The Curse of Data Breach

Business organizations got increasingly reliant on digital data, cloud computing, and workforce mobility. Simultaneously, rise in data breaches became infamous too. The sensitive official data are stored in local machines and on cloud servers. Data breach, irrespective of simple or complex, gained access to the restricted networks.

If we delve deep into the origin history of data breaches, we can see that it all started when organizations thought of storing their important data digitally. In fact, it existed while individuals and organizations started to maintain records of confidential information. Before the abundance of computing, data breach was almost like breaching individual’s private and sensitive documents that were not disposed off. Still, the frequency of publicly exposed data breaches increased along with public awareness of the potential and rising breaches.

How does breach happen?

Data is breached once a cyber-criminal infiltrates a data source successfully and extracts confidential information. It can normally be done physically by accessing any system or network to steal data directly or remotely. The latter method is mainly used to target companies. There are certain steps which are normally followed prior to any breach incident:
1. Research – The cyber-crooks do extensive research in searching for vulnerabilities in the security of company people, systems or network.
2. Attack – The criminals make initial contact through network either officially or socially.
3. Network attack – This happens when a cyber-criminal takes the help of infrastructure, system or application vulnerabilities to penetrate the enterprise network. It is done by baiting employees into providing access to the company network by giving his/ her log-in credentials. Alternatively, he/ she might be fooled into opening a spam.
4. Exfiltration – Once the criminal gains the access, he/ she can compromise the network and take hostage of the confidential data. Hence, the attack becomes successful.

What is the data breach status in 2017 around the world and in India?

According to a research by The Economic Times, Indian companies might suffer Rs.11 crore losses due to data breaches in 2017, which is 12.3% more comparing to 2016. On the other hand, the average cost of global data breach is expected to minimize by 10% in 2017.
Another research done by Ponemon Institute has found that the average cost of data breach has increased from Rs. 3,704 in 2016 to Rs. 4,210 in 2017. In addition, 41% of Indian companies admitted that they experienced data breach scenarios in the recent past. Among them, 33% was due to system glitches, while 26% was because of employee/ contractor negligence.

What is the recent data breach in India and how many data were breached?

According to a study by a digital security firm Gemalto, 203.7 million data records were compromised in 18 data breaches in India till June 2017. Among them, the breach reported by food-tech company Zomato on May 2017 resulted a theft of 17 million email addresses and ‘hashed’ passwords which is considered to be the worst in 2017 till date. However, Zomato CTO Mr. Gunjan Patidar announced in the company’s blog that no payment related data were affected.

How is this impacting the nation’s growth?

Data breach can have serious and immediate impact on organizations’ ability to maintain business continuity effectively and best serve to its customers. There is a direct co-relation between data breaches and customer loyalty.
Wastage of Money
The primary impact of any breach is the economic losses an organization normally incurs. Once the confidential data is leaked, companies spend heavily on investigations of the breach and incorporating stricter security protocols. In addition, lawyer fees, filing of lawsuits and payment of fines to data protection authorities are also added up.
Disruption of Operations
Any hacking incident primarily involves stealing of proprietary and confidential information like research, business strategies and financial reports. Compromised data and intellectual property force the organization to lag behind in competition and thereby affect business continuity.
Loss of loyalty
Customer/ client relationship is built on loyalty and breaches can lead to loss of reputation. Any hacking incident can damage the reputation of a company and shake the faith that its customers place in it. A recent study conducted by Gemalto has shown the direct relation between data breach in an organization and its share price in stock market valuations.
Lesson learnt
It is highly important for companies today to be proactive in putting robust security systems in place to protect the company against possible threats. There are options available that can equip the organization with the core concepts of network security. According to the challenges faced by the company, the security measures are incorporated to get the maximum result.
Extra-precaution during Holidays
The holiday season signifies bright opportunity for the cyber crooks to reap maximum financial benefits. Organizations from financial sector are always concerned about gift card frauds and experience more instances of identity theft. Almost 59% users are of the opinion that identity threats rise during the holiday season. With consumer trust declining gradually, it is the responsibility of the organizations to show them that they are actively protecting their data to diminish any concern.

How can we tackle the data breach?

Today business enterprises are depending on below steps to tackle data breach/ theft issues.

Invest in IT Security
The latest security technologies help prevent possible breaches by detecting network intrusions before criminals could access the confidential data. Identification of organizations’ vulnerabilities and building up tactics to avoid them is the first step. Several companies prefer to appoint specialized security firms for this and put the enterprise network under continuous observation.

Train employees
Occasionally, employees download malicious attachments unknowingly, install unauthorized software casually, select weak passwords for one or multiple accounts, transfer official files to their home PCs. These result in data breaches and help the cyber criminals bank on the vulnerabilities to strike on the unlawful activities. It is very crucial to educate the employees on best online security practices. It is wise for the entire organization to undergo basic training and protect the digital assets successfully.

Encrypt official data
It has been seen that almost 60% companies who suffered data theft did not encrypt their data. It is the most important step to prevent possible breaches and loss of official data.

Conclusion

In a nutshell, organizations should have an official contract that can protect them from any liability in case of data breach. Today technology has brought the world together and at the same time cyber-attacks are also intensifying in every sphere. However, organizations are out of alternatives but to constantly update themselves with the knowledge of current and evolving cyber threats and take adequate precautionary measures.

Posted in Security | Tagged , , , , , , | Leave a comment

Phone Scams are soaring up – It is the festival season | eScan

Phone Scams

Phone Scams

Image created by Dragana_Gordic – Freepik.com

Phone Scams are soaring up:

The festive season is here in India and so are the scammers. Phone Scammers have been trying every bit of information to scam you out of your hard earned monies and this is the best time in India to carry out scams.

No doubt that digital transaction is lightning fast but when you are hit by a scam, the rate at which your monies disappear is also lightning fast. Even before you get a chance to call up the banking authorities and in turn they block your card, it would be quite possible that criminals would have emptied up your bank account.

Phone scams have been on a rise and a few moments ago I had to privilege of enjoying one such phone scam call. The Caller was impersonating a Bank official, nothing new about it and wanted me to provide my Debit Card Number. Since this is Diwali time and not wanting to dampen their spirit, gave them some non-existent number. Very well known for sure that if they try to verify the number it would turn out to be a fake number.

There are numerous websites which would validate the correctness of card number and scammers are the first ones to use these services, so as to identify whether their intended victim is providing them with the right information or not. Their logic is simple, if the debit/credit number is valid that means they can carry on with their scam.

Once the Credit/Debit Card number is validated, the second phase of scam is initiated. In this phase, the scammers would collect the additional details viz. Expiry Date and CVV, they would also collect your Aadhaar Card number and then register themselves with an online wallet.The Registration process requires OTP from the concerned organizations and it is this OTP which these scammers are interested in.

Phone users have been depending on TrueCaller for identifying Phone Scammers and the scammers also know this for sure, hence, they create a legitimate telephone number profile so as to add legitimacy to their scam.

This is as far as online banking scams are concerned. Being an Indian, every person who has bought something or the other using cards would vouch that OTP is required for completing the transaction. This is partially true.

Payment gateways, located in India are by Law required to adhere to Two-factor Authentication process as mandated by Reserve bank of India. However, for any payment gateway located outside the jurisdiction of India would never initiate the TFA authentication and in order to conduct such transactions Card Number, Expiry Date, and CVV are the only pre-requisites.

There have been instances, wherein victims have claimed to have never received an OTP and I believe, it is for this exact reason that they aren’t receiving the OTP.

Indian Cyber Criminals are still in their nascent stages and have a very long way to go before they become capable of carrying out complicated and technically advanced attacks. That being said, they do learn very quickly and adapt themselves.

Before signing off, a reminder for all :

1: The Caller Asked for your Card Number – Disconnect the call

2: The Called asked for OTP – Disconnect the call

3: When using TrueCaller – Mark this number as SPAM and rename it as “Bank Phishing Scam”

4: The Caller is your Bank Manager – Step out of your busy schedule, and meet your Bank Manager personally. It is one great way of staying connected with the people who work behind the scenes and once in a while say :

Wishing you all a very Happy and a Safe Diwali.

PS: +91-7280069606 – is one number you wouldn’t want to answer and has been shared with Mumbai Police and CyberCrime Department.

For more information, visit – eScan AV

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , | Leave a comment

Krack Attack – Wi-Fi Vulnerability Affecting WPA

WEP has been considered to be a flawed encryption and Wi-Fi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure Wi-Fi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.

The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks (KRACK Attack).

This weakness in the protocol allows the attackers to sniff the traffic traversing between the devices and access-points while the worst case scenario is an injection of malware into websites. The vulnerability affects all devices running on Windows, MacOS, iOS, Android, and Linux. Due to the devastating implications of this vulnerability, Vendors have been quick to respond and made available patches to mitigate these vulnerabilities.
Identifiers:
• CVE-2017-13077
• CVE-2017-13078
• CVE-2017-13079
• CVE-2017-13080
• CVE-2017-13081
• CVE-2017-13082
• CVE-2017-13084
• CVE-2017-13086
• CVE-2017-13087
• CVE-2017-13088

More can be read about this research over here https://www.krackattacks.com/
Vendors:
Microsoft:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Ubuntu:
https://usn.ubuntu.com/usn/usn-3455-1/

Redhat:
https://access.redhat.com/security/cve/cve-2017-13080

Intel:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Advisory:
1: Patch your devices as and when the patches are made available
2: Since this is a protocol-level vulnerability, changing password wouldn’t help in mitigating the attacks.

For more information, visit http://blog.escanav.com/

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , | Leave a comment

Rogue Wifi with duplicate SSID


India offers two types of Wi-Fi access free metered access which requires the users to register and second are those hotspots which do not have any password.

Some of these are Government initiatives like the one in Mumbai is “Aaple_Sarkar_Mum-WIFI”, while Google in conjunction with Indian Railways is offering free Wi-Fi services at Railway stations across India. Furthermore, Coffee Shops, Bookstores and Hotels have also been providing free Wi-Fi access.

The common factors are:

1: These services require registration and authentication

2: Located at Public Places.

Providing Free Wi-Fi has been the best move by the Government for this social networking crazed generation, which has been using it for accessing Facebook, Instagram, Whatsapp etc However, it shouldn’t take a long time for the cybercriminals to realize the huge potential of gaining access to the network traffic by implementing Rogue Wi-Fi hotspots.

Rogue Wi-Fi Hotspots could be turned into surveillance systems and could also be used to inject malicious / advertisements into the network traffic. It’s not just the researchers who have demonstrated but Organizations too have injected traffic into the network in the past and what would stop the criminals from using the same technology to monetize this craze of accessing Free Wi-Fi.

Privacy concerns are raised by the elite few while most of the others turn a blind eye as long as they don’t have to pay a dime for Internet Access and has been aptly proved by the 4G boom with the free offerings by all the Telcos, and ultimately resulted in market consolidation vis-a-vis data pricing.

In these trying times when every bit of data can help build up your personal profile, it would pay in the long run for everyone to exercise caution while accessing the Internet. Moreover, caution is just not limited to accessing the Internet but also the Apps and their system level permissions do play an important role in securing your privacy.

Rogue Wi-Fis are very difficult to detect since there is very little information that they leak and it is very much possible that SSID will be replicated by these criminals in order to lure unsuspecting victims into their trap. It is also very much probable that the Rogue Wi-Fi wouldn’t ask for registration/authentication and should alert the users that something is amiss.

How to user Free Wi-Fi:

1: Implement VPN on your devices/laptops

2: Keep a separate Cell Number for accessing the Wi-Fi as most of them rely on OTP sent as an SMS to the registered number. It should be different from the one used for Banking Transactions.

3: Verify the App Permissions before installing them on your device.

4: Never conduct banking transactions through Free WI-FI; one may never know who is sniffing your traffic.

5: Always keep you Phone Antivirus updated to ensure maximum efficiency.

6: When in doubt about a particular SSID, do ask the owner of the shop who is providing this service and you may always choose to disconnect immediately.

 

For more information, visit http://blog.escanav.com/

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , | Leave a comment