Yearly Archive 2020

BySubham Paul

The Perils of Swarm Technology – Are you ready for a Swarm Attack?

Have you ever imagined your organization’s network getting infiltrated by a bot swarm that eventually steals data and leaves you spellbound? If you haven’t, it is time to beware of such a possibility. Advances in Artificial Intelligence have made intelligence sharing and correlation a possible approach for specialized bots to interact amongst themselves in real-time and improvise an attack in perfect synchronization. We have entered the age of swarm technology and it is only apt to brace ourselves for an impending attack from the new miscreants.

Understanding Swarm Attacks

When we talk about swarm technology, we usually refer to the mechanism that drives intelligent and autonomous bots (also called Swarmbots) to collaborate in large swarms. For solving certain problems, we require clusters of devices that can work as a unit. When these Swarmbots are compromised, the problem-solvers turn into potential problem creators that can discover loopholes in the hardware, software, and networks and expose them to disastrous proportions. This is made possible by a process of training the bots to hunt for such vulnerabilities and leverage those, a process infamously known as Machine Learning Poisoning.

What are Swarmbots capable of doing?

Does reading this remind you of specific movie scenes involving bot clusters wreaking systematic havoc? That’s precisely the way we want you to imagine! In real technology, such swarms witness dynamic allocation and reallocation of bots that can be used to orchestrate customized attacks, a few of the features of which are mentioned below:

• AI fuzzing in detecting points for Zero-Day exploitation.
• Lateral movement across a network for expanding the surface of the attack.
• Apply real-time data to evade barriers (or detection)
• Collaborative efforts to infiltrate near-perfect robust networks
• Taking full control of the resources of the target

SADDD – The strategy basket to evade Swarm Attacks

A popular belief guides us to fight fire with fire. Hence, potential targets of swarm attacks must replicate the collaboration and automation to build the defensive wall of protection. Here are some strategies (nicknamed as SADDD) which can boost the security of your systems and help you evade attacks by Swarmbots:

• Standardized Security Architecture – this integrates centralized orchestration, specialized components, and best practices to add teeth to the scalability, intelligence, and speed to secure vulnerable systems.
• Automated Security Systems – this shall help compromised systems respond to attacks dynamically with the help of systematic coordination, real-time analysis, and fool-proof integration.
• Dynamic Network Segmentation – this shall make sure that only the compromised devices or network nodes get affected and the rest of the resources are safe.
• Disciplined Patching Exercises – this shall continuously cover the areas of your systems that are exposed to swarm attacks with the help of sandboxes, intrusion-prevention mechanisms, and other advanced security tools.
• Deeply Integrated Security – this shall integrate security processes and protocols with the extended technology landscape to increase the control and visibility in detecting threats in complex networks.

The pace at which malware evolution is progressing calls for an ever proactive approach to beef up cybersecurity systems across enterprises. As risk mitigation strategies keep getting obsolete, it is highly necessary to digitally transform the overall security strategy for the organization. This shall lend the required flexibility to adapt to any unforeseen threat. Using this approach shall certainly help your organization enhance its threat intelligence and build the defensive wall to keep swarm attacks at bay.

BySubham Paul

CF BYTES – Issue #3

It is just the second month of the new year and we have already been fed with a huge array of developments in the cybersecurity industry. At the same time, the incidents of cyberattacks have been on the rise, continuing to affect organizations and society at large. With this, CF Bytes is back with the latest issue about the major global cybersecurity developments and cyberattacks in the last fortnight.

Top 5 cyberattacks

1. A hacker named Phineas Fisher published more than 2TB of data from the Cayman National Bank. This data includes more than 640,000 emails and the data related to more than 1400 customers. (read more…)
2. EKANS, a mysterious ransomware has set industrial control systems as its targets. This is apparently the work of cybercriminals, rather than nation-state hackers. (read more…)
3. The computer network of Lawrence County, Indiana government was breached by hackers, damaging multiple critical systems. Fortunately, the county’s 911 system was spared. (read more…)
4. East Bay biotech company suffered losses of $20 million post a ransomware attack. (read more…)
5. Red Kite Community Housing has been robbed off more than £932,000 after its domain and email details of known suppliers were mimicked by cybercriminals. (read more…)

Top 5 cybersecurity developments

1. IT admins patched 80 percent of public-facing boxes of Citrix to close the now-infamous hijack hole. Around 20% of the devices vulnerable to the CVE-2019-19781 flaw (also called Shitrix), which allowed remote hijacking, remain unpatched and vulnerable to remote attacks. (read more…)
2. The World Economic Forum developed a Cybersecurity Due Diligence Assessment Framework that consists of two parts, namely organizational security and product security. Investors can use this framework to evaluate an organization’s cybersecurity along with the security of technological or product innovation. (read more…)
3. Deep Instinct, an Israeli cybersecurity company that employs machine learning in predicting, identifying, and preventing cyberattacks, raised $43 million in a Series C funding round. Nvidia, Millennium New Horizons, and LG join Samsung and HP as the firm’s investors. (read more…)
4. Researchers from Cardiff have recently written software that can detect and classify cyberattacks on smart home devices such as speakers, security cameras and thermostats. In tests, it identified attacks on such devices (e.g.: Amazon Echo Dot and Apple TV set-top box) with around 90 percent accuracy. (read more…)
5. Accenture recently introduced a new Cyber Incident Response Service for AXA XL clients. This service can help the business in responding to a cyberattack and in initiating an immediate recovery protocol. (read more…)

Stay tuned to CF Bytes for more periodical updates on cyberattacks and developments in the ever-evolving world of cybersecurity.

References

1. https://neoslab.com/2019/11/18/hacker-publishes-2tb-of-data-from-cayman-national-bank-aUdjeU9uNEx1SXNxUkE5VHEwOTJIUT09
2. https://www.wired.com/story/ekans-ransomware-industrial-control-systems/
3. https://www.wdrb.com/news/cyberattack-on-lawrence-county-indiana-compromised-multiple-critical-systems-officials/article_3c1d3996-4a23-11ea-a037-73fd3991f81b.html
4. https://www.bizjournals.com/sanfrancisco/news/2020/02/14/cyberattack-costs-east-bay-biotech-company-20.html
5. https://www.todaysconveyancer.co.uk/main-news/successful-cyber-attack-almost-nets-1m/
6. https://www.cyberreport.io/news/good-it-admins-scrambled-to-patch-80-per-cent-of-public-facing-citrix-boxes-to-close-nightmare-hijack-hole?article=15101
7. https://www.weforum.org/agenda/2019/07/why-cybersecurity-should-be-standard-due-diligence-for-investors/
8. https://www.timesofisrael.com/cybersecurity-startup-deep-instinct-raises-43-million-in-funding-round/
9. https://www.dailymail.co.uk/sciencetech/article-7987369/New-software-detect-cyber-attacks-smart-home-devices.html
10. http://business-newsupdate.com/accenture-unveils-new-cyberattack-response-service-for-axa-xl-clients

BySubham Paul

Safeguarding against E-skimming – The silent troublemaker in online payments

Sticking to the concept of evolution, bad actors on the web have come up with yet another channel to get their work done. This new threat has grabbed eyeballs after affecting global retailers such as Puma, Macy’s, Target and British Airways and helping hackers steal millions of credit card numbers over the past 2 years. Termed E-skimming, this is one of the latest threats to the cyber community, especially when it comes to making online payments. This article aims at throwing some light on it and the ways for the average internet user to safeguard himself/herself.

What is E-skimming all about?

Similar to its offline counterpart (skimming of credit cards at POS terminals), E-skimming, also called Formjacking, is a mechanism by which a hacker inserts special JavaScript code into the retailer’s website. This piece of code copies the information which the user enters and passes it on to the hacker. This information can be very sensitive, with high chances of including critical financial data such as credit/debit card details. This information is then either used by the hacker directly or sold on the dark web.

Ways to safeguard yourself against E-skimming

• Avoid providing sensitive information such as date of birth, bank account details, social security number, etc. at places where it is not required.
• Avoid making payments on websites not having an https protocol.
• Use reliable payment platforms such as PayPal and Google Pay which fully encrypt credit card information.
• Disable scripts of your web browser while using the webpage where you shall need to enter credit card information.
• Try to use browsers that put additional focus on security and privacy. Brave is one such browser.
• Try to adopt virtual credit cards in making online payments for specific merchants and specific transactions. This is a safer alternative than using debit cards.
• Watch out for customer reviews suggesting that the website is prone to E-skimming. If you find any such review, make sure you avoid making online payments on that platform until it is officially confirmed to be safe.
• Keep a periodic check on your bank statements and credit score so that any suspicious activity is detected early.
• Record the reference/acknowledgment numbers of all order confirmation, payment completion and similar stages for a smoother recovery procedure.
• In case of any suspicious activity, contact your credit card provider at the earliest.

The above measures can significantly reduce the risk of your joining the already huge list of innocent victims. Stay tuned to our blog for more reads on relevant cybersecurity topics and emerging threats.

BySubham Paul

CF BYTES – Issue #2

A cyberattack is always a piece of bad news for every concerned stakeholder of the victim. Similarly, any new development in cybersecurity needs to reach to every modern-day user, either as a part of an organization or the public in general. In this regard, we bring to you the top 5 cyberattacks and developments in cybersecurity that were observed in the last fortnight in this latest edition of CF Bytes.

Top 5 cyberattacks

1. The iPhone of Amazon’s Chief Executive Jeff Bezos was hacked after he received a WhatsApp video containing spyware. (read more…)
2. A leaked report shows that a major cyberattack of last year compromised 42 servers of the United Nations. (read more…)
3. SpiceJet suffers a massive data breach that exposed the data of over 1.2 million passengers along with internal data regarding flights. (read more…)
4. Greenville Water, a South Carolina water company faced a cyberattack on its phone and online payment systems. This affected 500,000 customers and the company has been taking steps to recover from the attack. (read more…)
5. Electronic Warfare Associates (EWA), a US government technology contractor faced a Ryuk ransomware attack. Most likely, the entry medium was a phishing email. (read more…)

Top 5 cybersecurity developments

1. The Cybersecurity Maturity Model Certification version 1.0 was unveiled by the Pentagon which has multiple cybersecurity standards across 5 levels that its associated companies have to follow. (read more…)
2. ImmuniWeb‘s research on 100 of the world’s largest airports for web and app security showed that 97% of airports showed weak signs of security, including outdated software and non-compliance of GDPR. (read more…)
3. It was found that most financial institutions are exposed to a dangerous vulnerability involving GPS systems that can put connected machines, especially ATMs, at a huge cybersecurity risk. (read more…)
4. The US Securities and Exchange Commission laid out new cybersecurity practices to be observed in the financial industry which include patch management, incident response plan, and employee training. (read more…)
5. Meditology Services LLC, a healthcare cybersecurity and privacy consulting company, has been ranked as the ‘Best in KLAS’ firm for Cybersecurity Advisory Services. (read more…)

Stay tuned to CF Bytes for more periodical updates on cyberattacks and developments in the ever-evolving world of cybersecurity.

References

1. http://www.startribune.com/attack-on-bezos-phone-shows-spyware-becoming-more-powerful/567369012/?refresh=true
2. https://www.forbes.com/sites/daveywinder/2020/01/30/united-nations-confirms-serious-cyberattack-with-42-core-servers-compromised/#7f23fc17633d
3. https://techviral.news/a-massive-data-breach-at-spicejet-exposed-data-of-1-2-million-passengers/
4. https://www.infosecurity-magazine.com/news/cyber-attack-on-greenvillewater/
5. https://www.infosecurity-magazine.com/news/us-defense-contractor-hit-by-ryuk/
6. https://www.nationaldefensemagazine.org/articles/2020/1/31/pentagon-rolling-out-new-cybersecurity-standards-for-industry
7. https://www.grahamcluley.com/airport-cybersecurity-study/
8. https://www.americanbanker.com/news/the-cybersecurity-threat-lurking-in-the-gps-systems-banks-count-on
9. https://www.infosecurity-magazine.com/news/sec-cybersecurity-practices-of/
10. https://www.streetinsider.com/Business+Wire/Meditology+Services+Ranked+%231+for+Cybersecurity+Advisory+Services+in+2020+Best+in+KLAS+Report/16397873.html

BySubham Paul

Safeguarding our Bots – security risks in robotics

Cognitive, motor and emotional abilities make humans the smartest organisms in the world. Otherwise, we would not have witnessed the series of industrial revolutions in our history of technological advancements. But ever since robotics changed the game, humans have increasingly grown dependent on the artificially intelligent machines and used them for innumerable applications. The riveting question is – are these bots fully dependable? If not, what makes them vulnerable, and is there a way to strengthen them?

Common security risks in robotics

It is safe to say that automation is the way for modern-day enterprises to move forward, as it makes processes both effective and efficient. Today, robots are counted in millions as far as industrial use is concerned. Hence, it is crucial to understand the most common security vulnerabilities associated with them, some of which have been mentioned below:

• Altering the production outcome – faults are injected into the robot’s system which makes it behave abnormally.
• Causing physical damage – the physical equipment is damaged which makes the bot lose control and harm its environment.
• Halting production – the turnaround time (to recover from the attack) is too high to avoid a halt in production.
• Unauthorized access – an attempt is made to steal data from the robot’s system by gaining remote (and unauthorized) access.

Damage control

The reasons for a robotic system to have vulnerabilities can be many, ranging from faults during production to poor maintenance. However, there are both simple and complex ways by which these risks can be averted. The least that developers should follow is to implement Secure SDLC and properly checked encryption systems while producing the bots. There are some components of building security around a piece of robotic equipment or process. They are:

• A standard mechanism for digital identity and access management of the equipment or process.
• Identification of data involved and following protocols for data encryption, usage, and privacy.
• Managing the ecosystem to increase the resilience to detect and react to risks.
• Securing the product using threat modeling and vulnerability identification.
• Security operations such as Threat Exposure Management (TEM) and Threat Detection Response (TDR).

The best practices of cybersecurity must be observed before, during and after the robot is deployed. This shall create the four key elements attached to building trust within the robotics platform:

1. Traceability
2. Integrity
3. Confidentiality
4. Control

As part of maintenance, the software upgrades and patch maintenance procedures must be carefully supervised. Lastly, users should have a response plan ready at all instances to ensure that the recovery time and damages caused in the event of an attack are minimized.

BySubham Paul

Conversational Analytics – is your chatbot fully reliable?

Gone are the days when users of software applications would always rely on text commands or graphical user interfaces (GUIs) to get their jobs done. Instead, we seem to have gone back to older times when errand boys would listen to our instructions and accomplish the tasks on our behalf. That’s right, this is the age of conversational user interfaces and enterprises have rapidly adopted chatbots that continue to benefit the businesses and users alike.

BySubham Paul

CF BYTES – Issue #1

The last fortnight saw a series of events that rattled the world of cybersecurity. Individuals and enterprises have been exposed to several attacks from cybercriminals and have pulled up their socks to upgrade their security and risk management mechanisms. Parallelly, there have been significant developments in this field which further show that there is a huge potential when it comes to making advancements in cybersecurity. This edition of CF Bytes brings to you some of the biggest such instances in this edition which occurred in the aforementioned timeframe.

Top 5 cyberattacks

1. Travelex suffered a massive Sodinokibi virus attack this New Year’s Eve, following which its key systems were crippled and effects were observed in the 30 countries where it is operational. The entire finance industry has been warned after this incident^[1].
2. The city of Las Vegas was attacked by hackers on the opening day of CES 2020. The security team took the situation under control and averted a possible digital catastrophe^[2].
3. Picanol suffered a ransomware attack that halted its production in Ypres, affected its Chinese and Romanian sites and saw its shares getting suspended on the Brussels Stock Exchange^[3].
4. 122 Chinese nationals were arrested in Nepal and deported. They were suspected of operating cyber fraud on a large scale in Kathmandu. Amongst the seized items were 331 laptops, nearly 100 desktop computers, more than 700 mobile phones, and numerous pen drives and SIM cards^[4].
5. The Cyber Crime police wing of Cyberabad arrested four fraudsters who used bulk SMS services, fake websites and other methods using the data of popular telemarketing and e-commerce companies. Police seized 2 laptops, 12 mobile phones, fake documents (including PAN, Aadhar and Voter ID), 4 debit cards, 19 sim cards, and a car^[5].

Top 5 cybersecurity developments

1. Alipay launched a new platform to bolster security measures to strengthen risk detection for its global partners in the wake of rising financial fraud and threats to data security^[6].
2. STEALTHbits Technologies, Inc. released its latest real-time Active Directory policy enforcement solution called StealthINTERCEPT 7.0 which can detect failed authentication instances to aid security administrators and analysts in detecting suspicious activities like password spraying attempts^[7].
3. U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a free tool using which organizations can test if their systems are exposed to CVE-2019-19781, a serious unpatched Citrix vulnerability which can allow attackers to run commands and access files on the victim’s computer^[8].
4. NSA disclosed a serious bug in Windows 10’s mechanism to confirm software legitimacy or establish secure web connections that could have exposed vulnerabilities to malware and similar attacks in close to 900 million PCs worldwide^[9].
5. Intezer, a New York-based cybersecurity company, launched Intezer Protect. This is a runtime cloud security product, which creates alerts on detecting unauthorized access and malicious software by continuously monitoring the binary code running inside the cloud servers of an organization^[10].

Stay tuned to CF Bytes for more periodical updates on cyberattacks and developments in the ever-evolving world of cybersecurity.

References

1. https://www.assetfinanceinternational.com/index.php/digitalisation/wcg-blog/19023-finance-industry-warned-to-take-action-after-travelex-cyber-attack
2. https://www.cnet.com/news/las-vegas-hit-by-cyberattack-as-it-hosts-ces/
3. https://www.brusselstimes.com/news-contents/economic/89253/cyber-attack-sees-picanol-shares-suspended/
4. https://www.japantimes.co.jp/news/2020/01/09/asia-pacific/crime-legal-asia-pacific/nepal-deports-122-chinese-nationals-linked-cyber-fraud/#.Xh8NzsgzZPY
5. https://www.aninews.in/news/national/general-news/cyber-crime-wing-of-cyberabad-busts-online-fraud-ring-4-arrested20200105025512/
6. https://technode.com/2020/01/10/alipay-launches-security-platform-for-global-payment-partners/
7. https://www.businesswire.com/news/home/20200114005134/en/STEALTHbits-Offers-New-Capabilities-Strengthen-Enterprise-Passwords
8. https://www.forbes.com/sites/kateoflahertyuk/2020/01/14/new-citrix-security-alert-us-government-issues-test-tool-for-serious-flaw/#362560d62865
9. https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/
10. https://www.prnewswire.co.uk/news-releases/intezer-launches-cloud-security-product-intezer-protect-leveraging-genetic-malware-analysis-technology-814602889.html

BySubham Paul

Subtle ways to stay away from Cyberstalkers

Have you ever been bothered by someone on the web? Do you think your company might be at risk due to hideous information robbers? Do you know what Cyberstalking is? Let’s see if we can help you out!

The current situation

Technology has been one of the main reasons for mankind’s progress for many years now. It has brought us humans closer to one another and made the world a small place, thanks to social networking websites and other platforms for communication. However, troublemakers such as Cyberstalkers never leave an opportunity to act and such activities have gained prominence in recent years. Here, we shall have a look at what is Cyberstalking and how individuals and organizations can avoid being trapped.

What does Cyberstalking mean?

For those who feel it is no different from social media stalking or trolling, it is time to bust the myth and understand the real Cyberstalking meaning. When any individual or organization is harassed online by someone who frequently follows the victim’s online activity and goes a step ahead by gaining access to confidential data and unpleasantly contacting the victim, it is recognized as an act of Cyberstalking. If someone simply follows the social media activity of a specific person frequently, it becomes stalking. Trolling too involves mild harassment of the target but with a humorous touch. The answer to why is Cyberstalking a problem is simple: it is done with malicious intent and has several legal implications too, making it a serious crime, unlike the other two terms.

Legal aspects of Cyberstalking

Cyberstalkers are professional attackers and have many ways to get away from the act by forming fake appearances, thereby staying anonymous. As a result, it becomes difficult to trace them and taking appropriate action. Laws to regulate this act have not been adopted in many countries either. This answers why cyberstalking is dangerous. However, some countries such as the United States have deployed legal measures to register cases of cyberstalking and impose punishments such as fines or imprisonment. In India, cyberstalking is legally recognized by Section 354 D of the Indian Penal Code as an act of spying on someone and creating a sense of fear or alarm. There are other provisions too which protect the victims of online harassment and punish the offenders with rigorous imprisonment.

Identifying Catfishers in the web

A catfisher is someone who creates a fake identity and gains the confidence of the victim to have financial gains or damage the reputation of the victim. Catfishing usually involves copying the profile of an already existing user and thereafter fooling innocent people. This can be identified by performing a Google image search and seeing whether multiple sources exist or not. The social media profile of catfishers often involves a small number of connections. Also, such offenders rarely post pictures with friends or family members and always decline making video calls.

Tips to avoid being trapped

Like many other things in life, cyberstalking is inevitable. The fact that tracing such offenders is difficult makes it all the more unstoppable. However, there are some easy ways by which you can keep yourself or your business relatively safer from the hiding predators. Some of these subtle ways to avoid cyberstalking are:

• Secure your computers, tablets, and phones with trusted and genuine antivirus software.
• Always use strong passwords and make a habit of changing your password from time to time.
• Avoid sending private messages or e-mails while using public Wi-Fi.
• Avoid uploading information that is too sensitive on social media. If need be, change your privacy settings and refrain from making this public.
• Beware of phishing e-mails. Look out for red flags such as unexpected mails from strangers, suspicious content, etc.
• Use a Virtual Private Network (VPN) to mask your IP address.
• Do not allow untrustworthy people to use your device.
• Always log out of your computer while it is to be left unattended.
• Be well informed about what information is available about you when searched online.

Life is never easy when a lot of information is likely to be shared online. However, the main idea behind keeping yourself safe from any cyberstalking activity is to refrain from performing any activity that might attract negative attention. In other words, maintaining good digital hygiene is the way forward to keep predators at bay and prevent you or your organization from falling into a trap.