• phishing attack

    What is Phishing | Whaling & Spe...

    Phishing means, like a baited hook attackers uses malicious email attachments, fake web links to grab sensitive customer information like passwords, credit card numbers, PINs, etc. Phishing is the oldest & simplest form of cyberattack and the most effective one. In other cases, attackers also use popular topics to infringe companies’ trademarks using Phishing techniques.

    Phishing represents 77% of all social-based attacks

    Phishing E-mail example
    Example of a Phishing email

    How Does Phishing Work

    Most internet subscribers are vulnerable to phishing attacks. It’s because often they use (i) Windows operating system, (ii) are persuasive, and (iii) do not have security software or antivirus in their system. Let’s have a look at how a phishing attack executes:

    1. Depending on the type of victim (individual, organization, a large group of users, etc.) firstly, the attacker first collects basic information about the target.
    2. Secondly, the attacker distributes emails with malicious attachments or constructs a fake eCommerce/ social engineering/ banking website as a trap.
    3. Thirdly and most importantly, the victim fails to understand these social engineering tricks and opens the email & attachment or visits the fake web link.
    4. Finally, the RAT (Remote access trojan) is installed in the target system, it is exploited.
    5. Additionally, RAT tries to access additional computers in that same network
    6. In conclusion, sensitive information is leaked by the attacker/ phisher

    Types of Phishing attack

    What is spear phishing?

    Depending on the type of victim, phishing turns to spear phishing which is target based attack, not a regular mass email attack. Typically this message contains the recipient’s name and information related to in-depth professional or personal matters.

    How does Spear Phishing work

    1. Initially, the hacker researches the names of employees of an organization and picks a victim.
      • IT manager who has full network access
      • Finance/ Marketing Manager who approves payment to the suppliers or vendors
    2. Moreover, from the organization page, or social media research like LinkedIn, Twitter, Facebook profile, the perpetrator gathers sufficient details about the victim.
    3. After that, perhaps acting superior or department colleague, the attacker sends out an email with a fake malicious link or attachment (for ex. invoice copy) to the victim, using a proper, standard email template.
    4. As a result, when the victim uses his credential to open the document or the link, the hacker captures his credential to gain the access to the corporate network.

    It is very hard to prevent spear phishing attacks as it is target driven; it already has made enough damages to many businesses and governments.

    spear phishing

    What is Pharming?

    Pharming starts with fake web links, forged Play store apps. If you click or download any of these apps, malicious codes are injected into your system to poison your DNS server.

    Pharming DNS Spoofing
    Pharming Attack

    To clarify this, your DNS name is your identity and it contains the private IP to public IP mappings vice versa. So, when you login next time your legitimate online banking link might land you to the hacker’s fake webpage using false entries at your DNS cache.

    What is Smishing or SMS phishing

    Smishing means using SMS texts, hackers spread phishing (malicious links) attacks. That is to say, there’re many gateways between IP networks and SMS networks. Therefore, an attacker can send SMS links from the Internet using Mobile operator’s forms to distribute SMS Phishing attacks.

    • Free Netflix Subscription link
    • COVID Donation link
    • Free COVID Insurance link & many more
    Smishing attack
    Smishing attack

    What is Vishing

    Like Smishing, Vishing is a voice phishing technique performing the same kind of scam. The attacker over the phone pretends as an income tax officer (IRS), or a bank employee, or a policeman.

    Eventually, they scare you with some kind of a problem & ask you to pay the fine immediately or insist to share your account details. The criminals gather details about the victim beforehand so it’s become easier to deceive them.

    What is a social engineering attack?

    People are the biggest vulnerability of any network. Social engineering is the art of persuading to gain illegal access to a building or to a corporate network. It’s certainly not technical hacking rather exploiting human psychology.

    Phishing is a kind of social engineering attack. so let’s explain it better.

    Commonly social engineering techniques are performed by these people (i) Customer service (ii) Delivery staff (iii) Phone calls (iv) Tech support

    Social engineering is dangerous to personal or corporate data. Once a social engineer is able to gain your trust, he can pose an IT helpdesk guy, to snoop on your corporate password to steal sensitive data. Moreover, acting as a delivery staff who forgets his key, a criminal can enter an office building with the help of a staff.

    How to protect against phishing attacks

    Avoid Phishing Emails

    • You should discard emails from an unknown person, unfamiliar address
    • Similarly, you should avoid emails containing untrusted attachments – just delete or report phishing.
    • For your info, most of the phishing emails generally contain subjects like Prizes, Lottery, Job offers, freebies, etc.

    Tips to avoid phishing scams

    Strictly follow Govt. approved webpages, mobile App

    • Strictly follow Govt. webpages, approved Apps for Covid-19 news and updates
    • Be careful about the site visit- try to avoid ‘HTTP://‘ pages, always visit ‘HTTPS://‘ pages
    • Avoid webpages with unfamiliar fonts, color, spelling errors

    Online Banking

    • Try to use office/ corporate computers for online banking, money transferring as they provide end-point protection against any malware, external threats
    • Double-check the UPI Id, validate the bank/ merchant name before payment

    SMS Links

    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links, don’t share until you verify the link

    Before you Accept/ Click

    • Don’t click on online widgets, flash images, pop-ups during browsing a webpage
    • Don’t Accept cookies from untrusted webpages, click ‘x’ and close

    Home PC, Mobile

    • It’s mandatory to install authentic antivirus, security apps & update them regularly
    • Use WPA2 encryption for your home WiFi router

    Avoid untrusted Sites

    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms

    Virus Scan

    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month

    Avoid public Wi-Fi

    • Try not to avoid free WiFi at Airports, Coffee shops, or Railway platforms like areas; and never log in to your online banking page or make any financial transactions
  • what is ransomware attack

    What is Ransomware Attack | Know Type...

    A Ransomware attack is a type of Malware, that encrypts or locks a victim’s computer, and demands payment (in bitcoins) for recovery. If your computer is compromised with a ransomware attack, all files (.doc, .txt, .mpeg, .xlsx, etc.) would be encrypted using a public, private combination key. The hackers lock these sensitive files, takes the system control until you pay the ransom.

    Now the victim has no option left other than

    1. Pay in bitcoins (which can’t guarantee anything) or
    2. Ransomware removal by formatting the computer or server

    How Does Ransomware Work

    All types of endpoint systems, terminals are vulnerable to ransomware attacks. For example, IT servers, personal computers, point of sales (POS), printers, smartphones, any smart gadgets, even further Smar Cars, Smart Homes are also vulnerable to ransomware.

    Lets see how it works:

    1. Ransomware attack usually starts with a spam link sent by the hacker (not necessarily only through emails, could be third-party websites, any unknown link)
    2. As soon as, the user clicks on the link malware gets downloaded to the computer
    3. Then the malware automatically run in the computer and the virus makes a copy in the C drive (all the commands, shells are copied)
    4. Likewise, newly added registries are copied in the computer
    5. Now the hacker can connect to the computer using the corrupt registries
    6. Thereby hacker takes control of your data, uses a key to encrypt these crucial data, and locks the computer.
    7. Now the victim gets a message from the hacker asking for ransom unless data would be deleted or shared online.

    Types of Ransomware

    Scareware

    This is kind of a tech support scam, where you’ll get a pop-up message asking for payment against the removal of malware, discovered in your computer. But in this case, your files are safe. If you don’t pay you’ll get repetitive scary messages, that’s it.

    Screen lockers

    Lock screen ransomware locks your computer screen. You won’t be able to access it, a full-screen pop-up will appear with an authentic-looking Defense or Govt logo on it. It will now demand a fine for performing an illegal activity. However, this is just to defraud you, no police will freeze your account.

    Encrypting ransomware

    Cybercriminals take control of your system first and then seize the important files & folders to encrypt them using a sophisticated key. Next, they demand ransom in order to return the control back by decrypting the files. It’s so deadly that no security software or system restore can return the data. And even if you pay the ransom, no guarantee that the hackers will give those files back, all are gone (mostly happens).

    Ransomware Attack Types

    WannaCry

    The most popular and large ransomware, affecting millions of windows machines in 150+ countries, causing multi-billion dollar losses in 2017. It was a self-contained, self-propagated TOR program that spread autonomously from one computer to another. It pop-up appears after windows load as below:

    wannacry ransomware attack
    Wannacry ransom note with timer & bitcoin link

    Petya and NotPetya

    Petya, dawned around 2016, encrypts the computer hard-disk using a very sophisticated encryption algorithm. This makes the entire disk inaccessible. It’ll ask you to install the Tor browser (darknet) and then the steps for decryption to follow.

    Later it reoccurred with the new variant NotPetya, extremely dangerous than the former. NotPetya can propagate by own and is able to spread without human intervention. It asks for ransom in bitcoin and then you need to share your key to the hacker’s mail id for decryption. There’s almost no chance of getting back your files as the hackers used fake email ids.

    Petya and NotPetya use the same vulnerability from WannaCry to spread across computers and both infect Windows computers.

    Petya ransomware
    PETYA Ransomware, steps to decrypt your files

    CryptoLocker

    It’s a similar kind of file-encrypting ransomware, came up in 2013, the first kind of modern age ransomware. In early 2014 at its high, it infected more than half a million computers via an email attachment. It is obsolete now.

    Cryptol Locker
    Cryptolocker popup

    Cerber

    Cerber runs silently into the system to stop all windows security features & antivirus. Cybercriminals use this kind of service while encrypting the files using Windows vulnerabilities.

    Bad Rabbit

    It spreads across Europe and Asia back in 2017 by fake Flash player updates. Mainly the targets are located are news & media companies in Russia, Ukraine, Tukey, and Germany. However, it is possible to decrypt the files if you pay the ransom, unlike other ransomware variants.

    Maze

    Like other varieties of malware in the past, it also spreads across corporate networks & servers and encrypts data using a combination key so that it cannot be accessed. Very recently in 2020 Indiabulls, Cognizant servers were targeted by the Maze ransomware

    Modern variants of ransomware like Ryuk, Robinhood, Thanos emerge in recent years, are extremely harmful

    Recent variants of ransomware

    What is Mobile Ransomware

    Mobile ransomware is a kind of Android malware that affects mobile devices. It doesn’t commonly prevent access to files or steals sensitive data, rather blocks the mobile device. Mobile users don’t understand the risk of clicking fake web links or downloading malicious content. And that’s how this malware is distributed through malicious apps or social engineering attacks. In recent years both Cryptolocker ransomware attack found in both Andriod and Apple devices while Doublelocker affects many android devices PIN and encrypted stored data.

    Mobile Ransomware
    Mobile Ransomware

    If infected, you need to boot up your mobile device in safe mode and remove all apps in order to get back access. Also, to safeguard you need to install strong mobile security software & update patches regularly.

    How to Protect against Ransomware

    Normally, Govt agencies, Corporates, Banks are the foremost targets of ransomware attacks who hold sensitive customer data and can pay quickly. During the Covid-19 when corporate workplaces became residential, cyber crooks use this as an opportunity to spread more phishing emails & malware driven attacks.

    Here are some best practices that you can follow for protection & prevention against a ransomware attack:

    What is Ransomware Protection

    System backup

    Regular data backup is the crucial step, that can reduce the risk of encrypted data or any data loss. So you can format the affected server and restore data quickly for business continuity. If possible keep more than two copies of the backup in two separate locations.

    Firewall Activation, Endpoint Protection

    Recent Endpoint protection programs provide a good defense against WannaCry, Maze, or Petya type of backdoor attackers.

    Additionally, keep a paid antivirus or security app in your system and update them regularly. Though antivirus is not that successful against modern ransomware variants but can safeguard against the most.

    You should monitor or scan unusual files, viruses, network traffic, CPU loads.

    Avoid untrusted sites, unknown links, Emails attachments

    Mostly email phishing and spamming are the beginning of a ransomware attack. You should be always watchful towards malicious email attachments, fake job offers, or any unknown web links. Avoid clicking, or download or open these files and report phishing if possible.

    Secure Webgateway

    You should use secure web gateways, so configure WPA2 encryption for your home router. It scans the traffic and prevents any malicious web ads that could lead to a ransomware attack.

    It is preferable to avoid ‘HTTP://’ pages, and visit only ‘HTTPS://’.

  • tiktok banned

    Tik Tok is the beginning of ChinaR...

    When your TikTok video or TikTok song gets thousands of likes & tiktok followers within few hours, it naturally feels great to become the popular guy, isn’t it? During the pandemic, tiktok download crossed 2 billion mark worldwide while India (611 million), China (197 million) & USA (166 million) are the top three countries in the list according to the Sensor Tower report. It’s clear that with the popularity & simplicity of the tiktok app, people gets addicted too quickly and but just wait – WHO are these millions of tiktok followers & are they REAL or FAKE !!

     

    What is tiktok? Tik Tok’s parent company is a Chinese multinational, ByteDance Ltd and it is powered by ByteDance AI Lab. As we know there’s no freedom of press in China, every organization must share their data with the Chinese Govt so every Tik Tok user’s data are currently with Chinese Govt. Are you still thinking how can tiktok apk or  make such a difference for an individual?

     

    Tik Tok is the beginning of China’s ‘2030’ mission – becoming the global A.I. superpower

     

    Why is Trump banning tiktok : does tiktok collect data from you?

    • It tracks your exact location, GPS signal feed every 30 sec (Tik Tok never discloses it!)
    • Even if you turned off the location feed or using a VPN, it can still collect data from your SIM card or your social media account (Again ! hacking your social identity)
    • Images, audio, camera, SD card access (personal data of your device)
    • Device info like device id, memory, CPU, scree size etc. (personal data)
    • Your login IP address, DNS server, MAC address (loop holes for Cyber theft)
    • What other apps are installed and all historical apps data (previous transactions)
    • It monitors your keystrokesaccess files in your phone, may get the net banking details like user id/ password
    • Tik Tok uses ‘http’, not ‘https’ (not a secured server, lack of encryption)
    • Tik Tok does a local proxy server setup in your phone for transcoding the media (can host a BotNet attack)
    • Tik Tok stores your data even after you deleted your account (violation of privacy policy)

     

    Is Tiktok getting banned in the US?

    • In small scale it might look trivial but in larger perspective if Chinese Govt wants to use these data against any countriy it could be disastrous; China already combines a gigantic amount of data with talent, companies, research and capital to build the world’s leading AI ecosystem. And that’s why Indian Govt asked Google & Apple to take down ‘tiktok india’ from the App store while US, UK, Australia, HongKong are seriously considering .

    Trump banning tiktok? Trump told reporters he’ll use executive power to ban TikTok On the other hand, yesterday Trump agreed to give 45 days to ByteDance to negotiate TikTok sale to Microsoft Corp

    • Why is Trump trying to ban tiktok? China had previously hacked many defense servers of UK/ US, so it is very much possible for them to use the Tik Tok data to hack millions of smartphones of any country and use them as connected BOTs. And then perform DDoS (Denial of Service attack), spread malwares to steal sensitive information from Defense servers, Bank data and many more.
    • This App is also too dangerous for Kids hosting inappropriate contents, & pornography; one example could be the New Zealand mosque attack video. It has already been fined in the US for illegally collecting information on children.

    TikTok Pro:

    While tiktok banned in India in June’2020 but “TikTok Pro” came into the market just after that, which is sending a fake SMS/ WhatsApp messages: “Enjoy Tik Tok video & create creative video once again. Now tiktok 2020 is only available in (Tik Tok Pro) then download from below link…” And the download link contains malwares. Likewise let’s not click on any tiktok songs, tiktok videos or tiktok money calculator links, this could be a worm or trojan.

    Conclusion

    So this is a question of national security more than individual hacks when it comes to threats like Chinese hacking. Therefore in the latest move Indian Govt banned 47 more Chinese apps (TikTok Lite, Helo Lite, ShareIt Lite, Bigo Lite and VFY Lite etc.) operating as cloned ones of the 59 previously banned apps in India last month. 

     

    Last Sunday Microsoft confirmed that it plans to seal the TikTok deal (microsoft tiktok) with Chinese parent company ByteDance after having a discussion with president Trump and Microsoft also ensured that the data of American people will not be shared with any countries and everything would remain in America.

    Although we don’t know yet ‘Is Trump banning tiktok’, ‘did Microsoft buy tiktok’ or ‘who bought tiktok’, but now it’s your choice if you’re going to search again ‘most shared tiktok video’ or ‘cloud bread recipe tiktok’ ?

  • Chinese hacking

    ‘Patriot Hacking’ by China over India...

    Last two decades national cross-border hacking is on the rise. There’re proofs that many Govt agencies hire a bunch of hackers to perpetrate other country’s military facilities, embassies, defense ministry, and many other sensitive departments.

    Recently we see while Chinese and Indian troops engaged in cross border face-offs, China is also orchestrating cyber-attack on every sector & digital platforms of India. This is a classic example of Patriot hacking like cyber warfare tries to shut down the internet facility of another country through invisible hackers. However, this is not the first time.

     

    Google v/s Chinese Govt:

    Google was launched in China in 2006 and was pull out sooner due to a massive hack on Google server by the Chinese Govt. Simply the reason was Chinese Govt wasn’t allowing its people to be anonymous over internet, so Govt asked Google to disclose people’s identity which Google denied. So Govt ran a campaign through Social Engineering attack to hack Chinese people’s systems who worked in Google that time. Here thousands of hackers pretend to be a different guy over social networking sites who talked over a period be friendly, shared files (injected worms/ malware) into victim’s computers and in a way break into Google’s firewall and secure databases. Google was obviously so pissed off and left China in 2010.

     

    Iran Nuclear Cookie recipe fraud

    Ten years back Iranian Govt was working on Nuclear weapons which the western countries didn’t like much. So American agents, CIA/ NSA, and Israelis jointly hacked the Nuclear facilities of Iran. It was the Stuxnet worm used to infect the computers & OS of the nuclear plant. It could be that the virus was either placed in Iranian scientist’s computers at some conference or planted in the servers much before they were shipped (Zero-day attack) to Iran. In the end, American/Israeli hackers replaced the important research papers, nuclear recipes by how to make Choco chips cookies recipe. Iranian Govt was naturally very furious and declared internet shutdown across the country as a result.

     

    China is considered to have the largest cyber hacking contingency in the world, hundreds of thousands of full-time hackers; they previously have hacked the US & UK dept of Defense, State depts, military facilities, and many more. Similarly, countries like North Korea and Pakistan, also depend on their full-time hackers to feed their Govt. These Govts earn billions of dollars a year through hacking, they normally hack banks to steal money or use Ransomware type attacks.

  • Phishing attack

    SBI and PSU Banks urges its customers...

    For last few days perhaps millions of banks account holders in India had received emails from”ncov2019@gov.in or with the subject lines COVID-19 Testing’, ‘COVID-19 support. As per warning from major PSU Banks they’re all phishing attacks, tries to steal customer’s sensitive login information. To warn its customers SBI tweeted:

    What is Phishing?

    It uses fake login pages, fake subject lines, sometimes fake job offers/ password expiry emails to defraud people. When you click on them sensitive information like username, passwords, key loggings are stolen. Advanced cyber attacks like Ransomware starts with Phishing.

    Example of Phishing:

    ·      Indiacovid19.com (any fake domain names)
    ·      Phishing emails from ‘accounts@gmall.cominstead of ‘accounts@gmail.com’
    ·      www.facebo0klogin.com (fake login pages)
    Depending on the types of victim (individual, corporation, Big fish like CFO etc) Phishing attacks differs like – Spear Phishing, or Smishing or Whaling or Pharming.
    Like Phishing, there’re many other ways to lure people with a “free subscription link”, “free insurance link” over WhatsApp, or using fake weblinks victim’s social media account page is comprimised and many more.

    How to safefuard against Phishing and related cyber attacks:

    Spot Phishing
    • Discard emails from unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete the
    • Phishing emails generally contains info like lottery, job offers, freebies etc.
    Govt. webpage, mobile application
    • Strictly follow Govt. webpages, genuine Apps for Covid-19 news and updates
    • Don’t visit any ‘http://‘ sites, always visit ‘https://
    • Avoid webpages with unfamiliar fonts, color, spelling error
    Online banking
    • Try to use corporate computers more for online banking, money transferring as it provides end point protection against any malware, external threats
    • Double check the UPI Id, validate the bank/ merchant name before payment
    SMS links
    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links
    Don’t Accept/ Click
    • Don’t click on unknown online widgets, flash images, pop-ups when you’re browsing websites
    • Don’t Accept cookies from untrusted webpages
    Home PC, Mobile
    • Its mandatory to get an authentic antivirus/ security app installed and update them regularly
    • Use WPA2 encryption for your home router
    Avoid untrusted sites
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    Virus Scan
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    Avoid public Wi-Fi
    • Never use free WiFi at coffee shops, Railway platforms, Airports
  • machine learning to detect phishing

    Detect malicious URLs using Machine L...

    Phishing, Pharming are very common types of fraud to deceive people on the internet using malicious URLs, links. In the current Covid-19 perspective, IT organizations are also struggling to secure the corporate network from all sorts of malware viz. Ransomware, Virus, Worm, etc. Correspondingly enterprises see AI/ML-based solutions has the potential to address phishing related threats in much more efficient ways. Machine Learning, Deep Learning based solutions expect labeled datasets, extensive datasets to flag suspicious URLs efficiently. Although today advanced Deep learning solutions are used more often than traditional rule-based or Machine leaning approaches, we start with a machine learning approach first to flag mal URL samples. We’ll try the same problem again with Deep learning later.

    Problem statement:
    To predict malicious URLs from a dataset containing legitimate and malware samples.
    Data Set:
    https://github.com/pmitra0407/Flag-Malicious-URLs/blob/master/Malicious%20URLs.ipynb
     
    The dataset contains both good & bad URLs
    File Parse:
    Once you read the data set, it comprises of 420K rows and 2 features (URL & label).


    Target variable is “label”, let’s look at the distribution

    Feature Extraction: It is about extracting the domain information from the URL. 
    Python TLD-extract package has been used to fetch the domain, subdomain, TLD information:
    Data preparation is performed using Scikit learn, label encoded
    Feature selection not being done as we’ve considered all features here, but we could use SelectKbest
    The classifier used: Decision Tree, Random forest
    Random Forest Classification::

    Decision Tree Classification::

    Conclusion:
    Both Random Forest and Decision Tree works fine here, although we can tune these models further. Will see how Deep learning works in our next assignment.
      
    For detail code lets visit:
  • cyber security using machine learning

    Malware Detection using ML

    Cyber Security is the major concern for industries today & it’s continuously growing in numbers. Enterprises see AI/ML based solutions has the true potential to address cyber threats in much more efficient ways. Machine Learning, Deep Learning based solutions expect labelled datasets, extensive datasets in order to flag Malwares. Although today advanced Deep learning solutions are used more often than traditional rule based or Machine leaning approach, but we start with a machine learning approach first to detect malware samples. We’ll try same problem again with Deep learning later.

     
    Problem statement:
    To predict malwares from a dataset containing legitimate and malware samples.
     
    Data Set: https://github.com/pmitra0407/Malware-Detection/blob/master/MalwareData.zip
    The dataset contains both legit & malware samples (.exe/.dll).
     
    File Parse:
    Once you read the data set, it comprises of 138047 rows and 57 features:

    Column Names:


    Target variable is “legitimate”, let’s look at the distribution

    Data preparation is performed using Scikit learn
    Feature selection not being done as we’ve considered all features here, but we could use SelectKbest
    Classifier used: Decision Tree, Random forest

     

    Random Forest Classification::

    Decision Tree Classification::

    Conclusion:

    Both Random Forest and Decision Tree works fine here, although we can tune these models further. Will see how Deep learning works in our next assignment.
     
  • Ransomware

    Cybercriminals use malware to hack yo...

    Globally all the business sectors are still struggling to get through the Covid-19 impact, but it’s business as usual for the cybercrooks, who likes more online traffic. Corporate security teams need to be ready with their security infrastructure against a series of cyberattacks during the Covid-19 pandemic when new technologies are adopted for remote collaboration and communication.

    A recent checkpoint published report shows, during pandemic lockdown how the malware attacks had grown rapidly with the increase in internet traffic:


    What is Ransomware?

    Ransomware attack is a type of Malware attack, which encrypt or lock a victim’s computer/ website, and demand ransom for recovery. The sensitive data, system control is locked until the ransom is paid, and usually, it is settled in Bitcoins later which can’t be traced.

    • Very recently Indiabulls and Cognizant servers were targeted by the ransomware “Maze
    • The famous and the biggest one was the “WannaCry” ransomware attack, thousands of Windows corporate computers were infected back in 2017
    • Mobile app-based ransomware is growing, completely locks your device 
    • “Locker” is another kind of ransomware which infects the victim’s OS & make it impossible to access the file system, applications



    Malware is a term widely used for malicious software that includes viruses, Trojan, Worm, and many other types. Typically, malware is used to slow down or crash the servers, spy over the remote computers, and sometimes shutting down the server as well.

    A virus is a trigger-based (normally .exe/ .bat files) software program that is put in the victim’s computer to do some specific con. It generally put in the servers, system registry 3-4 level down by the attackers so that antivirus, snippers won’t be able to see it.

    Trojans
    are genuine-looking files (text, video, image) used to infect the system memory, spy over the system logs, hijack traffic.

    Worm
     – It has the capability of replicating its copies across the victim’s network without user intervention/ any trigger; it overloads CPU processes to downgrade system performance and lead to even system crash down.

    Cybercrooks used these Malwares in many forms, unnoticed by the IT security guys :


    Timebomb attack – when a program is planted to do damage at a later date after a criminal is far away. Typically committed by internal folks who put this virus into a system with a trigger date after his last day in Organization

    Zero-day attack – Criminal puts malware in the new servers, switches before hardening so initially system looks okay but after some period vulnerability starts to open up 

    XSS attack – In Cross system scripting attack the fraudster hacks a genuine website and adds malicious links/ images in it using JavaScript malware; which will eventually take the visitor to certain pay per click sites. Used to deface the value of the website.

    Brute force attack – A program to try every single type of password; Most of the people don’t change the default password so it’s a very popular attack these days. for Ex. facebook brute

    Social Engineering attack – Trap Customers or collude ex-employees to reveal system weaknesses, passwords, etc.

    Denial of Service (DoS) attack– Attackers used techniques like HTTP flooding or using Botnets to shut down the server. It’s like thousands of browsing requests from many different computers (DDoS) from a range of attacking IP addresses.


    How to Protect against Ransomware:

    Usually, the Banks, Govt agencies, Large Corporates are the main targets of Ransomware attacks who hold sensitive data and can pay quickly. During the Covid-19 pandemic when the corporate workplaces turned residential many of these logical malware-driven attacks are inevitable. It’s required to educate employees, customers about it and protect against it:
    • It is advised to get an authentic antivirus/ security app installed and update them regularly
    • Use WPA2 encryption for your home router
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so, change it
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    • Never use free WiFi at coffee shops, Railway platforms, Airports
    • Need to upgrade on to cloud-based applications, much secure, and can be rolled back; otherwise, get a system back-up to a hard drive.
    • Discard emails from an unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete the Phishing emails generally contains info like a lottery, job offers, freebies, etc.
  • Phishing

    Cyber frauds are looming during Covid...

    Covid-19 has changed our daily lifestyle, people are working from home and spending more time on the internet than ever before; needless to mention every one of us is anxious and scared about the situation, frequently checking various Covid-19 online links to get updates. Well, this brings a golden opportunity for hackers to target individuals & companies and make money. Some recently published reports show since Feb’2020 thousands of new domain names were created with keywords viz. Corona, COVID, Pandemic, Virus, WHO, Vaccine, so on.. & most of them are likely to spread malicious activities.
     
    Before get to online vulnerabilities let’s understand the fact that, most of us use (i) Windows operating systems who can be (ii) easily persuasive and (iii) have no security systems in their computers or mobile phones.
     

    Phishing Attack: The most common type of fraud – uses fake login pages, fake COVID domain names, fake job offers to defraud people. Fraudsters use popular topics to infringe companies’ trademarks or steal sensitive customer information. Some examples are:
    • Phishing emails from “ncov2019@gov.in” or with the subject line COVID-19 Testing” (recent SBI fraud in India) or
    • India-covid19.com (any fake domain names)
    • Phishing emails from ‘accounts@gmall.com’ instead of ‘accounts@gmail.com’  or
    • www.facebo0k-login.com (fake login pages)
    • Depending on the types of a victim (individual, corporation, Big fish like CFO, etc) Phishing attacks differ like – Spear Phishing, or Smishing or Whaling or Pharming.
    Pharming Attack: It starts with fake web links, forged Play store apps, when you click on them malicious codes are injected into your computer to poison your DNS server; Now let’s understand that your DNS name is your identity and it contains the private IP to public IP mappings vice versa. So when you login next time your legitimate online banking link might land you to the hacker’s fake webpage using false entries at your DNS cache.

     

    SMS Forging or Smishing Attack: Now that there’re many more gateways between IP networks and SMS networks, hackers can send SMS links from the Internet using Mobile operator’s forms. For example, COVID Donation link”, “Free COVID Insurance link”, “Free Netflix Subscription link” to lure people.
     
    Covid-19 Donation Fraud: In recent past Govt of India announces “PM-CARES relief funds” for donations to fight economic recession; however according to reports thousands of fraud portals, fake UPI Ids related to coronavirus were created to siphon-off the donation money. For Ex. the correct UPI ID of PMCaresFunds is pmcares@sbi but many fake IDs such as pmcare@sbi were created very next hour, eventually blocked later.



    Simple Bootup hijack (Back Orifice 2000): Pertinent for people who’re now working from home has to share their Windows desktop, sometimes gives system control. Like this when any unattended PCs are available, running some simple codes in the system directory to get complete control of the victim’s pc keystrokes, screen, etc; it is too dangerous since it operates silently in the victim’s computer and undetectable to any antivirus running on victims computer.


     
    Tab Nabbing Attack – When the victim opens multiple tabs in his pc, using some sophisticated cross-site scripting, browser extension, or flash widgets (showing Covid-19 updates) attacker gets access to open tabs of the victim’s computer. Now realize that the victim’s open online bank page/ trading platforms or open corporate pages can easily be compromised.


    Bruteforce Attack – It’s an attempt to guess a password or encryption key by systematically checking every possible option. For Ex. ‘Facebook brute’, ‘Twitter brute’,  other eCommerce brute viruses try to steal your password; that’s why passwords are given limited try option until the account locks. Yet unfortunately, it is being seen that most of the people don’t change their default/ first password.


    How to Protect yourself – Tips and Recommendations:

    Follow Govt. approved Webpages, Mobile App

    • Strictly follow Govt. webpages, approved Apps for Covid-19 news and updates
    • Be careful about the site visit- try to avoid ‘HTTP://‘ pages, always visit ‘https://‘ pages
    • Avoid webpages with unfamiliar fonts, color, spelling errors
    Online Banking
    • Try to use office/ corporate computers for online banking, money transferring as they provide end-point protection against any malware, external threats
    • Double-check the UPI Id, validate the bank/ merchant name before payment
    SMS Links

    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links, don’t share until you verify the link
    Spot Phishing
    • Discard emails from an unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete or report phishing.
    • For your info phishing, emails generally contain info like Prizes, Lottery, Job offers, freebies, etc.

    Before you Accept/ Click

    • Don’t click on online widgets, flash images, pop-ups during browsing a webpage
    • Don’t Accept cookies from untrusted webpages, click ‘x’ and close
    Home PC, Mobile
    • It’s mandatory to install authentic antivirus, security apps & update them regularly
    • Use WPA2 encryption for your home WiFi router
    Avoid untrusted Sites
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    Virus Scan
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    Avoid public Wi-Fi
    • Try not to avoid free WiFi at Airports, Coffee shops, or Railway platforms like areas; and never log in to your online banking page or make any financial transactions