Tag: Cyberattack

Cleartrip reports cyberattack but tells customers their ‘sensitive’ data is safe

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Flight booking platform Cleartrip on July 18 said its internal systems were breached by unnamed perpetrators.

In an e-mail sent to customers, Cleartrip said, “This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems.”

In the e-mail, Cleartrip informed that apart from a person’s profile, “no sensitive information pertaining to your Cleartrip account has been compromised as a result of this anomaly of our systems.”

Also Read: Apple launches new ‘Lockdown Mode’ for protection against spyware

“As per our protocols, we have immediately intimated the relevant cyber authorities and are taking appropriate legal action and recourse to ensure necessary steps are being taken as per the law,” the company said.

Reacting to the data breach, a Cleartrip spokesperson said, “We have identified a security anomaly in a few of our internal systems. Our information security team is currently investigating the matter along with a leading external forensics partner and is taking the necessary action. Appropriate legal action and recourse are being evaluated and steps are being taken as per the law.”

In April this year, the Indian Computer Emergency Response Team (CERT-In) had asked all government and private agencies, including internet service providers, social media platforms and data centres, to mandatorily report cyber security breach incidents to it within six hours of noticing them.

Also Read: Stockbrokers must report any tech breach within six hours — this and other diktats by SEBI

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

OIL cyberattack: Russian malware planted from Nigeria server, says police

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

A Russian malware planted from a server in Nigeria was used for a recent cyber attack on Oil India’s (OIL) system in Assam’s Duliajan, which had brought down the PSU major’s network, a top police official said on April 22.

The OIL system is yet to be restored completely even after 10 days of the incident, they added. A top police official, who wished not to be named, told PTI.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Cryptojacking: What is it and how to protect yourself from such attacks?

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Most cyber-attacks involve the theft of a crypto wallet’s private keys. With access to these keys, scammers can drain your crypto wallet in no time. While this might be the most common form of cyber fraud, there’s another crypto theft in town that has been around since 2017, known as cryptojacking.

What is cryptojacking?

Taking unauthorized control of somebody else’s computer to mine cryptocurrency is called cryptojacking. Hackers enter foreign systems by coaxing users to click on malicious links disguised in seemingly genuine e-mails. Once the link has been clicked on, it automatically runs the crypto mining code on your system through your web browser. Crypto mining then continues in the background without the user finding out until other applications on the system begin to get affected.

Also Read: Hackers steal $320 mn in crypto: Here are the 10 biggest digital currency thefts of all time

Cryptojacking saves hackers the cost of setting up their own mining equipment, so they leech off others’ resources. Moreover, crypto mining involves complex mathematical calculations, thus consuming immense electrical power. When you add it all up, you realize how much you really lose by being a victim of this cyber-crime.

How does cryptojacking work?

Hackers usually deploy two modus operandi to enter targeted systems discreetly. The first one is by tricking users into loading slyly embedded mining codes on their respective systems through phishing — the activity of using legitimate-looking e-mails to veil malicious codes and links.

The second method used by hackers is called a ‘drive-by.’ Victims are tempted to visit infected websites on their browsers. Upon doing so, an infected ad pops up on the screen. As soon as this happens, a script automatically executes itself and loads the crypto mining code on the victim’s computer. In this case, the code is not stored in e-mails or on the target system. Security firm Malwarebytes writes that pop-ups are designed to fit behind taskbars and clocks such that they remain invisible to the human eye.

Also Read: Hackers opt for covert methods for cryptocurrency mining, says report

Since the motive behind cryptojacking is solely money, hackers often deploy both methods to maximize their chances of stealthily entering target systems. “Attacks use old malware tricks to deliver more reliable and persistent software [to the victims’ computers] as a fallback,” said Alex Vaystikh, CTO and co-founder of SecBI, a cybersecurity firm, to CSO India in 2021.

Some crypto mining codes are designed to trigger worming — a method by which the infection is spread to other devices on the same network, including the server itself. They are also much harder to get rid of and usually remain undetectable. Not to mention, hackers gain access to a huge amount of computing resources through just one infection.

How can cryptojacking be defeated? 

Cryptojacking software is designed to remain hidden on your devices as they consume your resources to mine cryptocurrency on the hacker’s behalf. However, there is a silver lining — most crypto mining scripts planted on your machines do not corrupt or steal personal data. They are just there as parasites, consuming your computing resources.

Cryptojacking attacks can target desktops, laptops, tablets, and mobile phones across all operating systems. Depending on how subtly your system has been attacked, you may be able to spot some indications of a cyberattack.

Here are some bright red beacons to watch out for:

• Excessive usage of your central processing unit (CPU)  / graphics processing unit (GPU)
• Slowing down of your device, which becomes more apparent as you use more applications in parallel

Also Read: New York couple arrested in $4.5-billion Bitfinex crypto heist; all you need to know

• Repeated usage of cooling fans on your desktop or laptop (increased noise) as the processor keeps overheating
• Battery life reduces by a large margin
• A sharp increase in your electricity bills could also hint towards cryptojacking

How do you protect yourself against cryptojacking?

The best way to steer clear of this threat is to run a powerful and authentic antivirus on your devices. One must periodically scan for threats in order to avoid over utilization of your resources. Coindesk recommends the following antivirus programs for the best protection:

• Avast
• Avira Antivirus
• Malwarebytes
• Bitdefender
• ESET

The Interpol website says that Monero (XMR) is the most sought-after cryptocurrency for cryptojacking activities. This is because Monero allows miners to remain anonymous through its protocols. Thus, tracing XMR transactions is also a very tedious task.

Previously, Bitcoin (BTC) used to be the cryptojackers’ favourite. But the increased competition in mining activities coupled with the astonishing amount of power it consumes has made BTC one of the lesser chased cryptocurrencies.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Microsoft latest tech giant to have source code stolen; likely hacker not a surprise

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Microsoft, one of the world’s largest companies, has become the latest victim of a cyberattack, that has resulted in the theft of some of its source code. The perpetrator of the attack, according to both Microsoft and the group itself, is the supposedly South America-based Lapsus$.

Lapsus$ has also claimed responsibility for recent attacks targeting groups like Samsung, Nvidia, Ubisoft, and Okta. Just like Microsoft, Samsung and Nvidia have confirmed the attacks on their organisations while Okta has refuted any claims of a hack.

Also read: After Nvidia, Samsung under cyberattack; hackers target Galaxy devices’ source code

Lapsus$ posted a 37GB archive, which it claims, holds partial source code for Microsoft’s browser Bing and Microsoft’s AI assistant Cortana. The group stated that it had secured around 45 percent of the source code for Bing and Cortana, along with nearly 90 percent of the source code for Bing Maps.

Microsoft confirmed the hack on March 22, stating that it had found that the group, which Microsoft calls DEV-0537, managed to compromise a single account and gained limited access. Microsoft was able to shut the account down and prevent any further breach of data, though it is suggested by others that the group had claimed the breach before it had secured the data, and as a result was booted out before it could finish its operation.

Also read: Nvidia confirms ransomware attack and leak of data; hacking the hacker didn’t help

“This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity,” Microsoft stated on its security blog.

Microsoft stated that it had been studying the group for weeks and the cyberattack is motivated by theft and destruction.

Also read: Explained: What is Facebook Protect; how it helps users at risk of cyberattacks

“Microsoft Threat Intelligence Center (MSTIC) assesses that the objective of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction,” the company stated.

This is not the first time that Microsoft has been on the receiving end of a cyberattack that has accessed its source code. In December 2020, Microsoft was one of the targets of the massive Solar Winds cyberattack conducted by multiple Russian hacker groups.

Also read: View | Superheroes or supervillains: Rise of vigilantism in increasingly digital world

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Deepfakes, cryptocurrencies and mobile wallets: Cybercriminals find new targets

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Ransomware activity over 2021 reached new heights as key infrastructures were hit in several high-profile cases. Analysts from Check Point Research (CPR) have predicted supply chain cyberattacks with larger ransom demands in the coming year.

CPR, a leading provider of cyber security solutions to corporate enterprises and governments globally, made several key predictions for 2022 in its report.

Also read: India to play key role in Joe Biden’s meet on ransomware attacks; all you need to know

“In 2021, cybercriminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organisations’ supply chains and networks to achieve maximum disruption,” said Maya Horowitz, VP Research at Check Point Software.

Deepfakes will prove to be a huge issue as technology advances enough to create believable audio and video that can be easily weaponised to spread targeted content for misinformation and to even target stock prices.

Hackers will soon attempt to infiltrate more cryptocurrencies by taking over wallets using new exploits in a rapidly-developing technology. “When money becomes purely software, the cybersecurity needed to protect against hackers stealing and manipulating Bitcoins and altcoins is sure to change in unexpected ways,” the report stated.

“Throughout 2021, misinformation was spread about the COVID-19 pandemic and vaccination information. In 2022, cyber groups will continue to leverage fake news campaigns to execute various phishing attacks and scams,” CPR added.

Also read: US to crack down on crypto ransomware attackers, issue guidelines: Report

Digital payment platforms, mobile wallets and unified payment systems (UPI) have become commonplace for the smartphone-centric individual. The ubiquity of such devices and apps will only help cybercriminals prey on unsuspecting people who use those platforms.

Seeing the success of ransomware attacks on supply chain organisations, many cybercriminals will focus on targeting such companies. In response, governments will begin to rapidly mobilise response networks to counter, address and protect their national infrastructure from such attacks.

Also read: Air India cyber attack: Hackers target passengers’ credit card info, passport details

“The sophistication and scale of cyberattacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks. Looking ahead, organisations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks, including the most advanced ones. To stay ahead of threats, organisations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks,” Horowitz added.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Iran says cyberattack closes gas stations across country

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Iranian state television says a cyberattack has targeted gas stations across the Islamic Republic. The announcement read on air comes after long lines formed at stations in Tehran and elsewhere Tuesday.

State TV quoted an official with Iran’s National Security Council confirming the attack. Oil Ministry officials were holding an emergency meeting to solve the technical problem.

No group immediately claimed responsibility for the outage. However, electronic billboards in one major city also appeared to have been targeted in the hack.

Gas stations across Iran suffered through a widespread outage of a government system managing fuel subsidies, stopping sales in an incident that one semiofficial news agency briefly referred to as a cyberattack.

An Iranian state television account online shared images of long lines of cars waiting to fill up in Tehran. An Associated Press journalist also saw lines of cars at a Tehran gas station, with the pumps off and the station closed.

The semiofficial ISNA news agency, which called the incident a cyberattack, said it saw those trying to buy fuel with a government-issued card through the machines instead receive a message reading cyberattack 64411. Most Iranians rely on those subsidies to fuel their vehicles, particularly amid the country’s economic problems.

While ISNA didn’t acknowledge the number’s significance, that number is associated to a hotline run through the office of Iran’s Supreme Leader Ayatollah Ali Khamenei that handles questions about Islamic law. ISNA later removed its reports.

Farsi-language satellite channels abroad published videos apparently shot by drivers in Isfahan, a major Iranian city, showing electronic billboards there reading: Khamenei! Where is our gas? Another said: Free gas in Jamaran gas station, a reference to the home of the late Supreme Leader Ayatollah Ruhollah Khomeini.

No group immediately claimed responsibility for the outage. However, the use of the number 64411 mirrored an attack in July targeting Iran’s railroad system that also saw the number displayed. Israeli cybersecurity firm Check Point later attributed the train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

Indra previously targeted firms in Syria, where President Bashar Assad has held onto power through Iran’s intervention in his country’s grinding war.

Iran has faced a series of cyberattacks, including one that leaked video of abuses its notorious Evin prison in August.

The country disconnected much of its government infrastructure from the internet after the Stuxnet computer virus widely believed to be a joint US-Israeli creation disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Meatpacker JBS paid equivalent of $11 million in ransomware attack, CEO says

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Meatpacker JBS USA paid the equivalent of USD 11 million ransom in a cyberattack that disrupted its North American and Australian operations, the company’s CEO said in a statement on Wednesday. The subsidiary of Brazilian firm JBS SA halted cattle slaughtering at all of its US plants for a day last week in response to the cyberattack, which threatened to disrupt food supply chains and further inflate already high food prices.

The cyberattack followed one last month on Colonial Pipeline, the largest fuel pipeline in the United States. It disrupted fuel delivery for several days in the US Southeast.

The JBS meat plants, producing nearly a quarter of America’s beef, recovered faster than some meat buyers and analysts expected.

”This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA of the ransom payment. ”However, we felt this decision had to be made to prevent any potential risk for our customers.”

The Brazilian meatpacker’s arm in the United States and Pilgrims Pride Corp, a US chicken company mostly owned by JBS, lost less than one day’s worth of food production. JBS is the world’s largest meat producer.

Third parties are carrying out forensic investigations and no final determinations have been made, JBS said. No company, customer, or employee data was compromised in the attack, it said.

A Russia-linked hacking group is behind the cyberattack against JBS, a source familiar with the matter said last week. The Russia-linked cyber gang goes by the name REvil and Sodinokibi, the source said.

The Wall Street Journal reported on Wednesday that the JBS ransom payment was made in bitcoin.

The Justice Department on Monday recovered some USD 2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the attack.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Explained: How US managed to get Colonial Pipeline’s Bitcoin ransom back

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

The US recently announced that it had recovered the ransom paid by Colonial Pipeline to the ransomware group Darkside in May this year. The Department of Justice said on June 7 that it had managed to recover 63.7 Bitcoins of the 75 that was paid as ransom to resume operations.

The ransom was paid after Colonial Pipeline had to close over 8,000 km of its network due to a ransomware attack.

Colonial Pipeline had paid a ransom of $4.5 million in order to decrypt their software. Of that amount, $2.3 million was recovered by the Federal Bureau of Investigation. Even though a significant portion of Bitcoins was recovered, the drop in Bitcoin price means that a large portion of the value was lost.

How was the money paid?

Colonial Pipeline had paid the ransom through Bitcoin to Darkside, the group that had claimed responsibility for the ransom attack. Bitcoin exchange is preferred by cybercriminal groups because of its decentralised nature. Digital currency is believed to be totally anonymous, confidential, and hard to trace. But such assumptions have been put to test with the FBI managing to recover the ransom.

The shared public record is stored in the blockchain and it is often possible to track these.

How did the FBI recover the ransom?

After the ransom was paid, the Bitcoins were transferred through multiple addresses and wallets. As the FBI had been informed well in advance, they began tracking the money as it was being transferred. Since every Bitcoin transfer is recorded in a public ledger, the transfers can be traced easily.

The FBI managed to trace back 69.6 Bitcoins back to a single account using a blockchain explorer. The organisation found that over two dozen unique Bitcoin addresses were used in the laundering attempt.

After this, the investigators managed to access the private key to the wallet holding the ransom. Details are unclear as to how the FBI managed to get a hold of the wallet key. Possible sources include hacking the group to find the private key address, using an informant, or asking a cryptocurrency exchange to hand over the information if the ransom was stored there.

The FBI provided no details but promised they would continue to improve its mechanism to recover digital ransom payments.

“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,” said FBI Deputy Director Paul Abbate.

“We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”

“Cybercriminals are employing ever more elaborate schemes to convert technology into tools of digital extortion,” said Acting U.S. Attorney for the Northern District of California Stephanie Hinds. “We need to continue improving the cyber resiliency of our critical infrastructure across the nation, including in the Northern District of California. We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments.”

Bitcoin prices slumped to a two-week low, with analysts pointing to a technical breakdown as well as the recovery of Colonial Pipeline’s ransom as evidence that cryptocurrency isn’t beyond government control.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Cyberattack: US has recovered ransom payment made after pipeline hack

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month, officials said Monday. The operation to recover the cryptocurrency from the Russia-based hacker group is believed to be the first of its kind and reflects what US officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks, Deputy Attorney General Lisa Monaco said at a news conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after a gang of criminal hackers known as DarkSide broke into its computer system.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a roughly USD 4.4 million ransom in an effort to bring itself back online as soon as it could. The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow