Week of August 24, 2018


Week of August 24, 2018

What Cosmos Bank’s Rs 94 Crore Online Fraud Says of Bank Security*:

Last week, Pune-based Cosmos Bank lost Rs 94 crore in a coordinated digital fraud comprising thousands of online transactions, made possible because of a malware attack on the bank’s systems.

The fraud began with a malware attack; in this case, the malware compromised a digital system responsible for settling cash dispensation requests raised at ATMs.

The malware created a proxy system that bypassed the CBS (Core Banking System) and approved a series of 14,800 fraudulent transactions to withdraw Rs 80.5 crore — Rs 78 crore through 12,000 transactions in 28 countries, the rest in India.

Another Rs 13.5 crore was transferred to a Hong Kong-based entity using a facility called Society for Worldwide Interbank Telecommunications (SWIFT).

These are suspected to have been done with “cloned cards,” though it is not certain at this stage.

The attack on Cosmos took place around the same time that the FBI issued a warning of an “ATM cash out attack” where fraudsters could compromise a bank or payment processors, and use cloned cards at cash machines across the world to withdraw money.

These attacks normally take place over the weekend, and Cosmos was attacked on a Saturday.

Cyber-crime investigation expert Ritesh Bhatia said security measures across Indian banks are moderate and given the high level of coordinated international attacks, all banks need to upgrade their security mechanisms.

*Source: Indian Express, August 20, 2018


Global IT Security Spending to Exceed $124 bn in 2019*:

The global spending on information security products and services will cross the $114-billion mark in 2018, a growth of 12.4 percent over last year.

Research firm Gartner has forecast that the spending will grow 8.7 percent to $124 billion in 2019.

Highly publicised data breaches, like the recent attack on SingHealth that compromised personal health records of 1.5 million patients in Singapore, reinforce the need to view sensitive data and IT systems as a critical infrastructure.

The research firm estimates that privacy concerns will drive at least 10 percent of market demand for security services in 2019.

At least 30 percent of organizations are expected to spend on GDPR related consulting and implementation services next year.

Risk management and privacy concerns within digital transformation initiatives will drive additional security services spending for more than 40 percent of organisations in the next two years.

Services (subscription and managed) will represent at least 50 percent of security software delivery by 2020.

Security-as-a-Service is on the way to surpassing on-premises deployments, and hybrid deployments are enticing buyers.

*Source: The Hindu Business Line, August 17, 2018


Google Faces Lawsuit Over Location Tracking of Users*:

Google has been accused in a lawsuit of illegally tracking the movements of millions of iPhone and Android phone users even when they use a privacy setting to prevent it.

According to a complaint filed late Friday, Google falsely assures people they won’t be tracked if they turn the “Location History” feature on their phones to “off,” and instead violates their privacy by monitoring and storing their movements.

The plaintiff, Napoleon Patacsil of San Diego, is seeking class-action status on behalf of U.S. users of Android phones and Apple iPhones who turned the tracking feature off.

He is seeking unspecified damages for Google’s alleged intentional violations of California privacy laws, and intrusion into people’s private affairs.

Google did not immediately respond on Monday to requests for comment.

Patacsil claimed that Google illegally tracked him on his Android phone and later on his iPhone, where he had downloaded some Google apps.

The help section of Google’s website now says that turning Location History off “does not affect other location services” in phones, and that some location data may be saved through other services, such as Search and Maps.

*Source: Global News, August 20, 2018


Hackers Target Smartphones to Mine Cryptocurrencies*:

Cryptojacking consists of entrapping an internet server, a personal computer or a smartphone to install malware to mine cryptocurrencies.

Mining is basically the process of helping verify and process transactions in a given virtual currency.

In exchange miners are now and then rewarded with some of the currency themselves.

Legitimate mining operations link thousands of processors together to increase the computing power available to earn cryptocurrencies.

Mining bitcoin, ethereum, monero and other cryptocurrencies may be very profitable, but it does require considerable investments and generates huge electricity bills.

But hackers have found a cheaper option: surreptitiously exploiting the processors in smartphones.

To lure victims, hackers turn to the digital world's equivalent of the Trojan horse subterfuge of Greek mythology: inside an innocuous-looking app or programme hides a malicious one.

The popularity of games makes them attractive for hackers.

For example, a version of the popular game Bug Smasher, installed from Google Play between one and five million times, has been secretly mining the cryptocurrency monero on users' devices.

But for smartphone owners, the mining is at best a nuisance, slowing down the operation of the phone and making it warm to the touch as the processor struggles to unlock cryptocurrency and accomplish another task.

Cryptojacking affects mostly smartphones running Google's Android operating system.

Apple exercises more control over apps that can be installed on its phones, so hackers have targeted iPhones less.

Google recently cleaned up its app store, Google Play, telling developers that it will no longer accept apps that mine cryptocurrencies on its platform.

*Source: France 24, August 22, 2018


Android Spyware Records Calls and Sends Your Pictures and Location to Hackers*:

A powerful form of Android surveillance malware with the ability to record phone calls, monitor text messages, secretly steal photos and videos, and collect the location of the user is disguising itself in a repackaged version of a legitimate app and being distributed as part of what appears to be a targeted and sophisticated espionage campaign.

Uncovered by researchers at Bitdefender and named Triout, the malware has been active since at least May this year and is packaged inside a phony version of an Android app which was previously available on the Google Play store in 2016, but has since been removed.

The repackaged version of the app is still signed with an authentic Google Debug Certificate.

It's unclear how the malicious app is distributed or how many times it has been successfully installed, but researchers believe that Triout is delivered to victims by third-party marketplaces or other forms of attacker-controlled domains which host the malware.

Analysis of the spyware suggests that it was first submitted from Russia – although not necessarily built there – and that the majority of the detected samples are in Israel, pointing to the possibility of a specially targeted campaign against individuals within the country.

However, while there's not yet enough evidence to determine who the attackers are, one thing is for certain – they have access to resources and knowledge to build a sophisticated form of spyware.

The malware is extremely stealthy, designed to look and function exactly like the app it purports to be – in this case, an adult app called 'Sex Game' – while also turning the infected Android device into a powerful surveillance tool which sends stolen data back to an attacker-controlled command and control server.

Investigation of the spyware capabilities found that it records every phone call as a media file and sends the audio along with the caller ID to the attackers, as well as logging information about every incoming text message.

Whenever the user takes a photo, Triout also sends that to the hackers and the attackers can ask for the GPS coordinates of the user at any given time.

But despite the powerful capabilities of the malware, researchers found that the malware sample is completely unobfuscated, meaning that by unpacking the .apk file, the source code becomes available to see.

This doesn't seem to sit well alongside the sophistication of the malware itself, leading researchers to suggest that the framework itself could be a work-in-progress as the developers test features and compatibility with devices.

Bitdefender noted that the attackers have recently upgraded the command and control infrastructure and that the campaign is still active – but there are simple steps which can be taken to avoid falling victim to Triout or similar campaigns.

Users should be aware of any applications that do not come from the official store and be reluctant to grant applications permissions that aren’t required for their functionality.

*Source: ZD Net, August 22, 2018


New Type of Credit Card Skimmer Found Inside Terrytown Store*:

Jefferson Parish Sheriff's Office detectives issued a warning to customers Thursday after investigators discovered an illegal credit card-skimming device inside a store near New Orleans this week.

Unlike previously seized skimmers found on ATMs or gas pumps, this skimmer was fitted over the point-of-sale card reader used by the store's employees when a customer provides a credit or debit card, according to a spokesman for the Sheriff's Office.

The sheriff's office did not name the store where the skimmer was found.

The skimmer was placed over the top of the store's legitimate card reader, making it difficult to notice.

Thieves use the information stolen by a skimmer to create counterfeit credit cards, then they either sell the cards or use them to make purchases.

The Sheriff's Office asked customers of businesses to check card readers before using them to make sure no illegal devices have been added.

Credit card companies are required to use chip technology, a security feature designed to protect consumers from fraud activity.

But some merchants don't use the technology because of costs or the belief that it slows the speed of a transaction.

*Source: NOLA, August 23, 2018


Your WhatsApp Chats are now a Little Less Secure*:

WhatsApp and Google have announced that WhatsApp users will be able to back up all of their WhatsApp data on Google Drive without using up any of their Google Drive allowance.

In itself, this is good news, but it also involves a rather unfortunate implication.

All WhatsApp data backed up using Google Drive will no longer be protected by end-to-end encryption.

Starting November 12, the deal will come into place.

You’ll have to back up your WhatsApp data before then to protect your old WhatsApp messages, photos, videos, and sound files from being deleted.

Everything you do save, however, will no longer be protected by WhatsApp’s lauded encryption.

In the official blog post from WhatsApp, announcing the change, the following caveat was included: “Important: Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive.”

End-to-end encryption scrambles up all communications between devices.

It basically means that only the sender and the person or people who they are sending a message to can read it.

Once the sent data is backed up to Google Drive, however, this level of protection no longer exists.

Google does claim that all data involved in the transfer from WhatsApp to Google Drive servers is encrypted.

There is a catch, however, and in the Google terms and conditions it clearly states Google’s automated systems will scan content to provide personally relevant product features and more highly tuned personal search results.

Your WhatsApp backups could become the fuel for the ads that Google will be serving you up.

If you’re more worried about hackers getting their hands on your data than ad agencies, then you might have something to worry about.

Google Drive’s encryption isn’t as secure as WhatsApp’s end-to-end encryption.

The takeaway from all of this is that although you can now save all your WhatsApp data without having to pay for storage, you are paying a price.

Your data is now in the hands of a corporation that knows how to use it, and the things you save there aren’t as secure as it was when it was encrypted by WhatsApp.

*Source:, August 22, 2018


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top