Lone cyber police station in Bengaluru gets overburdened

The delay in setting up new police stations to handle cyber crime has overburdened the lone station in Bengaluru. Eight new police stations for cyber crime, economic offences and narcotics (CEN stations) were announced in December 2018 to handle the growing number of cyber crime cases in Bengaluru. One station was to be set up in each of the eight law-and-order divisions. Even six months after the announcement, the proposal is yet to be implemented.

The existing station, often crowded, has received over 4,700 complaints so far this year. It got 5,036 cases in the whole of 2018.

More cyber crime cases are registered in Bengaluru than in other Indian cities. And yet, some other cities have multiple dedicated stations. For instance, there are three cyber crime stations in Hyderabad.

Policemen say the sheer number of cases hampers investigations. In fact, the station has filed just one charge sheet until now this year against 52 in 2018 and 229 in 2017. A chargesheet is the end of the investigation process from the police side and paves the way for the case to be heard in court. Until now, there has been only one conviction for a cyber crime — in October 2018 after a case was investigated by the CID.

The existing station has a large number of visitors on most days. A policeman said, “Most of our time is spent in handling incoming cases, leaving us with hardly any time to investigate them.” Another official said though about 20 additional Central and Reserve (CAR) personnel have been deployed at the station, more stations are a must for faster resolution of cases.

Deputy commissioner of police (crime) Girish S said setting up of more stations will help the complainants as they will then have to travel only shorter distances to file complaints. Asked if the volume of cases was affecting investigations, Girish said, “I can’t say it’s affecting investigations, but what is happening is we are focusing on the more pressing, immediate cases, due to which the resolution time for other cases gets prolonged.” Cases of a very serious nature are taken up by the CID wing.

The Cyber Attack Response Center opened in Nizhny Novgorod


In the Russian city Nizhny Novgorod the largest Regional Cyber Attack Response Center was opened. The Center was established by Rostelecom-Solar, a subsidiary of Rostelecom, which is the operator of the systems supporting the operation of the public services portal and biometric identification in banks.
Solar JSOC Centers are already operating in other Russian cities such as Moscow, Samara and Khabarovsk. These subdivisions protect more than 110 largest Russian organizations from hacker attacks.  Federal agencies, regional administrations, financial organizations, energy companies apply to Rostelecom-Solar for information security.
The Center in Nizhny Novgorod has become the largest regional Center for monitoring and responding to cyber attacks.  The organization employs more than 70 information security professionals. The Center will be responsible for the security of all regional clients around the clock. The average response time to eliminate cyber attacks is 30 minutes.
This is a serious team of highly qualified experts in information security, able to provide customers with full protection against cyber threats, – said Igor Lyapunov, Vice President of Rostelecom for information security, General Director of Rostelecom-Solar.
All this work is impossible without qualified personnel.  This was one of the reasons why Nizhny Novgorod was chosen to create the Solar JSOC. The city has a number of universities that train IT specialists.
According to Igor Nosov, the Deputy Governor of the Nizhny Novgorod Region, today the Nizhny Novgorod Region ranks third in Russia in terms of the number of IT professionals. "We are proud of our IT companies. Today, about 700 such companies operate in the region, including the world's leading companies. And the fact that we are leaders in the IT sphere makes the problem of information security even more urgent for us.”
It is planned that the Regional Center will work closely with universities, implement internship and employment programs. Every year, more than 70 graduates and senior students participate in the Solar JSOC internship program, about 30 of them receive a job offer.

It is worth noting that now, cyber attacks are in the top 5 largest and most serious challenges facing Russia. Moreover, hacker targets are changing. Previously, the task was to seize cash, now hackers are going to gain control over the management of information systems. EhackingNews recently reported on a DDoS attack during the Presidential Straight Line.

US cyber attacks on Iranian targets not successful: Minister

U.S. cyber attacks against Iranian targets have not been successful, Iran's telecoms minister said on Monday, within days of reports that the Pentagon had launched a long-planned cyber attack to disable his country's rocket launch systems.

Tension runs high between longtime foes Iran and the United States after U.S. President Donald Trump on Friday said he called off a military strike to retaliate for the Middle East nation's downing of an unmanned U.S. drone.

U.S. President Donald Trump said on Saturday he would impose fresh sanctions on Iran but that he wanted to make a deal to bolster its flagging economy, an apparent move to defuse tensions following the shooting down of an unmanned U.S. drone this week.

On Thursday, however, the Pentagon launched a long-planned cyber attack, Yahoo News said, citing former intelligence officials. The cyber strike disabled Iranian rocket launch systems, the Washington Post said on Saturday.

"They try hard, but have not carried out a successful attack," Mohammad Javad Azari Jahromi, Iran's minister for information and communications technology, said on social network Twitter.

"Media asked if the claimed cyber attacks against Iran are true," he said. "Last year we neutralised 33 million attacks with the (national) firewall."

Azari Jahromi called attacks on Iranian computer networks "cyber-terrorism", referring to Stuxnet, the first publicly known example of a virus used to attack industrial machinery, which targeted Iran's nuclear facilities in November 2007.

Stuxnet, widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility in the Iranian city of Natanz.

Washington accused Tehran of stepping up cyber attacks.

Officials have detected a rise in "malicious cyber activity" directed at the United States by people tied to the Iranian government, Chris Krebs, director of the Department of Homeland Security's cybersecurity agency, said on Saturday on Twitter.

US Cyber Command launched a digital strike against an Iranian spy group





The United States’s Cyber Command launched a retaliatory digital strike against an Iranian spy group that is believed to be behind a series of attack on commercial ships, according to two former intelligence officials.

The Iranian spy group has ties with the Iranian Revolutionary Guard Corps, a division of Iran’s Armed Force group. For the past several years, they have been digitally targeting the military and civilian ships that are passing through the economically important Strait of Hormuz. 

The exact details of the retaliatory strike are unknown. However, the strike against the group is said to have taken place on the same day when Iran shot down $180million unmanned US surveillance drone. 

A Pentagon spokesperson only told Yahoo News that 'as a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.'



Hit by Ransomware Attack, US Town Agrees to pay Attackers $600,000 in Bitcoin



Riviera Beach, a small city which is located just north of West Palm Beach, fall prey to a massive cyber attack, wherein the hackers paralyzed the city's computer systems and have asked the city council to pay a $600,000 ransom in Bitcoin in order to have the data released.

With the hope of regaining the access to the encrypted data in the cyber attack, the officials of the Florida town conducted a meeting this week where the council agreed to pay the criminals 65 Bitcoin, a difficult to track currency.

Reportedly, it was after an employee of the town's police division accessed a phishing email, the virus which paralyzed all the computer systems in the city was unleashed.

To spread the word about the ransomware attack amongst the residents, a notice was posted on the city website which stated that they had undergone a data security event and was "working with our internal management team third-party consultants to address all issues."

Commenting on the matter, Mr. Rebholz, a principal for Moxfive, a technology advisory firm, said, “The complexity and severity of these ransomware attacks just continues to increase,”

“The sophistication of these threat actors is increasing faster than many organizations and cities are able to keep pace with.” He added.

A number of American cities have fallen prey to similar, computer-based breaches wherein the attackers demanded heavy ransoms for the restoration of the networks. Recently, Baltimore experienced a similar attack and though they refused to pay the ransom, the attack cost the city $18 million to fix damages.



Telegram Describes the DDoS Attack in Layman terms



The popular messaging app, Telegram, is being hit by a powerful distributed denial of service (DDoS) attack due to which it was down for users all around the world. The services were terminated for about an hour and during this period, the encrypted messaging service, 'Telegram' commented on the working of a DDoS attack.
“We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues.” Telegram tweeted.
The company explained a DDoS attack as when “your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper,” 
 “The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.”
The attack was not the first of its kind; the company’s services were disrupted by a similar attack four years ago as well. During that incident, the company’s chief executive, Parel Durov and other officials denied commenting on who was responsible for the DDoS attacks.
In one of its tweets, the company talks about a bright side of these DDoS attacks and says, "There's a bright side: All of these lemmings are there just to overload the servers with extra work – they can't take away your Big Mac and Coke,"
"To generate these garbage requests, bad guys use 'botnets' made up of computers of unsuspecting users who were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa," Telegram further tweeted to elaborate on how hackers carry out a DDoS attack successfully.




Undetected malware attacks Linux systems

A new sophisticated, unique Linux malware dubbed HiddenWasp used in targeted attacks against victim’s who are already under attack or gone through a heavy reconnaissance.

The malware is highly sophisticated and went undetected; the malware is still active and has a zero detection rate. The malware adopted a massive amount of codes from publically available malware such as Mirai and the Azazel rootkit.

Unlike Windows malware, Linux malware authors won’t concentrate much with evasion techniques, as the trend of using Anti-Virus solutions in Linux machine is very less when compared to other platforms.

However, the Intezer report shows “malware with strong evasion techniques does exist for the Linux platform. There is also a high ratio of publicly available open-source malware that utilizes strong evasion techniques and can be easily adapted by attackers.” In the past, we saw many malware focussed on crypto-mining or DDoS activity, but the HiddenWasp is purely a targeted remote control attack.

The malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. Researchers spotted the files went undetected in VirusTotal and the malware hosted in servers of a hosting company ThinkDream located in Hong Kong.

While analyzing scripts, Intezer spotted a user named ‘sftp’ and hardcodes, which can be used for initial compromise and also the scripts has variable to clear the older versions from the compromised systems.

The scripts also include variables to determine server architecture of the compromised system and download components from the malicious server based on the compromised server architecture. Once the components installed, the trojan will get executed on the system.

“Within this script, we were able to observe that the main implants were downloaded in the form of tarballs. As previously mentioned, each tarball contains the main trojan, the rootkit, and a deployment script for x86 and x86_64 builds accordingly.”

Ransomware tool causing chaos in Baltimore was developed by NSA



A recent spate of ransomware attacks in Baltimore and other U.S. cities has been executed using a tool developed by the National Security Agency (NSA). Thousands of people in Baltimore have been locked out of their computers in the past three weeks, causing disruption across the city. And this has been enabled by a piece of software created by the NSA, according to a report in the New York Times.
The EternalBlue exploit takes advantage of a vulnerability in Microsoft Windows machines to infiltrate target computers. The software was stolen from the NSA and leaked by hackers in 2017, and since then has been used in a wide variety of cybercrinimal schemes. 2017’s WannaCry attack used the software, as did Russia’s NotPetya attack on Ukraine last year.
Now the same software is being used against U.S. citizens, causing particular problems for local governments with machines which have been disrupted. Many local governments do not regularly update their computers, leaving them vulnerable to exploits. In Baltimore, hospitals, airports, ATMs, shipping operators, and vaccine-producing factories have all been effected in the last few weeks.
The software locks the target computer’s screen, then shows a message demanding a payment of around $100,000 in Bitcoin for the target to regain access to their files. “We’ve watching you for days,” the message says, according to The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
The NSA has never acknowledged the theft of the software or its responsibility for the cyberattacks conducted using it.
“The government has refused to take responsibility, or even to answer the most basic questions,” Thomas Rid, a cybersecurity expert at Johns Hopkins University, said to the Times. “Congressional oversight appears to be failing. The American people deserve an answer.”
EternalBlue may have been developed with good intentions to protect national security, but this event shows the problems with law enforcement or intelligence agencies having tools which allow them access to computers and phones. When such a tool is leaked, it can no longer be controlled.


Your Profile Up For Sale Somewhere On The Dreadful Dark Web For Rs. 140/day?





After hacking feats, cyber cons have stooped to selling hacked profiles on the dreadful dark web for a minimal cost of Rs. 140/day.


What’s even more unsettling is the fact that organizations, market researchers and people looking for business related data could also be behind this profile marketing.

The corner of the “dreadful dark web” where these profiles are available is not accessible via regular browsers.

By way of tools like “Tor” which is an open source software that aids anonymous communication and access to a whole new world of stolen passwords, data and profiles.

According to researchers, other than cyber attackers the people tracking the consumer behavior are after free access to video streaming sites that have already been paid for by the victim.

It’s super disconcerting the way rival companies are buying profiles to get "Intel" on their competitors consumer base, sensitive data and even tracking key executives.

These hacking goons are working in groups where one sells encrypted data and the other quite conveniently decrypts all for dear money.

Then there’s a third group which stores a list of the decrypted passwords into a central server which provides data sets from these breaches.

WARNING! If you happen to use a single password or even passwords that are a teensy bit different for more than one log in sites and multiple websites you are in serious trouble.

Reportedly, the hackers have collected over 8000 databases from small websites singly. It’s only up to the imagination what kind would have been from major sites.

On the dark sites, the data is being sold in packages ranging from a minimal Rs.140 ($2) to a staggering Rs.4900 ($70).

Payment methods of Crypto-currencies like Bitcoin, Litecoin, Dash, Ripple, Zcash and Ethereum are all available to the users’ comfort.

If several passwords are bought from the website a profile could be fabricated within minutes, because quite foolishly users have the same passwords for multiple sites.

This makes the user’s behaviour extremely predictable and it becomes easy for the buyers to track the victim’s activities all over the internet.

The people who spend more time on the internet are more susceptible to such hazards because they are easier to track.

A normal user’s passwords are available for as little as a rupee but then the hot shot public figures like politicians’ or actors’ passwords’ cost ranges from Rs.500- Rs.2500/password.

QUICK TIP!
·       Try not to use common, mainstream passwords that are only easily hack-able and guess-able.

·       Especially after a company experiences a breach or a hacking feat they should make their security stronger.

·       The systems should be made more accountable than ever.

No company has faced any adversities as of yet due to this profile marketing freak-show.






Unistellar Attackers Delete Over 12,000 Unsecured MongoDB Databases




With around 12,000 unsecured MongoDB databases being deleted in the course of three weeks, attackers have solicited the owners from the databases to contact the said cyber-exotortionists to have the information restored with just a message left behind.

They search for the already exposed database servers utilizing BinaryEdge or Shodan search engines, delete them and demand a ransom for their 'restoration services' and these sorts of attacks focusing on the publicly available MongoDB databases have known to have occurred since atleast the early 2017 [1, 2, 3, 4].

While Mongo Lock attacks likewise target remotely open and unprotected MongoDB databases, the campaign does not appear to demand a particular ransom. Rather, an email contact is given, well on the way to arrange the terms of information recuperation.

Sanyam Jain, an independent security researcher and the person who found the wiped out databases, gave quite a sensible clarification to this, saying that "this person might be charging money in cryptocurrency according to the sensitiveness of the database."

The 12,564 unprotected MongoDB databases wiped out by Unistellar were found by the researchers utilizing BinaryEdge. Seeing that, right now, BinaryEdge indexes somewhat more than 63,000 publicly accessible MongoDB servers as per Jain, it appears as though the Unistellar attackers have dropped by approx 20% of the aggregate.




The cyber-extortionists leave behind notes asking their victims to connect with them if  they need to reestablish their data by sending an email to one of the accompanying two email addresses: unistellar@hotmail.com or unistellar@yandex.com.

Shockingly, there is no real way to follow if their victims have been paying for the databases to be reestablished on the grounds that Unistellar just gives an email to be reached and no cryptocurrency address is given.

These attacks can happen simply because the MongoDB databases are remotely open and access to them isn't appropriately verified. This implies that the database owners can without much of a stretch forestall such attacks by following genuinely basic steps intended to appropriately secure their database instances.

MongoDB gives details on the most proficient method on how to verify a MongoDB database by actualizing legitimate confirmation, access control, and encryption, and furthermore offers a security agenda for executives to pursue.

More to the point, significant measures will undoubtedly be taken which will additionally forestall the attacks by empowering authentication and to not enable the databases to be remotely accessible.


Nigerian BEC Fraudsters Resorting to RATs as the Tool to Amplify Attacks



The number of Business Email Compromise, also known as BEC fraud has risen up by an alarming rate; hackers have resorted to Remote Access Trojans (RAT) to amplify their attacks. 

The FBI’s Internet Crime Complaint Center, IC3 attempted to reduce the damage done by these attacks by formulating a Recovery Asset Team which took care of the consequences of  BEC scams. However, the number of scammers involved in these kinds of attacks is significantly more than ever before.

The attacks which witnessed an unprecedented upsurge are regarded as a global threat with Nigeria practicing it extensively; in the African country, money making via BEC scams have become the norm. After examining the cybercrime in Nigeria, Palo Alto Network’s Unit 42 recorded the country’s evolution into employing ransomware and malware to attain financial objectives.

In 2018, the number of groups involved in BEC scams reached up to 400 which were a hundred more than the previous year, the activities further multiplied by 54% in comparison to the year 2017.

With a monthly average of 28,227 attacks, the most affected sector was High-tech which recorded over 120,000 attacks in the previous year and the second most targeted was the wholesale industry which was subjected to around 80,000 attacks. Lastly, the third most affected sector was manufacturing, which fell prey to a total of 57,000 attacks.

Monitoring the attacks, Verizon says in a report, “Given the sheer number of incidents in this sector, you would think that the government incident responders must either be cape and tights wearing superheroes, or so stressed they’re barely hanging on by their fingernails.”

“Admittedly we do not have as much data as to what is happening beyond the deception and initial device compromise. The inclusion of keylogging malware is a good indicator that additional credential theft and reuse is a likely next step.”




New Malicious Campaign Discovered Attacking Public and Private Entities via DNS Hijacking




A new malicious campaign called "Sea Turtle," as of late discovered by researchers allegedly, is said to have been attacking public and private elements in different nations utilizing DNS hijacking as a mechanism.

Moreover the campaign is known to have compromised no less than 40 different organizations across over 13 different nations amid this vindictive campaign in the first quarter of 2019.

Since DNS hijacking is a sort of malevolent attack that redirects the users to the noxious site by altering the DNS name records when they visit the site by means of compromised routers or attackers affecting a server's settings.

The attackers helped out their work through very industrious strategies and propelled apparatuses in order to gain access to the sensitive systems and frameworks as smoothly as possible.

By focusing on two distinct groups of victims they are focusing on a third party that is known to provide services to the primary targets to effectively play out the DNS seizing. The main aim of the attackers behind "Sea Turtle" is to ultimately aim to steal the credentials so as to access the systems and frameworks in the following manner:
  1.        Via establishing a means to control the DNS records of the target.
  2.        To modifying DNS records in order to point legitimate users of the target to actor-controlled servers.
  3.        To capturing legitimate user credentials when users interacted with these actor-controlled servers.
Researchers said that they "assess” with probably high certainty that these hijacking attacks are being propelled by an advanced, state-sponsored actor hoping to get to the sensitive systems and frameworks.

To ensure against these DNS hijacking attacks, the organizations are currently attempting to execute a registry lock service, multifaceted verification (to access the DNS records), and obviously keeping up to date on the patches, particularly on the internet facing machines.



Broadcom WiFi Chipset Driver Defect Takes Its Toll On OSs, IoTs, Phones and Other Devices.




Reportedly, the flaws in the Broadcom WiFi chipset drivers are causing a lot of trouble for phones and operating systems that are exposed to it.


This means, attackers could be allowed to execute arbitrary code and initiate DOS. (Denial of Service)

As reported by an intern of a reputed lab, the Broadcom drivers and the open source “brcmfmac” driver possess several vulnerabilities.

As it turns out, the Broadcom drivers are susceptible to “two heap buffer overflows.” Whereas, the ‘brcmfmac’ drivers are susceptible to frame validation bypass as well as heap buffer overflow.

Per the Common Weakness Enumeration database, the heap buffer overflows could cause the software to run in an infinite loop, system crashes, along with execution of arbitrary code.


These above activities are evidently beyond the security policies and security services.

The aforementioned Broadcom WiFi chips are insidiously used by almost everyone without their knowing it. From a laptop through the IoT devices to the smart TVs all the devices have these chip drivers.


As these chips are enormously prevalent, they comprise of an even more enormous target range. Any simple vulnerability or flaw found in them could be a matter of serious risk.

The Broadcom WiFi chipset drivers could be easily exploited by the unauthenticated attackers by way of sending malicious “WiFi packets”.

These packets would later on help in initiating the arbitrary code execution. All the attacks would simply lead to Denial of Service.

In the list of the risks that stand to vulnerable devices, Denial of Service attacks and arbitrary code execution are on the top. These flaws were found also in Linux kernel and the firmware of Broadcom chips.

According to the source note, the four brcmfmac and Broadcom wl drivers vulnerability is of the sort, CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503.

·       CVE-2019-9503: When the driver receives the firmware event frame from the remote source, it gets discarded and isn’t processed. When the same is done from the host the appropriate handler is called. This validation could be bypassed if the bus used is a USB.

·       CVE-2019-9500: A malicious event frame could be constructed to trigger a heap buffer overflow.



·       CVE-2019-9501: The vendor is supplied with the information with data larger than 32 bytes and  a heap buffer overflow is triggered in “wlc_wpa_sup_eapol”

·       CVE-2019-9502: when the vendor information data length is larger than 164 bytes a heap buffer overflow is triggered in “wlc_wpa_plumb_gtk”

If the wl driver’s used with SoftMAC chipsets the vulnerabilities are triggered in the host’s kernel whereas, when used with FullMAC chipset, they are triggered in chipset’s firmware.

There are approximately over 160 vendors that stand vulnerable to Broadcom WiFi chipsets within their devices.

Two of Broadcom’s vulnerabilities were patched which were found in the open source brcmfmac Linux kernel.

CVE-2019-8564 vulnerability had been patched by Apple as a part of their security update, a day before the developer revealed the vulnerabilities.


Hackers in Ukraine are attacking Government websites


On the eve of the presidential elections in Ukraine, phishing attacks on Government Internet resources were activated.

According to the Head of the Computer Forensics Laboratory, the intensity of cyber attacks is increasing every year. It is a permanent process and is not necessarily associated with the elections. However, at the moment, the sites of the Central Election Commission, the Presidential Administration, the Cabinet of Ministers and infrastructure departments may be under attack.

In general, the situation with the cyber defense of Governments departments is now much better than a few years ago, since the cyber defense was improved by European financial assistance. Many different projects on quality protection have been funded.

At the same time, the sites of presidential candidates are in the risk zone of hacker attacks on the eve of the elections. It turned out that politicians can simulate the attack of hackers on their resources for the sake of PR to emphasize their importance.

Hackers used the Roskomnadzor registry for attacks on Yandex


 Yandex and several other major Russian resources a few days ago were subjected to a powerful DNS-attack. The attackers used vulnerabilities in the system of blocking sites.

"Any company and any website can suffer from such actions, " said a representative of the Press Service of Yandex.

The reason for the attack was a discovered vulnerability in the blocking system of Roskomnadzor websites. The criminals carried out the attack using DNS by changing the entries in the domain name system. They linked the addresses of new attacked sites with already blocked domains. So they managed to restrict access to the pages.

As a result, some user services were extremely slow. This was due to the fact that many operators carried out all traffic to these pages through a system of the Deep Packet Inspection — DPI.

The blocking of IP-addresses of the company Yandex was avoided, as the employees of the organization successfully repelled the attack for several days. The publication suggested that the hacker attack could be associated with the adoption of the law on the sustainability of the Runet: the problems were fixed during the rally.

The vulnerability exploited by the attackers has been known since 2017.

*Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)

76 percent Indian companies were hit by cyber attacks in 2018





A survey conducted by a UK-based IT security provider Sophos has found out that over 76 percent Indian companies were hit by cyber attacks in 2018.

India stands at third spot of highest number of cyber attacks in 2018 after Mexico and France. Meanwhile, 68 percent organizations in the world admitted of being a victim of the cyber attacks last year.

Managing director sales at Sophos India & SAARC, Sunil Sharma  told Business Today,  "In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them."

The survey was carried out in 12 countries which includes US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa, and there were about  3,000 IT decision-makers from mid-sized businesses.

"Server security stakes are at an all-time high with servers being used to store financial, employee, proprietary and other sensitive data. Today, IT managers need to focus on protecting business-critical servers to stop cyber criminals from getting on to the network," Sharma further added.

"They can't ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can't identify how threats are getting into the system and when."

The survey report reveals that in India, 39 percent of the cybercrimals are detected at the server, 35 percent are on the network, and 8 per cent are found on endpoints.

"It has been found that the visibility is not there. We don't know what kind of attack. We don't know how many modes it has actually traveled. We don't know how the attack is damaging, which are the endpoints, where it has actually made damage. All that visibility is not available and it is also not helping them to take right decisions," Sharma said.

According to the survey report,  97 per cent IT managers admitted that cyber security is the greatest challenge in India.


Asia Pacific is No 1 hunting ground for hackers

Global data from last year found that 64 per cent of all FireEye-managed detection and response customers were targeted again by the same or similarly motivated attack group -- up from 56 per cent in 2017 and Asia Pacific tops the list of malware report for 2019.

As organisations get better at detecting data breaches, hackers have become increasingly persistent, retargeting the firms they earlier broke into, US-based cybersecurity firm FireEye said on Monday.

A US-headquartered firm, Malwarebytes estimated an increase of 270% of malware detections amongst business in the Asia-Pacific region.

The financial services sector was seen to have the largest number of retargeted victims in 2018, particularly in the Asia-Pacific region, revealed the "FireEye 2019 Mandiant M-Trends Report". This trend is particularly relevant for the Indian market, given last year's cyber attack incidents at Cosmos Bank and State Bank of Mauritius.

Among the top ten countries that pose the biggest threat to malware, Asia Pacific tops the list with five countries.

Country                                          Biggest Threat

1. United States                              Information Theft
2. Indonesia                                    Backdoors
3. United Kingdom                         Information Theft
4. France                                         Information Theft
5. Malaysia                                     Backdoors
6. Thailand                                      Backdoors
7. Australia                                     Cryptomining
8. Germany                                     Information Theft
9. Brazil                                          Adware
10. Philippines                                Information Theft

"I encourage Indian firms to reassess their security posture and determine whether they can quickly detect and respond to intrusions," said Steve Ledzian, Vice President and APAC CTO, FireEye.

The Indian businesses must also determine whether "they know who is likely to attack them and how, and whether they have tested their security against human attackers in a red team scenario to try to spot weaknesses before their real world adversaries do," Ledzian said in a statement.

Singapore, a prized target

In Singapore alone, Malwarebytes saw a 180% increase in malware detections amongst the business sectors.

In the meantime, organisations appear to be getting better at discovering breaches internally, rather than being notified by an outside source such as law enforcement.

The Australian Parliament’s Anti –Encryption Law Opening Doors to Potential Cyber Attacks




The Australian Parliament recently gave a green light to an "anti-encryption" law i.e. the Assistance and Access Bill, broadly recognized by numerous U.S. tech giants, to give the nation's intelligence and law enforcement agencies access to end-to-end encrypted communications.

The bill passed, regardless of vocal opposition from cyber security and technology groups far and wide who cautioned that even secondary passages structured solely for law implementation will without a doubt is exploited by those keen to make way to potential cyber-attacks.

Portrayed as a "secondary passage" or "backdoor" the move is said to, in a general sense debilitate Australia's cyber security and perhaps the other users of these innovations as well.

There is additionally a "far reaching concern" that this law will eventually have a negative impact on the employment status from the Australian technology firms as the global network will never again trust these products.

Lawmakers, who in the present digital economy ought to work to close the "cyber exposure gap", not augment it are rather debilitating Australia's overall cyber security posture, with causing a major impact to the economic outcomes also.

There is no denying the fact that law implementation organizations around the world face reasonable difficulties, however laws that debilitate encryption are the wrong solution.

Therefore, as opposed to following Australia's hazardous point of reference, other nations must work to guarantee open wellbeing while likewise shutting the "cyber exposure gap" and reinforcing cyber security standards for all devices. The dangers related with Australia's activity ought not to be downplayed because cyber security is as much important as national security.


Hackers Hijacking Your Memories Threatening To Erase Them If You Don't Pay a Ransom


 There is no denying the way that progress in the field of neurotechnology have brought us closer to boosting and upgrading our memories, however more so because of this development, in a couple of decades we may even have the capacity to control, interpret and re-keep in touch with them effortlessly.

Brain implants which are rapidly turning into a common tool for neurosurgeons will later in the future course of action be tremendously upheld by these advancements in innovation.


Regardless of whether it is Parkinson's or Obsessive Compulsive Disorder (OCD) or even controlling diabetes and handling obesity these technological advances deliver Deep Brain Stimulation (DBS) to treat such a wide cluster of conditions.

Still in its beginning periods, and being examined for treating depression, dementia, Tourette's syndrome and other psychiatric conditions, researchers are investigating how to treat memory disorders especially those brought about by traumatic accidents.
Particularly to help restore the memory loss in soldiers influenced by traumatic brain injury as done by the US Defense Advance Research Projects Agency (DARPA).

Laurie Pycroft, a specialist with the Nuffield Department of Surgical Sciences at the University of Oxford says that “By the middle of the century, we may have even more extensive control, with the ability to manipulate memories. But the consequences of control falling into the wrong hands could be ‘very grave’…”

As a hacker could also compromise to 'erase' or overwrite somebody's memories if cash isn't paid to them, this could maybe be done through the dark web.

Cyber Security Company Kaspersky Lab and University of Oxford researchers have teamed up on a new project which outlines the potential dangers and methods for attack concerning these developing technologies. Their report pertaining to the matter says that,“Even at today's level of development - which is more advanced than many people realise - there is a clear tension between patient safety and patient security."


While Mr Dmitry Galov, a researcher at Kaspersky Lab believes that in the event that we acknowledge that this innovation will exist, we might change people’s behaviour, Carson Martinez, health policy fellow at the Future of Privacy Forum, says that "It is not unimaginable to think that memory-enhancing brain implants may become a reality in the future. Memory modification? That sounds more like speculation than fact."

 But she too admits to the fact that the idea of brain jacking "could chill patient trust in medical devices that are connected to a network...”
That is the reason Mr Galov has accentuated on the need of clinicians and patients to be instructed on the best way to play it safe, and prompts that setting solid passwords is necessary.

Despite the fact that Mr Pycroft says that later on, brain implants will be progressively intricate and all the more generally used to treat a more extensive scope of conditions. Be that as it may, he also gives an obvious cautioning as the juncture of these variables is probably going to make it simpler and progressively appealing for the attackers to try and meddle with people's implants.



Bank details of Bernard Matthews employees stolen

A suspected cyber-attack "potentially compromised" the bank account details of 200 workers at Bernard Matthews.

The turkey producer has made staff aware of the suspected hack.

The Norfolk-based company said it was alerted by its bank on 22 January, as first reported in the EDP.

A spokesman said: “After being first alerted by our bank, we reported the incident to the relevant authorities and put in place extra security measures, as well as offering additional security advice to those affected.” "We continue to monitor the situation but we are not aware colleagues have been affected any further," he added.

The person or group behind the hack is unknown.

Bernard Matthews employs 3,000 people across East Anglia. The company is a major employer in Norfolk and Suffolk, including at its plant at Holton, near Halesworth, and its headquarters at Great Witchingham.
The business has been through a difficult time in recent years, coming close to collapse in 2013.

Last year, it was one of two interested parties bidding to take over Banham Poultry, in Attleborough, which was eventually sold to Chesterfield Poultry.

In 2016 the Boparan Private Office, owned by food tycoon and 2 Sisters Food Group entrepreneur Ranjit Boparan, known as the “Chicken King”, bought the firm in a pre-pack deal in 2016 from Rutland Partners, saving 2,000 jobs after the firm posted pre-tax losses of £5.2m.