Tag: #cybersecurityawareness

Web Application Security : A Necessity, Not a Luxury

Posted on by Anteelo Master
Web application security is an all-encompassing term that covers the security of websites, web applications and web services. Web applications are one of the prime targets for cyber attackers due to the following reasons-

  1. The complexity of their source code increases the chances of manipulation of the code with malicious intent and unseen vulnerabilities.
  2. These attacks can be launched easily and target multiple targets at the same time.
  3. The rewards reaped by the attackers are huge. They can get hold of the financial information or other private data that belongs to the users of the application.

Web Application Security: Complete Beginner's Guide | Netsparker

Organizations need to be wary of such attacks on their web applications as it can result in the disruption of their relationships with their clients or can lead to legal action against them. According to a report published by Forrester in 2020, 35% of all external cyber attacks on organizations came in through a web application. In fact, Security Boulevard reported that as the first batch of COVID-19 vaccine vials was distributed, an increase of 51% web application attacks on healthcare targets was noticed.

 

Also, recently, a report by Business Standard revealed that a hacking group called ShinyHunters leaked 1.9 million user records stolen from an online photo editing application known as Pixlr. In another case, the same hacking group stole the data of users from an online dating website named MeetMindful.

 

All of this should be alarming for organizations, especially the ones dealing with sensitive user information. Web application security, an often ignored aspect of cyber security, should therefore be given priority in the cyber security policies of organizations.

Types of Web Application Vulnerabilities

 

Web application attacks can take various forms. This is done using different vectors mentioned below-

 

  1. Cross-site Scripting (XSS) – It is a type of injection attack that targets users to access their accounts, modify the content of a page or activate trojans. Direct injection of a malicious code into an application results in Stored XSS.  A Reflected XSS occurs when a malicious script is reflected off an application onto a user’s web browser.
  2. SQL Injection – SQL Injection is a malicious SQL code used to manipulate a back-end database in order to reveal information. This can result in unauthorized access to the administrative control of the web application and unwarranted modification of data.
  3. Remote File Inclusion – Injecting a file onto a web application server from a remote location is known as Remote File Inclusion. Hackers use this vector for the execution of malicious scripts within the application. It has also been seen that this vector is used for data manipulation and data theft.
  4. Cross-site Request Forgery – This kind of attack takes place when a malicious web application makes a user’s browser perform an unwanted action on a site where the user is logged in to. This attack can result in an unsolicited transfer of funds, changed passwords or data theft.
  5. Denial of Service (DoS) Attack – Denial of Service Attack (DoS) occurs when a server stops responding to the incoming requests of its legitimate users or starts responding very sluggishly due to its overloading with different types of attack traffic.
  6. Misconfiguration of Security Settings – Attackers pounce upon the chance of exploiting misconfigured security settings or settings that are set at default, verbose error messages with sensitive information and misconfigured HTTP headers.
  7. Insufficient Logging and Monitoring – This is one vulnerability that can help the attackers further attack systems or tamper, destroy and extract data. According to security experts, it takes 197 days on an average to detect a data breach.
  8. Buffer Overflow – Buffer Overflow is the overflowing of the buffer’s capacity, which is a space in memory, resulting in the overwriting of the adjacent memory locations with data. This can be used to inject malicious code into the memory.

Measures for Risk Mitigation

 

  • Using a Web Application Firewall – A Web Application Firewall is a hardware and software solution designed to defend against any attack attempts. It is a good way to compensate for any code sanitization deficiency.
  • Gathering Information – Classify third-party hosted content and review the application manually to identify client-side codes and entry points.
  • Authorization – Test the application for missing authorization, insecure direct object references and horizontal and vertical access control issues.
  • Encryption – Encrypt the specific data and avoid the use of weak algorithms.
  • Bot Filtering – Mass-scale automated attacks are launched using malicious bots. This bot traffic can be detrimental for the web application and is therefore dealt with Bot Filtering tools.
  • Conducting VAPT– VAPT (Vulnerability and Penetration Testing) is an essential service for organizations in their quest for safer use of IT infrastructure. VAPT is like a self-assessment service that brings the vulnerabilities related to the APIs, technology, platform, etc to the fore, thereby shaping the cyber security policies of the organizations and helping them upgrade their systems. Web application security assessment, therefore, goes a long way in ensuring the smooth functioning of the web application.

Vulnerability Assessment and Penetration Testing(VAPT) Services - BERRY9 IT SERVICES

Apart from this, web application security is also necessary for GDPR compliance. If an application processes personal data of EU residents, then the GDPR requires that organization to follow security “by design and by default” for data protection (Art 25). It is therefore recommended that organizations running web services or web applications put the requisite cyber security measures in place to tackle any kind of attack

India: A witness of massive Cyber Attack

Posted on by Anteelo Master

Cyber Threat Report of 2019: 69% of Firms Face Serious Cyber Attacks in India!

69% Indian firms face serious cyber attack risk: Study

Do you know that India is in has been ranked the second position amongst the countries affected by cyber attacks between 2016-2018? According to a source, there was a 22% rise in cyber attack in India on IoT deployments. India has faced the most number of attacks in the IoT department this year. In fact, India has been consecutively facing cyber attacks, the second time in a row!

In a recent study, it was revealed that out of 15 Indian cities, Mumbai, New Delhi, and Bengaluru have faced the maximum number of cyber attacks. In the Annual Cyber Security Report by CISCO, 53% of cyber attacks caused more than $500K of financial loss to organizations in 2018.

cyber attack – The Siasat Daily

India has faced a rise of 7.9% in data breaches since 2017. Also, the average cost per data breach record is mounting to INR 4,552 ($64). Cyber attacks in India have risen up to such an extent that our country ranks fourth out of the top 10 targeted countries in the world. In a report by India Today, Chennai experienced the highest percentile of cyber attacks with a stat of 48% in the first quarter of 2019.

No survey or warning has brought any change in the cyber security policies of companies across the nation. In spite of witnessing several cyber attacks in India, people are still not aware of lucrative cyber security solutions to prevent their organization from any other attack. Here are some recent series of cyber attacks that massively brought loss to renowned companies in India.

The 2019’s Biggest Cyber Attacks  in India

Cyber criminals have adapted advanced cyber attack techniques for their targeted end-users. Various business sectors and geographical locations have faced recent cyber attacks in India.

Cosmos Bank Cyber Attack in Pune 

Cyber Attack at Cosmos Bank

A recent cyber attack in India in 2018 was deployed on Cosmos Bank in Pune. This daring attack shook the whole banking sector of India when hackers siphoned off Rs. 94.42 crores from Cosmos Cooperative Bank Ltd. in Pune.

Hackers hacked into the bank’s ATM server and took details of many visas and rupee debit cardholders. Money was wiped off while hacker gangs from around 28 countries immediately withdrew the amount as soon as they were informed.

ATM System Hacked 

4 ways to hack an ATM — video | Kaspersky official blog

Around mid-2018, Canara bank ATM servers were targeted in a cyber attack. Almost 20 lakh rupees were wiped off from various bank accounts. A count of 50 victims was estimated and according to the sources, cyber attackers held ATM details of more than 300 users. Hackers used skimming devices to steal information from debit cardholders. Transactions made from stolen details amounted from Rs. 10,000 to Rs. 40,000.

UIDAI Aadhaar Software Hacked

UIDAIs Aadhaar Software Hacked To Generate Unlimited IDs Experts Confirm

2018 started with a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked  Aadhaar details of people online.

Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders. If it wasn’t enough shocking, anonymous sellers were selling Aadhaar information of any person for Rs. 500 over Whatsapp. Also, one could get any person’s Aadhaar car printout by paying an extra amount of Rs.300.

Hack Attack on Indian Healthcare Websites 

Hackers Attack Indian Healthcare Website, Steal 68 Lakh Records: Report

Indian-based healthcare websites became a victim of cyber attack recently in 2019. As stated by US-based cyber security firms, hackers broke in and invaded a leading India-based healthcare website. The hacker stole 68 lakh records of patients as well as doctors.

SIM Swap Scam

Scam protection: How to prevent sim swap scam 2019? | Cryptopolitan

Two hackers from Navi Mumbai were arrested for transferring 4 crore rupees from numerous bank accounts in August 2018. They illegally transferred money from the bank accounts of many individuals. By fraudulently gaining SIM card information, both attackers blocked individuals’ SIM cards and with the help of fake document posts, they carried out transactions via online banking. They also tried to hack accounts of various targeted companies.

Aforesaid stats and events of the latest cyber attacks in India are the wake-up call for all those individuals and companies who are still vulnerable to cyber threats. It is very essential for organizations to implement cyber security measures and follow the below-mentioned security guidelines.

Cyber Security Measures for Organizations to Prevent Cyber Attacks

Bird Protect Stock Illustrations – 1,476 Bird Protect Stock Illustrations, Vectors & Clipart - Dreamstime

  1. Educate employees on the emerging cyber attacks with security awareness training.
  2. Keep all software and systems updated from time to time with the latest security patches.
  3. Implement email authentication protocols such as DMARC, DKIM and SPF to secure your email domain from email-based cyber attacks.
  4. Get regular Vulnerability Assessment and Penetration Testing to patch and remove the existing vulnerabilities in the network and web application.
  5. Limit employee access to sensitive data or confidential information and limit their authority to install the software.
  6. Use highly strong passwords for accounts and make sure to update them at long intervals.
  7. Avoid the practice of openly password sharing at work.

Spear Phishing vs Phishing

Posted on by Anteelo Master

What is Spear Phishing?

Along with the evolution in technology, a rapid and dramatic shift has been experienced in the occurrence of cyber attacks. The new targeted email-based phishing attacks have replaced the old extensive spam attacks. These phishing campaigns are causing major financial, brand, and operational harm to organizations across the world. The most notorious crime that is affecting major banks, corporates, media companies, and even security firms is a spear phishing email attack.

Spear phishing is an email scam that is targeted towards a particular individual, an organization, or a business. Attackers install malware on the targeted user’s computer system besides stealing user’s data.

Follow the image to understand how a spear phishing attack works:

What is Spear Phishing? {examples} How To Prevent Attacks

Spear phishing attack example:

Spear phishing and phishing attacks are deployed with similar forms of email attack which includes a typical malicious link or an attachment. The primary difference between them is the way of targeting individuals.

For instance, you have posted a social media update about traveling to a different state or country. You might receive an email from a colleague saying, “Hey, while you are in New York, make sure to try the famous Joe’s Pizza. Click Here, *link* to check out their menu list!” While you click on the link to browse their menu, a malware is quickly installed in your system.

Such emails are sent to target individuals by tricking them with a spoofed email address of someone they know or are well acquainted with.

How Can We Define a Phishing Attack?

While spear phishing emails are sent to target a single recipient, phishing emails are sent to a large number of recipients. It is an unethical use of electronic communication to deceive users by taking advantage of their vulnerability in cyber security.

These attacks are carried out to obtain sensitive and confidential information like the credentials of users. Cybercriminals use social engineering to trick victims into performing certain actions such as clicking on a malicious link or opening an attached file.

Phishing attacks are wide-spreading cyber threats every year. If you are not yet aware of this ever-growing cyber scam then one wrong click can easily flip your world upside down.

Phishing Attacks Not Going Away Soon – Channel Futures

Phishing attack example:

Here is a real-life phishing attack example of Facebook and Google. Both the companies were together scammed out of $100 million+ between the years 2013 and 2015 through a fake invoice scam. A Lithuanian hacker accomplished this feat by sending a series of fake invoices to each company. It impersonated as a large Asian-based manufacturer that they used as their vendor. Source: The Dirty Dozen

Such phishing attacks have been exploiting the data of various organizations and have led to a huge loss in revenue for many organizations. Be it phishing or a spear-phishing attack, it is vital to take preventive measures to decrease the occurrences of these cyber attacks.

How to prevent spear phishing attacks?

Just like phishing, spear attack prevention can be done in the following ways:

Spelling & Grammatical Errors:

Usually, genuine emails are error-free because of the professionalism and image reputation they hold. On the other hand, spear phishing emails have spelling and grammatical errors that are oblivious to the recipient’s eyes.

General Greeting:

If you are in contact with any individual or an organization, they would certainly use your name in the email greeting. But if an email says anything unusual like “Hello email user or attn: user”, then it’s a red alert.

URLs & Attachments:

Cyber crooks make sure to convince users into clicking on the link or on the attachment that comes along with the email. Never click any of the attachment that comes with suspicious-looking email.

Cyber Security Awareness for employees:

Every employee and individual in an organization should be provided with proper cyber security awareness training. A simulation spear phishing attack can be performed on the employees in order to make them proactive towards the latest attack vectors.

How Does a Cyber Security Awareness Program work?

The Importance of Security Awareness Training

The brutal Cyber Attacks that shook the world

Posted on by Anteelo Master

Impacts of Cyberattacks on Businesses

Do you know a cyberattack can destroy your entire business overnight? In the survey report of 2019, 64% of companies faced web-based attacks, 62% experienced phishing as well as social engineering attacks. Around 59% of the companies experienced to have received malicious code and botnets. Whereas, 51% of businesses experienced the denial of service attacks. (Source: TradeReady)

According to Cybersecurity Ventures, cybercrime damages will cost the world $6 trillion by 2021. In fact, 63 cybercriminals who come under the most wanted list of FBI are known to have committed a chain of cybercrimes that had cost people and organizations, billions of dollars.

Cyber attacks have become common and more endangering nowadays, irrespective of the scale or size of the business. It is important to have proper security of defense locks but, it is more crucial to know what is the cause of offense. The offense could be the existing security loopholes in your enterprise, the unprotected IT infrastructure, and vulnerable employees. All these problems can lead to destructive consequences which can compromise your data and can give rise to cybercrimes.

Furthermore, every individual working in an organization is required to be aware of the major cyberattacks that are endangering and big cyber threat postures. Here is the list of 6 major types of cyberattacks:

Types of Cyber Attacks

1. Phishing

Phishing is a social engineering attack that is deployed over internet users with the intention to steal their data including credentials and credit card details. It is an identity theft to dupe victims into opening the email and lure them to click on the malicious attachment in the email message.

Phishing Attacks: A Guide to Cyber Security - Gaspar Insurance Services

2. Ransomware

Ransomware is a type of malicious software, designed to bar access to a computer system or a data file until the user pays ransom to the attacker. While regular ransomware locks the system, a more advanced malware uses a technique named cryptoviral extortion attack that encrypts the files of users making them inaccessible until a ransom is paid to decrypt them.

A CISO's Guide to Prevent Ransomware Attacks - Security Boulevard

3. Risk of Removable Media

Removable media like USB flash drives, external hard drives, optical discs, memory cards, digital cameras, etc. could be the bearer of cyber threats. These external portable storage devices are designed to be inserted and removed from a computer system. The usage of these devices could create a risk of data loss in case the media is lost or stolen. Further, it could lead to the compromise of a huge amount of data loss which would directly lead to damage to business reputation as well as financial penalties. Apart from that, removable media can be majorly used as an attack vector for malware.

USB Flash Drive Malware: How It Works & How to Protect Against It - Hashed Out by The SSL Store™

4. Cyber Scam

Cyber thieves use the internet as a weapon to deploy cyber attacks on every scale of enterprises. These cyber scams come in various forms, including emails attempting to trick users into handing over their personal information over phishing sites or counterfeited web pages. It is a type of internet fraud where cyber attackers hide or provide incorrect information to trick victims out of money, property or confidential data.

Take control of your digital life. Don't be a victim of cyber scams! | Europol

5. Vishing

Voice phishing is a phone fraud that uses social engineering over the telephone to get access to user’s personal and financial information. The fraudsters use modern practices like caller ID spoofing or automated systems to sound like a legitimate authority overcall. Vishing is typically used for stealing credit card numbers or related information with the help of identity theft.

Vishing: What is Voice Phishing? I SoSafe

6. Smishing

SMS phishing is a fraudulent activity that is attempted to acquire personal information like passwords and user details by impersonating as a trustworthy identity. This social engineering technique involves cell phone text messages to deliver the bait to indulge victims to divulge their personal information on the attached link in the text message.

What is smishing? How to protect against text message phishing scams | The Daily Swig

How to prevent Cyberattacks?

Cyberattacks seem to be constantly evolving every year and with major ransomware attacks like RobinHood, Snatch, Dharma, etc. in 2019, it is much clear that there is no slow down in the growth. But it’s never too late to secure your organizations by taking essential and efficient preventive steps to combat these attacks from any future loss.

 

With the help of cyber attack simulators, an organization can not only train but also make the individuals working, become proactive towards the prevailing cyber risks. Apart from that, it is necessary to make employees working in an organization, have the knowledge and are updated on the cyber threat postures existing.

 

Cyber attack simulators help not only help in identifying the level of vulnerabilities but also improve it so as to create a defensive system by strengthening the weakest link in the organization.

 

Along with cyber attack simulators, it is important to have a back up of critical data. By having critical backups of your data, you can allow only limited interruptions to the business workflow. It’s better to start securing your business by investing in the right cybersecurity solutions rather than paying for losses by becoming victim to cyber-attacks.

Vulnerability Management vs Vulnerability Assessment

Posted on by Anteelo Master

What is Vulnerability Management?

What is Vulnerability Management Anyway?

In this evolving world of complex IT landscape, we get to hear numerous cyber security buzzwords and strategies every day. Vulnerability assessment, penetration testing, vulnerability management are among the most used terms when we talk about the protection of critical assets in an organization. But ever wondered do these terms mean? Let’s break them down one by one.

The term vulnerability management is an essential component that is required in creating an organization’s solid cyber security foundation. It is a broad ongoing process that manages an organization’s vulnerabilities constantly in a holistic manner. In this cyclical process, the software vulnerabilities are discovered, assessed, remediated and verified. Follow the image to understand the vulnerability management process cycle more clearly.

This ongoing process requires scanning to assess the vulnerabilities continuously in order to ensure and fix the weakness. It is an integral part of computer and network security.

What is Vulnerability Assessment?

The foremost step to fix security vulnerabilities is to identify them in the first place. Vulnerability assessment security testing identifies the gaps and loopholes present in the networks, endpoints, and applications. It is a one-time security testing program that is performed with a defined start and end date.

Vulnerability assessment is a risk-based approach where it targets the different layers of technology such as the host layer, network layer, and the application layer. The purpose of this testing is to help organizations in identifying vulnerabilities existing in their software and IT infrastructure before any compromise takes place.

What is Vulnerability Assessment | VA Tools and Best Practices | Imperva

The following image above shows the in-depth evaluation of security posture in an organization, discovering weaknesses and recommending a suitable remedy to mitigate the risk.

Vulnerability Management vs Vulnerability Assessment

When we talk about the entire organizational cyber security, both vulnerability management and vulnerability assessment have their own significant roles. However, both processes are completely different in nature.

Unlike vulnerability assessment, the vulnerability management program doesn’t have any defined start and end date. It is more of a continuous process that helps organizations in having better management of vulnerabilities in the near future.

Whereas, vulnerability assessment, on the other hand, helps in identifying the loopholes and vulnerabilities which are ranging from critical designing to basic misconfiguration. The primary objective of this testing is to create guidance for assisting developers with fixing the identified vulnerabilities.

Although the vulnerability assessment is an important step in improving the IT security of an organization, it is not just enough. A proper ongoing process is required along with this assessment technique to successfully eliminate the security gap.

Interdependence of Vulnerability Assessment and Management

Consequently, the vulnerability assessment process has a start and end date. But in order to secure IT assets, an ongoing approach like vulnerability management should be a part of it. The identification of strengths and weaknesses identified through assessment testing is basically the beginning process of IT infrastructure security. It is more of a part of vulnerability management where a proper plan is required to be created for prioritizing and mitigating the cyber risks discovered. On the whole, the vulnerability assessment dictates the recommendations and objectives of the entire vulnerability management process.

The Significance of Security Risk Assessment and Management

It is important to assess and fully-manage cyber risks with the vulnerability assessment and security testing audits to secure the organization’s network security. With constantly evolving cyber attacks, it is highly important to understand the weakness existing in your IT infrastructure or web applications.

Regularly performed vulnerability assessment and proper vulnerability management practices play the role of cornerstones in the success of a complete cyber security program. Timely discovery of cyber threats help in patching networks as well as web application vulnerabilities. Also, both assessment and management security programs mitigate the risk elements and help in preventing the possibilities of following cyber risks:

  1. Data breaches
  2. Ransomware infections
  3. IT Infrastructure damage
  4. Reputation damage
  5. Financial loss

Significance of Vulnerability Assessment

Posted on by Anteelo Master

What is Vulnerability Assessment? | Vulnerability Analysis Definition

Vulnerabilities are the anomalies such as programming errors or configuration issues of the system. Attackers exploit the weaknesses in the system and can, in turn, disrupt the system. If these vulnerabilities are exploited, then it can result in the compromise of confidentiality, integrity as well as the availability of resources that belong to the organization.

How Can We Detect and Prevent These Vulnerabilities?

Premium Vector | Virus design locked up in bird cages

Vulnerability assessment is the risk management process that defines, identifies, classifies, and prioritizes vulnerabilities within computer systems, applications as well as network infrastructures. This helps the organization in conducting the assessment with the required knowledge, awareness, and risk posture for understanding the cyber threats. Vulnerability assessment is conducted in two ways.

Types of Vulnerability Assessment

Automated Testing

Why Automated Testing | Advantages of Automated Testing

Automated tools such as Vulnerability scanning tools scan applications to discover cyber security vulnerabilities. These include SQL injection, Command Injection, Path Traversal, and Cross-Site scripting. It is a part of Dynamic Application Security Testing that helps in finding malicious code, application backdoors as well as other threats present in the software and applications.

Manual Testing

What Is Manual Testing? How To Do Manual Testing - TestLodge

Manual testing is based on the expertise of a pen-tester. They are the experts that dive deep into the infrastructure that will help them in finding out the vulnerabilities that cyber attackers can exploit.

Following are the types of vulnerability assessment and penetration testing:

Different Types of Manual Testing

  1. Application Security Testing 

Web Application Penetration Testing Using Burp Suite Udemy Download Free - Freetutorials.us

It is the process of testing and analyzing a mobile or web application. This methodology helps pen-testers in understanding the security posture of websites and applications.

The  application security testing process includes:

    •       Password quality rules
    •       Brute force attack testing
    •       User authorization processes
    •       Session cookies
    •       SQL injection
  1. Server Security Testing

What is DevSecOps and how is it relevant for your company?

Servers contain information including the source code of the application, configuration files, cryptographic keys as well as other important data. Pen-testers perform an in-depth analysis of the server in the server security testing. Based on this analysis, testers perform an approach to mimic real-time cyber attacks.

  1. Infrastructure Penetration Testing

Penetration Testing in the AWS Cloud: What You Need to Know - Rhino Security Labs

Infrastructure penetration testing is a proven method to evaluate the security of computing networks, infrastructure as well as the weakness in applications by simulating a malicious cyber attack.

  1. Cloud Security Testing

Application Security | Venkon

Every organization that keeps its platforms, customer data, applications, operating systems as well as networks over the cloud; must perform cloud security testing. Cloud security is essential for assessing the security of the operating systems and applications that run on the cloud. This requires equipping cloud instances with defensive security controls and regular assessment of the ability to withstand cyber threats.

  1. IoT Security Testing

The Challenges of Ensuring IoT Security | Netsparker

With our increasing engagement with technology, we are becoming more advanced in incorporating technology with things that we use on a daily basis. Pen-testers are aware of the complexities and how cyber criminals exploit them.

IoT penetration and system analysis testing considers the entire ecosystem of IoT technology. It covers each segment and analyses the security of the IoT devices. The testing services include IoT mobile applications, communication, protocols, cloud APIs as well as the embedded hardware and firmware.

Which is the Better Method of Vulnerability Assessment?

A Better Method to Reading Textbooks | by Alaric Linen | Age of Awareness | Mar, 2021 | Medium

Manual vulnerability assessment is better than vulnerability scanning tools since automated tools often give false results. This can seriously hamper the process of vulnerability assessment. Although automated tools make the assessment process faster and less labor-intensive, the tools are not capable of identifying vulnerabilities.

This can be far better done by observant pen testers who use systematic technology with years of experience. Manual vulnerability assessment requires time but, it is far more effective and accurate than vulnerability scanning tools. The reason behind preferring manual assessment is the lack of an in-depth understanding of the system to discover vulnerabilities. Therefore, it is always better to consult a leading cyber security company for investing in VAPT services that can help you strengthen your organization’s security infrastructure.

Worst Ransomware Attacks of India

Posted on by Anteelo Master

State of Affairs of Ransomware Attacks in India: 2019

Did you know more than 230,000 ransomware attack submissions were discovered in 2019 between April 1st and September 30th? Last year, the resurging ransomware attack in India became a headache for the corporate sectors targeting and affecting various organizations across the nation. In fact, the three most notorious members of the ransomware family- Ryuk, Purga, and Stop made major headlines in the nation.

How to Beat Hackers Targeting Backups with Ransomware Attacks | IT Pro

The Stop ransomware caused about 10.10% of the ransomware attacks followed by Ryuk making about 5.84% attacks along with Purga for deploying 0.80% of ransomware attacks! (source: TSG Sunday  Guardian Live)

Ryuk seemed to have been the most active threat landscape in the Indian public as well as private sectors. On the other hand, brute-force attacks on RDP and SMBs seemed to have steadily increased in 2019.

According to the Business Standard, last year was entirely the year of ransomware attacks on municipalities. It was observed that not less than 174 municipal institutions were targeted with more than 3000 subset organizations! In comparison, 60% of the increase from 2018 was experienced in 2019!

Reportedly, organizations have faced double extortion in Q1 2020 across the globe. Moreover, security research has anticipated that a business is attacked every 11 seconds by cybercriminals. The cost of damage is predicted to hit around $20 billion by 2021.

Although, this figure may vary later depending upon the cost of attacks and its devastating consequences. To know how brutal ransomware attacks can get, here are the top devastating ransomware attacks that took place in India.

Top 6 Ransomware Attacks in India

  • Telangana and AP Power Utilities Hacked

A malicious software attacked the power utility systems of  Telangana and Andhra Pradesh last year where all the servers went down until the glitch was rectified. Since the computer systems of Telangana and Andhra Pradesh power utilities were interlinked, the virus attack quickly spread, taking down all the systems.

Ransomware hits Telangana and Andhra Pradesh power department websites | Hyderabad News - Times of India
  • UHBVN Ransomware Attack

Uttar Haryana Bijli Vitran Nigam was hit by a ransomware attack where the hackers gained access to the computer systems of the power company and stole the billing data of customers. The attackers demanded Rs.1 crore or $10 million in return for giving back the data.

UHBVN Billing Data Hacked and Hackers Demanding one Crore in Bitcoins

  • WannaCry

India was the third worst-hit nation by WannaCry ransomware, affecting more than 2 lakh computer systems. During the first wave of attack, this ransomware attack had hit banks in India including few enterprises in Tamil Nadu and Gujarat. The ransomware majorly affected the US healthcare system and a well-known French car manufacturing firm.

WannaCry Attack: Why Proper Backup Solution Is A Must

  • Mirai Botnet Malware Attack 

This botnet malware took over the internet, targeting home routers and IoT devices. This malware affected 2.5 million IoT devices including a large number of computer systems in India. This self-propagating malware was capable of using exploitable unpatched vulnerabilities to access networks and systems.

Mirai DDoS Attack Explained

  • Petya

India was one of the top 10 countries to be hit by Petya ransomware. This ransomware attack halted work at one of the terminals of India’s largest seaport causing computer lockdown and serious consequences for the country’s exports.

Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry

  • BSNL Malware Attack

The state-owned telecom operator BSNL was hit by a major malware attack, impacting nearly 2000 broadband modems! 60,000 modems became dysfunctional after the malware attack hit the Telecom Circle.

Malware Attacks on BSNL, MTNL Broadband Modems – Steps To Restore | DataReign

Proactive Measures to Prevent Ransomware Attacks

As we continue to develop smart cities and smart grid technologies in 2020, the risk of ransomware attacks will stay put as a big challenge for all the organizations. Apart from focusing on development and advancement, every industry vertical must understand the crucial role of cyber security.

With the help of these below listed proactive measure, organizations can reduce or prevent the constantly evolving ransomware attacks in the future:

Employee Awareness Training

Cyber threat actors majorly use emails as bait in attempting cyber attacks on an organization and humans being the weakest link tend to easily fall for it. So to avoid and overcome this problem, organizations must educate their employees by making them aware of the prevailing cyber threats.

7 Tips for an Effective Employee Security Awareness ...

A right security attack simulator and awareness training tool can help in reducing the threat of employee error. Such tools help in mitigating existing cyber risks within the organization and enhance the cyber security posture.

Backup Your Data Separately

The best way to stay proactive is by backing up your data in a separate external storage device but it should not be connected to your computer. Backing up your data will help in securing it from being encrypted and misused by cyber attackers.

Regular Vulnerability Assessment 

Basic cyber security hygiene like vulnerability assessment and penetration testing can help in preventing malware like ransomware. With the help of continuous vulnerability assessment, one can find out the exploitable vulnerabilities and fix them before any threat actor discovers it.

Never Click on Unverified Links

Avoid clicking links that are attached in spam emails or on an unfamiliar website. Such links are the bearers of malicious files that badly infect the user’s computer when clicked. Moreover, these links are the pathways for ransomware to access the user’s system and encrypt or lock confidential data for ransom.

6 Biggest Ransomware Attacks that Happened in India - Kratikal Blogs

Use Security Software 

With cybercrimes becoming more widespread and constantly evolving in nature, protection against them has never been more crucial. It is necessary for organizations to secure their entire IT infrastructure with comprehensive cyber security solutions and software to blocking and keep the cyber threat postures at bay.

Among all other cyber attacks, ransomware is one kind of criminal activity that can be easily prevented by these above-mentioned solutions. Companies must remain vigilant, watchful and prepared to stay protected against such prevailing cyber risks.

The best way to deal with ransomware attacks is to stay protected by following healthy security practices and avoiding suspicious emails in the first place!

A guide to Email Security Practices

Posted on by Anteelo Master

Why is Email Security Important?

Word Email Stock Illustrations – 5,813 Word Email Stock Illustrations, Vectors & Clipart - Dreamstime

Whether exchanging emails across networks or dumping them in your spam folder, a huge amount of data is sent, received and stored. You may not realize but there are high chances that an unsecured email might have landed in your inbox which can act as a source of data exploitation. Now you wouldn’t want that, would you? That’s why email security is very essential for our daily routine in order to keep a check if any malicious email is accessing our inbox or not. The cybersecurity professionals working in every industry vertical must stay updated with the prevailing attacks possible through emails.

According to ComputerWeekly.com, 82% of organizations claimed to have faced email-based cybersecurity threats in 2018. Whereas, ransomware seems to be the biggest cyber threat in the coming year. The reason being, ransomware attacks that encrypt critical business files and demand for ransom in return are often sent to individuals working in organizations by emails only!

These eye-opening facts call for proper email protection solutions that are needed to be implemented in every organization as a defensive system against invading cyber threats. As far as cybersecurity is concerned, the best solution is using email security tools that incorporate a wide range of security techniques that email accounts and services have. Proceed further for the top 5 email security practices that can benefit your organization from email-based cyber risks.

The 5 Types of Email Security Practices 

 

  • Never click the “unsubscribe” link in spam emails:

At times, certain emails manage to surpass the spam filter and land in your inbox. For instance, you come across one such certain email and on opening it, you discover that it looks like a phishing email. What would be your first instinct? In any normal situation, users tend to unsubscribe suspicious-looking emails but that is not actually safe!

Hackers are good manipulators and they use such links to fool people into clicking attachment which redirects the targeted users to a phishing site. Apart from that, these links also provide hackers with a back door for access into your system.

  • Avoid Public WiFi:

Never access emails from a public WiFi because they are less secure and hackers choose public WiFi to steal information by passing through a weak network. Cybercriminals require nothing but a laptop and basic software to hack into public WiFi networks and monitor all the traffic. Accessing emails via unsecured public networks can lead to misuse of user’s credentials and a huge loss of sensitive data. This could also result in further intended targeted cyberattacks that are down the line.

More organisations banning use of public Wi-Fi – report | Internet of Business

  • Email Encryption:

Disguising and encrypting email content potentially protects the sensitive data that is sent and received, from being read by anyone except the intended recipient. With email encryption, you can secure your emails over untrusted networks from eavesdroppers or any third person trying to invade in between the email exchange. This security strategy reduces the chance of disclosure of information as well as alter of message content.

  • Incident Response Tool:

Every 1 in 131 emails contains malware that is sent to the targeted users. Moreover, 95% of the data breaches are deployed through these malware-laden emails. In order to reduce these cyber risks, incident response tools like Threat Alert Button (TAB), help employees in an organization to report any suspicious-looking email for analysis.

This innovative tool by Kratikal is an instant phishing incident response tool where the reported suspicious-looking email is analyzed by the SOC team and moves the reported email to the spam folder in real-time for future exposure prevention, and this all is managed by just one click.

  • Employee Education:

Limit the chances of cyber risks in your organization by providing employees with cybersecurity awareness training tools. Along with the implementation of policies and email security tools to prevent cyber threat postures, it is essential to encourage employees to become proactive in combating attack vectors like ransomware, phishing emails, and cyber scams. Security awareness tools like ThreatCop is an AI/ML-based security attack simulation tool that assesses the real-time threat posture of an organization. With the unlimited number of attack campaigns and automated training campaigns, this product builds cyber awareness among the employees in an organization and creates a resilient working environment.

Implementing and working on the above-mentioned email protection solutions will not only keep your data safe but will also be beneficial in the long term. In order to protect your business, it is important to make sure that all your employees are empowered to make email based decisions and are protected from data thefts.

Email Security Best Practices for Companies

Hackers are everywhere nowadays and they won’t stop holding back from discovering vulnerabilities and exploiting your data. Secure your organization now with a robust email security tool in order to reduce the chances of becoming a victim of the prevailing cyber threats.

Weapon against Phishing Attacks

Posted on by Anteelo Master

Microsoft Seizes Domains Used in COVID-19 Phishing Attacks - My TechDecisions

In the IT world, phishing is not a vague term. For those wondering “what is phishing?” it is an online identity theft. This cyber-attack is carried out by sending spoofed emails in the name of trusted sources like a bank or legitimate companies. Furthermore, the aim of this corrupt practice is to obtain credentials and financial information of the users. But with the rate of rapidly increasing phishing attacks, proper defense against phishing has to be taken.

In the cyber world, phishing attacks have risen up to 65% as compared to the past year. The level of phishing attacks has advanced so well that even top-notch companies have become phishing scam targets.

In order to secure data from any further exploitation, anti-phishing solutions have been introduced lately for defense against phishing. But before taking any step, you must know how to find a phishing email so that you are saved from phisher’s hook.

How Can You Identify A Phishing Email?

How To Recognize and Avoid Phishing Scams | FTC Consumer Information

Phishers aim user’s inbox for phishing attack by sending various forms of email that convinces a user to:

  • Click on a link
  • Enter credentials like username, passwords, etc. on a legitimate-looking website
  • Install application or software on your device
  • Open a doc file or many other tricks to lure users

The motive of sending such emails is to trick users to download malware on their devices. By doing this, the attacker would have the ease of remotely controlling the user’s device so as to steal all the important data.

To avoid such attacks, you can follow tips that will help you to protect against phishing attacks.

Guidelines for Best Defense Against Phishing

Updated software and OS:

What is an Update?

Always keep the version of your operating system up to date so as to avoid any sort of malware attack for the best phishing protection. Outdated software or operating system hold way too many bugs and hence become an easy target of phishing attacks.

Avoid Password Auto-Fill Service:

Autofill: What It Is & How To Use It On Your Android Device

Phishers are experts in using platforms to attempt a phishing attack, so it is better to skip a “save password” option if it pops up on any website. This step will help in keeping your information secure from hackers.

Two-Factor Authentication:

Is two-factor authentication (2FA) as secure as it seems? - Malwarebytes Labs | Malwarebytes Labs

It is better to adopt the latest technologies for security purposes if it comes from the right sources. Two-factor authentication is a widely used technique to secure data and financial information from unauthorized access.

Use Google Drive for Suspicious Documents:

Add Files Owned By Suspended Accounts To Shared Drives

In case you find any document sent from an unknown sender or receive a dubious-looking file, ensure to upload it on Google Drive. This would turn document into image or HTML, which in turn would avoid the installation of malware on your device.

 

Centrality of Cyber Security in the Educational Sector

Posted on by Anteelo Master

Over the last few years, the education sector has become a new favorite target among cyber criminals. From turbulent ransomware attacks to covert data breaches, numerous academic institutions have suffered from various kinds of cyber attacks in recent times.

The introduction and adoption of newer technologies along with the disruption caused by the COVID-19 pandemic have fueled the situation further. Cyber criminals are attacking educational institutions with tactics and tools that have worked effectively against businesses.

Why has the Education Sector Become a Lucrative Target?

Why Cybersecurity Needs To Be a Priority for The Education Sector

According to an article by CSO Online, the education sector accounted for 13% of all data breaches in the first half of 2017, which resulted in the compromise of approximately 32 million records!

 

Here are the major reasons for the popularity of the education sector as a target among cyber criminals:

1. Financial Gain: According to research, educational records are worth up to $265 on the black market. The notion of such huge financial gain is more than enough for threat actors to target academic institutions.

2. Valuable Data: Even though educational institutions may not look as lucrative as healthcare companies or private businesses, they serve as a treasure trove of sensitive financial and personal information including valuable proprietary research data.

3. Espionage: Espionage is another reason for cyber criminals to target the education sector. Higher education institutes such as universities and colleges often serve as centers for research and possess valuable intellectual property.

4. Impacting Operations: Several attacks on academic institutions have been carried out with the motive of causing widespread disruption and adversely affecting the institute’s productivity.

Major Cyber Security Threats to the Education Sector

The Top 5 Cybersecurity Threats to Schools (And How You Combat Them) - Enterprise Training Solutions Blog

A wide range of cyber threats has been plaguing the education sector for years. Here are the top threats hounding educational institutions around the globe:

 

1. Spear phishing Attacks: Using spear phishing, cyber criminals have taken hold of several academic institutions, resulting in catastrophic losses. An article by Business Line reported that more than 1000 colleges, schools and universities were targeted by various spear-phishing campaigns in Q3 2020.

 

2. BEC Attacks: Threat actors have also resorted to BEC attacks for targeting organizations in the education sector. The same article by Business Line also reported that Gmail accounts serve as the primary medium for launching the majority of BEC attacks, accounting for 86% of all BEC attacks on academic institutions.

 

3. Ransomware: As per the FBI, schools have become the most popular targets for ransomware attacks. A number of colleges, schools and universities have been hit by vicious ransomware attacks, leading to devastating consequences.

4. DDoS Attacks: DDoS attacks or Distributed Denial of Service attacks are very common in the education sector. These attacks offer an easy way for cyber criminals to disrupt operations, especially if the network of the target organization is poorly protected.

 

5. Data Breaches: Since academic institutes hold a huge cache of valuable information, data breaches have always been common in the education sector.

Recent Cyber Attacks on the Education Sector

As mentioned above, many educational institutions worldwide have been hit by cyber attacks in recent years. Here are some major cyber attacks witnessed by the education sector over the last couple of years.

 

1. In March 2021, the London-based Harris Federation suffered a ransomware attack and was forced to “temporarily” disable the devices and email systems of all the 50 secondary and primary academies it manages. This resulted in over 37,000 students being unable to access their coursework and correspondence.

Sophisticated Ransomware Attack leaves 36,000 Students without Email

2. The Division of Structural Biology at Oxford University fell victim to a cyber attack in February 2021. It was involved in extensive COVID-related research and access details for several of its systems were spotted online.

3. The University of Northampton was hit by a cyber attack in March 2021 that led to the disruption of its telephone and IT systems and servers.

4. The University of California, San Francisco paid a ransom of $1.14 million after the NetWalker ransomware locked down multiple servers of its School of Medicine in June 2020.

5. Birmingham college was hit by a ransomware attack and had to ask all of its 20,000 students to stay at home for a week. It had not even been two weeks since they had returned to the college following an extended lockdown due to the COVID-19 pandemic.

All hell broke loose': How a cyber attack shut a college

How to Protect Educational Institutions Against Cyber Attacks?

Whether it is due to the lack of resources and budget or the absence of stringent security policies, academic institutions have been unable to protect themselves against cyber attacks in the past.

 

With a myriad of cyber security issues hounding the education sector, it is about time for these institutions to take the appropriate precautions and get ahead of threats. So, here are some effective measures you can take to shield an educational institution against cyber threats.

 

1. Implement a robust Identity Access Management (IAM) system to prevent anyone from obtaining unauthorized access to the network.

What is Identity Access Management? | Varonis

2. Conduct periodic Vulnerability Assessment and Penetration Testing (VAPT) to detect and fix any exploitable vulnerabilities in your organization’s cyber security infrastructure.

 

3. Enable Multi-Factor Authentication (MFA) on all the applicable endpoints across the enterprise networks to add an extra layer of security to your organization’s cyber security framework.

 

4. Train all the employees in the basics of cyber security to generate awareness about various cyber threats and the best ways to deal with them.

5. Enforce cyber security best practices like a strong password policy. Make sure your employees are aware of the consequences of not following the practices and understand their responsibility in keeping the organization safe.

 

Cyber security in the education sector is essential for about a hundred reasons, the most important one of them being to ensure the safety and privacy of students. So, take the necessary measures now and keep your organizations protected against cyber threats.

 

Delivering excellence, collaborating across time zones.

Take a look at our global hideouts.​

DMCA.com Protection Status

Contact

contact@anteelo.com

Twitter Instagram Dribbble Linkedin Facebook

India (HQ)

C-2073A, Sushant Lok, Phase-1, Gurgaon,
Haryana 122002

Atlanta, USA

120 West Trinity Place Decatur, GA 30030

London, UK

33 St James’s Square, London
SW1Y 4JS

Dubai, UAE

704, Saheel Tower 1 Al Nahda 1,
Dubai, UAE

Melbourne, Australia

291 -Blackburn Road, Burwood East Vic 3151

Surabaya, Indonesia

Jl. Hang Tuah 14 Sidoarjo Jawa
Timur 61212

India (HQ)

C-2073A, Sushant Lok, Phase-1,
Gurgaon, Haryana 122002

Atlanta

Atlanta, USA – 120 West Trinity Place
Decatur, GA 30030

London

33 St James’s Square,
London SW1Y 4JS

Dubai

UAE – Office # 704, Saheel Tower
1 Al Nahda 1, Dubai, UAE

Australia

Level 33, Australia Square 264
George Street, Sydney, 2000

Indonesia

Jl. Hang Tuah 14 Sidoarjo
Jawa Timur 61212

© 2018-2022 Anteelo Design Private Limited
A Quantum Oakmen Partner Venture

error: Content is protected !!