Russian cybersecurity researcher charged with treason for sharing info with US firms

A top cybersecurity researcher, Ruslan Stoyanov,  at  Kaspersky lab was arrested after he was allegedly charged with treason by Russian authorities. It is now reported that he allegedly passed the secret state documents to Verisign and other US companies.

In December, Stoyanov was arrested with two other  FSB officers, Sergei Mikhailov and Dmitry Dokuchayev,  in Moscow, after a Russian businessman accused them of treason.

According to an unnamed source, the allegations against three officials were first made in 2010 by a Russian businessman,  Pavel Vrublevsky, who is the founder of the online payment firm ChronoPay.

And in  December 2016, all three of them were arrested in response to those 2010 claims that the men had passed secrets on to American companies.

“I can confirm we (Chronopay) expect to be part of this case,” Vrublevsky told Reuters. “In 2010 we provided the FSB and other important Russian agencies with evidence that at least one FSB employee, as well as several other people, were involved in treason.”

Before his allegation, Vrublevsky himself was arrested and convicted for organizing a cyber attack on rival online payment company's website, ChronoPay.

After the news of the arrest of  Stoyanov, Kaspersky Lab released the following statement:

"The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Teams, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation."

"The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments."

Google Discloses Vulnerability After Microsoft Fails To Patch In Time

(pc-Google Images)
Google's Project Zero has unearthed a bug in Windows, and as Microsoft failed to patch it within 90 days of being notified, details of the flaw have been made public.

The vulnerability in question is in the gdi32.dll file that is used by a significant number of programs. It is affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10, which are yet to be patched.

Google gives company 90 days after disclosure of vulnerabilities to fix the issue. However, if the time elapses without a patch that is made available to the public, the vulnerability is then disclosed to the public so that users can protect themselves by taking necessary steps.

In a post, Google’s Mateusz Jurczyk explains how the bug works. The post -- entitled "Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records" -- says that Microsoft issued a patch that fixed a related issue, but not all the memory access issues were addressed.

As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we've discovered that not all the DIB-related problems are gone. As a result, it is possible to disclose uninitialized or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker.

Jurczyk informed Microsoft about the bug on 16 November, giving the Windows-maker 90 days to get things sorted before going public. With this month's batch of security patches from Microsoft being delayed, the company missed the deadline, so the details of the bug are now available for everyone to see.

TeamSpy Malware Reappears In a Spam Campaign

(pc-Google Images)
Heimdal Security researchers spotted a new spam campaign carrying the TeamSpy data-stealing malware.

The attackers exploit the TeamViewer remote access tool to grant an attacker full access to a compromised device. Once downloaded the malware first targets usernames and passwords and then scans for personal information and pictures, which can be used for a number of illicit activities, including extortion, and financial gains, said Heimdal CEO Morten Kjaersgaard.

First, an email from a spoofed address will get the victim to download a zip file, which, once opened, triggers the .exe file inside to be activated. The TeamSpy code is then dropped onto the victim's computer, as a malicious DLL. The emails noticed by the security firm had "eFax message from “1408581 **" as a subject line.

As before, the cybercriminals install a legitimate version of TeamViewer on their victims' computers and then alter the behavior with DLL hijacking to make sure it stays hidden.

The logs are copied to a file, adding all available user names and passwords. The file is continuously sent to a C & C server.

Per the researchers, the TeamSpy malware includes various components in the otherwise legitimate TeamViewer application, two of them are keylogger and a TeamViewer VPN.

Putin Says Number of Cyber attacks against the Russia grew three times

The number of attacks launched against Russian Cyberspace has increased significantly in the recent years, President of Russian Federation Vladimir Putin said at the annual board meeting of the Federal Security Services on February 16.
 
"The Number of cyber attacks against official information databases has tripled in the past year compared to 2015", — said the President.

On 11 February, Oleg Salagai, the Director of the Department of public health & communications Ministry, said that unknown hackers attacked the official website of the Health Ministry. The attackers failed to gain access to any personal data or classified files.

Spies Hack Israeli Soldiers' Android Phones

(pc-Google Images)
More than 100 soldiers from the Israel Defense Forces (IDF) have become the target of a cyberespionage group when information from their mobile devices was stolen using malicious Android applications.

ViperRAT, the clandestine hacking collective was found actively hijacking soldiers’ Android-based smartphones to remotely siphon images and audio directly from the devices.

Highly sophisticated malware allowed the attackers to control each phone’s microphone and camera. In effect, the hackers could eavesdrop on soldiers’ conversations and peer into live camera footage — wherever an affected smartphone’s camera would be pointed, that vantage point could have also been viewable to the hackers.

A list of installed apps on the infected mobile device is also sent out by the dropper. Some variants will pretend to be chat apps, another variant will pretend to be a YouTube layer, depending on what's already installed on the device.

Other Android smartphone applications common to Israeli citizens and available in the Google Play store — including a billiards game, an Israeli Love Songs player, and a Move To iOS app — where found to contain hidden ViperRat malware.

While the malicious actors behind ViperRAT have yet to be explicitly identified, their activity patterns suggest that the cyberespionage is being carried out by a group operating out of the Middle East.

Police Foils Malware Attack In Bangkok ATMs

(pc-Google Images)
Bangkok police believes to have prevented a malware attack on bank ATMs with the arrest of an east European man.

31-year-old Oleksandr Krachkovskyi, who has a Ukraine passport, was arrested at a shopping centre in Pratunam area was caught using forged credit cards to obtain.

In a media briefing, Immigration Police commissioner Natthathorn Prohsunthorn said that 56 fake white credit cards, devices for reading and writing data on electronic cards, a computer and other equipment for forgery were found at his room at the Kitti Building on Mor Leng Road in Ratchathewi district.

The suspect confessed he had bought data stolen from credit cards in Europe and the United States from a credit card mafia network, and sold card data online to transnational criminals in many countries.

Police suspect him of also planning to infect bank ATMs in the country with malware. They found pictures of ATMs of banks and a particular series in Bangkok and other provinces.

Making Indian Cyberspace Secure!


At a time when Cyber attacks are increasing with every passing day, the Indian government on Tuesday (February 21) launched a Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) which is a desktop and mobile security solution for maintaining a secure Cyber space in the country.

India’s IT and Electronics Minister, Ravi Shankar Prasad through its Computer Emergency Response Team (CERT-in) launched the M-Kavach tool in New Delhi which offers a comprehensive mobile device security solution for Android devices addressing threats related to mobile phones. The new solution will notify, enable cleaning and secure systems of end-users to prevent further infections.

"Launched 'Cyber Swachhta Kendra' (Botnet Cleaning and Malware Analysis Centre), an imp milestone in various initiatives taken on Cyber Security," tweeted Prasad. Botnets fundamentally is a program which is automated and runs on a computing device which can be any IoT/smart device. The attacks taking place using botnets are called Distributed Denial of Service (DDoS).

* Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra) -

India has been ranked 3rd in bot-net distribution. Its a good move for Indian government to clean the computers.  CERTIn has chosen an Indian product for this.

Research by CSPF(Non profit organization) found that Malwarebytes / Avast anti-virus free anti-virus are more effective in removing viruses/bots.

The free product chosen by CERTIn also advertises that botnet cleaning tool is not replacement to anti-virus. "The vendor is trying to sell his other anti virus solutions which is totally unacceptable" according to an US based anti virus company.

"Antivirus and botnet cleaners should be constantly maintained,  Who is going to do this CERTIn or Indian vendor?" asks the US based anti-virus company.

According to CSPF "some samples of botnet were missed by this tool", the tool should have a facility to report malware missed by this tool.

"Launched USB Pratirodh, which will control the unauthorized usage of removable USB storage media devices like pen drives, external hard drives. Launched App Samvid, to protect Desktops from suspicious applications from running," the minister added.

USB Pratirodh is a desktop security solution that controls the usage of removable storage media like pen drives, external hard drives and other USB-supported mass storage devices.

AppSamvid is a desktop solution which protects systems by allowing installation of genuine applications through white listing. This helps in preventing threats from malicious applications.

According to Cyber Security & Privacy Foundation "Some of these tools developed by CDAC including white listing tool is far more complex for a normal user to understand.  White listing tool does not detect .msi files and other extension". 
Executable blocking / allowing has to be manually done. Most end users don't understand white listing, they don't know which to allow/block when there is an issue. users should not end up locking their own computers. Auto white listing that is available in some famous anti viruses should be included.
 
The reason cyber security is an issue among common man is because common man does not understand anything technical. If using the tool is more complex then the actual problem how are we going to solve the problem says a college student.

He also suggests "video should be released by CDAC showing what the tool is about and how to install and run" in multiple languages. 

During the launch, Prasad said that the 13 banks and Internet service providers are using this government facility presently and the government will co-ordinate with other ISPs and product/antivirus companies to spread its usage for a safer online space.

Prasad said that this Kendra will also enhance awareness among citizens regarding botnet and malware infection along with measures to be taken to secure their devices.

The minister also announced that the National Cyber Coordination Centre will be operational by June 2017 and CERT-Ins will be set up at state level as well.

"The government will set up 10 more STQC (Standardization Testing and Quality Certification) testing Facilities. Testing fee for any start-up that comes up with a digital technology in the quest of cyber security will be reduced by 50 per cent. We will also empower designated forensic labs to work as the certified authority to establish cyber crime," Prasad noted.

The move comes at a time when over 50,300 cyber-security incidents like phishing, website intrusions and defacements, virus and DDoS attacks have been observed in the country during 2016.

As per the information reported to and tracked by CERT-In, a total number of 44,679, 49,455 and 50,362 cyber-security incidents were observed during the years 2014, 2015 and 2016, respectively.

The Cyber Swachhta Kendra is part of the government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY). The Cyber Swachhta Kendra complies with the objectives of the National Cyber Security Policy which aims at creating a secure cyber Eco-system in the country.

The botnet and malware cleaning analysis centre was announced in 2015 with an outlay of Rs. 100 crores.

Industry experts wonder about the 100 crore outlay if it is going to used for building antivirus/botnet cleaning software, honeypots to track bots and take down botnets.

The threat of Cyber security has become more serious and visible in the past few years in the country. There is a need to collaborate and come forth with more solutions like the Cyber Swachhta Kendra. It was a much-needed move by the government. It should not be just another public relation exercise but it should be effective.

You can download the tools from here:
http://www.cyberswachhtakendra.gov.in/security-tools.html

Hackers could easily bypass SBI's OTP security

One Time Password (OTP) has become the new security feature on most of the websites, including the banks. This feature allows a user to make online transactions after the identity of the customer is verified by putting the OTP password sent to the registered mobile number from the bank. But who knew this security feature could be easily bypassed and lead to huge loss of money.

A white-hat hacker, bug bounty hunter and web application security researcher, Neeraj Edwards shared his research on how he could easily bypass the OTP of one of the most popular bank, State Bank of India (SBI) and could make the transaction with any amount.



While making a transaction, the last page of SBI’s website shows a One Time Password screen where there is a parameter called ‘smartotpflag is set to Y i.e. smartotpflag=Y’.


Smartotpflag parameter is used to generate OTP, and Y represents ‘yes’ to send the code to the registered mobile. However, the risk factor arises if someone changes ‘Y’ to ‘N’ which means ‘No’. The transaction then will be completed without entering the OTP.


Though after Edwards discovery, the vulnerability was patched but it was highly disappointing that the person who could have easily benefited from this vulnerability, but choose not to, was neither rewarded nor acknowledged for his work.

The press too could not make this important news to the papers, thus keeping the public in dark and keeping the discoverer from any achievement.

The POC Video:
https://www.youtube.com/watch?v=2kYm1G2jBcM

Cyber attacks on rise in India


Big Indian conglomerates, mid-scale companies based in tier 2 or tier 3 cities and the country's biggest banks; everybody is being targeted by the hackers and with each passing day, the breach attempts are getting more sophisticated.

In May 2015, two Indian conglomerates were forced to pay $5 million each in order to prevent hackers from disclosing information that could have implicated them in a wrongdoing.

In 2014 Gujarat-based Rs, 1,500 cr BSE listed, Deepak Nitrite was surprised when one of its regular customers based in the US, didn't pay even after receiving a consignment. When the company asked the customer about the payment, they were told that the payment was made to a new account in Malaysia. The client had received an email from Deepak Nitrate's official id just earlier informing it of a change in bank account details. Deepak Nitrite had neither changed the bank account nor communicated any such thing to its customer. The Gujarat based company has filed a complaint with cyber cell of Vadodara police but nothing has come of it yet.

In July this year, state run Union Bank of India was breached by cyber hackers but thankfully the money trail was traced in times and movement of funds was blocked which prevented it from becoming the biggest hacking incident, bigger than the Bangladesh central bank breach.

In January this year, hackers seized control of computers at three Indian banks and a pharmaceutical company by gaining control into the IT system and locking each and every computer. The hackers had demanded that the company pay one-bit coin per computer to unfreeze the computers. A private investigator roped in the case found that the hackers had used the Lechiffre ransomware which was downloaded in the company’s IT system when a junior employee opened an email disguised from senior management.

In-house analysis conducted by the biggest cyber security firms say that Indian companies lose anywhere around $ 4 billion every year due to cyber-attacks.

Experts say that lack of secrecy maintained by Indian companies become a boon for hackers.

The secrecy of banks on hacking attempts may not remain much under wraps because of the instructions by Reserve Bank of India which makes it mandatory for banks to disclose the breaches.

The vulnerability of the banks came to light recently when data of about 3.2 million debit cards was lost in what is claimed to the India's biggest breaches. SBI, HDFC Bank, ICICI, YES Bank and Axis were worst hit by the breach of the debit cards.

Many banks have now beefed up their security systems and have created a parallel and a decoy IT system so that the hackers attack those instead of actual IT systems.

However, the Indian companies are continuing to ignore the threats, the threats which are even attacking IT companies. But to be on safe side, it is important for IT companies to rope in ethical hackers who have the same skills and intelligence as black-hat hackers but with good intentions.

Many companies including ecommerce and mobile app-based service providers are increasingly roping in ethical hackers to look for loopholes in their system by continuously trying to hack into them from outside and report back to the company. In some cases, these ethical hackers also help companies fix the glitch which is why new age companies are better prepared for cyber attacks than their traditional counterparts.

While bounty hunting by security experts may be one of the flashiest of the techniques but that’s not the only trick experts have up their sleeves. During a conversation, cyber security head of PwC said that some of its tech experts do monitor even the dark web, disguised as hackers.

This is mainly to keep an eye on what’s happening behind the closed door, and if they can stay a step ahead of the hackers. All businesses need a step ahead innovation and thinking to be safe and beat hackers.

Google looks to hire Australian hackers


Google is searching for Australia’s best and brightest hackers to employ them for hard-to-fill cyber security positions at the search giant’s own business. The tech giant's Australian hiring raid may likely exacerbate the IT skills shortage in government agencies.

This step has been taken by the Google because of a difficulty in finding the right mix of people to take up cyber security positions. Despite the various specialised courses offered by Australian universities, not many appear to be interested in taking up the courses. The number of people taking up information and communications technology degrees has halved over the last decade according to the Government's Cyber Security Strategy.

Moreover, “it’s difficult to find such people who have the skills of hacking into a system but ultimately want to make it more secure and not use those skills negatively and are also willing to work in a big software company,” said Google Chrome’s security head, Parisa Tabriz.

The shortage can also be felt by Google which is now looking to hire as many quality cyber security positions in Australia as it can.

But Google’s gain could be government’s loss. The federal government expects demand for cyber security services and related jobs — such as legal services, insurance and risk management — will grow by at least 21% over the next five years.

The government services though have been competing with private firms on salaries. It is a common problem for governments across the globe when attempting to attract people for jobs, to fall short of being able to provide the kind of salaries and perks that private firms serve up to prospective employees.

Two weeks ago, the giant US-based telco Verizon announced it has strengthened its armoury in the fight against cyber adversaries with its investment in next-generation security capabilities at its Asia-Pacific Advanced Security Operations Centre in Canberra.

The opening of the new security centre followed Verizon’s appointment last December to the federal government’s new whole of government telecommunications services panel which provides coordinated telecommunications services.