• Chinese hacking

    ‘Patriot Hacking’ by China over India...

    Last two decades national cross-border hacking is on the rise. There’re proofs that many Govt agencies hire a bunch of hackers to perpetrate other country’s military facilities, embassies, defense ministry, and many other sensitive departments.

    Recently we see while Chinese and Indian troops engaged in cross border face-offs, China is also orchestrating cyber-attack on every sector & digital platforms of India. This is a classic example of Patriot hacking like cyber warfare tries to shut down the internet facility of another country through invisible hackers. However, this is not the first time.

     

    Google v/s Chinese Govt:

    Google was launched in China in 2006 and was pull out sooner due to a massive hack on Google server by the Chinese Govt. Simply the reason was Chinese Govt wasn’t allowing its people to be anonymous over internet, so Govt asked Google to disclose people’s identity which Google denied. So Govt ran a campaign through Social Engineering attack to hack Chinese people’s systems who worked in Google that time. Here thousands of hackers pretend to be a different guy over social networking sites who talked over a period be friendly, shared files (injected worms/ malware) into victim’s computers and in a way break into Google’s firewall and secure databases. Google was obviously so pissed off and left China in 2010.

     

    Iran Nuclear Cookie recipe fraud

    Ten years back Iranian Govt was working on Nuclear weapons which the western countries didn’t like much. So American agents, CIA/ NSA, and Israelis jointly hacked the Nuclear facilities of Iran. It was the Stuxnet worm used to infect the computers & OS of the nuclear plant. It could be that the virus was either placed in Iranian scientist’s computers at some conference or planted in the servers much before they were shipped (Zero-day attack) to Iran. In the end, American/Israeli hackers replaced the important research papers, nuclear recipes by how to make Choco chips cookies recipe. Iranian Govt was naturally very furious and declared internet shutdown across the country as a result.

     

    China is considered to have the largest cyber hacking contingency in the world, hundreds of thousands of full-time hackers; they previously have hacked the US & UK dept of Defense, State depts, military facilities, and many more. Similarly, countries like North Korea and Pakistan, also depend on their full-time hackers to feed their Govt. These Govts earn billions of dollars a year through hacking, they normally hack banks to steal money or use Ransomware type attacks.

  • Phishing attack

    SBI and PSU Banks urges its customers...

    For last few days perhaps millions of banks account holders in India had received emails from”ncov2019@gov.in or with the subject lines COVID-19 Testing’, ‘COVID-19 support. As per warning from major PSU Banks they’re all phishing attacks, tries to steal customer’s sensitive login information. To warn its customers SBI tweeted:

    What is Phishing?

    It uses fake login pages, fake subject lines, sometimes fake job offers/ password expiry emails to defraud people. When you click on them sensitive information like username, passwords, key loggings are stolen. Advanced cyber attacks like Ransomware starts with Phishing.

    Example of Phishing:

    ·      Indiacovid19.com (any fake domain names)
    ·      Phishing emails from ‘accounts@gmall.cominstead of ‘accounts@gmail.com’
    ·      www.facebo0klogin.com (fake login pages)
    Depending on the types of victim (individual, corporation, Big fish like CFO etc) Phishing attacks differs like – Spear Phishing, or Smishing or Whaling or Pharming.
    Like Phishing, there’re many other ways to lure people with a “free subscription link”, “free insurance link” over WhatsApp, or using fake weblinks victim’s social media account page is comprimised and many more.

    How to safefuard against Phishing and related cyber attacks:

    Spot Phishing
    • Discard emails from unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete the
    • Phishing emails generally contains info like lottery, job offers, freebies etc.
    Govt. webpage, mobile application
    • Strictly follow Govt. webpages, genuine Apps for Covid-19 news and updates
    • Don’t visit any ‘http://‘ sites, always visit ‘https://
    • Avoid webpages with unfamiliar fonts, color, spelling error
    Online banking
    • Try to use corporate computers more for online banking, money transferring as it provides end point protection against any malware, external threats
    • Double check the UPI Id, validate the bank/ merchant name before payment
    SMS links
    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links
    Don’t Accept/ Click
    • Don’t click on unknown online widgets, flash images, pop-ups when you’re browsing websites
    • Don’t Accept cookies from untrusted webpages
    Home PC, Mobile
    • Its mandatory to get an authentic antivirus/ security app installed and update them regularly
    • Use WPA2 encryption for your home router
    Avoid untrusted sites
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    Virus Scan
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    Avoid public Wi-Fi
    • Never use free WiFi at coffee shops, Railway platforms, Airports
  • machine learning to detect phishing

    Detect malicious URLs using Machine L...

    Phishing, Pharming are very common types of fraud to deceive people on the internet using malicious URLs, links. In the current Covid-19 perspective, IT organizations are also struggling to secure the corporate network from all sorts of malware viz. Ransomware, Virus, Worm, etc. Correspondingly enterprises see AI/ML-based solutions has the potential to address phishing related threats in much more efficient ways. Machine Learning, Deep Learning based solutions expect labeled datasets, extensive datasets to flag suspicious URLs efficiently. Although today advanced Deep learning solutions are used more often than traditional rule-based or Machine leaning approaches, we start with a machine learning approach first to flag mal URL samples. We’ll try the same problem again with Deep learning later.

    Problem statement:
    To predict malicious URLs from a dataset containing legitimate and malware samples.
    Data Set:
    https://github.com/pmitra0407/Flag-Malicious-URLs/blob/master/Malicious%20URLs.ipynb
     
    The dataset contains both good & bad URLs
    File Parse:
    Once you read the data set, it comprises of 420K rows and 2 features (URL & label).


    Target variable is “label”, let’s look at the distribution

    Feature Extraction: It is about extracting the domain information from the URL. 
    Python TLD-extract package has been used to fetch the domain, subdomain, TLD information:
    Data preparation is performed using Scikit learn, label encoded
    Feature selection not being done as we’ve considered all features here, but we could use SelectKbest
    The classifier used: Decision Tree, Random forest
    Random Forest Classification::

    Decision Tree Classification::

    Conclusion:
    Both Random Forest and Decision Tree works fine here, although we can tune these models further. Will see how Deep learning works in our next assignment.
      
    For detail code lets visit:
  • cyber security using machine learning

    Malware Detection using ML

    Cyber Security is the major concern for industries today & it’s continuously growing in numbers. Enterprises see AI/ML based solutions has the true potential to address cyber threats in much more efficient ways. Machine Learning, Deep Learning based solutions expect labelled datasets, extensive datasets in order to flag Malwares. Although today advanced Deep learning solutions are used more often than traditional rule based or Machine leaning approach, but we start with a machine learning approach first to detect malware samples. We’ll try same problem again with Deep learning later.

     
    Problem statement:
    To predict malwares from a dataset containing legitimate and malware samples.
     
    Data Set: https://github.com/pmitra0407/Malware-Detection/blob/master/MalwareData.zip
    The dataset contains both legit & malware samples (.exe/.dll).
     
    File Parse:
    Once you read the data set, it comprises of 138047 rows and 57 features:

    Column Names:


    Target variable is “legitimate”, let’s look at the distribution

    Data preparation is performed using Scikit learn
    Feature selection not being done as we’ve considered all features here, but we could use SelectKbest
    Classifier used: Decision Tree, Random forest

     

    Random Forest Classification::

    Decision Tree Classification::

    Conclusion:

    Both Random Forest and Decision Tree works fine here, although we can tune these models further. Will see how Deep learning works in our next assignment.
     
  • Ransomware

    Cybercriminals use malware to hack yo...

    Globally all the business sectors are still struggling to get through the Covid-19 impact, but it’s business as usual for the cybercrooks, who likes more online traffic. Corporate security teams need to be ready with their security infrastructure against a series of cyberattacks during the Covid-19 pandemic when new technologies are adopted for remote collaboration and communication.

    A recent checkpoint published report shows, during pandemic lockdown how the malware attacks had grown rapidly with the increase in internet traffic:


    What is Ransomware?

    Ransomware attack is a type of Malware attack, which encrypt or lock a victim’s computer/ website, and demand ransom for recovery. The sensitive data, system control is locked until the ransom is paid, and usually, it is settled in Bitcoins later which can’t be traced.

    • Very recently Indiabulls and Cognizant servers were targeted by the ransomware “Maze
    • The famous and the biggest one was the “WannaCry” ransomware attack, thousands of Windows corporate computers were infected back in 2017
    • Mobile app-based ransomware is growing, completely locks your device 
    • “Locker” is another kind of ransomware which infects the victim’s OS & make it impossible to access the file system, applications



    Malware is a term widely used for malicious software that includes viruses, Trojan, Worm, and many other types. Typically, malware is used to slow down or crash the servers, spy over the remote computers, and sometimes shutting down the server as well.

    A virus is a trigger-based (normally .exe/ .bat files) software program that is put in the victim’s computer to do some specific con. It generally put in the servers, system registry 3-4 level down by the attackers so that antivirus, snippers won’t be able to see it.

    Trojans
    are genuine-looking files (text, video, image) used to infect the system memory, spy over the system logs, hijack traffic.

    Worm
     – It has the capability of replicating its copies across the victim’s network without user intervention/ any trigger; it overloads CPU processes to downgrade system performance and lead to even system crash down.

    Cybercrooks used these Malwares in many forms, unnoticed by the IT security guys :


    Timebomb attack – when a program is planted to do damage at a later date after a criminal is far away. Typically committed by internal folks who put this virus into a system with a trigger date after his last day in Organization

    Zero-day attack – Criminal puts malware in the new servers, switches before hardening so initially system looks okay but after some period vulnerability starts to open up 

    XSS attack – In Cross system scripting attack the fraudster hacks a genuine website and adds malicious links/ images in it using JavaScript malware; which will eventually take the visitor to certain pay per click sites. Used to deface the value of the website.

    Brute force attack – A program to try every single type of password; Most of the people don’t change the default password so it’s a very popular attack these days. for Ex. facebook brute

    Social Engineering attack – Trap Customers or collude ex-employees to reveal system weaknesses, passwords, etc.

    Denial of Service (DoS) attack– Attackers used techniques like HTTP flooding or using Botnets to shut down the server. It’s like thousands of browsing requests from many different computers (DDoS) from a range of attacking IP addresses.


    How to Protect against Ransomware:

    Usually, the Banks, Govt agencies, Large Corporates are the main targets of Ransomware attacks who hold sensitive data and can pay quickly. During the Covid-19 pandemic when the corporate workplaces turned residential many of these logical malware-driven attacks are inevitable. It’s required to educate employees, customers about it and protect against it:
    • It is advised to get an authentic antivirus/ security app installed and update them regularly
    • Use WPA2 encryption for your home router
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so, change it
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    • Never use free WiFi at coffee shops, Railway platforms, Airports
    • Need to upgrade on to cloud-based applications, much secure, and can be rolled back; otherwise, get a system back-up to a hard drive.
    • Discard emails from an unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete the Phishing emails generally contains info like a lottery, job offers, freebies, etc.
  • Phishing

    Cyber frauds are looming during Covid...

    Covid-19 has changed our daily lifestyle, people are working from home and spending more time on the internet than ever before; needless to mention every one of us is anxious and scared about the situation, frequently checking various Covid-19 online links to get updates. Well, this brings a golden opportunity for hackers to target individuals & companies and make money. Some recently published reports show since Feb’2020 thousands of new domain names were created with keywords viz. Corona, COVID, Pandemic, Virus, WHO, Vaccine, so on.. & most of them are likely to spread malicious activities.
     
    Before get to online vulnerabilities let’s understand the fact that, most of us use (i) Windows operating systems who can be (ii) easily persuasive and (iii) have no security systems in their computers or mobile phones.
     

    Phishing Attack: The most common type of fraud – uses fake login pages, fake COVID domain names, fake job offers to defraud people. Fraudsters use popular topics to infringe companies’ trademarks or steal sensitive customer information. Some examples are:
    • Phishing emails from “ncov2019@gov.in” or with the subject line COVID-19 Testing” (recent SBI fraud in India) or
    • India-covid19.com (any fake domain names)
    • Phishing emails from ‘accounts@gmall.com’ instead of ‘accounts@gmail.com’  or
    • www.facebo0k-login.com (fake login pages)
    • Depending on the types of a victim (individual, corporation, Big fish like CFO, etc) Phishing attacks differ like – Spear Phishing, or Smishing or Whaling or Pharming.
    Pharming Attack: It starts with fake web links, forged Play store apps, when you click on them malicious codes are injected into your computer to poison your DNS server; Now let’s understand that your DNS name is your identity and it contains the private IP to public IP mappings vice versa. So when you login next time your legitimate online banking link might land you to the hacker’s fake webpage using false entries at your DNS cache.

     

    SMS Forging or Smishing Attack: Now that there’re many more gateways between IP networks and SMS networks, hackers can send SMS links from the Internet using Mobile operator’s forms. For example, COVID Donation link”, “Free COVID Insurance link”, “Free Netflix Subscription link” to lure people.
     
    Covid-19 Donation Fraud: In recent past Govt of India announces “PM-CARES relief funds” for donations to fight economic recession; however according to reports thousands of fraud portals, fake UPI Ids related to coronavirus were created to siphon-off the donation money. For Ex. the correct UPI ID of PMCaresFunds is pmcares@sbi but many fake IDs such as pmcare@sbi were created very next hour, eventually blocked later.



    Simple Bootup hijack (Back Orifice 2000): Pertinent for people who’re now working from home has to share their Windows desktop, sometimes gives system control. Like this when any unattended PCs are available, running some simple codes in the system directory to get complete control of the victim’s pc keystrokes, screen, etc; it is too dangerous since it operates silently in the victim’s computer and undetectable to any antivirus running on victims computer.


     
    Tab Nabbing Attack – When the victim opens multiple tabs in his pc, using some sophisticated cross-site scripting, browser extension, or flash widgets (showing Covid-19 updates) attacker gets access to open tabs of the victim’s computer. Now realize that the victim’s open online bank page/ trading platforms or open corporate pages can easily be compromised.


    Bruteforce Attack – It’s an attempt to guess a password or encryption key by systematically checking every possible option. For Ex. ‘Facebook brute’, ‘Twitter brute’,  other eCommerce brute viruses try to steal your password; that’s why passwords are given limited try option until the account locks. Yet unfortunately, it is being seen that most of the people don’t change their default/ first password.


    How to Protect yourself – Tips and Recommendations:

    Follow Govt. approved Webpages, Mobile App

    • Strictly follow Govt. webpages, approved Apps for Covid-19 news and updates
    • Be careful about the site visit- try to avoid ‘HTTP://‘ pages, always visit ‘https://‘ pages
    • Avoid webpages with unfamiliar fonts, color, spelling errors
    Online Banking
    • Try to use office/ corporate computers for online banking, money transferring as they provide end-point protection against any malware, external threats
    • Double-check the UPI Id, validate the bank/ merchant name before payment
    SMS Links

    • It’s better to avoid untrusted Covid-19 links, forwarded messages, any job offers on WhatsApp or SMS
    • Be careful about KYC SMS links, don’t share until you verify the link
    Spot Phishing
    • Discard emails from an unknown person, unfamiliar address
    • Avoid emails containing untrusted attachments – just delete or report phishing.
    • For your info phishing, emails generally contain info like Prizes, Lottery, Job offers, freebies, etc.

    Before you Accept/ Click

    • Don’t click on online widgets, flash images, pop-ups during browsing a webpage
    • Don’t Accept cookies from untrusted webpages, click ‘x’ and close
    Home PC, Mobile
    • It’s mandatory to install authentic antivirus, security apps & update them regularly
    • Use WPA2 encryption for your home WiFi router
    Avoid untrusted Sites
    • Don’t use pirated software, movie download sites, adult sites, untrusted eCommerce platforms
    Virus Scan
    • Periodically scan all files (incl. the zipped, hidden) in your PC, Tablet, Phone
    • Check if any site has your default password – if so change it
    • Change password for online banking, eCommerce sites, trading platforms every 2-3 month
    Avoid public Wi-Fi
    • Try not to avoid free WiFi at Airports, Coffee shops, or Railway platforms like areas; and never log in to your online banking page or make any financial transactions