Search This Blog

Showing posts with label Cyber Security. Show all posts

Fake Minecraft Modpacks On Google Play Deliver Millions of Abusive Ads and Disrupt Normal Phone Usage

 

Scammers have now begun taking advantage of the Minecraft sandbox video clip game’s wild accomplishment by building Google Play applications.
These applications surface to be Minecraft modpacks, but in its place supply abusive ads, as per researchers. Because Minecraft was designed in Java, it was easy for third-party developers to create compatible applications or these “modpacks” to enhance and customize the gaming experience for players. 

The reason why the game is so popular is basically the fact it builds certain skills within the players which have also been touted by parents and educators as beneficial (especially for kids). Since July, Kaspersky researchers have found more than 20 of these apps and determined that they have been downloaded on more than a million Android devices. 

Among those 15,000 Minecraft mods lurk at least 20 that Kaspersky researchers were able to identify as malicious. Google Play has removed all but five of the malicious titles, Kaspersky said: Zone Modding Minecraft, Textures for Minecraft ACPE, Seeded for Minecraft ACPE, Mods for Minecraft ACPE and Darcy Minecraft Mod are still up and available.

As per Kaspersky, once the modpack malware is installed on the Android device, it only allows itself to be opened once, and once opened, the app is glitchy and useless — exactly how it’s intended to work. 

“The frustrated user closes the app, which promptly vanishes. More precisely, its icon disappears from the smartphone’s menu. Because the ‘modpack’ seemed glitchy from the start, most users, especially kids and teens, won’t waste time looking for it,” a report reads by researchers.

“The sample we examined automatically opened a browser window with ads every two minutes, greatly interfering with normal smartphone use. In addition to the browser, the apps can open Google Play and Facebook or play YouTube videos, depending on the [command-and-control] server’s orders. Whatever the case, the constant stream of full-screen ads makes the phone practically unusable,” the report continued. 

Researchers said reinstalling the browser or messing with the settings would be the next likely troubleshoot, but that won’t get rid of the malware either. 

First, the user needs to identify the malicious app. The device will display a full list of apps under settings, (Settings → Apps and notifications → Show all apps). Delete the app from this list and the malware should be gone.

“Fortunately, the misbehaving modpacks get removed entirely with deletion and do not try to restore themselves.” However, researchers suggest that in order to avoid malicious apps for the parents and kids they should know where to look. For instance, they pointed out that although two of the malicious modpacks have different publishers, the descriptions are identical, “down to the typos.” 

The app ratings also offer a clue something is fishy. Kaspersky pointed out that the average rating was in the three-star neighborhood, but that’s because there were extreme reviews on either end of the spectrum, one-star or five-stars. 



Users complain that the app doesn't work and just deletes itself

“That kind of spread suggests that bots are leaving rave reviews, but real users are very unhappy,” the report added. “Unfortunately, in this case, the cybercriminals are targeting kids and teenagers, who may not pay attention to ratings and reviews before installing an app.”

Russian expert warned about the dangers of password theft during video conferencing

Anton Kardanov, head of the information security sector at AT Consulting, warned that motion recognition systems can be used by cybercriminals to steal the personal data of users during video conferences. According to him, a special algorithm can read the movement of hands over the keyboard if they fall into the field of view of the camera, which poses risks to the user's privacy.

“The Artificial intelligence (AI) algorithm with high precision can restore the typed text if the video shows the movement of the arms and shoulders," said Mr. Kardanov.

It is reported that the program first removes the background and turns the image into gray tones, and then focuses on the hands — as a result, the algorithm leaves only the contours of the hands and shoulders and monitors their movements. They are used to restore the text typed on the keyboard.

Thus, an attacker can recognize passwords, passport data, Bank card numbers, and other information that the user types on the keyboard during a video call.

Meanwhile, Maxim Smirnov, commercial Director of IVA Technologies, believes that visual recognition of hand movements and, in particular, text typed on the keyboard is quite realistic, but developers will have to work hard on the quality and accuracy of the technology, which is not an easy task.

"Remote work and video conferences are our new reality, as well as new opportunities for fraudsters and new threats to users", said Sergey Zabula, head of the group of system engineers for working with partners, Check Point Software Technologies in Russia.

Earlier, Group-IB also reported possible attacks using motion recognition technology. According to the company, you can protect yourself from scammers by hiding important information from the camera's field of view.

Banks offered the Central Bank of Russia to create a centralized mechanism to combat fraudsters

According to the Vice-President of the Association of Banks of Russia Alexey Voilukov, information processing can take several hours or even days, while a fraudster can withdraw money from the card within an hour.

President of the Association of Banks of Russia Georgy Luntovsky sent a letter to Vadim Uvarov, Director of the Information Security Department of the Bank of Russia, with a proposal to organize direct interaction between market participants in order to exchange data on suspicious transactions.

Now financial organizations use an automated system to inform the Regulator about all operations that have signs of being performed without the knowledge of customers. Then the Regulator accumulates all the collected data about attacks and returns them to banks in a consolidated form. According to Alexey Voilukov, information processing can take several hours or even days, while a fraudster can withdraw money from the card to which they were withdrawn within an hour. 

Mr. Voilukov noted that the creation of a centralized mechanism will speed up the exchange of information by about five times, and the time for providing information in some cases will be reduced to 20-30 minutes.

"For example, several people complained to the Bank about unauthorized transfers within an hour. It detects a fraudulent account and promptly sends information about it to the organizations from which the money was transferred. With a quick response, there is a chance to prevent theft," he explained Mr. Voilukov. According to him, this scheme of work will allow us to fight against fraudsters who work using social engineering methods.

The Central Bank told that they will study the proposals. VTB, MKB, Rosbank and Tinkoff support the Association of Banks of Russia initiative. VTB added that the system for exchanging information on incidents needs to be improved, as this will speed up and automate the processes of the rapid response of banks to fraudulent attacks.

Czech Republic's Intelligence Agency Reveal on Russian And Chinese Spies Posing an Imminent Threat to The EU Member's Security

 


The Czech Republic's intelligence agency recently revealed that Russian and Chinese spies posed an up and coming threat to the EU member's security and other key interests the previous year. 

The annual report of the Security Data Administration (BIS) said the intelligence services of Russia and China took up a rather significant role in further advancing their interests and options abroad.

All Russian intelligence services were rather active on Czech territory in 2019. Spies with a strategic and diplomatic cover zeroed in on further advancing Russia's interests and the Kremlin's views, just as boosting Russia's reputation in the Czech Republic. 

"The key difference is that Russia seeks to destabilise and disintegrate its opponents, while China is trying to build a Sinocentric global community wherein other nations acknowledge the legitimacy of China's interests," BIS said. 

The Chinese spies’ agents utilized covers as diplomats, journalists, or scientists and "utilized the receptiveness of the Czech environment to the offer of Chinese investment," BIS said. 

They focused on the tech area, the military, security, infrastructure, the health sector, the economy, and environmental protection and searched for ways to paint a positive portrait of China. 

BIS added that the foreign spies additionally focused on Czech cyberspace with attacks focused on the foreign ministry and diplomatic missions abroad, yet additionally the infrastructure of Czech anti-virus software maker Avast.

It said Russian and Chinese services were behind these attacks, adding that phishing and spear-phishing emails were the most frequently utilized tactic.

Cyber criminals scam bank customers pretending to be from bank security

 Attackers call a potential victim and offer to install an app on their phone that "reliably protects money from theft." And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim.

According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.

Dmitry Kuznetsov, head of methodology and standardization at Positive Technologies, warns that Bank employees never ask customers for card or account details.

The police do not exclude that such fraud may be widespread and asks Russians to remain vigilant.

According to the Central Bank, the activity of telephone scammers increased four times in the first six months of this year. In total, the regulator recorded more than 360 thousand unauthorized transactions with funds of Russians for a total of about 4 billion rubles ($51,8 million). Banks returned about 485 million rubles ($6 million) of stolen money to their clients.

The low percentage of refunds from the Bank is due to the fact that people, in fact, become victims of their own free will. After all, the client signs an agreement with the Bank that prohibits the transfer of confidential information about the Bank card to third parties, said lawyer Yakovlev.

However, it should be noted that the data of clients of Russian banks has risen in price on DarkNet. Ashot Hovhannisyan, the founder of the DLBI DarkNet search and monitoring service, explains that the increase in the cost of such services indicates a decrease in the number of offers on the market. This, in turn, means that credit institutions reduce the chances of hackers to steal data and increase security.

FileWall, a Content Disarm and Reconstruction Solution for Microsoft 365 by Odix

In recent months, there has been an exponential surge in malware attacks. According to the checkpoint, the last quarter itself has seen an increase of 50% in malware attacks. “In the last 3 months, there has been a 50% increase in the daily average of attacks, compared to the first half of 2020. US ransomware and malware attacks doubled (~98% increase) in the last 3 months, making it the #1 most targeted country for ransomware, followed by India, Sri Lanka, Russia, and Turke”, reports checkpoint. 

CSO Online recently published a report and the results are staggering, as per the sample 92% of malware is delivered by email. Another report by Symantec quotes that 48% of malicious email attachments are office files. With these numbers, it is not a question of will you suffer a malware attack rather when you will suffer a malware attack? 

So, ehackingnews did some research into cybersecurity products for email and phishing malware as well as file protection, and one company stood out with their promising technology and competent product- Odix and their patented Content Disarm and Reconstruction (CDR) tech.




Odix- CDR, and FileWall 

Odix, headquartered in Israel with clients from the US, Europe recently tapped into the Indian market. They specialize in anti-malware tools using their patented Content Disarm and Reconstruction (TrueCDR™) technology. What CDR does is it takes your file, removes any malicious harmful content, and provide you with a malware-free clean file instead of detecting attack vectors and malwares because trying to detect and learn every new malware vendor is impossible.

“Everybody is seeing a flood of malware and we see millions of new unique samples every day and the common method to deal with that is detection. You get something and you check it and determine whether it's malicious or not but the amount of new malware that we are seeing in the world every day makes it impossible for detection based solutions to keep up, we see them lagging behind and not being able to detect everything that comes out and the concept behind CDR is a bit different than it’s a detectionless method where the aim is to prevent the attack first and once we keep the attack out after that we go into layers of trying to analyze and disarm any active content that might serve as a vector to deliver malware and malicious playloads and by doing that you can provide a safe copy to the user without burning yourself to detect any new thing that comes out” said Mr.Omri, CTO at Odix in conversation with ehackingnews. 

“Normally CDR was something only large corporation was thinking about it because it requires a lot of effort, deployment, integration. With FileWall, you got the affordable service – a dollar per user per month, unseen in case of CDR and a game-changer,” says Ms.Revital, CMO Odix.  

Now, what differentiates FileWall and Odix’s CDR from other CDR providers is their efficiency and focus on particular file types that come in and go via mails in FileWall and hence their analysis of these particular files is very advanced and efficient. Odix is constantly working to add more filetypes in their operations and although it’s strictly file-based protection, they are working towards providing a third-party Url solution and Url re-writing for false links in the file. As CTO Mr.Omri says, “We used to look at CDR as a solution and preventive measure while now we’re starting to look at CDR as a vehicle that knows how to dive into files and so to partner with different players with security space” to give a more secure and encompassing solution. 

One thing to CDR is, although it’s exceedingly competent with database files, when it comes to executable files, “modifying them breaks them” and it’s better to have CDR plugins and FileWall as an additional layer of security for your files; also such files would already be scanned in Microsoft’s ATP (Advance Threat Protection). 

 Standing at 1 dollar per user per month, Odix’s FileWall with CDR technology is a promising file security solution for Microsoft 365 users.

Russian experts predict a shortage of cybersecurity specialists

Despite the funding cuts caused by the pandemic crisis, companies around the world are going to hire more and more cybersecurity specialists. But the shortage of specialists in the market is already observed and will only increase next year

The recruiting agency HeadHunter confirmed the growing demand for specialists in the field of cybersecurity, the number of vacancies for such specialists in Russia is growing at a double-digit rate. If for the whole of 2018 more than 17 thousand of them were opened, then from January to October 2020 - almost 30 thousand.

Natalia Golovanova, head of the SuperJob research center, notes that specialists and managers in the field of information security are most in-demand today in IT and financial companies. “Now the competition in this segment of the labor market is only 2.5 CVs per vacancy, which indicates a lack of specialists and a low level of competition,” she said.

Next year, Golovanova expects "a smooth increase in demand for specialists in the field of information security”.

It is worth noting that the average market salary of information security specialists is now 150 thousand rubles ($1,800) in Moscow, and 130 thousand rubles ($1,600) in St. Petersburg, and 320 thousand ($4,000) and 300 thousand rubles ($3,700) for information security directors.

Oleg Sedov, Director of Development for the Cybersecurity for the Population business at Rostelecom-Solar, confirms that the demand for information security specialists is significantly higher than the supply. "The problem of personnel is manifested not only in the shortage of employees but also in the lack of qualified specialists,” said Sedov.

According to a study by the consulting company PwC, more than half (52%) of Russian companies plan to increase spending on information security in 2021, and 42% of organizations intend to increase the number of employees employed in this area.

For example, PwC estimates that more than 3.5 million new cybersecurity jobs will be opened worldwide in 2021.

The study was conducted based on the results of a survey of more than three thousand managers of companies, technology and information security departments in various industries.

US President’s Twitter Account Hacked; The Ethical Hacker ‘Guessed’ The Password

 

According to reports by a Dutch media, US President Donald Trump's Twitter account was purportedly hacked, after a Dutch researcher accurately speculated the president's password: "maga2020!"

De Volkskrant, a Dutch daily morning newspaper revealed, the ethical hacker and security researcher Victor Gevers had been able to access Trump's direct messages, post tweets in his name and even change his profile. 

A Twitter spokesperson however has denied this hack, in a statement, they stated, "We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government." 

Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, explains, “A security-savvy team would assume that these controls were important and would likely opt to use a strong password as well as MFA to reduce the likelihood of account takeover attacks. However, in the event users of the account opted for convenience over safety, it is not Twitter's responsibility to force people to pick strong passwords or to implement the security features they offer to users. Twitter's job is to offer a secure platform and strong security features, which they do. If people are unable to convince the President to wear a mask during a pandemic, it's unlikely they could force him to use a strong password.” 

Supposedly gaining access to Trump's Twitter implied that Gevers was suddenly able to associate with all of Trump's followers i.e. approximately 87 million users as per De Volkskrant's story. 

He had attempted multiple times before utilizing the "correct" password, says, “I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information.” 

Gevers revealed to De Volkskrant that President Trump was not utilizing fundamental safety measures, like the multifaceted authentication. 

As indicated by the news report, Gevers frantically reached out to Donald Trump to caution him, which ended up being a rather impossible task. Remarkably though, Gevers along two other Dutch ethical hackers had likewise hacked Trump's record somewhere four years back.

In those days Trump's password was "your fired", which according to VN news, was his 'catchphrase' from the reality television show that brought him half the popularity that he has today, before his election, The Apprentice.

United States rejected Putin's offer to cooperate on cybersecurity

The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation in the field of international information security. US Assistant Attorney General for National Security John Demers called the Kremlin's initiative "nothing more than false rhetoric, cynical and cheap propaganda.” And Secretary of State Mike Pompeo said that Russia is dismissive of public security and international stability in cyberspace.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics

 

The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event' the Russian military intelligence services were coming up with a cyber-attack on the Japanese-facilitated Olympics and Paralympics in Tokyo. 

The Russian cyber-reconnaissance work covered the Games organizers, logistics services, and sponsors and was in progress before the Olympics was delayed due to Covid-19. 

The proof is the first indication that Russia was set up to venture as far as to disrupt the summer Games, from which all Russian competitors had been prohibited on account of diligent state-sponsored doping offenses. 

The Kyodo news agency said a senior Japanese government official had specified that Tokyo would think about housing a protest with Moscow if cyber-attacks were affirmed to have been carried out by Russia. 

Japan's chief government spokesman, Katsunobu Kato, said the country would do all that is conceivable to guarantee that the postponed Games would be liberated from any and every cyber-attacks. 

“We would not be able to overlook an ill-intentioned cyber-attack that could undermine the foundation of democracy,” Kato stated, including that Japanese authorities were gathering data and would keep on imparting it to other countries. 

The UK government announced with what it reported with 95% certainty that the disruption of both the winter and summer Olympics was carried out distantly by the GRU unit 74455. 

In PyeongChang as well, as indicated by the UK, the GRU's cyber unit endeavored to camouflage itself as North Korean and Chinese hackers when it focused on the opening ceremony of the 2018 winter Games, smashing the site to stop spectators from printing out tickets and crashing the WiFi in the arena. 

The key targets additionally included broadcasters, a ski resort, Olympic officials, services providers, and sponsors of the games in 2018, which means the objects of the attacks were not simply in Korea.

The foreign secretary, Dominic Raab, stated: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.” 

Included later that, “the UK will continue to work with our allies to call out and counter future malicious cyber-attacks.” 

These allegations of the UK are believed to be a part of an endeavor to disrupt Russia's cybersecurity threat through maximum exposure and stop any interruption of a rescheduled summer Games next year.

Common Phishing Email Malware Attachments That You Need To Avoid

 




One of the most popular ways of distributing malware is via malicious email attachments poised as invoices, payment recipes, error pages. These emails include attachments to word and excel files, that when opened can install the malware in your system. 

Recognizing these email attachments used by phishing emails could make a big difference towards a safer cyber experience.

Before these files (Word and Excel) could make changes in your system or macros, Office requires you to click on the 'Enable Editing' or 'Enable Content' button which you should never do as it'll enable them to infect your system.

The miscreants trick users by displaying a document template that displays that there is an error in viewing or displaying and ask the user to 'Enable Editing' or 'Enable Content'.

 
Here are some common phishing attachments used by malware attackers that you need to avoid- 

BazarLoader

Malware developed by the TrickBot trojan group, they remotely access your computer to deploy the Ryuk ransomware to the whole network. 

  • BazarLoader usually has phishing attachments containing Word or Excel documents hosted on Google Docs and Google Sheets. 

  • These documents trick the user into downloading the executable file by displaying a template with the message that preview is not available or there were some problems and a link to download the file which then installs the BazaLoader malware.

Dridex 

A trojan said to be linked with WastedLocker used to fish passwords and login credentials. 

  •  It is easy to identify Dridex attachments as they are usually more stylized with company logos and letterheads and contains text that is difficult to read (either very small or obfuscated) and ask you to 'enable editing' to see better. 

  •  They could also be stylized templates copying Delivery or Shipping recipes. 

 Emotet 

The most common email phishing chain that steals your email to send out more spam emails. Emotnet uses warning templates instead of documents like Dridex, asking to enable content to read the document. 

  •  For Example, the 'Red Dawn' template says "This document is protected," and to enable content to read it. 

  •  Another of their template says that the document could not be opened correctly as it was created on 'iOS Device', or that the document on 'Windows 10 Mobile' which has been long discontinued.

  •  Some of the other templates they use are- "Protected View", "Accept Microsoft's license agreement" and "Microsoft Office Transformation Wizard." 

QakBot 

QakBot is a banking trojan partnered with ProLock ransomware, they have very stylized and legit looking templates. 

  •  Their famous template is the 'DocuSign', it looks like a form from DocuSign and asks to 'Enable Content and Editing'. 

 Executable Attachments 

 Files that ends with these - vbs, .js, .exe, .ps1, .jar, .bat, .com, or .scr are almost always malicious and executable files that further download codes and macros in the computer. 

 If you see an email attachments with these file types, never open them and delete them immediately as they are undoubtedly malicious.

A Government-Backed Advert for Career Opportunities in Cyber Security Taken Down Mere Hours After Release

 

A campaign originally meant to draw in more individuals to career opportunities in cybersecurity has gone under hefty analysis and criticism which ultimately resulted in it being removed completely after just a couple of hours of its release.

Part of the government's Cyber First mission, the advertisement shows a young lady tying up her ballet shoes with the caption being "Fatima's next job could be in cyber. (she just doesn't know it yet)” with the slogan "Rethink. Reskill. Reboot." 

At first, it was quite unclear regarding who was behind this campaign, with it including the branding of DCMS and NCSC's Cyber First Campaign. Secretary of State for DCMS Oliver Dowden however dismissed any association with the campaign, saying “this is not something from DCMS” while agreeing that “it was crass.” 

The poster though, one of a few which highlights individuals from a wide variety of different professions has been vigorously criticized on online media.

Javvad Malik, a security awareness advocate at KnowBe4, said the poster did come across as tone-deaf.

“With any career, you want to pull people towards it and motivate them to want to choose it,” he said. “It's only when people enjoy, have an interest in, or have a passion for a role that they actually have a sense of achievement and contentment. 

The Prime Ministers official spokesperson stated: "This is part of a campaign encouraging people from all walks of life to think about a career in cybersecurity. However, this particular piece of content was not appropriate and has been removed from the campaign. The government recognizes the challenge to the cultural industry and today the culture secretary has announced £257m of funding to help support 1,385 theatres, art venues, museums, and cultural organizations across England." 

This move comes after the chancellor denied empowering laborers in the already struggling arts industry to retrain. 

Rishi Sunak has although insisted that this was a general statement made by him about the requirement for some workers to "adapt" and recommended there would be "new and fresh opportunities" accessible for the individuals who couldn't do their old jobs.

The Covid-19 Pandemic Forces Businesses To Prioritise Investment In Cybersecurity Despite The Overall IT Budget Cuts

 


As per a Kaspersky report on ‘Investment adjustment: aligning IT budgets with changing security priorities’ organizations and businesses have focused around 'prioritizing investment' in cybersecurity in spite of the general IT budget cuts in the midst of the Coronavirus pandemic. 
The report said that “Cybersecurity remains a priority for investment among businesses. This is despite overall IT budgets decreasing in both segments amid the Covid-19 pandemic, and cybersecurity cuts affecting the most economically hit SMBs,”

And further included that, “external conditions and events can influence IT priorities for businesses. As a result of the Covid-19 lockdown, organisations have had to adjust plans to meet changing business needs – from emergency digitalisation to cost optimisation.” 

The current share of cybersecurity in IT spending has gone up from 23 percent in 2019 to 26 percent in 2020 for especially small and medium businesses (SMBs). For enterprises though, cybersecurity's offer in spending has expanded to 29 percent in 2020 from 26 percent a year ago. 

By and large, 10% of associations agree and implement the fact that they will spend less on IT security. The principle purpose behind the decreased spending on security in the endeavour was supposed to be a conscious choice by the top management to reduce spending, seeing no reason for investing “so much money in cybersecurity in the future.” 

Alexander Moiseev, Chief Business Officer at Kaspersky, nonetheless stresses on the fact that, “2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat…” 

He included later, “even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defences – by turning to free security solutions available on the market and by introducing security awareness programmes across the organisation. Those are small steps that can make a difference, especially for SMBs…”


India And Japan Agree on The Need for Robust and Resilient Digital and Cyber Systems

 

India and Japan finalize a cybersecurity deal as both agreed to the need for vigorous and 'resilient digital and cyber systems'. 

Their ambitious agreement accommodates participation in 5G technology, AI and a variety of other critical regions as the two strategic partners pledged to broad base their ties including in the Indo-Pacific area. 

The foreign ministers of the two nations – S Jaishankar of India and Motegi Toshimitsu of Japan – were of the view that a free, open, and comprehensive Indo-Pacific region “must be premised on diversified and resilient supply chains."

The two ministers “welcomed the Supply Chain Resilience Initiative between India, Japan, Australia, and other like-minded countries." 

Their initiative comes with regards to nations hoping to enhance supply chains out of China subsequent to Beijing suddenly closing factories and units in the repercussions of the Coronavirus pandemic, sending economic activities into a dump. 

The move hurled the subject of dependability of supply chains situated in China with nations hoping to widen the hotspots for critical procurement. In September, the trade ministers of India, Australia, and Japan had consented upon to dispatch an initiative on supply chain resilience.


Jaishankar, in a tweet, said further expansion of India-Japan cooperation in third nations centering around development projects likewise figured in the thirteenth India-Japan foreign minister's strategic dialogue.

The two “welcomed the finalization of the text of the cybersecurity agreement. The agreement promotes cooperation in capacity building, research, and development, security and resilience in the areas of Critical Information Infrastructure, 5G, Internet of Things (IoT), Artificial Intelligence (AI), among others," the statement said. 

In New Delhi, the agreement was cleared at a Cabinet meeting headed by PM Narendra Modi, as per Information and Broadcasting Minister Prakash Javadekar. 

The ministers concurred that the following annual bilateral summit between the leaders of India and Japan would be facilitated by the Indian government “at a mutually convenient time for the two Prime Ministers."

Cloudfare will now send you DDoS attack alert when your website is under attack

 

Cloudfare has announced a new feature for their paid customers to set up alert notifications for when their website or service is under a DDoS attack. 




 A DDoS that is distributed denial of service attack is when a perpetrator makes a network unavailable by flooding it with more requests than the network can handle or by disconnecting the host from the Internet. This leads to the website and server to go offline or suffer an outage. 

 Protection from DDoS has been one of Cloudfare's most demanded service but unless the administration was working on the site they would not know of an attack. With this new feature, they can get notifications when there's an attack even when they are not actively on the site. 

 Depending on the type of paid account you have - Pro, Business, and Enterprise you can get notifications on email or page duty. 

 There are two types of alert you will get- HTTPS DDoS and L3/L4 attacks based on the service you use. 

 Steps to create a Cloudflare DDoS alert 

 In order to create a Cloudflare DDoS notification, follow these steps: 

  •  Log in to the Cloudflare dashboard at https://dash.cloudflare.com.

  •  Click on the 'Notification' section, at the top of the dashboard. 

  •  In the Notifications section, go to 'Create'. Select the type of DDoS notification that you want to create an alert for. 

  •  For customers using Cloudfare for a website, only 'HTTP DDoS Attack Alert' will be seen. 

  •  After selecting the type, click on the 'Next' button. 

  •  In the next screen, the system will ask you to give a name to the notification and an optional description. Add the email address for the notification and other methods for the alert. 

  •  When you are satisfied, click on create to finish setting up the notification. 
 Now, as an alert has been created whenever Cloudfare receives that your website is under DDoS attack, it will notify you of the attack.

Spending on information security in Russia will increase eightfold

Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protection

According to the published draft of the Federal budget for the next three years, it was decided to increase the expenditures on information security in the amount of 2 billion rubles (25 million dollars) initially laid down for 2022–2023 to 16 billion rubles (204 million dollars). This is the most significant increase in the budget in comparison with other Federal projects included in the Digital Economy direction.

The authorities plan to pay the greatest attention to the development of domestic cryptography, the functioning of cyber polygons, filtering Internet traffic and countering computer attacks. At the same time, the creation and operation of the national center for the introduction of modern cryptography methods can take over more than half of the total budget of the Federal project.

Budget money should also be used to analyze the security of state systems. However, the largest expenditures are allocated for the technical implementation of various project areas: equipment, specialized software, and staffing and production support.

The disadvantage of the project is the lack of measures aimed at preventing data leaks and protecting the personal information of Russians. Analysts pointed out that it would be logical to allocate part of the funds to system security in matters of interaction between the state and citizens on digital platforms. In addition, according to market participants, specialized education and training of qualified specialists receive insufficient funding.

Ivan Mershkov, technical Director of NGRSOFTLAB, said that it is critically important to envisage measures to increase digital literacy among the population. The number of phishing attacks shows explosive growth, which will only increase with the increase in digital consumption.

Nevertheless, the increase in funding for this federal project was seen as a good sign, indicating that the issue of cybersecurity is coming to the fore in Russia.

Russian experts warned about the dangers of smart watches

 Smart watches, which are gaining popularity among Russians, are among the Internet of things (IoT) devices, which means that by hacking them, an attacker can get confidential user information, listen to their conversations and track their movement, said Ilyas Kireev, a leading promotion Manager at Crosstech Solutions Group.

According to him, the main problem of IoT devices is weak security mechanisms. The small product lifecycle means that there are no regular security updates and the device may have dangerous vulnerabilities.

"Vulnerabilities in IoT devices create favorable conditions for hackers to create large-scale botnets like Mirai and the most powerful DDoS attacks on the Internet," said he.

"Data can leak both via the Internet and via Bluetooth. Critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gain full control over the device's system, as well as carry out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data," added Mr. Kireev.

"An attacker can find out the PIN code from your card, passwords, your daily routine, and much more, which will give them full control over all your operations. For example, if a smart watch manufacturer uses centralized systems for storing and processing data, then one attack is enough to get all the data of customers," warned the expert.

According to Mr. Kireev, to protect yourself and your loved ones, you need to constantly update the software, not enter the CVV of bank cards and control the information transmitted.

It is interesting to note that lawmakers around the world have long expressed their concerns about the fact that smart watches can act as a spy that is always on the wrist. So, the German Federal Network Agency, which regulates the telecom industry, introduced a ban on the sale of smartwatches for children back in 2017. The agency said that devices with a built-in tracking function violate German law.

RBI's new guidelines for Debit and Credit Cards, effective today



To combat the ever increasing financial frauds and to make online payments safer, RBI (Reserve Bank of India) has issued new guidelines for debit and credit cards effective from 1st October 2020.


 The new guideline for Debit and Credit Card by RBI-

  •  International Transactions to be Optional-

According to this users can now either opt in Or opt out for International Transactions. The bank can disable old cards for international payments or issue new cards for the customers choosing to indulge in international exchange. 

Gaurav Chopra, CEO, IndiaLends says, “For new cards being issued, the users will only be able to use these services after registering for them. The main reason for this is to prevent card fraud and misuse and give the consumer better power to manage his or her finances. With spend and withdrawal caps, even if an individual becomes a victim of cyber or ATM fraud, the damage will be limited.” 

  • Disable cards that have never been used for online payment- 

RBI has directed banks to disable the online payment service for all those debit and credit cards that have never been used for online money exchange. This does not include gift cards or prepaid cards.

Rajesh Mirjankar, MD and CEO, InfrasoftTech, says, “RBI has mandated banks to incorporate risk-mitigation features in customers’ debit cards and credit cards from 1st October. With this new feature, consumers can set up a limit on their credit cards and debit cards. Cardholders will have the option to switch on and off their debit and credit cards for any facility – ATM, NFC, POS, or eCommerce (card-not-present) transaction.” 

  • NFC (Near Field Communication) Or Contactless payment will also be optional- 

Users will now be able to switch on and off their NFC payment whenever they want. Suppose on a trip to Korea they switched on NFC, they can opt out of it on returning to India. Cardholders can also set a limit to NFC payment, earlier it was Rs.2000 per day now they can increase or decrease as per to their preference.

 Mirjankar, of InfrasoftTech, says “The apps that banks have already rolled out with these features allow customers to set separate limits for each channel such as ATM, PoS, card-not-present, and NFC, in addition, to be able to revise downward their overall card limit.”

Cyber Security Solutions for Enterprises Launched by Bharti Airtel


Bharti Airtel Ltd recently dispatched a 'suite of cybersecurity solutions' for large, medium and small businesses as they move on to digital and cloud platforms, expanding the need to protect information from online attacks.

Airtel Secure, the suite, will have a security intelligence centre, a best in class infrastructure with admittance to cutting edge innovation and artificial intelligence tools. 

The telco has put about ₹100 crore in Airtel security intelligence centre situated in the National Capital region (NCR), the chief executive Gopal Vittal said in a press conference.

“… Cybersecurity is a critical requirement. Airtel Secure has been built to serve this need. It combines Airtel’s robust network security with cutting-edge solutions delivered through global partnerships to deliver end-to-end managed security services," he added further. 

The telco has also collaborated with global firms Cisco, Radware, VMWare, and Forcepoint who will together give digital protection solutions under the product, Airtel Secure. 

Cisco's solutions will be accessible for enterprises just as governments.

The solutions under Airtel Secure have been 'beta tested' by 20 huge organizations who are now utilizing the security intelligence centre, Vittal stated, including later that the telco will soon begin building them for medium and small businesses with low spending plans.

“Smaller businesses may not have the budgets that larger companies do, so we are engineering a product portfolio that can be bundled for our smaller enterprises to protect their information as well," Vittal said. 

However, he included later that the whole portfolio of the security intelligence centre, in any case, can't be accessed by those with lower spending plans, yet they will hold of the essentials, like a 'secure internet, data and remote access'.

The official website of the Ministry of Internal Affairs of Belarus resumed its work after 19 days

The official website of the Ministry of Internal Affairs of Belarus, which has not worked for 19 days, is again available for Internet users, reported the press service of the Ministry of Internal Affairs.
Interruptions on the department's website began on September 3. At the same time, screenshots of the website of the Ministry of Internal Affairs appeared in various Telegram channels,  which show that the data of the President of Belarus Alexander Lukashenko and the Minister of Internal Affairs Yuri Karaev were posted in the wanted notice.

The press secretary of the Ministry of Internal Affairs of Belarus Olga Chemodanova announced the next day that the site was not working for technical reasons, and did not exclude a hacker attack. It was noted that an attempt was made to introduce malicious programs that block or modify the operation of the information resources of the Ministry of Internal Affairs.

"The official website of the Department, which was suspended for technical reasons, is now functioning again. We apologize for the temporary inconvenience,” said the Ministry of Internal Affairs in a Telegram channel.

At the same time, the Department expressed confidence that "the number of users of the Internet resource will grow, and everyone will be able to use its full capabilities in the usual mode.”
It is worth noting that cyber partisans have announced an all-out war against the state structures of Belarus starting yesterday.  It must be admitted that hacker attacks can cause significant harm to the regime.

Recall that the union of hackers and IT-developers of Belarus has threatened President Alexander Lukashenko to bring down the tax, energy, and banking systems if security forces continue to detain protesters. The protesters are demanding Lukashenko's resignation and new fair elections. 

Meanwhile, the State Customs Committee faced technical failures in the work of information systems at internal points of customs clearance.