76% Indian businesses hit by cyber attacks in 2018, finds survey

By: Devika Singh

India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.

A recent survey by UK-based endpoint security provider Sophos has found that 76 per cent businesses were hit by cyber attacks in 2018, while globally 68 per cent organisations admitted cyber attacks last year.

India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.

“In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them,” Sunil Sharma, Managing Director Sales at Sophos India & SAARC told Business Today.

For the survey, 3,100 IT decision makers were interviewed between December 2018 and January 2019. In India, the company surveyed 300 IT decision makers and found that more than 18 per cent threats discovered in India are on mobile devices, almost double than the global average.

“When we tried to discover where do the most attacks come from? Primarily, we found two areas, servers and networks. But endpoint and mobile are also not far away,” Sharma added.

According to the survey report, in India, most cybercriminals are detected at the server (39 per cent) or on the network (35 per cent); 8 per cent are found on endpoints. On average, Indian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey.

More:  https://m.businesstoday.in/lite/story/76-per-cent-indian-businesses-hit-by-cyber-attacks-in-2018-finds-survey/1/327389.html

Laughing All The Way To The Bank: Cybercriminals Targeting U.S. Financial Institutions

By: Bhakti Mirchandani

The risk of cyberattack on financial services firms cannot be overstated. Cyberattacks cost financial services firms more to address than firms in any other industry at $18 million per firm (vs. $12 million for firms across industries). Financial services firms also fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries. In other words, while the typical American business is attacked 4 million times per year, the typical American financial services firm is attacked a staggering 1 billion times per year.

Although 1 billion times per year is significantly less frequent than the 4 billion times that the U.S. Postal Service was attacked in 2016 (primarily as a backdoor for cybercriminals into the rest of government), 1 billion times per year is still nearly 2,000 attacks per minute or over 30 attacks per second. The rate of breaches, or theft of sensitive data, in the financial services industry has tripled over the past five years.

Among financial services firms, banks lost $16.8 billion to cybercriminals in 2017. Attacks on SWIFT—the leading global network for money and security transfers—alone cost $1.8 billion year-to-date. Costs of cybercrime also include regulatory fines, litigation, additional cybersecurity following the breach, the need to respond to negative media coverage, identity theft protection and credit monitoring services to customers affected by breach and lost business due to reputational damage. According to Ponemon Institute’s consumer sentiment study, data breaches are in the top three of incidents that affect reputation, along with poor customer service and environmental incidents.

It should come as no surprise that the U.S. Treasury views cyberattacks as one of the key threats to U.S. financial stability and that cybersecurity (including data security and consumer protection) is one of the most important sustainability issues for the financial services sector according to multiple environmental, social and governance (ESG) standards-setting, research and ratings organizations.  These organizations range from the Sustainability Accounting Standards Board (SASB) to Sustainalytics, and their work affects the allocation of the $23 trillion in AUM being professionally managed under sustainable strategies.

Safeguarding data requires strong cybersecurity. As Sun Tzu explains in Art of War, security implies defensive tactics.

More: https://www-forbes-com.cdn.ampproject.org/c/s/www.forbes.com/sites/bhaktimirchandani/

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

By: Swati Khandelwal

Phishing works no matter how hard a company tries to protect its customers or employees.

Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.

Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote.

On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain.

But as I said, phishers always find a way to bypass security protections in order to victimize users.

Just over a month ago, the scammers were found using the ZeroFont technique to mimic a popular company and tricked users into giving away their personal and banking information.

 In May 2018, cybercriminals had also been found splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.

Why cryptojacking malware may be a sign of more serious intrusion

By: Dan Swinhoe

While the value of many cryptocurrencies has recently dropped off from their record highs, they still have strong appeal to cybercriminals.

The prospect of using thousands of devices to mine the likes of Monero is too tempting to ignore and so there has been a massive spike in malware that utilizes unknowing CPUs to generate money with little to no effort for the criminals and little obvious evidence of foul play to the user.

While on the surface it may seem that criminals could be doing far worse than mining cryptocurrency on your infrastructure, there can serious consequences if you find such an infection.

The rise and fall of browser-based mining

Last year cryptocurrency mining service CoinHive released code that would allow websites to generate revenue by using the CPU of the website visitors through cryptomining. This quickly led to a new trend in malware, where hackers inject legitimate websites with mining code.

One report puts the number of websites infected with cryptojacking malware at around 35,000. A notable case was the thousands of government websites including the UK Information Commissioner’s Office (ICO), National Health Service (NHS) Scotland, and the government portal of Queensland, Australia that were found to be hosting mining code. A Cisco Talos report estimates a single mining campaign could earn just under $1.2 million over the course of a year.

However, while browser-based cryptomining has proven lucrative for criminals, the boom has been short-lived. Various tools have since been released – built-in browser features, extensions, or features within security products – which block unauthorized crypto-mining, thus reducing the amount of money hackers can raise. Which has push criminals to search for new targets.

More: https://www.idgconnect.com/abstract/31066/why-cryptojacking-malware-sign-intrusion?connect_token=cHJlbWl1bV9hcnRpY2xlMTUzNDE3MjI3NQ==

Over 90 percent of endpoint security incidents involve legitimate binaries

By: Brian Jackson

Cybercriminals use a variety of tactics to cloak their activity and that includes using trusted tools, like PowerShell, to retrieve and execute malicious code from remote sources.

A new report from eSentire reveals that 91 percent of endpoint incidents detected in Q1 2018 involved known, legitimate binaries.

“eSentire Threat Intelligence data shows heavy use of legitimate Microsoft binaries, such as PowerShell and mshta.exe, popular tools for downloading and executing malicious code in the initial stages of a malware infection,” says Eldon Sprickerhoff, founder and chief security strategist, eSentire. “PowerShell can also be leveraged by adversaries to reduce their on-disk footprint and evade detective controls by operating in memory and obfuscating command-line parameters.”

The report also shows a dramatic increase in attacks targeting popular consumer-grade routers, like Netgear and Linksys (who between them have over three-quarters of the market) Researchers saw a 539 percent increase from Q4 2017 to Q1 2018. Increased targeting of routers was first observed in late 2017 when the Reaper Botnet gained media attention. Additionally, intrusion attempts across industries grew 36 percent, mostly due to DNS manipulation in consumer-grade routers. These attacks allow attackers to redirect victims to malicious infrastructure to achieve a variety of results, including malware and phishing landing pages.

“The increase in attacks against consumer network devices can be attributed to the perceived value in recruiting devices for attacks against businesses, as opposed to leveraging them as potential network entry-points,” says Sprickerhoff.

Other findings are that phishing rose 39 percent across industries, with DocuSign, Office 365, and OneDrive being the most popular lures. Office 365 showed the highest success rate and popularity for attacks, growing five fold over 2017.

More: https://betanews-com.cdn.ampproject.org/c/s/betanews.com/2018/06/29/security-legitimate-binaries/amp/

Time to act: how to protect your business against a new level of cyber threat

By: Zurich Insurance Group

The health system’s problem has morphed into a social problem – and also one for your organization. In an interconnected world, business leaders must look at risk holistically and build resilience within their organizations to the impact of a cyber-attack on critical infrastructure.

The Global Risks Report (GRR), published by the World Economic Forum (WEF) in collaboration with leading institutions such as Zurich Insurance Group, identifies cyber-attacks and data fraud/theft are two of the five main risks facing business in terms of perceived likelihood this year. The report also warns that the growing interconnectedness of the world means that what were once distant problems can now escalate and reach our doorsteps extremely quickly.

A frightening example of connectivity lifting cyber risk to a new level occurred in May 2017, when the WannaCry ransomware attack froze 300,000 computers in more than 150 countries. Hospitals and general practices in the UK’s National Health Service (NHS) were impacted, locking patient records and ultimately leading to 6,900 appointments cancelled.

Lori Bailey, Global Head of Cyber Risk, Commercial Insurance at Zurich Insurance Group, calls this a “pivotal point” for cyber-based claims because of its high cost – and the type of claims we might see in the future.

“What made WannaCry so unusual was that it didn’t affect just one industry or one specific size of company; it actually exploited a vulnerability in an operating system that many different companies used,” she says.

Paige H. Adams, Group Chief Information Security Officer, Global Information Security, Zurich Insurance Group, says that increasing cyber dependency globally coupled with the ease of access to sophisticated hacking tools is a dangerous mix.

“This accessibility, combined with the low risk of getting caught or prosecuted for cybercrime activity, results in a low risk/high reward scenario for cybercriminals, which is serving to increase the frequency of these activities. The effectiveness of cyber risk policing is hindered by a lack of international agreements and legal frameworks on global crime,” Adams says.

Although no NHS medical records were compromised by WannaCry, ransomware presents a particular concern to healthcare and financial institutions because of the sheer volume of sensitive personal data they hold. Crucially, the attack highlights the dependency and fragility of critical infrastructure to any organization’s operations.

More: https://biggerpicture.ft.com/cyber-risk/article/time-act-how-protect-your-business-against-new-level-cyber-threat/

Hackers Have Gone Automated – So Should Your Cybersecurity Defense

By: security boulevard

Recently, a study, conducted by security firm Cybereason, revealed that cybercriminals are now using automation to do their crime.

A fake server known as a honeypot was used to log everything done to it by hackers. When it was put online, it was quickly found and hijacked in a matter of seconds by a bot that was able to break through its digital defenses.

According to Ross Rustici, Cybereason’s head of intelligence services, “The bot did all the hard work.” Rustici added, “It shows how lazy hackers have become.”

When people talk about hackers many years ago, they imagined a person or a group of individuals sitting in front of laptops typing malicious code. Attacks were perpetrated by humans with programming knowledge.

Today, as technology advances, going through day-to-day activities has become easier for ordinary individuals. It follows, therefore, that even cybercriminals will come up with methods that will make it easier for them to obtain sensitive data that they can use or sell.

In Cybereason’s study, the bot found the server after being online for only two hours. It then started taking over the server aggressively. Passwords created for protecting some of the server’s functions were intentionally weak. As expected, the bot cracked the passwords and stole the fake information on the server. It took only up to 15 seconds for the bot to completely own the network, siphoning 3GB of data.

MORE: https://securityboulevard-com.cdn.ampproject.org/c/s/securityboulevard.com/2018/04/hackers-have-gone-automated-so-should-your-cybersecurity-defense/amp/

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

By: Swati Khandelwal

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users’ sensitive information, login credentials and the secret code for two-factor authentication.

In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and poorly secured routers.

DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more.

Hijacking routers’ DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher—both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers.

Discovered by security researchers at Kaspersky Lab, the new malware campaign has primarily been targeting users in Asian countries, including South Korea, China Bangladesh, and Japan, since February this year.

Once modified, the rogue DNS settings configured by hackers redirect victims to fake versions of legitimate websites they try to visit and displays a pop-up warning message, which says—”To better experience the browsing, update to the latest chrome version.”

MORE: https://thehackernews.com/2018/04/android-dns-hijack-malware.html

Hackers infect Facebook Messenger users with malware that secretly mines bitcoin alternative monero

By: sikur

By Aatif Sulleyman

‘Like many cybercriminal schemes, numbers are crucial — bigger victim pools equate to potentially bigger profits’, researchers say

Cybercriminals are using Facebook Messenger to infect computers with malware that mines cryptocurrency.

Security researchers the Trend Micro cyber security firm said “Digmine” is targeting as many machines as possible, in order to earn monero – an alternative to bitcoin – for its creators

It could also help cyber criminals completely take over a Facebook account, the researchers added.

The bot was detected by cyber security firm Trend Micro, which says “Digimine” is designed to look like a video file.

MORE: https://www-independent-co-uk.cdn.ampproject.org/c/www.independent.co.uk/life-style/gadgets-and-tech/news/digmine-facebook-messenger-cryptocurrency-mining-malware-monero-bitcoin-a8125021.html?amp

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist