Official website of NIC-CERT(Computer Emergency Response Team)

17th-March-2018

NIC-CERT eNewsletter

1.Cybersecurity: 67 per cent organisations in India hit by ransomware last year: survey

Nearly a year after the first major ransomware attack crippled systems across the globe, problems due to malicious software affecting networks continued to be a major issue worldwide with 54 per cent of the organisations, which participated in a survey by cyber-security firm Sophos, hit in the past year and 31 per cent expecting to be victims of an attack in the future. In India, around 67 per cent of the surveyed entities were hit by ransomware last year.

“91 per cent Indian organisations claimed to running up-to-date endpoint protection when impacted by ransomware and 89 per cent India respondents stated that malware threats have got more complex over the last year,” as per the report. Globally, as per the survey, healthcare sector was most impacted by ransomware with 76 per cent of entities in the segment admitted to have been hit by the malicious software.

“The survey polled more than 2,700 IT decision makers across mid-sized businesses in 10 countries worldwide, including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, South Africa and India. The survey concludes that despite the intensity and magnitude of attacks, Indian businesses are still not prepared to defend itself against determined attackers,” Sophos said in a statement.

Reference:http://indianexpress.com/article/technology/tech-news-technology/cybersecurity-67-per-cent-organisations-in-india-hit-by-ransomware-last-year-survey-5099428/

 

2.Chinese cyber spy group targeting US engineering, maritime firms: Report

There has been a surge in cyber-attacks on the US engineering and maritime industries -- especially those connected to the South China Sea -- and a Chinese cyber espionage group TEMP.Periscope is behind this, US-based cybersecurity firm FireEye said on Friday.

Since early 2018, FireEye has observed an ongoing wave of intrusions, suspected to be from TEMP.Periscope, targeting engineering and maritime entities, especially those connected to South China Sea issues.

Active since 2013, TEMP.Periscope has primarily focused on maritime-related targets across multiple verticals including engineering firms, shipping and transportation, manufacturing, defence, government offices and research universities, FireEye s

Reference:https://www.gadgetsnow.com/tech-news/chinese-cyber-spy-group-targeting-us-engineering-maritime-firms-report/articleshow/63334578.cms

 

3.Microsoft patches 15 critical bugs in March 2018’s update

Microsoft patched 15 critical vulnerabilities this month as part of its March Patch Tuesday roundup of fixes. In all, the company issued 75 fixes, with 61 rated important. Products receiving the most urgent patches included Microsoft browsers and browser-related technologies such as the company’s JavaScript engine Chakra.

In all 21 browser-related fixes were rolled out by Microsoft, 14 of which are rated critical and the remaining seven ranked important. Of the bugs, “scripting engine memory corruption vulnerabilities” represented 14 of the flaws.

Each of the browser scripting issue allowed adversaries to exploit flaws in the way the browser and Microsoft’s JavaScript engine Chakra handles objects in memory. For example, with CVE-2018-0930, a web-based attacker could rig a website to exploit the vulnerability through Microsoft Edge or run malicious ads on an unsuspecting website to create conditions amenable to an attack.“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft wrote. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”

Reference: https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/

 

4.Best Cybersecurity Practices to secure organizations

There are countless examples of major organizations who have fallen victim to online hackers and devastating leaks of information. Some examples of these, alongside best practices for business cybersecurity are:

 a).Keeping Passwords Secure: The first piece of cybersecurity advice for organizations is an obvious one. Make sure passwords are strong, secure, and fully encrypted. Strong Passwords should be:

 

Many online compromises could be avoided if everyone followed best practices for passwords.

 

b.)Using strong encryption techniques:

 While most website content management systems will automatically encrypt passwords when new users sign up, there are a number of useful add-ons and tools out there to help.

Encrypting passwords means that instead of a user’s password being saved in the database as:

Unencrypted Password: ThIsIsMyPaSsWoRd1994

It should look like:

Encrypted Password: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

This is considered a basic way to store passwords so every business should be ensuring their passwords are encrypted and secure in order to avoid losing important customer information like credit card details.

 

c ).Using DDOS Protection

 DDOS stands for Distributed Denial-of-Service and it’s an attack carried out by thousands of different computers on a single website. Each computer keeps requesting a webpage over and over again which, through time, overloads the server and brings the website offline.

 This is one way in which an online company, often of an e-commerce nature, can lose thousands, sometimes millions, of dollars by not being able to serve potential customers. This is why many large corporations hire legal teams from firms like Goodwin, in order to prosecute those behind such devastating attacks.

 There are a multitude of different tools and services out there which help protect against DDOS attacks.For example a company which primarily specialises in e-commerce or provides their services online, it may be worth paying the much smaller price of a DDOS protection service rather than risking an attack.Two of the most common DDOS protection services out there are Cloudflare and Nginx which prevent any one IP address from requesting a page too often. Many large businesses which have suffered DDOS attacks in the past now use such services to ensure they do not suffer the same fate again.

 

d).Keeping All Software Up-To-Date

 Regular software updates are simple actions for businesses to take, though many neglect to do so. This makes life easier for hackers and those who are looking for easy cybercrime targets.

Much like Windows or Mac OS systems, it’s imperative that business owners keep all of their software up-to-date. Many of these updates are improvements to security protocols so that the latest malicious viruses and known hacking exploits can no longer be taken advantage of. It only takes one click in many instances to keep your website, plugins, and add-ons where they should be, so it is worth doing.

 

 e).Put Good Cybersecurity Practices in Place

 After this basic look over some poor cybersecurity practices, and the steps suggested to improve those practices, can help businesses out there ensure that they are protected against malicious attacks and breaches.

Staying safe online as a business is generally very straightforward, it’s just about making sure the core tenets of good cybersecurity practice are followed consistently.

 

Reference:https://www.thesecurityawarenesscompany.com/2018/03/07/poor-cybersecurity-practices-can-destroy-businesses/

 

5.Cybersecurity trends to watch this year

 

 a).Artifical Intelligence & Machine Learning (A.I. & M.L.)

 Though still a developing technology, emerging A.I. and M.L. software have the capacity to learn from previous events as well as predict and deter cyber instances in real-time. In a global survey by cybersecurity company Webroot, approximately 99% of U.S. cybersecurity professionals said they believed A.I. overall could improve their organization’s cybersecurity. Consequently, expect to see more cybersecurity products touting their A.I. and M.A. capabilities. 

 b).Blockchain

 Blockchain is making headways in a variety of realms, including cybersecurity. The technology enables online transactions to be conducted in a distributed, decentralized way using a public ledger. With respect to cybersecurity, the blockchain ledger can be used to recognize suspicious online behaviour, spotting cases of fraud and error in the act. Moreover, a company’s security system can use a distributed public key infrastructure to authenticate devices and users.

 

c).Skills shortage

 Ashortage of skilled cybersecurity professionals is exacerbating data security threats as well. In a survey published last November by Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) consisting of 343 IT and information security professionals and ISSA members, 70% of respondents said a shortage in cybersecurity skills had an impact on their organization. More specifically, 31% of respondents cited a shortage of security analysis and investigation, 31% cited a shortage in application security, while 29% cited a lack of cloud computing security.

 

 d).Ransomware attacks

Ransomware attacks have become increasingly problematic over the past few years. The technology acts as a kind of malicious malware that encrypts a user’s files and prevents them from accessing their computer system. Hackers use ransomware to hold a user’s system hostage until they pay a ransom. A ransomware attack to receive significant coverage occurred last May when the malicious malware WannaCry impacted approximately 200,000 people across 150 countries. Among the most heavily hit countries included Russia, Taiwan, Ukraine and India. It is unsure to what extent organizations have learned from previous malware attacks. These sorts of threats can be significantly reduced by abiding by security protocols, such as regularly applying patches and updating systems.

 

 

e).IoT and botnets

Reference:https://www.rcrwireless.com/20180316/five-cybersecurity-trends-to-watch-tag27-tag99

 

6.Tips for browsing the internet safely

The Internet has become one of the most powerful tools for many tasks, such as searching for information, communicating with friends and co-workers, shopping online, and managing your finances. In almost all of these cases the primary tool is the browser, such as Internet Explorer, Chrome or Mozilla Firefox. The browser is in many ways your gateway to the Internet. Tips for keeping the browser safe are as follows:

  1. Secure your browser: A key step to protecting your browser is whenever possible, use the latest version. The company that developed the browser is constantly adding new security measures and features to enhance it’s protection. By using the latest version user should ensure to have the latest security mechanisms in place.
  2. Avoid Plugins. Plugins or Add-ons are additional programs user can install in your browser to give you more functionality. For example, Adobe Flash, Java or Apple QuickTime. Every plugin you add becomes another window for attackers to break into your computer. In addition, it can be difficult to keep these plugins current because very few of them have autoupdating features. Install only plugins that are authorized and that you absolutely need, and be sure that you always have the latest version installed.
  3. Scan All Downloads. In addition, a key step to protecting yourself is scanning all downloaded files from the Internet with updated anti-virus. When you download and install or run a new program, that program may be infected. It may appear to work just fine but will attempt to silently infect your computer. This is very common especially with free files, such as free screensavers or games. Be sure to scan anything you download with antivirus before opening or running it.
  4. Website Filtering and Protection. Browser website filtering (often called Smartscreen Filtering, blacklisting or phishing protection) will stop you from visiting dangerous websites that may try to attack your browser and you. You may not realize it, but there are websites on the Internet that are designed to hack into your browser or computer just by visiting them. Website filtering is a list of these known, dangerous websites that you do not want to visit.
  5. Additional Security Settings. In addition, one more step the user can take is changing the security settings on your browser. Some browsers such as Internet Explorer have additional browser security settings. You may want to consider configuring your security settings to a higher level. While it might stop some legitimate sites from working, it will go along way in keeping your system secure.
  6. Mobile Devices. Keep in mind these guidelines are not just for your computer but for any mobile devices you may use, including smartphones or tablets. While browsers on mobile devices may have less features and fewer options, you still must keep the secure. As we discussed on the first page, one of the most important things user can do to keep your browser secure on mobile devices is always run the latest version.

Reference: https://www.cu.edu/sites/default/files/Module04-Browsers-Newsletter.pdf

 

  1. Child Protection and Cyber Security

 

Cyber security is not just an issue at work, but also an issue for you at home. Children are most likely using computers and actively online. In general there are three types of dangers that children face when online; strangers, friends and themselves. Following explains each of these risks and how you can protect your children against them.

  1. Increase awareness:Help ensure younger children know the basics of staying safe online by using techniques like online games and videos that will define computer terms (e.g., cyberbullying, netiquette, virus protection) to establish basic understanding.
  2. Protect your kid’s identityRemind your kids never to give out personal information, such as name, home address, or telephone number, to anyone they don’t know through email, Twitter, Facebook, or in online chat rooms or bulletin boards. Talk with your children about the online risksof interacting with strangers through the computer and sending notes and pictures into cyberspace. Online games may help kids understand how to protect their personal information and the ramifications of stolen identity.
  3. Protect your computer:  Regularly updating security softwarecan protect your family against scammers, hackers, and other online threats that can compromise your computer system and, consequently, your family’s financial security and other private information. Using software security that automatically updates keeps your technology current and decreases the likelihood of picking up bad programs or malware.
  4. Create unique passwords: For online safety, tell your kids to use different passwords for every online account they have to help prevent others from accessingtheir personal information. Make sure that you monitor each account and make sure your children know that strong passwords should include elements like symbols, numbers, uppercase and lowercase letters, and no names or words that others could easily guess. 
  5. Monitor online activity: Monitoring your kids’ online activity can help keep them safe. Explore various parental controlsand consider what options may work best for you and your family.
  6. Prevent cyberbullyingCyberbullyingbullyingusing electronic technology—can happen anytime and anywhere. Teach your children to think through what they post on the Net about other people and the consequences those posts could have if they are unkind or mean.  Also, keep communication with your child open and speak up if you suspect someone is bullying him or her.
  7. Promote appropriate online interactions: Use some online gamesto help show kids how to make responsible decisions about online communication and learn about key issues of digital citizenship. Online activities can include exploration of methods of communication in chat rooms and emails, for example.

Reference:https://www2.ed.gov/free/features/cybersecurity.html

8.US blames Russia for cyber-attacks on energy firms

According to a security alert issued via the US Computer Emergency Readiness Team (US-Cert), Russian government cyber attackers tried to penetrate US critical infrastructure providers, including energy, nuclear, water, aviation and manufacturing firms, to gain information about IT management and industrial control systems.

The alert, issued by US Department of Homeland Security and the FBI, said the attacks included the use of spear phishing and malware to gain remote access into US energy sector networks, and it urged organisations in the energy sector to review their cyber security defence capabilities. 

“Russia’s behaviour continues to trouble us and we are continuing to push back in meaningful ways,” a US senior national security official is quoted as saying. But some US officials reportedly said the sanctions do not go far enough in view of the scale of the Russian attack on the 2016 election. The founding director of US-Cert and security firm Tenable CEO, Amit Yoran, has called the alert “unprecedented and extraordinary” and a wake-up call for the industry at large.

Reference:http://www.computerweekly.com/news/252436976/US-blames-Russia-for-cyber-attacks-on-energy-firms

9.Iran's Cyber Security Threat Increases

Cyber security researchers have warned that Iranian-based cyber warfare group TEMP.Zagros, aka MuddyWater, is conducting the massive phishing campaign currently attacking both Asia and the Middle East.This group have also significantly improved their technique, notably by using new backdoor entry tools, making them an even greater danger.

In a blog on Tuesday, FireEye researchers Sudeep Singh, Dileep Kumar Jallepalli, Yogesh Londhe and Ben Read wrote: “We observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East. In this campaign, the threat actor’s tactics, techniques and procedures shifted after about a month, as did their targets.”

Cyber warfare is a key part of the Iranian Regime overall malign military plan. The Regime knows that it has neither the military nor economic power to take on other countries, especially the US and Saudi Arabia who have been frequent victims of Iran’s attacks in the past, and so it uses cyber warfare to gain information on their enemies capabilities, by targeting defence systems, or hamper their access to relevant data about Iran.

Reference:http://www.iranfocus.com/en/index.php?option=com_content&view=article&id=32558:iran-s-cyber-security-threat-increases&catid=9&Itemid=114

  1. Strategic installations should go for regular cyber-security audits: Rajnath Singh

Warning of a lurking cyber-attack threat to India's critical infrastructure, Home Minister Rajnath Singh today asked those in the power, rail and nuclear energy sectors to conduct regular cyber-security audits against potential sabotage bids. 

Addressing CISF jawans and officers on the 49th raising day of the paramilitary force at its camp here, Singh said a cyber-security plan against such new age threats should not only be prepared but also strengthened from time to time. 

Reference
:https://economictimes.indiatimes.com/news/defence/strategic-installations-should-go-for-regular-cyber-security-audits-rajnath-singh/articleshow/63247363.cms

NIC-CERT Knowledge Management Repository