Microsoft Shuts down Websites in Association with the Russian Military Intelligence Service GRU


On the twentieth of August, Microsoft made public that it effectively terminated 6 websites in affiliation with the Russian Military Intelligence Service GRU.

The hacker group that has come to light is the well-known Fancy Bear also referred to here, as APT28 which likewise has been formerly connected to cyber-espionage campaigns directed towards various governments around the globe, including to the hack of the Democratic National Committee before the 2016 US Presidential Election.

The gathering last targeted the conservative think tanks namely the Hudson Institute and the International Republican Institute, three which were intended to mirror the U.S. Senate sites and one of the fake ones even ridiculed Microsoft's online products.

Microsoft's Digital Crimes Unit (DCU) effectively executed a court order to transfer the control of six internet domains made by the group. The six domains are:

my-iri.org
hudsonorg-my-sharepoint.com
senate.group
adfs-senate.services
adfs-senate.email
office365-onedrive.com

Microsoft’s president and chief legal officer Brad Smith wrote, “We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit.”

What's more, in spite of last week's steps, Microsoft is anxious by the continuous activity that is focusing on these and other sites that are for the most part centered towards elected officials, politicians, political groups and additionally think tanks over the political range in the United States.

Since Russian cyber-attacks directed towards the elections are recurring and likely to expand , Microsoft is intending to protract the Microsoft's Defending Democracy Program with yet another initiative called the Microsoft AccountGuard , which will provide the best in class cyber security protection at no additional cost to all the candidates and campaign workplaces at the federal, state and local level as well as think tanks and political organizations that are presently thought to be under attack.


Flaw In the Amazon Echo; Allows Hackers to Listen In To Users’ Conversations





Security researchers from the Chinese tech giant Tencent as of late discovered a rather serious vulnerability in Amazon Echo. The vulnerability is termed serious on the grounds that it enables programmers to furtively tune in to users' conversations without their knowledge.

The researchers in a presentation which was given at the DEF CON security conference, named ' Breaking Smart Speakers: We are Listening to you,' and precisely explained as to how they could assemble a doctored Echo speaker and utilize that to gain access to other Echo devices.

'After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping. When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.'

Researchers utilized Amazon's Home Audio Daemon, which the device uses to communicate with other Echo devices on a similar Wireless connection, to ultimately control the users' speakers. Through which they could quietly record conversations or even play random sounds.

The attack though, is the first one that the researchers have distinguished a noteworthy security defect in a well-known smart speaker such as the Amazon Echo. The researchers have since informed Amazon of this security imperfection and the firm said it issued a software patch to the users' in July. They likewise note that it requires access to a physical Echo device.


In any case, Amazon and the researchers both warn that the technique distinguished is extremely modern and in all probability is easy for any average hacker to carry out. 'Customers do not need to take any action as their devices have been automatically updated with security fixes,' says an Amazon spokesperson.

Yet, some have brought up that the attack could also be carried out in regions where there are multiple Echo devices being utilized on the same network, the simplest example of it are the Hotels or Restaurants.

Nonetheless prior this year, researchers from University of California, Berkeley too recognized a defect where hackers could not only control prominent voice assistants such as, Alexa, Siri and Google Assistant but could also slip indiscernible voice commands into audio recordings which could further direct a voice assistant to do a wide range of things, that range from taking pictures to launching websites and making phone calls.


Threatening Frailty in the Indian Mobile Security



Compromising your phones has become quite an easy task for the hackers these days as it is convenient for them to do so without much hard work .There are numerous ways already available like the hackers can change passwords and get access to confidential corporate and private data on your phone or better yet they can either install malicious code on your phone that allows them to read your messages, access your photos or could even turn on your microphone.

In other words, once hackers access your device, they can easily use your microphone or camera to record you, and thanks to GPS, they’ll even get to know your location.

In case of companies that make operating systems (OS) for mobile phones, they are used to plugging known vulnerabilities and loopholes by periodically updating their operating systems and release newer versions of it by even issuing security patches.

But in the case of Android, there exists a unique problem. Android being a foundational OS releases an update or a security patch and it’s unclear who is responsible for updating the OS that’s actually running on the device.

There are hundreds of companies that are currently making Android based devices and selling more than 60,000 models worldwide. It’s a complex ecosystem, with no one quite tracking the updates and vulnerabilities.

A third of the Android phones in India are running a version of the OS released in March 2015 or before. This leaves now some 300 million smart phone users in India potentially vulnerable.
Nobody presently knows how they are utilizing the internet and what applications are being installed on these devices. They are additionally liable to be less attentive about imparting information to application developers. Most terms and conditions that users consent to have a tendency to be in English. And that in itself is reasonable enough for assuming that numerous Indian mobile users are consenting to things without quite understanding what they are consenting to.

Saket Modi, the CEO of Lucideus Tech as well as a well-known ethical hacker says,
“It is relatively harder to install malware on Apple’s iPhones as to install a hacking app on an iPhone, you need the unique device identifier — a sequence of 40 letters and numbers, which can only be accessed by connecting the phone to a computer via Apple’s iTunes software. It is far easier however to install an app from an unknown source on an Android phone than on an iPhone,”

According to data aggregated by Lucideus, Android (all versions combined) has 1,855 known vulnerabilities, compared with 1,495 for iOS.

The Outdated privacy laws in India add to the troubles of mobile phone users. Shiv Putcha, founder of telecom consultancy Mandala Insights says..

 “In India, the regulations are weak at best, you don’t have a privacy law, no regulations around data storage or access to private data. If they (mobile phone makers and service providers) aren’t storing data here, how can we be sure how secure our data is?”

Nevertheless the government though did respond to this issue by highlighting the need for a strong data protection law, along the lines of the General Data Protection Regulation (GDPR) in the EU, and has even set up a committee to look into it.


Although according to Google, in 2017, India still ranks third in the highest percentage of phones with potentially harmful applications (PHAs) among the major Android markets, with 1% of the total Android phones in the country affected, though the figure had dropped by a third from 2016 but Google still says that devices that install apps from outside the Google Play app store are nine times more likely to have PHAs.






The CBI Registers Case of Alleged Hacking AndUnauthorised Online Transactions Involving $1.41 Million.


The Central Bureau of Investigation (CBI) on Monday registered a case against an on-site resource of Yalamanchili Software operations team, which provides the prepaid card application.

The accused, Sandeep Kumar Poojary is culpable of hacking a foreign travel card database and 374 unauthorised online transactions involving $1.41 million through three prepaid cards issued by the State Bank of India (SBI).

There are as yet many suspected to be involved with this case registered under various provisions of the IPC and the IT Act.

“Manpower resources for handling the system operations were also provided by Yalamanchili Software...”said SBI, in its complaints.

The wakeup call actually came up a year ago in February, when Yalamanchili software's COO reported the incidence to the bank, expressing that the balance in the prepaid card system had been modified deceitfully for authorisation of three foreign travel cards having a place with a solitary client.

The authorisation was said to have occurred over online business sites (e-commerce websites) of four shippers predominantly: Neteller.com, Entropay, Swiftvoucher and Skrill.com and these exchanges were carried out from November 8, 2016 to February 12, 2017.

The bank's NRI Seawoods branch in Navi Mumbai issued the primary card on November 7, 2016. Two more add-ons were issued to the user on November 29 and December 7, 2016, by the same branch.

As indicated by the FIR, the merchant transactions came by the means of VISA with the nation code as Great Britain, and the transaction and billing currency as U.S. dollars.

While the exchanges occurred on the prepaid card system, the balance seemed to have been modified manually by means of the Oracle Database access; the Yalamanchili Software Exports told the bank. Post authorisation the settlement transactions and authorisation alongside the general ledger entry was deleted.

The balance sheet generated on the prepaid card system therefore, did not display any difference.
 Additionally the bank added that after the swindling was identified, SBI managed successfully to block the three cards, banish the users from transacting on the four merchant sites, and abrogated the privilege of application user for executing database package.


Prevalent Cyber threat group targets UK

As of late a well-known hacking group attempted is as yet trying to focus on the UK with an updated version of malware intended to install itself into the compromised systems and stealthily conduct surveillance. Within the most recent year, the group seems to have been especially centered on diplomatic targets, including consulates and embassies. 

Both the Neuron and Nautilus malware variations have already been credited to the Turla advanced persistent threat group, which is known to routinely carry out cyber-espionage against a range of targets, including government, military, technology, energy, and other business associations and commercial organisations. 

It basically targets Windows mail servers and web servers; the Turla group conveys uniquely made phishing emails to trade off targets in attacks that deploy Neuron and Nautilus in conjunction with the Snake rootkit. By utilizing a combination of these tools, Turla can increase diligent system access on compromised systems, giving secretive access to sensitive data or the capacity to utilize the system as an entryway for carrying out further attacks. 

However the UK's National Cyber Security Centre (NCSC) - the cyber security arm of GCHQ - has issued a notice that Turla is conveying another variant of Neuron which has been altered to sidestep disclosure. 

Alterations to the dropper and loading mechanisms of Neuron have been composed in such a way so as to avoid the malware being detected, enabling its pernicious activities to proceed without being intruded. 

While the creators of Neuron have additionally attempted to change the encryption of the new version, now configuring various hardcoded keys as opposed to simply utilizing one. In the same way as other of alternate changes, it's probably that these have been carried out to make detection and decryption by network safeguards more troublesome. 

At all might be the situation it is believed that the National Cyber Security Centre doesn't point to work by Turla being related with a specific danger on-screen character - rather alluding to it as:
                                 "A predominant digital danger group focusing on the UK".


Security breach encountered in Perth international airport

A Vietnamese hacker infiltrated Perth international airport's computer system and swiped away sensitive security details. Le Duc Hoang Hai, 31 , utilized credentials of a third party contractor to unlawfully get to the airport's system in March a year ago.

Prime Minister Malcolm Turnbell's cyber security adviser Alastair Macgibbon told the West Australian that the Vietnamese figured out how to steal "a significant amount of data". He added the hack to be "a close miss" that could have been a considerable measure more terrible. The programmer could get the data on the Airport's building security yet luckily not radars. The authorities at the Airport detected a security breach and informed the federal cyber security authorities in Canberra who at that point tipped-off Vietnam.

 The 31-year-old was then arrested in Vietnam after the authorities got the information about the tip-off from the Australian federal police. He has been convicted in a Vietnamese military court and condemned to 4 years behind the bars. Aside from this, the travellers were not placed in threat as he was not able access radars, computer data related with air traffic or even the personal details of said travellers.

 Kevin Brown,Perth Airport CEO,later assured that no personal data of members of the public,such as details of credit card numbers, was accessed but other Perth Airport documents were taken. Brown said the airport has completed a full risk assessment of the data stolen and concluded that there was no threat or risk to the travelling public.The Perth international airport was in any case, the main Australian focus of the hacker, who had prior succeeded in compromising the website of the Vietnamese banks and telecommunications also including an online military newspaper.

 Macgibbon further added saying that right now there is no confirmation whether Hai, was working with a bigger hacking group or whether the data stolen in the breach was sold off or leaked online. In any case, he commented on the incident saying that it is indeed a warning sign that crisis like these are going to be encountered a lot in the coming future.