Malware and Ransomeware analysis in 2015

In 2015, there were 1,966,324 registered notifications about attempted malware infections that aimed to steal money via online access to bank accounts.Ransomware programs were detected on753,684 computers of unique users; 179,209 computers were targeted by encryption ransomware.Kaspersky Lab’s web antivirus detected121,262,075 unique malicious objects: scripts, exploits, executable files, etc.Kaspersky Lab solutions repelled 798,113,087attacks launched from online resources located all over the world.34.2% of user computers were subjected to at least one web attack over the year.To carry out their attacks, cybercriminals used6,563,145 unique hosts.24% of web attacks neutralized by Kaspersky Lab products were carried out using malicious web resources located in the US.Kaspersky Lab’s antivirus solutions detected a total of 4,000,000 unique malicious and potentially unwanted objects.

Woman faces jail for tagging sister-in-law on Facebook:-

Woman faces jail for tagging sister-in-law on Facebook:-

America, New York-based Maria Gonzalez, who was banned from contacting Maribel Calderon after her divorce from Maribel's brother Rafael Calderon, is charged with second-degree criminal contempt for a Facebook post in which she called her former sister-in-law "stupid."

This woman is facing a year in jail for tagging and calling her former sister-in-law "stupid" in a Facebook post after she was prohibited from contacting her ex-husband's family by a court order.

New York-based Maria Gonzalez, who was banned from contacting Maribel Calderon after her divorce from Maribel's brother Rafael Calderon, is charged with second-degree criminal contempt for the alleged post.

Gonzalez is accused of calling Maribel "stupid" in the post and saying, "You and your family are sad ... You guys have to come stronger than that!! I'm way over you guys but I guess not in ya agenda."

Gonzalez tried to argue that the protection order "did not specifically prohibit (her) from Facebook communication" with her Maribel.

Westchester County Supreme Court Justice Susan Capeci disagreed, saying, "The order of protection prohibited the defendant from contacting the protected party by electronic or any other means," New York Post reported.

"The allegations that she contacted the victim by tagging her in a Facebook posting which the victim was notified of is thus sufficient for pleading purposes to establish a violation of the order of protection," the judge ordered.

Manhattan matrimonial attorney Michael Stutman, who isn't part of the case, said the ruling proves his client adage, "Everything you post anywhere can possibly be used against you."

Gonzalez's attorney, Kim Frohlinger, said she would not appeal the ruling.

Source:PTI

DSC & Electronic Signature Laws in India

DSC & Electronic Signatures Law in India
By Prashant Mali

What is a DSC i.e Digital Signature Certificate? 

Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of physical or paper certificates. Examples of physical certificates are drivers' licenses, passports or membership cards. Certificates serve as proof of identity of an individual for a certain purpose; for example, a driver's license identifies someone who can legally drive in a particular country. Likewise, a digital certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally. Licensed Certifying Authority (CA) issues the digital signature. Certifying Authority (CA) means a person who has been granted a license to issue a digital signature certificate under Section 24 of the Indian IT-Act 2000.

The list of licensed CAs along with their contact information is available on the Controller of Certifying Authorities (CCA) portal (www.cca.gov.in).

Digital Signature Vs. Digital Certificate

Digital signatures are based on three-pointers for authentication – Privacy, Non-repudiation and Integrity in the virtual world, while the objectives of the digital certificate are the authentication of documents, and bind the person who is putting the digital signature, which based on public key cryptography requires two separate keys, as secret and public. However, both the keys are linked together, one key encrypts the plain text, and another decrypts the ciphertext, and neither key can perform both the functions. The other difference is digital signature is an electronic process of signing an electronic document while a Digital Certificate is a computer-based record which is the identification of certifying agency or the identity of a subscriber

Digital Signature Vs. Electronic Signature

The Information Technology Amendment Bill 2006, replaces the word “Digital” with the word “Electronic” at several places in the principal act, which creates a slight difference between the two, electronic signature is wide in nature, while the digital signature is one of the many kinds of electronic signature.Section 2(ta) “electronic signature” means authentication of any electronic record by a subscriber by means of an electronic technique specified in the second schedule and includes digital signature and section 2(p) defined “Digital Signature Certificate” means a Digital Signature Certificate issued Under sub-section (4) of section 35. 

Aadhaar eSign based electronic signatures being used by Legality are completely legally accepted and secure manner of electronically signing documents, under effect of Gazette Notification No. 2015 Jan -GSR 61(E) Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015. Aadhaar eSigns are recognised as an accepted method of secure electronic signatures as part of the Second Schedule of the Information Technology Act, 2010 (IT Act). The IT Act recognises secure electronic signatures such as Aadhaar eSign as having legal validity equivalent to that of physical signatures. Aadhaar eSigns work under the regulatory framework set up by Controller of Certifying Authorities, Ministry of Electronics and Information Technology, Government of India.

What types of e-signatures are recognized under the IT Act, 2000?

The IT Act recognizes the two following types of signatures:

(1) E-signatures that combine an Aadhaar with an eKYC service

Users with an Aadhaar ID, the unique identification number issued by the Indian government to all Indian residents, are free to use an online e-signature service to securely sign documents online. In this case, the online e-signature service integrates with an Application Service Provider (ASP) to provide users with a mobile or web app interface that they can interact with. The users then use this app interface to apply e-signatures to any online document by authenticating their identity using an eKYC service such as OTP (One time passcode) provided by an eSign Service Provider. The online e-signature service works with an accredited service provider to provide certificates and authentication services that comply with government guidelines.

(2) Digital signatures that are generated by an asymmetric crypto-system and hash function

An ‘asymmetric cryptosystem’ refers to a secure pair of keys: a private key and a public key. Both are unique to each user, and can be leveraged to verify and create an e-signature.

In this scenario, users obtain a digital signature from a reputed Certifying Authority (CA) in the form of a digital certificate. These certificates typically include the user’s name, public key, the expiration date of the certificate, and other necessary information about the user. Operating systems and browsers typically maintain a list of trusted CA root certificates that are used to verify digital certificates issued by a CA. The user might also be issued a USB token containing the digital-certificate-based digital ID, along with a personal PIN, to sign a document.

 What are the factors that make e-signatures valid in India?

Here are the 5 criteria that e-signatures need to satisfy in order to be valid as per the IT Act:

(1) E-signatures must be uniquely linked to the person signing the document. This condition is often met by issuing a digital-certificate-based digital ID.

(2) At the time of signing, the signer must have total control over the data used to generate the e-signature. Most online e-signature service providers allow signers to directly affix their e-signature to the document in order to meet this requirement.

(3) Any alteration to the affixed e-signature, or the document to which the signature is affixed, must be detectable. This is often met by encrypting the document with a tamper-evident seal.

(4) There should be an audit trail of steps taken during the signing process.

(5) The digital signature certificate must be issued by a Certifying Authority (CA) recognised by the Controller of Certifying Authorities (CCA) appointed under the IT Act, 2000.

Can document of all kinds be executed using e-signatures?

No. Certain documents that require a notarial process, or must be registered with a Registrar or Sub-Registrar, can only be executed using handwritten signatures to be legally enforceable. These primarily include:

(1) Negotiable instruments such as a promissory note or a bill of exchange other than a cheque

(2) Powers of attorney

(3) Trust deeds

(4) Wills and any other testamentary disposition

(5) Real estate contracts such as leases or sales agreements

You can’t be a Company director without mobile phone, email ID and DSC, under the new KYC norms. This is the fallout of the new DIR-3-KYC norms brought forth by the Ministry of Corporate Affairs (MCA). The Rules require every director to file the KYC form by 31 August 2018, after which the Directors’ Identification Number (DIN) granted to the director shall be “deactivated”. The rules also lay down that such de-activated DIN shall be re-activated only after the person has filed the KYC Form. One of the mandatory requisites of the new KYC form is that the director shall provide his/ her mobile number, email ID and file the e-form with his/her own digital signature (Differential Scanning Calorimetry or DSC). 

What would be the role and responsibilities of Special IG-Cyber, Mr. Brijesh Singh, IPS in the State of Maharashtra ? My views

What would be the role and responsibilities of Special IG-Cyber,  Mr. Brijesh Singh, IPS  in the State of Maharashtra ? My Views

Let me first congratulate the Government of Maharashtra for creating and appointment of IG Cyber Crime and will also applaud for creating and appointing the post of DCP-Cyber Crime in the city of Mumbai. This definitely shows the approach and seriousness towards the menace of cyber crime.

With the intention to curb women atrocities and implementation of child prostitution and unethical business restriction Act effectively there was a state level Women Atrocities Prevention Cell and department. This department along with Cyber crime would be headed by, the newly created Special Inspector General of Police (Women Atrocities Prevention & Cyber Crime). Thus the newly formed department would also look after all the work previously looked after by cyber crime cell of CID, Maharashtra state

working as a State Nodal Agency. This post was created vide Government Resolution dated 5^th January 2016.  The work of the "Special IG (Women Atrocity Prevention & Cyber Crime)" office would do is as follows:

1. Statistical

1.1. Compiling data about FIR either registered only under The IT Act,2000 or where sections of The IT Act,2000 are applied in other crimes.

1.2. Compiling detected crimes and information about various accused people.

1.3. Compiling & studying data about various cases pending in courts and about decided cases.

1.4. To study techniques used in crime and decode its modus operandi

1.5. As required to gather other information and decimate the same

1.6. To represent Maharashtra State police in state and central level conferences.  

2. Investigation

2.1. Wherever State Government orders to investigate crimes which are sensitive and important matters.

2.2. Helping technically and with directions other Investigating Station House Officers present in various cyber cells across the state.

2.3. Will have right to contact and ask any important information from Mobile companies, IT Companies, ISP for investigation of cyber crime.

2.4. To coordinate between investigating agencies of other states and central Government.

3. About Training

3.1. To prepare human resource by training officers and staff in the state 

3.2. To coordinate with other institutions about training, exchanging information and try and get relevant training for staff and officers of the state.

3.3. To compile information about new technology & to be in contact with experts. With the help of experts include this technology in the training and keep the training syllabus updated. Coordinating with CDAC- Pune, MITCON-Pune, CBI Academy- Ghaziabad and also to keep coordination with CDTS which is a central Governments organisation in the field of computers providing  advanced training. 

3.4. To train other staff and officers of criminal justice system about investigation of computer crimes & Evidence.

3.5. In association with experts and institutions associated with software, film and music industry, organising various discussions, conferences and workshops about crimes of cyber/computer & piracy.

3.6. To organize meets with NASSCOM, DSCI, Forensic Lab (Kalina, Mumbai) who are working in the cyber areas and give them deeper information about cyber crime investigation.

b) What are the challenges facing Maharashtra cybercrime 

Ans: Less technically qualified man power, Cyber police station seen as side posting, central coordination of cyber crimes happening across the state is poor, dedicated contact points with NGO working in the field of cyber is absent. The most important is trust in the citizens that police will first understand and then solve the crime which is involving technology is very less and Government need to brand building exercise that the police force is a technologically advanced force. 

How can he plan to build skills and capacity of Maharashtra cyber crime department

This can happen by compulsory cyber crime investigation & Electronic evidence handling training with exams at the end linked to their promotion or transfers. My observation has remained that though the lower rung officers are keen to learn and are found sincere, the officers of Police Inspector rank who are designated IO are often not sincere towards there training. He should also lobby with central Government to nominate API(Assistant Inspector of Police) as Investigating Officer or IO in all cyber crime related matters as it is a Police Inspector as of now.

What are the key initiatives the state should take to tackle the cybercrime.

Ans: What i want to advice all state’s and not only state of Maharashtra is to come out Standard operating procedures for proactive policing as it is done for traditional policing. even thou training remains the part of proactive policing but other measures like raids and detention of know cyber perpetrators , known hackers and online abusers has become must to create deterrence in the society. Raiding mobile shops which supply spy and malware is the need of the hour. Visiting mobile shops during patrolling across the state and country should be made compulsory. Police department having its own cyber war games is now the need of the hour as civilian cyber infrastructure is counted within the jurisdiction of the police.

What can be the immediate action needed to curb cyber crimes

We need 2 cyber police stations in the city of Mumbai and at least 4 cyber cells. Today tag of being only cyber police is a bygone; we need further bifurcation of cyber police in teams so they develop specializations like

A. Cyber financial crimes team (involving ransomware, online banking/credit card & other online scams/frauds) team,

B.  Cyber Abuse(Defamation & religious abuse) team,

C. Cyber Corporate(Data Theft, Source code theft, hacking & Espionage) team.

D. Cyber Grievous Crimes (Cyber terrorism, online radicalization, civil cyber warfare, Death due to cyber crime etc.) team.

Mumbai being financial capital. i feel and suggest the state Government to have 2 special cyber crime courts in Mumbai and at least one in all leading districts of Maharashtra to begin with. State Government also should bring in the bench of Cyber Appellate tribunal and make the Adjudication officers office fully functional with dedicated staff and regular hearings for disposing civil actions under the IT Act,2000 in the set period of six moths as mentioned in the Law.

Advocate Prashant Mali is Noted International Cyber Law & Cyber Security Expert and a High Court Lawyer from Mumbai. He is also a famous cyber-thought leader and accomplished author, his thoughts & speeches are well applauded internationally.

Types of Cyber Attacks

Types of Cyber Attacks

There are several effective methods for disrupting computer systems. We are talking of a method known as cyber attack, or computer network attack , which uses malicious computer code to disrupt computer processing, or steal data. 

A brief description of three different methods are shown here. However, as technology changes, future distinctions between these methods may begin to blur.

An attack against computers may be targeted or un-targeted

(i) disrupt equipment and hardware reliability, (ii) change processing logic, or (iii) steal or corrupt data. The methods discussed here are chosen based on the technology asset against which each attack mode is directed, and the effects each method can produce. The assets affected or effects produced can sometimes overlap for different attack methods. 

• Conventional kinetic weapons can be directed against computer equipment, a computer facility, or transmission lines to create a physical attack that disrupts the reliability of equipment. 

• The power of electromagnetic energy, most commonly in the form of an electromagnetic pulse (EMP), can be used to create an electronic attack (EA) directed against computer equipment or data transmissions. By overheating circuitry or jamming communications, EA disrupts the reliability of equipment and the integrity of data. 

•  Malicious code can be used to create a cyber attack, or computer network attack , directed against computer processing code, instruction logic, or data. The code can generate a stream of malicious network packets that can disrupt data or logic through exploiting a vulnerability in computer software, or a weakness in the computer security practices of an organization. This type of cyber attack can disrupt the reliability of equipment, the integrity of data, and the confidentiality of communications.

Un-targeted attacks
 In un-targeted attacks, attackers indiscriminately target as many devices, services or users as possible. They do not care about who the victim is as there will be a number of machines or services with vulnerabilities. To do this, they use techniques that take advantage of the openness of the Internet, which include:

• phishing - sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website 
•  water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users 
•  ransomware - which could include disseminating disk encrypting extortion malware 
•  scanning - attacking wide swathes of the Internet at random

WHO MIGHT BE ATTACKING YOU? 
States, states sponsored hackers or cyber criminals interested in making money through fraud or from the sale of valuable information. Industrial competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries. Hackers who find interfering with computer systems an enjoyable challenge. Hacktivists who wish to attack companies for political or ideological motives. Employees, or those who have legitimate access, either by accidental or deliberate misuse. 

Stages of an attack 
A number of attack models describe the stages of a cyber attack (the Cyber Kill Chain® produced by Lockheed Martin is a popular example ). 
Simplified model that describes the four main stages present in most cyber attacks: 

• Survey - investigating and analysing available information about the target in order to identify potential vulnerabilities 
•  Delivery - getting to the point in a system where a vulnerability can be exploited 
•  Breach - exploiting the vulnerability/vulnerabilities to gain some form of unauthorised access 
•  Affect - carrying out activities within a system that achieve the attacker’s goal Survey Attackers will use any means available 

Cyber Attacks Allegedly Targeted Power Stations in Ukraine 
A cyber attack last month in Ukraine caused a significant portion of the
country's power grid to go offline. 

This attack, if verified, is a window into the future of cyber warfare.  At the start of any modern military campaign, a primary objective of the aggressor is to "take out power and communications" by
blowing up power plants and communications hubs. This is a top priority because, once power and communications are disabled, a country's ability to coordinate defense and mount counter attacks is severely disabled.
Cyber weapons can be pre-positioned inside power companies to do the job of a missile, before a nation even knows it is under attack. U.S. Power Systems' computers have been breached and infected first by Russian hackers and later by other adversaries. Some of the malware they installed is likely still in place and being updated as more attackers attempt to gain control.

WHAT IS THE ZERO-DAY VULNERABILITY ?

WHAT IS THE ZERO-DAY VULNERABILITY ? 

A zero-day vulnerability is a previously unknown flaw in a computer program that exposes the program to external manipulation. Zero-day vulnerabilities have been found in many OS & programs, including Chrome, Internet Explorer, Adobe, and Apple products. Zero-day vulnerabilities also appear in software running critical infrastructure, such as power plants. What differentiates a zero-day from other computer vulnerabilities, and what makes it valuable, is that it is unknown to the software’s makers and users. Whoever has knowledge of a zero-day can exploit it from the “zero-th” day of its discovery, until the software maker or users learn of it and fix the vulnerability. What makes a zero-day vulnerability different from other cyber tools is that it is simply information. A zero-day encapsulates the knowledge that X could happen if you do Y. As Auriemma and Ferrante of ReVuln, a zero-day seller, argue, “we don’t sell weapons, we sell information.” Other companies, however, do sell weaponized vulnerabilities – zero-day “exploits” – that contain new software code taking advantage of a zero-day vulnerability. Desautels, of vulnerability-seller Netragard, states Netragard sells exploits. Zero-day exploits range in complexity and functionality, from enabling access to, monitoring, extracting information from, or damaging a software program. For instance, the Stuxnet program allegedly used by the United States to damage uranium-enrichment Iranian centrifuges made use of four zero-day vulnerabilities.

The term zero-day “vulnerability” describes the software flaw itself. When a zero day vulnerability is sold, knowledge of the flaw is sold. The press often uses the term zero-day “exploit” interchangeably to describe knowledge of a flaw or new software code exploiting a flaw. In this article, the term “exploit” refers only to new code written to take advantage of a zero-day vulnerability. Although turning a vulnerability into an exploit can be relatively easy, motivations for finding and exploiting vulnerabilities often differ. For instance, cybersecurity researchers have less motivation to turn vulnerabilities into exploits than someone selling or buying zero-days. This distinction between a zeroday vulnerability and exploit, and the different groups interacting with them, is important to make when analyzing regulatory options for the zero-day vulnerability trade. Vulnerabilities are most exploitable if kept secret. Zero-days are discovered and not made, so there is no guarantee someone in possession of a vulnerability is the only person who knows about it. The value of secrecy complicates efforts to control the zero-day trade because it contributes to market opacity and lack of transparency about buyer and seller behavior.

Zero-days are traded in three markets. As defined in this article, the “white market” encompasses sales of vulnerabilities between zero-day vulnerability hunters and software vendors or third-party clearinghouses. The “black market” describes interactions where the buyer or the seller has criminal intent. The “grey market” involves interactions between vulnerability sellers and government agencies conducted as legal business deals. It also encompasses sales between vulnerability sellers and legal users of zero-day vulnerabilities, including high-end cybersecurity firms. This article distinguishes between “legal” and “legitimate” zero-day vulnerability markets. White-market and gray-market transactions are legal, and black market transactions illegal. The negative security ramifications of the grey market mean this article designates only white-market options legitimate. Grey-market firms, rather than freelance hackers, now sell more than half of zero-day vulnerabilities. NSS Labs included many of the firms in its market analysis, and concluded that “half a dozen boutique exploit providers have the capacity to offer more than 100 exploits per year, resulting in privately known exploits being available on any given day,” at minimum. One seller identified the decreased risk of getting ripped off, the possibility of job offers, and stable contracts with government or industry clients as reasons vulnerability hunters choose to operate on the grey market.

What precautions Bank Customers need to take against frauds

What precautions Bank Customers need to take against frauds

.. Adv. Prashant Mali, Cyber Security & Law Expert

1. Hold extra money in fixed Deposits and with written instructions to bank that no online Fd transfers.

2. Avoid any banking over phone lots of Vishing scams are happening, it is better to keep the phone down when some one says calling from bank. Till the scams are weeded out by banks or police.

3. If your SIM is deactivated, it normally happens on weekends, immediately call the bank from another phone and freeze you bank account, coz SIM exchange fraud may be happening.

4. Change your PIN number and passwords today, they are already leaked in the international market. Or your "true caller" database has it on their server.

5. Do not do banking from cyber cafe or from any office coz they keep all your logs and data officially , trust me human mind can go corrupt.

6. Today, go to the settings option of your Gmail and check for any filters or any forwarding instructions being there.

7. Always use " Special Instructions " in the account opening form of the bank to write some unique instructions what Bank should look while processing payments. 

8. Do not keep lots of money in Dormant accounts.

9. Don't reveal banking details on any social media websites.

10. Enable 2 factor authentication in your Gmail account. 

11. Use a different browser for Internet banking like incognito or other.

12. Don't clock links blindly on any site or software  read the accompanying text and decide.

13. Save your bank URL as a bookmark and use that or ALWAYS type the bank URL. 

14. If u get a bank email asking u to visit or confirm something  by clicking a link.. make sure that the link goes to the bank website  (it must be bank dot com)

15. When you face a fraud, fight for your money and Pl. educate others too. Logo ki Dua mein bhi takaat hoti hai.

Happy Banking 🙏

Share it