Cyber Security Challenges are Real, Alarming – India’s Top Telecom Official
India’s Telecom Secretary, Aruna Sundararajan has acknowledged that cybersecurity threats have indeed risen exponentially in the recent past, especially for countries like India where digitization is fast becoming a way of life. The government of India has a flagship program called Digital India which has a vision of transforming India into a digitally empowered society and knowledge economy. Sundararajan, who recently outlined India’s cybersecurity plans at the World Summit on Information Society in Geneva, expressed her concerns in a series of tweets. In her speech in Geneva, Sundararajan said the country was working on installing sectoral Computer Emergency Response Teams (CERTs) to ensure that all layers of digital access are appropriately secured. The program got a boost with the mass migration of users from a cash economy to the cashless digital economy when Prime Minister Narendra Modi declared the de-monetization of high-value currency notes in November 2016. Countries like India, where digitization growth has been exponential, the magnitude and complexity of these challenges become multi-fold. For example, 300 million Indians adopted digital payments in just 6 months,” Sundararajan tweeted. At a time when the political discourse in India has been rocked by recent revelations of Cambridge Analytica using Facebook accounts for political campaigns for more than one party, a top bureaucrat has revealed that the Narendra Modi-led government is putting in place a comprehensive data protection framework. Every nation faces cybersecurity challenges.
Narendra Modi app shares private data of users with American firm without consent, says, the cyber expert
The French cybersecurity expert who goes by the name Elliot Alderson on social media and has been exposing loopholes in the Aadhaar security system since January claimed on Friday that Narendra Modi Android application shares private information of its users with third-party companies without their consent. While third-party involvement is not unusual in application development, what is worrying, in this case, is the nature of the information they get access to, said Kislay Chaudhary, a cybersecurity expert who is consulted by several government agencies. In a series of tweets, Alderson, an Android developer, claimed that the app collects extensive information about its user’s device, including the type of operating system and network, as well as personal details such as name, gender, pictures and email address, and sends it to a third party domain without the user’s consent. Alderson replied that while it is common practice to use analytical solutions for Android development, the problem lies in collecting data without the user’s consent. Alderson’s claim follows the revelation that the British company Cambridge Analytica illegally used private data of over five crores Facebook users to influence the 2016 American presidential election in favour of Donald Trump. “This case highlights the importance of dynamic situational awareness of cyberinfrastructure for government agencies,” he said. “It is clear that there is a third party involved but who will be held responsible if the data available to them is misused. “Government websites and applications should go for more frequent audits that should be done at least by one internal agency and one external agency. This domain is classified as a phishing link by G-Data, a Germany-based software firm that focuses on computer security solutions. “And this audit has to be done more frequently than most government agencies currently do,” he said.
Android Trojan Leverages Telegram for Data Exfiltration
Based on the received commands, the malware can grab contacts, location, app list, or the content of the clipboard; receive charging information; get file list or root file list; download files, create contacts, set wallpaper, receive or send SMS; take photos; receive or make calls; turn phone to silent or loud; turn off the phone screen; delete apps; cause the phone to vibrate; and get photos from the gallery. The malware also appears to contain the developer’s username in the code, which lead researchers to the ‘vahidmail67’ Telegram channel, which advertises applications to help users get likes and followers on Instagram, ransomware, and even the source code for an unnamed RAT. Because TeleRAT puts together code written by several developers, including freely available source code via Telegram channels and code sold on forums, this makes it difficult to point to one single actor commanding either IRRAT or TeleRAT. The use of said API allows for getting updates in two manners, namely the getUpdates method (which exposes a history of all the commands sent to the bot, including the usernames the commands originated from), and the use of a Webhook (bot updates can be redirected to a HTTPS URL specified by means of a Webhook. The malicious app reports to a Telegram bot, hides its icon from the phone’s app menu and continues to run in the background, waiting for commands. Still active in the wild, IRRAT masquerades as applications supposedly informing users on the number of views their Telegram profile received (something that Telegram doesn’t actually allow for. The malware is distributed via seemingly legitimate applications in third-party Android app stores and also distributed and shared via both legitimate and nefarious Iranian Telegram channels. Android Trojan Leverages Telegram for Data Exfiltration Dubbed TeleRAT, the malware appears to be originating from and/or to be targeting individuals in Iran. The threat is similar to the previously observed IRRAT Trojan, which uses Telegram’s bot API for C&C communication only.
The city of Atlanta paralyzed by a ransomware attack, is it SAMSAM?
In February, the SAMSAM Ransomware hit the Colorado DOT, The Department of Transportation Agency and shuts down 2,000 computers. In response to the attack, IT staff sent emails to city employees in multiple departments telling them to disconnect their computers from the network if they notice suspicious activity. Department of Justice, the SAMSAM strain was used to compromise the networks of multiple U. com, cited the opinion of an expert that based on the language used in the message pointed out that the infection was caused by the SAMSAM ransomware. ” Investigators believe that hackers initially compromised a vulnerable server, then the ransomware began spreading to desktop computers throughout the City network. The city of Atlanta paralyzed by a ransomware attack, is it SAMSAM. Crooks behind the attack on MedStar requested 45 Bitcoins (about US$18,500) for restoring the encrypted files, but the organization refused to pay the Ransom because it had a backup of the encrypted information. The ransomware infection has caused the interruption of several city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information. The SamSam ransomware is an old threat, attacks were observed in 2015 and the list of victims is long, many of them belong to the healthcare industry. “Yesterday morning, computer trouble started interfering with the normal computer operations on the Atlanta government network.
A new massive crypto mining campaign target Linux servers exploiting an old flaw
The hackers are exploiting a five-year-old vulnerability in the Cacti “Network Weathermap” plugin and according to Trend Micro, this campaign is linked to a previous cryptocurrency-mining campaign that used the JenkinsMiner malware. A new massive crypto mining campaign target Linux servers exploiting old flaw Security firm Trend Micro uncovered new crypto mining campaign, a cybercriminal gang has made nearly $75,000 by installing a Monero miner on vulnerable Linux servers. In this last campaign that is targeting Linux servers, hackers exploited the CVE-2013-2618 vulnerability in Cacti plugin which is an open-source network monitoring and graphing tool. “This campaign’s operators were exploiting CVE-2013-2618, a dated vulnerability in Cacti’s Network Weathermap plug-in, which system administrators use to visualize network activity. According to Trend Micro, hackers made approximately 320 XMR (roughly $75,000), most of the Linux servers were located in Japan (12%), China (10%), Taiwan (10%), and the US (9%. Trend Micro recommends keeping internal to the environment data from Cacti and also keeping systems updated with the latest patches. “While this allows systems or network administrators to conveniently monitor their environments (with just a browser bookmark, for instance), it also does the same for threat actors,” concluded Trend Micro. ” The flaw could be exploited by attackers to execute arbitrary code on vulnerable systems, in this case, hackers downloaded and installed a customized version of XMRig, a legitimate Monero mining software (dada. ” reads the analysis published by Trend Micro. It’s possible these attackers are taking advantage not only of a security flaw for which an exploit is readily available but also of patch lag that occurs in organizations that use the open-source tool.
India struggles to control information distribution from its own identity scheme
Karan Saini, a cyber-security consultant in New Delhi, discovered exactly how weak the protection was when he tested the Indane web site. Since the website itself is linked to the Aadhaar database to verify customers, Mr Saini could tap into the database, run cycles of random 12-digit numbers, and hit upon valid Aadhaar numbers. Apart from welfare agencies, other arms of the government — such as Indane, the cooking-gas utility exposed by ZDNet — as well as companies such as mobile service providers routinely ask for Aadhaar numbers to verify people’s identities against the state-created database. Among other contentions, the activists have made the case that Aadhaar information is insufficiently protected, leaving the database vulnerable to hackers or to misuse by the government. ” Two days later, ZDNet, an American technology web site, published details of how a state-owned cooking-gas provider’s web site permits anyone to extract information about citizens from the government’s Aadhaar database. When the Aadhaar numbers came up, Mr Saini told ZDNet, they brought with them, from the database, the names and addresses of their holders. But Indane also took its link to the Aadhaar database offline after ZDNet published its report, just as other government agencies did after Alderson’s exposures on Twitter. In numerous apps and websites that use or process Aadhaar data, Alderson found breaches through which he could pull Aadhaar information. With those credentials, he could enter any Aadhaar number into the official Aadhaar portal and pull up all associated information. Rajat Gupta / EPA India has warned Facebook to protect the data of its citizens, but its government is struggling to control the leakage and distribution of information from its own universal identity scheme. He told The National that over the past six months, as concerns about data have built, he took to logging into his Aadhaar portal and browsing through the list of agencies that vet his identity — a service available to every user.
Data leak war: Day after BJP tweaks policy, Congress junks app
The Congress app’s deletion came soon after a French cybersecurity researcher who goes by the pseudonym Elliot Alderson found security issues with a web page associated with the Congress. Data leak war: Day after BJP tweaks policy, Congress junks app On Monday morning, Congress deleted its official app ‘With INC’ from the Google Play Store, making it unavailable for Android users. The now-deleted Congress Android app asked for photos, media, files, storage, camera, WiFi connection information, and network information. The Narendra Modi app wants its users’ permission to access their photos, media, files, storage, device ID, call information, accounts and contacts on device, location, camera, microphone, and network information, as reported by TOI + earlier. The deletion came amid allegations flying thick and fast + between the Grand Old Party and BJP over potential misuse of subscriber data on their apps. A cybersecurity expert with a private bank said while there is no law mandating political parties to host their servers within India, there are security risks in hosting them overseas. Congress’ head of social media and digital communication Divya Spandana confirmed the app’s deletion from the Play Store to TOI and said the membership URL tweeted by Alderson was outdated. The app’s deletion came after Congress had spent the weekend tweeting issues with the NaMo app. People on the app were still being led to the old membership URL which was http://membership. ” The hashtag #DataChorCongress trended nationally on Monday with BJP politicians using it in their tweets.
Indian social media users more prone to the data breach
India’s millions of active Facebook and other social media users could be at a greater risk of user data breach and of giving away more information about themselves on social platforms compared to users in other markets due to weak rules and careless approach. Lax rules and regulations for app developers and owners, which do not require them to seek explicit permissions from users compared to other markets like Europe before downloading apps, rampant proliferation of the Android platform, which enables apps to seek out a lot more information and the unique social media habits of Indians are all factors that put them at a greater risk, cyber and data security lawyers and industry experts told ET. “App permissions and the way app developers and owners seek permissions from users before the latter download the apps vary with locations,” said Sivarama Krishnan, cybersecurity leader, India, at PwC. The share of Android users in India would be on the higher side compared to iOS, even if one were to look at the 380 million smartphone user base in India, Counterpoint Research said. “Privacy regulations in Europe, Singapore and other markets compel app owners to seek explicit and more specific approvals from users who can be more discerning while in India they take a blanket approval. India has the highest number of Android users among key global markets, as per data from Counterpoint Research. Concerns are mounting globally over how much data Facebook has on users in the aftermath of the Cambridge Analytica data breach controversy with users attempting to download information on how much they have given away to the platform. Android’s share was about 85% of smartphones sold in China last month, 75% in Europe and 58% in the US, with iPhones accounting for the rest in all these markets.
Billing Data from UHBVN hacked, Rs one crore demanded in Bitcoins from Haryana Government
In a first of the kind of a case in the country, the hackers have stolen the billing data of the Uttar Haryana Bijli Vitran Nigam (UHBVN), one of the two power discoms of Haryana and have demanded Rs One crore in form of bitcoins from the state government to retrieve the data. Meanwhile, UHVBN claimed that the cyber attack on the Automatic Meter Reading System (AMR) has not at all affected the billing of about 4,000 Industrial consumers as the backup of the billing data is available with the Uttar Haryana Bijli Vitran Nigam. An official of the Nigam said that there is no loss of billing data and the billing consumers would not be affected. It is not yet known whether the attack on Haryana Power Corporation is related to last year’s attacks or not. But experts say that the IP address can be changed in a couple of seconds and the attacker must have used his ‘spoofed’ IP address. Sources said that UHBVN which is monitoring electricity billings of nine districts of the state (Panchkula, Ambala, Kurukshetra, Karnal, Panipat, Yamunanagar, Sonepat, Kaithal and Rohtak) came under cyber attack at 12. 17 AM after midnight on March 21 and thus the billing data of thousands of consumers had been hacked as the IT wing of the nigam was target. Sources pointed out that now the officials of the nigam are busy uploading the billing data from the log books and some of the data has been uploaded. The Nigam had already taken steps much before to phase out the said system and to be replaced by latest, robust and technologically advanced system on cloud services which would be operational by the end of May 2018. The billing of about 4,000 consumers has already started functioning normally, experts added.
Hackers took down Baltimore 911 system during the weekend
Another US city hit by hackers, over the weekend, a cyber attack took down part of Baltimore 911 system for seventeen hours. Part of its 911 service at the city of Baltimore was taken down during the weekend by a cyber attack. The attackers targeted a specific server and took down the CAD system from 8.30am Saturday until around 2 am Sunday. “Baltimore’s 911 dispatch system was hacked by an unknown actor or actors over the weekend, prompting a temporary shutdown of automated dispatching and an investigation into the breach, Mayor Catherine Pugh’s office confirmed Tuesday.” reported the Baltimore Sun. “James Bentley, a spokesman for Pugh, confirmed that the Sunday morning hack affected messaging functions within the computer-aided dispatch, or CAD, system, but said the mayor would not otherwise comment on the matter Tuesday.” The cyberattack shut down the emergency service’s Computer Aided Dispatch (CAD) that is used by 911 operators. No systems beyond the one CAD server were hit in the cyber attack, according to the media no data was exposed. The function of the 911 service is essential to respond to any emergency and to direct police, fire, and ambulance to the place of an emergency. During the attack, the 911 operators were forced to manually dispatch responders. 911 and 311 “were temporarily transitioned to manual mode.” The attack was launched while thousands of protesters were participating in the nationwide march against gun violence. City personnel were able to “isolate and take offline the affected server, thus mitigating the threat” of the hack, said Frank Johnson, chief information officer in the Mayor’s Office of Information Technology. No systems beyond the one CAD server were hit by the cyber attack, and no data was exposed or stolen. A few days ago, the networks of another major US city, Atlanta, were infected with a variant of the SamSam ransomware.