Cyber Attack: Securing Digital Payments In The Age Of Emerging Technologies

By: Inc42

In recent times, India’s financial systems have been heavily targeted by malicious cyber actors due to an indefinite cyber framework. This can be further explained through the cyber attack instances of millions of debit cards being hacked in the past few years.

About 70% of the organizations have experienced some form of cyber-attack with phishing, Distributed Denial of Service (DDoS) or spam. The rising incidents of cyber frauds in digital payments, the Hitachi ATM data breach in 2016, surge in ransomware attacks such as Wannacry and Petya, Yahoo data breach etc. signifies that India requires updated technologies as well as policies to protect millions of personal data.

The breach of the latter isn’t just a done to hinder daily activities, but also a carry forward to activities such as cyber-espionage which are an attack to a country’s national security.

Global Systems Of Hacking

The attackers today are progressively building advanced technologies to target core banking systems especially concerned with payments. Their activities are becoming more and more aggressive and assertive than before to interrupt the victim’s capability to respond. They are further collaborating across multiple geographies heightening the attacker’s anonymity by requiring no additional resources to carry out the attacks.

As hackers are operating globally and collaborating across multiple geographies, it is therefore fundamentally critical to ensure that jurisdictions and organisations across the world collaborate to counter this growing threat. In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to consider.

Cyber-attacks are more sophisticated and now target the entire payments life cycle.

Need For A Coordinated And Integrated Approach

Silos that exist between lines of business, payment operations (across payment types, business functions, and geographies), cybersecurity, risk, compliance, technology, treasury, and business continuity hamper the carefully coordinated response needed to prevent, detect and respond to attacks.


Fake Malware Tricks Radiologists Diagnosing Cancer

By: Kacy Zurkus

With the use of deep learning, researchers Yisroel Mirsky, Tom Mahler, Ilan Shelef and Yuval Elovici at Cyber Security Labs at Ben-Gurion University demonstrated in a video proof of concept (PoC) that an attacker could fool three expert radiologists by falsifying CT scans, inserting or removing lung cancer, the Washington Post reported.

“In 2018, clinics and hospitals were hit with numerous cyber attacks leading to significant data breaches and interruptions in medical services,” the researchers wrote. “Attackers can alter 3D medical scans to remove existing, or inject non-existing medical conditions. An attacker may do this to remove a political candidate/leader, sabotage/falsify research, perform murder/terrorism, or hold data ransom for money.”

Using a test dummy to highlight the vulnerabilities in picture archiving and communication systems (PACS), researchers demonstrated that 98% of the times they injected or removed solid pulmonary nodules, they were able to fool radiologists and state-of-the-art artificial intelligence (AI).

“I was quite shocked,” Nancy Boniel, a radiologist in Canada who participated in the study, told the Washington Post. “I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”

According to the PoC, researchers built a man-in-the-middle device to use the method of attack that penetration testers demonstrated in a hospital. The researchers gained access to the radiologist’s workstation and the CT scanner room after the cleaning staff opened the door for them. In a matter of 30 seconds, they installed a device running a fake malware designed to inject or remove images.

Once installed, the attackers returned to the waiting room, where they had remote wireless access and were able to intercept and manipulate CT scans, which were not encrypted.


76% Indian businesses hit by cyber attacks in 2018, finds survey

By: Devika Singh

India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.

A recent survey by UK-based endpoint security provider Sophos has found that 76 per cent businesses were hit by cyber attacks in 2018, while globally 68 per cent organisations admitted cyber attacks last year.

India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.

“In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them,” Sunil Sharma, Managing Director Sales at Sophos India & SAARC told Business Today.

For the survey, 3,100 IT decision makers were interviewed between December 2018 and January 2019. In India, the company surveyed 300 IT decision makers and found that more than 18 per cent threats discovered in India are on mobile devices, almost double than the global average.

“When we tried to discover where do the most attacks come from? Primarily, we found two areas, servers and networks. But endpoint and mobile are also not far away,” Sharma added.

According to the survey report, in India, most cybercriminals are detected at the server (39 per cent) or on the network (35 per cent); 8 per cent are found on endpoints. On average, Indian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey.


City of Del Rio Hit by Ransomware Attack

By: Kacy Zurkus

Another ransomware attack has made headlines with the city of Del Rio, Texas, announcing on January 10, 2019, that the servers at City Hall were disabled, according to a press release.

“The first step in addressing the issue, was for the City’s M.I.S. (Management Information Services) Department to isolate the ransomware which necessitated turning off the internet connection for all city departments and not allowing employees to log into the system. Due to this, transactions at City Hall are being done manually with paper.”

As has been the alternative method of communication for many organizations that have been impacted by cyber-attacks, Del Rio turned to social media, using Facebook to inform citizens of alternative payment options available to them.

After reporting the attack to the FBI, Del Rio was referred to the Secret Service. “The City is diligently working on finding the best solution to resolve this situation and restore the system. We ask the public to be patient with us as we may be slower in processing requests at this time,” the press release said.


New Shamoon Malware Variant Targets Italian Oil and Gas Company

By: Swati Khandelwal

Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia’s largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East.

Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, including Saudi Arabia, the United Arab Emirates and Kuwait, but also in India and Scotland.

Saipem admitted Wednesday that the computer virus used in the latest cyber attack against its servers is a variant Shamoon—a disk wiping malware that was used in the most damaging cyber attacks in history against Saudi Aramco and RasGas Co Ltd and destroyed data on more than 30,000 systems.

The cyber attack against Saudi Aramco, who is the biggest customer of Saipem, was attributed to Iran, but it is unclear who is behind the latest cyber attacks against Saipem.

Meanwhile, Chronicle, Google’s cybersecurity subsidiary, has also discovered a file containing Shamoon sample that was uploaded to VirusTotal file analyzing service on 10th December (the very same day Saipem was attacked) from an IP address in Italy, where Saipem is headquartered.

However, the Chronicle was not sure who created the newly discovered Shamoon samples or who uploaded them to the virus scanning site.


Cyber-Attacks Are Top Business Risk in North America and Europe

By: Phil Muncaster

Cyber-attacks are the number one business risk in the regions of Europe, North America and East Asia and the Pacific, according to a major new study from the World Economic Forum(WEF).

Its Regional Risks for Doing Business report highlights the opinions of 12,000 executives from across the globe.

While “unemployment or underemployment” and “failure of national governance” take first and second place respectively, cyber threats have moved from eighth in last year’s report to fifth this year.

It tended to be viewed as a greater risk in more advanced economies: 19 countries from Europe and North America plus India, Indonesia, Japan, Singapore and the United Arab Emirates ranked it as number one.

In Europe, the UK and Germany both placed cyber-attacks as the number one risk.

Bromium’s EMEA CTO, Fraser Kyne, argued that businesses are still suffering despite spending an estimated $118bn on cybersecurity globally.

“When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security,” he added.

“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilize machine learning, AI and behavioral analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate.”


Phishing attacks: Why is email still such an easy target for hackers?

By: Danny Palmer

The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?

Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses.

Around one in every hundred messages sent is a malicious hacking attempt. That might not seem like a large figure, but when millions of messages are sent every day, it adds up — especially when it just takes one employee to fall victim to a phishing message and potentially lead to a whole organisation being compromised.

For example, the cyber attack against the Democratic National Committee that led to thousands of private emails being exposed in the run up to the US Presidential election started with just one successful phishing email, while countless espionage and malware campaigns have also gained entry to organisations via an email-based attack.

But if email leaves us so vulnerable to attempts at hacking, why do we stick with it?

“Email is still the main way that two entities who may not have a relationship get together and communicate. Whether it’s a law firm communicating with a business or a candidate applying for a job, email is still the bridge to getting these entities communicating. It’s not going away,” says Aaron Higbee, co-founder and CTO at anti-phishing company Cofense.

As long as email is here, phishing will also remain a problem — and while some phishing campaigns are really sophisticated and based around cyber criminals performing deep reconnaissance on targets, other email-based attacks aren’t so sophisticated — and yet are still worryingly successful.



Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

By: Pierluigi Paganini

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus 

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum:  the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.


Japanese Crypto Exchange Hit by $60m Heist

By: Phil Muncaster

Yet another Japanese cryptocurrency exchange has been targeted by hackers: this time Zaifsuffered losses worth 6.7bn yen ($60m) earlier this month.

Virtual currencies including Bitcoin, Monacoin and Bitcoin Cash were stolen from the exchange’s hot wallet, with 4.5bn yen’s worth ($40m) belonging to Zaif customers.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”


A luxury we don’t have: Time to join together in fight against cybercrime

By: Jessica Haworth

As risks to governments and business continue to accelerate, collaboration with international agencies is the only way to fight cybercrime.

This is the view of the World Economic Forum’s Global Centre for Cybersecurity, which has stressed that in order to defeat malicious cyber-attacks, it cannot work alone.

The center was launched earlier this year to focus on cybercrime prevention and to protect and inform the financial industry about cybercrime, among other agendas.

It recently joined forces with Europol to exchange expertise and create a framework for best cyber practices.

And this year, it will continue to strengthen and increase its affiliations with other agencies.

Troels Oerting Jorgensen, the head of the WEF Centre for Cybersecurity, and former head of Europol’s European Cybercrime Centre, spoke to The Daily Swig about the new coalition and laid out its plans for 2018.

Was the cybersecurity center set up in response to any specific event?

Troels Oerting Jorgensen: The World Economic Forum has been working on cybercrime and cyber resiliencefor four years before the launch of the center.

Both public and private sector actors in the field repeatedly told us that they would like us to play a bigger role and apply the forum’s unique multi-stakeholder approach to the issue of cybercrime.

At the same time, we saw cybersecurity concerns climb up the list of things that keep CEOs up at night in our Global Risks Report.

Thus, the center is the logical consequence of the recognition that no one country, industry, or sector can address the challenges alone.

What have been identified as the main issues that the center will tackle?

TOJ:We have defined three priorities for the Centre for Cybersecurity: first, to reduce global cyberattacks by developing global security standards, policies and practices, and by promoting and implementing security by design.

Secondly, to contain current and future cyber-attacks globally through intensified cooperation and information sharing.

And thirdly, to deter cybercrime by heightening the risks associated with participating in illegal cyber activities, by means of reinforced collaboration between public and private partners.

Will the new cybersecurity center work alongside any other international organizations?

TOJ: The WEF is a platform that allows all types of organizations to come together to work on global challenges.

We believe that it is essential to get a broad coalition around the table if you really want to tackle issues that are global in nature and evolving so quickly.

For example, we just announced a new partnership with Europol to benefit from their extensive experience in digital forensics and enforcement.

Which companies has the WEF partnered with so far?

TOJ: We are aiming to have 50 companies and 25 governments engaged with the cybersecurity center by the end of this year.

For now, we are signing up partners by invitation only to make sure we have a representative mix of diverse sectors and industries from all geographies on board.