Monthly Archives: December 2016

ransomware

Ransomware Top 10 list of 2016

Category : Blog

Ransomware Top 10 list of 2016

Ransomware attack in corporate houses in 2016 was very common. Some ransomware attacked the critical infrastructure of organizations. Ransomware attacks panicked the entire corporate world. There are hundreds of ransomware families which came into lam light after they attacked many organizations. Some of the most dangerous ransomware of 2016 are as follows:

ransomware

CRYPTOWALL

 

Cryptowall ransomware didn’t make any headlines in 2016. Cryptowall was first detected way back in 2014 . Many companies in India got attacked by this ransomware. Cyber Security Companies have gone through a series of network penetration testing and web based security testing to nullify the attack.

 

SAMSAM

 

Researchers at Cisco Talos identified SamSam as one of the first instances of a cryptoworm. Unlike traditional ransomware, which spread primarily via phishing scams and exploit kit attacks, cryptoworms are believed to be the next generation of crypto-malware in that they mimic a computer worm’s userless distribution methods. SamSam exhibited this level of self-propagation in a March 2016 campaign when its developers partnered it with JexBoss, a tool for scanning and exploiting vulnerable JBoss application servers. That pairing allowed SamSam to scan for a weak server, establish an initial network foothold, and move laterally to other vulnerable machines while encrypting data along the way.

 

JIGSAW

 

Jigsaw is the ransomware which particularly gives 24 hours to the victim to pay the ransom of 150 USD. If the victim fails to pay the fee Jigsaw deletes files every hour.  If the victim turn off the computer Jigsaw delete 1000 of the victims files. The ransomware carries out this scheme for 72 hours, at which point it deletes every remaining file that comes with one of its 240 targeted file extensions.

 

CRYLOCKER

 

Most ransomware samples come with a standard ransom note that they display to all their victims. Not CryLocker. This malware locks a victim out of their computer and demands they pay 45 USD in 24 hours. To heap on the pressure, CryLocker customizes its ransom note with the user’s name, birthday, location, IP address, system details, Skype account details, Facebook account details, LinkedIn account details, and other data it harvests from the infected computer. The ransomware then threatens to publish all that information online unless the victim pays up.

 

HDDCRYPTOR

 

HDDCryptor is a nasty family of ransomware. It’s capable of enumerating existing mounted drives and encrypting all files as well as finding and accessing previously connected drives and disconnected network paths. In addition, the crypto-malware uses disk-level encryption to encrypt and overwrite an infected computer’s Master Boot Record (MBR) with a new bootloader, which causes a ransom message to display instead of the login screen upon boot up.

 

Researchers first detected HDDCryptor in September 2016. Two months later, the ransomware made headlines when it infected 2,000 systems at the San Francisco Municipal Transport Agency (SFMTA), or “Muni,” and demanded 100 Bitcoins (approximately 70,000 USD) in ransom. Fortunately, the attack did not affect SFMTA’s rail and bus service, and the public agency said it would use its working backups to restore access to its systems.

 

TESLACRYPT

 

After months of tracking TeslaCrypt across spam campaigns and exploit kit attacks, security researchers at the Slovakian IT security firm ESET learned its developers intended to abandon the ransomware. The researchers contacted the developers and requested the master decryption key. In response, TeslaCrypt’s authors published the key, which ESET used to make a free decryption utility. Victims of the ransomware can now use this tool to regain access to their files.

 

LOCKY

 

Researchers detected the first sample of Locky in February 2016. Shortly thereafter, it made a name for itself when it infected the computer systems at Hollywood Presbyterian Medical Center in southern California. Officials chose to temporarily shut down the hospital’s IT system while they worked to remove the ransomware, a decision which caused several departments to close and patients to be diverted elsewhere. But without working data backups, the executives at Hollywood Presbyterian ultimately decided to pay the ransom of 40 Bitcoin (70,000 USD).

 

In the months that followed, Locky went through at least seven different iterations: “.zepto,” “.odin,” “.shit,” “.thor,” “.aesir,” “.zzzzz,” and “.osiris.” It also leveraged unique distribution channels like SVG images in Facebook Messenger and fake Flash Player update websites.


Internet Safety Manual for family & friends to support digitalization in India

Category : Blog

Internet Safety Manual for family & friends

 

Internet safety manual or common hygiene to be maintained by common people while they are on the internet is really missing in India. We at Indian Cyber Security Solutions have taken the major step to educate the common people how to use internet safely. Do`s and don’ts on the internet.

We are on the verge of digitization and in support to the vision of our Honorable Prime Minister Mr. Modi we would like to introduce some of the major factors one should keep in mind while they are doing online transactions and are active in social media or when using public WiFi.

 

internet safety manual

 

Do`s and Don`ts in the cyber space – Golden rule for the internet

 

  • How to create a strong password: Strong passwords are of 12 to 14 character long with a combination of upper case, lower case, special characters and numbers.  Best way to remember your password is to make it very simple and use a leet language. For example, “ABHISHEK” should be “@3#1$#3K”. Replace characters like A with @, B with 3, H with # is one of the best way to create password which is easy to remember for the user and hard for the hacker to guess and crake it.  Before you set a password it is very important to know how strong is the password you have thought to set. To understand this or rather get a definit answer you should always take the help of the website: https://howsecureismypassword.net/ . This will tell you exactly how long will it take to brake your password.

 

  • Use of Password Manager Tools: It is very hard forn the individuals to remember all the passwords for different accounts, PIN numbers of your ATM cards. People do a common mistake in saving them into note pads or sticky notes on desktops which are dangerous. Simple remedy to the complex situation is to have a folder with all passwords and make that folder lock with a password protected application. We advocate you use an online available password vaults for mobiles and desktops. Check out PC Magazine for some of the most popular solutions.

 

  • Use Multi-factor authentication: Always use the security features for login purpose. 2 factor authentication or multi-factor authentications are the normal security features provided by companies as a security parameter to authenticate the user and enhance safety measures.  Some of the examples are proving fingerprint, codes delivered to the mobile number etc.

 

  • Update your WiFi Router: Updating doesn’t only mean upgrading the software but also change the default password and user name of the router. Most people never change them and the default factory settings user name remains admin and the password remains admin. People do not even change the security level of the router and it is highly recommended to use a WPA2 security encryption. It is must for every person to change the wifi passwords every week and make this a habit for a secured future. Avoid using public  You can go through the different types of encryptions to be used by WiFi.

 

  • Always be curious about the sender: When you are online you can easily be the victim of a scam. Never trust blindly to any message on the social media provoking you to open a file or give the credentials. It can be from your friend or a family member but always take a small step to reconfirm the action. Give them a call and confirm about the instruction provided by the sender. There are numerous ways scammers and cyber criminals can fool the common people.

 

 

As all our religious books like Geeta, Bible, Quran protects humanity in this world by guiding them to the right way to live. This few points can help common persons be safe in the digital space. Cyber security is not to make the common person be afraid and make them scare but to help them lead a secured digital life and help them maintain digital privacy.

 

At Indian Cyber Security Solutions, we deal with numerous cyber-criminal cases. Where organizations networks or websites being hacked by hackers and many intellectual properties are being compromised. We provide digital solutions like network penetration testing and web penetration testing to mitigate the further risk. Implementing some regulatory frameworks and being audited on a regular interval can help an organization be safe and secure in the cyber space.

 


Hacking Sony security cameras

Sony IP Cameras are vulnerable to be Hacked

Category : Blog

Hacking Sony security cameras by backdoor attacks

 

Hacking Sony security cameras took the industry by a storm. If you have a Sony IP based camera installed at your house or office premises you must be aware of this fact.

 

SEC Consultant researchers have found out a real flaw (0-day vulnerability) in Sony IP cameras that could be exploited as hackers can send in malicious codes, spy on individuals, or can recruit them into DDOS botnet.

Hacking Sony security cameras

 

Sony IPELA Engine IP cameras are the one having these vulnerabilities are largely used by big corporate houses and government firms across the globe.  These IP based cameras are used to protect people and property can be easily used by unknown persons and can be used against an individual.

 

How Cameras can be compromised ?

 

Hacking Sony security camera allows to have an attacker to remotely enables cameras Telnet/SSH Service which allows the hacker to grab a root privilege of the camera.

 

The Vulnerability can easily be exploited as the factory default passwords are hard coded into the firmware which allows virtually any one to log into the device if the camera is LIVE on the internet.

 

 

Information about hacking Sony security cameras by using backdoor were informed to the authorities of Sony corporation on the month of October, and the patch was released by Sony for all the vulnerable devices at the end of November 2016.

 

Why did the backdoor existed is the question of the hour but Sony haven’t come up with any clarification on the issue. Per the experts in the field of cyber security industry, Sony may have introduced this backdoor during the development phase so to debug it, or to test it during manufacturing process.

 

Sony had however acknowledged the report from SEC and had responded reasonably quickly and came out with the patch.

 

Due to increase in IOT devices Cyber security is becoming the major concern for people and organizations. Increase in Jobs in the field of cyber security had increased in the recent past. With expected growth of cyber security market to be 220 billion by the end of 2019 it is great for young graduates to grab a good deal of knowledge on cyber security by going for the global certification course CEH from EC council which is recognized by all MNCs and across 160 countries. One can even go for the Ethical Hacking course which is also provides the in-depth knowledge on cyber security and its counter measures.


IOT Devices and Cyber Security are major concern for the future

Category : Blog

IOT devices are more vulnerable to hack

 

IOT devices and Cyber Security goes hand in hand. Every day there is increase in devices which are being connected to internet. Development in the field of machine learning and artificial intelligence had increased dramatically due to increase of interconnected devices and growth of IOT devices in the aim to make the human life easy. IOT devices like smart cars which can auto drive and promise to take you safe to your destination, smart home appliances like refrigerator which can automatically add items to the glossary and vegetable list after checking the availability.

iot devices

 

These interconnected devices often lack security which makes it easy for hackers to send malicious codes and hack into the devices. In the recent past cyber security researchers have shown how they can take control of the car and turn the steering wheel of car while the car is in highway on an average speed of 70 miles per hour.

 

These hacking incident attract media attention but media fails to illustrate how one can stay safe and how to mitigate these kind of risk. Hackers are more smarter and uses there black hat skills to get inside the corporate or government database by exploiting the IOT devices.

 

Some of the key takeaways from the research conducted by Business Insider:

 

  1. Research have found manufacturers of IOT devices and service providers are failing to implement common security measures in their products.
  2. Corporate and government espionage have increased along with data breaches as hackers could easily exploit the IOT devices.
  3. Investment in cyber security on IOT devices is expected to increase by 500% as the demand for these devices increases in coming 5 years.
  4. Demand for general cyber security services like Network Penetration Testing, Web Application Penetration Testing is going to be more complex due to introduction of IOT devices in corporate and government houses in coming future.

 

 

Most Demanded Courses at Indian Cyber Security Solutions:

Ethical Hacking Training – Get a Certified Ethical Hacking Professional Certificate from us which is valid in all over India and all MNCs recognises it.

 

C | EH – Certified Ethical Hacker certification from EC-Council. This certificate is highly demanded by all organizations across the globe. This certificate is globally recognized and more than 160 countries recognises it.

 

Android Penetration Testing – Best way to secure your own application. This is the future, where you need to teste the real world android applications and find out vulnerabilities for the organization.


Ransomware attack on hospital forces the hospital authority to cancel 2,800 operations and completely shut down the system.

Category : Blog

Ransomware attack on Hospital – New Blackmailer Game

 

Ransomware attack on hospitals had increased in recent past. With Locky Ransomware attacking the healthcare industry recently. Different industries had been attacked in India and abroad with ransomware. Numerous cases had been registered in India with Bangalore based IT companies are falling pray to ransomware. To be very frank cyber security firms have still not come out with an effective recovery strategy and process to protect and mitigate the high risk involved.

 

ransomware attck on hospital

 

When it comes to ransomware attack on hospital industry it makes it more scary as the hospital responsibility of keeping their customers safety is threatened. At the end of October, three British hospitals suffered a “major incident”, as a malware attack infected the Northern Lincolnshire and Goole NHS Foundation Trust (NLAG), forcing the almost complete shutdown of IT systems and the cancellation of routine patient operations for several days.

 

After the ransomware attack on hospital the hospital authority the malware that infected their computers are similar to the globe ransomware which uses the blowfish cryptographic algo to encrypts victims files.  Adding more pain the globe2 ransomware deletes PC shadow volume copies.  These shadow volume copies are the automated generated backup files created by PCs so you can roll back and recover your lost data.  

 

 

Statement of the Hospital Authority

 

“We can confirm that recent publicly reported information alleging that access was gained through a USB stick or due to remote working have no grounding in fact. We can assure our patients and other stakeholders that we acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information at this time on the exact steps we have taken.”

 

ransomware attack on hospital

 

The good news is that it appears that most of the trust’s IT systems were brought back to working operation relatively quickly, and although 2,800 patient operations were cancelled there is no indication that any long term harm has been done.

 

We are impressed that the hospital was not considering in paying the blackmailer the money as the only option. Unlike the case in the past one hospital from Hollywood paid $17,000/- worth Bitcoins.

 

Cyber Security firms in India have also faced some critical cases where organizations were attacked by ransomware. Cyber attacks have made the security a major concern for all industries. It is now a necessity than a luxury thing. Depending on external security implementing companies have not solved the purpose. Companies across the globe is spending huge amount in recruiting young and tech geeks who are cyber security experts to combat these problems. Ethical Hacking training for students helps them to gain the in-depth knowledge on cyber security and can make this as a exiting career option.

 

 


Russian central bank hacked

$31 million hacked from Russian Central Bank

Category : Blog

Russian Central Bank Hacked – $31 million stolen from Bank

Russian central bank hacked

Russian central bank hacked as millions of dollars of customers were stolen on Friday as disclosed by bank authority. This is the latest example of a planned cyber-attack on the financial institutions.

After the Russian central bank hacked the officials came out with a stunning information that the hackers were on a plan to hack about 5 million rubles but could only manage 2 million rubles.

Around $ 26 million of the stolen funds had been recovered by the Russian central bank as they freezed the accounts which was used by the hackers to transfer the funds.

 

Details of how the hackers were able to get inside the system and compromise it was not revealed by the authorities and is under investigation. In the past hackers had targeted Russian banks by compromising E-payment systems, installing malware on ATM Management infrastructure.

 

russian-bank-account-hacked

 

These are the common ways used by hackers to steal money from banks across the globe. Experts in India have predicted that this kind of strategic attacks can affect the current banking infrastructure prevailing in India.

 

Due to demonetization and sudden increase in online banking transactions, common people are not fully aware about the security issues and how to us online banking and e wallets safely.

 

Russian central bank hacked

 

This kind of hacks have also increased the demands for ethical hackers across the globe. Currently in India more than 77,000 ethical hackers were demanded every year as per the report of NASSCOM. Experts believe that these numbers will increase and demands for well trained white hat hackers will increase.

 

CEH (certified ethical hacker ) certification is what students and working professionals are targeting as this is the best global certification one can have to secure a job in any MNCs in India and abroad.

 

In the meanwhile FSB s website warning shows that the attack was planed by a un-named country for 5th of December.

 

Watch this video to understand how the Credit card hacks and underground market works    

 


pacemaker hacking

Pacemakers are the target for hackers

Category : Blog

Hackers can target pacemakers

Hackers can target pacemakers remotely as researchers have found security flaws in the device that can be exploited and hacked. Hackers can target the pacemakers remotely from a distance by sending malicious codes which can trigger fatal shocks can cause death.

Using common equipment’s the researchers were able to find loopholes in several protocols. Researchers even demonstrated that they were able to steal telemetry data used to communicate health information, can drain out battery by DDOS attack.

pacemaker hacking

A great cyber security threat looming around the health care industry around the globe and specially in India. Cyber Security companies in India have taken many steps to mitigate the risk. Researchers have made findings of how to stop these kind of hack which can compromise the security of common person.

Health care industry only concentrating on implementing policies and standards like HIPAA and many more but are missing out on actual root cause analysis of the hacks and threats looming.

According to cyber security firms across the globe it is obvious to follow standards by the health care industry but also equally important to maintain and check and conduct penetration testing on devices, networks in order to strengthen security.

 

In the recent research it was more to surprise the attacker can launch an attack without any good knowledge of the medical device.  The attacker can reverse engineer the protocols by sending wireless malicious codes to the device.

Recent news stats that the vendor of the compromised devices have launched the patch. But what about the devices which are implanted in the human body ?

 

Hacking into medical devices is not a thrill or a great script of a movie. It is matter of great concern.

 

Vice-President of the USA Dick Cheney had the wireless feature of his implanted heart defibrillator deactivated due to the potential for it to be exploited by assassins.

 

 

 


Show Buttons
Hide Buttons