Categories
General

What is Cyber Security?

What is Cyber Security?

General

What is cybersecurity

After the introduction of the internet to the people and from a simple computer worm to fileless malware, ransomware, and Nation or state-sponsored cyberattacks, everything is changed. When Internet users started facing this type of cyber threat, Cybersecurity came to light. By applying technologies, processes, collective methods and skilled people to protect all those devices which are connected to the internet and to maintain the confidentiality, integrity, and availability of data and networks.

In today’s world, the fastest thing growing is technology. Technology is a power that can be used in both ways; Good or Bad. Technology comes with its loopholes, and that is one such promising reason why cybersecurity is crucial! Various sectors like finance, government, military, Healthcare, Education, or any business you can imagine is over the Internet or in some way connected to the internet. Every business requires data for its work and has to use it to provide the services. The data can be anything like its customer or user data, contact information, payment gateway information, medical or health-related information, social media links, personal identity, information regarding devices, and a lot more. To keep it secure, cybersecurity is applied as it is highly sensitive information and of great value to cyber criminals.

Why is it important?
  • The costs of breaches, cyber-attacks are tremendously huge for companies, So an iterative security check can help in mitigations, Which certainly means checking existing implementation for betterment.
  • Hackers are always looking for new and sophisticated ways to attack, So a like minded but ethical team of cybersecurity researchers can help you understand what is your current state of cybersecurity.
  • 95% of cybersecurity breaches are caused by human errors, Though there is no perfect fix for cybersecurity but training employee trainings for cybersecurity can help mitigate such sophisticated phishing attacks!

Bluefire Redteam Risk Assessments & Employee Training

Our team of skilled researchers are well capable in the following risk assessments , With custom techniques in our arsenal!

Benefits of Cyber Security with Bluefire Redteam?

  • Business protection against cyberattacks and data breaches.
  • Protection for data and networks.
  • Prevention of unauthorized user access.
  • Protection for end-users and endpoint devices.
  • Smooth Business continuity.
  • Improved confidence in the company’s reputation and trust for developers, partners, customers, stakeholders, and employees.

 

Tags :

Cybersecurity, penetration testing, risk assessment

Share This :
Categories
breaches

Cybersecurity Compliances in India for Businesses

Cybersecurity Compliances in India for Businesses

breaches

cybersecurity compliance's

Cybercrime is a global problem that’s been dominating the news cycle. It poses a threat to individual security and an even bigger threat to large international companies, banks, and governments. Today’s organized cybercrimes far out shadow lone hackers of the past now large organized crime rings function like start-ups and often employ highly-trained developers who are constantly innovating online attacks. With so much data to exploit out there, cybersecurity has become essential.

Cyber space crime has spared none. As said, it has penetrated the major sectors including the banking and finance, commercial facilities, postal services, transportation, education institutions, healthcare, e-retail platforms, etc. It is present in the form of phishing and social engineering, malware, spear phishing, ransom ware, hacking, software piracy, pornography, cybersquatting, etc.

CYBER ATTACKS IN INDIA

According to a report, India sees 940% jump in cyber attacks in past few years. Some of the major attacks that have taken place in India in the past 5 years are

  • Bank of India Heist (2016)
  • Wannacry Ransomware (2017)
  • Data Theft at Zomato (2017)
  • Aadhaar Data Breach (2018)
  • IIMJobs (2018),
  • Twitter Data Breach (2018)
  • Cosmos Bank Cyber Attack in Pune (2018),
  • Indian Railways (2019)
  • Vedantu (2019)
  • Ixigo Data Breach (2019) LivPure Data Brach (2020) 
  • Big Basket (2020)
  • Air India Data Breach (2021)
  • Moneycontrol (2021)
  • Domino’s India Data Breach (2021)

And many sensitive and unverified data breaches that remains unlisted. A recent cyber-attack at one of the nuclear power plants of India and the Prime Minister’s social media handle makes one realize the gravity of the situation.

Request a free consultation for your business

Don’t take your cyber security for granted!

REGULARITY LANDSCAPE

The main legislation governing the cyber space in India is the Information Technology Act, 2000 (“IT Act”) which defines cybersecurity as protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. In addition to providing legal recognition and protection for transactions carried out through electronic data and other means of electronic communication, the IT Act and various rules made there under, also focus on information security, defines reasonable security practices to be followed by corporates and redefines the role of intermediaries, recognizes the role of the Indian Computer Emergency Response Team (“CERT-In”) etc.

Additionally, the IT Act also amended the scope of Indian Penal Code, Indian Evidence Act, 1872, The Bankers’ Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto, which were focusing on the regulation of the overly sensitive banking and financial services sector. Incidentally, while there is no comprehensive legislation for the governance of data in the country as on this date, there are sectoral legislations, directions, legal advisories which require specific compliance for the targeted sector.

The IT Act not only extends to the whole of India and, but it is also applicable to any offence or contravention committed outside India by any person. Additionally, the legal sanctions under the IT Act extend to imprisonment, penalties, and also allow for a framework for compensation/ damages to be paid to the claimants. Further, if a body corporate, possessing, dealing or handling any personal data or sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate is liable to pay damages by way of compensation to the person so affected. 

REGULATORY FRAMEWORK OF CYBER SECURITY LAWS

There are three predominant laws to cover when it comes to cybersecurity:

Information Technology Act, 2000

The Indian cyber laws are governed by the Information Technology Act, penned down back in 2000. The principal impetus of this Act is to offer reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with the Government. But with the cyber attackers getting sneakier, topped by the human tendency to misuse technology, a series of amendments followed. The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices. The IT Act is the salient one, guiding the entire Indian legislation to govern cyber crimes rigorously.

Indian Penal Code (IPC) 1980 

Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 – invoked along with the Information Technology Act of 2000. The primary relevant section of the IPC covers cyber frauds: 

  • Forgery (Section 464) 
  • Forgery pre-planned for cheating (Section 468) 
  • False documentation (Section 465) 
  • Presenting a forged document as genuine (Section 471) 
  • Reputation damage (Section 469)
Companies Act of 2013

The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation necessary for the refinement of daily operations. The directives of this Act cements all the required techno-legal compliances, putting the less compliant companies in a legal fix. The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has become even more proactive and stern in this regard. The legislature ensured that all the regulatory compliances are well-covered, including cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity obligations and responsibilities upon the company directors and leaders.

NIST Compliance 

The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable global certifying body. NIST Cybersecurity Framework encompasses all required guidelines, standards, and best practices to manage the cyber-related risks responsibly. This framework is prioritized on flexibility and cost-effectiveness. It promotes the resilience and protection of critical infrastructure by: 

Allowing better interpretation, management, and reduction of cybersecurity risks – to mitigate data loss, data misuse, and the subsequent restoration costs Determining the most important activities and critical operations – to focus on securing them Demonstrates the trust-worthiness of organizations who secure critical assets helps to prioritize investments to maximize the cybersecurity ROI Addresses regulatory and contractual obligations Supports the wider information security program By combining the NIST CSF framework with ISO/IEC 27001 – cybersecurity risk management becomes simplified. It also makes communication easier throughout the organization and across the supply chains via a common cybersecurity directive laid by NIST.

Cybersecurity Compliance Regulation in India – As per Businesses

To ensure the effectiveness of the Indian cybersecurity compliances, the Government has taken several other measures to establish complete cohesion.

CERT-In

The Indian Computer Emergency Response Team or CERT-In, the national nodal agency responsible for prompt responses to the cybersecurity incidents, started official operations back in January 2004. In the latest reforms of the Information Technology Amendment Act, the Indian Computer Emergency Response Team was officially designated as the national agency for cybersecurity preservation. The body acted as the primary task force responsible for: 

  • Alerts and forecasts preventing cybersecurity incidents
  • Defining emergency measures to tackle and mitigate the effects of cyber risks 
  • Collection, analysis, and responsible dissemination of data on cyber threats 
  • Constant coordination of cyber response activities 
  • Issuing best practices, guidelines, and precautions in the public interest for better reporting and management of cyber incidents

More information about the same can be viewed here.

PCI DSS

The prevalence of digital transactions has escalated the cyber risks nation-wide, creating havoc. PCI-DSS regulations apply to all the entities dealing with online transactions. The banking stalwarts, including American Express, Visa, Discover, and MasterCard – joined hands to combat the cyber identity thefts related to credit card frauds. PCI-DSS does not force down any fines or government mandates, but it does standardize all security goals for online transactions. This regulation thrives under positive reinforcement to demonstrate complete adherence to customer data security expectations. However, all companies involved in processing, storing, or transmitting credit card data are recommended to ensure its compliance – to win over customer confidence.

More information can be viewed here.

Reserve Bank of India Act 2018

RBI issued elaborate cybersecurity guidelines that restricted and tested the operations of all urban co-operative banks (UCBs), carefully assessing the evolving IT risk factors. The level of technology adoption and digitization varies across banks and sectors – the RBI Act aims to standardize the security frameworks for all of them. All UCBs need to explicitly jot down their cybersecurity policy, post the approval of their Board or Administrator. Following these guidelines is essential to establish reliable cyber-risk free banking institutions to fight the growing business complexities. While assessing the inherent cyber risks, UCBs should carefully test the adopted technologies, digital products offered, delivery channels, and other external and internal threats. With the nature of risks getting diversified and intensified, the traditional Business Continuity or Disaster Recovery arrangements may not suffice. UCBs need to promptly detect all cyber-intrusions so as to recover/respond/contain the impact of the cyber-attacks.

More information is available here.

IRDAI

In the wake of the escalating cyberattacks on the financial institutes, the Insurance Regulatory and Development Authority of India rolled out a comprehensive cybersecurity framework upholding the security of the insurers. The directives passed by IRDA focuses on the mitigation of external as well as internal threats, preventing cyber frauds, establishing robust business continuity, and risk assessment plan to bolster the backbone of shaping a secured Fintech industry. 

The key focus areas for the insurance industry remains: 

  • Online transaction and messaging frauds 
  • Data leakage 
  • IPR violations risk 
  • Ransomware attack
DOT

The Department of Telecommunication has also tightened its claws on cybercrime, data privacy, and consumer security. The designated officials of TRAI (Telecom Regulatory Authority of India) and DOT have amended the cyber laws, underlying their responsibility towards consumer data – as the most critical online transactions are conducted via mobile phones. TRAI, the telecom industry watchdog, is renamed as the Digital Communications Regulatory Authority of India – with modified and intensified powers. 

The DOT remains to function as an inter-ministerial body, with the telecom secretary as the highest decision-making authority of the nation. The DOT, in collaboration with the IT ministry, prefers a layered consent architecture focusing on secure personal data processing. The companies have limited rights to collect only the required consumer details after stating the purpose of collection. Further, the data can be stored only for as long as it is necessary. 

DOT has confirmed that the internet users will be the final decision-makers on the usage of personal data, topped with their right to withdraw their consent anytime.

SEBI

In 2018 and 2019, SEBI declared meticulous guidelines for organizations falling within its purview, including Depository Participants, Stock Brokers, Asset Management Companies (AMCs), Stock Exchanges, Mutual Funds, Clearing Corporations and Depositories. 

  • Dec 03, 2018: SEBI launched Guidelines for Depository Participants and Stock Brokers. 
  • Jan 10, 2019, SEBI launched Guidelines for Asset Management Companies and Mutual Funds. 
  • Dec 07, 2018, SEBI Guidelines for Clearing Corporations, Stock Exchanges, and Depositories. 

All these guidelines strictly focused on ensuring customer data security and reliability – limiting the rights of all these organizations.

HIPAA

When it comes to cybersecurity concerns, the healthcare industry has always been comparatively slow to adjust. Health Insurance Portability and Accountability Act outlines all prerequisites to prioritize the personal medical history of patients and clients. Medical data of a person is probably the most private one, and HIPAA safeguards it from the vicious hackers and spammers. 

Fortunately, the steps to create a sturdy cybersecurity framework for healthcare organizations are not outlandish. In fact, healthcare organizations can follow simple steps like access limitations, virus control, and firewalls, to stay secure.

More information can be viewed here.

Conclusion:

Cyber space infringement is a battle that we fight on everyday basis. India needs stringent laws and policy in place to combat these issues. The extant legal framework does not sufficiently address the concerns of the sector, and there is an imminent requirement to have a comprehensive legislation in place to address the concerns.

As we choose to stay connected, we are moving towards proliferation and assimilation of larger data sets, interacting with one another (big data, machine learning, Artificial Intelligence, Internet of Things); this opens the entire ecosystem to larger threats from social deviants. It is on the individuals as well as the body corporates to preserve the confidentiality, integrity of data, while ensuring that accessibility to the very data is not compromised on any front. 

As we welcome the impending legislation, companies in the healthcare and the banking & financial services sector are ensuring that they rely on their own technical and organizational security measures to ensure that the data available with them is not corrupted or is subject to any unwarranted and unauthorized access. The proactive vigilance observed by the body corporates and private individuals, is also being supported by the insurance industry, where cyber-security insurances have garnered immense popularity, and are augmenting the lack of an effective legal regime. It is often said that the future is a click away, it is important that the click does not lead to any pernicious portal.

Tags :

complaince, Cybersecurity

Share This :
Categories
breaches

Domino’s India Data Breach 2021

Domino’s India Data Breach 2021

breaches

Dominos Breach

Domino’s is probably the largest pizza delivery company in India which is owned by Jubilant FoodWorks having almost 1400 branches all over India and 18,200 outlets all over the world.

On 16th April 2021, a co-founder of an Israel-based cyber crimes intelligence company found that some hackers had claimed in a post to have more than 13TB of data from Domino’s India which included internal files of 250 employees from IT, Legal, Finance, Marketing, Operations, data of 18 crore orders including order details (name, phone number, email, delivery address with precise latitudinal and longitudinal co-ordinates, credit card details, date and time of orders) from 2015 to 2021.

Hackers had demanded 10BTC, around $550,000 (approx. ₹4 crores) for this database. The hackers also mentioned that they were planning to build a search portal to enable querying the data. 

Request a free consultation for your business

Don’t take your cyber security for granted!

 

Notably, the hackers were ready to pay $1000 to someone who could help them create the search engine. Since nobody responded to hackers’ demand, they put it up publicly on the dark web so that anyone can access it from a search portal. One only needs to enter the mobile number or email address on the search portal and all the information connected to it will be displayed. For now, the credit card details of the people have not been published online. But the hackers claim that they have more than 1 million credit card details and they’ll publicly publish it soon. 

Although Domino’s India confirms the data breach but refuses the claim over the credit card details of customers that the hackers threatened to publish by saying, “No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no information has been compromised.” Who is to be trusted?

According to the sources, the data breach took place on 24th March 2021. The question of the hour is how does the data being published on the internet affects you? This data can be used to scam someone easily. Several scams are often seen that are termed as Phishing, Smishing, Vishing and e-mail scams where the fraudster uses the personal information to fool a user to gain the access over the bank accounts.

Now the question is what can be done to protect the data on individual basis? Following are the few steps which can be implemented to protect the data.

  1. Try to minimise online data.
  2. Try not to use same passwords on multiple websites. Use complex passwords (combination of alphabets, numbers and special characters) or use a password manager if possible. Change your passwords quarterly.
  3. Do not save the credit card details on payment gateways.
  4. Use two-factor authentication when possible. 
  5. Use a VPN service to safeguard your location data.

To check if any of your personal data has leaked in any of the breaches, it is recommended to visit have I been pwned! , Where a user needs to input the email ID or phone number to check if any of the user’s data has been compromised earlier.

 

Tags :

breach, Cyber attacks, cyber incident, Cybersecurity, data breach

Share This :
Categories
breaches

Cybersecurity amidst Covid-19

Cybersecurity amidst Covid-19

breaches

cybersecurity amidst covid-19

Ever since the pandemic began, Marriott suffered a data breach affecting 5.2 million customers, and a ransomware attack forced Honda to shut down global operations. 2020 will be remembered as an year of a pandemic of global health crisis and cybersecurity as well.

Soon after the COVID-19 pandemic was announced, World Health Organization(WHO) has seen a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large.

There are numerous cyber attacks which came into light during this pandemic, Below are a few of them:

  • Marriott released a statement disclosing the information of 5.2 million guests that was accessed using the login credentials of two employees at a franchise property.
  • Twitter Bitcoin scam: Through a social engineering attack, later confirmed by Twitter to be phone phishing, the attackers stole employees’ credentials and gained access to the company’s internal management systems.
  • FireEye and SolarWinds supply chain attack.
  • 500,000 user accounts of zoom were on sale on the dark web.
  • Magellan Health: 8 Magellan Health entities and approximately 365,000 patients were impacted by the attack.
  • Finastra, which provides software solutions to worldwide financial institutions, including 90 of the top 100 banks globally, was the victim of a ransomware attack that disrupted operations and caused it to temporarily disconnect affected servers from the internet.

Now some questions to be answered by organizations, Is your organization’s network protection strategy as successful as it ought to be in the midst of these wild occasions? Furthermore, in case you’re not an employee but rather the owner of a private venture – typically someone with much less sophisticated cybersecurity protection – how does your online security is reliable?

The answer could be to accept the ongoing scenario learn lessons and get ready for what is coming. Cyber attacks will keep on occurring in future and a bitter truth is that they will become more sophisticated and critical.

Fireeye in their “Mandiant Security Effectiveness Report” mentioned that:

53% ATTACKS INFILTRATE UNNOTICED, 68% OF RANSOMWARE ATTACKS UNNOTICED, 91% OF ATTACKS DID NOT GENERATE AN ALERT

 

Organizations, business owners, employees, or individuals need to be aware about data security and privacy. With the surge in wide range of threats, companies should begin by reviewing the basics. Everyone should learn and understand social engineering attacks as humans are the weakest link in cyber security which has no complete patch. Organizations should conduct cybersecurity trainings for their employees on regular basis. Atleast employees should be able to distinguish between malicious and legitimate emails or calls and report them if they seem a bit suspicious, Proper access controls should be put in place too!

Tags :

covid-19, Cyber attacks, cyber incident, Cybersecurity, data breach, data theft

Share This :
Categories
General

Redteaming vs Penetration Testing

Redteaming vs Penetration Testing

General

bluefire redteam

There are various types of cyber security assessments that can be done in order to enhance the security of a given subject but when it comes to redteaming, things get much more intense ,sophisticated and serious .

Redteam Operations

While performing these operation the redteam brings an amalgamation of various aspects of information security to the table. They include Social Engineering ,Open Source Intelligence and deep reconnaissance in their arsenal when approaching targets. The reasons behind redteam’s versatililty is the team members . Members of a typical redteam will be having solid and deep knowledge as well as skills in particular domain in information security and each of them contribute equally to a redteam operation.

When an organization goes for a redteam operation, The team is just a normal user plugged in to their network, The teammates then escalate their privileges and perform lateral movements, The path is not simple as the team encounters various defense mechanisms deployed by the organization which they have to bypass.The redteams are very advanced in the way they simulate an adversary, and are very keen while performing anything in to the target network so that they don’t trigger the defenses and also the blue teams. The more customized we are the less chances of detections.

Redteam Operations realises an organization about the way they detect, respond and prevent a sophisticated attack, This gives an insight to them as in where to focus and learn lessons after completion of such operations, Which are being done in a controlled manner by a redteam.

Redteam vs Penetration Testing

Redteamers or redteams are often viewed under a grey shade due to their way of testing and sophistication. Let’s see how it is different from Penetration testing.

  • The operational approach of pentesting is often target-driven , By stating this we mean to say that the approach of conventional pentesting are often narrowed down based on the target (Web App ,Mobile App ,Networks etc) .
  • In pentesting we often look for vulnerablities ,misconfigurations that can be used for further escalations, As part of the pentest.
  • When it comes to Redteam Operations, The main purpose of a redteam is to stage the attack on a target similar to how an APT(Advanced Persistent Threat) would do and the scope of target of these operations are much larger than pentests.
  • Redteams are often hired by scientific facilities , institutes , corporate , government organizations in order to perform these operations.

Who should go for a redteam campaigns?

Request a free consultation for your business

Don’t take your cyber security for granted!

Our Methodology:

  • Before we could start an engagement, The first thing is having the right mindset inorder to approach the client, Which is an adversary’s perspective.
  • We first start by performing reconnaissance, Which is indeed the most important phase even in penetration testing, With this we identify as much information about the target as possible, Employees working in the assets and much much more.
  • We then try and find a specific vulnerability which could give us an initial access to any of their online assets, This is where it has a very thin line between pentesting and redteaming, This can be used for further escalations, We also go for a series of highly sophisticated social engineering attacks, Because the weakest link are the employees working there.
  • After gaining an initial foothold in their network, Maybe by a sales or an HR person’s system, We then maintain persistence and move laterally in the network, thereby escalating our privileges, So that we get to the most privileged asset where they have the most sensitive data present.

Who should go for a redteam campaigns?

  • Redteam Operation are not only limited to gaining access to sensitive data but also gaining physical access to places in the premises where only authorized persons are allowed, Therefore any organization who is also willing to get their physical security tested along with their present cybersecurity posture tested, Can also go for a redteam campaign.
  • Redteam campaigns are not only for IT companies, It can be performed in organizations/companies with mature security implementations already done, Also a completed Penetration testing which could give an insight about an existing security posture.
  • Having a right security budget and defined scopes are also very crucial, Generally redteams have a broader scope.
Tags :

Cybersecurity, pentesting, redteam

Share This :
Categories
breaches

SITA Breach: Air India Hack

SITA Breach: Air India Hack

breaches

Air india hack

Breaches are not new!, Many companies are potential targets of threat actors and, The same happened with SITA, Which included data breach of many airlines around the globe including Air India, The massive data leak was caused by a “sophisticated cyberattack” on Air India’s passenger service system provider SITA (Société Internationale de Télécommunications Aéronautiques) SITA is based out of Geneva in Switzerland.

On march 4, SITA rolled out a notification on their website about a security incident, In that they confirmed a cyber attack, And highlighted that:

SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers.

Air India then released a notification to the passengers, confirming the breach by writing

This incident affected around 4,500,000 data subjects in the world.

Request a free consultation for your business

Don’t take your cyber security for granted!

 

Now the question is, Do they really lack in their cyber security assessments? Or the way they operate their cyber security is not up to the mark? What I personally think is cyber incidents can happen any time, You never know who is targeting you, You need to be proactive! Also what if you are already hacked and you don’t know? Right assessments are to be performed! , Also in our personal experience, We found enterprises only relying on tools to figure out the right cyber security for them, Remember a tool with the right security guy is helpful in many situations!

Last thoughts:

I hope we learn lessons from such incidents and iteratively look for a better security posture each time.

Tags :

Cyber attacks, cyber incident, Cybersecurity, data breach, data theft, hacking

Share This :