• 5g speed

    5G speed | 5G vs 4G | How many countries have 5g networks? | New 5G phones

    5g speed & latency are the most significant features offering new enterprise revenue models and business opportunities. Cellular networks revolutionized from 3g to 4g LTE with the strong demand for mobile broadband. 4g speed paved the way for many social apps like YouTube, Facebook, and OTT streaming apps like Netflix, Hotstar, Prime, etc. Currently, there are more than 40 countries with tested & trialed 5g networks across the world.

    Difference between 4G and 5G network:

    5g technology is expected to be much faster than 4g, offering higher broadband speed (throughput), lower latency & much higher bandwidth.

    Telcom
    Generation
    4G5GDifference
    Peak 5G Speed100Mbps10Gbps100 times higher
    Average 5G Speed25Mbps200Mbps10 times higher
    latency 50 milli secods 1 milli second50 times lower
    Coverage /
    Connection density
     2000 / Kms2 1 million/Km2 10 times higher

    5G Speed

    Data speed is the most common differentiator between 4G & 5G.

    The 4G top speed can reach up to 100Mbps but its real-world speed is only up to 35Mbps. Now let’s look at the 5G speed:

    • Peak downlink 5g speed is 20 Gbps
    • Peak uplink 5g speed is 10 Gbps.

    However, the 5G average user experience data rate is ranging between 100 Mbps to a peak of 3 Gbps. overall, it ensures at least 50 Mbps everywhere.

    So, How long it takes to download a two hours movie?

    5G Latency

    Latency is a measure of time that a data packet takes to travel between two points. Key 5g services like remote surgery, mission-critical robots, self-driving cars, etc. are built on the 5g ultra-low and reliable services.

    4G networks latency is approx 50 milli seconds (ms) whereas,

    5G URLLC (ultra-reliable and low latency) latency is only 0.5 ms.

    And the eMBB (Enhanced broadband) latency is 4 ms

    5G Coverage

    4G has major issues with low coverage and very low connection density, because of the spectrum capacity.

    • Typically 4G antennas can support only 2000 devices per square kilometer.

    Even though 5G is in infancy, it can support nearly one million devices (phones, sensors, machines, etc.) per square kilometer.

    5G spectrum

    5G certainly has more spectrum capacity than 4G.

    4G spectrum was 600MHz to 2.5GHz which uses a narrow slice.

    5G spectrum has two bands:

    (i) sub-6GHz: It is suitable for broadband services around densely populated urban areas, catering to the need of consumers, businesses, and industries.

    (ii) mmW (millimeter wave): is capable to serve hotspots areas like stadiums, airports where the data rate demand is huge, up to 5Gbps.

    5G network countries:

    As per Q1 2021, commercial 5G networks are present in more than 60 countries worldwide wherein hundreds of telco operators have tested or trialed it so far. Out of them, China & the USA are the top two players followed by South Korea having the most cities with 5G networks.

    5G in China:

    • Covering around 350 cities, China has made the fastest 5G adoption. The top three CSPs in China – China Mobile, China Unicom, and China Telecom have already deployed 5G since 2019.
    • It’s the sub-6GHz spectrum band used in entire China, mmWave license will be added later by the Govt.
    • There’re 500K+ 5G base stations that have been installed in most of the major cities in China
    • Moreover, there’re 50 million subscribers using 5G, and around 100 million 5G mobile phones
    • The average 5G data cost is around 0.7 USD per 1Gb.

    5G in the USA:

    • Covering around 280 cities by major operators, the USA is in the second position. Verizon was the first to turn on 5G, sooner followed by AT&T, T-Mobile & Sprint.
    • Initially, it started with the mmW based deployments however, sub-6GHz was also been used afterward. So it’s a mix of mmW and sub-6HHz. Also to cover entire cities, C-band (low band< 6GHz) is coming soon in the USA.
    • It is mostly non-standalone (NSA) based deployments in the US, which means 5G is leveraging the existing 4G coverage to set up a connection.
    • More than 200 million customers are now covered by the 5G networks across the country.

    In Europe, 27 operators are using mostly sub-6GHz to deploy 5G networks. Leading 5G countries in Europe are the UK and Spain.

    Likewise in Asia, South Korea and Japan are expected to be covered by 5G in 2021. Here it’s mainly millimeter wave (mmW) driven deployment. Similarly, Middle East, Australia, and South Africa also not far behind, launched 5G in 2019.

    5G phones

    Change in every telecom generation means more RF (radio frequency) components, antennas to be integrated inside the mobile phone, and accordingly, it’ll be a more complex & costlier hardware design.

    5G device cost is approximately 2.5 times than a 4G device.

    Some examples of 5G enabled mobile phones are:

    • Samsung Galaxy S10 5G
    • Samsung Galaxy Note10+ 5G
    • Samsung Galaxy A90 5G
    • OnePlus 7 Pro 5G
    • Moto z3
    • Xiaomi Mi MIX 3 5G
    • Huawei Mate X
    • Huawei Mate 30 Pro 5G

    P.S. Check out more on 5G here=> What is 5G?

    Please do share your comments if you like to know any specific about 5G technologies like Augmented reality or Virtual reality. Happy learning !!

    References:

    https://www.speedtest.net/insights/blog/what-is-5g-guide/

    https://gsacom.com/press-release/5g-commercial-networks-are-now-live-in-more-than-60-countries/

  • what is 5G

    What is 5G | 5G networks | 5G technologies: AR, VR, IoT

    5th generation telecom standard (5G) has been buzzing in recent times to cater to nearly 2 billion mobile subscribers worldwide by 2025. But what is 5G? Unlike 4G, 5G is more than just a telecom generation, it is capable of having a network within a network. It serves many new applications like Machine to Machine (M2M) communication, Internet of Things (IoT) and enables new revenue growth opportunities for the communication service providers (CSPs).

    Let us look at the evolution of 5G:

    GenerationTechnologyFeature ServicesPeak Speed
    1G was about analog communicationCellular technology [AMPS]Only Voice14kbps
    2G was the era of Digital TechnologyGPRS, EDGEVoice, SMS, Email384Kbps
    3G was the era of Mobile InternetUMTS, CDMAVideo Calling, BoD, Web browsing2Mbps
    4G was the era of Mobile BroadbandLTEVoLTE, VoIP, High speed data, Video calling, IPTV, OTT Streaming100Mbps

    What is 5G?

    5G network is promised to transform businesses and society. Significantly, it enables faster connectivity and faster services and brings new opportunities, new revenue streams, and new business models with it.

    In short, with a higher capacity, 5G is expected to connect anything (mobiles, machines, sensors…) in the physical world to the Internet.

    Why 5G?

    4G has laid the mobile broadband platform for audio & video content over the Internet, Social networking, P2P file sharing, Streaming apps. Examples are different OTT platforms like Netflix, Amazon Prime, Hotstar, and so on. As the mobile data traffic (Video streaming) went up with the increasing mobile subscriptions, simply 4G cannot satisfy this enormous demand. Here are some interesting statistics:

    1. Mobile broadband traffic is expected to grow ~ 30% YoY until 2024
    2. Advanced services such as Augmented Reality (AR), Virtual Reality (VR), UHD, 360Deg Video are also in demand, expected to transform the digital world
    3. In addition, recent analysis shows OTT (Netflix/ Prime) traffic went up by ~ 55%
    4. Moreover, the global Internet of Things market is expected to reach ~ USD 724.2 Billion by 2023

    5G Services:

    5G use cases

    1. 5G Enhanced mobile broadband (eMBB):

    5G enhances limited 4G LTE capabilities to provide a greater capacity mobile broadband with higher bandwidth and higher throughput [1 Gbps user exp., at least 50 Mbps everywhere]. The ultimate goal is to deliver seamless coverage with high connection density to the end-users.

    1.1 Smart Home/ Office

    • Mobile broadband handles heavy data traffic of hundreds of users in an office environment.
    • Alexa-enabled smart home solutions are capable of controlling the lights, TV, music system, AC, Geyser, Air purifier, Vacumn cleaner, and other connected devices.

    1.2 Virtual Reality (VR)

    • High resolution streaming display (4k/8k video) for watching virtual reality contents
    5G Virtual reality gaming
    • Virtual Reality is not just about gaming, it is revolutionizing other industries like Sports, Education, Military, Medicine, etc. Examples are ClassVR (Educational VR App), VR360 (science and industrial use), Facebook Horizon (online gaming), VR-enabled movies, etc.

    1.3 Augmented Reality (AR)

    Unlike VR, augmented reality superimposes an image on top of a video or camera to feel like a real physical thing with sound and other technologies. Some examples are:

    5G Augmented reality
    • Google Map AR application shows digital navigation by recognizing the building names, street view & visual positioning.
    • Google Lens reads the object & gives all essential details
    • Snapchat AR filter transforms the objects & their characters by introducing a 3D effect

    2. 5G Massive machine type communication (MMTC):

    Millions of IoT sensors deployed very densely to capture, track small signals and send them back to the centralized server. The IoT signals are:

    • Occasional data communication (Delay tolerant)
    • Low data rate
    • Low data volume
    • Long battery life
    • A large number of devices / deep coverage

    2.1 NB-IoT (narrow band), Mass sensors

    Agri IoT
    • Firstly, agricultural mass sensors to track weather parameters
    • Secondly, connected wearables that capture health conditions such as Apple Watch, Fitbit, etc.
    • Finally, industrial IoT applications use mass sensors (temp sensor, pressure sensor, image sensor, motion detector sensor, and many more..)

    2.2 Smart City, Smart Meters

    • For example, Smart Parking, Smart street lighting, Waste management, Smart connected grid, and many more.
    • In other words, smart indoor electric appliances, connected utility meters, home security systems, smart locks are connected meters.

    3. 5G Ultra-reliable and low latency communications (URLLC):

    5G new radio communication (5G NR) addresses LTE latency issues and it is capable of much faster & smoother communication with a minimal delay (or latency) and high reliability.

    Above all URLLC is the most powerful and promising 5G capability, it is also termed as critical machine type communication.

    Ultra-high reliability: It means the network cannot have downtime even for few seconds.

    Ultra-low latency With URLLC latency of 0.5 milliseconds, it ensures almost zero time lag from the controlling point.

    URLLC

    3.1 Mission Critical Applications (Remote surgery, Robots)

    A remote surgical robot is able to conduct surgery from a distant controlling point where network reliability and very low latency are of utmost importance. Therefore, 5G secures zero time tag in the whole surgery process otherwise it might cause very severe consequences.

    3.2 Self Driving Car

    • Similarly, using URLLC service, the vehicles connect to each other, to other network services, to other cyclists, and guarantee no accident takes place.
    • Whereas the car infotainment system like music, gaming are other services deployed on the eMBB capability not on URLLC.
    Connected cars

    4. 5G Fixed wireless access (FWA):

    Finally & most importantly, CSPs have the unused spectrum band which they can monetize for the suburban areas by providing fixed wireless access with a minimum speed of 50 Mbps. The FWA revenue model works on top of the eMBB revenue model.

    4.1 Hotspots/ Public Transportation

    For instance, using consumer premise equipment (CPE) to boost indoor and outdoor coverage by the ethernet hotspot can be an FWA case.

    4.2 Broadband everywhere:

    Similarly, FWA also provides consistent broadband coverage at 50Mbps at rural cellular sites using the unused allocated spectrum.

    P.S. Check out more on 5G speed, 5G vs 4G here=> 5G speed & countries with 5g network

    References:

    https://www.speedtest.net/insights/blog/what-is-5g-guide/

    https://gsacom.com/press-release/5g-commercial-networks-are-now-live-in-more-than-60-countries/

  • phishing attack

    What is Phishing | Whaling & Spear Phishing | Tips to avoid Phishing

    Phishing means, like a baited hook attackers uses malicious email attachments, fake web links to grab sensitive customer information like passwords, credit card numbers, PINs, etc. Phishing is the oldest & simplest form of cyberattack and the most effective one. In other cases, attackers also use popular topics to infringe companies’ trademarks using Phishing techniques.

    Phishing represents 77% of all social-based attacks

    Phishing E-mail example
    Example of a Phishing email

    How Does Phishing Work

    Most internet subscribers are vulnerable to phishing attacks. It’s because often they use (i) Windows operating system, (ii) are persuasive, and (iii) do not have security software or antivirus in their system. Let’s have a look at how a phishing attack executes:

    1. Depending on the type of victim (individual, organization, a large group of users, etc.) firstly, the attacker first collects basic information about the target.
    2. Secondly, the attacker distributes emails with malicious attachments or constructs a fake eCommerce/ social engineering/ banking website as a trap.
    3. Thirdly and most importantly, the victim fails to understand these social engineering tricks and opens the email & attachment or visits the fake web link.
    4. Finally, the RAT (Remote access trojan) is installed in the target system, it is exploited.
    5. Additionally, RAT tries to access additional computers in that same network
    6. In conclusion, sensitive information is leaked by the attacker/ phisher

    Types of Phishing attack

    What is spear phishing?

    Depending on the type of victim, phishing turns to spear phishing which is target based attack, not a regular mass email attack. Typically this message contains the recipient’s name and information related to in-depth professional or personal matters.

    How does Spear Phishing work

    1. Initially, the hacker researches the names of employees of an organization and picks a victim.
      • IT manager who has full network access
      • Finance/ Marketing Manager who approves payment to the suppliers or vendors
    2. Moreover, from the organization page, or social media research like LinkedIn, Twitter, Facebook profile, the perpetrator gathers sufficient details about the victim.
    3. After that, perhaps acting superior or department colleague, the attacker sends out an email with a fake malicious link or attachment (for ex. invoice copy) to the victim, using a proper, standard email template.
    4. As a result, when the victim uses his credential to open the document or the link, the hacker captures his credential to gain the access to the corporate network.

    It is very hard to prevent spear phishing attacks as it is target driven; it already has made enough damages to many businesses and governments.

    spear phishing

    What is Pharming?

    Pharming starts with fake web links, forged Play store apps. If you click or download any of these apps, malicious codes are injected into your system to poison your DNS server.

    Pharming DNS Spoofing
    Pharming Attack

    To clarify this, your DNS name is your identity and it contains the private IP to public IP mappings vice versa. So, when you login next time your legitimate online banking link might land you to the hacker’s fake webpage using false entries at your DNS cache.

    What is Smishing or SMS phishing

    Smishing means using SMS texts, hackers spread phishing (malicious links) attacks. That is to say, there’re many gateways between IP networks and SMS networks. Therefore, an attacker can send SMS links from the Internet using Mobile operator’s forms to distribute SMS Phishing attacks.

    • Free Netflix Subscription link
    • COVID Donation link
    • Free COVID Insurance link & many more
    Smishing attack
    Smishing attack

    What is Vishing

    Like Smishing, Vishing is a voice phishing technique performing the same kind of scam. The attacker over the phone pretends as an income tax officer (IRS), or a bank employee, or a policeman.

    Eventually, they scare you with some kind of a problem & ask you to pay the fine immediately or insist to share your account details. The criminals gather details about the victim beforehand so it’s become easier to deceive them.

    What is a social engineering attack?

    People are the biggest vulnerability of any network. Social engineering is the art of persuading to gain illegal access to a building or to a corporate network. It’s certainly not technical hacking rather exploiting human psychology.

    Phishing is a kind of social engineering attack. so let’s explain it better.

    Commonly social engineering techniques are performed by these people (i) Customer service (ii) Delivery staff (iii) Phone calls (iv) Tech support

    Social engineering is dangerous to personal or corporate data. Once a social engineer is able to gain your trust, he can pose an IT helpdesk guy, to snoop on your corporate password to steal sensitive data. Moreover, acting as a delivery staff who forgets his key, a criminal can enter an office building with the help of a staff.

    How to protect against phishing attacks

    Avoid Phishing Emails

    • You should discard emails from an unknown person, unfamiliar address
    • Similarly, you should avoid emails containing untrusted attachments – just delete or report phishing.
    • For your info, most of the phishing emails generally contain subjects like Prizes, Lottery, Job offers, freebies, etc.

    Tips to avoid phishing scams

    Strictly follow Govt. approved webpages, mobile App

    • Strictly follow Govt. webpages, approved Apps for Covid-19 news and updates
    • Be careful about the site visit- try to avoid ‘HTTP://‘ pages, always visit ‘HTTPS://‘ pages
    • Avoid webpages with unfamiliar fonts, color, spelling errors

    Online Banking

    • Try to use office/ corporate computers for online banking, money transferring as they provide end-point protection against any malware, external threats
    • Double-check the UPI Id, validate the bank/ merchant name before payment

    SMS Links

    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links, don’t share until you verify the link

    Before you Accept/ Click

    • Don’t click on online widgets, flash images, pop-ups during browsing a webpage
    • Don’t Accept cookies from untrusted webpages, click ‘x’ and close

    Home PC, Mobile

    • It’s mandatory to install authentic antivirus, security apps & update them regularly
    • Use WPA2 encryption for your home WiFi router

    Avoid untrusted Sites

    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms

    Virus Scan

    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month

    Avoid public Wi-Fi

    • Try to avoid free WiFi at Airports, Coffee shops, or Railway platforms like areas; and never log in to your online banking page or make any financial transactions
  • what is ransomware attack

    What is Ransomware Attack | Know Types, Protection & Removal

    A Ransomware attack is a type of Malware, that encrypts or locks a victim’s computer, and demands payment (in bitcoins) for recovery. If your computer is compromised with a ransomware attack, all files (.doc, .txt, .mpeg, .xlsx, etc.) would be encrypted using a public, private combination key. The hackers lock these sensitive files, takes the system control until you pay the ransom.

    Now the victim has no option left other than

    1. Pay in bitcoins (which can’t guarantee anything) or
    2. Ransomware removal by formatting the computer or server

    How Does Ransomware Work

    All types of endpoint systems, terminals are vulnerable to ransomware attacks. For example, IT servers, personal computers, point of sales (POS), printers, smartphones, any smart gadgets, even further Smar Cars, Smart Homes are also vulnerable to ransomware.

    Lets see how it works:

    1. Ransomware attack usually starts with a spam link sent by the hacker (not necessarily only through emails, could be third-party websites, any unknown link)
    2. As soon as, the user clicks on the link malware gets downloaded to the computer
    3. Then the malware automatically run in the computer and the virus makes a copy in the C drive (all the commands, shells are copied)
    4. Likewise, newly added registries are copied in the computer
    5. Now the hacker can connect to the computer using the corrupt registries
    6. Thereby hacker takes control of your data, uses a key to encrypt these crucial data, and locks the computer.
    7. Now the victim gets a message from the hacker asking for ransom unless data would be deleted or shared online.

    Types of Ransomware

    Scareware

    This is kind of a tech support scam, where you’ll get a pop-up message asking for payment against the removal of malware, discovered in your computer. But in this case, your files are safe. If you don’t pay you’ll get repetitive scary messages, that’s it.

    Screen lockers

    Lock screen ransomware locks your computer screen. You won’t be able to access it, a full-screen pop-up will appear with an authentic-looking Defense or Govt logo on it. It will now demand a fine for performing an illegal activity. However, this is just to defraud you, no police will freeze your account.

    Encrypting ransomware

    Cybercriminals take control of your system first and then seize the important files & folders to encrypt them using a sophisticated key. Next, they demand ransom in order to return the control back by decrypting the files. It’s so deadly that no security software or system restore can return the data. And even if you pay the ransom, no guarantee that the hackers will give those files back, all are gone (mostly happens).

    Ransomware Attack Types

    WannaCry

    The most popular and large ransomware, affecting millions of windows machines in 150+ countries, causing multi-billion dollar losses in 2017. It was a self-contained, self-propagated TOR program that spread autonomously from one computer to another. It pop-up appears after windows load as below:

    wannacry ransomware attack
    Wannacry ransom note with timer & bitcoin link

    Petya and NotPetya

    Petya, dawned around 2016, encrypts the computer hard-disk using a very sophisticated encryption algorithm. This makes the entire disk inaccessible. It’ll ask you to install the Tor browser (darknet) and then the steps for decryption to follow.

    Later it reoccurred with the new variant NotPetya, extremely dangerous than the former. NotPetya can propagate by own and is able to spread without human intervention. It asks for ransom in bitcoin and then you need to share your key to the hacker’s mail id for decryption. There’s almost no chance of getting back your files as the hackers used fake email ids.

    Petya and NotPetya use the same vulnerability from WannaCry to spread across computers and both infect Windows computers.

    Petya ransomware
    PETYA Ransomware, steps to decrypt your files

    CryptoLocker

    It’s a similar kind of file-encrypting ransomware, came up in 2013, the first kind of modern age ransomware. In early 2014 at its high, it infected more than half a million computers via an email attachment. It is obsolete now.

    Cryptol Locker
    Cryptolocker popup

    Cerber

    Cerber runs silently into the system to stop all windows security features & antivirus. Cybercriminals use this kind of service while encrypting the files using Windows vulnerabilities.

    Bad Rabbit

    It spreads across Europe and Asia back in 2017 by fake Flash player updates. Mainly the targets are located are news & media companies in Russia, Ukraine, Tukey, and Germany. However, it is possible to decrypt the files if you pay the ransom, unlike other ransomware variants.

    Maze

    Like other varieties of malware in the past, it also spreads across corporate networks & servers and encrypts data using a combination key so that it cannot be accessed. Very recently in 2020 Indiabulls, Cognizant servers were targeted by the Maze ransomware

    Modern variants of ransomware like Ryuk, Robinhood, Thanos emerge in recent years, are extremely harmful

    Recent variants of ransomware

    What is Mobile Ransomware

    Mobile ransomware is a kind of Android malware that affects mobile devices. It doesn’t commonly prevent access to files or steals sensitive data, rather blocks the mobile device. Mobile users don’t understand the risk of clicking fake web links or downloading malicious content. And that’s how this malware is distributed through malicious apps or social engineering attacks. In recent years both Cryptolocker ransomware attack found in both Andriod and Apple devices while Doublelocker affects many android devices PIN and encrypted stored data.

    Mobile Ransomware
    Mobile Ransomware

    If infected, you need to boot up your mobile device in safe mode and remove all apps in order to get back access. Also, to safeguard you need to install strong mobile security software & update patches regularly.

    How to Protect against Ransomware

    Normally, Govt agencies, Corporates, Banks are the foremost targets of ransomware attacks who hold sensitive customer data and can pay quickly. During the Covid-19 when corporate workplaces became residential, cyber crooks use this as an opportunity to spread more phishing emails & malware driven attacks.

    Here are some best practices that you can follow for protection & prevention against a ransomware attack:

    What is Ransomware Protection

    System backup

    Regular data backup is the crucial step, that can reduce the risk of encrypted data or any data loss. So you can format the affected server and restore data quickly for business continuity. If possible keep more than two copies of the backup in two separate locations.

    Firewall Activation, Endpoint Protection

    Recent Endpoint protection programs provide a good defense against WannaCry, Maze, or Petya type of backdoor attackers.

    Additionally, keep a paid antivirus or security app in your system and update them regularly. Though antivirus is not that successful against modern ransomware variants but can safeguard against the most.

    You should monitor or scan unusual files, viruses, network traffic, CPU loads.

    Avoid untrusted sites, unknown links, Emails attachments

    Mostly email phishing and spamming are the beginning of a ransomware attack. You should be always watchful towards malicious email attachments, fake job offers, or any unknown web links. Avoid clicking, or download or open these files and report phishing if possible.

    Secure Webgateway

    You should use secure web gateways, so configure WPA2 encryption for your home router. It scans the traffic and prevents any malicious web ads that could lead to a ransomware attack.

    It is preferable to avoid ‘HTTP://’ pages, and visit only ‘HTTPS://’.

  • tiktok banned

    Tik Tok is the beginning of China’s mission to becoming the global A.I. superpower

    When your TikTok video or TikTok song gets thousands of likes & tiktok followers within few hours, it naturally feels great to become the popular guy, isn’t it? During the pandemic, tiktok download crossed 2 billion mark worldwide while India (611 million), China (197 million) & USA (166 million) are the top three countries in the list according to the Sensor Tower report. It’s clear that with the popularity & simplicity of the tiktok app, people gets addicted too quickly and but just wait – WHO are these millions of tiktok followers & are they REAL or FAKE !!

     

    What is tiktok? Tik Tok’s parent company is a Chinese multinational, ByteDance Ltd and it is powered by ByteDance AI Lab. As we know there’s no freedom of press in China, every organization must share their data with the Chinese Govt so every Tik Tok user’s data are currently with Chinese Govt. Are you still thinking how can tiktok apk or  make such a difference for an individual?

     

    Tik Tok is the beginning of China’s ‘2030’ mission – becoming the global A.I. superpower

     

    Why is Trump banning tiktok : does tiktok collect data from you?

    • It tracks your exact location, GPS signal feed every 30 sec (Tik Tok never discloses it!)
    • Even if you turned off the location feed or using a VPN, it can still collect data from your SIM card or your social media account (Again ! hacking your social identity)
    • Images, audio, camera, SD card access (personal data of your device)
    • Device info like device id, memory, CPU, scree size etc. (personal data)
    • Your login IP address, DNS server, MAC address (loop holes for Cyber theft)
    • What other apps are installed and all historical apps data (previous transactions)
    • It monitors your keystrokesaccess files in your phone, may get the net banking details like user id/ password
    • Tik Tok uses ‘http’, not ‘https’ (not a secured server, lack of encryption)
    • Tik Tok does a local proxy server setup in your phone for transcoding the media (can host a BotNet attack)
    • Tik Tok stores your data even after you deleted your account (violation of privacy policy)

     

    Is Tiktok getting banned in the US?

    • In small scale it might look trivial but in larger perspective if Chinese Govt wants to use these data against any countriy it could be disastrous; China already combines a gigantic amount of data with talent, companies, research and capital to build the world’s leading AI ecosystem. And that’s why Indian Govt asked Google & Apple to take down ‘tiktok india’ from the App store while US, UK, Australia, HongKong are seriously considering .

    Trump banning tiktok? Trump told reporters he’ll use executive power to ban TikTok On the other hand, yesterday Trump agreed to give 45 days to ByteDance to negotiate TikTok sale to Microsoft Corp

    • Why is Trump trying to ban tiktok? China had previously hacked many defense servers of UK/ US, so it is very much possible for them to use the Tik Tok data to hack millions of smartphones of any country and use them as connected BOTs. And then perform DDoS (Denial of Service attack), spread malwares to steal sensitive information from Defense servers, Bank data and many more.
    • This App is also too dangerous for Kids hosting inappropriate contents, & pornography; one example could be the New Zealand mosque attack video. It has already been fined in the US for illegally collecting information on children.

    TikTok Pro:

    While tiktok banned in India in June’2020 but “TikTok Pro” came into the market just after that, which is sending a fake SMS/ WhatsApp messages: “Enjoy Tik Tok video & create creative video once again. Now tiktok 2020 is only available in (Tik Tok Pro) then download from below link…” And the download link contains malwares. Likewise let’s not click on any tiktok songs, tiktok videos or tiktok money calculator links, this could be a worm or trojan.

    Conclusion

    So this is a question of national security more than individual hacks when it comes to threats like Chinese hacking. Therefore in the latest move Indian Govt banned 47 more Chinese apps (TikTok Lite, Helo Lite, ShareIt Lite, Bigo Lite and VFY Lite etc.) operating as cloned ones of the 59 previously banned apps in India last month. 

     

    Last Sunday Microsoft confirmed that it plans to seal the TikTok deal (microsoft tiktok) with Chinese parent company ByteDance after having a discussion with president Trump and Microsoft also ensured that the data of American people will not be shared with any countries and everything would remain in America.

    Although we don’t know yet ‘Is Trump banning tiktok’, ‘did Microsoft buy tiktok’ or ‘who bought tiktok’, but now it’s your choice if you’re going to search again ‘most shared tiktok video’ or ‘cloud bread recipe tiktok’ ?

  • Free online VPNs are available, should you go for it ?

    First, let’s understand that the internet is a public domain, so online privacy & data security are paramount important topics, especially during Covid-19 when people are asked to work from home by Organisations. Generally, over internet, we do lots of daily activities like emailing, online shopping, banking, social media browsing, and many more. To make our transactions secure and private we need a virtual private network (VPN).

    (i)             VPN provides data security, your data packets sent over the WiFi network through VPN become encrypted, scrambled, and thereby unreadable.

    (ii)          VPN keeps your browsing history private, meaning without a VPN whatever website you visit your ISP tracks your IP address and browsing history and sell it. As a result, you receive targeted advertisements. Hence in a way, VPN offers you online freedom being an anonymous internet user. 

    (iii)         It masks your IP address and your location information and makes it look like you logged in from thousands of miles away using a “virtual tunnel”. So, you can choose from a list of gateways (USA/ Japan… any name) even if you log in from any other country. 

    (iv)        Your Device details (if logged in from a mobile/ desktop/ tab …) are also kept protected when you use a VPN 

    We often login to public WiFi networks in Café/ Railway stations or Airports where it is easier for the hackers to obtain your WiFi user id/password and then capture your Online banking credentials, Credit card details etc – this is called Identity theft. So, VPN protects us from many degrees of online hacks which tries to steal your personal information.

     

    Free VPNs are available in the market

    VPN markets are overcrowded, and many of them are considered reputed like:

    a)    ExpressVPN

    b)    NordVPN

    c)     Surfshark

    d)   CyberGhost

    e)    IPVanish

    I wouldn’t recommend free VPN, these companies sell your personal data (email Id, demographics, browsing history, etc.) to their business partners and thereby you can be a potential target for Phishing, Ransomware type of attacks; although if you really want to go for a free VPN, try:

    a)    HotspotShield

    b)    WindScribe

    c)     ProtonVPN

    d)  Surfshark

     

    Should you always leave your VPN on:

    I’d recommend NO, because

    (i)          During one VPN session, the IP address would be the same so in a way, you should close the session when you’re done

    (ii)          It also hampers your broadband speed

  • Chinese hacking

    ‘Patriot Hacking’ by China over Indian digital platforms

    Last two decades national cross-border hacking is on the rise. There’re proofs that many Govt agencies hire a bunch of hackers to perpetrate other country’s military facilities, embassies, defense ministry, and many other sensitive departments.

    Recently we see while Chinese and Indian troops engaged in cross border face-offs, China is also orchestrating cyber-attack on every sector & digital platforms of India. This is a classic example of Patriot hacking like cyber warfare tries to shut down the internet facility of another country through invisible hackers. However, this is not the first time.

     

    Google v/s Chinese Govt:

    Google was launched in China in 2006 and was pull out sooner due to a massive hack on Google server by the Chinese Govt. Simply the reason was Chinese Govt wasn’t allowing its people to be anonymous over internet, so Govt asked Google to disclose people’s identity which Google denied. So Govt ran a campaign through Social Engineering attack to hack Chinese people’s systems who worked in Google that time. Here thousands of hackers pretend to be a different guy over social networking sites who talked over a period be friendly, shared files (injected worms/ malware) into victim’s computers and in a way break into Google’s firewall and secure databases. Google was obviously so pissed off and left China in 2010.

     

    Iran Nuclear Cookie recipe fraud

    Ten years back Iranian Govt was working on Nuclear weapons which the western countries didn’t like much. So American agents, CIA/ NSA, and Israelis jointly hacked the Nuclear facilities of Iran. It was the Stuxnet worm used to infect the computers & OS of the nuclear plant. It could be that the virus was either placed in Iranian scientist’s computers at some conference or planted in the servers much before they were shipped (Zero-day attack) to Iran. In the end, American/Israeli hackers replaced the important research papers, nuclear recipes by how to make Choco chips cookies recipe. Iranian Govt was naturally very furious and declared internet shutdown across the country as a result.

     

    China is considered to have the largest cyber hacking contingency in the world, hundreds of thousands of full-time hackers; they previously have hacked the US & UK dept of Defense, State depts, military facilities, and many more. Similarly, countries like North Korea and Pakistan, also depend on their full-time hackers to feed their Govt. These Govts earn billions of dollars a year through hacking, they normally hack banks to steal money or use Ransomware type attacks.

  • Phishing attack

    SBI and PSU Banks urges its customers not to accept any COVID-19 emailers, Phishing Alert !!

    For last few days perhaps millions of banks account holders in India had received emails from”ncov2019@gov.in or with the subject lines COVID-19 Testing’, ‘COVID-19 support. As per warning from major PSU Banks they’re all phishing attacks, tries to steal customer’s sensitive login information. To warn its customers SBI tweeted:

    What is Phishing?

    It uses fake login pages, fake subject lines, sometimes fake job offers/ password expiry emails to defraud people. When you click on them sensitive information like username, passwords, key loggings are stolen. Advanced cyber attacks like Ransomware starts with Phishing.

    Example of Phishing:

    ·      Indiacovid19.com (any fake domain names)
    ·      Phishing emails from ‘accounts@gmall.cominstead of ‘accounts@gmail.com’
    ·      www.facebo0klogin.com (fake login pages)
    Depending on the types of victim (individual, corporation, Big fish like CFO etc) Phishing attacks differs like – Spear Phishing, or Smishing or Whaling or Pharming.
    Like Phishing, there’re many other ways to lure people with a “free subscription link”, “free insurance link” over WhatsApp, or using fake weblinks victim’s social media account page is comprimised and many more.

    How to safefuard against Phishing and related cyber attacks:

    Spot Phishing
    • Discard emails from unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete the
    • Phishing emails generally contains info like lottery, job offers, freebies etc.
    Govt. webpage, mobile application
    • Strictly follow Govt. webpages, genuine Apps for Covid-19 news and updates
    • Don’t visit any ‘http://‘ sites, always visit ‘https://
    • Avoid webpages with unfamiliar fonts, color, spelling error
    Online banking
    • Try to use corporate computers more for online banking, money transferring as it provides end point protection against any malware, external threats
    • Double check the UPI Id, validate the bank/ merchant name before payment
    SMS links
    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links
    Don’t Accept/ Click
    • Don’t click on unknown online widgets, flash images, pop-ups when you’re browsing websites
    • Don’t Accept cookies from untrusted webpages
    Home PC, Mobile
    • Its mandatory to get an authentic antivirus/ security app installed and update them regularly
    • Use WPA2 encryption for your home router
    Avoid untrusted sites
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    Virus Scan
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    Avoid public Wi-Fi
    • Never use free WiFi at coffee shops, Railway platforms, Airports
  • Ransomware

    Cybercriminals use malware to hack your system, time to stay alert during lockdown !!

    Globally all the business sectors are still struggling to get through the Covid-19 impact, but it’s business as usual for the cybercrooks, who likes more online traffic. Corporate security teams need to be ready with their security infrastructure against a series of cyberattacks during the Covid-19 pandemic when new technologies are adopted for remote collaboration and communication.

    A recent checkpoint published report shows, during pandemic lockdown how the malware attacks had grown rapidly with the increase in internet traffic:


    What is Ransomware?

    Ransomware attack is a type of Malware attack, which encrypt or lock a victim’s computer/ website, and demand ransom for recovery. The sensitive data, system control is locked until the ransom is paid, and usually, it is settled in Bitcoins later which can’t be traced.

    • Very recently Indiabulls and Cognizant servers were targeted by the ransomware “Maze
    • The famous and the biggest one was the “WannaCry” ransomware attack, thousands of Windows corporate computers were infected back in 2017
    • Mobile app-based ransomware is growing, completely locks your device 
    • “Locker” is another kind of ransomware which infects the victim’s OS & make it impossible to access the file system, applications



    Malware is a term widely used for malicious software that includes viruses, Trojan, Worm, and many other types. Typically, malware is used to slow down or crash the servers, spy over the remote computers, and sometimes shutting down the server as well.

    A virus is a trigger-based (normally .exe/ .bat files) software program that is put in the victim’s computer to do some specific con. It generally put in the servers, system registry 3-4 level down by the attackers so that antivirus, snippers won’t be able to see it.

    Trojans
    are genuine-looking files (text, video, image) used to infect the system memory, spy over the system logs, hijack traffic.

    Worm
     – It has the capability of replicating its copies across the victim’s network without user intervention/ any trigger; it overloads CPU processes to downgrade system performance and lead to even system crash down.

    Cybercrooks used these Malwares in many forms, unnoticed by the IT security guys :


    Timebomb attack – when a program is planted to do damage at a later date after a criminal is far away. Typically committed by internal folks who put this virus into a system with a trigger date after his last day in Organization

    Zero-day attack – Criminal puts malware in the new servers, switches before hardening so initially system looks okay but after some period vulnerability starts to open up 

    XSS attack – In Cross system scripting attack the fraudster hacks a genuine website and adds malicious links/ images in it using JavaScript malware; which will eventually take the visitor to certain pay per click sites. Used to deface the value of the website.

    Brute force attack – A program to try every single type of password; Most of the people don’t change the default password so it’s a very popular attack these days. for Ex. facebook brute

    Social Engineering attack – Trap Customers or collude ex-employees to reveal system weaknesses, passwords, etc.

    Denial of Service (DoS) attack– Attackers used techniques like HTTP flooding or using Botnets to shut down the server. It’s like thousands of browsing requests from many different computers (DDoS) from a range of attacking IP addresses.


    How to Protect against Ransomware:

    Usually, the Banks, Govt agencies, Large Corporates are the main targets of Ransomware attacks who hold sensitive data and can pay quickly. During the Covid-19 pandemic when the corporate workplaces turned residential many of these logical malware-driven attacks are inevitable. It’s required to educate employees, customers about it and protect against it:
    • It is advised to get an authentic antivirus/ security app installed and update them regularly
    • Use WPA2 encryption for your home router
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so, change it
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    • Never use free WiFi at coffee shops, Railway platforms, Airports
    • Need to upgrade on to cloud-based applications, much secure, and can be rolled back; otherwise, get a system back-up to a hard drive.
    • Discard emails from an unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete the Phishing emails generally contains info like a lottery, job offers, freebies, etc.
  • Phishing

    Cyber frauds are looming during Covid-19, time to be more vigilant

    Covid-19 has changed our daily lifestyle, people are working from home and spending more time on the internet than ever before; needless to mention every one of us is anxious and scared about the situation, frequently checking various Covid-19 online links to get updates. Well, this brings a golden opportunity for hackers to target individuals & companies and make money. Some recently published reports show since Feb’2020 thousands of new domain names were created with keywords viz. Corona, COVID, Pandemic, Virus, WHO, Vaccine, so on.. & most of them are likely to spread malicious activities.
     
    Before get to online vulnerabilities let’s understand the fact that, most of us use (i) Windows operating systems who can be (ii) easily persuasive and (iii) have no security systems in their computers or mobile phones.
     

    Phishing Attack: The most common type of fraud – uses fake login pages, fake COVID domain names, fake job offers to defraud people. Fraudsters use popular topics to infringe companies’ trademarks or steal sensitive customer information. Some examples are:
    • Phishing emails from “ncov2019@gov.in” or with the subject line COVID-19 Testing” (recent SBI fraud in India) or
    • India-covid19.com (any fake domain names)
    • Phishing emails from ‘accounts@gmall.com’ instead of ‘accounts@gmail.com’  or
    • www.facebo0k-login.com (fake login pages)
    • Depending on the types of a victim (individual, corporation, Big fish like CFO, etc) Phishing attacks differ like – Spear Phishing, or Smishing or Whaling or Pharming.
    Pharming Attack: It starts with fake web links, forged Play store apps, when you click on them malicious codes are injected into your computer to poison your DNS server; Now let’s understand that your DNS name is your identity and it contains the private IP to public IP mappings vice versa. So when you login next time your legitimate online banking link might land you to the hacker’s fake webpage using false entries at your DNS cache.

     

    SMS Forging or Smishing Attack: Now that there’re many more gateways between IP networks and SMS networks, hackers can send SMS links from the Internet using Mobile operator’s forms. For example, COVID Donation link”, “Free COVID Insurance link”, “Free Netflix Subscription link” to lure people.
     
    Covid-19 Donation Fraud: In recent past Govt of India announces “PM-CARES relief funds” for donations to fight economic recession; however according to reports thousands of fraud portals, fake UPI Ids related to coronavirus were created to siphon-off the donation money. For Ex. the correct UPI ID of PMCaresFunds is pmcares@sbi but many fake IDs such as pmcare@sbi were created very next hour, eventually blocked later.



    Simple Bootup hijack (Back Orifice 2000): Pertinent for people who’re now working from home has to share their Windows desktop, sometimes gives system control. Like this when any unattended PCs are available, running some simple codes in the system directory to get complete control of the victim’s pc keystrokes, screen, etc; it is too dangerous since it operates silently in the victim’s computer and undetectable to any antivirus running on victims computer.


     
    Tab Nabbing Attack – When the victim opens multiple tabs in his pc, using some sophisticated cross-site scripting, browser extension, or flash widgets (showing Covid-19 updates) attacker gets access to open tabs of the victim’s computer. Now realize that the victim’s open online bank page/ trading platforms or open corporate pages can easily be compromised.


    Bruteforce Attack – It’s an attempt to guess a password or encryption key by systematically checking every possible option. For Ex. ‘Facebook brute’, ‘Twitter brute’,  other eCommerce brute viruses try to steal your password; that’s why passwords are given limited try option until the account locks. Yet unfortunately, it is being seen that most of the people don’t change their default/ first password.


    How to Protect yourself – Tips and Recommendations:

    Follow Govt. approved Webpages, Mobile App

    • Strictly follow Govt. webpages, approved Apps for Covid-19 news and updates
    • Be careful about the site visit- try to avoid ‘HTTP://‘ pages, always visit ‘https://‘ pages
    • Avoid webpages with unfamiliar fonts, color, spelling errors
    Online Banking
    • Try to use office/ corporate computers for online banking, money transferring as they provide end-point protection against any malware, external threats
    • Double-check the UPI Id, validate the bank/ merchant name before payment
    SMS Links

    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links, don’t share until you verify the link
    Spot Phishing
    • Discard emails from an unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete or report phishing.
    • For your info phishing, emails generally contain info like Prizes, Lottery, Job offers, freebies, etc.

    Before you Accept/ Click

    • Don’t click on online widgets, flash images, pop-ups during browsing a webpage
    • Don’t Accept cookies from untrusted webpages, click ‘x’ and close
    Home PC, Mobile
    • It’s mandatory to install authentic antivirus, security apps & update them regularly
    • Use WPA2 encryption for your home WiFi router
    Avoid untrusted Sites
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    Virus Scan
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    Avoid public Wi-Fi
    • Try not to avoid free WiFi at Airports, Coffee shops, or Railway platforms like areas; and never log in to your online banking page or make any financial transactions