Tag: cyber crime

Categories
Ransom ware outburst

Ransom ware outburst; Govt. to take serious action against the worst cybercrime!

ransom ware outburst

Ransom ware is a type of malware from crypto virology that publishes personal data and blocks the access of our PC by putting a virtual lock. The lock is released only when the demanded ransom is paid to the hacker.

Sometimes the attacks are simple that a knowledgeable person can easily break the lock and unblock the files. Some enhanced malwares like Crypto viral extortion makes it a serious threat to the user and have no other option than paying the ransom to decrypt them.

Major payment methods used:

  • Wire transfer

Wire transfer is a method of electronic fund transfer from one person or entity to another. A wire transfer can be made from one

bank account to another or through a transfer of cash at a cash office.

  • Premium-rate text messages

Premium-rate text is a mobile phone billing enabler that allows people to pay for their goods or services by sending or receiving messages from premium rated phone numbers known as short code.

  • Pay safe cards

Pay safe card is a prepaid online payment method based on vouchers with 16 digit pin code independent of bank account, credit card or any other personal information.

  • Bit coin

Bit coin is a crypto currency invented in 2008 by an unknown person or a group of people using the name Satoshi Naka motto. It is a decentralized digital currency without a central bank or a single administrator that can be sent from user to user on the Bit coin network.

                       1 Bit coin=29,04,849 INR

Trojan virus is the major type of malware used in these kinds of cybercrime. Trojan is attached to a mail and sent to the target. Once he opens the mail, a payload is generated which claims to lock the system. This virus sometimes generates a fake warning symbol making the user believe that the system is used for illegal activities like pornography or pirated Medias.

Once a highly danger malware known as the Winery worm was found to travel between two PC’s without any external interaction. This gives a clear cut picture of the advancement of the cyber hackers.

Ransom ware started to spread internationally by the end of 2012. There were 181.5 million ransom ware attacks in the first 6 months of 2018.

To safeguard from these attacks Govt. announced two software’s named Crypto guard and crypto wall which accrued between 3 to 18 million US dollar by June 2015.

Locker ransom and Crypto ransom are the two forms of ransom ware that are currently the most widely used types of malwares. Locker ransom just locks our basic computer function and releases them once the transaction is done. Whereas Crypto ransom encrypts sensitive documents and threatens to destroy them if not paid what is asked for.

The 3 main ways ransom ware can infect your computer are:

  1. Spear phishing

Spear phishing is a method of passing the virus from the attacker to the target by sending emails. Once he opens the mail, data’s get encrypted and the system gets under the control of the attacker.

  • Watering hole

Watering hole is a computer attack strategy in which a hacker guesses or observes which websites an organization or individual uses and infects them with malware.

  • Scare ware

Scare ware is a malware tactic that manipulates users into believing they need to download or buy some software’s that would help them in some ways. Scare ware usually comes as a pop up ad that takes the advantage of the users to install fake software’s.

True stories

  • In 2020 a ransom ware name Ryun spread through emails containing dangerous links and attachment. This was the most expensive ransom ware case reported. They demanded more than million USD for the release of the document. More than 1000 companies faced this attack.
  • 2018 brought about a new strain of ransom ware named Sam Sam that infected the city of Atlanta. They spent around 2 million USD to repair the damage.
  • Teslacrypt was evolved during the mid-2015. These targeted game files initially. It then gradually began to block maps and user profiles. In this scenario people were forced to pay at least 250 USD to get back the files and data.

How to stop these attacks?

One of the major step to prevent ransom ware attacks is to have a

Strong endpoint security solution. These security software’s are installed in your end point devices and helps to detect any abnormalities in the functioning of the device.

Always secure your email communications with with URL defences and attachment sandboxing to identify threats and blocks.

Do not visit dangerous websites and download malicious files. This helps to prevent Trojan from entering your device.

Do regular data backup and recovery of files. Make sure that the data’s are backed up in multiple places including your main storage, on local disks and in cloud storage. This helps in mitigating the loss of encrypted files and regain functionality of the system.

As per the law, Section 77 A of ITI Act, the subject to certain exceptions, all offenses under IT Act for which the punishment is imprisonment for a term of 3 years.

Giving and taking ransom is a punishable offense. Safeguard yourself from these money making threats. Stay alert!

Categories
network attacks

Network attacks; new source of cyber crime to take into form!

network attacks

Network attack is an attempt to gain unauthorized access to an organization’s network with the objective of stealing data or perform other malicious activity.

Every developing organization will have a large and complex network with multiple end points. This benefits and ensures the smooth working of the company. But as far as security is concerned, this could be a major threat.

A bit more about Network attacks

The malware associated with network attacks are free to move from one system to another without the interference of an external hacker. This causes severe damage without our knowledge.

Some of the prevalent types of network attacks today include malware, virus, worm, botnet etc.

Malware is dangerous software which is designed to disrupt or damage a computer system. Most of the malwares today are self-replicating. Once it affects one host, from that host it seeks entry into other hosts over the internet, and from the newly infected host it gains entry into multiple hosts making it spread exponentially fast.

Virus is a kind of malware which requires user interaction to infect a device. Most of the virus attacks are through email attachments. When the target opens the mail the malware gets activated and runs the system.

Worm on the other hand can reach the target without explicit user interaction.

Botnet is a network of private computers infected with malicious software and controlled as a group of owner’s knowledge.

General categorization of network attacks

  • Passive attacks

In this kind of attacks, the malware gains the access to personal information and steals sensitive content without disturbing the data or damaging them. The data remains intact. This type of attack is an easy walk-in for the hackers.

  • Active attacks

In this category there are chances that the malware destroys or deletes the data after gaining the access. They may encrypt the entire data.

Types of network attacks

  1.  Unauthorized access

This attack happens when we set a weak password or lack protection against weak engineering. As the name suggests, the attackers enters your system without any permission or authorization.

  • Distributed Denial of Service (DDoS) attacks

In this kind of attacks the hackers create large compromised devices and use them to false traffic the targets network and servers.

  •  Man in the middle attacks

Here the attackers act as a mediator between user network and external sites or within the networks. Here the cyber hacks can obtain user credentials and hijack their sessions.

  • Code and SQL injection attacks

There are websites that accepts the input of the users and fails to destroy them after use. Attackers use this as an opportunity to fill out a form or make an APL call passing malicious code instead of expected data values.

  • Privilege escalation

Once the hacker is into your device, he can use privilege escalation technique to expand his reach. The expansion can be both vertical and horizontal. Horizontal escalation means gaining additional access

and vertical escalation means gaining higher level privilege of the same system.

  1. Insider threats

Insider malware is not an external infection but rather an internal one. These threats are difficult to access but some new technologies like User and Even Behavioural Analytics (UEBA) can help to identify suspicious or anomalous behaviour.

Cases reported

  • Adobe

Date: October 2013

Impact: 153 million user records

As reported in early October of 2013, the hackers have stolen nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts.

  • Adult Friend Finder

Date: October 2016

Impact: 412.2 million accounts

This breach was particularly sensitive for account holders because of the services the site offered. The stolen data spanned 20 years on six databases and included names, emails, addresses and passwords.

  • Canva

Date: May 2019

Impact: 137 million user accounts

In May 2019 Australian graphic design tool website Canva suffered an attack that exposed email addresses, usernames, names, cities of residence and salted and hashed with bcrypt passwords of 137 million users.

How to stay away from networks attacks

First and the most important thing is that you segregate your network. Divide networks into zones based on security requirements. This can be done using Virtual Local Area Networks (VLANs).

In case of an organization, never allow the users to access the internet unchecked. Setup transparent proxy and monitor every activity using them. Always look out for bot activities and make sure every outbound connection is human performed.

Place Firewall at every junction of network zones and not just network edges.

Make sure you have the complete visibility of the network operations. Combine data from different security tools to get a clear cut picture of what is happening on the network. Cynet 360 is an integrated security solution offering advanced network analytics.

Cynet 360 blocks suspicious behaviours, malwares, UBA, deception and uncovers hidden threats.

Network attacks are real. Stay conscious and protected!