STUDENT GUIDEParadigm Shift In Cyber Crime By SRIKANTA SEN Certified Ethical Hacker This book explains, how cybercrime has changed over the past 5 years and what kind of cyber crime we can expect in next 5 years with possible solution About the Author Srikanta Sen is an EC-Council certified Ethical hacker, penetration tester, python code developer, Data analyst professional and an independent cyber security researcher. His research interest is His research interest is "use of big data analytics in cyber security". Srikanta Sen presently teaching in a college affiliated to Maulana Abul Kalam Azad University of Technology in Westbengal, India. He has more than decades of experience in teaching computer related subjects at university level. He is also working in cyber security domain for last 5 years. Srikanta Sen lives in Kolkata, India with his wife and son. He loves traveling, reading. Thanks to Team Special Thanks To Mr. Sandeep Sengupta Mr. Abir Atarthy For Their Constant Inspiration Copyright Notice THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE COPIED OR REPRODUCED UNLESS SPECIFIC PERMISSIONS HAVE BEEN GIVEN TO YOU BY THE AUTHOR SRIKANTA SEN. ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR ANY PART OF THIS BOOK IS STRICTLY DISCOURAGED. Liability Disclaimer THE TERM “HACKING” SHOULD BE READ AND UNDERSTOOD AS “ETHICAL HACKING”. “ETHICAL HACKING” AND “PENETRATION TESTING” ARE INTERCHANGEABLY USED IN THIS BOOK. AUTHOR IS NOT AGAINST OR IN FAVOR OF ANY ORGANIZATION OR COUNTRY. NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR ORGANIZATION’S BUSINESS POLICY BY THE AUTHOR. THE INFORMATION PROVIDED IN THIS EBOOK IS FOR EDUCATIONAL PURPOSES ONLY. THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY MISUSE OF THE INFORMATION PROVIDED. THE INTENTION OF THIS EBOOK IS TO AWARE WHAT CYBER CRIME IS AND HOW IT IS CHANGING. WHENEVER REQUIRED THE AOUTHOR GAVE REFERENCE ABOUT THE SOURCE INFORMATION OF PICTURE AND CONTENT. Any words can be mailed to [
[email protected]] Date: 01-jan-2016 Contents at a Glance -----------------------------------------------------------------------------------------Introduction ............................................................................................1-4 APT is the new TAP................................................................................5-8 The Advent Of AVT................................................................................9-10 Bye Bye Office Device..........................................................................11-13 Criminals Are In Cloud Nine.................................................................14-17 Hack-Economy.......................................................................................18-21 Crosswords Puzzles..............................................................................22-24 Cyber stalking Cyber Bullying...............................................................25-28 Silicon Valley Vs Film Studios..............................................................29-32 Mobile apps and webpage giving high five with HTML5....................33-34 Internet of Threats..................................................................................38-39 Needle-In-Haystack................................................................................40-41 Bug bunny..............................................................................................42-44 Online Teller Machine...........................................................................45-46 Open Source is a Open Game................................................................47-50 Run some Awareness.............................................................................51-54 Cybersquatting.......................................................................................55-56 Inside Out...............................................................................................57-58 Social murder using Internet Archive....................................................59-61 Spear-phishing A New Weapon in Cyber Terrorism...........................62-65 Speed bolt...............................................................................................66-68 PAIN with VPN......................................................................................69-71 My phone is un-smart phone..................................................................72-75 Introduction Two incidents in 2014 inspired me to write this book. Sony Pictures Entertainment hack: This was a release of confidential data belonging to Sony Pictures Entertainment on November 24,2014.The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of (previously) unreleased Sony films, and other information. The hackers called themselves the "Guardians of Peace" or "GOP" and demanded the cancellation of the planned release of the film "The Interview", a comedy about a plot to assassinate North Korean leader Kim Jong-un. United States intelligence officials, evaluating the software, techniques, and network sources used in the hack, allege that the attack was sponsored by North Korea. Sony Corp's movie studio could face tens of millions of dollars in costs from the massive computer hack that hobbled its operations and exposed sensitive data, according to cyber security experts who have studied past breaches. Losses in that range would not mean a big financial setback to Sony Pictures Entertainment, But other effects, such as the loss of trade secrets, their future plan, projection and many things, Hackers have released documents that include contracts and marketing plans that could influence competitors' strategies. Actually it will be difficult to measure in monetary terms. Edward Snowden leak Edward Snowden, a former contractor for the CIA, left the US in late May after leaking to the media details of extensive internet and phone surveillance by American intelligence. Mr Snowden, who has been granted temporary asylum in Russia, faces espionage charges over his actions. The 10 biggest Edward Snowden leaks that I collected from internet is as follows. 1 PRISM : Snowden described Prism as a program for collecting user data, audio, video, email, photographs, documents, connection logs, etc from Microsoft, Google, Facebook, Skype and several other major internet companies for further analysis.NSA officials motto was "collect them all", NSA officials described Prism as the single biggest source of information used to prepare intelligence reports. Bulk phone metadata collection program: A secret court order in favor of NSA for collecting daily phone metadata records from U.S. phone companies. Xkeyscore: The Guardian described Xkeyscore as a program that lets the NSA collect virtually any information about an individual's Internet activity anywhere in the world. Tempora: Tempora is a massive data collection program, which is run by Britain's Government Communications Headquarters (GCHQ) in cooperation with the NSA. The NSA had assigned 250 analysts and the GCHQ had 300 to process the data gathered under Tempora. Efforts to weaken data encryption: The NSA and GCHQ to systematically weaken the commercial encryption tools designed to protect everything from emails to highly sensitive documents. The methods included building backdoors into technology projects, using sophisticated supercomputers to crack encryption algorithms and forcing vendors to hand decryption keys using secret court orders. Tapping smartphones: In addition to collecting phone metadata and Internet data, the NSA and the GCHQ are also capable of harvesting data directly from BlackBerrys, iPhones, Android-powered phones and other smartphones. NSA hacked 50,000 computers worldwide: An elite NSA hacking unit infected at least 50,000 computers worldwide with specialized malware referred to as "implants". The implants were likened to sleeper cells that could be activated at any time with a single click. Role of private companies in NSA data collection: RSA leader in cryptography, encryption technique, might have enabled a backdoor in one of its encryption technologies after forced by NSA. 2 NSA spies on world leaders: U.S. secretly monitors the phone conversations of at least 35 world leaders including German Chancellor Angela Merkel, Brazilian President Dilma Rousseff and Mexico's former president Felipe Calderon. NSA tracks and hacks systems administrators: NSA aspired to build an international hit list of system administrators who work for foreign telecommunications and Internet companies as part of its surveillance effort. Sony hack is a crime, but what you call about the Edward Snowden leaks! The cyber crime paradigm is changing gradually and it is the tip of the iceberg, more will come soon,2014 is a wakeup call for all cyber security professional, cyber crime is now moving towards organized crime industry, state sponsored crime, out sourced crime and finally towards a cyber war. As reported by the 2013 Europol Serious & Organized Threat Assessment, the “Total Global Impact of Cyber Crime in US is$3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.” The McAfee security firm also estimated in 2013 that cybercrime and cyber espionage are costing the US economy $100 billion per year and the global impact is nearly $300 billion annually. Considering that the World Bank estimated that global GDP was about $70,000 billion in 2011, the overall impact of cybercrime is 0.04 percent of global income and that is an amazing figure! According to a news published in [www.zdnet.com] by "Ellyne Phneah" July 23, 2013 the side effect of cyber crime activity is the loss of 500,000 jobs in the U.S. due to various factors such as reputation damage, consumer losses and service disruption costs. That’s mainly caused by theft of intellectual property, which wiped out the technological gap of U.S. Companies against Asian competitors. According to one more news published in the news paper "THE HINDU" dated 29 jan,2014 "Pakistani hackers defaced more than 2,000 Indian websites on Republic Day in what is being termed as a major cyber attack." 3 When we search ranking of India, in education, health, football we find ourselves in the back bench, but do you know India is ranked fifth in the worldwide ranking of countries affected by cyber crime, according to a report submitted by the Security and Defense Agenda (SDA) sponsored by and famous cyber security firm McAfee. In India, we went straight from no telephones to the latest in mobile technology, with 3rd largest smart phone market in the world, the number of mobile Internet users in India is projected to double and cross the 300 million mark by 2017 from 159 million users at present[report by Internet and Mobile Association of India (IAMAI) and consultancy firm KPMG].Speed is also increasing, there were approximately 82 million 3G subscribers in India by the end of 2014 and the number is projected to reach 284 million by end of year 2017. Unfortunate thing is that majority of these users don't even know the basic facts about cyber security. Every day we find incidents of ATM fraud cases. Everywhere pirated os/ software are used. News floated that some governments officials were using gmail.com,yahoo.com to communicate for official purpose. There is a demand of around 5,00,000 of cyber security professional, but at present only 50,000 are working. Cyber security is still not a compulsory paper in technical colleges and university. This book is like a story book on hacking, describing future of hacking and consequences and solution of that. 4 APT Is The New TAP Story 1: Security firm "Mandiant" released an interesting report (in 2013) that reveals an enterprise-scale computer espionage campaign dubbed as APT1.The alleged Chinese Cyber-Espionage with its Advanced Persistent Threats caused the stealing of “hundreds of terabytes of data from at least 141organizations across a diverse set of industries beginning as early as 2006. Story 2: According to a news published in (http://indiatoday.intoday.in) "Heartbleed" computer virus stayed undetected for 2 years. Hackers could crack email systems, security firewalls and possibly mobile phones through the "Heartbleed" computer bug. Story 3: SONY Pictures Entertainment incident (2014) can be described as the “perfect Advanced Persistent Threat (APT) attack ”. The SONY attack targeted personal identifying information stored on the network. What is APT APTs is Advance Persistent Threat, where attacker launch cyber-attacks against an organization and its digital assets. Few years back cyber attack means, defacing a site, or downloading some confidential data from site, or phishing, today's cyber criminals use a different tactics, they upload a data stealing malware to steal data and mail it in a particular email id, Keylogging malware to capture keystrokes in the site and silently monitor every activity on the site for long time, may be for years. The concept is to steal sensitive, confidential information, without damaging the network or organization.APT attacks target organizations with high-value information, like bank, e-commerce site, national defense etc. APTs are designed to gain access to a network, acquire data, and secretly monitor the targeted computer systems. This is something new concept. The attacker patiently search security loophole or weakness that can be compromised. Why APT is dangerous In APT some unauthorized persons gain access of a network and stays there undetected for a long period. These peoples are highly skilled cybercriminals and harvest information over the long time, APTs mainly 5 target messaging and content delivery servers, where an attacker delivers a malware in an attempt to extract information from the source. This type of cyber attack are well-coordinated and funded by state, country, corporate or organized crime syndicates with specific objectives. Security researchers reporting not only organized crime syndicates but also government agencies are involved in traditional espionage using advanced persistent threats. How APT works The concept of APT is to gain access to systems without any detection. a) APT attack can be launched by sending infected emails to a group of people within an organization for phishing purpose. The mail has a malicious link, or a downloadable file embedded with a malware. b) A cyber criminal can enter through a back door in a OS. Like The Admin framework in Apple OS X (10.9.x and older) contains a hidden backdoor API to get root privileges. Apple has now released OS X 10.10.3 where the issue is resolved. c) Other possible methods are botnet or malware. d) Kaspersky Lab’s Global Research and Analysis Team (GReAT) found cloud technology gives APT hackers another way to attack systems and hide more effectively. FUTURE of APT Computer based APT are moving towards mobile-specific APT malware. Most of the user are cautious about using latest anti-virus software and next-gen firewalls, but tend to be less careful when using their smart phones, mobile devices, or at the time of downloading apps, games from cloud. Criminals are going attack this weakness. Internet of Things is on the way, which will connect every possible device into internet, offices are encouraging "Bring Your Own Device" ,"Bring Your Own Apps" policy, Social media is booming, all these create a new security threat. 6 Solution According to a report by Gartner (http://www.gartner.com/)in 2013,enterprises spent more than $13 billion on firewalls, intrusion prevention systems (IPSs),endpoint protection platforms and secure Web gateways. But advanced targeted attacks, advanced malware attack continue to grow. APT is a dangerous threat because of its nature.APT malware is designed to evade detection from firewalls, IDS, IPS, endpoint protection platforms and secure Web gateways. Hence conventional defense is not going to work. But awareness can provide needed protection. Another view on APT is that, APT threats are better encountered through the use of behavior analysis tools that can not only scan for known threats but can also identify a series of actions that may create a threat. Heuristic analysis is important in this case. According to a report published [www.gartner.com] on "How To Deploy the Most Effective Advanced Persistent Threat Solutions" Lawrence Orans, research director at Gartner, provided Five Styles of Advanced Threat Defense Framework, as follows. Style one – Network Traffic Analysis: The style considers inspecting DNS flow traffic in analysis; in other words, conducting in-depth network traffic monitoring and analysis with Net Flow Traffic Analyzer software. Style two – Network Forensics: The style considers using a Network Forensic Analysis Tool (NFAT) to detect and analyze security incidents solutions that mount efficient and effective post-incident response investigations. Style three – Payload Analysis: The style deems this technique can provide detailed reports about malware behavior from sandbox analysis, either as a solution on-premises or cloud-based. Style four – Endpoint Behavior Analysis: The style sees Endpoint Security and Control that provide intelligence and correlation for behavior analysis to block malware and fend off zero-day attacks, if not as a strategy for ATA defense. 7 Style five – Endpoint Forensics: The style serves as an endpoint security tool that helps detect hidden malware and other signs of compromise or irregular activities on endpoints across the enterprise. It can be used to identify attacker behavior, investigate and respond to cyber-attacks on the endpoint before critical data loss occurs. The most effective approach, Gartner says, is to use a combination of styles. For example, one can use network/payload, payload/endpoint or network/endpoint. 8 The Advent Of AVT APT attack is disk-resident (persistent) that resides in the victims machine. whereas AVT is a RAM-only (volatile) attack and disappear without any trace as soon as the PC is turned off. But recently it has been separated from APT and renamed as Advanced Volatile Threats. It is far more stealthy that APT because it erases ‘fingerprints’ before leaving the device. security vendor "Triumfant" first coined the term AVTs, says that up to 10% of current attacks are AVT, but it is impossible to know how many AVT attacks have gone unnoticed. "Triumfant" also analyzed and said that Chinese, Iranians and Russians hackers are behind the AVT attack. This kind of attack is not new, like APT it also remain unnoticed, but for a shorter period of time. AVT can be deployed through a drive-by download or by The Meterpreter, which is a exploitation tool included as part of the Metasploit Framework. It allows developers to write their own dll file that can be injected into a running process on the target computer for corporate espionage and steal classified information and intellectual property and finally escape the detection. It is a real-time attacks. Why AVT is difficult to trace In AVT no file is saved on disc, in fact it doesn’t touch the registry, leaves no physical traces in the system, this makes AVTs a dangerous threat and attractive to malware developers and government-sponsored attackers. State-sponsored attacks require deniability. Attacker source can easily be tracked if the malware resides and persists on the disk. but if malware is undetected, the attacker source is also remain undetected. Forensic investigation on that particular machine returns void to researchers. Is it really difficult to trace AVT Many researchers agree that though it leaves no traces but it's presence can be identified from indirect sources, for example If malware is delivered by an email attachment, then records remain on the mail server. If it’s memory-to-memory transfer by drive-by or waterhole(Watering Hole is a computer attack strategy identified in 2012 by RSA Security),then there will be some valuable data in the web server's logs. 9 Solution As conventional Anti Virus file scanning methods cannot identify AVTs, RAM-monitoring techniques will be required to detect an AVT attack in real-time. Indirect sources like mail server, web log can be scanned for signs of AVT. 10 Bye Bye Office Device What is BYOD? BYOD (bring your own device) is defined as the use of employee-owned mobile devices such as smart phones and tablets to access business enterprise content or networks. [Source: wiki] Why enterprises embrace BYOD An effective use of BYOD strategy has number of benefits for businesses, like flexibility to use company resources, increasing employee job satisfaction, It can also improve productivity and response times, and encourages employees to be more engaged with their work. BYOD can also provide cost savings from initial device purchase as employees invest in their own devices. Danger in BYOD The use of personal devices in the workplace continues to rise. In BYOD not only employee owns the device but also maintains and supports the device. As a result, company will have less control over the device in comparison to a device owned by the company. With unsanctioned consumer apps and devices continue to creep into the workplace, data breaches can happen quickly. An infected personal phone or tablet can bypass defenses of corporate firewall, VPN as soon as the device logs onto the corporate WiFi. A recent IBM research finds that BYOD devices are leaving enterprises vulnerable because of installation of unsecure mobile apps and logging public Wi-Fi networks, hackers are targeting BYOD devices opting to gain business data access via BYOD. As BYOD increases data protection risks, so businesses need to think carefully about BYOD and put in place appropriate policies and processes to tackle these issues and thereby minimize the risks associated with BYOD. 11 SOLUTION IN BYOD Implementing a complete ban on BYOD is not possible, because the work/life barrier has shifted, IT staff also does not have enough time to check everyone’s devices, like os is updated? or patch is installed for any particular application. But following steps can be taken to control the risk associated with BYOD. Mitigate BYOD risks with hybrid cloud computing. Cloud computing means on demand delivery of IT resources via the internet with pay-as-you-go pricing. where Public cloud allows users to access the systems and services easily to general public for example IBM, Microsoft ,Google, etc. The Private cloud allows the accessibility of systems and services within the organization. Private cloud is operated only within a particular organization. The Hybrid cloud is the mixture of public and private cloud. where Noncritical activities are performed by public cloud and critical activities are performed by private cloud. Employees can use Hybrid cloud to separate personal and corporate data. A multidisciplinary team should develop a well coordinated BYOD policy This multidisciplinary team should include IT experts, human resources people and legal experts who can implement a BYOD policy. These group of people should frame a policy before allowing employees to bring their own devices to work. These includes, teaching employees how to separate work data with an employee's personal data. How to encrypt and secure the access of corporate data from non employees, such as family members. If employee loses a device or resigns what to do with corporate data stored in their personal device. Well defined BYOD policy can help employees to clearly understand their responsibilities while connecting their devices to the company IT systems .An security audit should also be carried out on the types of personal data to be accessed and the devices to be used. 12 Employers should also consider the use of a sandbox or ring-fencing of data Employers should also consider the use of a sandbox or ring-fencing of data, such as by keeping data contained within a specific app, as well as ensuring that, if the device is lost, the data on it is kept confidential and retained via a backup facility. Monitoring the internet traffic on personal device. The monitoring includes like recording the geo-location of the personal devices or the internet traffic on the personal devices. Though remote monitoring is obviously not ethical when it comes to personal devices. Employees might also engage in “jailbreaking” their devices so they can effectively hide their activities and work around corporate policy. Increased monitoring at work on employees personal devices can also backfire .But companies must inform employees of the extent of the monitoring and can also assure that not violating any privacy policy. 13 Criminals Are In Cloud Nine Few years back the Megaupload cloud storage service was stopped by police following allegations of illegal piracy. Kim Dotcom and his colleagues were arrested, Megaupload was a low-cost file sharing cloud and popular for making online backups. When the US authorities closed the service without warning, businesses were unable to access their documents and lost data permanently What is cloud computing Cloud refers to a Network resources or Internet. Cloud computing means on demand delivery of IT resources via the internet with pay-as-you-go pricing.Cloud infrastructures are present at remote location and users have no idea about the physical infrastructure and the complexities of the system they are using. Cloud computing can be defined as the use of computer technology that harnesses the processing power of many inter-networked computers and at the same time conceal the infrastructure behind it. The advantage of cloud computing are given below a) cloud computing environments are always up-to-date. With cloud based security all traffic from all devices is directed to the cloud for inspection of malware, viruses, spam, or other threats. b) cloud can work in the distributed computing environment. c)It supports high scalability. That means users can increase or decrease the capacity of hardware resources any time they want. d)Multi-Sharing is possible, multiple users and applications can work more efficiently by sharing common infrastructure. e) Cloud computing security addresses Unified Endpoint Management (UEM).At present, device management more focuses on the integration of a large variety of endpoints – such as wearables, IoT, smartphones, and tablets. 14 f) Cloud security dramatically improves Return on Investment, because moving your data to the cloud means that deployment costs are minimal, with no worry about hardware or software. g) Cloud computing enables the users to access systems using a web browser regardless of their location or device they use. h) Cloud offers huge amount of storage capacity like 2000 GB or more than that if required. News on cloud hacking 2014 was a wake-up call about the growing dangers of cloud related cybercrime and hacking. one kind of cloud attacks reported in the Christmas Day 2014.It was attack on Microsoft and Sony gaming servers by Lizard Squad. The attack was a DDOS attack. On more incident, where the RackSpace Domain Name System affected by DDoS attack, which affected its DNS setup and caused problems accessing RackSpace cloud services for 11 hours. Another attack was reported on Amazon EC2 server that hijacked cloud servers for Bitcoin mining purposes. In that case, a GitHub user discovered a bot scanning for Amazon API keys. Once the hacker got the keys, he or she used them to grab Amazon cloud-based computing resources. We are also aware of some picture leak incidents from icloud. The moral is cloud attacks are escalating. Why cloud preferred be criminals Cloud-based services are basically anything that relies on server components on the Internet. Criminals are setting server within ISPs that are designed specifically to take part in fraud. Security analyst firm McAfee and Guardian Analytics uncovered the location of servers, it is in eastern European countries, These servers are located mostly at "bullet proof" ISP that have lax policies and are re-located frequently to avoid discovery. 15 Now criminals are moving their malware(Remote Access Trojan)from end user PCs to servers in the cloud. The attack starts with a phishing e-mail, typically pretending to be from a genuine source like a bank, office, from IT depratment, placement agency urging the recipient to click a link to change the account password, or to download an attachment. Once the link is clicked, victim goes to log into the bank site, and the malware would use a so-called Web inject technique to overlay what looks like the bank Web page in the victim's browser. Now all information given to this page goes to the server rented by hacker .If an attachment is downloaded, a malware embedded in that attachment is also downloaded onto the victim's computer and starts stealing the data and sending it off somewhere. This kind of malware is controlled from the server. New cloud computing accounts may be created with stolen credentials and credit card details, this way criminals can hide their identity and create difficulties in tracking down the source of the attack, particularly when it is cross border. Accounts created or compromised in such a way can be controlled as part of a botnet. Cloud botnets are cheaper than PC, criminals gradually will move all botnets from residential PCs, to the cloud and mobile, to support their spam, DDoS attacks, Ad-click fraud, Bitcoin mining and other illegal activity. Cloud computing users may be subject to domain name system (DNS) attacks. Pharming and DNS-poisoning involve diverting visitors to spoofed websites by ‘poisoning’ the DNS server or the DNS cache on the user’s computer. Solution The cloud security market is growing leaps and bounds, going from $4.20 billion in 2014 to a predicted $8.71 billion in 2019 with a CAGR of 15.7% during the forecast period 2014-2019.we can say that,2015 is not year of the cloud — it’s also the year of cloud security. User training is the most important, users of cloud computing service should be aware of what not to do with cloud service as the infrastructure is at far away. 16 The client can patch the operating systems, update the internet browsers and other software applications to protect against new vulnerabilities and malware, can install anti-virus software, install firewalls to protect against unauthorized access. Cloud computing providers may also implement multifactor authentication to strengthen authentication checks. Encrypt the data travelling between the cloud and the browser. Encrypt the data stored in the cloud. Cloud service providers can use intrusion detection and prevention systems and network 17 Hack-Economy Few years back "Khoo Boon Hui", who served as President of INTERPOL from 2008 to 2012 said that "organized international gangs are behind most internet scams and that cyber crime’s estimated cost is more than that of cocaine, heroin and marijuana trafficking put together". He also said that “80 per cent of crime committed online is now connected to organized gangs operating across borders". They are using Nation-state tactics. Today's hackers are more organized and work in groups, many blackmarket sites exist where hackers exchange stolen information. Credit-card data is sold in bulk by "carders" and phishing scams are a growing concern. Malware viruses, Trojan horse programs and worms -- generates more money than the entire computer security industry. The terms "Attack-as-a-Service”,“Crime-as-a-Service”,“Malware-as-aService”,“Fraud-as-a-Service” has now become a new business model. Today almost anyone can become a cyber-criminal, the concept is if you can't do it, hire professionals to do it. Today's Cyber criminal gangs offer botnet and control infrastructures, hosted on cloud for lease or sale or rent to its customer. Cybercriminals also sell or rent their co-workers hacking service, to conduct illegal activities. cybercrime-as-a-service will continue to accelerate and mature, Cybercrime-as-a-service providers are now offering free trials, money back guarantees and discounts for repeat business to retain their old customer and also to lure new customer. In 2014 Internet Organized Crime Threat Assessment (iOCTA) reported that service-based criminal industry is developing to the point where an increasing number of criminals are operating from virtual underground – or dark net. Cybercrime-as-a-Service can be categorized in 4 sectors Research-as-a-Service : These kind of service try to sale of zero-day vulnerabilities to organizations or individuals. 18 Crime ware-as-a-Service : These kind of service try to develop tools and exploits and sell that to organizations or individuals. Cybercrime Infrastructure-as-a-Service: These kind of service lease or sale or rent co-workers hacking resource to its customer Hacking-as-a-Service: They simply perform hacking with their resources and charge for it. Typical structure of a well organized cyber crime syndicate (Source: ICT Pulse) Here comes some interesting statistics collected from internet where “Attacks-as-a-Service,” is on rent or sell. The majority of these services are presented in the underground economy. This black market offers bulletproof hosting or rent compromised machines belonging to huge botnets, hacking services, and of course, customer support. •Consulting services such as botnets setup, $350-$400 •Infection/spreading services, under $100 per a thousand installs 19 • Botnets and rental, Direct Denial of Service (DdoS),$535 for 5 hours a day for one week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts. •Black hat Search Engine Optimization (SEO), $80 for 20,000 spammed back links. •Inter-Carrier money exchange and mule services, 25% commission. •CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans. •Crime ware upgrade modules: Using Zeus modules as an example, they range anywhere from $500 to $10,000. •$150 and $400 to crack e-mail passwords in less than 48 hours. The hierarchy of the digital mob. Image credit: Finjan 20 Finjan describes the employee structure that these cybercrime companies employ as being similar to the Mafia. In both cases, there is a "boss" who operates as a business entrepreneur and doesn't commit the (cyber)crimes himself, with an "underboss" who manages the operation, sometimes providing the tools needed for attacks. In the Mafia, several "capos" operate beneath the underboss as lieutenants leading their own section of the operation with their own soldiers, and in cybercrime, "campaign managers" lead their own attacks to steal data with their "affiliation networks." The stolen data are sold by "resellers," similar to the Mafia's "associates." Since these individuals did not partake in the actual cybercrime, they know nothing about the original attacks. They do, however, know about "replacement rules" (for example, stolen credit cards that have been reported) and other company-specific policies, just like the sales representatives you talk to in your average store. [Content credit: Finjan ] Solution What will cybercrime-as-a-Service landscape look like in 2020? It’s difficult to predict because technologies evolve at impressive speed and invention of new technology means new opportunity to the criminals. Analyzing the cyber crime ecosystem is a very complex task, due to the multitude of entities involved, and their different means and methods. cyber-criminals are mostly using tools such as Botnet, Zombie Computer, Fast Flux, Skimmers, Tor, VPN, Encryption techniques and virtual currencies to carry out illegal activities. The future adoption of Big Data, wearable devices, the Internet of Things and the move to IPv6 will offer up new kind of attack vectors to hackers, in fact researchers found that cyber criminals are more technologically advanced than those trying to stop them. Companies and the government should take a radically different approach to cyber security. which goes beyond installing antivirus software and training employees. Like a common legal framework that is recognized globally. More International and cross-border collaboration if law enforcement is to be successful, exchange of relevant information and intelligence, disruption of the criminal infrastructures behind illicit online services. Adopting Big data in cyber security model is crucial in next few years, more over A wider debate is required across society as to how 21st Century policing will deal with dark net cyber crime. 21 Cross o s w rd Puzzles Phil Spencer, Microsoft’s head of games, said at the Game Developers Conference that the company continues to invest in a cross-platform ecosystem that allows people to play titles across Windows 10 PC, Xbox console, and Microsoft mobile devices. That means that Microsoft will launch new tools so that developers can create games that will run across Microsoft’s family of devices. That includes Windows 10, Windows phone, and Xbox consoles. Why cross platform is on rise In general, the main goal for cross platform application is to acquire as many customers as possible and deliver highest quality engagement within a target market. As a business owner, you would want to have an mobile application which is adaptable on various platforms so people can use it on the go, wherever they go, however they go. Two most popular mobile platforms today are iOS and Android. Also, you should always keep in mind that developing an application for BlackBerry and Windows mobile is also worth thinking. Ability of a programming language (such as Java) that enables programmers to develop software for several competing platforms by writing a program only once. Cross-platform software can run on most or all systems with little or no modification. Also called multi-platform. Apps with cross-platform compatibility features require only a single set of coding. That, in turn, makes the task of mobile application developers easier. If separate, customized versions have to be developed for Blackberry, iOS and Android platforms, risks of a coding error cropping up also becomes higher. Tools like Eclipse and PhoneGap have reduced this problem to some extent . HTML5,visual c++, c# xamarin (visual studio 2015) can also develop cross platform application. 22 Cross-platform gives you reusability of code, all this means you have reduced development costs when making apps for multiple platforms. The mobile application development cost associated with most (if not all) crossplatform software is lower than the required expenses for native apps. This automatically enhances the financial viability of the former type of applications. Why Cyber criminals are targeting cross platform Os. Gartner Says by 2016, More Than 50 Percent of Mobile Apps Deployed Will be Hybrid. Hackers targeting the same vulnerabilities in applications commonly found on both platforms, because they can ‘hop’ from platform to platform, and can damage more victim, not only the original victim, but also the victim’s other devices, or even the network that they connect to ,ultimately it infects all systems connected in the network. It is a kind of chain reaction. The damage would be exponential if left unchecked. Majority of user nowadays use inter-connectivity between mobile devices and laptops/desktops, they transfer/data file between these devices. This connectivity also raises the threat. The economy is simple, they can make profits twice from the same malware. As the development domain is leaning towards hybrid application, hackers are also changing their modus operandi. They started rewriting their malware suitable for this hybrid platform. ANDROIDOS_USBATTACK.A, a malicious app that pretends to be a cleaning utility for Android devices. It acts as an information stealer, but also downloads an auto run malware onto the affected mobile device’s SD card. If the user connect his mobile device to a Windows PC, the malware would then automatically run, infecting the PC. The malware itself records the user’s voice with the PC’s microphone feature. [source: trendmicro.com] 23 Solution Their users must also be educated about these threats. Security solutions exist for nearly every platform, but users are not aware of this. Cross platform attack is not dominant today comparing the native Os attack. We have to wait and watch for it. 24 Cyber stalking Cyber Bullying A sad story of a young girl named Rebecca Sedwick just 11 years old, who lived in Florida jumped off of her town’s water tower to her death after been extensively cyberbullied by her classmates Over the last few years. Rebecca contact school administrators and also switch school but the cyber bullying persisted. About 1.8 billion teens worldwide are effected by Cyber bullying. Facebook, Ask.fm and Twitter were found to be the most likely sources of cyber bullying. Cyberbullied victims suffer silently from low self-esteem, depression, drop out of school and also suffer from suicidal tendencies. In last few years lots of Cases of cyber bullying had reported all over the world and from India. Many of the suicides among Indian adolescents are due to the trauma of cyber bullying suffered by the victims. India Ranks Third on Global Cyber Bullying List. According to a recent ‘Mobile Internet in India 2014’ report released by the Internet & Mobile Association of India (IAMAI) and IMRB International there were around 173 million mobile internet users in India in December 2014.which is expected to reach 213 million by June 2015.If you look at the picture(SOURCE IAMAI and IMRB) in rural India around 53 million are connected to internet by June 2015 and in urban India around 160 million users are connected to internet. Also according to a new study, the biggest of chunk of the users are in the age group between 16 to 18 years and these numbers have gone from 5% in 2012 to 22% this year, which is around four-fold increase. To understand the global impact of online bullying. Microsoft researcher asked children of 25 countries about the negative experiences they’ve had online and asked them to raise on any incident which had an adverse effects in their online presence. According to Microsoft’s ‘Global Youth Online Behavior Survey’ out of these 25 countries, India ranked third (behind China (70%) and Singapore (58%) with 53% of respondents (children aged between 8-17) saying they have been threatened or being harassed online. 25 The survey also indicated that 22% of children reported mean or unfriendly treatment, 29% were made fun of or teased and 25% were called mean names. According to the 'Tweens, Teens and Technology 2014 Report' by McAfee, 50 percent of Indian youth have had some experience with cyber-bullying (been cyber-bullied online or witnessed others being so treated), out of which one-third (36 percent) have themselves been cyber-bullied. Offline harassment, threat, defamation are also in radar of some researcher. It is astonishing to know that “India is one of the few countries where the rates of online and offline bullying were equal”. What is Cyber Bullying? Cyber bullying is the harming or harassing via information technology networks in a repeated and deliberate manner. According to U.S. Legal Definitions, "cyber-bullying could be limited to posting rumors or gossips about a person in the internet bringing about hatred in other’s minds; or it may go to the extent of personally identifying victims and publishing materials severely defaming and humiliating them".[wikipedia] "Cyber bullying is a typical type of online harassment, which can be defined as hurling harsh, rude, insulting, teasing remarks through the message box or in open forums targeting one's body shape and structure, educational qualifications, professional qualifications, family, gender orientation, personal habits and outlook," [Defined by Debarati Halder, advocate and managing director, Centre for Cyber Victim Counseling] Cyber bullying vs. Cyber stalking. "Cyber bullying" is when a child, preteen or teen is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another child, preteen or teen using the Internet, interactive and digital technologies or mobile phones. It has to have a minor on both sides, or at least have been instigated by a minor against another minor. Once adults become involved, it is plain and simple cyber-harassment or cyber stalking. Adult cyberharassment or cyber stalking is NEVER called cyber bullying. 26 How cyber bullying works There are two kinds of cyber bullying, a) Direct cyber bullying: Some messages sent to a victim directly by another kid. b) Proxy cyber bullying: Seeking help from others including adults to sent message to a victim. The creator of the message or picture don't come to front.it is much more dangerous. According to cyber law expert Pavan Duggal "Under Section 66 (A) of the IT Act, 2000, cyber bullying is a bail able offence, punishable with three years of imprisonment and fine". Solution Should the Law Treat Kids and Adults differently? Though cyber bullying is a bail able offence, punishable with three years of imprisonment and fine, but the fundamental question is, are children capable of understanding the consequences of their actions? Cyber bullying involves activities of teen, preteen and adolescence is one of the reason. Actually adolescents' brain can be likened to a car with no brakes. There is an area of the brain called the pre-frontal cortex that controls our decision making. which isn't fully developed until the early to mid-twenties. Parents and Schools have an important role to play. In India,3 out of 10 parents say that their children have been victims of cyber bullying, but have no clue on how to tackle it. According to me Some solutions are as follows 1) As most of cyber bullying originate from fake accounts, you can ask your child to create a maintain a genuine account in social networking sites and not to create any fake account. 2) Teach them not to send any damaging messages in public forum. Also warned them, that if any damaging/defamation comes from their post they may lose internet connectivity for a while. 3) Schools can invite cyber security professionals to educate their students on cyber ethics and the cyber law. 27 4) Schools can arrange psychological counseling sessions for every student in the school periodically. 5) Encourage teens to report incidents of cyber bullying to an adult. 6) Teach your child how to use "STOP", "BLOCK" or "report abuse" options available in social sites. Best effective method is to stop cyber bullying at the source, before the damage was done! Conclusion Trisha Prabhu (A 14-year-old freshman at Neuqua Valley High School in Naperville, Illinois) one day came home from school and read the news of Rebecca Sedwick. She was shocked to read the news and created and patented a product "ReThink" that can stop cyber bullying before the bullying occurs. It had been found that with use of "Rethink", adolescents change their mind 93% of the time and decide not to post an offensive message. She was selected as Google Global Science Fair Finalists 2014 for her work on "ReThink". See the site [http://www.trishaprabhu.com/] 28 Silicon Valley Vs Film Studios According to "Internet and Mobile Association of India" and consulting firm KPMG the faster growing market of smart mobile phones in India and the number of mobile Internet users which is expected to cross the 300 million mark by 2017 will definitely shift the battleground of film piracy. The battle is likely to be more intense with the adoption of 4G.4G services can offer peak speeds of 45 Mbps, making downloads faster and smoother. Telecom service providers promise a very-fast downloads of Internet content, like downloading a full movie in just 3 minutes posing a real threat to India’s Rs.52,430 crore film and television industry, which provides income of around 1.8 million people. DAP is a popular software which can be used to download clips and moves from YouTube and permanently stores it in computer for entire life. peer-to-peer file-sharing(torrent) websites have had access to high quality illegal content. Not only these, Google rolled out YouTube offline viewing feature that allows users of India, Indonesia and the Philippines to temporarily store videos offline for the next 48 hours and then watch later without any internet connectivity. But trust me this app can be tweaked to extend the viewing beyond 48 hours. In 2010 Google start allowing certain users to upload videos that were longer than 15 minutes Now pirates use it to upload entire movies. Uploading pirated movies on legitimate sites like You-Tube has a long lasting negative impact on revenues. According to Motion Pictures Distributors Association’s Internet Piracy Studies India is the 4th largest global hub of online film piracy, behind United States, Britain and Canada, with Delhi, Bangalore and Mumbai accounting for the major share of illegal downloads. In 2013 Ernst & Young last estimated that Indian film industry loses about Rs 5,000 crore in revenues and over 50,000 jobs a year because of piracy. 29 Piracy as a whole cost the Indian movie industry $1.1 billion in 2012, according to a report by KPMG. The consulting firm doesn’t have more recent numbers to share. In 2013, India ranked 6th in the world in terms of the number of unauthorized P2P connections translating into films becoming available on Bit Torrent, cyber locker or web-based file hosting sites within hours of the film’s release, and sometimes even before that. According to the 2014 Report on Copyright Protection and Enforcement by the International Intellectual Property Alliance, India was among the top 10 countries where Internet piracy of film and television content is rampant. India topped in the list of countries where the movie "Fast & Furious 7" was illegally downloaded from the Internet after its release ,with 578,000 downloads. Film fans ware waiting for Ketan Mehta’s Nawazuddin Siddiqui-starrer Manjhi: The Mountain Man,a high-definition copy of the entire film,was found on many torrent sites before it was released. Earlier, Malayalam blockbuster film "Premam" was leaked online, before it is released. Kamal Haasan's movie "Papanasam" pirated copy also leaked online after its release. More hand held devices, faster network and popularity of a video streaming service will truly become a challenge for the movie industry in coming years. India lags far behind countries like the US when it comes to fighting piracy. The government can ban porn sites but how to kill piracy? We can easily find road side shops selling pirated CD/DVD of movies, games, os and many software. Piracy is not new, initially it was for most tech-savvy people, as we know that today's youngsters are more net-savvy, tech-savvy than anybody they use the most of it. Peer-to-peer (P2P),online file sharing poses a much bigger risk. Today Many of the viewers prefer to go to a cinema hall to watch the movie if it wasn't available on YouTube or in torrent. 30 "Producers lose around 10 per cent of revenues with content going online," said Rajeev Kamineni, executive director of PVP Cinema, Mukesh Bhatt said his film "Aashiqui 2" suffered huge revenue loss. Bhatt co-produced it with T-Series. He said "For 'Aashiqui 2',more than 40% of my revenue was lost to internet piracy, When I go to work, I feel I am not working for myself, I am working for a pirate and that breaks my heart..." Solution Film piracy is an organized crime, whenever you purchased a movie ticket government collects some entertainment tax for each ticket. different country has different tax rates, but when it is being copied and uploaded in net it becomes global and anybody can enjoy it tax-free. According to a statistical data collected in 2013 due to piracy, nearly 800 theatres across the state Andhra Pradesh were closed down in the last few years,News flashes regularly in tv and papers that flim produces and actors are threaten by underworld people on extortion and when the money is not paid they used to upload a copy of the movie in net. Every Indian knows where these underworld people stay and form which country they operate. In India recently digital rights management (DRM) is introduced to provide “adequate” protection for copyrighted material in the online digital environment. A cohesive strategy including consumers, judiciary and policymakers should be there to fight this piracy on a proactive basis. Heavy punishment should be there in legal ecosystem for online piracy. The iMovieCop app was officially launched in 2013 and inaugurated by Nancy Powell, the then US ambassador to India. "Indian Movie Cop (IMC) is a proactive initiative by the Indian film industry to spread awareness about movie piracy. IMC provides seamless coordination, collective action, and cooperation between stake holders, enforcement agencies and concerned movie lovers by providing all relevant information. 31 IMC encourages citizens and movie lovers to fight piracy by sharing relevant information with the concerned authorities in real time. IMC provides a platform for people to promote and protect creativity and recognizes and rewards such efforts". 32 Mobile apps and webpage giving high five with HTML5 Web browser developers, mobile OS developers, browser based games developers and large companies operating on the internet all are pushing for the adoption of new technologies like HTML5 for the development of rich web-based client applications. Although the World Wide Web Consortium W3C only approved HTML5 as a standard in October 2014,its adoption started many years ago. Presently, almost 30% of the Fortune 500 companies, which include tech giants like Google, Facebook, Netflix and Microsoft are using it. Recently software developer wing of Adobe Systems announced that it is ending development of its Flash Player plug-in for mobile devices, because Adobe believes that HTML 5 technology offered the "best solution" and it is "universally supported". Google introduced Google Swiffy to convert Flash animation to HTML5, a tool Google would use to automatically convert Flash web ads for mobile devices. In 2015, YouTube also switched to HTML5 technology on all devices. HTML5 is still in development phase but some applications already support it. The power of HTML5 allows developers to create almost full-fledged web applications, not just structured content.HTML 5 is developed to improve the functionalities of websites, it removes the need for plug-ins such as Java and Flash and bring the storage capacity of the cloud to the browser.HTML5 also helps in creating games for both mobile devices and PCs, plus the game doesn’t have to be installed on device. One reason for its popularity is largely cross-platform. It allows developers to create apps for various platforms including iOS, Android, Windows, Mac and web applications. Basically browsers can store relatively small amounts of data, mainly cookies which can track and remember the user's preferences in the websites, but with HTML5 more data can be stored in the browser and cybercriminals could create super-cookies to track people's web behavior. 33 Attack on HTML5 HTML5 an increasingly popular web language will be the next big target for cybercriminals.HTML5's new features has increased the attack surface. Recently A group of Italian researchers have come up with new obfuscation techniques that can be used to dupe malware detection systems and allow malicious actors to execute successful drive-by download attacks. The researchers' obfuscation techniques are based on some functionalities of the upcoming HTML5 standard, and can be leveraged through the various JavaScript-based HTML5 APIs.HTML 5 hides a lot of this detail from software writers making it harder to distinguish between good and bad sites. The other major security flaw for HTML 5 is integration of GPS with mobile which can identify a person's location. Solution As the adoption of cloud computing changed the vulnerability surface, same will happen with the adoption of HTML5.Gartner an American information technology research and advisory firm recently published a report predicting that over 50% of the mobile apps are likely to be based on HTML5 by 2016.HTML5,DOM and embedded JavaScript are the technologies of next generation applications. Great amount of attention is required towards HTML5 security and developers needs to be trained on the new features of HTML5 and also on the secured coding. 34 Internet of Threats IOT is internet of things. The concept behind IOT is to connect commonplace machines and appliances – say, your microwave or air conditioner at home, or the traffic lights of your entire city – to each other and then use their ability to exchange information to make our lives easier. It is possible through the interconnection of devices with embedded computer chips inside it. IOT is a buzzword of choice and part of key business strategy for major technology players like Google, Samsung, Coca-Cola, General Electric, Domino’s Pizza and many more. The IOT is not a new concept. In 1999 Bill Joy of Sun and Kevin Ashton of the Auto-ID Center at MIT proposed ideas that would become the Internet of Things, though the phrase itself is attributed to the Kevin Ashton. Some examples of IOT include smart climate control systems, home surveillance system, onboard computers in a vehicle providing real-time traffic information. [source http://www.3g.co.uk/] 35 Here comes some interesting facts on IOT >In 2008, there were already more “things” connected to the Internet than people. >It is expected that by 2020, at least 14 per cent of the consumers would have purchased some form of Internet connected things. >By 2020 the amount on things connected to the Internet will reach over 50 billion, raking up $19 trillion in profit. >Wireless communication is the present and future. Many IOT devices are communicating in short-range wireless communications technologies such as RFID, NFC, Bluetooth, Wi-Fi. This kind of connected devices are expanding at exponential rate. How IOT will change cybercrime domain Not many are aware of the concept of Internet of Things. Studies say that about half of the Americans right now[2015] don’t know about smart thermostats and smart refrigerators, but according to a report published by "EMC/IDC Digital Universe" in 2014 predicts that, around 40 percent of all data will be machine generated by 2020,where as it was 11 percent in 2005. General Electric estimates that the IOT will add $15 trillion to global GDP over next 20 years. McKinsey’s Global Institute published a report in may 2013 suggests an economic impact of $2.7 trillion to $6.2 trillion annually by 2025—mainly in health care, infrastructure, and public sector services. From all statistics it is clear that money matters and we know that objects under computer control or accessible via the internet can be "hacked" or compromised. Cyber criminals are definitely going to explore this avenue. In fact Internet security firm "Proofpoint" said on January 2014 that it has found some compromised gadgets—which included everything from routers and smart televisions to at least one smart refrigerator—sent more than 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014.This was the first major attack on Internet of Things devices. 36 Now question is how attack on IOT was indentified A security researcher at "Proofpoint" noticed a spike in thousands of malicious messages sent from a range of IP addresses that she didn’t recognize, being curious, she began pinging the devices and soon realized that they weren’t PCs, the usual platform for launching this sort of attack. Instead, many were otherwise unidentified as devices running a standard version of Linux. Pinging one device brought up a login screen that said: Welcome To Your Fridge. She typed in a default password—something like “admin” or "adminadmin," and suddenly got access to the heart of someone's kitchen. Search engine for Internet connected devices is [shodan.io] 36 Popular searches shodan.io Searching webcam in shodan.io 38 Hacking your computer, mobile phones, social networking sites are old concept. It’s now expanded to wearable medical devices, street lights, traffic system, our cars, and our homes. Solution First step in protecting IOT devices is to change the default passwords. Next if you don’t need your device connected to the Internet, then don’t connect it or put it behind your personal router and firewall in your environment. I mean some extra layer of protection. Do not blame the interface, A very secure LINUX or Android OS can be developed but most of the user are not aware of this secured feature available in OS. So user training is important. Till today IOT ecosystem is unstructured, vendors are supplying software that runs on different sets of hardware and firmware. One inherent solution is this unstructured IOT ecosystem. A lack of standardization means the potential scale and impact of a cyberattack against connected devices in a home or business is limited. Be sure that firmware and software running on the devices could be updated and that upgrade are made through secure processes that avoid any modification/substitution. Many smart devices provide a “Wireless Access Point” functionality, like Smart TV, and it is necessary to adopt strong encryption algorithms and security best practices (i.e. disabling the broadcast of SSID). IOT devices could be integrated with cloud services for sharing data. As the Internet of Things expands, industry and government must collaborate to boost security of critical systems, not all the knowledge resides in any one organization; we need a collaborative system where people come together to work through If IOT paradigm is Sensors +Networks + Cloud Infrastructure + wireless devices + Machine generated data. A new cyber security model will be adopted soon. Big data analytics + Existing security technologies = stronger cyber defense 39 Needle-In-Haystack 2014 was a major wake-up call for the cyber-security professionals after the Sony leak incidents and leak of "snowden" news. Really nothing is safe anymore. Individuals and Businesses need to take every possible steps to keep their assets secure. "Snowden" did many revelations, among all of these the two most important was a) XKeyscore tool: Using XKeyscore the NSA uses to search "nearly everything a user does on the Internet" by intercepting data across the world. b)collecting it all: Not only Internet data. The NSA, following its unofficial motto of "collecting it all," and intercepts 200 million text messages every day worldwide through a program called Dishfire.NSA described the collected messages as a "goldmine to exploit" for all kinds of personal data. Now question is what NSA was doing with these data or information? Collecting any crucial or confidential information from these data set is like searching needle-in-a-haystack. Human beings today create around 2.5 quintillion bytes of data every day. The rate of data creation has increased so much that 90% of the data in the world today has been created in the last two-three years. This acceleration and the production of huge data requires some special skill and technologies to process and is called Big data analytics. Now the data can be categorized into three areas, structured data like data in tabular format, semi-structured format like data stored in XML format, unstructured format like this paragraph. Five years back Cybercriminals were only targeting the tabular data, but today having on top of the latest technologies ,they think that along with structured data, unstructured and semi-structured data is a new gold mine and then started filtering the massive data generated from number of events occurring across 40 the world from wide variety of data sources like traditional log and audit files or more emerging sources such as audio, videos, images, social media, email. Criminals use Big data analytics to collect massive amounts of data generated inside and outside the organization — to find hidden relationships, and patterns. Today's Cyber-criminals are not interested about historical data, they are more focused about collecting real-time, sensor-based data, passive data(like geographic location, access time, access location, organizational roles and privileges of a device etc). Solution When an attack does happen, organizations can’t necessarily isolate a system because the cost and impact of shutting it down may be greater than the cost of an infection. Cyber security model need a shift from prevention to prediction & remediation. Because cyber forensic is the last option, it is better to be proactive than reactive. Traditional security monitoring systems are not enough. Today many organizations rely on approaches to Security Information and Event Management (SIEM) which is based on off-theshelf SQL databases or proprietary data stores, that were not designed nor it can keep pace with the massive amount of data, organizations generate with today. This new model [Big data analytics + Existing security technologies = stronger cyber defense ]will offer intelligent guessing, heuristics calculation, statistical and behavior models, correlation rules, and threat intelligence feeds into organizations security surveillance to strengthen their security infrastructure. The Worldwide Intelligence Network Environment (WINE) provides a platform for conducting data analysis at large scale. WINE loads, samples, and aggregates data feeds originating from millions of hosts around the world and keeps them up-to-date. WINE is currently used by Symantec’s engineers and by academic researchers. This allows researchers to conduct experiments on real-world data and compare the performance of different algorithms against reference data sets archived in WINE. 41 Bug bunny Denial of service(DOS),Distributed Denial of service(DDOS) is old concept because it requires large number of compromised computers to execute the attack, plus it can be detected and prevented by most of traditional anti-DoS tools. Recently one more attack with HTTP protocol as a shield becoming popular, this kind of attack works in “low-and-slow” mode. In “Low and Slow” attack it appears that apparently legitimate traffic is arriving, but at slow rate.This works in layer 7(application layer) and is called slow HTTP Denial of Service (DoS). Anatomy of attack Slow HTTP attacks rely on HTTP protocol, Slow HTTP Post DoS attack was officially revealed by "Wong Onn Chee" and "Tom Brennan" together at the Open Web Application Security Project (OWASP) conference, where they demonstrated this particular attack. In HTTP protocol, the client submits an HTTP request message to the server and the server, returns a response message to the client. by design, it requires requests to be completely received by the server before it is processed, but if an http request is not complete, or if comes at very low rate, say one byte every 1–10 seconds, the server keeps its resources busy waiting for the rest of data packets .If the server keeps too many resources busy, this creates a denial of service attack. Attack tools such as Slowloris, R.U.D.Y. can produce legitimate packets at a slow rate. Slow HTTP Headers (Slowloris): Attacker sends partial HTTP headers at a very slow rate (less than the idle connection timeout value on the server), but never completes the request. The headers are sent at regular intervals to keep sockets from closing, thereby keeping the server resources occupied. Slow HTTP Post (RUDY): As the name suggests, an attacker will slowly POST the data to Form fields. The request contains all the headers with a legitimate Content-Length header (usually with a high value) making the server aware of the amount of data expected. 42 The attacker now injects the data in the Form at a very slow rate, forcing the server to keep its resources busy expecting more data to arrive. Eventually the server runs out of resources. Slow Read: The client sets up a connection to the server and sends a full HTTP request. Holding the connection open, the client reads the response from the server at a low-speed. For example, it sends a Zero Window to the server before reading the response, misleading the server into thinking that the client is busy. Until the connection is about to time out, the client reads only one byte of the response. In this way, the client drains connections to the server and consumes its memory resources. Danger of this attack As the HTTP protocol does not require a check on the request content before the request is received, the low-and-slow attacks can still succeed even if the request body is empty. These types of attack are easy to execute because with a single machine thousands of connections to a server is possible which can generate thousands of unfinished HTTP requests, that means using minimal bandwidth and minimal resources Low & Slow application attacks can create significant damage. Such attack can bring down a Web server, irrespective of its hardware capabilities These attacks can look like normal requests which is taking a long time, so it's hard to detect and prevent them by using traditional anti-DoS tools. Slowloris, R.U.D.Y (R U Dead Yet?) are some popular tools that can produce legitimate looking packets at a slow rate, these packets do not violate any network standard, security policy or any lower-level security devices policy and can pass traditional mitigation strategies undetected. Existing IPS/IDS solutions that rely on signatures generally cannot recognize the attack. 43 Solution This attack can be detected by performing network behavioral analysis on the network during normal operation and comparing the data gathered during a Slow-Rate attack. Long and relativity “idle” open network connections might imply that the server may be under attack. 44 Online Teller Machine Story 1: Conmen have duped private sector Kotak Mahindra Bank (KMB) of Rs 2.84 crore using credit cards that the bank had never issued, a daily newspaper report has said. As per the Times of India, KMB noticed that 1,730 transactions were made by conmen for online shopping. The transaction, made between July 2 and September 10, was traced to seven countries — Canada, USA, UK, Germany, Brazil, France and India, the paper said. It was revealed after an internal probe that the cards were created using fake customer names by “stealing data from a newly created series of unissued cards, all within the BIN (Bank Identification Number) range”, TOI report said. BIM is the first four to six digits of a credit card. The bank identification number identifies the institution issuing the card. It is critical to the correct matching of transactions to the issuer of the charge card. KMB has lodged a complaint regarding the transaction fraud while the has been able to stop all the 580 cards after alerting the MasterCard division headquarters at New York. Story 2: An online theft in which a billion dollars has been stolen from more than a hundred banks in about thirty countries across the world according to Russian security company Kaspersky Lab. This is said to be the biggest cyber theft that has ever occurred. The hackers were said to have been on the go since late 2013 and they stole about $10m from each bank within two to four months. Story 3:In late 2013, an ATM in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment. But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank's problems. 45 The bank's internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group - including Russians, Chinese and Europeans how the bank conducted its daily routines, according to investigators. Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the US and the Netherlands into dummy accounts set up in other countries. Internet security company Kaspersky Lab says the banking industry could be experiencing “a new era in cybercrime”. The attacks are unusual because they target the banks themselves rather than customers and their account information. The goal is financial gain rather than espionage. Hackers particularly targets the companies or individuals using internet banking. Hackers are also targeting banking apps on Apple and Google platforms. How banks are robbed Criminal's just need one bank employee to convince and one computer to poison, rest is simple. Send a mail, with a malware as attachment, convince the employee to download it. The infected malware then allow cybercriminals to record every move and sending back video feeds and images. Once the hackers become familiar with the banks’ operations, they use that knowledge to steal money without raising suspicions, programming ATMs to dispense money at specific times or setting up fake accounts and transferring money into them Solution Bank's are investing huge money with physical security, but the weakest part of these security chain is human, proper training is needed to make them strongest. 46 Open Source is a Open Game Some companies who believed in closed source development like Sun, Adobe, Microsoft also now supporting open source development. Sun liberated the source code for much of the Java development platform, Microsoft released several important components of its .NET architecture under its own OSI-approved open-source software licenses. Adobe opened up some of the underlying pieces of the Flex and Flash infrastructure. In fact Craig Federighi, Apple’s senior vice president for software engineering recently said that “We think Swift is going to be the next big programming language and would make Swift open-source by the end of the year(2015)". What is Free software movement The free software movement is a social movement with the goal of obtaining and guaranteeing certain freedoms for software users, namely the freedom to run the software, to study and change the software, and to redistribute copies with or without changes. Richard Stallman formally founded the movement in 1983 by launching the GNU Project. [Source: wiki] What is Open Source Initiative The Open Source Initiative (OSI) is an organization dedicated to promoting open-source software. The organization was founded in February 1998 by Bruce Perens and Eric S. Raymond, part of a group inspired by the Netscape Communications Corporation publishing the source code for its flagship Netscape Communicator product. Later, in August 1998, the organization added a board of directors. Raymond was president from its founding until February 2005, followed briefly by Russ Nelson and then Michael Tiemann. In May 2012, the new board elected Simon Phipps as president and in May 2015 Allison Randal was elected as president [Source: wiki] What is open source development Open-source software development is the process by which open-source software, or similar software whose source code is publicly available, is developed. 47 These are software products available with its source code under an opensource license to study, change, and improve its design. Examples of some popular open-source software products are Mozilla Firefox, Google Chromium, Android, LibreOffice and the Apache OpenOffice Suite [Source: wiki] What is closed source development In closed-source model source code is not released to the public. Closedsource software is maintained by a team who produces their product in a compiled-executable state. How open source software development changes cybercrime domain Research firm Gartner predicts in 2008 that "80 percent of all commercial software applications will include open-source components by 2012". Open source is the preferable choice for many developers today because of low cost of ownership and high return on investment. At present around 75 percent companies run part or all of its operations on Open Source. Open source is ever-changing because many individuals are working with the source code of these projects and contributors frequently change features and code. Critics always say that open source require so many patches to stay secure. Cyber-criminals focusing on the popular open-source Web content management platform and its ecosystem of plug-in because plug-in developers lacks security awareness. Brute-force password-guessing attacks and exploitation of vulnerable plug-in are two common kind of attack in these open source platform. Wordpress, drupal, joomla, magento are most popular content management system(CMS) and is used by many developers today. WordPress powers over 22% of the top 10 Million websites on the internet, Magento An Open Source Framework dedicated for the E-commerce Websites and Joomla is King of CMS. 48 In 2014, more attacks against WordPress sites were recorded than the attacks against all other platforms combined, stated in a report published by security firm Imperva. Android is another popular open source. Majority of smart phone users adopting Android as their mobile platform. According to security solutions firm Quick Heal, over 4 lakh Android malware were detected during the January-March 2014. [osvdb.org]website stores Open Sourced Vulnerability for researcher & developers. Its Database has around 120,980 vulnerabilities, spanning 198,973 products and that is huge. Solution When an application or a platform becomes popular, hackers understand the ROI from hacking these platforms or applications, so they spend more time in researching and exploiting these applications, either to steal data from that or to use the hacked systems as zombies in a botnets. Open source software development needs financial support, or cyber security will suffer. The main concern about free and open source software (Foss) development is that, it is built by communities of developers with source code publically available, which give open access to hackers and malicious users. 49 Another concern is that the community might be slower to issue critical software patches as vulnerabilities emerge. People and companies are using the advantage of open source but are not giving money to keep these project going. For example OpenSSL project was founded in 1998 to invent a free set of encryption tools for the code used on the Internet. OpenSSL powers about 75% of the Internet. That's why the Heartbleed bug in OpenSSL affected some of the biggest tech giants on the planet. Though its software is used by tech heavyweights to make billions of dollars in profits every quarter. But OpenSSL Foundation relies on donations rather than charging for its software. In april 2014 president of OpenSSL Foundation, Steve Marquess said in a blog post that the organization receives about $2000 in annual donations. After Heartbleed, the group got some publicity, and received more than $9000 in just next two weeks. In another example, Sucuri reported that a popular plugin for WordPress known as SlimStat, could be used to attack the backend database of hundreds of thousands of Websites using the vulnerable software. Another attack against popular WordPress plug-in, FancyBox, with hundreds of thousands of users was reported few times back. The problems is in the plug-in development's lean business model, Plug-in and theme makers are not drawing in large sums of money that can be reinvested in security Good news is that open-source developers behind WordPress have locked down its core platform, but bad news is hackers are targeting plug-ins—the third-party software of the WordPress ecosystem. Conclusion It’s not just open source code that’s vulnerable. Much proprietary software uses open source components. According to Gartner, 95 percent of all mainstream IT organizations are influenced by some element of open source software – directly or indirectly. So . bug bounty program for plugin or open source should be encouraged. 50 Run some Awareness Recently Microsoft announced that Windows 10 will be available in 190 countries as a free upgrade, cybercriminals are just waiting for this news, with this announcements, cybercriminals soon designed a spam, campaigning to distribute a piece of ransomware by promising recipients a free Windows 10 upgrade. The fake emails carry the subject line “Windows 10 Free Update” and they appear to come from “
[email protected].” The notifications might appear genuine to some regular users since they also contain a legitimatelooking disclaimer and a note that the message has been scanned for viruses and dangerous content. However, a closer look reveals that the sender actually spoofed the originating email address, and the text of the emails contains several characters that haven’t been parsed properly. The file attached to the bogus notifications, Win10Installer.zip, is not a Windows 10 installer, but a variant of the CTB-Locker (Critroni) ransomware. Once it’s unzipped and executed, the malware encrypts the victim’s files and holds them for ransom. As reported by Researchers at Cisco What is ransomware? Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker). [Trend Micro USA] 51 [source: http://mkbusnet.com/multimedia/imagenes/ransomware.png] .[source: labs.bitdefender.com] 52 How ransomware works? It is virus/worm/malware that locks computer or files until you pay money to the hacker for the code that will supposedly unlock it. It’s like kidnapping for your data. Ransomware has been around for more than a decade. Older malware are not effective or relatively easy to defeat. But a new, ransomware emerged in late 2013 beginning with a version dubbed Cryptolocker is dangerous. it would display a message with a 72-hour countdown timer telling the victim to pay a fee (usually around $300) to retrieve the data. Ransomeware can infect your computing device in following way. >It encrypts the files on your computer’s hard drive. >It locks your hard drive and password is required to unlock it. >It prevents you from using a particular kind of apps. How does ransomware spread? >computers become infected when you do one of the following: >open an unsolicited email attachment, even if you think you know the sender. >Click on a suspicious link in an email. >Downloading something from peer-to-peer networks. >Downloading crack file in computer. How to protect yourself from ransomeware? >Run a firewall to provide layer of protection between the Internet and you. >Run a pop-up blocker to filter out unwanted requests on your browser. >A virtual machine program like VirtualBox or VMware creates virtual hardware devices that it uses to run an operating system. The other operating system runs in a window on your desktop. This entire operating system is essentially sandboxed .Install a vmware and surf net from there. 53 >Do not download attachment from unwanted email and scan the file online before download >Take data Backup frequently. >Always update your AV software from original sources. >Don’t provide financial information by submitting details into a suspicious Website. >Always scan your system using your familiar, legitimate Anti Virus software. 54 Cybersquatting Few days back my eye stuck to a news "Boston-based Sanmay Ved bought Google.com for a minute or so for 12$".What a news!.This is an example of Cybersquatting or domain squatting. His intention was not bad, he just conducted an experiment. Actually it was a technical glitch that showed the "Google" domain name as "available". Thankfully Google, canceled this transaction immediately. Sanmay was awarded by Google and he donated the entire amount in charity. what is Cybersquatting Cybersquatting is occupying a domain name that rightly belongs to someone else, by doing this cybersquatters steal your business identity and make profit. According to United States federal law, Cybersquatting or domain squatting is registering, trafficking in, or using an internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cyber squatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price. History of Cybersquatting It was the vision of some prudent, entrepreneurial people, who realized the potential of the internet for business marketing. They know that all companies will be online very soon, so they paid and registered the domain names using the trademarks of several businesses. When these companies thought of going online, found that their company names had already been taken by these cyber squatters. Companies like Fry's Electronics, Panasonic, Avon and Hertz were among the first big victims of cybersquatting. Since 1999, more than thirty thousand cybersquatting complaints have been filed with the World Intellectual Property Organization and there was a two percent growth rate in the number of domain name cases filed between 2013 and 2014. 55 The USA, France and the UK are the top three countries filing domain name cases. The retail industry files the most domain name cases by industry, followed by banking and finance and the fashion industry respectively. In 2014, tobacco giant Philip Morris was the company that filed the most domain name cases over the false usage of its Marlborough Cigarette brand name used in domains set up by cyber squatters. [source informationsecuritybuzz.com] Following chart shows which companies filed the most complaints about illegitimate use of their trademarks in domain names in 2014. Solution The process of registration of domain name is not as strict as that of trademark, again it is distributed in first come, first serve basis. Anyone can approach a Domain Name Registrar & register any available domain name. So there must be some uniform law regarding this. Cyber security professionals and cyber lawyer should sit together and draw some plan. 56 Inside Out Story 1: Rajat Kumar Gupta is an Indian born, American businessman and philanthropist who is serving a two-year term in U.S. federal prison for insider trading. Story 2: Stephen Elop, who previously headed Microsoft’s business division, became Nokia’s chief executive in 2010 and was the first nonFinnish chief in the company’s 149-year history. Nokia’s annual revenue, profits and share price fell dramatically during Elop’s tenure, and he was instrumental in the company’s decision to ditch its long-held Symbian software for Microsoft’s Windows Phone. Elop was then the driving force behind negotiations to sell Nokia’s struggling mobile phone business to Microsoft, which resulted in his move to be head of Microsoft’s new Devices unit that includes the acquired Nokia business renamed Microsoft Mobile Oy. Elop Elop In simple way [Microsoft]------ -->[Nokia]------ ---->[Microsoft + Nokia] [source: http://www.theguardian.com/ ,by Samuel Gibbs, 29/04/ 2014 ] Story 3:Yasir Majid was a senior most employee in Bharti Airtel working from the past ten years in Jammu & Kashmir. When he was transferred to Odisha on March 2 this year(2015) as the distribution head of the circle, nobody expected his resignation in a month’s period. He resigned to his job on April 13 to be effective April 24 and then joined the company’s soon tobe launched rivals “Reliance Jio infocomm” headed by Mukesh Ambani on April 27. Before leaving the company, the former had reportedly stolen the confidential data from Bharti Airtel, India’s biggest mobile operator. Now Airtel has lodged an FIR at the Infocity police station in Bhubaneswar, Odisha on June 22. [source: http://www.andhrawishesh.com/,by Manohar] Story 4: Edward Snowden case is the best example of insiders threat. No comment on these four stories, just facts disclosed. Most of us think that, threats to our computer systems are viruses, malware, distributed denial of service (DDoS) and had originated from outside of organization, but some of the most dangerous attacks come from the inside. 57 Majority of hacking attacks are successful because employees click on links in phishing emails, companies fail to apply available patches to known software flaws or technicians do not configure systems properly. In all these cases insiders are involved. According to Don Codling (FBI Computer Intrusion Unit head)“there is no patch for careless, greedy or stupid”. Internal threats among the biggest cyber security challenges, said by FBI investigators. In internal threat motivations may be pure financial theft (Rajat Gupta Case) or intellectual property theft(Snowden case),or may be both. Insiders can be of three types a)Privileged Users: This includes System Administrator,Network Administrator,Root users,Domain Administrators. b)Contractors/Service Provider Employees (Snowden was a contractor) c)Partners with internal Access. Solution Only IT manager or IT administrator stuff, cannot make any company secure. Firewall, intrusion prevention system also have limitation, because it works on known signature. It should be the individual user and their awareness, that can protect from data breach. Organization should consider the risk factors regarding insider threats also the impact if data is leaked. If an insider wants to harm the company, what(financial data, intellectual data or both) he/she would be targeting and the volume of damage could be done. Companies should exercise due diligence in hiring candidates, and conduct thorough background checks and in-depth interviews. 58 Social murder using Internet Archive social media is the new social engineering. Hackers today do not target only Gmail or your facebook account. They try to attack your all online presence. It can be email account, social media account, professional media network, cloud storage account, etc. From one service the hacker gets crucial security information about another and then try to hack other, It is a controlled chain reaction involving all your linked accounts. How hackers use social media attack Most corporate hacker attacks rely on basic social engineering. They identify the victim and try to search basic information about the person on facebook, twitter, LinkedIn, Google+, like date of birth, where the person works, likes and dislikes of that person, hobby etc and then frame the attack. "Mat Honan"(a senior staff writer with WIRED, lived in San Francisco) account was hacked few years back with use of social media. where and the hackers took control over his Gmail account first, then they took over his Twitter and Amazon accounts and then his Apple account, unfortunately hackers deleted everything from his Apple iCloud service also. In another story of FIN4(the super-coordinated hacker team),targeted only those company's employees on LinkedIn who share their company email address. In "Additional Info" section in LinkedIn people can share a)Interests b)Personal Details (like birth day) and in c)"Advice for Contacting" section they can share emil-id, phone numbers etc. Say a hacker finds an employee's email address in LinkedIn, then start searching other employee in the same organization, by visiting company's website, social site or other employee LinkedIn profiles to find as many names as possible. Finally try to find out a pattern in their corporate email addresses. 59 With piles of name in database they start sending mail as it came from CEO, company client or even the company boss. like subject as "a major financial error that could cost you your job, download the spreadsheet and rectify it", and victim probably not going to think twice about opening it. Unfortunately the sheet has a malware embedded in it. Money transfer in social media France’s second largest bank by customers "Groupe BPCE said in an 11/09/2014 September statement that “all Twitter users in France— irrespective of their bank will be able to simply “tweet” money to one another thanks to the S-money service developed by Groupe BPCE” from 1 October 2014. In INDIA Kotak Mahindra Bank Ltd announced the launch of KayPay, a money transfer procedure for Facebook users within friend circle, “without needing net banking, or knowing various bank account related details of the payee”. Pockets by ICICI Bank in INDIA offers the convenience of banking on Facebook. The app uses Facebook credentials to log into your account on Facebook then can send an amount it to your friend via SMS/Email/Facebook personal notification. Your friend can redeem the same instantly in his any bank account by authenticating himself and the job's done. Now some interesting news follows. I am not saying that all these are influenced by social media, but definitely it has some percentage of contribution. According to a news published in "http://www.securityweek.com/" by Mike Lennon dated February 15, 2015 "A multinational gang of cybercriminals infiltrated more than 100 banks across 30 countries and made off with up to one billion dollars over a period of roughly two years, Kaspersky Lab said on Saturday." In an another news published in "http://www.telegraph.co.uk/" by Martin Evans, dated 15 Feb 2015 "Hackers steal £650 million in world's biggest bank raid 60 Investigators uncover what is thought to be the biggest ever cybercrime with more than £650 million going missing from banks around the world". Please try to correlate and understand the severity, the conclusion is When money is involved, hackers are going to follow. Conclusion Social media provide communication facility without borders, Today, we are using not a few but a huge number of online services to get things done. Social media and email may be somewhat unimportant to some of you but what about online banking? It goes without saying how important it is to secure your banking account. I know there are elderly people who have no idea what Phishing is or how to create a good password. Solution Social media is a great marketing tool for organization, but at the same time, it is also the preferred destination for hackers. Companies should understand the risk and should create strict policies about any kind of posting in social media, both in the official page and employees personal page. People responsible for handling the social media accounts should be well trained on company’s security policies. 61 Spear-phishing A New Weapon in Cyber Terrorism What is Phishing? Phishing tends to be blind, it has no idea about the target, In Phishing, attacker attempts to acquire sensitive information from a target, such as usernames, passwords, personal identification information, or payment card information. Mostly email is the medium. Phishers’ not only collect personal information, they also try to collect sensitive information about the network, or unknowingly installing malware in the system. Often attackers use botnets to attack large number of people in the hope to receive even just one answer. Types of phishing a) Phishing: It is an attempt to acquire personal information of user by crafting a mail and sending it to known person through an electronic communication. The mail look like a legitimate mail from trusted provider but that is not correct. b) Smishing (SMS phishing or SMiShing) Smishing is a phishing attack that uses SMS (Short Message Service) to send text messages containing phishing content. A common technique is to use URL-shortening mechanisms (like bitly or tinyurl) to hide malicious URLs. c) Spear Phishing? The motive is similar to phishing, but it has a much better defined target .these attacks are targeted at a particular individual or group of people within an organization. Attacks can come from instant messaging, social networks, and other forms of electronic communication. Spear phishing is dangerous ,because attacker will look at the victims social media profiles and then draft the attack,like if a person love to travel and frequently upload picture in social media, the attacker pretend to from a travelling site or may be from a online photography retailer giving some discount on online travel booking or purchasing a new camera lens. 62 Depending on the scope of the spear phishing, criminals may also create entire fraudulent websites as bait. Whale Phishing (Whaling) whale phishing is a targeted attack, it is specifically aimed at corporate officers or high-level executives. The content of these attacks is designed to arouse the interest or alarm of senior management, providing motivation for them to click the link. Introduction: Spear phishing attacks According to the experts at Trend Micro security firm, spear phishing is the attack method used in some 91 percent of cyber attacks. The “Operation Aurora” attack (2010), the hack (2011), the Target breach (2013), and the most recent Sony Entertainment (2014) and the cyber attacks operated by Operation Carbanak and the Syrian Electronic Army are just a few examples of offensives that relied on spear phishing as an infection method. Spear phishing and terrorism a) Terrorists can run a spear phishing attack for information gathering Terrorist groups like ISIS and Al Qaeda have become more tech-savvy, and their members have deep knowledge of hacking techniques, including social engineering and spear phishing. It is reported that Islamic State in Iraq and Syria (ISIS) uses spear phishing attacks against a Syrian citizen media group known as Raqqah is being Slaughtered Silently (RSS). The hackers of ISIS run the spear phishing campaign to find the location of the militants of the RSS with the intent to kill them. b) Terrorists/criminals can run a spear phishing attack to conduct online frauds or scams. 63 Nigerian scams is an example of this, it involve offering you a share in a large sum of money on the condition that you will help them to transfer it out of their country. These scams are often known as 'Nigerian 419' scams because the first came from Nigeria. The '419' part of the name comes from the section of Nigeria’s Criminal Code which outlaws the practice. These scams now come from anywhere in the world. Few days back I got a mail from: COCACUK2014 <
[email protected]> reply-to:COCACUK2014 <
[email protected]> and the content is as follows, clearly it is an example of online frauds or scams. 64 c) The Energy industry – A privileged target for a terrorist attack In April 2014, security experts at Symantec discovered a cyber espionage campaign targeting energy companies around the world by infecting them with a new trojan dubbed Laziok. Also in this case, the attack chain starts with a spear phishing attack. Solution a) Awareness and training is important, it is the best defence. Training needs to be given also to executives and higher officials in a company as they are often the primary targets of spear phishing attacks. b) Government cannot prevent spear-phishing attacks against private firms or individuals, but can share information on ongoing spear-phishing attacks and track potentially dangerous threat actors. c) Effective email filtering in important. However, technical solutions are not enough to counteract spear phishing attacks; it can only help to recognize e-mails with malicious attachments. d) Implementation of effective network monitoring. like Systems administrators can use tools that can recognize suspicious traffic and can screen social media use of employees on the network. e) Do not provide personal or financial information in any response to an email request. f) Firewalls and malware scans can also fight against spear phishing. McAfee offers these additional tips: Keep an eye out for telltale signs. Bad grammar, bad syntax, suspicious senders and links to misspelled URL addresses are all telltale signs of phishing. Also watch for emails from unknown senders or ones asking you for personal information, especially if it’s in a threatening manner. 65 Speed bolt Internet speed is going to increase and cheaper, If you search internet on "cyber crime capital". Ramnicu Valcea will appear. It is a small Romanian town and the cyber-crime capital of the world. According to a report in 2014 Ramnicu Valcea has booming cyber-crime industry with more than 100 gangs operating in the town of 127,000 people. Despite being a poor town, it boasts a Mercedes Benz dealership and shopping mall where the fraudsters can spend their cash. Law enforcement agencies across the world call it Hackerville. If you go to the following link [http://www.romaniainsider.com/broadband-internet-romania/147305/] a news published in April 22, 2015 saying that Nine cities in Romania are among the top 15 cities in the world with the highest download speed of fixed broadband internet connections. Ploiesti, a city 60 kilometers north of the capital Bucharest, has the fastest broadband internet in Romania, with an average download speed of 102.35 Mbps, as of April 22, 2015. Ploiesti also ranks third in the world, after Singapore and Hong Kong’s central district. Iasi has the second fastest broadband connection in Romania and the fifth fastest in the world, with an average speed of 101.43 Mbps. The capital Bucharest comes next, with an average download speed of 95.18 Mbps, followed by Timisoara (86.55 Mbps), Galati (83.24 Mbps), Constanta (77.73 Mbps), Cluj-Napoca (75.14 Mbps) Oradea (70.95 Mbps) and Brasov (66.73 Mbps). All these Romanian cities are in the top 15 in the world ranked on the average download speed provided by fixed broadband connections, ahead of Tokyo, Seoul, and New York, among others. The average download speed of fixed broadband connections in Romania is 72.15 Mbps, the third highest in the world, after those in Singapore and Hong Kong. The average download speed of fixed broadband connections worldwide is 23 Mbps. 66 Ookla is the global leader in broadband testing and web-based network diagnostic applications. According to Ookla Internet in Romania is cheap, despite the high performance. The median monthly cost per Megabit per second (Mbps) in Romania is USD 0.71,Only Bulgaria and Russia have lower internet prices. Below comes a interesting statistics collected from [www.bba.org.uk].If you co-relate, you will certainly accept that internet speed has some connection with cyber crime. Cyber crime originated from country Russia The country has a robust cybercrime black market, valued at approximately US$2 billion per year, and hosts as many as 30 highly capable cybercrime groups. Russia is also known for state-sponsored hacking. China Approximately 30 percent of all cyber-attacks worldwide are launched from China. The country has been accused of perpetrating state-sponsored attacks against foreign governments and businesses. China has one of the largest military groups of cyber experts in the world Romania The country is home to a number of cybercrime organisations that are suspected of targeting electronic payment systems. In 2014, two such attacks led to losses of US$8 million (in an attack targeting individuals) and US$240 million (in an attack on financial institutions) South Korea recorded high levels of cybercrime and hacking in 2014 Cyber criminals also launched international attacks, mainly targeting the US. 67 Internet Speed Akamai's measurements revealed an average speed of 6.1 Mbps and an average peek speed of 35.1 Mbps. Once again, Russia places higher than in other European countries, including Spain, Italy and the Netherlands. Jul 3, 2014 report The national average internet speed (excluding Hong Kong) for Q4 2013 reached 3.45Mb/s, up 33.2 percent from the previous year. According to a top made by Bloomberg in 2013, Romania is ranked 5th in the world and 2nd in Europe in terms of internet connection speed, being surpassed by Hong Kong, South Korea and Japan. Average peak speed 37.4 Mbit/s Average internet connection speed 23.1 MB/s Many countries are investing huge money on internet infrastructure for super speed in next 2-3 years. Internet security experts say with the availability of high speed connectivity will draw the attention of international hackers who were previously put off by the amount of time it took to break into local websites using slower satellite connections. While local hackers are also anticipated to increase their activities, the international hacker community poses the biggest threat to local business because they are more experienced and talented. I will finish this with two simple facts " India’s average Internet speed second worst in Asia-Pacific: Akamai " and A Bank of America Merrill Lynch report has stated that "India will have 9 crore 4G subscribers and 18 crore 4G smartphones by 2018." 68 PAIN with VPN What is vpn? A virtual private network (VPN) is a method for the extension of a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-topoint connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN spanning the Internet is similar to a wide area network (WAN). From a user perspective, the extended network resources are accessed in the same way as resources available within the private network. Traditional VPNs are characterized by a point-to-point topology, and they do not tend to support or connect broadcast domains.[wiki] [source: nerpsa.com] Why VPN in preferred by many today? VPNs can create a single network that combine two or more offices securely over the public Internet. Installation of VPN is Cheaper than a dedicated leased line connection today. VPNs use a combination of dedicated connections and encryption protocols to generate virtual P2P connections 69 Modern VPN hardware and software are easier to deploy and can be installed and configured within one hour. Windows, Linux and Mac computers, as well as most mobile devices, have the built-in ability to connect business networks via a VPN. A VPN can also prevents man-in-the-middle attacks. VPNs helps users to work from home, on the way, or at a branch office because Data is encrypted for confidentiality, and packets that might be intercepted on the shared or public network are indecipherable without the correct encryption keys VPNs allow individuals to hide their physical location(user's actual IP address) which is replaced by VPN providers address So, you may live in India but appear to live in Indonesia and can bypass government filters. Cyber criminals prefer VPN more than TOR. "The Onion Router" was the preferred choice for hackers, because it is an anonymous proxy service and designed to protect their privacy online. The software is free to install and use. But nowadays hackers prefer VPN over TOR because of the following advantages. VPN Connection speed is a lot faster than Tor. VPN provides better privacy and security than Tor. Some VPN providers include malware protection in the client software. A good VPN service costs 50$-60$/year provides lots of feature. There are also free VPN services. RSA Research has recently(in 2015) discovered a malware-supported VPN network known as Teracotta. Teracotta is commercially marketed in the People's Republic of China under several different brand names. According to RSA Terracotta VPN “may represent the first exposure of a PRC-based VPN operation that maliciously, efficiently and rapidly enlists vulnerable servers around the world.” 70 RSA also claims that 'Terracotta VPN' have 1500 Windows nodes from 300 organizations distributed across China, the US, and South Korea. among those, 1095 are found in China, 572 in the US, two in Britain, and one in Australia.VPN services see a lucrative market in China, South korea. Solution Because the vpn server is configured to never log any user activity and because many customers are using same IP address in vpn, it is impossible to find the source. Till today we have no solution, but at least we can learn from dubai police. Recently a high level Dubai Police official has made it clear that use of Virtual Private Networks (VPN) in United Arab Emirates (UAE) is strictly prohibited under country’s cyber laws. India can also follow the way. Threats like Teracotta will emerge in rapid pace and high volumes in future. Countries should be ready with Cyber-Army and infrastructure of their own. 71 My phone is un-smart phone According to a study by Kaspersky Lab about 291,800 new mobile malware programs were found in the second quarter of 2015, nearly three times more malware than in 2015's first quarter. Why hackers target smart phones Some interesting statistics, A report by IAMAI and KPMG projected that India will reach 236 million mobile internet users by 2016, and 314 million by 2017.In India, the number of people who own mobile phones is greater than the number who own personal computers. The 3G user base in India is rapidly gaining market, There were approximately 82 million 3G subscribers in India by the end of 2014 and the number is projected to reach 284 million by end of year 2017. Today smart phone is integral part of our life. The mobile device is as convenient as on working on a desktop or laptop. You may forget wear a wrist watch, but do not forget to carry mobile phone. We use our phones more than our wallets and laptops. Now smart phones play the same role as it played by laptop 5 years back. These devices carry lots of our personal and financial information through banking apps and virtual wallets. Criminals are finding ways to gain unauthorized access to them. If this personal device can be hacked, criminals can get your personal mail, corporate emails, sensitive data, pictures, contact numbers and what not ! Between 1991 and 2011,Symantec identified about 200 million different virus definitions. In comparison, the company found upwards of 200 million in 2012 alone, where many are smart phone virus, According to "Roel Schouwenberg", principal security researcher for Kaspersky Labs, “Over the last two years or so, we have seen a huge influx” in the number of hackers targeting smart phones and the threat is getting ‘exponentially worse’. 72 Forget about installing malware in your Os. Richard Stallman, creator of GNU operating system, recently opined in a post in The Guardian that "almost every operating system we use today can be qualified as malware". He also told that "Os software is designed to spy on users, chain them via DRM and has backdoors for mischievous agendas". How mobile phones are attacked Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative program that the British intelligence agency GCHQ has powers to hack any smart phones without their owners' knowledge. You read it right. The British Spying Agency have special tools that let them take over your smart phones with just a text message, and there is "very little" you can do to prevent them. Just by sending a Text message, the tools >Listen in to what's happening in the room. >View files and the web history >See messages and photos >Taking secret pictures of smart phone owners >Pinpoint exactly where a user is (to a much more sophisticated level than a typical GPS system) In other words, the tools allow agencies to monitor your every move and every conversation, even when your smart phone is turned OFF. The bad guy creates a short video, hides the malware inside it and texts it to your number, through Messenger app, as soon as it's received by the phone, it get installed and triggers the vulnerability. The previous examples are online mode, offline mode is also available, like you may be tempted to get a new mobile phone in exchange for your old one, but unethical hackers can crack the personal information that you have on your gadget, that was highlighted by "Sandeep Sengupta", co-founder and director of the "Indian School of Ethical Hacking" at "ICT 2014" organized by the Confederation of Indian Industry. 73 Why Android is targeted most According to security firm F-Secure, 99 percent of mobile malware threats in the first quarter of 2014 were designed to run on Android devices, because it is the most popular mobile operating system and about 80 percent of smart phones run on it. iPhones are very different from Android phones, for example, Apple runs a closed system: It controls the hardware and software, The company says 85 percent of iPhone users have the latest operating system, iOS 8.Apple’s has App Store, a centralized point of distribution, the App Store provides users confidence that the apps they are downloading had been tested and validated by Apple.Apple does not make APIs available to developers, so it is assumed that iOS operating system has fewer vulnerabilities. Apple’s iOS is more “locked down,” but recent events show that it’s not impenetrable, but incidents also reported that if any app behave suspiciously, Apple suspended the creator's account for a year. Like Apple, Google provides a centralized market for mobile applications called Google Play. However, that is offset by the Android’s ability to install apps from third-party sources. Android apps are not as tightly regulated and can be installed from both the approved Google Play store and the wider internet. The criminal developers deconstruct and decompile popular apps like Angry Birds, and publish malicious versions and make them available for free outside the Google Play store. A teenager, may think that ‘why, I have to pay for any particular app in the Google Play store; where I can just download it from this third-party store', without realizing that malware may be wrapped inside. Solution Download only from Google’s Play store, do not use third party sources. Do not Root your Android. Lock your screen with a Pin or password instead of going for patterns. 74 Install ‘App Lock’ to protect individual apps, most of us store userid and password of email, facebook, twitter in mobile, but if it goes in wrong hand that becomes dangerous, ‘App Lock’ can’t allow them access the app without the required password. Do not keep sensitive information such Bank account, on a removable SD card. Store this data in internal memory with strong password. 75