Search This Blog

Latest News

The Union Government To Come Up With National Cyber Security Strategy 2020

National Security Adviser Ajit Doval announced that the Union government is set to come up with National Cyber Security Strategy 2020 for gu...

All the recent news you need to know

NIC hacked by a malware, over 100 computers compromised

 

Recently, India's largest data agency NIC ( National Informatics Center) was hacked by a malware unidentified as of yet. The attack was sent from an email, infiltrating the network and around a hundred computers were affected. 



After the attack, the incident was reported to Delhi Police's Special Cell and the case was registered under the Information Technology Act (IT Act). The attack came from an email, which upon opening by an employee - all data from the machine was stolen and encrypted. 

The National Informatics Center is a branch of the Ministry of Electronics and Information Technology (MEITY). The NIC is responsible for the government's technical infrastructure and for the implementation and delivery of digital India initiatives. The Institute contained sensitive information related to National Security, India's Citizens, Home Ministry, Security Advisor, and the stolen data could very well harm National Interest. 

Upon investigation by Delhi Police, the attack was confirmed as a Malware coming from an email bait. While it was reported by only one employee, several of the workers got this mail containing the malware and when the user clicked on this mail, his system was compromised. Likewise, hundred of such computers were infected.

The IP address from the mail was detected to be from the Bengaluru office of an American company.

Attack from Anonymous?
Some sources say that this attack was from the infamous hacking group- Anonymous. Some days back the official website of the Indian Army and according to firstpost.com, a letter was sent to the Indian Government stating- 

 "We are Anonymous Again. 

 To the People of India and Government,
 You Have Underestimated the Power of people. You thought First NIC Hack by Anonymous was a Playful act, "THINK AGAIN".
 We are not here to Play with anyone. We are here to send a message to all the people who support the Anti-corruption bill. We took Down Indian Army Official Site and NIC knows more about what we did. We do not support anyone, We Support Only The Anti-Corruption Bill.

No one can speak for Anonymous, Nothing is Official." 

 It could be that both these attacks are linked and from the same group.

New Windows Vulnerability Allows Domain Takeover, Microsoft Released Patch



A new vulnerability named Zerologon has been identified by cybersecurity organization, Secura who tracked the high rated vulnerability as CVE-2020-1472; it allows attackers to gain admin control of a Windows domain, inducing the ability to steal credentials from individual Windows account.

In order to exploit Zerologon, the attacker is required to be on the network, access to which can be acquired by various methods such as phishing, drive-by exploits or etc.

The attacker disables security features that protect the Netlogen process and change a system's password linked with its Active Directory account. Zerologon exploits a weak cryptographic algorithm used in the Netlogon authentication process, as per the expert findings at Secura.

While exploiting the vulnerability and attempting to authenticate against the domain controller, the bug impersonates the identity of any computer on a network and disables security features. In order to obtain domain administrator access to carry out malicious activities, the attacker needs to connect to a domain controller through a Netlogon secure channel connection. The attack is carried out swiftly, lasting not more than three seconds.

In August 2020, Microsoft effectively disrupted the operations of numerous companies in the patching process that took place in two phases and finally released patches for a severe 10/10 rated security flaw that was described as an elevation of privilege in Netlogon. The task has been an arduous one for Microsoft.

In their blog post on Zerologon, Secura explained, "It would not be necessary to wait for some other user to attempt to log in. Instead, the attacker can login themselves, pretending to only support NTLM and providing some invalid password. The service they are logging in to will forward the NTLM handshake to the domain controller and the domain controller would reply with a negative response. This message could then be replaced by a spoofed reply (also containing a recalculated session key) indicating that the password was correct and, by the way, the user trying to log in happened to be a member of the domain admin group (meaning they also have administrative privileges on the target machine),"

"This vulnerability can be particularly dangerous when an attacker has a foothold in an internal network because it allows for both elevation of privileges (to local admin) and lateral movement (gaining RCE on other machines on the network)," the blog post further read.



Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.

Five Steps That Will Boost Your Cybersecurity And Assure Business Community In Real Life

 

The concept of business and marketing has seen a tremendous change for a few years. Business continuity meant protecting your company in times of crisis. However, it is about recovering from large scale cyberattacks as quickly as possible in the present times. These threats can include malware, phishing emails, DDoS attacks, ransomware, etc.


 
In recent times, there has been a rapid change in the field of cybersecurity too. It has now become a vital part of an organization's business continuity, in protecting employee data, intellectual property, operational plans, R&D, etc. Due to this, a question arises of 'how corporate and IT experts can work hand in hand' to protect an organization and promote its business. 

To achieve these goals, a simple five steps method, if followed, can ensure your organization's cybersecurity and prevent it from threats and cyberattacks. 

1. Prioritize: Threat intelligence should be acquired, and it should be prioritized to formulate a defense plan. Keep in mind that simulation attacks won't be much helpful as real-time attacks. Simulated attacks won't tell you the real strengths and weaknesses. This information helps experts identify the threats they must be more careful about and build a counter-testing testing plan. 

2. Measure: You should examine whether the measures you are taking to protect your business is helpful. If not, your preventive actions are ineffective. The plan should include analyzing threat adversaries and technical attacks, and how your people respond to it. 

3. Optimize: This step involves analyzing the gaps or barriers that you identified in the measuring stage. An effective business means overcoming these gaps and barriers. When the controls are optimized, the testing can then provide more measurable results that will make your security more robust. 

4. Rationalize: Is your investment in security measures proving beneficial or just a waste of money. With the help of testing data acquired after optimizing controls, the experts now know where to cut costs and invest more. It allows a business to save money while keeping the risk factor under control. 

5. Monitor: The final and most crucial step involves keeping a constant eye on changing the IT environment trends. There might come new challenges that your company might have to face; therefore, there should be a continuous evaluation of potential threats that might impact your business.