Tag: cyber security

Categories
Kerala Lite Blogs Tech Lite

Kerala Praised as Cyber Security Governance Role Model

Cyber security. (source: ianstwitter/)

Hibi Eden MP presided over the function in which Mayor M Anilkumar was the chief guest. ISRO Chairman S Somanath, actor Mamta Mohandas and others were present…reports Asian Lite News

Kerala is a role model for cyber security governance as the state government is capable of providing adequate security to the cyber arena, said state revenue minister P Rajeev on Saturday. The minister, while speaking on the concluding session of the 16th edition of the c0c0n, a two-day international cyber conference that kicked off in Kochi on Friday, said that the work being done in the state through the c0c0n conference is a great achievement.

“The state government is capable of providing adequate security to the cyber arena. The government is also providing necessary support to this sector by establishing the Digital University in the state. Kerala is a state where the internet is ensured through K-Fone in every house,” the minister said. He further said that the c0c0n is a role model for the Indian cyber security sector, which is making the necessary innovations for cyber security. “C0c0n is capable of creating cyber security experts among the next generation,” P Rajeev added.

Hibi Eden MP presided over the function in which Mayor M Anilkumar was the chief guest. ISRO Chairman S Somanath, actor Mamta Mohandas and others were present. Earlier on Frida, during the inauguration of the conference, Kerala Governor Arif Mohammed Khan emphasised the need to address the growing issue of cybercrime in the nation.

“Though we are making revolutions in the technological field, the number of cybercrimes is rising. It is necessary to quickly update the changes in the cyber field and move forward,” the governor said.
He highlighted the importance of staying updated with advancements in the cyber field and called for international cooperation in combating cybercrimes. (ANI)

ALSO READ-India, Malaysia Discuss Cyber security, Defence Ties

Categories
-Top News India News

G20 meet deliberates on cyber security

Idea of cyber drills and exercises to help building long lasting ties proposed in meetinh hosted by RBI and CERT-In…reports Asian Lite News

The G20 International Conference on “Cyber Security Exercise for the Banking Sector” under India’s G20 Presidency was held in Mumbai.

The conference was jointly conducted by the Reserve Bank of India (RBI), the Indian Computer Emergency Response Team (CERT-In), the Ministry of Electronics and Information Technology (MeitY) on Monday. The conference commenced with a keynote address by RBI Deputy Governor MK Jain followed by a special address by CERT-In Director General Sanjay Bahl.

The Deputy Governor in his address stressed that managing cyber risks has become a key driver for ensuring financial stability. He emphasised on the imperative for global collaborative efforts to strengthen cyber security. He also outlined six specific strategies that the global community could follow.

Director General, CERT-In highlighted three global challenges in countering cyber-attacks and also emphasised on the need for global community to work together. He further mentioned, “Cyber drills and exercises could help in building long lasting relationships and in leveraging each other’s strengths to enhance preparedness.”

Moreover, Strategic and Operational Cyber Exercises and Drills were also organized as a part of the event. The participants held discussions on the new age cyber security challenges faced by the banks globally. The event also had a panel discussion on Trans-National Cyber Security Challenges in banking sector across the globe.

More than 200 participants from RBI, MeitY, IMF, BIS, central banks and Computer Emergency Response Teams of G20 Member Countries, MD and CEOs of select commercial and urban cooperative banks, Chief Information Security Officers (CISOs) and Chief Technology Officers (CTOs) of Indian and foreign banks attended the event.

The conference commenced with a keynote address by RBI Deputy Governor MK Jain followed by a special address by CERT-In Director General Sanjay Bahl. The Deputy Governor in his address stressed that managing cyber risks has become a key driver for ensuring financial stability. He emphasised on the imperative for global collaborative efforts to strengthen cyber security. He also outlined six specific strategies that the global community could follow.

Director General, CERT-In highlighted three global challenges in countering cyber-attacks and also emphasised on the need for global community to work together. He further mentioned, “Cyber drills and exercises could help in building long lasting relationships and in leveraging each other’s strengths to enhance preparedness.” Moreover, Strategic and Operational Cyber Exercises and Drills were also organized as a part of the event.

Earlier, National Cyber Security Coordinator Rajesh Pant had “Delhi Declarations” for G20 nations to promote cyber peace and cooperation to prevent, mitigate and investigate cyber incidents in cyberspace.

While speaking at the B20 Conference on Cyber Security organised by CII, Pant cited various G20 action plans around cyberspace and said that the G20 supports the existing UN cybersecurity norms.

“I want to propose today something that I’m calling the Delhi Declaration,” Pant said.

He said that the G20 encourages states to adopt norms of responsible state behaviour in cyberspace and Delhi Declarations comprises four to five norms that have already been accepted by the UN and the open ended working groups.

“We commit to protect, not damage critical infrastructure or other essential and peaceful systems from cyber-related or enabled means, commit to cooperate to prevent, mitigate and investigate cyber incidents, and other malicious activities in cyberspace. In particular, when it comes to ransomware,” Pant said while reading excerpts of the proposed Delhi Declarations.

“Commit to protect and not disturb the software supply chain and finally, commit to respect international law and the rule of law in cyberspace and commit to protecting the humanitarian sector. There is also a longer-term plan that has been made to help support the implementation of the framework. This is what I bring to the table,” Pant said.

He also said that it is necessary to have governance structures in place, and the people have to be trained on cyber hygiene, which involves standard operating procedures for various actions, cyber crisis management plans, audits etc.

“Technology will involve everything, which is today being discussed as part of zero trust architecture. So, right from the endpoint, the identity and access management to the network security to data security to cloud and to applications, everything will have to be catered for,” Pant said.

In May this year, India’s G20 Sherpa Amitabh Kant had asserted that India has digital public infrastructure and this will facilitate India to become global champion of cyber security.

“We have worked enough in country on digital transformation, as I informed there are 4 billion people around the globe who do not have identity, 2.5 billion have no bank account and 133 countries have no fast payment system. We have to take this digital public infrastructure to global level, we also need to become global champion of cyber security, because India has technology and innovation on the basis of population scale and we need to use this to become cyber security global champion,” said Amitabh Kant.

ALSO READ-G20 meet discusses effects of climate change

Categories
India News Tech Lite

India, APAC to face increased cyber threats in 2023

Cybercrime.

Adversaries will deploy new technologies as well to increase their success rate in future attacks…reports Asian Lite News

As ransomware attacks grow multifold, like the latest AIIMS incident, amid nation-state actors supporting army of hackers, a report said on Tuesday that threat vectors are most likely to affect organisations in India and the Asia-Pacific region in the New Year.

About 66 per cent of Indian businesses fell prey to supply chain attacks in 2022.

As threats become increasingly sophisticated, the software bill of materials (SBOM) will be widely adopted in 2023, according to DigiCert, a leading provider of digital trust.

“India has faced more than 18 million cyberattacks in just the first quarter of 2022. This must raise alarm for all of us especially as the country is pushing for increased digitization in the coming year,” said Sarabjeet Khurana, Country Manager, India and SAARC, DigiCert.

Adversaries will deploy new technologies as well to increase their success rate in future attacks.

Technologies such as Artificial Intelligence and Adversarial Machine Learning could potentially be deployed by a properly versed attacker to find weaknesses in an improperly deployed zero trust framework, said the report.

The companies need an increased focus on the need to be crypto-agile as quantum computers pose a significant future threat for secure online interactions.

Crytographic-agility will be a competitive advantage in the very near future, the report mentioned.

“These predictions should allow individuals and businesses of all scales and sizes, to prepare for their upcoming technology needs. To ensure success in the era of digital trust, a planned approach to resiliency is of essence,” said Khurana.

ALSO READ-India’s nuclear plants safe from cyberattacks: Minister

Categories
Business Tech Lite

Cyber security and unique challenges

ENS domains are an easy to remember name used to find the associated cryptocurrency wallet address. This has led to popular domain names being trademarked and resold by third parties…reports Asian Lite News

Dubai, UAE: A central component of this transition is the development of a 3-D experience known as the metaverse which is the next iteration of both social media and the Internet. The metaverse brings with it a whole host of unique challenges and security risks along with new takes on old strategies.

Cisco Talos, one of the world’s largest private threat intelligence teams with unparalleled insight into the threat landscape, recently looked at the pervasiveness of threats and scams in the metaverse. They identified new takes on old threats and entirely new scams and threats only found in the Metaverse.

“Recent security research by Cisco Talos has shown that the Metaverse landscape appears ripe for cybercriminals. Whether they are translating old threats in the new Metaverse space, leveraging time tested social engineering and phishing techniques of the past or beginning to craft new technical attacks to make money in new ways the cybercriminal game is growing,” said Fady Younes, Cybersecurity Director – Cisco Middle East and Africa.

ENS Domains

The growing popularity of digital currency has resulted in greater use of Ethereum Name Service (ENS) domains. ENS domains are an easy to remember name used to find the associated cryptocurrency wallet address. This has led to popular domain names being trademarked and resold by third parties. As a result, nothing prevents the owner of an ENS domain from using that name to trick unsuspecting users into believing that they are dealing with a legitimate organisation. In addition, these ENS domains point to wallet addresses, so any person can inspect the contents of the wallet associated with the name at any time.

Social engineering

Adapting to a new technology often comes with the threat of social engineering and Web 3.0 is no exception. The vast majority of security incidents affecting Web 3.0 users stem from social engineering attacks such as cloning wallets. Users should be careful not to be tricked to share their “seed phrase”.  In the event that a cryptocurrency wallet is lost or destroyed, a user can recover their wallet, and all of its contents, using a 12 to 24 word “seed phrase” which is essentially, their private key. Anyone with knowledge of the seed phrase (private key) can clone a cryptocurrency wallet and use it as their own. Thus, many cybercriminals who are seeking to steal cryptocurrency or NFTs (non-fungible tokens) target a user’s seed phrase.

Beware of fake customer support agents

Another method attackers use to separate users from their seed phrase is to pose as a customer support agent offering responding to publicly posted Twitter or Discord server requests from users. Criminals monitor these channels and will contact users to offer “help” – ultimately bringing them to share their seed phrases.

Whales

Whales are high profile cryptocurrency accounts that hold a large amount of crypto currency or NFTs. Some estimates report that 40,000 whales own 80% of all NFT value and as such are an attractive target for cyber security criminals. Scammers know that many smaller investors watch these whales’ wallets and will therefore socially engineer them into investing in their own fake projects. Most legitimate NFT projects freely publish their source code for their smart contract. The fact that this project’s code has not been published should be a red flag for potential investors.

Malicious smart contracts

While some attackers focus on exploiting bugs in legitimate smart contracts, other attackers take a different approach, and write their own malware which is placed onto the blockchain in the form of malicious smart contract code. Malicious smart contracts have all the standard smart contract functions but behave in unexpected ways.

ALSO READ-Doval stresses on need to safeguard India’s cyberspace

Categories
India News Tech Lite

Doval stresses on need to safeguard India’s cyberspace

Inaugurating a National Cyber Exercise (NCX) with an aim to train senior management and technical staff of the government on contemporary cyber threats and handling cyber incidents, Doval said that digital revolution is taking place in the country.

National Security Advisor (NSA) Ajit Doval said on Monday that any threat in the cyberspace directly impacts the country’s social, economic and national security and therefore India must safeguard its cyberspace.

Inaugurating a National Cyber Exercise (NCX) with an aim to train senior management and technical staff of the government on contemporary cyber threats and handling cyber incidents, Doval said that digital revolution is taking place in the country.

He further said that with the launch of a large number of digital services by the government, cyber security remains the foundation of any successful digital transformation and any threat to the digital world may impact the country in many ways.

The NCX will be conducted as a hybrid exercise from April 18 to 29 in association with the National Security Council Secretariat (NSCS) of the government with the Data Security Council of India (DSCI) as the knowledge partner, supported by the Defence Research and Development Organisation (DRDO).

The platform for training is being provided by CyberExer Technologies, an Estonian cyber security company accredited for globally conducting several large-scale cyber exercises.

“More than 140 officials will be trained through training sessions with strategic exercises. The participants will be trained on various key cyber security areas such as intrusion detection techniques, malware information sharing platform (MISP), vulnerability handling and penetration testing, network protocols and data flows, and digital forensics,” an official in the NSCS said.

The NCX India will help strategic leaders to better understand cyber threats, assess readiness, and develop skills for cyber crisis management and cooperation. This will also help develop and test cyber security skills, teamwork, planning, communication, critical thinking, and decision-making.

During the event, the National Cyber Security Coordinator, Lt. General Rajesh Pant, brought out the importance of Indian cyberspace and the necessity of keeping it secure and safe for the citizens, businesses and governments.

He also talked about the increase in ransomware and supply chain attacks taking place in the world as well as in India and how it is very vital to achieve synergy among all the organisations for effectively countering these attacks.

Pant highlighted the recent ransomware attack on Oil India Limited (OIL) and the importance of cyber warfare in the global scenario.

ALSO READ-‘Centre negating federalism’: AAP to SC

Categories
-Top News India News Tech Lite

Cyber thugs are back with WhatsApp video calls showing porn clips

Such anonymous video calls on WhatsApp and Facebook Messenger are growing in India and the relevant authorities are unable to stop such activities…reports Asian Lite News.

A 35-year-old professor from the University of Delhi recently received a video call on Facebook Messenger from an anonymous number. To his horror, a nude girl appeared on the other side. Before he could disconnect the call, cyber criminals made a quick video of the professor watching the porn clip, and the harassment began.

“It was around 2 a.m. when I received a call from an unknown person on Facebook Messenger. When I received the call, I saw a nude girl on the other end. I disconnected the call immediately. However, before I could figure out what exactly happened, I received a few screenshots of my video call on Messenger,” a shaken professor told on the condition of anonymity.

Starting to panic, he immediately blocked the user. After an hour, the professor got an audio call where another man asked him to pay Rs 20,000 via a digital payment app within five minutes, else he would post these screenshots on Facebook for his friends and family community to see.

“I was nervous and deactivated my Facebook account. Nothing happened after that night to date but I’m still worried,” he said.

Such anonymous video calls on WhatsApp and Facebook Messenger are growing in India and the relevant authorities are unable to stop such activities.

According to cyber experts, in a reminiscence of Jamtara-type mobile frauds, the notorious gangs of Mewat region have resurfaced, extorting money from people by blackmailing them with such WhatsApp video callings.

The gangs operate in the Mewat region of Haryana. Further, Bhiwadi, Tijara, Kishangarh Bas, Ramgarh, Laxmangarh in Alwar and Nagar, Pahadi and Govindgarh in Bharatpur also are the main areas where these cyber thugs are operating from.

In October, the Crime Branch of Delhi Police claimed to have arrested the mastermind of an interstate sextortion gang from Rajasthan’s Bharatpur.

According to police, the gang led by Nasir (25) has been indulging in extorting money from reputed persons after blackmailing them with their obscene pictures and videos.

At least 36 gangs have been busted and 600 accused arrested by Alwar police in the ‘sextortion’ case.

In the pandemic, there has been a surge in such activities. Cyber criminals run recorded porn videos, and then send your recording back to you, asking for money which could be anywhere from Rs 10,000 to over a few lakh.

“If denied, they threaten to share your porn-watching video in your social media circles and the mental harassment begins afterwards,” independent cyber security researcher Rajshekhar Rajaharia told.

A Delhi-NCR based journalist faced the same situation this month when he received a WhatsApp video call and saw a nude girl.

Surprised as well as confused, he immediately disconnected the call. He later received some screenshots as well a video recorded from the person who called him.

“The person told me that he is going to send these videos to everyone on social media and asked me to pay Rs 23,000 immediately to delete the video. I blocked him but then, I started getting calls from unknown numbers asking me to transfer the money. I blocked them and turned off my phone for a few hours,” the journalist said.

India likely to unveil new cybersecurity strategy this year

He later did not receive any more calls.

According to Rajaharia, if you do not give in to their demands immediately, there are chances that they won’t share your porn video with others, as doing this will invite trouble for them if the person goes to cyber police with their contact details.

“However, the victims must quickly contact the cyber branch of police in their respective areas. When you receive an anonymous call, do not pick it immediately. Try to find out the identity of that anonymous person via SMS or WhatsApp chat first, and then check if that person belongs to your known circle of acquaintances or not,” the cyber expert advised.

“Even if you have taken the anonymous WhatsApp or Facebook Messenger video call, switch off or cover your camera,” he added.

ALSO READ-Cyber security collaboration significant in ties with India: Taiwan

Categories
-Top News India News

India, New Zealand agree to work closely in cyber security

Besides, the two sides also deliberated on a wide range of topics of mutual interest and agreed to work closely with each other in the areas of cyber security, cybercrime and capacity building…reports Asian Lite News.

India and New Zealand on Tuesday and Wednesday held their Cyber Dialogue in a virtual format and discussed various aspects of existing bilateral cooperation in cyberspace.

According to a statement issued by the Ministry of External Affairs, the two sides also exchanged views on the latest developments on cyber issues at bilateral, regional and multilateral fora and explored initiatives to further deepen cyber cooperation.

Besides, the two sides also deliberated on a wide range of topics of mutual interest and agreed to work closely with each other in the areas of cyber security, cybercrime and capacity building.

At the Dialogue, while the Indian delegation was led by Atul Malhari Gotsurve, Joint Secretary (Cyber Diplomacy) in the Ministry of External Affairs, the New Zealand delegation was co-led by Dan Eaton, Director National Security Policy, Department of Prime Minister and Cabinet (DPMC) and Georgina Sargison, Acting Unit Manager, Emerging Security Issues, International Security and Disarmament Division, Ministry of Foreign Affairs and Trade (MFAT)

As per the MEA, senior officials from various government Ministries and Departments from both the countries participated in the Cyber Dialogue.

ALSO READ-Covaxin 77.8% effective, says Lancet