Payment system, network security under RBI radar
Following an increase in cyber attacks, the RBI earlier this year decided to expand the scope of its cyber audits to all banks against just 30 last year. The payment system, network security under RBI radar The Reserve Bank of India has again flagged cyber risks faced by banks and said it would continue to do surprise drills and inspections to ensure that they have systems in place to deal with any threats to payment systems and network security. In 2015-16, as many as 16,468 cases related to cyber fraud were reported, including debit card, credit card and net banking breaches. Internet banking frauds were the highest in the fiscal year 2015 when banks lost ₹25 crore in 203 fraudulent cases. RBI has been performing focused IT examinations of the banks to evaluate their cyber risk management systems and procedures,” the regulator said in its latest edition of the financial stability report. The central bank is also conducting cyber drills periodically to assess banks’ preparedness and response capabilities to a potential cyber-attack. “While the assessment is factored in the overall risk profile of a bank under risk-based supervision, certain specific areas like payment systems and network security are proposed to be subjected to more intensive scrutiny during the year. According to a recent statement by the finance ministry in Lok Sabha, banks lost ₹16,789 crore on account of frauds in the last fiscal year. Cyber-attacks entail a reputational risk for banks, as they undermine customer confidence. In 2016, 50,362 incidents related to cybersecurity were reported while the number was 49,455 in 2015 and 44,679 in 2014.
No skimmer found in Kalkaji ATM, cops look for malware
A similar malware attack took place last year on a transaction platform, resulting in the theft of almost 32 lakh debit card data from multiple banks in India. The quick succession in which the transactions happened from their cards initially pointed towards the use of a skimmer machine, which is used to clone ATM cards. In October 2016, foreign hackers had stolen card data from multiple financial platforms using malware. Users had lost their debit card data to hackers after using the compromised ATM machines. The police are now suspecting a bigger plot with the potential use of a malware software that might have stolen the victims’ debit card details. The bug was apparently introduced in the payment service of a private company that was providing payment platforms to multiple banks. The ATM kiosk of a private bank, located near the DDA flats in Kalkaji, came into the spotlight after around a dozen people, who had withdrawn cash from the machine, found their accounts empty, with transactions being reported from Mumbai. They are also talking to bank officials to figure out possible security loopholes that may have led to the breach. Police officers said that they had contacted bank officials and notified them about the investigations so far. Cops are scrutinising the security system along with bank officials.
SplashData reveals the worst passwords of 2017 and they’re still astonishingly terrible
SplashData has unveiled the 100 worst passwords of the year and found that they are still just as terrible as last year – Representational image Reuters Password management provider SplashData has revealed the worst passwords of 2017 and found that they are still ridiculously bad and lazy. After trawling through the more than five million passwords that have leaked over the past year, mostly in North America and Western Europe, the California-based company said any one of the passwords included in its list of 100 worst passwords of the year would put users at “grave risk” of identity theft. According to SplashData, an estimated 10% of internet users have used at least one of the 25 worst passwords on this year’s list. Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” Morgan Slain, CEO of SplashData, said. Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online. For the fourth year in a row, “123456” took the top spot as the worst password of the year followed by “password. Many people also resort to using familiar words and phrases such as their family or spouse’s name, date of birth or even their favourite movie. Check out the complete list of top 100 worst passwords of 2017 on SplashData’s website. With fervent anticipation and excitement surrounding the recent premiere of Star Wars: The Last Jedi, SplashData said even “star wars” managed to make it to its annual list. Security experts have also long warned users against the seemingly benign but dangerous habit of using the same easy password across various platforms and websites.
Cryptocurrency ‘arms race’ is brewing with return of browser-based crypto mining, new malware attacks
EtherDelta hack: Cryptocurrency exchange hijacked by hackers, over $200,000 worth of Ethereum stolen
Another day, another crypto hack and this time the popular cryptocurrency exchange EtherDelta was hit by hackers. The hack closely follows the attack against South Korean cryptocurrency exchange YouBit, which was forced to shut down and file for bankruptcy, after being hit by hackers for the second time in eight months. The hackers were able to spoof EtherDelta’s site, which redirected customers to a fake phishing site. EtherDelta later confirmed that hackers had hijacked its site’s DNS server. HackRead reported that the hackers managed to steal at least 308ETH tokens, which at the time of writing amounted to a nearly $240,000. Those who unknowingly visited the phishing site inadvertently sent their tokens to the attackers. Although the site is back up now, it appears the hackers that mounted the attack were successful in making away with over $200,000 worth of Ethereum. We are investigating this issue right now – in the meantime please *DO NOT* use the current site,” the firm wrote in the post. On Wednesday (20 December), the firm tweeted a warning to its customers, requesting them not to use the site as they believed it was compromised by hackers. EtherDelta however, is yet to either confirm or deny whether hackers were able to successfully steal customers’ funds.
New malware is infecting Facebook Messenger users to secretly mine Monero
A new self-propagating malware, dubbed Digmine, that secretly mines the popular cryptocurrency an alternative to Bitcoin, Monero, has been found infecting Facebook Messenger users across the globe. The malicious Chrome extension that the malware installs onto victims’ PCs allows it access to victims’ Facebook accounts and can send private messages to all their contacts, thereby spreading itself. The researchers added that Facebook immediately removed all links to Digmine after the cybersecurity company alerted the tech giant about the malware. We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” Facebook said in a statement. zip”, and installs a Monero miner as well as a malicious Chrome extension, which helps Digmine spread to other victims. Researchers say the Monero mining malware only affects Facebook Messenger’s desktop Chrome application. Although security experts first spotted the malware targeting users in South Korea, it has since spread to other countries as well. Security experts at Trend Micro, who discovered the malware, fear that given its current propagation, Digmine could also soon reach other countries. However, Bleeping Computer reported that the hackers behind Digmine could tweak the malware’s current distribution links and restart the campaign. So far, the malware has infected victims in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand and Venezuela.
Satori botnet: Hacker ‘Nexus Zeta’ found exploiting a Huawei zero-day flaw to spread Mirai variant
A hacker going by the pseudonym Nexus Zeta was found exploiting a zero-day vulnerability in a Huawei home router model, to spread a variant of the notorious Mirai botnet called Satori. Although the researchers first speculated the attackers leveraging the Huawei zero-day were a sophisticated cyber gang or an experience state-sponsored hacker group, they were later surprised to discover that one lone hacker was behind the attacks. At the same time that the zero-day attacks were being perpetrated, the hacker wrote a peculiar post on HackForums that read: “Hello, I’m looking for someone to help me compile the Mirai botnet, I heard all you have to do is compile it and you have access to 1 terabit per second so please help me set up a Mirai tel-net botnet. Researchers found that Nexus Zeta has been a HackForums member since 2015, although he is not a very active member of the forum. Security researchers at Check Point said that they observed hundreds of thousands of attempts to exploit the vulnerability in November. We arrived at our main suspect; a threat actor under the nickname ‘Nexus Zeta’, who was found thanks to the email address used to register a C&C domain belonging to the botnet – nexusiotsolutions. Security experts said that they detected a barrage of attacks exploiting the zero-day flaw, with the U. Nonetheless, as seen in this case as well as others over the past year, it is clear that a combination of leaked malware code together with exploitable and poor IoT security, when used by unskilled hackers, can lead to disastrous results. However, researchers were unable to determine whether this was, in fact, Nexus Zeta’s real name. Researchers also found that the hacker is somewhat active on Twitter and GitHub, both of which “serve his IoT botnet projects”.
Americans’ biometric data feared at risk of being hacked
The FBI reportedly purchased biometric data from a French firm, which contains code created by a Russian company with close ties to the Kremlin YURI GRIPAS/AFP/Getty Images Millions of American citizens’ biometric data may be at risk of being hacked as biometric software that is currently being used by the FBI, the Transportation Security Administration (TSA) and over 18,000 other US law enforcement agencies reportedly contains an algorithm that was created by a Russian firm with close ties to the Kremlin. According to Buzzfeed, the connection raises concerns about Russian hackers possibly gaining backdoor access to the FBI and to sensitive biometric data of millions of Americans, which could be compromising to national security. According to a report by Buzzfeed, the Russian code was secretly purchased by a French company called Sagem Sécurité — later renamed Morpho, which supplied the FBI the biometric software without disclosing that the code was originally created by a Russian company called Papillon. The report comes amid escalating tensions between Russia and the US, following a year full of disclosures about Russia’s extensive and exhaustive attempts to hack numerous targets in the country. The fact that there were connections to the FSB would make me nervous to use this software,” Tim Evans, former director of operational policy for the National Security Agency’s elite hacking unit known as Tailored Access Operations (TAO), told Buzzfeed. According to a 2008 contract reviewed by Buzzfeed, the code Papillon sold to Morpho does not contain any backdoor or malware-like capabilities that could allow unauthorised access to gather, erase or otherwise compromise the software, data or the hardware. The Russian firm reportedly boasted in its marketing materials of having worked with various Kremlin agencies, including the Federal Security Service.
Israel considering issuing digital shekel to tackle tax evasion
Israel’s central bank is reportedly considering issuing its own cryptocurrency in order to create a faster, cashless payment system and tackle tax evasion. However, unlike these currencies, Israel’s proposed digital tender using blockchain technology would be centralised and follow all major regulations designed to tackle illicit financial activities. An anonymous official from the Bank of Israel told Reuters that the government was ready to include the digital currency in its 2019 budget if it gets the government’s approval. Over the past few years, the cryptocurrency market has seen a major boom, particularly with the rise of digital currencies like Bitcoin and Etherium. Central banks around the world are examining (the use of digital currencies) so we should as well,” the source said. The Jerusalem Post notes that the “digital shekel” could be reviewed by the government sometime in January, but the paper’s source says no decision has yet been made. There is no official word on the launch or the name of the proposed currency. The move, the report says, would enable immediate transactions and cut down the amount of cash in the economy, making it difficult for people to resort to money laundering. Around 22% of Israel’s national output is attributed to the black economy. However, none of the two countries has executed the plan till now.
Hackers can remotely hijack thousands of Sonos and Bose speakers to play mysterious ghostly sounds
With the popularity of IoT devices growing every day, it is very important to be knowledgeable of the built-in security of these devices that ultimately could affect the owner and make them a target of an attack,” Trend Micro said. Researchers at Trend Micro discovered a strange vulnerability that affects a small percentage of speakers by the two firms, including the Sonos Play:1, Sonos One, and Bose SoundTouch systems, Wired first reported. Depending on the time of the scan, between 2000 and 5000 Sonos devices and about 400 to 500 Bose devices were spotted online and potentially vulnerable to hacking. These impacted devices allowed any device on the same WiFi network to access the APIs used to talk to apps such as Spotify or Pandora and play music without any user authentication. Security researchers have discovered that some models of Sonos and Bose speakers can be remotely hijacked by hackers to play creepy and unnerving ghostly sounds. For example, the attacker could craft a spear-phishing email leveraging social engineering or promising tickets to an upcoming gig of the target’s favourite artist,” Trend Micro said. Hackers could also possibly gather information such as IP addresses and the IDs of other connected devices that could be used to deliver exploits or even craft targeted spear-phishing attacks to gather more details. Trend Micro has notified Sonos and Bose regarding the security vulnerabilities. The affected internet-connected models can be discovered by hackers or pranksters using simple internet scans like NMap and Shodan and remotely accessed to play an audio clip of their choosing, researchers said. We’re looking into this more, but what you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network,” Sonos said in an interview.