Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber-attacks. Show all posts

Cybersecurity Challenges Faced by ISRO: Chief S Somanath

The Indian Space Research Organisation (ISRO) has been facing over 100 cyber-attacks daily, according to a statement by ISRO Chief S Somanath. The attacks are mostly phishing attempts and malware attacks. 

During the concluding session of the 16th edition of the c0c0n, a two-day international cyber conference in Kerala’s Kochi, Somanath stated that rocket technology, which employs advanced software and chip-based hardware, is more susceptible to cyber-attacks.

ISRO’s Cybersecurity Challenges

"The organization is equipped with a robust cybersecurity network to face such attacks," said Mr. Somnath. "Earlier, the way of monitoring one satellite has changed to a way of software monitoring many satellites at a time. This indicates the growth of this sector. During COVID, it was possible to launch from a remote location which shows the triumph of technology."

During the concluding session of the c0c0n, Kerala Revenue Minister P Rajeev stated that the state government is capable of providing sufficient security to the cyber arena, making it a model for cyber security governance. He stated that The Kerala state government is capable of ensuring cybersecurity and supporting the sector by establishing a Digital University in the state. Additionally, K-Fone ensures internet access in every household in Kerala.

The ISRO is responsible for India’s space program and has been instrumental in launching several satellites and missions. The organization has been targeted by hackers in the past, with reports of cyber-attacks dating back to 2017. The recent statement by the ISRO Chief highlights the increasing threat of cyber-attacks on critical infrastructure.

ISRO’s Cybersecurity Measures

The ISRO has taken several measures to improve its cybersecurity posture. In 2020, the organization launched a cybersecurity policy aimed at protecting its critical infrastructure from cyber threats. The policy outlines guidelines for secure coding practices, access control, incident management, and other security-related aspects.

"We can face the challenges posed by cyber criminals using technology like artificial intelligence with the same technology. There should be research and hard work towards this end," Mr. Somnath said.


Tricky Malware Uses Versioning to Outsmart Google Play Store Scanners

In recent developments, threat actors are using a technique known as "versioning" to evade Google Play Store's malware detection mechanisms, posing a significant risk to Android users. This method allows them to specifically target users and compromise their sensitive information, including credentials, data, and finances. Despite being a known tactic, versioning remains challenging to detect, making it a preferred choice for malicious developers. 

In May, cybersecurity firm ESET uncovered a screen recording app called "iRecorder - Screen Recorder." Surprisingly, the app remained undetected for almost a year on the Play Store before malicious modifications were made to enable covert spying on its users. 

SharkBot, a notorious malware utilizing the DCL method, has been consistently resurfacing on the Play Store. This malware disguises itself as security and utility apps to deceive users. Operating as a financial trojan, SharkBot executes unauthorized money transfers from compromised devices through the Automated Transfer Service (ATS) protocol. 

Here's how the versioning technique works: 

Innocent-looking Initial Release: Malicious developers begin by releasing an app's initial version on the Google Play Store, which appears harmless and successfully passes Google's pre-publication security checks. This initial version is designed to avoid detection by security measures. 

Introduction of Malicious Components: Subsequently, the developers push updates to the app. These updates introduce malicious components into the seemingly harmless app. These malicious components are cleverly hidden, allowing the initial version to pass the security checks while carrying hidden threats. 

Attackers' Controlled Servers: The updates containing the harmful code are delivered to users' devices from servers controlled by the attackers. These servers enable the attackers to dynamically load code (Dynamic Code Loading or DCL) onto the devices without raising any suspicion. 

App as a Backdoor: As a result of the malicious updates, the app effectively becomes a dangerous backdoor on the compromised devices. This grants the attackers unauthorized access and control over the compromised devices, enabling them to exploit sensitive information, compromise security, and carry out further malicious activities. 

According to a report from ThreatFabric, cybercriminals have been exploiting an Android bug to make malicious apps appear harmless. They achieve this by "corrupting components of an app" in a way that the app remains valid as a whole. This allows malicious apps to bypass detection and pose a threat to unsuspecting users. 

Microsoft Upgrading Defender for 365 Users Teams

Last week, the technology giant Microsoft has announced that they are going to add some new advanced features to Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any deceitful messages they receive. 

Microsoft Defender for Office 365 (previously known as Office 365 Advanced Threat Protection or Office 365 ATP) works against malicious threats coming from malicious email messages, links, and collaboration tools to protect organizations. 

The new features are developing upon improvements announced in July 2021, allowing Microsoft Teams to automatically blocks phishing attempts. 

According to the given data on Microsoft's official website, this in-development feature will give power to admins to alter potentially dangerous messages targeting employees with malicious payloads or trying to redirect them to phishing websites. 

"End users will be able to report suspicious Microsoft Teams messages as a security threat just like they do for emails - to help the organization to protect itself from attacks via Microsoft Teams," Microsoft explains on the Microsoft 365 roadmap. 

Additionally, one of the users reported that Redmond is also developing new features for Office 365's Submissions experience to categorize the user-reported messages into individual tabs for Phish, Spam (Junk), and so on. 

However, as per the process, it is expected that the advance submission feature will be available to the general public next month, the new user reporting capability is now in preview and will most likely roll out to standard multi-tenants until the end of January 2023 to desktop and web clients worldwide. 

Microsoft extended Defender for Office 365 Safe Links protection to the Teams communication platform to help customers from malicious URL-based phishing attacks. 

"Safe Links in Defender for Office 365 scans URLs at the time of click to ensure that users are protected with the latest intelligence from Microsoft Defender,” Microsoft further told.

Dark Web Threats: How Can They Be Combated?





The Dark Web is often considered one of the most dangerous sources of brand reputational threats. Another very significant source of threats is the so-called shadowy websites. To keep themselves safe from cybercrime, organizations need to be able to monitor this ecosystem.

In the past, reputational missteps resulted from one of the primary causes of reputational damage: poor judgment and malfeasance. It has done great damage, both from an economic and ethical point of view. It is estimated that Volkswagen's quarterly operating profit dropped by almost 450 million euros six months after the diesel emissions scandal broke.  

Several dozen fake accounts were exposed at Wells Fargo and the bank was fined $185 million. There have also been instances when digital problems have been as powerful as traditional ones. In 2013 the infamous Target data breach turned out to be a $162 million loss for the company, as a result of the breach that occurred.  

Big enterprises create several systems to guard themselves against attacks that can cause disasters, in 2016 the estimated number of systems was 75.

The CEO of the security platform mentioned that scanning the web supports business and help them to safeguard from cyberattacks or find exfiltrated data previously.

A cyber-attacker who is planning to attack your company may seek advice from a third party or try to obtain resources, such as a botnet, on the Internet to deliver malicious payloads to your computer. Essentially, if you know where to look for them, you can find information that might alert you to an upcoming attack, so you need not worry about not being able to find it.

If a set of credentials is in the wrong hands, it only takes one set of credentials for your company to suffer a major blow in terms of its reputation. Detecting stolen credentials is not difficult - they are in the market for sale, so you can scan them for free! 

VIPs and corporate executives are of particular interest to hackers because they contain personal information about them. The information can be used to build convincing spearfishing attacks to gain access to sensitive information or intellectual property by using convincing spearfishing attacks. It is possible for some information, such as travel plans, to even put these individuals in a dangerous situation.

On a positive note, it is also good news that vulnerabilities about malware are one of the main topics of discussion on the dark web. With the proper threat intelligence, you can learn whether you are susceptible to potential cyber threats and if so, what you need to do to protect yourself. Thus, if you prepare in advance, you will be in a better position to deal with surprises in the future.

Israeli Security Company NSO Pretends to Be Facebook


As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”.

Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.

The Pegasus, as mentioned in reports, if installed once, can have access to text messages, device microphone, and camera as well as other user data on a device along with the GPS location tracking.

NSO has denied this but it still happens to be in a legal standoff with Facebook, which contends that NSO on purpose distributed its software on WhatsApp that led to the exploitation of countless devices. Another allegation on NSO is about having delivered the software to spy on journalist Jamal Khashoggi before his killing, to the government of Saudi Arabia, citing sources.

Facebook also claimed that NSO was also behind the operation of the spyware to which NSO appealed to the court to dismiss the case insisting that sovereign governments are the ones who use the spyware.

Per sources, NSO’s ex-employee, allegedly, furnished details of a sever which was fabricated to spread the spyware by deceiving targets into clicking on links. The server was connected with numerous internet addresses which happened to include the one that pretended to be Facebook’s. And Facebook had to buy it to stop the abuse of it.

As per reports, package tracking links from FedEx and other links for unsubscribing from emails were also employed on other such domains.

NSO still stand their ground about never using the software, themselves. In fact they are pretty proud of their contribution to fighting crime and terrorism, mention sources.

Security researchers say that it’s almost impossible for one of the servers to have helped in the distribution of the software to be within the borders of the USA. Additionally, reports mention, NSO maintains that its products could not be employed to conduct cyber-surveillance within the United States of America.

Facebook still holds that NSO is to blame for cyber-attacks. And NSO maintains that they don’t use their own software.