DIGITAL INDIA, RANSOMWARE, AND THE RISE OF CYBER THREATS IN THE COUNTRY
India is making a quantum leap into the digital realm by integrating the entire nation in the digital fabric. With increased instances of wide-ranging digital perils including network compromises, ransomware attacks, cyber espionage, and data breaches, it is important for India, a fast-emerging digital nation, to timely address the core issues in the very dynamic digital landscape. Let us, then, highlight the rise of Digital India and the potential susceptibilities to cyber threats that it needs to counter to ensure its smooth rise on the global digital arena. India’s rise as a digital power not only requires digital awareness among the burgeoning set of internet users, it also demands the strengthening of the IT infrastructure with regards to security. Other initiatives such as BharatNet, which seeks to make high-speed internet available in more than 200,000 villages in India, are also building the much desired digital infrastructure and adding considerable thrust to India’s digital foray. It is also a high time for enterprises to look for next gen cyber security solutions such as Managed Detection and Response (MDR) that deliver advanced threat detection, deep threat analytics, global threat intelligence, faster incident mitigation, and collaborative breach response on a 24×7 basis. This includes initiatives such as Digital India, Aadhaar card, digital locker, digital life certificates, and digitization of other government-led services such as MNREGA. Since first-time users are least aware about digital technologies and potential threats, they are more likely to fall victim to the most basic malicious tricks. However,, the increasing number of first-time internet users in India is also posing a big challenge. India ranked third among the most affected nations and had about 48,000 systems affected by the ransomware attack.
NEW MALWARE IN INDIA WHICH STEALS MONEY THROUGH MOBILE PHONES: REPORT
A new malware Xafecopy Trojan has been detected in India which steals money through victims’ mobile phones, cyber security firm Kaspersky said in a report. “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge. The report said. “Once the app is activated, the Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing – a form of mobile payment that charges costs directly to the user’s mobile phone bill. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money,” Kaspersky Lab Senior Malware Analyst Roman Unuchek said. “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. Kaspersky Lab, Managing Director- South Asia, Altaf Halde said that Android users need to be extremely cautious in how they download apps. Experts at Kaspersky Lab have found traces showing that cyber criminals gang promulgating other trojans are sharing malware code among themselves. 5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico,” the report said. The malware uses technology to bypass ‘captcha’ systems designed to protect users by confirming the action is being performed by a human.
SEBI TO STRENGTHEN IT TEAM WITH CYBER SECURITY EXPERTS FOR STRONGER FIREWALLS
The Securities and Exchange Board of India (Sebi) is also appointing an advisor for cyber security and information technology who will be responsible for strengthening its regulatory policy framework in this space. The advisor would monitor implementation of these regulatory policies across securities markets and also help enhance capacity building at Sebi and various market participants with respect to cyber security. Sebi said it is looking for grade A officers who have knowledge of global best practices in the area of cyber security and information technology and are familiar with compliance requirements with cyber security policies. In July, the regulator said it will undertake a comprehensive review of technology and systems at all market institutions, including exchanges, to safeguard the marketplace from cyber threats and technical glitches. Market regulator Sebi is planning to beef up its IT team with experts from cyber security arena to ensure stronger firewalls against such attacks and faster corrective measures. The advisor would also observe developments in cyber technology and security space and prepare inputs for regulatory policy development. The regulator plans to hire four Grade-A officers in its information technology stream and wants the aspirants to have extensive experience in cyber security space. Their role would also involve installation of firewalls and data encryption, development, implementation and ensuring compliance with cyber security and information on security policies and procedures. The officer would also develop a stress testing mechanism to mitigate risks arising out of cyber-attacks while a framework will be put in place for taking correctives and a prudent response in case of such an emergency at the regulator or market participants. While the stock market arena has so far not seen any major attack, the exchanges have been repeatedly warning listed companies and various intermediaries to strengthen their systems.
HACKERS SPOOF EMBASSY CALLER ID IN NETHERLANDS TO DUPE NAGPURIAN
The woman received a phone call from Indian Embassy number +31703469771 and the caller introduced himself as an embassy official. They also contacted the Indian Embassy officials and were informed that hackers were spoofing caller id of the embassy to target the Indians living in the Netherlands. Interestingly, the hackers spoofed phone number of Indian Embassy to target the woman, which shows the gravity of the matter. In caller ID spoofing, the caller might display a phone number different from that of the telephone from which the call was placed. This time the call on the said number was lifted by an official of Indian Embassy in Netherlands and she was informed that neither did they contact any individual, nor made any call that day, A.P.I. Mane informed that the cheaters had hacked the phone of embassy so that the victim would treat the call as genuine. Satav now, a software professional (a woman) hailing from Nagpur and currently working in Netherlands fell victim to cyber fraud and lost Rs 1.4 lakh to the account number given by the caller within 15 minutes through wire transfer. Assistant Police Inspector (API) Vishal Mane informed that the money was transferred to account of the accused via Western Union Money transfer services.
143 MILLION EQUIFAX CUSTOMERS HIT BY ONE OF THE BIGGEST HI-TECH HEISTS IN US HISTORY
Although consumer and commercial credit databases were not affected, the company said hackers accessed social security numbers, birth dates and addresses between mid-May and July 2017. Sensitive personal data of 143 million US customers of credit report giant Equifax have been compromised by cyber criminals in one of the biggest data hacks in US history. Chairman and chief executive Richard F Smith said, according to Associated Press: “I apologise to consumers and our business customers for the concern and frustration this causes, We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. In addition, the credit card numbers of about 209,000 consumers were affected. Credit bureaus keep so much data about us that affects almost everything we do. While it was one of the largest breaches in the US, Yahoo dealt with a breach of around one billion user accounts, while in 2014, some 145m eBay accounts were hit. Three Equifax senior executives sold shares in the company worth almost $1. “Criminals can use the information to hijack people’s identities and carry out fraudulent activities which can affect customers’ chances of being assessed as suitable for leases and loans. Since the public announcement, the company’s share price dropped by more than 13%. Gartner security analyst Avivah Litan told the Guardian: “On a scale of one to 10, this is a 10 in terms of potential identity theft.
EQUIFAX HIT WITH MULTIBILLION DOLLAR CLASS ACTION LAWSUIT AFTER MASSIVE HACK
“Equifax disregarded the rights of Plaintiffs and Class members by intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected, failing to disclose to its customers the material fact that it did not have adequate computer systems and security practices to safeguard PII, failing to take available steps to prevent and stop the breach from ever happening, and failing to monitor and detect the breach on a timely basis,” the lawsuit reads. Less than 24 hours after Equifax confirmed that it was affected by a massive data breach that saw hackers steal social security numbers and other personal information of nearly 143 million people, the firm now faces a multibillion dollar class action lawsuit. Equifax knew that its failure to protect Ms McHill and Mr Reinhard’s credit and personal information from unauthorized access would cause serious risks of credit harm and identity theft for years to come,” the complaint stated. “Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the country harmed by Equifax’s failure to adequately protect their credit and personal information,” the complaint reads, Cyberscoop reported. “Equifax owed a legal duty to consumers like Ms McHill and Mr Reinhard to use reasonable care to protect their credit and personal information from unauthorized access by third parties. However, Equifax clarified that the arbitration clause refers to the Trusted ID product and not any lawsuits dealing with the data breach. Visibility is key, and our recent research found that sixty-one percent of respondents in the UK cited network blind spots as a major obstacle to effective data protection, while 41 percent of those without complete visibility of their network admit to lacking sufficient information to identify threats.
ANYONE NOT USING ANDROID OREO AT RISK OF ATTACK THAT COULD GIVE MALWARE ‘TOTAL CONTROL’ OVER DEVICES
“An ‘overlay attack’ is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. The vulnerability could potentially be used by hackers to launch “Toast overly attacks,” which could provide them with the ability to infect devices with malware and in turn gain “total control” over devices. A new vulnerability uncovered by security experts, which affects all Android OS versions except Oreo, has been uncovered, which researchers say could be exploited by hackers to launch a new kind of overlay attack and hijack devices. If you’re an Android user, then it is highly recommended that you update your device to start using the latest Oreo OS immediately to stay safe from potential malicious attacks. Researchers at Palo Alto Networks, who uncovered the vulnerability, say that the “high-severity” flaw “could be used to take control of devices, lock devices and steal information after it is attacked. The vulnerability specifically affects the Android Toast feature, which is a type of notification used to display messages and notifications over other apps. “All they have to do is put an overlay button over ‘activate this app to be a device admin’ and they’ve tricked you into giving them control of your device. Although Google has already issued a patch for the vulnerability, it is still highly recommended that Android users update their devices to install Oreo 8. The flaw could also potentially allow hackers to infect devices with all kinds of malware, including ransomware, and could also allow hackers to brick phones. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window,” Palo Alto Networks researcher Christopher Budd said in a blog.
EQUIFAX BLAMES MONTHS-OLD WEB SERVER FLAW FOR MASSIVE DATA BREACH THAT AFFECTED 143 MILLION PEOPLE
Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted,” the company said. Equifax has confirmed that a months-old web server vulnerability exploited by hackers led to the massive data breach that exposed the personal financial information of about 143 million American customers. Senator Orrin Hatch, chairman of the Senate Finance Committee has also asked the firm to provide information regarding when the company’s management and board members were informed about the attack, including the three top executives who sold shares worth nearly $1. However, Equifax said last week that it was compromised between mid-May and July, strongly suggesting that the firm failed to update its Web applications. Equifax’s chief executive Richard Smith is expected to testify before a House of Representatives panel on 3 October regarding the breach and the company’s decision to delay disclosing it. Although the company learned about the breach on 29 July, it was only revealed after over a month on 7 September. In a progress report published on Wednesday (13 September), the credit reporting firm said threat actors managed to exploit Apache Struts CVE-2017-5638, a flaw that was first identified back in March this year. The company has denied the executives illegally sold their shares based on insider information. The company has already been hit with more than 30 lawsuits filed in the US in the wake of the disclosure. Equifax has also come under intense scrutiny following the disclosure with almost 40 US states joining an investigation into the breach along with the United States Congress.
NEW MALWARE STEALING INDIAN USERS’ MONEY THROUGH SMARTPHONES
“Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money from victims’ mobile accounts without their knowledge. Year 2017 is proving to be the year of malware attacks, with the most number of malware attacks reported this year. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money,” Kaspersky Lab senior malware analyst Roman Unuchek said. 5 percent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey, and Mexico,” the report noted. “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. Once the app is activated, Xafecopy malware clicks on web pages with Wireless Application Protocol (WAP) billing. A new malware — Xafecopy Trojan — has been detected in India, which steals money through victims’ mobile phones, according to cyber security firm Kaspersky. According to Kaspersky’s report, forty percent of the targeted users are Indians. “Xafecopy Trojan is disguised as useful apps such as Battery Master that operate normally, to prevent users from getting suspicious. WAP is a type of mobile payment that charges costs directly to the user’s mobile phone bill.
FA BULKS UP CYBERSECURITY AHEAD OF WORLD CUP 2018 AMID FEARS OF RUSSIAN HACKING
The English Football Association (FA) is reportedly set to bulk up its cybersecurity during the 2018 World Cup in Russia, amid rising concern that a notorious hacking group may attempt to steal sensitive information such as tactical plans or players’ personal emails. Cybersecurity experts believe that the Fancy Bear group is leaking information in retaliation for Russia’s ban from the Rio Olympics last year after its athletes were linked to an allegedly state-sponsored doping regime. “Fifa has informed the FA in such context that Fifa remains committed to preventing security attacks in general,” a statement read, detailing its response. In August this year, the Fancy Bear hackers published what purported to be the medical files of 25 footballers granted therapeutic use exemptions (TUEs) during the 2010 World Cup. “It is inappropriate to publish information relating to personal medical conditions or medications and we will work alongside our partners to ascertain the extent of this matter,” it asserted. The England team is currently top of its World Cup qualifying group with 20 points and will face Slovenia at Wembley next month to cement a place in the competition. For the purposes of computer security in general, Fifa is itself relying on expert advice from third parties. It is for this reason that Fifa cannot and does not provide any computer security advice to third parties. “With respect to the Fancy Bears attack in particular it is presently investigating the incident to ascertain whether Fifa’s infrastructure was compromised. Fears spiked following the emergence of the so-called “Fancy Bear” unit, a well-documented hacking team with suspected links to the Kremlin’s intelligence services.
India vulnerable to cybercrime, must upgrade defence:
“While RBI centres often come to IITs such as IIT-K for expert opinion, IITs do not engage in relevant research on cyber security, the study said. Cyber-attacks affected over 3 million ATM, debit cards in 2016. Recent revelations about leakage of Aadhaar data and corresponding transaction data are serious concerns as the government is integrating Aadhaar number to various services,\” the study said. The experts said a wider net needed to be cast by the Indian banking system and the government to engage cyber security experts from top institutes as an advanced layer of protection was missing in most financial institutions. Noting that the government has initiated a number of programs to enhance the participation of citizens in the fully digitalised economy, the study said cyber security centres set up by the Reserve Bank of India would be insufficient. Demonetisation and the subsequent push for digitisation has escalated risks relating to cybercrime and India needs to urgently upgrade its defenses by setting up a cyber security commission on the lines of the Atomic Energy and Space Commissions, according to an IIT Kanpur study shared with Parliament\’s committee on finance. The experts felt that existing cyber security frameworks like CERT-IN was inadequate as there were insufficient inter-disciplinary connections and the government-private sector partnership was neither deep enough nor did it provide the required expertise. The study pointed out that since the government was pushing Aadhaar-based financial transactions, securing the Aadhaar database against unauthorised usage must be looked at carefully. In their recommendations, experts said companies must have a chief cyber security officer and data systems should function on a need-to-know basis. The study said attacks from the \’Equation group\’ — which WikiLeaks reports said was a clandestine CIA and NSA program — infected India\’s telecom and military sectors and research institutes.