Author Archives: Anamitra Sarkhel

  • 0

Phishing scam targets Godaddy customers

Category : Blog

 Phishing scam targets Godaddy customers

phishing scam

Phishing scam to steal user’s personal data or financial credentials

Phishing scam to steal user’s personal data or financial credentials is nothing new and this time GoDaddy users are the victim of it. With each day the cyber scammers are coming up with more inventive and compelling ways to out do users and get hold of the advantage.

Phishing is one of the easiest methods employed by cyber criminals to achieve their malicious intent especially for those users who are not acquainted with social engineering. Awareness is the first initiative that is to be taken to counter these threats posed by cyber criminals and scammers. Ethical Hacking works like the torch of guidance in this respect. It gives you the much-needed skill and instills within you the awareness to fight against cyber crime ensuring that every step of yours in the digital world i.e. in the cyber sea is a well thought out and a safe one. Not only phishing scams there are other numerous way of cyber attacks that are being directed against users all over the globe.

Phishing emails have been a weapon for cyber scammers

Phishing emails have been a weapon for cyber scammers for quite some time now and it is being frequently used as previously Paypal has also suffered the same fate when attackers targeted customers using legit email IDs. These kind of emails has led to and is leading to numerous phishing scams.  According to Defend Mag, the latest phishing scam is directed to GoDaddy users where attackers are sending emails to the website owner’s inbox from a legit GoDaddy e-mail address support@GoDaddy.com. The email reads that their email account storage on GoDaddy server has exceeded from the given 20MB limit and any incoming emails will be bouncing back. And in order to do away with this problem the users are asked to click on a link given in the mail which will be providing them with 2GB of free space, thereby enabling them with the continuation of receiving e-mails.

Up to this point things are well and fine but to get the free space the link has to be clicked and there’s where the trap is laid and the trouble begins. People having no account at GoDaddy may well ignore this e-mail (message) but those having one if and when clicks on that link their login credentials are sent straightaway to the cybercriminals behind the scam.

The name of the link is “Upgrade Mailbox” which takes the users to the legit Go Daddy website mtparent (dot) com/themes/www (dot) html where once users add their GoDaddy login and passwords they are redirected to the original GoDaddy website GoDaddy.com. This is when and how their login credentials reach the cybercriminals involved in the scam.

There is a positive news though on this matter. Chrome browser has been quick to list the site (mtparent (dot) com) that has been hosting the scam as a deceptive one that may disclose your personal information (passwords, credit cards and the like). However, there is a bad news also and that is Chrome is not showing any warning message on [mtparent (dot) com/themes/www (dot) html] domain whenever a user is redirected to it. Now this can be a great advantage for the scammers for every user is not familiar with phishing scams particularly the ones coming from seemingly legit looking email addresses.

So, if you are a website owner at GoDaddy be very careful in not falling prey to this scam and kindly spread the word as far and as much as you possibly can.


  • 0

ATM Hacking in Thai Banks

Category : Blog

ATM Hacking in Thai Banks

ATM Hacking in Thai Banks!!!! A staggering 12.29 million Baht ($350,000) stolen.

So after Japan, it’s Thailand. The hacking spree continues. Just a couple of months back cyber criminals had successfully stolen 1.44 billion Yen ($13million) from more than 1400 ATMs in just over 2 hours and fled from the country. Hackers this time have managed to steal a whooping amount of 12.29 million Baht ($350,000) reportedly from the Government Savings Banks of the country. The hacking spree continued from 1st August as 21 ATMs were attacked resulting into this stealing of such substantial sum of money. The ATM’s were situated in the Southern provinces of the nation.

The malware used in the attack to compromise the ATM was so advanced that it could not even been detected for quite some time. The attack targeted single machine and each time the attackers withdrew 40,000 Baht ($1154). The ATMs targeted were in Phuket, Surat Thani, Petchaburi, Chumporn and Prachuab Khirj Khan. Five of Bangkok’s ATM were also targeted by the hackers located in the Vibhavadi Rangsit and Sukhumvit areas.

Aftermath the incidence, the bank closed down all of its ATM operations for an indefinite period. It is mention worthy here that the bank is having 4000 ATMs in Bangkok which are manufactured by a Scotland-based company. Moreover, 16 other machines also have been found to be infected with the same malware barring the 21 that have been attacked and hacked.

Microsoft representative has said to Thailand-Business that Thailand is the most vulnerable nation in the Asia-Pacific region that is constantly encountering malware threats and attacks. In fact, it is facing the highest malware attacks in the Asia-Pacific zone. Overall, worldwide too Thailand is amongst the top 25 countries to be experiencing malware attacks on a frequent and regular basis. Initially the government agencies were the preferred target of attack for hackers but now it seems that banking sector has joined their favourites list too.

In this age when technology has gone to a different level altogether and with innumerable people being around to misuse them for pursuing their selfish interest Ethical Hacking and Web Application Penetration Testing are platforms that can be used to a great effect to resist hacking and malware threats. From system hacking to ATM hacking, frauds and data breaches in top corporate companies and governmental agencies hackers are making their presence felt everywhere big time. So it is of utmost importance that ethical hackers and Web Application Penetration Testers are produced in large numbers to effectively combat these trying circumstances. Indian Cyber Security Solutions presents all these services like Ethical Hacking, Web Application Penetration Testing, Android App Penetration Testing and all other cyber security services under a single roof.

Mr. Chartchai Payuhanaveechai, director of GSB has told in a statement that the hack had nothing to do with customer’s accounts and money and that the services of the Scottish company ATMs were terminated since 8th August. He, on his part has further notified the Bank of Thailand so that banks having ATMs from the same Scottish company could be alerted  as there are around 10,000 actively operating ATMs in the country out of which 4,000 are of GSB.

The million dollar question now is of course what will be GSB’s stance against the Scottish firm. It is being heard that GSB would straightaway demand for compensation from the Scottish company.

Bangkok Post has reported that there were in total 5 hackers involved in the hack; all from East Europe, out of which a few have already left the country. However, warrants for all of them who were involved in the ATM hacking will soon be issued, a senior police official asserted.


  • 3
Unreal Tournement Hacked

Unreal tournament gaming hacked, Epic gaming forum hacked

Category : Uncategorized

Unreal tournament gaming hacked

Unreal tournament gaming hacked, Epic gaming forum hacked!!!!

Till now the gamers have ‘hacked’ their way through the game but now the gamers themselves have been compromised by a real band of hackers.

It seems that more than 8, 00,000 forum accounts of Unreal Engine and its creators Epic Games’ forum have been compromised by a hacker or a group of hackers. It has been known that by exploiting a known vulnerability that resided in an outdated version of vBulletin forum software the hacker(s) were able to accomplish their intended malicious activities.

Hacking, system compromise and data breaches to be stopped in this present scenario would require not only a lot of effort and awareness but also terrific skills. Well trained individuals with good command in Ethical Hacking are very much required in this scenario to effectively fight against this.

 

Unreal Turnament compromised

Big Element of Risk for Epic Games Players as Epic gaming forum hacked big time!!

It is believed by Epic that various sensitive registration information like that of user names, scrambled passwords, dates of birth, email addresses, IP addresses etc. may have got disclosed with the attack. However, in an official announcement on the Unreal Engine forum website reads that although the forum has been compromised with email addresses and other data that were available in the forum but no passwords in any form (salted, hashed, plain text) have been leaked.

Though most of the passwords that have been stolen are scrambled, still there remains a good chance of systems of the forum members’ getting affected and infected by ransomware or other malicious software. This is because the hackers can exploit the other stolen data to send phishing messages to other forum members’ email addresses as a malicious endeavour.

Some other games in the affected list as well as Unreal tournament gaming hacked, Epic gaming forum hacked using an SQL security flaw

There is further bad news for gamers of Infinity Blade, Gears of War and also older versions of Unreal Tournament games because hackers may have compromised their salted hashed passwords along with their e-mail address and other data entered that are entered into the forums.

The forums of both Epic Games’ forum and Unreal Engines forum were down after the incident.

Possible Mitigation:

LeakedSource has already added the breached data from the Epic Games’ forum into its database including the password hashes so as to enable its users to search for their stolen data.

Precautionary Measure:

So in this precarious circumstance do change your password right away if you have ever taken part in online forums of the Epic games or have been associated with Unreal Tournament and particularly if you are using the same password for multiple websites.

 

 


  • 0

Locky Ransomware threat in Healthcare Industry

Category : Blog

Locky Ransomware threat in Healthcare Industry

Locky Ransomware, as it is called is causing great adversities for health centres and hospitals in the United States. Yes, malicious actors and scammers are employing the highly advanced Locky Ransomware there which penetrates infecting the entire system in a very short span of time by using the file encrypting software. The victims are then demanded for a massive ransom to get the required decryption of their encrypted data back. The attacks that have been carried out by Locky Ransomware till now have mostly been directed on hospitals and the majority of them have occurred very recently, during the first half of August 2016.

Since IT plays a huge role of substance in the health and hospital industry with so much of records and data of patients and staff members to be kept and maintained  the malicious attackers are targeting them as their priority choice. Moreover, it also presents them with the golden opportunity to get their infected software reach and spread to a wider audience.

The ransom money is usually collected by the scammers in Bitcoin, the digital currency. Of late a hospital in South California was asked to pay a staggering amount of 9000 BTC ($3.6M) ransom owing to a Locky ransomware infection.

Security researchers have gone on to identify that the number of phishing emails have increased drastically in order to disperse the Locky ransomware campaign. Fire Eye security research team has discovered that there is also a download hike in Locky ransomware downloads and the attackers are changing their techniques every now and then.

Rong Hwa Chong from Fire Eye feels that users need to be even more cautious from now on while opening attachments in email, lest they might fall in trouble big time.

The only ray of hope against this is that Intel and Kaspersky, two of the IT security heavyweights have joined hands with assistance from Europol and Dutch Police in developing an anti-ransomware portal called ‘No More Ransom’ and thereby helping users against the ever-rising threat of ransomware and recover their data without paying any amount to the attacker.

So, do remain always circumspect with regard to unsolicited e-mails besides keeping a regular backup of your important data. It is also of prime importance and can help you a long way if you have knowledge in Ethical Hacking to combat against these kind of ransomware attacks. It is so because the way things are transpiring in the cyber world there is a dire need for an ethical hacker in all industries where IT has a part to play.

 


  • 0

Volkswagen Vulnerability found in VW Cars

Category : Blog

Volkswagen Vulnerability found in VW Cars

Volkswagen vulnerability this time!!

Even cars of the standard and stature of Volkswagen cannot evade vulnerability from hacking these days. Such is the susceptible cyber security scenario in the world at the moment. These kind of hacks along with system compromise, data breaches and other form of cyber crimes have become a matter of regularity these days. In order to fight against this precarious situation Indian Cyber Security Solutions (ICSS) offers Ethical Hacking course through which you always stay a step ahead of any attack which may come your way any time and in any manner.

Volkswagen has again made the headlines after a year once again for another wrong reason. This time vulnerability has been found in their locking system which can be hacked through a hacking of the keyless entry systems. The number amounts to a staggering 100 million!!. Yes, around about 100 millions Volkswagen are vulnerable to a key cloning attack.

Volkswagen Vulnerability

 

A 17-page long study that has been found by The University of Birmingham’s School of Computer revealed that hackers can use a $40 battery-powered RF transceiver to essentially clone the automaker’s Remote Keyless Entry system and lock or unlock a VW vehicle as per their own sweet will. The study further showed that as the RKE systems of the VW Group vehicles have been secured only with a few cryptographic keys and been in use worldwide for close to decades it makes them immensely vulnerable to hacking.

It has been found by authors like Flavio Garcia and David Oswald who have studied more than 100 million VW, Audi, Seat and Skoda cars sold since 1995 that they can be exploited by the simple hacking of RKE’s cryptographic key.

Kasper and Oswald, a German security firm who is also involved in the study beholds that minimum 10 other car brands are vulnerable to similar hacking schemes.

In a statement to the BBC Timo Kasper has expressed utter shock as and when he came to know that from cryptography’s perspective millions of cars are using the same secrets simply because it is a disaster.

Work is in progress to resolve this Volkswagen vulnerability issue.

However, according to a Volkswagen spokesperson there are some VM models in which the vulnerability is not there like the Golf, Tiguan, Touran and Passat.

So till thins are mitigated and sorted out don’t keep your Volkswagen car in an unsafe parking lot with valuable things inside it if you have bought it after 1995.


  • 0
Android Devices

Android devices vulnerable to Linux Kernel flaw

Category : Blog , Uncategorized

Android devices vulnerable to Linux Kernel flaw

Android devices running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux Kernel flaw and guess what even the latest, updated and improved technology of Android Nougat Preview also seem to have not been able to evade it. This vulnerability is estimated to be present on 80% of Android smartphones and tablets which amounts to nearly 1.4 billion devices. It provides the hacker with the opportunity to terminate connections, unencrypted traffic or inject malware into the parties’ communications. The vulnerability (CVE-2016-5696) shortcoming that was first visible in the execution of the TCP (Transmission Control Protocol) protocol in all Linux systems deployed since 2012 (Android Smartphones) (version 3.6 and above of the Linux OS Kernel) and the Linux Foundation has already patched the Linux Kernel on July 11, 2016. As it stands out, hackers are able to spy on your communications without even compromising your network via man-in-the-middle-attack.

Android Devices

As per a blog post released on Monday by Lookout, a mobile security firm, all Android devices having KitKat 4 .4 and above possess this Linux flaw which also includes the latest developer preview of Android Nougat. Lookout has also mentioned in their blog post that though man-in-the-middle attack is not required in this scenario, however, in order to successfully carry out the attack it is imperative on the part of the attacker to know the source and destination IP (Internet Protocol) address. Windows and Macs are free from this vulnerability. The good news of course is that a patch for this vulnerability may be just around the corner as according to Google, engineers are already aware of it and working on it as well to come up with the much-needed solution. As for temporary mitigation, do ensure that you use a VPN (Virtual Private Network) and that your internet traffic is encrypted.

In today’s environment of ever-so frequent hacks and compromise it is possible to stand affirm against these attacks and lay a good chance for yourself in being resilient to it if you are well versed with Android App Penetration Testing.


  • 0

Dota 2 Forum Hacked

Category : Blog

Dota 2 Forum Hacked

Dota 2’s (Defense of the Ancients 2) official forum has suffered a serious setback with close to 2 million registered user’s personal information being stolen. Dota 2 is a multi-player online battle arena video game. E-mail and IP addresses, usernames, user identifiers and hashed passwords were accessed and stolen. This massive data breach occurred around a month ago on July 10, 2016. The same were then conveyed to LeakedSource on August 9, 2016 by an unknown sender. In their blog post LeakedSource data mining company has revealed that the researchers were successful in converting more than 80% of the passwords to their plaintext forms which were stored using MD5 hashing and a salt. The hack has been acknowledged by the Dota 2 forum developers who have reset the passwords for all forum user accounts. Dota 2 forum has taken immediate step to address and resolve the situation. Although the security notice clarifies that users’ payment and Steam credentials were not stolen and therefore are safe, still the forum developers have directed and in a way warned users regarding changing their passwords i.e. if they have been using the same password for other sites. The forum administrators are virtually clueless as to how and what led to this great debacle on their forum. However, according to Reddit it is due to an SQL injection that the dev forum got breached. It is of utmost importance and top-most priority to change your password as soon as possible and check on LeakedSource for your credentials right now if you are possessing an account at Dota 2 dev forum. It is also highly recommended to change your password immediately if you have been using it on other sites. It will protect you from losing access to them as well. This recent breach shows that there is no respite even in the gaming industry as far as hacking goes. Not too long ago, in fact it was just a couple of weeks or so ago that user accounts of 1.6 Million gamers were stolen in a data breach of the Clash of Kings forum.


  • 0
Android Security

Push notification enhances android security

Category : Uncategorized

Push Notification Enhances Android Security

Push notification is Google’s next endeavour in keeping its security as tight as possible in Android phones. After the recent announcement of already implementing some vital security features in the next Android OS version Android Nougat it is now on its way to bring to the table a new feature named Native Android Push Notification. With this feature if a new device is added to your Google account i.e. to say when a new device accesses your account, you would be instantly notified through a push notification as to whether you have signed in. If the activity somehow appears suspicious to you will just need to tap the “Review account activity” button to know the details of the newly logged in device on your Google account.

Push Notification in android

The e-mail notifications for Google is not new anymore and with the company believing that people generally pay four times more attention to push notifications on their mobile devices in comparison to email notifications this is probably the best foot forward in tightening the security on Android devices even further. This will always provide you with the opportunity to change your password before an intruder gets in. Or even if the situation is a little different and you are worried if someone has actually accessed your account already you can immediately change your password and add two-factor authentication while being on the go. This 2-factor authentication has again been made much easier for the user by Google recently as you can log in by simply by a single tap instead of typing codes. This is called “Google Prompt”. So as Google has mentioned in its official blog that with this new feature on board the transparency of the users would also be increasing automatically as they get to see the actions they have performed. This new feature will be taking around about two weeks to spread totally all across the globe.


  • 1
ransomware

Combating Ransomware

Category : Blog

Combating Ransomware Attack – Europol takes initiative to fight back

Ransomware has been something that has been bothering and affecting individuals and companies very badly for quite some time now. It’s a type of malicious software that is designed to block access to a computer system until a sum of money is paid as deemed by the cyber criminal. Although directed mainly at individuals it’s not too long before it can affect big companies and organizations. But, now with the Dutch National Law Enforcement agency Europol joining hands with top cyber security companies things could be expected to be a lot better in terms of our fight against ransomware. This is no doubt a great news for computer and internet users all over the world as the estimated number of ransomware victims tripled in the first quarter of this year alone. Dutch National law enforcement agency Europol, which has joined forces with police and cyber security companies announced the initiative dubbed as No More Ransom and backed by technology hotshot Intel, cyber security firm Kaspersky Lab and the Netherlands Police would be aiming at reducing an ever-increasing rise in Ransomware threat. The main objectives of this initiative would be to disperse the awareness regarding the Ransomware threat, how to help people from being falling prey to it and how to recover from such attacks without paying the ransom (money) to cyber criminals on the event of such attack. Furthermore, with the No More Ransom online portal you get the opportunity of downloading tools that are potentially capable of assisting in decrypting computers affected by ransomware attacks. At the beginning, there are four decrypting tools for ransomware available in the website NoMoreRansom.org. The website also initially has 1, 60000 decrypting keys to start with. There is also a place in the portal where people can upload more ransomware malware samples along with a description to identify the type of threat affecting a system. Not only has the number of Ransomware attacks increased drastically, the sophistication of these attacks too has reached to a different level with time.

Universities, hospitals and even government agencies- none has been able to get away from the dreaded shades of ransomware attacks. Malware is something that would probably be an ever-lasting issue and a battle against it would always be a mounting one but it is worth a go to challenge it head on making a co-ordinated effort.

Jornt Van der Wiel from the Kasper Sky explains another reason behind the ‘exponential’ rise of ransomware attacks in the recent past. While the cyber criminals are demanding for money the computer user is straightaway paying the ransom to him for getting the instant access to his personal data without even trying or resorting to any other method of retrieving it. This is motivating the cyber criminals further to carry out such malicious activities.

So, what’s the way out or the preventive measures you can take against ransomware attacks personally?

 

  1. Keep a regular backup of your important data.
  2. Use up-to date software’s besides using a good and reliable Anti-Virus software.
  3. Patch early and regularly.
  4. Don’t remain logged in as an administrator unnecessarily i.e. for more time than you genuinely require and while staying logged on don’t do regular stuffs like browsing and other “regular works” as much as practicable. Ideally, don’t do any other work at all while you are logged in as an admin.
  5. Don’t enable macros in document attachments received through e-mail.
  6. Always be circumspect regarding unsolicited e-mails.

 

Though it goes without saying that the fight against ransomware won’t be an easy one even now by any stretch of imagination and it will be a prolong process but the ball for making a strong statement through a well planned endeavour to the cyber criminals who effect it has certainly been set rolling.


Show Buttons
Hide Buttons