Critical data of 6,000 Indian companies up for sale on Darknet

The enterprise arm of a Pune based IT security firm, Quick Heal, Seqrite has claimed they spotted an advertisement on DarkNet forum that claims access to data of over 6,000 Indian businesses. This means that sensitive information of organizations including service providers, banks and government has been breached by an unknown cybercriminal who has priced it at 15 Bitcoins (nearly Rs 42 lakh).

Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, tracked the advertisement where the unknown hacker is offering network takedown of affected organisations for an unspecified amount. They even disguised as buyers and contacted the advertisers for their services.

"This can be a major tool of mass disruption if a non-state actor gets hands on it," Seqrite said on its website.
Organisations whose services may be at risk include UIDAI, Idea, BSE, Flipkart, DRDO, Aircel, RBI, BSNL, SBI, TCS, ISRO, EPFO, among several others.

According to the information, the nation’s internet registry was also hit by the attack, but the organization says the information obtained was trivial.

However, government officials managing the entire Internet protocols in India have denied any such leak.

The National Internet Exchange of India (NIXI) released a statement condemning the notice as announced by the Darknet hacker. The NIXI clarified that there was no serious breach of the Indian registry database. “There was an attempt to penetrate the system and hackers were able to collect some basic profile information of the contact persons of some of the affiliates which were displayed by him on the darknet. There has been no serious security breach of its IRINN system, as it has a robust security protocol in place. The hacker has no capacity to cause any damage or initiate distributed denial of service to any entity who has been allocated Internet resources through IRINN System,” said a NIXI spokesperson.

The hackers have meanwhile claimed to disrupt business operations of any business they want, on demand. Maybe the amount of bitcoins charged would be even more for such ‘request’.

The cyberwar between the US and Russia will not happen

The Press Secretary of the Russian President Dmitry Peskov called accusations of espionage by the American media directed to the Kremlin and "Kaspersky Lab" "absurd, baseless and unsubstantiated".

At the beginning of October the U.S. editions The Wall Street Journal and The Washington Post reported that the Russian authorities allegedly used the modified software of IT companies to search for secret documents around the world and to spy on US.

On this week The New York Times has complemented such story reporting that the US intelligence officers have heard of the theft of documents from Israeli colleagues who allegedly managed to hack the internal network of "Kaspersky Lab" and find evidence that the Kremlin really hacked the NSA.

Also, in July the US Government prohibited government Agencies using Antivirus Kaspersky for security reasons.

In addition, Bloomberg reported that "Kaspersky Lab" was developing a special technology for the Federal Security Service of Russia (FSB) and was sending to FSB all information about hackers.
"Kaspersky lab" denies cooperation with special services.

The head of Group-IB Ilya Sachkov commented at a press conference CyberCrimeCon/1 on one of the most discussed news in the world.

According to his opinion, the cyberwar between the US and Russia is unlikely, because it will lead to terrible consequences, to the catastrophe. He hopes that all countries understand this. Moreover, he does not believe in the development of the cyberwar with the participation of Russia.

Sachkov noted that product will not to become the goal of a cyber attack, if it is released in small volume and is not popular. "Import substitution does not increase security," he added.

- Christina

Iran behind UK Parliament cyber-attack

British Parliamentarians became the victims of the cyber attack that attempted to uncover weak passwords used by lawmakers. According to a secret intelligence assessment, Iran was behind the attack, in which around 90 accounts were compromised.

 On June 23, British authorities detected some unusual activity, and immediately they took appropriate measures to prevent the hack. As a result, lawmakers were unable to access their e-mail for many days.  It is speculated that more than 9,000 email accounts were compromised including Theresa May and other ministers.

Initially, Russian hackers were blamed for this cyber attack, but investigating authorities have reportedly traced the attack to Tehran regime.  This cyberwarfare is believed to be a first major attack on Britain from Iran.

"What we need to do is keep that deal going - it's been a great success for UK diplomacy," Foreign Secretary Boris Johnson told reporters.

"This deal lives to fight another day, and that's a good thing."

While a spokesman for the National Cyber Security Centre said that “It would be inappropriate to comment further while enquiries are ongoing.”

Malware hits 41 Hyatt Hotel properties

Hyatt Hotel's payment card systems were infected with malware, which has exposed credit card data details from 41 hotels in 11 countries. 

The chain announced that their cybersecurity team had discovered the hack back in July this year.  The team had observed a sign of unauthorized access of payment card information system of certain Hyatt-managed locations between March 18, 2017, and July 2, 2017.

In a statement, the Hotels  explained that they "Upon discovery, we launched a comprehensive investigation to understand what happened and how this occurred, which included engaging leading third-party experts, payment card networks and authorities.”

“Hyatt’s layers of defense and other cybersecurity measures helped to identify and resolve the issue. While this incident affects a small percentage of total payment cards used at the affected hotels during the at-risk dates."

According to the Hotel authorities, personal information such as names, card numbers, expiration dates and internal verification codes with cards that were either manually entered or swiped at the front desk were at risk. 

A total of 41 Hyatt hotels around the world has been affected by this breach, and almost half of them are in China.  Other includes hotels in  Brazil, Columbia, Guam, India, Indonesia, Japan, Mexico, Puerto Rico, South Korea and Hawaii in the United States.

'We have directly contacted all guests for whom we have appropriate and reliable contact information that used payment cards at affected hotels during the at-risk dates,' Chuck Floyd, global president of operations for Hyatt Hotels Corporation.

'We do not have appropriate contact information for all guests, so we have also posted this notice with a list of affected hotels and respective at-risk dates,' he concluded. 

WhatsApp flaw lets hackers monitor your online activity, sleeping pattern

A potential design flaw has been found in WhatsApp that will let anyone track a user's activity. While the contents of the messages can’t be read given that WhatsApp is end-to-end encrypted, the ‘online status’ feature can be used to monitor exactly when a user is online, according to a blog post written by a software engineer Robert Heaton. Your online status can help hackers figure out who you are talking to. It can also be exploited to spy on a user’s sleeping patterns – the time you go to bed and wake up.

Heaton, who has made similar security-related findings in the past, described it in his blog post just how easy it was to do this while relying on a laptop, Chrome extension and using WhatsApp web. He exploited the flaw by creating a Chrome extension with a minimal four lines of code, Digital Trends reported late on Tuesday. The code could even be tweaked to correlate more than two people messaging each other.

"What that means is that when you go offline and then come back online to read a message, that action is being logged.

Heaton though was relying on the ‘last seen’ option, which has privacy settings and gives users the option of blocking strangers. However, as the post points out, the default setting in the ‘last seen’ is often everyone and not many people bother changing this.

Unfortunately, there is nothing you can do to stop attackers from monitoring your activity. While the app has an option to show your last seen status to everyone, only your contacts, or no one, there is no way to disable the online status feature which reveals when you are actively using the service. This data can be easily collected on a mass level and then sold to third-party firms for advertising purposes.

How safe is it to share your Aadhar card details with someone?

Is India ready to be digital country? Do we have a cyber crime free mechanism to go digital? These are some basic real question that we need to ask before going full digital.

Now and then Government of India is linking its citizens Unique Identification number popularly known as Aadhar number with every document whether it is a mobile number, pan card, driving license etc.

But there are many reports which showed that citizen's privacy is being compromised. Recently, a Mumbai-based man, Shashwat Gupta, who works in Kozhikode for a private firm, was duped of Rs 1.3 Lakh after he was told to link his phone number to his Aadhaar card.

He took social Media website, Facebook to write about his ordeal, and it is a great example how we should be careful before sharing our Aadhar Card details with anyone.

"And in a blitz, my salary account was looted.

Hi guys! I just lost an amount of Rupees 1.3 lacs from my ICICI Bank salary account. A fraud, claiming to be from Airtel, gave me an ultimatum that Airtel would deactivate my SIM and block my number forever as I had not linked my Aadhar card to my SIM. He urged me to message my SIM card number to 121 (Official Airtel Service Number) and my SIM would be reactivated without any hassle. Little did I know that the fraudster would clone my SIM and loot all my hard earned money and also take away Investments (Fixed Deposits) that I had planned on using during the worst times of my life.

Is this all that was required to break my ICICI Bank Account? Is that how vulnerable technology have left us? I always thought that our accounts are well protected by layers of security. I was under the impression that a person would require my account details or debit card or some sensitive information that only I have, that I have been safeguarding every minute of my life, to break my account. But the truth is all that sensitive stuff is already floating around the criminal world waiting to be raided, as our beloved banks like ICICI Bank haven’t been able to keep what must only be ours, OURS!

It is unbelievable how easy it has become to steal from our accounts. All the fraudsters are doing is trying every trick they can think of to get that one tiny key that would break open a safe that seem to be safeguarded by hundred different locks.

The saddest part of this is, after the loot on day one, ICICI Bank was not able to protect the balance amount. Even after 18 hours of raising Service Request ( S/R 497438380 ) and repeated follow-ups on customer care and branch, the Bank was not able to freeze my balance and as a result early next morning the fraudster was easily able to walk away with the remainder amount. Dear ICICI Bank, are your services supposed to end in crisis or are you supposed relieve the customers’ grievances and prevent further damage?

ICICI Bank needs to understand that a fraudster breaks much more than an account with his activities, he breaks a persons’ life.

I feel that the Bank has failed to protect my account effectively and are completely responsible for my losses. I hence demand ICICI Bank to refund every single penny I’ve lost in this incident.
I would also like to speak out to my friends here, guys please be careful and wary of these frauds. The people who we think are securing us, are actually the ones screwing us."

However, ICICI Bank replied to Gupta's post that they would look into the matter. But, is it sufficient for him?

Now the question arises who was responsible for this fraudulence bank or the mobile company? Whose responsibility is to protect us from such kind of scams and frauds?

Deloitte hack affects 350 clients

A hack at global accounting firm Deloitte shocked the world last month, and further details have been thin on the ground until 10 October.

Citing unnamed sources, the Guardian reported on Tuesday that a server with emails of some 350 clients, including U.S. government agencies, the United Nations and large corporations were compromised in the cyber attack.

"We take any attack on our systems very seriously," the statement said. "We are confident that we know what information was targeted and what the hacker actually did."

There are more than 30 blue-chip companies mentioned in the dossier obtained by The Guardian. Clients that were made vulnerable include the US departments of state, energy, defence and homeland security as well as the National Institutes of Health in the US, the US Postal Service, and Fannie Mae and Freddie Mac (mortgage funders and guarantors).

Deloitte said on 25 September that it was the victim of a cyber attack that affected the data of a small number of clients, providing few details on the breach.

The attack seems to have begun in autumn last year as Deloitte was migrating its email to cloud-based Office 365 at its Hermitage office in Nashville. Hackers allegedly got into the system using an admin account that could, in theory, have given them access to the company’s entire database of emails.

One source said: “The hackers had free rein in the network for a long time and nobody knows the amount of the data taken.” Apparently, Deloitte did not have multifactor authentication at the time of the breach.

The breach at Deloitte, which says its customers include 80 percent of the Fortune 500, is the latest in a series of breaches involving organisations that handle sensitive financial data that have rattled lawmakers, regulators and consumers.

"These are targeted attacks on a financial opportunity," said Shane Shook, an independent consultant who helps financial firms investigate cyber attacks. "This trend is going to continue to grow."

Poland announced the establishment of CyberArmies to counter Cyber Threats

A separate type of army intended to combat threats in cyberspace will be established in Poland, Krakow. The Minister of Defence of Poland Antoni Macierewicz spoke about it on Monday during his presentation on Cybersecurity Forum. He believes that protection from information threats is important nowadays, specially from Russian hackers.

"Groups of people carry out mass information or disinformation campaign," said Macierewicz, accusing the Russian hackers in an attempt to influence the outcome of the referendum on independence of Catalonia.

The Polish authorities will devote the project about 547 million dollars. It is planned to involve in this cyber army about a thousand people.

"The threat of Russian hackers" – a convenient excuse to justify waste. This opinion was expressed by the political scientist Paul Swyatenkov on the radio.

"It's just an excuse. Now many of the major countries create conditional armies of cybersecurity. So, this is a structures that should reflect the threats in cyberspace.It's not just about the superpowers, such as the Russian Federation or the United States, but also relatively small countries like Poland.", said Pavel.

"Polish authorities and the Ministry of Defence need to justify why they spend taxpayers ' money for such purposes. And then the most widely discussed topic about "Russian threat" comes to the rescue. So, all of this is doing now in order to escape from the widely publicized Russian hackers. Perhaps, in the future the military budget in this direction will increase. First step is the hardest,"

- Christina

Taiwan Bank breach: Sri Lanka arrests two suspects

Sri Lankan police have arrested two people for allegedly planting a malware in a Taiwanese bank's servers to enable illicit transactions and sending unauthorized, doctored messages through the interbank Swift network.

The Criminal Investigation Department (CID) started an investigation last week after a reports that an individual received Rs 110 million from a bank, Taiwan Far Eastern Bank,  that was compromised.

The Director at police criminal investigations division (CID),  Shani Abeywardana told Reuters, “We arrested on a tip-off from the Bank of Ceylon that there had been a suspicious transaction.”

“From the investigations and questioning we’ve found out that this is connected to hacking in Taiwan,” Abeywardana said.

An English news website of Taiwan's Central News Agency (CNA), Focus Taiwan has reported that Far Eastern Bank had informed about the breach to the Taiwan’s financial watchdog,  Financial Supervisory Commission as well as the  Society for Worldwide Interbank Financial Telecommunication's (SWIFT) network.

“Through the planted malware, hackers conducted virtual transactions to move funds totaling nearly $60 million from Far Eastern Bank customers’ accounts to some foreign destinations such as Sri Lanka, Cambodia and the United States, the bank found on Tuesday,” Focus Taiwan’s website said.

“It added that since the bank continues to trace the lost funds by underpinning certain fund movements, the loss could be reduced to zero. It said the hacking did not lead to any leaks of customer information.

To track down the hackers, the police Criminal Investigation Department (CID)  was working closely with Taiwan counterparts since last week.

"We are looking at about $1.3 million that had come into three accounts in Sri Lanka," said the official.

"We have taken two people into custody and we are looking for one more person".

However, police have recovered most of the money, and a court investigation is pending.

Whole Foods is being secretive about credit card breach

The grocery chain, which was acquired by Amazon for $13.7 billion in late August, announced Thursday it "recently received information regarding unauthorized access of payment card information."

Customers who bought groceries at 56 stores throughout the country were not affected by the breach, but instead, those who frequent the in-store table-service restaurants and taprooms at those places may have had their payment card information accessed as a different point of sales system is used there. The stores' main checkout registers were not a part of the breach.

If the whole Equifax debacle changes anything at all, it should be the public perception of what a responsible disclosure looks like in the wake of a devastating data breach.

That’s a lesson that, incredibly, Whole Foods seems determined to ignore.

The data breach was made public two weeks ago, but the affected stores were not announced at that time, as the company investigated the hack. It was uncertain whether the security breach reached all 470 Whole Foods locations, according to the Associated Press, but that number was later reduced.

It’s been 12 days since Whole Foods first disclosed that its point-of-sale systems were compromised, leaving an untold number of credit card holders at risk. The following day, Gizmodo reported that as many as 117 venues may have been impacted. At the same time, the company set up a website that allows the public to see which stores are involved which included two San Francisco locations, three in the South Bay, and other parts of the Bay Area. But since then, the company has gone dark.

To date, Whole Foods’ initial statement on September 28th represents the entirety of its public disclosure. In an email to Gizmodo on Monday, the company again declined to say when the company first discovered the breach. Did it wait days, weeks, or months to notify the public? That is information Whole Foods has readily on hand and is refusing to divulge. The supermarket chain has further refused to say whether any potentially compromised customers have been contacted individually.