never know which factors are going to make a difference. But I have no doubt that it had some impact, just based on the coverage.”

President Obama would hold a press conference in Washington on Friday at 2.15pm ET (7.15pm GMT) before leaving for his last annual family vacation in Hawaii as President.

Read more »

Microsoft update knocks Windows 8 and 10 users offline


Just in time for Christmas, Microsoft pushed an update last week for Windows 8 and 10 that broke the Dynamic Host Configuration Protocol (DHCP) and knocked user offline until they rebooted their systems.

The network connectivity of several European users was broken after a cumulative update KB 3201845, which was released on December 09. It’s not clear if the problem was isolated to Europe or not but Microsoft is displaying a global banner that declares all users with Internet connectivity problems should restart (not shutdown) their hardware.

Virgin Media and Proximus are the latest to confirm the reports on broken DHCP.

DHCP is the protocol that distributes network configuration data to all the relevant devices on the network and handles automatically assigning IP addresses, for example. You don’t need a DHCP server to access the Internet, but most home networks are configured to expect one, and the average user probably isn’t comfortable with the process of mapping out static IPs to each device on the network.

Users who statically assigned their LAN addresses were saved from the knockout but rest others had to either reboot or manually assigned their IP/gateway/DNS servers etc.

Essentially, the PCs cannot automatically pick up their LAN-side IP address, router address and DNS settings from their broadband routers, causing them to drop off the internet and disappear from other devices on their network.

Microsoft do seem to be aware of it and so they’ll probably rush out a hotfix for this but even if they do, the question is how people who are not able to connect to the internet supposed to get it?

The problem can be solved with a simple “ipconfig /release” command, followed by “ipconfig /renew” but some users are also reporting that this fix is insufficient, and a separate set of commands are also needed, specifically: “netsh int ip reset” followed by “ipconfig /flushdns”.

If you configure your box to use static addresses, you should be okay, or you can run the following the commands to reset the operating system's networking components:

“netsh winsock reset catalog
netsh int ipv4 reset reset.log”

Soon a permanent fix should be out by Microsoft.
Read more »

Armed forces software flaws gets patched


Three of the 31 SAP flaws in armed forces and cops software were fixed on Tuesday (December 13) in the ERP giant’s technology for Defense Forces & Public Security.

SAP's Defense Forces and Public Security which is designed for armed forces, police, and aid organisations and SAP Mobile Defense and Security components are susceptible to missing authorisation check vulnerability which can allow an attacker to read, modify or delete data which is not usually critical but it’s important because it comes from armed forces.

SAP for Defense Forces & Public Security uses ERP technology which offers functions such as mapping organisational structures and material and personnel resource planning, accounting and funds management, materials management among others.

Other significant patches in SAP’s December batch include a fix for a directory traversal in flaw SAP User admin Application and a patch for a potential remote code execution bug in SAP business intelligence platform.

SAP released 315 patches throughout 2016, slightly less than in 2015. Cross-site scripting (XSS) remains the most common vulnerability type.
Read more »

Popcorn Time Ransomware Gives Free Decryption Key

(pc-Google Images)
Researchers have discovered a new Popcorn Time Malware which offers free encryption to the victim if he infects two other people using the referral link facilitated by the ransomware.

Spotted by MalwareHunterTeam, Popcorn Time securely encrypts the data on your computer while displaying a fake installation screen, and asks $770 for ransom money. But before you become too helpless and finally decide to give money to the hackers to get the encryption key, it put up condition to allow free encryption for you.

To facilitate this, the Popcorn Time ransom note will contain a URL that points to a file located on the ransomware's TOR server. At this point, the server is down, so it is unsure how this file will appear or be disguised in order to trick people to install it.

Popcorn Time ransomware, currently in development, encrypts files present on the Desktop, My Pictures, My Music, My Documents. It targets every possible file extension you could think. The extension .filock is added to every encrypted file, for instance, myfile.txt becomes myfile.txt.filock after the encryption. After it finishes encryption, it creates two files (restore_your_files.html and restore_your_files.txt) containing the ransom note. It then displays the ransom message automatically.

You can make hit and trial attempts for the encryption key. If you enter the wrong key four times, all of your data will be deleted.
Read more »

Cyber-deterrence to curb cyber-attacks?


Rising cyber attacks across the globe have been a menace and threatening to targets. From 2005 to 2015, federal agencies reported a 1,300 percent jump in cyber security incidents. Recently, Russia was accused of interfering and manipulating the whole US election results by hacking into Democratic Party computers. Then in October several high-profile websites were knocked offline when thousands of internet-connected devices, such as digital video recorders and cameras were compromised by Mirai malware.

It’s high time we think of better ways for addressing these threats. Amid this, the idea of cyber-deterrence has started emerging. Deterrence has long been effective to counter the threat of nuclear weapons, so can it even work against cyber weapons?

Deterrence focuses on making potential adversaries think twice about attacking; firstly, by making them consider the cost of their act and the consequence of counterattack and second is punishment by making sure the adversaries know there will be a strong response that might inflict more harm than they are willing to bear.

Unlike nuclear weapons which are there only in a few countries and only significant resources need to invest in them, cyber weapons can be quickly developed by individuals or small groups and they can be easily replicated and distributed across networks. Cyber weapons are often deployed under a cloak of anonymity, making it difficult to figure out who is really responsible and it also leaves a broad range of effects, most of which is disruptive and costly, but not catastrophic.

However, this does not imply that cyber deterrence cannot work.

There are three things we can do to strengthen cyber deterrence: Improve cybersecurity, employ active defences and establish international norms for cyberspace. The first two of these measures will significantly improve our cyber defences so that even if an attack is not deterred, it will not succeed.

Improving cyber security

If the protection is geared up, the attack will be stopped before the hackers can achieve their goal. For this, login security should be beefed up, data and communications need to be encrypted, viruses and malware need to be fought and software should be regularly updated to patch any weakness found.

A more pressing protection issue today is the shipping and selling of cheap Internet-of-Things devices which lead to many attacks. While some companies like Microsoft, heavily invest in product security, may others do not do so.

Cybersecurity expert, Bruce Schneier advises that regulation should be imposed on manufacturers to put in basic security standards in devices, failing which they should be held liable when they are products are used in attacks.

Employ active defences

Action against attackers can be taken by monitoring, identifying and countering adverse cyberattacks. These active cyber defences are similar to air defence systems. Network monitors that watch for and block hostile packets are one example, as are honeypots that attract or deflect adversary packets into safe areas. There, they do not harm the targeted network, and can even be studied to reveal attackers’ techniques.

Another set of active defences involves collecting, analysing and sharing information about potential threats so that network operators can respond to the latest developments and if any malware is found, they could disconnect the devices from the network and alert the devices’ owners to the danger.

An active cyber defence can often unmask the people behind them, leading to punishment. Nongovernment attackers can be shut down, arrested and prosecuted; countries conducting or supporting cyber warfare can be sanctioned by the international community.

Establish international norms

International norms for cyberspace can aid deterrence if national governments believe they would be named and shamed within the international community for conducting a cyber attack.

It’s difficult to completely get rid of cyberspace but at least the attacks can be minimised to a certain level if strong security, cyber defences and international cyber norms are actively used.
Read more »

One billion affected by Yahoo hack in 2013 alone

Yahoo has confirmed that more than one billion user accounts were hacked in 2013. Yes, you read it right, more than one million, and 2013 hack is separate from 2014 hack in which nearly 500 million accounts were breached.

The company said that there was no breach of bank account details or any payment data, some personal data has been breached like names, phone numbers, passwords and email addresses.

Yahoo which was taken over by Verizon said it was working closely with the police and authorities.
 In a statement the company said, "believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts."

The breach "is likely distinct from the incident the company disclosed on September 22, 2016".
Account users were advised to change their passwords and security questions.

The BBC interviewed  Cybersecurity expert Troy Hunt, "This would be far and away the largest data breach we've ever seen. In fact, the 500 million they reported a few months ago would have been, and to see that number now double is unprecedented.

"Yahoo hasn't attributed the attack to any state-sponsored activity as they did with the previous incident. They've referred to the tampering of cookies, though, which gives us some useful insight into where the vulnerability may have existed in their system."

Read more »

Cyber attacks on rise in Japan


An international hacking group by the name of Anonymous has been actively increasing cyber-attacks in Japan since September.

Last autumn, a number of government websites and other sites came under attack. However, the recent attacks are different from sophisticated cyber-attacks that aim to steal information. Experts have been advising people to calmly take necessary steps in advance.

On the night of September 13, the website of the Hiroshima National Peace Memorial Hall for the Atomic Bomb Victims became inaccessible. Shortly, the hacker group took the responsibility of the attack and posted that the distributed denial of service (DDoS) attacks was launched to protest dolphin hunting.

An official at the memorial hall said in bewilderment, "We have nothing to do with dolphin hunting."

A series of anonymous attacks are believed to have started around 2013 by the name of Operation Killing Bay to protest against Japan's whale hunting and the annual dolphin hunts in Taiji, Wakayama Prefecture. Last year, DDoS attacks made their entry into government websites and infrastructure operators like airports where the websites remained unavailable by sending a huge amount of data to the server.

Police have confirmed that no cyber-attack related website problem was reported from May to August but 29 incidents were confirmed in September, followed by 26 in October. From November 01 to November 27, there were 53 cases, bringing the total from September to November 27 to 108. In December alone, these incidents rose to 56.

"Their aim is not to make websites unavailable, but to promote their presence," said Nobuhiro Tsuji, senior security researcher at SoftBank Technology Corp.

When Anonymous started around 2006, it advocated the establishment of the freedom of the internet and made political appeals through legally permitted activities such as street demonstrations. Currently, however, Anonymous tends to carry out cyber-attacks with the aid of unknown individuals who respond to invitations on Twitter and other websites. Participants are increasingly committing cyber-attacks for fun.

Though the main DDoS attack cannot be defended but measures have recently been developed to mitigate damage.

Some observers point out that such cyber-attack could increase ahead of the 2020 Tokyo Olympics and Paralympics.

It is advisable that companies and individuals remain calm and if attacked, they should respond thoughtfully without overreacting
Read more »
Subscribe to: Comments (Atom)