Advocate (Dr.) Prashant Mali's Blog

Hackers to phish out your personal data  very easily as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite. So many people fail to learn about phishing scams, a favorite and extremely prevalent scam among cybercriminals. A type of phishing scam is to lure the user onto a malicious website. ZeuS (Zbot) is such an example, planted on websites; visit that site and it will download a virus to your device that will steal your online banking information, then forward it to a remote server, where the thief will obtain it. Very clever. But that ingenuity is contingent on someone being gullible enough to open a phishing e-mail, and then taking that gullibility one step further by clicking on the link to the malicious site. 10 Phishing Alerts An unfamiliar e-mail or sender. If it’s earth-shaking news, you’ll probably be notified in person or via a voice phone call. An e-mail that requests personal information, particularly financial. If the message

How NSA Allegedly Hacks into your Network ? The United States' National Security Agency succeeded years ago in penetrating the company's digital firewalls. An NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell. The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA's department for Tailored Access Operations (TAO). In cases where TAO's usual hacking and data-skimming methods don't suffice, ANT workers step in with their special tools, penetrating networking equipment, monitoring mobile phones and computers and diverting or even modifying data. Such "implants," as they are referred to in NSA parlance, have played a considerable role

Court in EU Backs 'Right to be Forgotten' European Union   Internet users now can ask Google and other search engines to remove certain sensitive information from Internet search results, Europe's highest court ruled on May 13,2014. The ruling, handed down by the  Court of Justice of the European Union , states the "operator of the search engine ... is, in certain circumstances, obliged to remove links to Web pages that are published by third parties and contain information relating to a person from the list of results displayed following a search made on the basis of that person's name." The court's ruling on the "right to be forgotten" stems from a case involving a man in Spain who argued that Google's search results disclosed details about the auction of his repossessed home over unpaid debts. "[The man] stated that the proceedings concerning him had been fully resolved for a number of years and that reference to them was now

DDoS Analysis for 2014 DDoS attacks are evolving in complex, dangerous ways. Companies assessing their risk and protection  should consider: • Nearly twice as many companies (60 percent) report being attacked in 2013. • Almost 92 percent of those attacked were hit repeatedly. • 57% of DDoS targets were victims of theft: funds, customer data or intellectual property. • Though attack duration is down, the number of attacks between 1–5 Gbps shot up nearly three times. • DDoS drains manpower: over half of businesses (57 percent) need 6 or more people to mitigate DDoS attacks. • Risks of $1M a day (estimated outage losses) are common: 4 in 10 companies would suffer this much or more. • DDoS is costly across the enterprise. Customer service and other public-facing areas now take as  large a hit as IT/Security. In protecting against DDoS attacks, companies must ask: What do they stand to lose if they’re hit hard? Rigorous risk, threat and cost analysis is in order.  Predicting DDoS

2014 Internet Security Threat Report Highlights from the 2014 Internet Security Threat Report Key Findings 91% increase in targeted attacks campaigns in 2013 62% increase in the number of breaches in 2013 Over 552M identities were exposed via breaches in 2013 23 zero-day vulnerabilities discovered 38% of mobile users have experienced mobile cybercrime in past 12 months Spam volume dropped to 66% of all email traffic 1 in 392 emails contain a phishing attacks Web-based attacks are up 23% 1 in 8 legitimate websites have a critical vulnerability

Citadel : The Banking Trojan wanna buy one .. Citadel  is a banking trojan based on the Zeus source code. A few months after the Zeus source code was leaked, a threat actor using the moniker "AquaBox" was observed on a Russian-language eCrime forum offering Citadel 1.1, a new derivative of Zeus malware. Citadel retained basic Zeus functionality but added modifications to improve the functionality and security of this banking trojan. Citadel developed a community of customers and contributors around the globe that suggested new features and contributed code and modules as part of an ad hoc criminal social network. Capabilities included AES encryption of configuration files and communications with the C2 server, an ability to evade tracking sites, the capacity to block access to security sites on victims' systems, and the ability to record videos of victims' activities. The network of Citadel contributors continued adding innovative features to the trojan, makin

Cyber Weapon : Duqu I have been analyzing an  malware threat identified as the Duqu trojan. This Trojan horse has received a great deal of attention because it is similar to the infamous Stuxnet worm of 2010. I had put countermeasures in place  to detect Duqu C2 traffic, and they continue to monitor for new Duqu samples and update protections as needed. What is Duqu? The Duqu trojan is composed of several malicious files that work together for a malicious purpose. The first component is a Windows kernel driver that searches for and loads encrypted dynamic link library (DLL) files. The decrypted DLL files implement the main payload of Duqu, which is a remote access trojan (RAT). The RAT allows an adversary to gather information from a compromised computer and to download and run additional programs. In addition to the RAT, another piece of malware was recovered with Duqu in one instance. This malware is an information stealer designed to log user keystrokes and other informati