Hackers are targeting ATMs in India with new malware that steal data

A banking malware named ATMDTrack  has been active in India since late last summer, in a  kaspersky report .

Allegedly State sponsored Hackers from North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India.

Further analysis of the malware by the Moscow-based cybersecurity firm found the samples to be part of a bigger remote access trojan (RAT) called DTrack.

Calling it a spy tool to attack financial institutions and research centers in India, the experts said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.”

The DTrack RAT was detected as recently as this month, the researchers noted.

Collecting key logs and browser histories

The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware.

Aside from disguising itself as a harmless process, the malware can perform a number of operations such as:

• .Keylogging
• .Retrieving browser history
• .Gathering host IP addresses, information about available networks and active connections
• .Listing all running processes
• .Listing all files on all available disk volumes

The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command-and-control server.

Classifying ATMDTrack as a subset of the DTrack family, the researchers said the developers behind the two malware strains are the “same group of people.”

Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behaviour.

The kaspersky report also says the vast amount of DTrack samples that they found shows that the Lazarus group is one of the most active APT groups in terms of malware development, And they see that this group uses similar tools to perform both financially-motivated and pure espionage attacks.

I feel Banks need to go extra mile for searching and weeding out this malware from the ATM’s . ATM have come out as the last mile vulnerability in Indian banking industry due to usage of vulnerable OS and lack of physical security. 

Right to Internet is a fundamental right in India

Internet Access is a fundamental Right held by 

Kerala High Court.

i.e. that the right to have access to the #Internet is part of the right to education as well as the right to privacy under Article 21 of the Indian Constitution .The verdict came on a petition filed by a Kozhikode college student challenging her expulsion for not adhering to restrictions on the use of mobile phone

Justice P.V. Asha made the observation while ordering the Principal of Sree Narayanaguru College, Kozhikode, to re-admit a student who had been expelled from the college hostel for using her mobile phone beyond the restricted hours.

The court observed, “When the Human Rights Council of the United Nations has found that the right of access to Internet is a fundamental freedom and a tool to ensure right to education, a rule or instruction which impairs the said right of the students cannot be permitted to stand in the eye of law.”The verdict came on a petition filed by Faheema Shirin, a third-semester B.A. English student of the college at Chelanur, challenging her expulsion for not adhering to restrictions on the use of mobile phone. As per the rules of the girls’ hostel, inmates were restrained from using mobile phones from 6 p.m. to 10 p.m. every day. She, along with a few other inmates, had protested against the restriction, as it was hampering their learning process. 

She contended that the use of mobile phones amounted to a violation of fundamental right to freedom of speech and expression under Article 19(1)(a) of the Constitution. In fact, the internet, accessible through mobile phones or laptops, provided an avenue for the students to gather knowledge.

The Judge observed that the action of the college authorities infringed the fundamental freedom as well as privacy and would adversely affect the future and career of students who want to acquire knowledge and compete with their peers, such

restriction could not be permitted to be enforced.

The court while citing the observations of the SupremeCourt in the S.Rengarajan and others v. P. Jagjivan Ram (1989) case said t “ the fundamental freedom under Article 19(1)(a) can be reasonably restricted only for the purposes mentioned in Article 19(2) and the restriction must be justified on the anvil of necessity and not the quicksand of convenience or expediency.”

The court added that the hostel authorities were expected to enforce only those rules and regulations for enforcing discipline. Enforcement of discipline shall not be by blocking the ways and means of the students to acquire knowledge

The court further said that college authorities as well as parents should be conscious of the fact that the students in a college hostel are adults capable of taking decisions as to how and when they have to study.

Cyber Warfare: Two Instances where Kinetic Force was used in response to Cyberattack

Two Tales of Using Kinetic Force in Response to  Cyberattack 

May 2019, the Israel Defense Forces (IDF) launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space. It came amid days of intense fighting between the IDF and terror groups in the Gaza Strip.

The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.

 Israel Defense Forces said via Twitter: “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”

 It could mark a change in modern cyber warfare tactics, given that it is the first time a cyber-attack has been met with immediate physical retaliation in real-time during active conflict. However, allegedly the US is still the first country to respond to cyber-attacks with military force. In 2015, USA launched a drone strike to kill the British national in charge of ISIL’s hacker groups Junaid Hussain. Hussain had also dumped personal details of US military forces online.

This 2019 attack is different to the 2015 US retaliation: The IDF apparently reacted immediately, rather than planning its response over weeks or months.

 Operations in cyber space are not governed by the rules of warfare. However, the Geneva protocols and international law do cover a response occurring in the physical domain.  There have been attempts to bring in rules for cyber warfare with the Tallinn Manual on the International Law applicable to Cyber Warfare, but this has not been ratified or adopted by any nation or multinational organization.