Magnet for hackers: Internet connected devices

2013 has been an eventful year in the information security space, as information became the most valuable and challenging asset for organisations while being border less and dispersed, as cloud, mobility and “bring your own device” took a stronger hold on businesses. Information security has been immensely threatened with businesses, government and individuals relying on the internet for dynamic needs and cyber criminals have devised more sophisticated methods to trap victims. Blurring boundaries between consumer and business, sophistication in enterprise attacks and dispersion of authority for security within the ecosystem has led to growing concerns over data, financial information and critical infrastructure.

The threats observed throughout the year were in line with the predictions first made by Symantec which saw conflicts between nations, organisations and individuals; using evolved social engineering techniques and cloud based attacks aimed at financial gains, IP and in some cases to bring down the critical infrastructure. Symantec’s report findings also points at India as among world’s top five countries for the highest number of incidences of cyber crime such as ransom ware, identity theft and phishing. India also witnessed a 280% increase in Bot infections, with a sizable percentage coming from cities emerging cities such as Bhubaneswar, Surat, Cochin, Jaipur, Vishakhapatnam, Indore, Kota, Ghaziabad and Mysore.

                                 

As the New Year approaches, we predict that this trend will only further increase as cyber criminals continue to employee more sophisticated and targeted techniques. They will continue to focus their attacks on data stored on the cloud vs. data stored on the network, thus putting a massive challenge for enterprises to handle. Below are Symantec’s top predictions in 2014:

Targeted attacks will increase.

In 2013, we reported on a sophisticated social engineering attack implemented at a French-based MNC who got francophoned, where the administrative assistant to a vice-president received an e-mail referencing an invoice hosted on a popular file sharing service and subsequently received a phone call from another vice-president within the company, instructing her to examine and process the invoice. However, the invoice was a fake and the vice president who spoke to her with authority was an attacker. Incidents like these were observed and we predict that in 2014, these attacks will become commonplace and attackers will further refine these targeted attack tactics to make financial gains.

Perils of social networking

It is tempting to believe that you can move to a new neighbourhood and all your old problems will go away. They don’t in real life and they won’t when it comes to social networking. Any new social network that attracts users will also attract scammers. It has been observed that individuals are increasingly choosing convenience over safety and constantly exhibiting a potentially risky behaviour online. According to the latest Norton Report 2013, 18% social media users connect with people they do not know and 61% access their social network account over unsecure Wi-Fi. Therefore it is important to protect yourself by using security best practices no matter where you are on the internet or how you connect to it .

Internet of vulnerabilities

With millions of devices connected to the internet, in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system. Major software vendors have figured out how to notify customers and get patches for vulnerabilities to them. The companies building gadgets that connect to the internet don’t even realise they have an oncoming security problem. These systems are not only vulnerable to an attack—they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities. Given this, we are going to see new threats in ways in which we’ve never seen before.

Cyber criminals will target the weakest links

Third party consultants, suppliers and partners outside the enterprise network as well as business associates in the ecosystem will be the easy targets for attackers as they are the weakest links in the information exchange chain. This includes consultants, contractors, vendors and others who share sensitive information or even have access to the networks of large organisations and government entities. And, it has been repeatedly observed that only a few of these partners have sufficient defenses.

Watch out for dangers in the cloud

Increasingly enterprises and individuals are using public clouds to store and access data. As per the latest Norton Report 2013, 29% individuals in India and 24% across the world are already practicing this trend. And with rise in usage of these platforms for both personal and private information, it is highly likely that we will see this as an easy target for cyber-criminals to penetrate these data-rich cloud platforms for profitable motives.

To learn about Identity Theft, visit- www.cibilconsultants.com
Source: Secondary

Oh Phish! Many Biting The Bait

About 20% Indians claim to be victims of phishing attacks, according to Microsoft Computing Safer Index, a study that reveals impact of poor online safety behaviour.

Released on account of the Safer Internet Day, on February 11, the study claims that 12% of Indians surveyed say they have suffered identity theft at an average cost of Rs 7,500.

The survey was carried out among 10,500 consumers globally in the March-May 2013 period. It asked consumers to share their online experiences.

According to the survey, the annual worldwide impact of phishing and other forms of identity theft could be as high as $5 billion, while the cost of repairing damage to people’s online reputation was at nearly $6 billion.

The internet touches our daily lives for almost everything, from communicating, to work, to shopping to paying bills, says Prakash Kumar, national technology office, Microsoft India.

“But how cautious are we about monitoring our online presence, and taking note of our own vulnerabilities? There are many things that can be done to stay safer online,” says Kumar.

Microsoft asks netizens to protect their online activities by visiting websites that provide a range of hints and guidance for guarding devices, online accounts, performing sensitive transactions over secured networks, taking charge of online reputation and protecting social circles.

In Bangalore, collegemates Adithya Naresh and Yogesh S, students from the Amrita School of Engineering have started a hackers club in their college called Hacs (hackers for applied cyber security).

“The objective is to expose our classmates and juniors to the scope of cyber security and create awareness. We also intend to hold a techfest in this segment early next year,” say Adithya and Yogesh.

Tips to stay safe online: 

1. Use a unique four-digit PIN for mobile devices and strong passwords for online accounts.

Perform sensitive transactions over secured networks. This includes paying bills, banking or shopping.

2. Take charge of your online reputation. Know what information about you is on the internet, reevaluate it, remove unwanted content.

3. Protect your social circles. Use privacy settings to manage the information you share and with whom you share it. Be selective about what you post and accepting friends.

What is phishing?

Phishing is the act of attempting to acquire information such as usernames, passwords and credit card details by masking as a trustworthy entity in an electronic communication. Communications from social websites, auction sites, banks, online payment processors are commonly used to lure unsuspecting people.

Rich haul

India faces 1,200 phishing attacks each month, as per industry estimates, while globally, 1.25 lakh phishing attacks were identified in the third quarter of 2013. Losses owing to phishing globally were about $1.66 billion.

Taking serious steps towards setting up a strong cyber security strategy, the central government in July declared its first National Cyber Security Policy, aimed at creating five lakh professionals by 2015.

Currently, there are only about 556 trained cyber security personnels in the government sector in India, as per KPMG estimates. This is minuscule compared with 1.25 lakh in China, and 91,080 in the US.
To learn about identity theft visit www.cibilconsultants.com
Source: Secondary

India is still dealing like an infant with cyber crimes, says Expert

India is still in infancy in the field of cyber crimes and police, prosecutors and lawyers are not well-versed in handling them as well as digital evidence, a Cyber crime expert said here today.

"Information Technology Act in India is of recent origin and the officials like police, prosecutors and lawyers are not well versed in handling cyber crimes as well as digital evidence, since these have recently emerged and the younger generation is more tech savvy," said Dr J R Gaur, Principal Scientific Officer (Life Sciences), Bureau of Police Research and Development while speaking at seminar at Amity University.

He said the pattern of crime has changed over a period of time and the commission of crime by scientific methods makes it difficult for the executioners to bring perpetrators behind the bars.

"In cyber crimes, India is still in infancy. ATM frauds are increasing. Effective forensic investigation at the scene of crime can bring criminals to book. The importance of the knowledge of forensic evidences specially traces of hair, fibre etc found at the site, have to be ingrained in the officials dealing with cyber crimes," he said.

Stressing that banks need to take steps to install modern security and vigilance gadgets and equipments including the CCTV cameras in the ATMs since most of the times, they record low resolution images which are difficult to identify once enlarged.

Addressing the seminar, Rakshit Tandon-Advisor, Cyber Crime Cell, Gurgaon Police and CEO A&R Info Solutions Pvt said there has been a significant rise of 60 per cent in Cyber Crimes from 2011 to 2012 in NCR.

"Maximum number of perpetrators in cyber crimes are very young, who are unaware of law and proudly proclaim themselves as 'Ethical Hackers'," said Tandon.

He said that in 2011, over 1,630 perpetrators for cyber crime were arrested and out of these, 928 were college going students and over 65 were school going children.

Stressing that "cyber laws in India needs transformation, he said at present, under Information Technology (Amendment) Act, 2008, the accused is punished for imprisonment, which may extend to three years or with fine, which may extend to five lakh rupees or both, irrespective of the magnitude of the crime committed.

"Cyber Laws have to be made stringent to restrict youngsters from indulging into them," said Tandon.
To learn about identity theft visit: www.cibilconsultants.com
Source: Secondary