Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Hackers bleeding large Indian firms by $10 mn on average each year: Microsoft

Hackers bleeding large Indian firms by $10 mn on average each year: Microsoft

hackers, cyber attack,New Delhi : A large-sized enterprise in India loses an average of $10.3 million owing to cyber attacks and a mid-sized organisation an average of $11,000 annually, a Microsoft-led study said on Wednesday.

Cyber security attacks have also resulted in job losses across different functions in more than three in five (64 per cent) organisations that have experienced cyber attacks, revealed the Frost and Sullivan study commissioned by Microsoft.

“With traditional IT boundaries disappearing, the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation-as is evident from high-profile breaches this year,” said Keshav Dhakad, Group Head and Assistant General Counsel, Corporate, External & Legal Affairs (CELA), Microsoft India.

The study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” involved a survey of 1,300 business and IT decision makers.

“More than three in five organizations (62 per cent) surveyed in India have either experienced a cybersecurity incident (30 per cent) or are not sure if they had one as they have not performed proper forensics or data breach assessment (32 per cent),” the findings showed.

The survey ranged from mid-sized organisations (250 to 499 employees) to large-sised organizations (more than 500 employees).

To calculate the cost of cybercrime, Frost & Sullivan created an economic-loss model based on macro-economic data and insights shared by the survey respondents.

The study also examined the current cyber security strategy of organisations in India.

It found that nine in 10 (92 per cent) Indian organisations are looking to leverage Artificial Intelligence (AI) to enhance their cyber security strategy.

Additionally, more than one in five (22 per cent) of Indian organisations have witnessed benefits of using AI to achieve faster and more accurate detection of threats.

“Most organisations lack a cybersecurity strategy, while for a large majority cybersecurity was an afterthought. About 59 per cent (three in five) respondents said the fear of cyber attacks has hindered digital transformation projects,” the study noted.

While 37 per cent see cybersecurity strategy only as a means to safeguard the organisation against cyberattacks rather than a strategic business enabler, a mere 18 per cent seeing cybersecurity as a digital transformation enabler, it added.

—IANS

2 Kashmiri youth held for hacking 500 Indian websites

2 Kashmiri youth held for hacking 500 Indian websites

2 Kashmiri youth Shahid Malla and Adil Hussain Teli held for hacking 500 Indian websitesNew Delhi : Delhi Police on Friday arrested two Kashmiri students from Punjab who were involved in hacking over 500 Indian websites, including those of the government, police said.

The accused have been identified as Shahid Malla, a CSE student at Aryan Group of College in Punjab’s Rajpura and Adil Hussain Teli, a BCA final year student at St. Soldiers Management and Technical Institute in Jalandhar.

They are natives of Baramulla and Anantnag districts of Jammu and Kashmir.

“Following a tip-off, Shahid Malla and Adil Hussain Teli were arrested on Friday when a team of Cyber Cell of Delhi Police raided their rented accommodation in Punjab,” a senior police officer told IANS on the condition of anonymity.

“During investigation, it was found that their online activities were part of anti-national hacking group called ‘Team Hackers Third Eye’ which has hacked more than 500 Indian websites, including some government websites,” the officer said.

The officer said the accused were also involved in educating Kashmiri youth to bypass state-imposed social media ban during April and May in 2017 by using VPN.

“During investigation, they were found continuously in touch with several Pakistani-based anti-Indian hackers while hacking the websites and sharing the personal information of government websites with them. Some of them are believed to be backed by Pakistani intelligence agencies,” he added.

“Through their seditious social media posts, Malla and Teli were found to be pro-Pakistan and anti-India,” the officer said, adding that some laptops, mobile phones, SIM cards, Internet dongles, memory devices and other instruments were recovered from their rooms.

The officer said the team was trying to ascertain their further plan and also their source of money. “The probe in underway.”

—IANS

Dark Web helping hackers execute Ransomware-as-a-Service: McAfee

Dark Web helping hackers execute Ransomware-as-a-Service: McAfee

McAfeeBy Sourabh Kulesh,

New Delhi : As governments and companies face an uphill task to stop hackers from stealing data, the Dark Web is providing them a safe haven, helping them scale up and execute massive data breaches, global cyber security firm McAfee has warned.

Dark Web is an encrypted network of websites and communities that exists outside of mainstream Internet culture.

“We are witnessing a scaling model called Ransomware-as-a-Service where criminals are hired by an entity to host everything, use their own infrastructure, tools and expertise and the employer gives them a target as well as the magnitude of attack,” Vincent Weafer, Vice President, McAfee Labs and Product Development, told IANS.

“Before carrying out the attack, hackers are clear that they would vanish if, in case, the attack fails. The hackers make sure that their employer gets caught and they escape,” Weafer added.

For example, encrypted software such as Tor’s ability to hide the identity of the attacker is key to cybercriminals. Tor is a free software for enabling anonymous communication.

The McAfee executive also said that crypto-currencies like Bitcoin are also a major reason why cyberattacks are increasing.

From a product point of view, Weafer said, there is little that cyber security companies can do to stop communication on the Dark Web, but they can help provide intelligence to the regulators.

“We are not looking at products that could track those criminals on the Dark Web but can provide expertise in terms of where and what information is flowing and which types of groups are operating. That information can be shared with regulators and governments because they are the ones who will be chasing the criminals,” Weafer said.

McAfee has assisted several law enforcement agencies in cybercrime cases and Raj Samani, Chief Scientist and McAfee Fellow, is a special advisor to the European Cybercrime Centre at The Hague.

Samani also leads the NoMoreRansomware.Org website — an initiative by the National High Tech Crime Unit of the Netherlands’ police and Europol’s European Cybercrime Centre — that aims to help victims of ransomware retrieve their encrypted data without having to pay.

Samani said that the majority of the breaches worldwide were “SQL Injection” (a type of web application attack) issues where people were clicking on malicious links.

“I agree it is important for cybersecurity companies to stay ahead of the criminals and innovate continuously, but we must not forget the fact that a majority of the breaches were carried out because of fundamental errors,” Samani told IANS.

“WannaCrypt could have been patched. We knew its propagation method like 20 years ago. It was spread like old school worms used to attack across systems. Majority of the issues could have been stopped by just doing the basic fundamentals,” Samani noted.

When asked how cyber security companies are designing products to protect and help customers retrieve data, Weafer said whatever is happening in terms of the change in attack methodology and its impact, what people are doing and what hackers are going after, decides the product design.

McAfee protects over 300 million devices worldwide and has a presence in more than 2,000 companies, government institutions and healthcare.

In India, the company has got a retail presence and also works with top government institutions. McAfee has its largest research and development facility in Bengaluru that employs over 1,000 engineers.

For Samani, the first step to protect the data is keeping a back-up.

“The best way out is to back your data. As you read this, take a five-minute break, kick off a back-up and then continue with what you were doing. It doesn’t matter what hackers do — whether they leave your data encrypted or decrypt it (if you refuse to pay ransom) — you are covered. And make sure to go for offline back-ups as well,” Samani advised.

(Sourabh Kulesh can be contacted at sourabh.k@ians.in)

—IANS

Now, Microsoft spots remote security flaw in Google Chrome

Now, Microsoft spots remote security flaw in Google Chrome

Google Chrome, MicrosoftSan Francisco : Microsoft’s Windows security team has discovered a remote security flaw in Google Chrome that can be exploited by hackers.

“Our discovery of ‘CVE-2017-5121’ indicates that it is possible to find remotely exploitable vulnerabilities in modern browsers. Chrome’s relative lack of remote code execution (RCE) mitigations means the path from memory corruption bug to exploit can be a short one,” wrote Jordan Rabet, member of the Microsoft Offensive Security Research team, in a blog post late on Thursday.

“Chrome’s process for servicing vulnerabilities can result in the public disclosure of details for security flaws before fixes are pushed to customers,” Rabet added.

According to an Engadget report on Friday, Google immediately posted the fix for the remote flaw on GitHub.

“While the fix for this issue doesn’t out the vulnerability, according to Microsoft, that hasn’t always been the case. Microsoft believes that a fix should be applied before they are public knowledge,” the report added.

The Microssoft-Google rivalry over security flaws in their products is not new.

Last year, Google disclosed a major Windows bug before Microsoft was ready to patch it.

“It irritated the company so much that Windows chief Terry Myerson authored a blog post criticising Google for not disclosing security vulnerabilities responsibly,” The Verge reported.

After testing the latest Windows 10 “Fall Creators Update” over the past six months, Microsoft has now released the latest edition to secure over 500 million Windows 10 devices globally, starting with new machines first.

Microsoft wants users to keep their software up to date in order to avoid another series of deadly cyber attacks such as WannaCrypt that impacted worldwide PCs that were running an outdated Microsoft software.

Two new ransomware families like “WannaCrypt” and “Petya” targeted dated Windows operating systems and created havoc across the world, including at some places in India.

Now, with the official rollout of Windows 10 “Fall Creators” update, Microsoft wants to stay one step ahead in identifying and preventing security threats.

—IANS

Hackers bleeding large Indian firms by $10 mn on average each year: Microsoft

Paying ransom will make you hackers’ preferred future target: McAfee

hackers, cyber attack,By Sourabh Kulesh,

New Delhi : As cyber attacks grow exponentially, meeting hackers’ demands is not a guarantee that you won’t be hit again, global cybersecurity firm McAfee has stressed, adding that giving in to hackers’ demands silently and not alerting cyber security authorities will only make you a preferred future target.

Today, on an average, enterprises face 244 new cyber threats every minute globally.

“We saw new ransomware samples increase 80 per cent since the beginning of 2016. The attacks have been a wake-up call which has also forced executives to deliberate the question of whether they should pay ransom or not,” Anand Ramamoorthy, Managing Director, South Asia, McAfee, told IANS in an interview.

“Meeting hackers’ demands will not necessarily guarantee compliance from the hackers. In many cases, the likelihood of receiving decryption keys is almost nil. What is certain, however, is that victims who pay will be recognised as willing to pay, making them a preferred target in the future,” Ramamoorthy emphasised.

Ten years ago, McAfee Labs used to see 25 threats a day. Today, said Ramamoorthy, it sees about 500,000 daily.

Globally, McAfee cybersecurity solutions protect more than a quarter of a billion endpoints across every category of device, serve nearly two-third of the world’s 2,000 largest companies and defend more than 200 million consumers each day.

With its largest research and development facility in Bengaluru that employs over 1,000 engineers, the US-based McAfee’s revenues are growing in double digits in India. Over the next couple of years, the country is expected to become one of McAfee’s top markets.

“India is one of the fastest-growing markets for McAfee in the APAC region. McAfee in India has partnered with approximately 49 per cent of ET 500 firms and aim to cover 60 per cent — with an overall target to increase the customer base by 20 per cent,” Ramamoorthy told IANS.

Additionally, apart from having collaborated with leading original equipment manufacturers (OEMs) like LG and Samsung, McAfee is now also associated with leading consumer electronics company Micromax.

McAfee has solutions that provide a real-time way to unite data and actions across multiple applications from different vendors, as well as to internally developed applications to deal with threats that are becoming more complex, targeted and customised.

“In 2016, ‘Locky’ ransomware infected millions of users worldwide, primarily through malicious attachments in spam emails. To become more agile, the malware changed what extension is appended to encrypted files and utilised the ‘.locky’, ‘.zepto’, and ‘.odin’ extensions across unique instances,” Ramamoorthy said.

“Fast forward to 2017 and ransomware is back on the scene — equipped with two variants that leverage either the ‘.Diablo6’ or ‘.Lukitus’ extension for encrypting files and are demanding a ransom of .49 Bitcoins (nearly $1,900 or Rs 1.2 lakh) for the decryption key to unlock the infected files,” the executive added.

Ransomware is bringing Bitcoin into popular culture and raising awareness about cryptocurrencies. As the ability of the public to acquire digital currencies other than Bitcoin becomes easier, said the executive, cybercriminals will look to these alternatives to Bitcoin not only for funding malicious activities but to also maintain anonymity.

According to Ramamoorthy, security considerations need to be inherent by design and not a bolt on at a later stage.

“The need of the hour is to make cybersecurity an unavoidable pattern in the IT infrastructure of our country,” he said, adding that McAfee has been working with the government as a strategic knowledge partner in various capacities.

(Sourabh Kulesh can be contacted at sourabh.k@ians.in)

—IANS