In 3 years, 1,44,496 cybersecurity attacks in India
Concerned over growing incidents of cybercrime, the Home Minister Rajnath Singh on Monday reviewed various measures, including the strengthening of surveillance and legal framework, to deal with financial frauds using bank cards and e-wallets. A high-level, inter-ministerial meeting, chaired by the home minister, took stock of the steps being taken to check financial cybercrime emanating from the usage of cards and e-wallets in particular and how to protect interests of the citizens, according to a home ministry statement. The customer alert mechanism to include names of beneficiaries of any financial transaction wherever necessary for better traceability and cross-checking on the part of the victim, publishing online statistics depicting the specific incidents, frauds against of e-wallet companies and banks along with details including investigation to enable customers to make an informed choice before subscribing to e-wallet services are other initiatives being planned. Big data analysis by IIT-Delhi for identification of perpetrators of phone frauds in order to prevent duplication across e-wallets, and providing additional information through SMS or email alerts to customers from banks or e-wallet companies are some of the key actions being taken by the government. In today’s meeting, the home minister was informed about the measures taken by the Jharkhand Police to crack down on the perpetrators of phone frauds which has resulted in considerable fall in instances of these crimes. As per data maintained by the National Crime Record Bureau (NCRB), total 5693, 9622 and 11592 cybercrime cases were registered in 2013, 2014 and 2015, respectively. The committee with representatives of various stakeholders, including the Reserve Bank of India and law enforcement agencies, has already discussed various nature of phone frauds taking place in India and the steps to be taken by various stakeholder organisations in order to curb such instances. An inter-ministerial committee on phone frauds (IMCPF) has been constituted in the home ministry in last September.
India in the web of N Korean cyberwar
Dmitri Alperovitch, the chief technology officer at the well-known cybersecurity firm CrowdStrike in the US, confirmed in May 2017 that North Korean hackers had stolen hundreds of millions of dollars from banks during the past three years, and that banks are concerned that Pyongyang’s hackers are using the Wiper virus and its variants not only for heists but to disrupt the banking networks, which can have major international financial implications. The spectacular feature of the attack was that it went beyond the traditional exploit of stealing the login credentials of bank account holders and used the SWIFT (Society for Worldwide Interbank Financial Telecommunications) credentials of the Bangladesh Central Bank employees to send over 36 fraudulent money transfer requests to the Federal Reserve Bank of New York, asking it to transfer millions of dollars of the Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka, and other parts of Asia. Which brings us to the point that the North Korean role in India underscores our cyber vulnerabilities and highlights the potential fiscal and security threats we face through malicious cyber exploits. In 2013, North Korean hackers, operating from computers inside China, used the same techniques against computer networks at three major South Korean banks and two largest broadcasters, which erased data and paralysed business operations. In September 2016, in what was considered a technical feat, North Korean hackers infected around 3,200 computers, including 700 connected to the South Korean military’s internal network, which is normally disconnected from the Internet, including a computer used by the Defence Minister. Seoul asserts that North Korea now has a functioning cyber army of over 7,000 hackers for its cyber warfare operations and that many of them may have been trained by the Chinese PLA’s hacking unit 61398, which specialises in advance persistent threats
Government to train about 1,200 IT officers for dealing with cybersecurity challenges
To ensure a structured mechanism in accordance with best information security system practices, MeitY had in March this year advised all ministries/departments to nominate a member of senior management as Chief Information Security Officer (CISO) to establish a cybersecurity programme and coordinate security policy compliance efforts across the organisation. The Ministry of Electronics and Information Technology (MeitY) last week approved the ‘Cyber Surakshit Bharat Programme’, under which chief information security officers and IT officers of government departments and PSUs will be trained over a period of one year. In view of the rising cases of cyber-attacks and cyber frauds in the country, about 1,200 IT officers of ministries, banks and public-sector units will be trained in partnership with top IT players to address cybersecurity challenges. The training will have many components, including cybersecurity management, cyber health index exercise, a workshop on end-to-end security across identity, data and application and other aspects of network security. The role of CISO is to maintain and update the threat landscape for the organisation on a regular basis, including staying up-to-date about the latest security threat environment and related technology developments. 5 lakh cases of cyber security attacks were reported in the country in the last three years. The training will be conducted in Delhi, Bengaluru, Mumbai, Hyderabad and Chennai in partnership with a consortium led by IT giants, including Microsoft India, and the National e-Governance Division (NeGD) of the ministry. While the consortium partners will provide technical assistance for the training, NeGD will give logistic support. These incidents included phishing, scanning, website intrusions and defacements and virus attacks, among others. An estimated 1.5 lakh cases of cyber security attacks were reported in the country in the last three years. While a total of 44,679 cases were either reported to or tracked by the Indian Computer Emergency Response Team in 2014, the number rose to 49,455 and 50,362 in 2015 and 2016, respectively.
Businessman’s bank account hacked, Rs 6.73L syphoned off
Coimbatore: A businessman’s bank account was hacked by two unidentified persons, who transferred Rs 6.73 lakh to two other accounts using net banking. Based on his complaint, district crime branch police have registered a case. K Arumugam, police said, owns a company named Shri Bhirammasakthi Engineers in Thudiyalur. “He maintains an account with Bank of India, Perur branch, and most transactions are done through it,” a police officer said. In June, unidentified persons managed to track his bank account details. They also got his mobile phone number and approached a mobile operator agency at Nava India to block the number, saying the SIM card was lost. They also submitted the company’s letterhead and the agency immediately blocked the number and issued them a new SIM card. They subsequently received the one-time password from the bank to the mobile number and transferred Rs 6.73 lakh from Arumugam’s account to two other accounts by way of Real-time gross settlement (RTGS). Arumugam later came to know about the illegal transactions and lodged a complaint with the district crime branch police, who registered a case against unidentified persons under various sections of Information Technology Act. A team of police, meanwhile, visited the agency at Nava India. Though there were a few CCTV cameras installed, all of them were out of order. As such, there is no clue about the persons who blocked Arumugam’s mobile number. The police also approached the bank and came to know that the amount was transferred to two accounts in a northern state. Further investigation is on.
This Android malware can empty your bank account – and it was found on Google Play
Android users beware: Notorious ‘BankBot’ Trojan hits Google app store to drain accounts The BankBot malware, which has plagued Android devices for months, uses an “overlay technique” in an attempt to fool unsuspecting victims into entering their details into an app they believe is legitimate. This Android malware can empty your bank account – and it was found on Google Play A notorious banking Trojan that can mirror legitimate applications in order to steal passwords was recently discovered on Google’s official marketplace posing as a cryptocurrency service. A user manually downloads and installs the fully functional app on their Android device to compare cryptocurrency market prices with fiat currency values. This variant of BankBot appeared to be targeting users of Polish banks. Risk IQ said the discovery “serves as a reminder of the sophistication of malicious mobile apps” and that users should be vigilant in evaluating all apps before downloading, even from trusted stores. However, BankBot is using this seemingly legitimate application to mask its actual purpose. Once installed, the user is presented with an app that can perform cryptocurrency exchange monitoring. The instance of BankBot was distributed using social engineering,” RiskIQ said Thursday (8 November. If one of the desired financial applications is launched, BankBot will overlay a screen that looks identical to the legitimate service – and scoops up any entered passwords. BankBot, which is primarily designed to target Android smartphones, had its source code leaked online in January this year – and has since developed into a major cybercrime threat.
Hackers keep defacing websites in US and Canada with ‘I love Islamic state’ slogans
A cybercrime group is causing havoc in the US and Canada by hacking into the websites of police stations and schools and defacing them with pro-Islamic State propaganda. Hackers hijack 800 US schools’ sites with Saddam Hussein photo Local media reported the police website was hacked to display a black screen with the text “I love Islamic State”, while an audio track looped in the background. In the summer of 2017, the same group went on a hacking spree which resulted in the defacement of US state and government sites – including the homepage of Ohio Governor John Kasich. Prince Albert Police Service will not comment on this group as we do not want to promote them further in the media. In June 2016, Vice reported that the group had – for some reason – hacked the website of a Canadian food truck, leaving the message “I am Muslim and I love Jihad. He wrote: “This incident has had a minimal impact to the operations of the Prince Albert Police Service, with the exception of the website being temporarily unavailable. A scan of Zone-H, a platform which archives defaced websites, shows that the group remains highly active to this day. Earlier this week, the group – most likely a set of internet pranksters rather than Islamic State fundamentalists – targeted hundreds of schools in the US with similar defacements. The group responsible for changes to the website have been in the media previously due to activity on other sites. On Wednesday (8 November), the latest victim emerged, with a branch of law enforcement in Prince Albert – the third-largest city in Canada’s Saskatchewan province – confirming that its website was forced offline after being hit by a group
In the age of digitization and connectivity, a new form of extortion has arisen: ‘Ransomware’
The magnitude of ransomware attacks has increased sharply over time, with hackers exploiting vulnerable technology and gaps in security frameworks and targeting unsuspecting users and companies in possession of sensitive and confidential data. senior VP, Tata Communications, says, “As a response to an increasing number of ransomware attacks, the community of White Hats has been formed. The attackers can hold the entire company to ransom and can attack the whole country— and India is far from prepared. In the words of Arpinder Singh, partner and head – India and emerging markets, fraud investigation & dispute services, EY, “India has seen an accelerated use of online and mobile platforms; for instance, financial transactions through internet banking and mobile wallets has risen considerably. Many companies in India still use outdated computer systems and hardware that can make them an easy target for hackers. The matter of concern is that there is no way to prevent an attack, as there are many variants of ransomware that surface from time to time. Crucially, India is still ill-prepared to fight such attacks, as most Indian systems do not invest sufficiently insecurity. Sridhar Iyengar, VP of IT management company Manage Engine, says, “India is going through a push towards digital, and so cybersecurity should have been a priority. The problem is that in India, there are still companies that don’t treat IT as a priority and don’t see it as a core department. Such attacks can result in financial losses (customer data, IP), impact business continuity and cause reputational damage and loss of customer confidence.
Forever 21 data breach: Hackers steal customers’ payment card details from some stores
Popular clothing retailer Forever 21 revealed on Tuesday (14 November) that hackers may have gained unauthorised access to payment card systems at some of its stores, potentially compromising the credit card details of customers who shopped there. The company said it was recently notified by a third party of the possible breach and immediately launched an investigation into its payment card systems with the assistance of a “leading security and forensics firms”. “Because of the encryption and tokenization solutions that Forever 21 implemented in 2015, it appears that only certain point of sale devices in some Forever 21 stores were affected when the encryption on those devices was not in operation,” the company said in a statement. The investigation is currently focused on card transactions in Forever 21 stores from March 2017 through October 2017. The Los Angeles-based company did not provide any details regarding when or how the point-of-sale (PoS) breach took place, or what payment card details may have been compromised. Forever 21 operates more than 815 stores in 57 countries including the US, UK, Australia, Canada, China, Germany, Japan, India, Latin America and Philippines. However, it did not specify which or how many of its stores were affected in the breach. “Because the investigation is continuing, complete findings are not available, and it is too early to provide further details on the investigation,” the company said. “Forever 21 expects to provide an additional notice as it gets further clarity on the specific stores and time frames that may have been involved.” It advised customers to monitor their credit and debit card statements for any possible suspicious activity or unauthorised charges. “We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter,” the firm said. Forever 21 is the latest in a litany of retail companies that have suffered data breaches this year. Arby’s, Brooks Brothers, Saks Fifth Avenue, Chipotle, Equifax, Whole Foods Market and Kmart were among the dozens of companies that reported a data breach this year so far.
Android malware with up to 17.4m downloads found lurking in 144 apps on Google Play
This Android malware can empty your bank account – and it was found on Google Play The news came as two other cybersecurity companies – ESET and Dr Web – disclosed similar findings of sets of malicious mobile software successfully sneaking onto Google’s official application market. Security researcher Carlos Castillo wrote: “Grabos gained popularity on Google Play because it allowed users to download music for free while constantly asking them to rate the app. 4 million users downloaded them from Google Play, McAfee said. Considering Grabos also reports the presence of specific social apps on infected devices, cybercriminals could use that information to deliver additional apps by tricking users into installing them using any of the notification methods implemented in the code. 4 million Android users have downloaded a form of Trojan malware found in 144 separate mobile applications, security researchers from McAfee warned this week. Only 24 hours after the McAfee report was released, ESET, a Slovakian anti-virus firm, disclosed that it also recently found a set of eight malicious applications on the Play Store. Yet the threat was notable, the firm said because it was a form of “multi-stage” malware – legitimate-looking but with delayed onset of malicious activity. On 13 November, Dr Web, a Russian cybersecurity outfit, discovered a suite of nine other malicious apps on Google Play with more than two million downloads in total. In a blog post-Tuesday (14 November), experts said the threat – dubbed “Grabos” – was discovered in an app called “Aristotle Music audio player 2017” that had been downloaded up to five million times. McAfee said it notified Google about the malware in September, and the software was swiftly removed.
Another OnePlus app uncovered that may allow hackers to steal photos, GPS, WiFi data and more
This app is reportedly called OnePlusLogKit and, like its name suggests, logs an extensive amount of user data. Bleeping Computer reported that a hacker who had physical access to a OnePlus device could trigger the app’s data-logging features and access the logs at a later date. Just days after a factory-installed backdoor app was found on OnePlus devices, a second app – also preinstalled – has been uncovered, raising major security and privacy concerns for the company’s smartphone users. Earlier this year, security researcher Chris Moore found OnePlus was collecting significant user data, including devices’ serial numbers and sending it to a server – allowing the firm to potentially track users. The researcher, who goes by the moniker Elliot Anderson – an homage to the lead character of the popular TV series Mr Robot – took to Twitter to report about the app’s ability to potentially allow hackers to record users’ photos, WiFi and GPS data, and more. The researcher wrote in a post that all of the user data stored by the app is unencrypted, adding in another tweet that this data could also likely be sent to China. It is still unclear as to what OnePlusLogKit’s actual function may be and why the app came pre-installed on devices. Hackers could also potentially use other techniques, such as social engineering, into tricking users to enable the app’s data-logging features. In his Twitter thread, the researcher said that all one had to do to trigger the app into logging the data and accessing it was to dial *#800# on the smartphone’s dial pad. The second OnePlus app was reportedly found by the same security expert that discovered the first app