Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Tech trends: Data breaches forced governments, enterprises to focus on cyber security

Tech trends: Data breaches forced governments, enterprises to focus on cyber security

Cyber securityBy Sourabh Kulesh,

New Delhi : Mega cyber attacks such as “WannaCrypt” and “Petya” this year forced governments and enterprises globally, including in India, to focus and invest more on bolstering their security networks.

In the first major attack of the year, the world reeled under “WannaCrypt” that locked files on computers. Hundreds of thousands of computers were infected with the malware in May.

The primary reason for this attack being successful was not the software but human error. On March 14 this year, Microsoft released a security update which addressed the vulnerability in the 16-year-old Windows XP operating system.

Once the patch for the vulnerability was released, hacker group “Shadow Brokers” exploited this loophole and wreaked havoc in 150 countries. Those who installed the update were saved, while several who did not, fell prey to the attack.

Soon after the “WanaCrypt” attack, tens of thousands of computers globally were affected by the “Adylkuzz attack” that shut down SMB networking to prevent further infections with other malware (including the WannaCrypt worm).

While Europe and major parts of the world struggled with another big ransomware attack called “Petya”, India also bore the brunt. Some Indian servers were down owing to the Petya attack.

The Shipping Ministry said operations at one of the container terminals at Mumbai’s Jawaharlal Nehru Port Trust (JNPT) was affected by Petya.

Companies like Genesis BM, a public relations firm, had to shut down systems in India after their international servers were attacked.

The month of May saw another cyber attack when a malware called “Judy” hit over 36.5 million Android-based phones, making its way through Google Play Store.

In August, the “Locky” ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours. It scrambled the contents of millions of computers and demanded payment to unlock it.

A group of hackers leaked the “Game of Thrones” script, along with 1.5TB of HBO data that included other popular TV shows. The hacking group demanded approximately $6.5 million worth of Bitcoins from HBO.

A group of hackers also penetrated Equifax — one of the largest credit bureaus in the world — and stole personal data of 145 million people. Accountancy firm Deloitte was also targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients and the attack went unnoticed for months.

In November, Yahoo agreed that it was attacked in 2013 wherein criminals had information about all three billion accounts. In another massive attack, hackers stole the personal data of 57 million customers and drivers from Uber Technologies. The breach was concealed for more than a year.

Most companies fall victim to cyber attackers either because of unpatched software with known vulnerabilities or because of the human factor like people falling victim to phishing emails, Finland-based cyber security firm F-Secure said.

Later in the year, the enterprise cyber security company FireEye said Chinese advanced persistent threat (APT) groups that have allegedly been creating cyber havoc internationally will shift their focus in 2018 to countries like India and Hong Kong and groups seen as a threat to Beijing’s influence over global markets.

Slowly becoming aware of emerging cyber threats, organisations worldwide will spend $96.3 billion on security in 2018 — an increase of eight per cent from 2017, according to a Gartner forecast.

More than 60 per cent of organisations globally will invest in multiple data security tools by 2020 — up from 35 per cent today, it added.

“Cyber attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years,” the market research firm said.

To ward off future attacks, the Indian government set up NIC-CERT centre to monitor, detect and prevent cyber attacks on government networks. NIC-CERT will work in close coordination and collaboration with sectoral CERTs and CERT-In.

Prime Minister Narendra Modi inaugurated the fifth edition of the Global Conference on Cyber Space (GCCS) in New Delhi in November that witnessed top global security experts deliberating on ways to fight cybersecurity.

2017: Highlights

* “WannaCrypt” attack infected more than 230,000 computers in over 150 countries in a single day

* “Petya” ransomware attack hit India as some servers in the country became victim to the attack

* “Judy” malware hit over 36.5 million Android-based phones

* “Locky” ransomware sent over 23 million emails with the malware to the US workforce in just 24 hours

* The Indian government set up NIC-CERT centre to monitor, detect and prevent cyber attacks on government networks

* Prime Minister Narendra Modi inaugurated the fifth edition of the Global Conference on Cyber Space (GCCS) in New Delhi in November.

(Sourabh Kulesh can be contacted at sourabh.k@ians.in )

—IANS

To stay secure, don’t miss Windows 10 ‘Fall Creators’ update: Microsoft

To stay secure, don’t miss Windows 10 ‘Fall Creators’ update: Microsoft

microsoftBy Krishna SinhaChaudhury,

New Delhi : After a series of cyber attacks — including “WannaCrypt” ransomware that exploited a vulnerability in an outdated Microsoft software that was still in use — jolted the world in recent months, the key today is to keep software updated to thwart hackers, a top Microsoft executive has said.

Two new ransomware families like “WannaCrypt” and “Petya” targeted dated Windows operating systems and created havoc across the world, including at some places in India.

Now, with the official rollout of Windows 10 “Fall Creators” update slated for October, Microsoft wants to stay one step ahead in identifying and preventing security threats.

“If you are running Windows 10 and have the ‘Fall Creators’ update, then you are completely protected from those specific malwares,” Vineet Durani, Director, Windows and Surface Business, Microsoft India, told IANS in an interview.

The “Fall Creators” update would feature “controlled folder access” inside its Windows Defender Security Centre that would enable users to secure data through “protected” folders.

“This is an ever-changing landscape. If anybody comes and says, hey, here is a piece of technology and you are completely protected for life, that is not going to happen. That is the reason we build an update or version twice a year because we want to stay a few steps ahead of whatever is out there,” Durani noted.

Microsoft spends over $1 billion every year on cyber safety and security-related research and development.

The company advises users and organisations to install all available security updates — including the previous patch MS17-010 — and ensure that automatic updates are enabled.

Windows 10 OS includes mitigations that prevent common exploitation techniques by cyber threats.

“As India gets more digital (which is now happening at a faster pace than ever), we now have the advantage of moving fast because we do not have too much of a legacy (digital) as a country,” Durani said.

The company has also introduced security features such as Microsoft “Credential Guard” and Microsoft “Hello”.

“We have this tech called the ‘Credentials Guard’ that basically stores your credentials in the hypervisor layer — that is the layer between hardware and software. It does not come with the Original Equipment Manufacturer (OEM) version. One has to buy it as an additional capability so that larger organisations can use it,” Durani told IANS.

“We have worked with partners like Intel and AMD to enable it. The feature is enabled on modern hardware like 5th-gen Intel processors and onwards,” the Microsoft executive added.

Windows “Hello” lets the user set up a quick biometric login instead of a password. With this feature, the user is promised enterprise-grade security without having to type in a password.

Microsoft devices such as Surface Pro 4, Surface Book and most personal computers (PCs) with fingerprint sensors are already compatible with Windows “Hello” and more devices that can recognise your face and fingerprints will be available in the near future.

According to Microsoft’s “Security Intelligence” report, financial institutions have always been popular phishing targets because of their potential for providing direct illicit access to bank accounts of the victims.

Sites that targeted financial institutions accounted for the second-largest share of both attacks and impressions during the first quarter of 2017 and accounted for the largest share of impressions in February and March this year, the report said.

Microsoft would roll out the “Fall Creators” update for Windows 10 on October 17 which will include Virtual Reality (VR) and Mixed Reality (MR) support.

Announcing the availability at the Internationale Funkausstellung (IFA) industry show in Berlin earlier this month, Terry Myerson, Microsoft’s Executive Vice President for Windows and Devices, said that the free update will also include a new photo app and many tweaks to the overall design and usability of Windows 10.

(Krishna SinhaChaudhury can be contacted at krishna.s@ians.in)

—IANS