Monthly Archive January 2020

BySubham Paul

Safeguarding our Bots – security risks in robotics

Cognitive, motor and emotional abilities make humans the smartest organisms in the world. Otherwise, we would not have witnessed the series of industrial revolutions in our history of technological advancements. But ever since robotics changed the game, humans have increasingly grown dependent on the artificially intelligent machines and used them for innumerable applications. The riveting question is – are these bots fully dependable? If not, what makes them vulnerable, and is there a way to strengthen them?

Common security risks in robotics

It is safe to say that automation is the way for modern-day enterprises to move forward, as it makes processes both effective and efficient. Today, robots are counted in millions as far as industrial use is concerned. Hence, it is crucial to understand the most common security vulnerabilities associated with them, some of which have been mentioned below:

  • Altering the production outcome – faults are injected into the robot’s system which makes it behave abnormally.
  • Causing physical damage – the physical equipment is damaged which makes the bot lose control and harm its environment.
  • Halting production – the turnaround time (to recover from the attack) is too high to avoid a halt in production.
  • Unauthorized access – an attempt is made to steal data from the robot’s system by gaining remote (and unauthorized) access.

Damage control

The reasons for a robotic system to have vulnerabilities can be many, ranging from faults during production to poor maintenance. However, there are both simple and complex ways by which these risks can be averted. The least that developers should follow is to implement Secure SDLC and properly checked encryption systems while producing the bots. There are some components of building security around a piece of robotic equipment or process. They are:

  • A standard mechanism for digital identity and access management of the equipment or process.
  • Identification of data involved and following protocols for data encryption, usage, and privacy.
  • Managing the ecosystem to increase the resilience to detect and react to risks.
  • Securing the product using threat modeling and vulnerability identification.
  • Security operations such as Threat Exposure Management (TEM) and Threat Detection Response (TDR).

The best practices of cybersecurity must be observed before, during and after the robot is deployed. This shall create the four key elements attached to building trust within the robotics platform:

  1. Traceability
  2. Integrity
  3. Confidentiality
  4. Control

As part of maintenance, the software upgrades and patch maintenance procedures must be carefully supervised. Lastly, users should have a response plan ready at all instances to ensure that the recovery time and damages caused in the event of an attack are minimized.

BySubham Paul

Conversational Analytics – is your chatbot fully reliable?

Gone are the days when users of software applications would always rely on text commands or graphical user interfaces (GUIs) to get their jobs done. Instead, we seem to have gone back to older times when errand boys would listen to our instructions and accomplish the tasks on our behalf. That’s right, this is the age of conversational user interfaces and enterprises have rapidly adopted chatbots that continue to benefit the businesses and users alike.

Read More
ByCyberFrat

CyberFrat Pune Meet

Date: Saturday, January 25, 2019 Venue: VIL, Information Technology Centre, 2nd Floor, S.No.19,20. Panchshil Tech Park, Next to Courtyard Marriot Hotel, Opp. HP. Petrol Pump, Hinjewadi, Pune – 411 057, Maharashtra, India.

10:00 AM - CF Updates by Anis Pankhania 
10:15 AM - Data Protection in the Digital World - Gaurav Khera , Director - Deloitte India
11:00 AM - SOC & Data Privacy - Umang Chokshi - Director within EY Advisory Services and specializes in Securit
11:45 AM - Networking Break
12:00 PM - GDPR Overview in Auditing - Khalil Ahmad Pathan - Wipro
12:45 PM - Quiz On Data Privacy
01:00 PM - Lunch
Gaurav is a Director with Deloitte India and comes with 12+ years of experience of working with India’s largest telecom operator. He comes with a rich experience of Cyber Risk, Telecom Strategy and Planning, IT Governance, Process Improvement, IT Service Management, Project/Program Management Technology Due Diligence, Digital Strategy, and Budgeting. Worked with a leading telecom operator of India for the formulation of the technology roadmap, setting up its IT Outsourcing Contract, IT Governance Framework, Centralized Service Desk, SLA Management Framework and CSAT for measuring IT satisfaction and alignment with business objectives.
Gaurav also works very closely with clients advising them on Digital Risks as well as other areas of Cyber Security. He has also led multiple engagements for doing IT Due Diligence as part of M&A activities.
  • Architect, Program and Project Management
  • Professional experience: more than 18+ years
  • Security Delivery Lead for India / South Asia and managing 30+ clients for a security solution, design, implementation, and response.
  • Establish strong client relationships in key large telecom accounts to help deliver Security Services portfolio across Infra Security, Identity & Access Management, Security Strategy, Security Information & Operations center, Data & Application Security.
  • Have played various roles in Cyber Security practice in last 15+ years of experience which include Consultant, Team lead, Security Project Manager, Solution Architect, Delivery Lead and worked across industry verticals including Telecom, Banking, Insurance, Automobiles, Retail Finance, Manufacturing & IT.
  • During this tenure, have done solution sizing, solution designing & architecting, Project Management, PMO, and Implemented various security solutions like SIEM (Q-Radar & Arcsight), DLP, Anti-APT, Malware Management, Web Security, Proxy, Email Security, IPS / IDS, Vulnerability Management, 2 Factor Authentication, Identity and Access Mgmt – Privilege Identity Mgmt solution like ARCOS, Firewalls, VPN, Wan Acceleration and Optimization, HIPS, UTM, Device control, WAF & Firewall from various leading OEM
Khalil is BE from Pune University and PGDIM from NITIE, Mumbai with over 11 years of workex primarily in IT Risk Compliance and Governance in various industries.
BySubham Paul

CF BYTES – Issue #1

The last fortnight saw a series of events that rattled the world of cybersecurity. Individuals and enterprises have been exposed to several attacks from cybercriminals and have pulled up their socks to upgrade their security and risk management mechanisms. Parallelly, there have been significant developments in this field which further show that there is a huge potential when it comes to making advancements in cybersecurity. This edition of CF Bytes brings to you some of the biggest such instances in this edition which occurred in the aforementioned timeframe.

Top 5 cyberattacks

  1. Travelex suffered a massive Sodinokibi virus attack this New Year’s Eve, following which its key systems were crippled and effects were observed in the 30 countries where it is operational. The entire finance industry has been warned after this incident[1].
  2. The city of Las Vegas was attacked by hackers on the opening day of CES 2020. The security team took the situation under control and averted a possible digital catastrophe[2].
  3. Picanol suffered a ransomware attack that halted its production in Ypres, affected its Chinese and Romanian sites and saw its shares getting suspended on the Brussels Stock Exchange[3].
  4. 122 Chinese nationals were arrested in Nepal and deported. They were suspected of operating cyber fraud on a large scale in Kathmandu. Amongst the seized items were 331 laptops, nearly 100 desktop computers, more than 700 mobile phones, and numerous pen drives and SIM cards[4].
  5. The Cyber Crime police wing of Cyberabad arrested four fraudsters who used bulk SMS services, fake websites and other methods using the data of popular telemarketing and e-commerce companies. Police seized 2 laptops, 12 mobile phones, fake documents (including PAN, Aadhar and Voter ID), 4 debit cards, 19 sim cards, and a car[5].

Top 5 cybersecurity developments

  1. Alipay launched a new platform to bolster security measures to strengthen risk detection for its global partners in the wake of rising financial fraud and threats to data security[6].
  2. STEALTHbits Technologies, Inc. released its latest real-time Active Directory policy enforcement solution called StealthINTERCEPT 7.0 which can detect failed authentication instances to aid security administrators and analysts in detecting suspicious activities like password spraying attempts[7].
  3. U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a free tool using which organizations can test if their systems are exposed to CVE-2019-19781, a serious unpatched Citrix vulnerability which can allow attackers to run commands and access files on the victim’s computer[8].
  4. NSA disclosed a serious bug in Windows 10’s mechanism to confirm software legitimacy or establish secure web connections that could have exposed vulnerabilities to malware and similar attacks in close to 900 million PCs worldwide[9].
  5. Intezer, a New York-based cybersecurity company, launched Intezer Protect. This is a runtime cloud security product, which creates alerts on detecting unauthorized access and malicious software by continuously monitoring the binary code running inside the cloud servers of an organization[10].

Stay tuned to CF Bytes for more periodical updates on cyberattacks and developments in the ever-evolving world of cybersecurity.

References

  1. https://www.assetfinanceinternational.com/index.php/digitalisation/wcg-blog/19023-finance-industry-warned-to-take-action-after-travelex-cyber-attack
  2. https://www.cnet.com/news/las-vegas-hit-by-cyberattack-as-it-hosts-ces/
  3. https://www.brusselstimes.com/news-contents/economic/89253/cyber-attack-sees-picanol-shares-suspended/
  4. https://www.japantimes.co.jp/news/2020/01/09/asia-pacific/crime-legal-asia-pacific/nepal-deports-122-chinese-nationals-linked-cyber-fraud/#.Xh8NzsgzZPY
  5. https://www.aninews.in/news/national/general-news/cyber-crime-wing-of-cyberabad-busts-online-fraud-ring-4-arrested20200105025512/
  6. https://technode.com/2020/01/10/alipay-launches-security-platform-for-global-payment-partners/
  7. https://www.businesswire.com/news/home/20200114005134/en/STEALTHbits-Offers-New-Capabilities-Strengthen-Enterprise-Passwords
  8. https://www.forbes.com/sites/kateoflahertyuk/2020/01/14/new-citrix-security-alert-us-government-issues-test-tool-for-serious-flaw/#362560d62865
  9. https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/
  10. https://www.prnewswire.co.uk/news-releases/intezer-launches-cloud-security-product-intezer-protect-leveraging-genetic-malware-analysis-technology-814602889.html
ByCyberFrat

Navi Mumbai Meet

CyberFrat Navi Mumbai Meet
Date: Saturday, January 18th, 2020
VEnue: qSEAp Infotech Pvt. Unit No: 105, Building No: 03, Sector – 03, Millenium Business Park, MIDC Industrial Area, Mahape, Navi Mumbai, Maharashtra 400710

Read More
BySubham Paul

Subtle ways to stay away from Cyberstalkers

Have you ever been bothered by someone on the web? Do you think your company might be at risk due to hideous information robbers? Do you know what Cyberstalking is? Let’s see if we can help you out!

The current situation

Technology has been one of the main reasons for mankind’s progress for many years now. It has brought us humans closer to one another and made the world a small place, thanks to social networking websites and other platforms for communication. However, troublemakers such as Cyberstalkers never leave an opportunity to act and such activities have gained prominence in recent years. Here, we shall have a look at what is Cyberstalking and how individuals and organizations can avoid being trapped.

What does Cyberstalking mean?

For those who feel it is no different from social media stalking or trolling, it is time to bust the myth and understand the real Cyberstalking meaning. When any individual or organization is harassed online by someone who frequently follows the victim’s online activity and goes a step ahead by gaining access to confidential data and unpleasantly contacting the victim, it is recognized as an act of Cyberstalking. If someone simply follows the social media activity of a specific person frequently, it becomes stalking. Trolling too involves mild harassment of the target but with a humorous touch. The answer to why is Cyberstalking a problem is simple: it is done with malicious intent and has several legal implications too, making it a serious crime, unlike the other two terms.

Legal aspects of Cyberstalking

Cyberstalkers are professional attackers and have many ways to get away from the act by forming fake appearances, thereby staying anonymous. As a result, it becomes difficult to trace them and taking appropriate action. Laws to regulate this act have not been adopted in many countries either. This answers why cyberstalking is dangerous. However, some countries such as the United States have deployed legal measures to register cases of cyberstalking and impose punishments such as fines or imprisonment. In India, cyberstalking is legally recognized by Section 354 D of the Indian Penal Code as an act of spying on someone and creating a sense of fear or alarm. There are other provisions too which protect the victims of online harassment and punish the offenders with rigorous imprisonment.

Identifying Catfishers in the web

A catfisher is someone who creates a fake identity and gains the confidence of the victim to have financial gains or damage the reputation of the victim. Catfishing usually involves copying the profile of an already existing user and thereafter fooling innocent people. This can be identified by performing a Google image search and seeing whether multiple sources exist or not. The social media profile of catfishers often involves a small number of connections. Also, such offenders rarely post pictures with friends or family members and always decline making video calls.

Tips to avoid being trapped

Like many other things in life, cyberstalking is inevitable. The fact that tracing such offenders is difficult makes it all the more unstoppable. However, there are some easy ways by which you can keep yourself or your business relatively safer from the hiding predators. Some of these subtle ways to avoid cyberstalking are:

  • Secure your computers, tablets, and phones with trusted and genuine antivirus software.
  • Always use strong passwords and make a habit of changing your password from time to time.
  • Avoid sending private messages or e-mails while using public Wi-Fi.
  • Avoid uploading information that is too sensitive on social media. If need be, change your privacy settings and refrain from making this public.
  • Beware of phishing e-mails. Look out for red flags such as unexpected mails from strangers, suspicious content, etc.
  • Use a Virtual Private Network (VPN) to mask your IP address.
  • Do not allow untrustworthy people to use your device.
  • Always log out of your computer while it is to be left unattended.
  • Be well informed about what information is available about you when searched online.

Life is never easy when a lot of information is likely to be shared online. However, the main idea behind keeping yourself safe from any cyberstalking activity is to refrain from performing any activity that might attract negative attention. In other words, maintaining good digital hygiene is the way forward to keep predators at bay and prevent you or your organization from falling into a trap.

Social media & sharing icons powered by UltimatelySocial