Category Archive Cyber Articles

BySubham Paul

Safeguarding against E-skimming – The silent troublemaker in online payments

Sticking to the concept of evolution, bad actors on the web have come up with yet another channel to get their work done. This new threat has grabbed eyeballs after affecting global retailers such as Puma, Macy’s, Target and British Airways and helping hackers steal millions of credit card numbers over the past 2 years. Termed E-skimming, this is one of the latest threats to the cyber community, especially when it comes to making online payments. This article aims at throwing some light on it and the ways for the average internet user to safeguard himself/herself.

Read More
BySubham Paul

CF BYTES – Issue #2

A cyberattack is always a piece of bad news for every concerned stakeholder of the victim. Similarly, any new development in cybersecurity needs to reach to every modern-day user, either as a part of an organization or the public in general. In this regard, we bring to you the top 5 cyberattacks and developments in cybersecurity that were observed in the last fortnight in this latest edition of CF Bytes.

Read More
BySubham Paul

Safeguarding our Bots – security risks in robotics

Cognitive, motor and emotional abilities make humans the smartest organisms in the world. Otherwise, we would not have witnessed the series of industrial revolutions in our history of technological advancements. But ever since robotics changed the game, humans have increasingly grown dependent on the artificially intelligent machines and used them for innumerable applications. The riveting question is – are these bots fully dependable? If not, what makes them vulnerable, and is there a way to strengthen them?

Read More
BySubham Paul

Conversational Analytics – is your chatbot fully reliable?

Gone are the days when users of software applications would always rely on text commands or graphical user interfaces (GUIs) to get their jobs done. Instead, we seem to have gone back to older times when errand boys would listen to our instructions and accomplish the tasks on our behalf. That’s right, this is the age of conversational user interfaces and enterprises have rapidly adopted chatbots that continue to benefit the businesses and users alike.

Read More
BySubham Paul

CF BYTES – Issue #1

The last fortnight saw a series of events that rattled the world of cybersecurity. Individuals and enterprises have been exposed to several attacks from cybercriminals and have pulled up their socks to upgrade their security and risk management mechanisms. Parallelly, there have been significant developments in this field which further show that there is a huge potential when it comes to making advancements in cybersecurity. This edition of CF Bytes brings to you some of the biggest such instances in this edition which occurred in the aforementioned timeframe.

Read More
BySubham Paul

Subtle ways to stay away from Cyberstalkers

Have you ever been bothered by someone on the web? Do you think your company might be at risk due to hideous information robbers? Do you know what Cyberstalking is? Let’s see if we can help you out!

Read More
ByCyberFrat

Case Study: Password and Phishing Attack

This case study is a combination of two attacks password and phishing. Password attack is one of commonly happen attack in our society due to lack of awareness about cyber security. In today’s time, technology is growing rapidly but still our society’s major chunk is deprivedfrom the knowledge of how to use technology securely. In this case study the attacker first performs password attack to get an access to an email account and then performs phishing attack further.  

The incident happened in one of the well-known academic institution. The incident consisted of emails received from a very senior and high profile person to other users. The suspected emails contained a malicious executable as reported by the other users. After investigation regarding the emails it was found the senior person had not sent any such emails to others which could compromise of the user’s credentials .During investigation, “Last account Activity” details were monitored which showed the particulars of last ten logins of the persons Gmail account such as location, IP, method and time. From the particulars it was identified that last logins details were suspicious. So it was basically the crime against individuals targeting the users from the persons address book to access their data which includes personal details, banking information, login credentials etc. The incident happened with motives to steal user’s credentials and conduct further targeted social engineering attacks against affected people. Here the attacker was from the organization itself who tried to steal the credentials of the users by misusing other persons email address. Here the attacker wanted to satisfy two goals one is defaming the senior employee as he was having some personal grudges with him and second one is misusing user’s credentials. 

The incident happened due to common type of vulnerability i.e. weak password.  The following Figure 1.1 shows the different stages of attacks in present case study.

Figure 1.1: Stages of attacks in present case study

The case study suggests there is a necessity of spreading more awareness about end users best practices. Specifically with using strong password protection and authentication which any common person can easily do it at entry level. 

This Article is written by Ms. Sampada Margaj, Member Digital Security Program as part of Monthly assignment for Month of May 2019. This Article is selected as best article for the month. Sampada is Asst. Professor, Computer Science at Kitti College, Dadar, Mumbai

ByCyberFrat

Simplifying GDPR

Yet another four-letter buzzword is charming the industries & Information Technology Industries. Latest four letter thrill is called GDPR (General Data Protection Regulation)

Due to drastic changes in technologies European Union has initiate the new data privacy law. European regulation for Data protection that is GDPR

The GDPR will replace the current Data Protection EU Directive 95/46/EC. It also will also replace EU national legislation on data protection, such as the UK’s Data Protection Act 1998.

GDPR is the most important change in data privacy. Like earlier Data Protection; This not a Directive; this is Regulation. 

What is the main purpose of GDPR?

To protect and provide rights to European Union data subjects (individuals whose data is being captured by organizations).

Giving regulatory authorities power to take action against companies that breach the new regulations. In this digital economy, it should be no surprise that these regulations also apply to global enterprises outside the EU.

Core Value of GDPR

GDPR builds on existing data protection principles, under the data protection principles set out the main responsibilities for organisations.

  • To strengthen individuals’ rights
  • To give increased attention to cyber security and technological capacity
  • To extend supervision and sanctions across consumer data

 Who will follow & implement GDPR?

Any company (EU and foreign) that processes the personal data of individuals residing in the European Union must adhere to these regulations, regardless of the company’s location.  For non-EU businesses processing the data of EU citizens, this includes the requirement of appointing a representative in the EU.

Less than 250 employee’s organization need not comply with GDPR. If companies processing special categories of data … or critical personal data relating to criminal convictions and offences they need to comply with GDPR”

GDPR Article 37: Designation of the data protection officer (DPO)

  • DPOs appointed in three situations:
  • Where the processing is carried out by a public body;
  • Where core activities require regular and systematic monitoring of personal data on a large scale;
  • Where core activities involve large-scale processing of sensitive personal data.
  • Position of the data protection officer (DPO)
  • DPOs will be supported by Data Controller & Data Processor
  • DPO has a large degree of independence
  • Protected role within the organization
  • Direct access to highest management
  • Tasks of the data protection officer:
  • Under GDPR company will be legally obliged to inform its data protection regulator; when security breaches occur which affect personal data.
  • To inform and advise of obligations;
  • To monitor compliance;
  • To provide advice with regard to data protection impact assessments;
  • To cooperate with the supervisory authority;
  • To have due regard to risk associated with processing operations.

Are there any penalties?

Fine: 10,000,000 Euros or 2% Global Turnover, for offenses related to:

  • Child consent;
  • Transparency of information and communication;
  • Data processing, security, storage, breach, breach notification; and
  • Transfers related to appropriate safeguards and binding corporate rules.

Fine: 20,000,000 Euros or 4% of Global Turnover, for offenses related to:

  • Data processing;
  • Consent;
  • Data subject rights;
  • Non-compliance with DPR order; and
  • Transfer of data to third party.

What is Personal Data?

Definition under the GDPR: Data from which a living individual is identified or identifiable (by anyone), whether directly or indirectly. Any information relating to an identified or identifiable natural person. Like IP Address, Mobile Phone, Physical, physiological, genetic, mental, economic, cultural or social identity of that person. While earlier under DPA

Personal Data under Data Protection Act 1998 (DPA1998): data which relate to a living individual who can be identified: (a) from those data; or (b) from those data and other information which is in the ownership of,

Definition of a Personal Data Breach in GDPR: or what Personal Data breach in GDPR??

  • When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons
  • A breach of security leading to:
    1. Destruction;
    2. The accidental or unlawful
    3. Loss;
    4. Alteration;
    5. Unauthorized disclosure of; or access to – PERSONAL DATA transmitted, stored or otherwise processed

What will happened in case of Data Breach?

In the case of personal data breach, data controllers must notify the supervisory authority (SA) “Notice must be provided “without undue delay and, not later than 72 hours” If notification is not made within 72 hours, the controller must provide a “reasoned justification” for the delay.

  • Notification without unnecessary delay after becoming aware
  • No exemptions
  • Responsibility for data controller to notify the supervisory authority
  • Description of the nature of the breach
  • No requirement to notify if unlikely to result in a high risk to the rights and freedoms of natural persons

Key compliance principals

Opt-in Only

In the current Privacy and Electronic Communications Regulations (PECR) all company addresses are considered to be “opt out” This means you can send an email to a company address without permission, provided you include an option to unsubscribe.

In the new regulation this won’t be the case. This has been removed as all consent must be explicit. This means that you must be able to prove that the customer agreed to receive the emails (by a selection action, not just a disclaimer).

Right to be forgotten

Moving forward, everybody will have the right to be forgotten. No longer can you mark the contact as “do not contact” in your CRM database. All personal details will have to be deleted.

Key Dates

  • On 8 April 2016 the Council adopted the Regulation.
  • On 14 April 2016 the Regulation was adopted by the European Parliament.
  • On 4 May 2016, the official text of the Regulation was published in the EU Official Journal
  • 24 May 2016, The Regulation entered into force on and applies from 25 May 2018.

Conclusion

GDPR is on the way. We have to be ready now!

While there are still 11 months before the grace period expires, organisations need to start taking action now, or they may well find themselves with inadequate time to take the necessary steps to action everything required?

References:-

Google.co.in, EU GDPR journal, Seminar on GDPR

 Pravir Kumar Sinha CPISI, CISA, CISM, PRINCE2, ITIL
in.linkedin.com/in/pravirkumarsinha

ByCyberFrat

Is the Blockchain an economy or a computer science innovation?

Introduction to Blockchain

Blockchain is a decentralized distributed database (ledger) system. It is distributed because there is not a single repository held or owned by one person (Parties or Miner). All of them have their own copies of committed transactions of the block. Blockchain is not a drop box of transactions on the contrary it is a vault of hashed value of an asset which is tagged to its latest owner. Transactions being the trail of quantity and change of ownerships since it was the first time introduced in the Blockchain.

1

Blockchains can be applied to any concept which requires digital security for maintenance and management and currently Blockchains version 3.0 is the latest release. Some of the applications of Blockchains in financial domain are Crypto currency (the famous Bitcoin), Escrow transaction, Bonded Contracts, Smart Contracts, and Intellectual Property etc.  One can also conceive that a voting right can also be put on a political Blockchain of a national electorate (electorate being a vote exchange) also a physical housing property can be converted into a hashed digital asset traded on Blockchain of a real estate exchange and there are endless possibilities one think of. With the advancement in IoT, a Blockchain is a perfect combination to launch smart contracts.

To understand more on Blockchain one needs to understand its building blocks, let’s see one by one:

Unit: It is a digital intangible or tangible asset which can be converted into a hashed value e.g crypto-currency, a vote, digital property, intellectual property etc…

Transaction: No of Units that can be exchanged in one single go

Block: Stack of authorized transactions

Blockchain: Irreversible blocks (ledger)

Miners: Nodes that work as authenticators and validators of transaction and forms block in a chain.

The next question comes into the mind is how transactions are executed on the Blockchain. Assume that there are two parties A & B and they want to execute a transaction between them by exchanging certain number of Units (assume a crypto currency unit such as Bitcoin). Both the parties have to be on the same Blockchain network and application but on separate node (computer). This is important because a common platform is needed for transfer and communication of protocol for request and response. In order to execute a transaction both will require keys (randomly generated encrypted/hashed values to be kept confidential). The keys can be common session keys or public and private keys. Usually it is public and private keys combination and per transaction a unique set of pairs of keys are generated. “A” (initiator with address N) will pledge a transaction with certain number of Units with his key. “B” (receiver with address M) will acknowledge this transaction with his key. Now the transaction is in the executed stage but not validated and authorized. These Transactions flow into the distributed network and remain in the queues of Miners for validation and authorization and once done the transaction is connected to a chain and chain into a block of irreversible transaction. The blocks are formed after a suitable time lets us say that number of transactions validated in 10 secs will form a block. These blocks are then stored into a decentralized distributed database/ledger (Blockchain) i.e the copy of the block will be replicated into a database maintained with A, B and the Miner (who authorized the transaction) so that none of them can deny the execution of transaction. This replication is done to address the conflict between parties should it arise. The chain is actually the quantity and trail of tag of the unit associated with the ownership. During entire transaction anonymity of both A & B is maintained because they are identified by their keys and these keys cannot be reverse engineered to identify the owner as the keys are random values generated using trusted and certified algorithms.

2

Miners are available in Public Blockchain (Bitcoin), they validate and authorize a transaction and convert it into a chain but only when they have completed their workloads (proof of work) between chains. The workloads are nothing but complex numerical problems which require huge computation processing and time. It is a huge investment to become a Miner. One may be wondering then why to become a Miner.  For validating and authorizing each transaction the Miner is paid a fee/commission in form of Units of the Transaction. Some Miners also act as exchange house to buy and sell the Unit (Bitcoin) with fiat currency (USD) this is also called an Offchain.

3

4

Just to revise the layers of a Blockchain are the Units that are executed over a transaction which are further validated and verified by Miners to convert into chain and then into a block and finally stored into a decentralized distributed ledger.

There are different types of Blockchain:

Public Blockchain: In this type anyone, individual or a group can be a part of a Blockchain to execute a transaction or become a Miner. Example can be Bitcoin Blockchain.

Permissioned Blockchain: Consortium of entities form the Blockchain and only permissioned or licensed individual or a group can be a part of this Blockchain to execute a transaction but there are no Miner. In this type the transactions are auto validated and authorized as the parties are trusted. This is a more secured network and example can be consortium of banks or financial institutions forming a Permissioned Blockchain and parties can be legitimate entrusted customers of the bank.

Sidechain (Interchain) Blockchain: When one or more unique Blockchains interlink to form a complex set of Blockchain.


vikasvarma

Vikash Verma

Enterprise Risk Management

ByCyberFrat

How Bots are different from Virus, worms and Trojans

One common mistake that people make when the topic of a computer virus arises is to refer to a worm, Bot or a Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from damaging effects. Different classes of malicious software are described below.

Viruses

A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.

Worms

Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.

Trojans

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.

Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.

Bots

A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P).[1] Botnets have been used many times to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.

Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) centre for an entire network of compromised devices, or “botnet.” With a botnet, attackers can launch broad-based, “remote-control,” flood-type attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyse packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host. Bots have all the advantages of worms, but are generally much more versatile in their infection vector, and are often modified within hours of publication of a new exploit. They have been known to exploit back doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.

 

How Bots Work

Bots sneak onto a person’s computer in many ways. Bots often spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry out a task.

After a computer is taken over by a bot, it can be used to carry out a variety of automated tasks, including the following:

Sending Stealing DoS (Denial of Service) Clickfraud
They send – spam – viruses – spyware They steal personal and private information and communicate it back to the malicious user: – credit card numbers – bank credentials – other sensitive personal information Launching denial of service (DoS) attacks against a specified target. Cybercriminals extort money from Web site owners, in exchange for regaining control of the compromised sites. More commonly, however, the systems of everyday users are the targets of these attacks — for the simple thrill of the botherder. Fraudsters use bots to boost Web advertising billings by automatically clicking on

 

Best Practices for Combating Viruses, Worms, Trojans, and Bots

The first steps to protecting your computer are to ensure that your OS is up to date. This means regularly applying the most recent patches and fixes recommended by the OS vendor. Secondly, you should have antivirus software installed on your system and download updates frequently to ensure that your software has the latest fixes for new viruses, worms, Trojans, and bots. Additionally, you want to make sure that your antivirus program can scan e-mail and files as they are downloaded from the Internet. This will help prevent malicious programs from reaching your computer. You may also want to consider installing a firewall.

Technical Definition Sites

http://en.wikipedia.org/wiki/

http://www.sans.org/resources/glossary.php

https://us.norton.com/botnet/

http://www.cisco.com/security/

Social media & sharing icons powered by UltimatelySocial