RSA’s data shows India rising from no 10 to no 3 in a year in its list of top targeted countries for phishing
The drive for digital India has made the doors more open for cyber attacks for India. As per the reports of global digital security solutions provider RSA, India’s position rose from no 10 to no 3 this year in the list of top 10 targeted countries for phishing attacks. Daniel Cohen, director product, fraud and risk intelligence, RSA told that, “The growing trend of going digital in India has made the country very attractive for phishing.” He also added that 26% percent of fraud attacks in India is contributed by phishing and majority among them is being done by another type of attack named rogue apps.
A rogue app is either a replica of a legitimate app of mobile banking application or a malicious app posing as a game or a harmless app. The main aim of these apps is to attain user information and accounted for 43% of the total attacks in India. The best way of staying away from such apps involves downloading of apps from a trusted source like google play rather than an unauthorized app store (apk files).
Alert over two new malware linked to Hidden Cobra by FBI, DHS and US-Cert
The US-CERT, DHS and FBI have jointly raised a technical alert about two newly identified malware being used by the prolific north Korean APT hacking group Hidden Cobra, who was associated with the WannaCry ransomware last year, the 2014 Sony pictures hack and the SWIFT bank attack of 2016.
Joanap- a remote access Trojan, is a two stage malware that establishes peer to peer communication, managing botnets designed to enable other malicious operations. The malware typically infects the system through a file which the user downloads when they visit websites compromised by Hidden Cobra Actors or through malicious email attachments. Brambul is a brute force authentication worm that abuses the server message block protocol in order to spread itself to other systems. The alert says, “When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets, If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.”
These two new pieces of malware as per the alert has been used by Hidden Cobra group at least since 2009 for targeting organizations working in media, aerospace, financial and critical infrastructure sectors across the world.
The launch of Europe’s First All-Female Cyber Security Conference
With the huge appraisal in the conferences worldwide starting from RSA to CES Technology Conference, availability of female speakers has become a daunting issue for the industry. On questioning the organizers, the regular answer received was that there are not many women in the cybersecurity space. BAE systems threat intelligence analysts Kirsten Ward and Saher Naumaan state the opposite.
The two analysts have come up with an all women speaker line-up cybersecurity conference, the first of its kind in Europe. The pair had noticed this lack of diversity in the industry resulting in a less than welcoming environment they said and so they have named the event RESET to reset the balance in the industry. “We are debunking the myth that there aren’t enough women experts out there,” says Naumaan. “These experts exist in abundance, more than enough for a full-day conference line-up. The goal is to normalise the idea of women speakers in these contexts: it shouldn’t be a one-off, but rather an institutionalized change that reflects the expertise out there.”
Privacy leaks hits Honda and UMG
This week researchers revealed that sensitive log-in information and customer data were exposed to the public internet due to poor IT infrastructure of both Honda and Universal Music Group (UMG). The leaked info included details like names, phone numbers for users and trusted contacts, passwords, email addresses for users and in case of Honda information about their cars including VIN, Connect IDs and more.
Honda left two of its Amazon AWS S3 buckets containing personal information on 50,000 Honda Connect App users exposed whereas the music giant UMG left two instances of its Apache Airflow Server completely unprotected. It easily exposed UMG’s FTP and AWS configuration details.
Both the companies apparently acted proactively to resolve the issue on being updated about the same.
Cybersecurity diligence in Healthcare M&A creating problems
According to a recent report by West Monroe Partners on Reshaping Healthcare M&A: How competition and technology are changing the game, it has been reported that cybersecurity issues are not coming to light until after the deal is done. It was found that 49% market practitioners were unhappy with the compliance and cybersecurity in their healthcare deals, more than half (58%) of buyers learned of the issues after the deal completed.
Brad Haller, director in West Monroe Partners M&A practice told, “One reason those issues aren’t discovered prior to closing the deal is that most targets don’t allow sufficient access to discover cyber issues.” “Couple that with the incredibly tight turnaround requests for diligence – which is a result of the market conditions – and acquirers are basically unable to perform the right level of rigor to the diligence process. Attackers are also getting more sophisticated and evolving quicker than ever, so the tools used in yesterday’s diligence process might not work for the diligence today,” Haller added. He also told that sometimes the organizations are not able to choose the right cybersecurity diligence partners for them and sometimes the partners disappoint by not providing creative enough solutions to the cyber problems discovered.
Businessman Loses Rs 58 lakh as His Emails Get Hacked
Shivkumar Nyati, an Ahmedabad based businessman was in news when he reported that the hackers duped him of Rs 58.78 Lakhs.
A resident of Shahibaug, Ahmedabad, Shivkumar had to make a payment in dollars, through a bank transfer to Zuber Husain, his Bangladesh-based supplier. The online fraudsters who had hacked his and his supplier’s email accounts asked him to send the payment to a bank account based in Spain.
When the supplier called him back and asked as to when he will make the payment, he realized that the company had never received the money. But Shivkumar had gotten an email acknowledging the payment. Upon showing the transaction details to Hussain, he was told that these were not the details that were shared with him. Both of them then realized that contents of the emails were changed by a someone. Upon backtracking, they found out that the payment was made to an account in Barcelona.
Meanwhile, Shivkumar has filed a case with the cyber cell
A New Cyber Crime is on the Rise – SIM Swap Fraud
Authorities in Kolkata have a new headache to deal with, SIM-swap fraud. “Fraudsters pretend to upgrade SIM cards and gain access to any transactions that you conduct through your phone,” explained an officer. “The caller claims to be a customer care representative of the service provider and informs the victim that the SIM could easily be upgraded from 3G to 4G. Additionally, he offers to link the Aadhaar number with the mobile phone. As the victim comes to an agreement with the offer, the fraudster tells him to check his messages. He is told he would get a text to which he must reply by pressing ‘1’. After this call, the victim’s number is shut down. He remains unaware of the fraud till he sees his bank account statements,” he said.
However, SIM swapping is usually the second phase of a fraud attack. At first, the criminals send a phishing email to get the intended victim’s banking details. These details can also be filched using trojans or malware. They work towards getting the victim’s personal information and may even go as far as stealing identity and generating fraudulent ID documents. In order to use all of this, they need access to the person’s mobile messages, hence the SIM is swapped.
“The scamsters are making the customer apply for a new SIM card and the customer unknowingly accepts the request. The numbers being used to commit the fraud are registered mostly in Bihar and Jharkhand” said an officer. We have come across a few cases where the SIM has been changed, but no financial frauds have been carried out yet. We are investigating these cases as well,” he said.
Qatar to Host MSC Cyber Security Summit in 2019
Qatar will host the Munich Security Conference (MSC) Cyber Security Summit in 2019, which will bring together cyber experts and decision-makers to discuss the most pressing issues. The summit will be hosted in partnership with the Munich Security Conference and Qatar’s National Cyber Security Committee (NCSC), established in 2013 and chaired by HE the Prime Minister and Minister of Interior.
HE Minister of Transport and Communications Jassim bin Saif Al Sulaiti, Chairman of the Qatar’s National Cyber Security Committee (NCSC) said: “This Summit will bring together cyber experts and decision-makers to discuss the most pressing issues in what is an ungoverned space in foreign and security policy. As Qatar found after its state media was hacked last year, hostile acts by foreign governments can now be perpetrated beyond the rule of law from behind a computer screen. It’s important for the international community to find solutions so that these actions can be punished and prevented in the future.”
The summit in Doha will include a full-day programme of panel discussions that question the fundamental norms of foreign policy and the growing significance of cybersecurity in the Middle East.
The summit will bring together participants from government, business, academia, international institutions and the military to raise awareness about online security issues and the ramifications and the impact on international governance.
Beware of Cybersecurity Risks Ahead of the World Cup, Warn Experts
The FIFA World Cup is set to start in less than 2 weeks, and as has become standard ahead of major sporting events, security experts are warning that hackers and other malicious actors are likely to target multiple digital aspects of the event.
Where the World Cup is being held is also multiplying the cybersecurity fears. “Given that this year’s World Cup is in Russia, anyone in attendance will be doubly concerned about their cyber posture,” David Ginsburg, vice president of marketing at Cavirin Systems Inc., told SiliconANGLE.
Ginsburg also warned that the organizers must lock down critical networks “based on a zero-trust approach, since the question will not be ‘Has the network been infiltrated?’ but ‘The hackers are here. How do we limit the damage? Cyberattack planning must be on-par with any other form of terrorist attack.” Not only are those at the event likely to be targeted, so are the billions of fans watching around the globe.
“The World Cup is the global sporting event which brings a fantastic opportunity for cybercriminals intent on securing a quick payday,” explained Steve Durbin, managing director of the Information Security Forum Ltd. “Email infection, fake betting websites and traditional phishing attacks are all expected to have their day in the sun this summer.”
Nathan Wenzler, chief security strategist at AsTech Inc., added that with the World Cup, fans should “avoid emailed requests to participate in polls, surveys and contests related to the event, unless you know that you personally signed up to be a part of such things from a known and reputable site.”
Unsolicited appeals to sign up and provide information, he said, may be efforts to steal your personal information. “Likewise, never click on links or attachments in emails,” he advised “If you’re involved in a tournament bracket, enter the site into your browser directly. Phishing emails may eventually forward you on to the right site, but they can simply take over the session to direct you to other sites that download ransomware or malware to your system before they forward you along.”
Ajay Menendez, executive director of the HUNT Analyst Program at SecureSet Academy LLC, also warned that while “antivirus and antimalware vendors are doing their best to come up with ways to keep ahead of the curve when it comes to malicious code… much like the games during the World Cup, it can be a cat-and-mouse game with neither side leading for very long.”
Siemens to Open Global Cyber Security Centre of Excellence in Fredericton, Canada
Cybersecurity is one of the most significant business risks and opportunities for our society and economy. Yesterday in Ontario, Siemens Canada President CEO Faisal Kazi and Opportunities NB CEO, Stephen Lund, announced Siemens decision to locate its global centre for cybersecurity in Fredericton, New Brunswick, Canada
Siemens CEO Joe Kaeser confirmed that German industrial manufacturer will soon open a global cybersecurity centre of excellence in Fredericton, to help button up the company’s critical infrastructure products. These range from automation systems for factories, gas turbines for power stations, to road and rail traffic management systems.
In its first phase, which goes to 2020, the center will have 30 people working on software development, cyber analysis and consulting. Another 30 could be hired after that. The center will be housed in Fredericton’s Knowledge Park, a 26-acre campus. “New Brunswick’s cybersecurity ecosystem is an exciting space to be coming into, and Siemens has known since we originally located here that the province is well-known for its innovative spirit and research capacity,” said Faisal Kazi
The private sector plays a key role in cybersecurity as well as government, Kaeser said. “People estimate that the annual damage that’s caused by cybersecurity issues could be $750 billion … At the end of the day, practically every cybersecurity attack of relevance is attacking the physical world … Think about if infrastructure is being attacked by the grid, by cars … That’s why I believe we are well advised to find a way and an answer on how to deal with this.”
The goal for the next two years is to fully operationalize the Centre to meet the cybersecurity needs of the Canadian customers. Beyond that, the aspiration for the Centre is to support Siemens’ global efforts to strengthen the cybersecurity of industrial operations worldwide.