Tag Archives: security

Data Breach : 5 Security Misconceptions

Posted by on February 4, 2019 0 Comment

2018 has seen some of the most expensive data-breaches. A giant organisation like Facebook was affected by a massive breach exposing accounts information of 50 Million Users. ‘

Facebook Data Breach Stats

Breaches aren’t just a problem for security professionals, the impact is felt across the whole business. Everyone needs to play their part in managing the risks, but first, you need to understand what you’re up against. Although many business owners are aware of these threats, but are ignorant of it, due to some common misconceptions about security.

Below are few misconceptions that can lead to a data breach

“I have a Nextgen firewall, so I’m safe.”

Enterprise Security is far more complex today then it used to be a few years ago. While having anti-virus, endpoint protection, firewalls help control few class of attacks via real-time network monitoring and decision making. These alone are not adequate to protect a network from any form of intrusions. Most attacks are delivered via email, and the web, both of which are allowed through firewalls and firewalls do not control outbound data theft.

Attackers have become more supplicated, that they have invented new ways to evade any kinds of malicious detection, as an example most of the malware today use techniques like DNS exfiltration (using DNS packets to ex-filtrate data out of network) since outbound DNS is mostly allowed in all firewalls, hence in cases like these the above mentioned security is voided.

“Why would my organization be attacked? My company is small.”

Majority of the organizations assume that hackers are always target focused, therefore the less well known or your organizations is very unlikely to be a victim of such attacks while your company might not be a victim to targeted attack. There are many threat actors out there that are using exploit kit powered malware wildly so that you might be a part of the global target.

Botnet infection is one such case where hackers try to compromise as many devices as possible around the globe without a specific target in mind. Today, it doesn’t matter if you have a well-known brand, you’re running your website for fun, or you’re somewhere in between. If you have any data worth stealing, you have to consider yourself a potential target.

“I have the best software developer so why bother.”

Many organizations think that building a website with a perfect web developer or getting software from a trusted organization will prevent their website from criminal activities, but this is a common misconception. It is a must to know and note that web developers are generally not security experts. Hackers are always at work looking for new ways to do the evil things to disrupt your data. An excellent example of this is Microsoft: they regularly send security updates to millions of PCs because what was safe yesterday isn’t safe today.

“We go through Vulnerability Assessments & Penetration Tests.”

People and physical security is a rise in attacks these days as you can not blindly trust humans because humans are predictable and they make mistakes. There are many cases of GitHub token, aws keys, source code leaks on a popular platform like GitHub, Pastebin, trello, etc. Lack of security awareness among the developers results in the exposure of sensitive information like credentials, secret key, access keys, source code.

Recently cloud leak exposed the business of the big organizations like Accenture. Misconfigured S3 bucket exposed the configuration files, the plain document containing the master access key for Accenture account, etc.

“I am Compliant. Hence I am Secure”

It is known that the most common starting approach into managing security as an organization is achieving compliance standards of various forms. There are multiple audits and checklists like PCI (for online payments processing), soc2 (accounting report for publicly traded companies), They are all well known, official, and are industry-regulated security standards, so it’s understandable that businesses have an impression that being compliant against best industry standards equals being secure.

But that’s not the case, most of the organizations that suffered data breaches had passed a variety of compliance audits. Being compliant against these standards will provide business benefits and help improve security around various systems, but this doesn’t make the business secure against all the possible threats.

Security cannot be bound to a list of checkboxes. It is a continuous process. Compliance is necessary for doing business, but it’s not what great security practices are built around.

Weekly Cyber Security Update: 17th August 2018

Posted by on August 17, 2018 0 Comment

This post is a weekly cyber security update for the 17th of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

Second Quarter 2018 Top-Clicked Phishing Email Subjects
The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:
1. Password Check Required Immediately (15%)
2. Security Alert (12%)
3. Change of Password Required Immediately (11%)
4. A Delivery Attempt  (10%)
5. Urgent Press Release to Employees (10%)

Top Social Media Email Subjects Phishing Security Brigade

Read More

Hackers Steal $13.5 Million from Indian Bank in ATM Scheme
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
According to the FBI alert: “Historical compromises have included small-to-medium size financial institutions, likely due to the less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase shortly.”
The FBI urged banks to review how they’re handling security, including password requirements and multi-factor authentication for local administrators and business-critical roles.
Read More

Sebi To Expand The Scope of Cybersecurity Initiatives For MIIs
Regulator Sebi is planning to broaden the scope of cybersecurity initiatives for the market infrastructure institutions (MIIs) and look into the operational modalities of their implementation to deal with the cyber challenges.
“Taking cognisance of the threat posed by technological developments in the Indian capital markets. With the rise of cyber threats in the financial domain across the globe, Sebi had laid down a detailed framework about cyber security and cyber resilience that stock exchanges, clearing corporations and depositories are required to adopt,” the regulator said in its annual report for 2017-2018.
Read More

Mamata Banerjee Unveils West Bengal’s IT Policy With a Focus On AI & Big Data Analytics
The new policy revolves around Cybersecurity, Internet-of-Things (IoT), 3D printing, big data analytics, animation and gaming besides, robotics, drones, fin tech, artificial intelligence, Industry 4.0, quantum computing and others.
“West Bengal has surged ahead economically and seeks to leverage IT for social welfare and economic development. The state’s vision is to become one of the leading states in India in the IT, ITeS, ICT (Information and Communication Technology) and ESDM (Electronic System Design and Manufacturing) sectors,” it said. “The policy strives to unlock the vast potential of the IT&E to design a paradigm shift in the sector, all the while fostering social welfare,” it said.
Read More

Weekly Cyber Security News: 10th August 2018

Posted by on August 10, 2018 0 Comment

This is a weekly cyber security news update for the 10th of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

Pizza As  A Service 2.0
A unique and upgraded take by Paul Kerrison to describe the various types of cloud services available for modern IT deployment.

Pizza As A Service IT 2.0 Cloud Deployment

Read More

Optus Email Scam Target Customers with Fake Late Payment Penalties
The fake emails are sophisticated and use a web address that looks like the real Optus website. The email contains a link to a fake ‘pay your bill’ page, which then asks for your credit card details.

Optus Phishing Email

The fake email and payment form are cunningly crafted to trick people. It’s important you check the legitimacy of email links to protect your personal information—use contact details you find through a legitimate source and not those contained in the suspicious message.
Read More

2.6 billion records exposed in 2,300 disclosed breaches so far this year
After a surprising drop in the number of reported data breaches in the first quarter, breach activity appears to be returning to a more “normal” pace.

Incident Breach Healthcare Security

“2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. 2018 is remarkable in that the number of publicly disclosed breaches appears to be levelling off while the number of records exposed remains stubbornly high,” said Inga Goddijn, Executive Vice President for Risk Based Security. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”

Read More

Healthcare Industry Cyber Woes continues, UnityPoint Health’s 1.4 Million Records Breached
UnityPoint the healthcare company was recently breached as their employees were scammed with phishing emails, losing their email credentials in the process. Other than patient records, non-medical personally identifiable information like driver’s license numbers and Social Security numbers.
Read More

Weekly Cyber Security News: 17th July 2018

Posted by on July 17, 2018 0 Comment

This is a weekly news update for the 17th of July 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

India Among Top Three Countries Most Targeted For Phishing

Phishing and malware-based attacks are the most prolific online fraud tactics developed over the past decade. Phishing attacks not only enable online financial fraud but these sneaky threats chip away at our sense of security as they get better at mimicking legitimate links, messages, accounts, individuals and sites.
According to the RSA Quarterly Fraud Report for the period between January 1 to March 31, 2018, phishing accounted for 48 per cent of all cyber-attacks. The report that contains fraud attack and consumer fraud data and analysis, noted that Canada, the United States, India and Brazil were the countries most targeted by phishing.
Read More

The Biggest Hacks And Data Breaches of 2018 (so far)

We’re now more than halfway through 2018, and the number of data breaches is ramping up. This year has seen more third-party services being breached and customer data stolen from multiple companies in one go. From the devastating Aadhar breach to Ticketmaster, here’s a roundup of the year in breaches.
Read More

Online Bank Accounts Among Hackers’ Favorite Targets

The number-one threat is attacks that target web application users. Alarmingly, 87 per cent of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users. Users of government web applications, in particular, tend not to be security-savvy, which makes them easy victims for attackers.
Read More

The IoT’s Perplexing Security Problems

With over 50 billion dollars spent globally on IoT products, companies need to pay attention to the deployment of IoT devices. Devices are regularly put online with default passwords, legacy code riddled with known vulnerabilities, and a lack of defined policies and procedures to monitor them, leaving companies extremely vulnerable.
Read More

Endpoint Security-Related Issues That Providers Encounter

Endpoint security is of critical importance to all kinds of organizations. Efforts are on to secure all endpoints in enterprise networks. These include mobile devices, laptops, desktops, servers etc. “Fileless attacks”, which exploit gaps in traditional security, are also on the rise and efforts are on to prevent these as well.
Read More

5 Steps to Avoid Phishing Scams in E-mail

Posted by on December 25, 2012 3 Comments

Anyone with an e-mail account, has at some point of time received phishing or scam e-mails. These range from Nigerian Princes to Local Banks requesting funds, assistance and so on. Some of these e-mails may be legitimate (sans the Nigerian prince), however most of these are a common technique known as phishing. Phishing scams are used by fraudulent scammers to get your personal information such as credit card details, username password, banking details and so on.

A friend of mine recently received an e-mail from his bank informing him that “his account was accessed from a blacklisted location and he should update his account information to avoid termination of services”. On opening the link, it presented him with an identical login form of the banks net-banking portal. Only this form asked for information such as Corporate ID, User ID, Login Password, Transaction Password, Mobile Number, Email Address and Email Password.

Phishing Evidence
Sample Phishing Page

Anytime you receive such e-mails, you should keep the following in mind:

  • Banks will never ask you to provide account or other personal identification information via email.
  • Banks will never ask you to click a link in-order to keep your account open.
  • Banks will never threaten to take immediate action unless you perform an act such as clicking a link etc.
  • Banks will never ask you to login with your e-mail account username & password.

Today, these sort of attacks commonly take place against e-mail accounts, social networking accounts and even targeted attacks against corporate users.

Here are 5 simple ways one can take to avoid becoming a victim to any such phishing attacks:

1. Avoid clicking links in phishing or scam mails and instead manually type them in a browser

Scammers often use links such as “baank.com” instead of the legitimate website “bank.com”. So it is recommended that you should manually type in the website link in the browser as opposed to clicking links in the email.

Fake-Link-300x108
Sample Phishing Mail – Fake Link

In the case where the e-mail seems urgent, you can always call the bank and confirm whether the e-mail was really sent by them.

2. Check the sender address in the phishing or scam mails

Scammers usually send phishing mails from addresses like “[email protected]” or “[email protected]”. So we can easily identify a phishing mail by making sure that the email received is from a legitimate sender.

Fake-Email
Sample Phishing Mail – Fake Email

You can refer to any previous e-mails sent by your bank and cross-reference the address in the suspicious e-mail.

3. Verify SSL (https://) authenticity on phishing or scam links

Generally, phishing links either have no SSL or use an invalid SSL certificate. This can be verified by simply viewing the link in the address bar of your browser and check if it starts with https:// instead of http://.

If the SSL certificate is not valid, then your browser will immediately show an error, in which case you need to stop browsing the link and report the e-mail to your bank.

Example of SSL certificate error in Firefox, Chrome and Internet Explorer are shown below:
SSL Certificate Error

4. Avoid replying with sensitive information to phishing or scam mails

Banks will never ask you to provide account or other personal identification information via email. Any email enforcing you to do so is most likely not legitimate and should be reported to your bank.

Banking details and login credentials should be communicate via telephone or through the legitimate website using proper SSL communication.

5. Keep your anti-virus up-to-date to detect and block phishing or scam mails

Most antivirus vendors have signatures that protects user against some common phishing attacks. Hence it is recommended that your anti-virus is kept up-to-date so that it would have the latest signatures and rule sets.

Also, it can prevent things such as a Trojan disguising your Web address bar or mimicking an https secure link. If your antivirus software is not up-to-date, you are usually more susceptible to attacks that can hijack your Web browser and put you at risk for phishing attacks.

For Windows users, we would recommend the free version of Microsoft Security Essentials available on the Microsoft website.

If you have or do come across any such phishing incident, you can report it to CERT-In (CERT-In (Cyber Emergency Response Team of India) at [email protected]