Security World This Week- July 24th

Reliance Jio data hack: Cybersecurity cell suspends site involved in the breach, carriers put on high alert Jio has reportedly roped in consultancy EY to investigate the alleged data breach which hit its subscriber database on Sunday night. Recent Reliance Jio subscriber database breach has been touted as the biggest such incident in India till now as data pertaining to over 120 million Jio users leaked online via a website called Magicapk. Cybersecurity cell of the government has blocked the site after receiving a complaint from the companyMeanwhile, Jio has assured its customers that their data is safe and the company is investigating the root cause of the issue. Confidential information about Jio subscribers including mobile number, email ID, SIM activation date and even Aadhaar details were found on the alleged website. The online threat for mobile devices is reportedly growing enormously, as 60-65 percent of the financial transactions are expected to go through mobile devices this year. Jio has reported the data breach incident to Cert-in, the ministry agency that tracks computer security. “I think this (data breach) is a real threat all of us live with around the world and certainly in India,” Gopal Vittal, CEO (India & South Asia), Bharti Airtel, told reporters on Monday. It said that prima facie evidence suggests that the information on Magicapk. We want to assure our subscribers that their data is safe and maintained with highest security. Meanwhile, mobile network carriers have been put on high alert in the wake of recent ransomware attacks that hit companies across various sectors.

China to launch ‘unhackable’ quantum network for ultra-safe communication The quantum communication system makes it impossible for hackers to steal information without corrupting the signal, and ultimately alerting the network. The reason why the first commercial quantum communication network is being used at Party and government offices is because those departments have a greater need to keep information safe. The Jinan Institute of Quantum Technology on Sunday said that the newly developed quantum network would connect the Communist Party and government bodies in Jinan. China is all set to put into commercial use its first “unhackable” communication network,based on quantum technology. Quantum communication uses quantum entanglement of photons to secure the network between two parties exchanging secret messages. The launching of the quantum communication network for government purposes suggests that China is confident in its new technology, and is likely to implement it across all government departments soon. Jinan conducted a pilot run of the quantum communication network in 2012, providing services for up to 50 users, who were spread across several hundred square kilometres. The new ultra-safe communication system, which is expected to be impenetrable to hackers, will be launched in the city of Jinan, the capital of eastern China’s Shandong province, by the end of next month. The network will initially offer secure communication for nearly 200 users from the government, military, finance and electricity sectors. China announced last month that its scientists managed to transmit “entangled” photons over long distances from space to Earth, in what was seen as a landmark experiment in quantum communication. The network underwent testing recently, with designers satisfied with its performance, especially because of its ability to provide extremely secure communications.

Jio data breach triggers call for stringent cyber security laws in India The data breach, reportedly the biggest in India, affected more than 100 million Jio users and triggered a wave of calls for the country to adopt stringent data security laws. After suffering a massive data leak on 9 July, Indian telecom upstart Reliance Jio Infocomm has been facing the wrath of its users and independent security researchers over weak data protection standards. Need for robust data security laws Time and again, India’s cyber security framework has been questioned. “We don’t have full-menu data protection laws,” said Apar Gupta, a Supreme Court lawyer working on data privacy issues. ” India, which is host to a number of MNCs, has also failed to secure the “data-secure” status from the European Union due to its weak data privacy laws. According to a report from Centre for Internet and Society (CIS), as many as 135 million Aadhaar numbers have been leaked from government databases. While people have been complaining about Jio leaks on Twitter, advocates of stringent cyber laws in the country are slamming the entire situation, comparing it with breaches in Britain and United States, where strict cyber crime laws are in place and regulator-level inquiry is initiated immediately. Before Jio, leaked data of over 17 million Zomato (food delivery app) users were put on sale on the dark web. Though the telecom giant has repeatedly denied the allegations of any data breach, a report from Reuters suggests that the company has acknowledged “unlawful access to its systems” in its police complaint. Jio, a part of Mukesh Ambani-owned Reliance Industries, said that the telephone numbers and email addresses posted on the site called “Magicapk” appeared to be “unauthentic.They also assured that their “data is safe and maintained with highest security” and is only shared with “authorities as per their requirement”

Who was behind the Qatar hack? US intel sees UAE hand in cyberattack that sparked regional crisis The hacking of Qatar’s government news and social media sites in May was reportedly orchestrated by the UAE, according to US intelligence officials. According to intelligence officials, the working theory since the attacks was reported has been that the UAE, Saudi Arabia, Egypt or a combination of these countries were involved in orchestrating the hacks. The diplomatic crisis caused by the cyberattack has reportedly brought to the fore a long-drawn out feud between the Gulf monarchies, which last erupted when the UAE and Bahrain accused Qatar of providing a safe haven to their political dissidents and funding terrorists. Shortly after the hack, citing the emir’s reported comments, the UAE, Saudi Arabia, Bahrain and Egypt blocked all Qatari news sites and severed ties with Qatar. The Washington Post reported that recently analysed evidence obtained by US intelligence agencies confirms that on 23 May senior UAE government officials discussed hacking Qatari sites. “Qatar has evidence that certain iPhones originating from countries laying siege to Qatar were used in the hack,” Qatari government’s attorney general Ali Bin Fetais al-Marri said in a statement last month. The Washington Post reported that Otaiba’s private emails were hacked by a pro-Qatari hacker group called GlobalLeaks and the ambassador’s private account’s contents have since been circulated to journalists. However, US officials are reportedly unsure whether the UAE government itself carried out the attacks or contracted a third party. The QNA (Qatar News Agency) hack led to a major regional upheaval, straining Qatar’s relations with its neighbours. “The UAE had no role whatsoever in the alleged hacking,” UAE ambassador Yousef al-Otaiba said in a statement.

Mac spy malware OSX Dok mirrors banking sites to steal money and tracks victims with Dark Web server Unfortunately, the OSX/Dok malware is still on the loose and its owners continue to invest more and more in its obfuscation by using legitimate Apple certificates,” the Check Point researchers said. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well,” Check Point researchers added. Apple users are under threat from a recently discovered Mac malware dubbed OSX Dok, which according to security researchers, has been customised to steal money from Mac users. How to avoid being infected by X-Agent Mac malware created by Fancy Bear Russian hackers The malware poses as legitimate banking websites and tricks victims into entering their login credentials. According to the Check Point researchers, OSX Dok is primarily targeting victims in Europe. The researchers speculate that Signal is installed on victims’ phones to allow the hackers to communicate with victims to commit further fraudulent activities. Check Point security researchers said they’ve noticed a recent surge in the malware’s activities. “Alternatively, the perpetrator might be using Signal temporarily, to acquire install rate statistics and prove the method is working, while planning to install a malicious mobile application with future victims at a later time. Malware targeting victims primarily in Europe The malware, once installed on systems, downloads Tor to communicate with its dark web-based C&C (command and control) server.The malware has now begun mirroring websites of major banks in an attempt to steal users’ banking credentials.

What is GhostCtrl? Android malware ‘possesses’ devices to spy, steal and do its bidding Trend Micro researchers say that the malware has three versions. Unlike other Android malware variants, GhostCtrl goes much further in harvesting victims’ data, pilfering information such as “Android OS version, username, Wi-Fi, battery, Bluetooth, and audio states, UiMode, sensor, data from camera, browser, and searches, service processes, activity information, and wallpaper. “GhostCtrl has backdoor features and is very flexible According to Trend Micro researchers, GhostCtrl also functions as a backdoor and has been designed to allow hackers to go after specific targets and content. GhostCtrl is capable comprehensively infiltrating a device and manipulating it to “do its bidding,” researchers say. This version would allow hackers to lock the device’s screen, alter the device’s password and also root it. “This is the command that allows attackers to manipulate the device’s functionalities without the owner’s consent or knowledge,” researchers said. Security experts say that the malware is a variant of the OmniRATmalware that can target Android, Mac, Windows and Linux systems, and is commercially available. The newest kid on the Android malware block is GhostCtrl. “It can also hijack the camera, create a scheduled task of taking pictures or recording video, then surreptitiously upload them to the C&C server as mp4 files,” Trend Micro researchers said. GhostCtrl appears to be a truly potent malware and comprehensively “possesses” devices to spy on victims and steal extensive data, including call logs, SMS records, contacts, phone numbers, SIM serial number, location, and browser bookmarks.

Ethereum heist: Hacker stole $7m from CoinDash in under 5 minutes “It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event,” CoinDash said in a statement. The hacker managed to replace the firm’s Ethereum wallet’s address with a fraudulent one, thereby tricking investors into sending their cryptocurrency to the hacker. CoinDash said that those who unknowingly sent money to the fake Ethereum address “will receive their CDT tokens accordingly. The heist occurred when CoinDash, a trading platform for ether, launched its Initial Coin Offering (ICO), which is basically a crowdfunding campaign that allows investors to own a stake of the app or service by purchasing digital assets called tokens. Within three minutes of CoinDash launching its ICO, the hacker began raking in the money from CoinDash’s investors. “All we know now is that an outside attacker changed the address right after the sale started,” Ram Avissar, the marketing director of Coindash, told Motherboard. “The heist has reportedly led to some users casting doubts on CoinDash’s claims of being hacked. However, investors who made transactions after CoinDash shut down its website “will not be compensated,” the firm said. Upon discovering the hack, CoinDash shut down its website and took to Twitter to notify users about the theft. We are looking into the security breach and will update you all as soon as possible about the findings” CoinDash said.

Password stealing malware Ovidiy now up for sale for just $7 The Proofpoint researchers said the malware is “lightweight” and simple to use, which when combined with the malware developers’ frequent updates and support system, provide it the potential to become a “much more widespread threat”, “While it is not the most advanced stealer we have seen, marketing and an entry-level price scheme make it attractive and accessible to many would-be criminals,” the Proofpoint researchers said. “Stolen credentials continue to be a major risk for individuals and organisations, because password re-use can enable one stolen login to compromise several more accounts, and the sale of stolen accounts continues to be a lucrative market for criminals looking for quick profits. To make it easier for potential buyers to purchase Ovidiy, the cybercriminals marketing the credential stealing malware are using a payment service called “RoboKassa”, considered to be the Russian equivalent of PayPal. Although cybercrime-as-a-service has made marketing malware on the dark web fairly popular, Proofpoint researchers said that Ovidiy is not being sold on the dark web. Researchers at Proofpoint say that the payment service allows buyers to pay using credit cards. “The growing number of samples demonstrate that criminals are actively adopting this malware,” Proofpoint security experts said. Ovidiy also sends any passwords it finds to the hackers operating the malware, which leaves organisations at risk of being targeted multiple times, especially in the event of password reuse. Security researchers said the malware is currently priced between $7 and $13 (￡5 – ￡ 9) and is being marketed primarily in “Russian-speaking regions. A new password stealing malware, dubbed Ovidiy, is now being sold dirt cheap. Ovidiy Stealer highlights the manner in which the cybercrime marketplace drives innovation and new entrants and challenges organisations that must keep pace with the latest threats to their users, their data, and their systems.

FedEx braces for financial loss as global cyberattack leaves computer systems offlineIn an annual report for the fiscal year 2017 sent to the Securities and Exchange Commission (SEC), FedEx revealed that the June 27 ‘NotPetya’ ransomware attack will have both financial and “material” consequences on the business, warning some systems may be lost forever. A FedEx statement read: “We cannot estimate when TNT services will be fully restored. “We cannot yet estimate how long it will take to restore the systems that were impacted, and it is reasonably possible that TNT will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted. “A loss in revenue” Company officials said that the sheer scope of the NotPetya cyberattack, which eventually spread to more than 60 countries, means that bosses are still evaluating the financial impact. “Our information technology teams have been focused on the recovery of critical systems and continue to make progress in resuming full services and restoring critical systems. “Contingency plans that make use of both FedEx Express and TNT networks remain in place to minimise the impacts to customers. the multinational courier and delivery services firm, has revealed it is yet to regain full operational control of its Netherlands-based subsidiary TNT Express, a transportation company it acquired in May 2016 for $4. ” It revealed that “manual processes” were now being used to keep the day-to-day business functioning as usual. The firm revealed that the business did not have a cyber-insurance policy in place. The SEC filing said all TNT depots, hubs and facilities are operational, but that “customers are still experiencing widespread service and invoicing delays.

Telegram founder pledges purge of Isis content as platform hit with Indonesia blackout The co-founder of encrypted chat service Telegram has pledged to ramp up efforts to rid the platform of terrorist sympathisers and propagandists who use the app to communicate, mere days after the company faced a backlash in Indonesia for failing to tackle the issue. “This has to be done because there are many channels on this service that are full of radical and terrorist propaganda, hatred, ways to make bombs, how to carry out attacks, disturbing images, which are all in conflict with Indonesian law,” the ministry said. Used by more than 100 million users around the world, Telegram is one of several applications which uses strong encryption to shield conversations from prying eyes. Durov added: “Telegram is heavily encrypted and privacy orientated, but we’re no friends of terrorists – in fact, every month we block thousands of Isis-related public channels. “I am confident we can efficiently eradicate terrorist propaganda without disrupting the legitimate use of Telegram by millions of Indonesians. Responding to the ban threat on 16 July, Durov wrote on his Telegram channel: “We are forming a dedicated team of moderators with knowledge of Indonesian language and culture to be able to process reports of terrorist-related content more quickly and accurately. Indonesian police have said suspected fighters claim they had previously used Telegram’s services to communicate and, in some cases, receive “orders and directions. ” The statement, titled ‘Some thoughts on Indonesia’, revealed that the co-founder was “unaware” of the takedown requests received from the Indonesian government until it was too late. Much more than a simple messaging app, it is used to host “channels” which are more akin to real-time chatrooms. In a previous investigation by IBTimes UK, Telegram was found to be hosting a wide variety of Isis-linked content – from weapon-making manuals to propaganda posters.