Europol report on structured crime groups in Europe active in credit card fraud finds a place in this blog.
European Police Office (Europol) statistics reveal that a whooping value of 1.5 billion (US$2 billion) a year involves payment card fraud. The report adds Payment card fraud is "dominated by well structured and globally active organized crime groups," as well as it is a "low risk and highly profitable criminal activity," The recommendations of the Europol report includes the need for European Union to be flexible to enable Europol to work more considerately with non-European countries. The roadblocks are the pitfalls that prevail with global investigations as well as the dependence on private industry to make good losses involving credit card fraud. Such roadblocks leads to the structured crime groups go away with illegitimate income with impunity. Further, the report identifies the main lacunae as. "It seems that the E.U. response to the payment card fraud problem is not harmonized or fully supported by all actors -- card schemes, card issues, processing centers, law enforcement agencies and judicial authorities,". The data of credit cards are in sale through “ideal illicit Internet community" and goes to the hand of structured crime groups to purchase goods and services online with the stolen card data. The significant factor in the credit card heist is since, 2010, Europol find an increasing number of financial data breaches against E.U.-based merchants and card processing centers as well as plenty of the credit card numbers tainted in the E.U. originates from U.S. data breaches. Networks of so-called mules too are active in to online credit card fraud centered on the illegal purchase of high-value products as well as travel services from airlines.
The counter measures by E.U., are the EMV (Europay, MasterCard and Visa) standard for integrated circuit cards as well as thwart overseas transactions using E.U.-issued cards through enforce of advance activation needs for abroad transaction. Thanks to the Chip-embedded cards that have such numerous security protections. The said step termed as Geoblocking involves blocking of overseas transactions proves effective as major illegal face-to-face, card skimming, transactions involving E.U. cards take place beyond the boundaries of Europe, that too in U.S. Geoblocking may look little bit" inconvenient" for card holders but support received to it is high. The role of ethical hacking company is educating the public on dangers that lurk in the online use of credit card is much. The task involving public interest do done by ethical hacking company like infySEC which is seen through this link (http://www.sparktherise.com/projectdetails.php?pId=8869) and here emphasis given on free IT education to the needy. Here now I take a break and be back soon with more cyber news.
This blog is all about a small UK site that faltered in password security made US Banks to sink under DDoS attacks.
Thanks to Incapsula security firm for the revelations. The administrative password that manages a tiny UK site quickly subject to exploits by Botnet who were in outside of Turkey and a barrage of traffic storms American banks. The reason for this strong current of DDoS attacks aiming major U.S. banks currently by Izz ad-Din al-Qassam, a hacker group is that it is a tit for tat for tarnishing the image of Prophet Muhammad by an anti-Islam video as well as a constituent of the present “Operation Ababil.” Incapsula security team burn midnight oil to expose one of the furtive at the back of the onslaught is the compromised general-interest UK-based website that attempts to throw huge mass of junk traffic at three of the world's leading financial institutions such asPNC, HSBC and Fifth Third Bank. The disruption due to attacks made this website at the centre of attraction unveils many security events. It is all because of many requests with encoded PHP code payload came into being. Incapsula intervene these requests and tracks it to a backdoor shell that was in application to capture the site. The security flaw came to the forefront and it the entire administrative password being admin / admin. The security team could obviously recognize them as DDoS attack through decode of the inward PHP requests commands, instigate from a Turkish web design company website took the role of a remote Botnet C&C. The Turkish website dons the role of an extra buffer between the actual hacker and U.S. origin banks as their targets. The UK website function in shifts” to create HTTP and UDP flood attacks . As Incapsula team did prevent as well as watched incoming DDoS commands during which the list of targets includes e-commerce and commercial websites of other countries along with American banks.
Incapsula Security Analyst, Ronen Atias in his final words said: “This is a good example of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.” Here in such a scenario, ideally an ethical hacking consultant forewarn such DDoS attacks through their web security services. Such a service offer with infySEC, the ethical hacking firm is notable for its good coverage of all types of web attacks ( http://www.infysec.com/services/security-and-defense/website-security) . Here I complete and back soon with more cyber news.
Cyber expert’s prediction on Wales as a safe haven for giants like Apple and Microsoft to invest forms the crux of the blog.
Wales has a real chance to become an international leader in cyber security and win investment from industry giants such as Apple and Microsoft are the expert claims. David Taylor, a former Wales Office special advisor made up to qualify in internet threats at the Massachusetts Institute of Technology is one among the said experts. His interview to the media evokes many thoughts that reflect the opportunity for Wales to put on a competitive advantage at a time when governments stress to the brim by online perils.
In the words of David Taylor: “We could in a short space of time become the most cyber-educated country in the world.”The Westminster defence committee skeptical on the on armed forces relay are on information technology that their capability to operate could be “fatally compromised” by a continued cyber attack. The capacity of Government to deal with cyber attack itself needs a review as the threats form at a speed beyond comprehension. Mr. Taylor, at present don the cap of a director at Cardiff-based Westgate Cyber Security, is on the assignment to assist business and public sector bodies to assimilate and face dangers and he ends with a note that “It is highly significant that the defence select committee recognize cyber security as an increasingly central part of national defence. This is a timely warning from MPs that cyber needs to be at the heart of Britain’s and NATO’s defence strategies.“ The threats and the challenges are real – emerging powers are investing massively in their offensive and defensive capacities. In the 19th century the key to global power was a strong navy, in the 20th it was air power that came to predominate, while in the 21st it looks more and more likely that the key defensive capacity will be the battle of the bits and bytes.” However, he sees opening as well as risk for Wales, and wants governments to invest in knowledge. His claim that 90% of cyber crimes occur due to individual’s error and that the precise training can offer people in business and government with important skills. A standing for safety will, he argues, will assist Wales to struggle against other countries to divert the investment. Here it is appropriate to quote the initiative shown by infySEC to train the needy in Information Technology through their “Spark the Rise” project ( ) which has gained support through more than 16000 votes. I take a respite and will be back with more cyber news soon.
Networks are open books nowadays as someone or other can poach and probe it. This blog gives a bird’s eye view of it and its remedies.
Such a probing or poaching is all for a steal but not only for it. It may be for a store of illegal content or a defacement of the website or last but not the least for a heck of it. The said tasks are becoming easier day-by-day simple all with tailored made tool done in a programmed manner. It is all about network scanners, hackers use with ease to assess networks around the globe since a network scanner is one of the simple and effective one to poach. Therefore, the tool is of a great use o a network administrator as he can be on a hackers shoe and note the vulnerability and plug the holes o keep the hackers at bay. Network scanners do programmed tests of systems over the network. The beauty of it is the absence of their requirement of any other software for insertion on the “target” machines. The network scanner attempts to reach the target system with the help of on what available for it over the network. Therefore, the checklists to do of the network scanner to be safe and secure before the hacker cracks our networks.
1.Make an inventory of your Vulnerabilities:
Vulnerabilities continue and network scanners are capable to utilize databases of recognized vulnerabilities to verify that if any of it there will endanger your systems. Therefore, it is an advice to make it up to date that database on a regular basis since novel vulnerabilities peep in often.
2. Scan the ports:
The type of systems that run in the network is best assess able with speed through a port scanner. Next step is to take a decision of what should be accessible for the network from the Internet. When the requirements are shortlisted, validation of that with a port scanner completes the task. Now supplement it with a mix of firewall rule cleanup and system hardening to close down anything that does not fit in.:
3. Never Passwords be as default ones:
The Internet has an inventory of thousands of default password lists for the poachers to poach in. Be alert to choose a tough password for the network that is not in ease to decipher by attackers and unauthorized access is stifled.
4. Running services
Services are essentials in every server as well as pathway to compromise it. However, unnecessary services run as default by oversight or ignorance of admin. Such services are brought out with the run of network scanner and then culled .
5. Remote access
Experts say that on their experience on default passwords, remote access software are the black sheep that, run on systems enable clandestine entries. Telnet, SSH, RDP, GoToMyPC, LogMeIn, PCAnywhere and other applications can be traced with the use of network scanner and closure of not required ones are must to reduce the risks to networks.
All the said five critical checks need to be there in a regular way with a network scanner go a long way for a foolproof network. A scan from external to visualize on threats that over power firewall and scan from the internal network to find inside threats along with the harms caused are necessary. Simulating the way attacker work will make sure no stones are unturned in a security mock exercise done by the net work administrator. Knowing your systems the way an attacker will, helps you to ensure everything is safe. The firms with network administrator bogged with multiple functions can very well hire ethical hacking consultant. Few have expertise like infySEC , leading ethical hacking firm, protecting client networks and their services in information systems audit in this link (http://www.infysec.com/services/controls-and-assurance/information-systems-audit) show it all. I give a small break to my grey matter and will be back with more cyber news.
The European Union (EU) has a good start in the cyber crimeons front and this blog tells all about it.
The first and foremost initiative is the open of European Cyber crime Center (EC3).The center will be a hub to monitor online fraud, Internet predators who sexually exploit children, and hackers. It is ideally located inside the headquarters of Europol, the European Criminal Intelligence Agency. The Director of Europol and the Head of the European Cyber crime Center (EC3) opened the EC3 on 11 January 2013 at Europol’s headquarters in The Hague, The Netherlands. EC3 will cater to the growing needs for containing cyber crime coupled with a speedy response to the online crime thereby curtail its spread. It will extend its support to the Member States and the European Union’s institutions to develop operational and diagnostic capacity for investigations and collaboration with international partners. When ethical hacking firms like infySEC have a base at London,U. K, such center will certainly have a respite. The reason being, infySEC has a host of services (http://www.infysec.com/services) to safeguard the public from internet frauds as well as corporate social responsibility efforts to educate them in Information Technology and one of such effort done in India is seen in this link (http://www.sparktherise.com/projectdetails.php?pId=8869). The said effort is getting an excellent support so from clients, vendors, students, and friends numbering so far more 16800 and as day passes it is increasing.
EC3 kick starts its operations with a three mandates in their cards.
To engage in curb of cyber crime in areas like:
1) Online fraud by the handwork of organized groups to make large criminal profits
2) Activities that which causes grave destruction to the victim such as online child sexual exploitation
3) Acts that sabotage critical infrastructure and information systems in the EU
The EC3 Expo had a mixed audience comprising analysts and specialists who made speeches on the activities of the European Cyber crime Center. Grzegorz Mazurkiewicz, an EU expert in cyber crime comments bring out the importance of the EC 3 “The European Union is the largest market for payment cards transactions, and it is estimated that organized crime groups derive from payment card fraud 1.5 billion euro a year.” The European Commission proposal for the new center given in March 2012 has reached the fruition and a solution to deal with cross-border crime has finally arrived. The EU executive supposes that this harmonized approach will see more internet criminals put behind bars. Troels Oerting, head of the European Cyber crime Center ends “We will be able to give an overview to the Member States on crime; we will give operational support to cases, give forensic support and we will also help the Member States with capacity building and outreach,” I take a break only to outreach for more cyber news.
I once again happy to blog on the infySEC’s “Spark the Rise” Project. infySEC as a Corporate Body has tread steadily in its path of “Corporate Social Responsibility” with the valuable support from clients, vendors, students, and friends. The passion to serve the society is latent in all of us and gets an ignition through such projects and when it comes from the trendsetters like infySEC, it gets all the momentum. It is also proves by the support of vote that exceeded 10000 votes in record time and the support is swelling as day passes by. As the D-day for kick of the project is nearing, and voting to be end shortly, let us boost up the support through all forms of communications like website voting, mobile voting, and SMS provided by infySEC.
The project that envisage free IT training accompanied by a bonanza of 10 percent of them getting a job placement is truly a laudable objective. The plan success is in envision in its execution that aims to get the funding support within a 30 days period twitting to the organizations on the project idea. The next 60 days plan let loose the word of this commendable education project to the potential students interested in a career in IT with the backup of best ethical hacking consultant infySEC ‘s guidance . The final 120 days plan gets the best of the deserving youth to get the best IT training, in the hands of Institution like infySEC already in the field of IT training, and to embark on a career for his or her life in the Information Technology field.
The trickle-down economics of the “Spark the Rise” Project” in the employment sector of India is large. The NASSCOM
login using Facebook (http://www.sparktherise.com/projectdetails.php?pId=8869) or take your mobile or landline, give a call to the project individual telephone number 912261850841 and cast your votes( No charges for this call) or just SMS MHRISE P08869 to 54646, Happy voting for a noble cause as the voting is to close shortly and a joyful week end!!!
The blog probes into the protective measures taken up by “The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)”after the advent of Shamoon and Stuxnet attacks.
ICS-CERTmonitors on monthly basis and its report of the last quarter of 2012 alarms all. The alerts for industrial control systems and infrastructure companies revolve around particular industry and show two precise attacks that aim power generation facility and an electric utility.
ReVuln, a Maltese security company, has an establishment policy appears unethical as prefers not to sell their claims on vulnerabilities in industrial control software to the affected software vendors, but prefers to sell the information to governments and other paying customers. The business model emulates another security firm by name Vupen and is morally questionable.
Researchers Bob Radvanovsky and Jake Brodsky of InfraCritical in love with Project SHINE (SHodan INtelligence Extraction) uses the Shodan search engine to discover 460,000 potentially vulnerable IPs; and handed the database to ICS-CERT. Such IPs on contact serve as an entry point onto a control systems network and become the fountainhead for vulnerability to critical infrastructure. ICS-CERT further reduced the list of IPs to 98,000 organizations through the help of its resources. It finally boiled it down to approximately 7,200 devices within the United States that emerge to be in a straight line to control systems.
The clear example from SHINE is that control systems are for separation from the business network and away from direct internet-expose. Such a precaution did show feasibility with the previous year of Shamoon attack on Aramco. The attack aims to mar the Saudi economy by upsetting oil production; but it could not fill the air-gap between the business network and the control systems. It could only sabotage 30,000 business computers. However such an air-gap advantage were made in effective. It happened in the notorious pieces of malware, Stuxnet made a silent entry through a USB flash into Iran's Natanz nuclear facility in 2008 via a USB thumb drive. The malicious code on that flash drive spoiled costly industrial equipment, centrifuges that participate in a decisive role in Iran's nuclear program. The help of an ethical hacking consultant looks necessary. Firms like infySEC offer services like vulnerability assessment (http://www.infysec.com/services/security-and-defense/vulnerablity-assesment ) that protects critical infrastructure from cyber thieves.
Astonishingly, the lessons of Shamoon and Stuxnet do not seem to have been educated in the US, since both of the incidents reported by ICS-CERT in recent Monitor concerned with infections getting onto control systems via USB drives. A drive issue face an engineer, as the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software remove three positive virus , in which two were ‘common’ and one ‘sophisticated’ virus. However, in the climax the thumb drive of the engineer drop sophisticated malware on two engineering workstations, both critical to the operation of the control environment. Further, ten computers in the control system bear the brunt of infection as a third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades. Chris McIntosh, CEO of ViaSat UK opines “The US Government has highlighted a great weakness in energy infrastructure both in the US and beyond,” He further warns: “security is still firmly rooted in the 20th century. An attack need not be focused at hubs of power generation or sub-stations: communications lines, business networks, and even smart meters can be viable points of entry for an attack.” His solution is encryption of data in transit and rigorous authentication protocols, for example, should become routine. The spirit of cyber-warfare is out and organizations in the energy sector are to be alert. The solution is the protection of the network that aim beyond the common typical IT solutions and step to tackle the exclusive nature of interconnected real time control systems is necessary. I take a respite and will be back soon with cyber news.
The Cyber crime experts are most after sought in the cyber world and this blog is all about of Cyber crime Expert Stu Sjouwerman.
Cybercrime Expert Stu Sjouwerman, founder and CEO of KnowBe4, an Internet security awareness-training firm, got one more laurel with his induction to the FBI’s esteemed InfraGard program. The program aims to unify the efforts of government and private sector individuals to ensure strong and sound commitment to national security. Here the network created show a speedy growth all because of the realization by FBI on vulnerabilities and of the payback of public-private partnerships that led to the formation of the lnfraGard Program in Cleveland, Ohio in 1996. InfraGard and the FBI have symbiotic relationship jelled with faith and trustworthiness in the swap of information relating to a range of areas such as terrorism, intelligence, criminal, and security matters.The Sjouwerman sojourn in the IT industry starts in 1979 as Managing Director of Sunbelt International based in Paris, France, famous for VIPRE Antivirus Software development. His Sunbelt International business growth propelled with the opening of the US subsidiary in Clearwater, FL with revenue expansion that reached its pinnacle in 2001. Such an enormous growth made nation Sunbelt get a place in the Inc. 500 list of the five hundred fastest growing, privately held companies in the nation. Finally, Sunbelt bid a farewell to Sjouwerman after his sales of the firm to GFI Software in 2010. Sjouwerman, who never rest on his laurels, came with his new venture KnowBe4 to save the firms from cyber attacks with the help of his first-hand knowledge on dangers of cybercrime gained from the rich experience of 30+ years.
KnowBe4 employ information of the most recent cybercrime plans to educate its clients’ employees who constitute a mix of institutions such as ranging from banks, credit unions, defense contractors to hospitals and insurance corporations. KnowBe4 tender cybercrime prevention resources to help organizations resolve their vulnerability to cyber attacks through free phishing security test and a free email exposure check (EEC), which disclose openly available company email addresses that cyber-criminals can utilize to aim staff with spear-phishing attacks, which are the start of a Cyberheist. The business strategies followed by KnowBe4 have back-ups of the market realities as security software firm Trend Micro findings says 91% of cyber attacks begin with a “spear phishing” email.Sjouwerman associations used to be trendy and it seen with his earlier partnership with security consultant Kevin Mitnick (“The World’s Most Wanted Hacker”), wherein they developed Kevin Mitnick Security Awareness Training. His present nexus with InfrGard program is gets true acknowledgment from him in a right spirit as “I am honored to become a member of the [InfraGard] program,” commented Sjouwerman. “Combining knowledge about cybercrime with other industry professionals along with the FBI provides us with more resources to help protect more people.”
In the Indian context, the Police organization can tie up with firms such as infySEC, who do yeomen service to their clients with their state of art services (http://www.infysec.com/services) to counter cyber crimes.I remain and will be back with more cyber news.
Intelligence & Threat Analysis (ITA), a US State Department, has poured in cyber crime statistics and the blog pours it out.
Cyber criminals seem to have made a kill in the 2011 as well as 2012. Their acts tried to break in famous sites and systems throughout the year. Government initially did not get any worry but as cases started pouring in, measures to curtail such acts also followed vehemently through enactment of laws and regulations. Such laws helped in to do the combing operations on the cyber criminals hide outs to arrest them. The statistics of cyber crime in 2011 is appalling. The rate at which people feel the heat of cyber crime comes to 14 people per second and hence 4 million people around the world get affliction through cyber crimes in the year 2011 and 2012 statistics are yet to come, but sure to give alarm to the Information Technology communities . ITA came out with the said figures at the meeting organized by Islamic Cooperation-Computer Emergency Response Team (OIC-CERT) to talk about the world concerns concerning cyber crimes and to discover answer regarding its battle. The participants were mainly from 55 Islamic countries and the oil and gas companies were affected the most. The cash rich companies used the forum to thrash out the concerns regarding cyber crimes. This year, many oil and gas companies in the region were the target for the cyber criminals, obstructing business. The cyber attack on Saudi Aramco in August 2012 is the most recent in a mounting number of cyber crimes against the oil and gas industry. As contracts and technology raise in worth, hackers are becoming more paying attention to inside information. Saudi Aramco is back on the saddle after removing 30,000 of its computers of a malicious virus in August, but the attack should provide us a bare warning that the oil and gas industry is suitable digital thieves to mint money. Cyber crimes chairperson of Malaysian cyber security said: “It is critical to develop comprehensive cyber security policies and a framework which outlines interdisciplinary cooperation and response. Our objective is to seek solutions on issues by strengthening cyber security and create a trusted and resilient cyber environment. “Security researchers have found that the best defence on the growing cyber threats is through education, awareness, and robust policies that nurture collaborative efforts between the industry, academia, and government.”
A yahoo call is here on the hacking on Yahoo Mail users in this blog.
Yahoo Mail users face their accounts hacked and all done by tempting them to click on a malicious link they receive in their in boxes Yahoo is firm on plugging the security hole and confirms it, but researchers differ on it. Shahin Ramezany, a standalone hacker makes the revelation in an uploaded video in YouTube. It tells the viewers on how to compromise a Yahoo account by leveraging a DOM-Based XSS vulnerability that is exploitable in all major browsers. The method in use is very easy, and possible in no time, and seems to be very simple to mechanize. Ramezany is of the opinion that the vulnerability puts some 400 million Yahoo users at peril and swears that the entire details of his way will be posted after Yahoo plugs the security hole. It is not at present apparent the extent of Yahoo Mail users in harm by this flaw, but it does seem as if the number is mounting rapidly. The latest news is that instances are there were account compromises, or the release of spam from their friends with Yahoo accounts. Here, the role of management testing services (http://www.infysec.com/services/controls-and-assurance/management-testing ) offered by ethical hacking company such as infySEC comes to the forefront to teach the employees on safe browsing.
There is warning from reliable sources that such attack may not end and will continue. It is due to the reason that incident occurred in July 2012 where in file swipe occur in the company’s servers. This shows a security hole directly in Yahoo Mail. The advice is that users with a Yahoo account alter their account passwords and be particular to avoid click on any suspicious links they receive by email or from anywhere else. The random links may originate from a close pal, but still it has to be with a pinch of salt as this are a hand wok of malware spreading hackers in the cyber world. We have contacted Yahoo about this issue. We will update this article if we hear back. A Yahoo is at work in UK and US to counter such threats and recommendation of change of passwords Is given as panacea to this il. Update Finally Yahoo confirms on ths issue as follows.“At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data,” a Yahoo spokesperson told TNW. “We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerability that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”
Researchers are still skeptical on Yahoo Mail claims and say exploit still active, despite claim of its fix. As, time runs out in the night, I take a break and be back soon with more cyber news.