The big bad world of phishers!

Phishers over the last few years have redoubled their efforst to dupe innocents of their hard earned money

Idhries Ahmad

NEW DELHI, INDIA: As I logged into my ICICI online bank account to check whether my salary has been credited or not, I had a strange eerie feeling that some thing was not right.

The page design looked same as it looked every time I opened it in Microsoft Internet Explorer. The frames were correct, the logos and colours were all right but something was a miss. Some thing was not right. Some thing was phishy.

The ICICI Bank’s online URL, though visibly correct, was showing too many characters to my liking. The digital signature supposed to be present on right bottom hand side of page was not there. The words of Patrick Runald, F Secure’s senior security consultant, quickly hit my mind.

This isn’t a genuine ICICI website!

“Hundreds of fake domains are being created using the names of prestigious banks and their only idea is to steal money right under your nose,” Patrick had said.

He had added URLS of all the prestigious banks in India are being faked hundreds of times everyday and at F secure centre at Singapore tracks hundreds of such cases every day. Continue reading

Regulatory, security concerns drive Enterprise IdM market

Indian enterprises slowly waking up to Identity and Access Management solutions

BANGALORE, INDIA: The Identity and Access Management (IdM) market is one of the fastest growing, as indicated by industry analysts such as IDC, Gartner, Radicati Group, Burton Group, etc.

According to the Radicati Group, the IdM market, with all of its segments, will grow to over $8.5 billion by 2008. In Asia Pac, the Identity Access Management market is likely to reach $573.7 million by the end of 2012 from $160.7 million in 2005.

Identity and Access Management, as Frost and Sullivan defines it, is: “The process of managing authentication, access rights, privileges and administration of digital users.”

It is the process where all the different elements or technologies that make up the solution play a key role in the successful management of digital users or identities. Continue reading

‘IdM solution have become a must have for enterprises’

Persistent Systems has been very active in the Identity Access Management space for some time now and company’s service offering Identityware that enables Independent software/product vendors to interoperate with the Identity Access management is gaining traction among enterprises.

In an interaction with me, Sameer Karmarkar, Product Manager, Identity Aware, Persistent Systems, talks about the concept and technologies involved in Identity Access Management and IdM market globally with special reference to India.

“IdM solution is a must have for enterprises for it not only secures the enterprise but also enables enterprises to adhere to regulations, bring in accountability and auditability”, says Sameer.

He and Muneer Taskar, Director Sales, Persistent Systems, Inc also gives a insight into the security preparedness in Indian enterprises and also have a word or two for CIOs as to how to justify their investment in Identity Access management. Continue reading

“Firewalls will soon be history”

A must have for enterprises to tackle security threats, firewalls will soon be thing of past, contends Foundry

Firewalls and security software products are a must for enterprises to help them deal with the deluge of attacks from spammers, hackers and viruses. However, deploying firewalls and other security software products in enterprises, will soon be thing of past, forecasts Chandra Kopparapu, vice-president sales, Asia Pacific, Foundry Networks.

“If I need a firewall and a switch, why do I need separate boxes for them? Why can’t someone make a single box that has both?” asks Kopparapu.

Drawing an analogy with a one-arm router, Kopparapu says that companies in past made a lot of money and a lot of products around a one-arm router. “But not anymore. The same thing will happen with firewalls”, contends Kopparapu.

Read More on “Firewalls will soon be history”

Hackers prowl in packs

Unholy nexus exists between spammers, phishers and bot masters

Cyber attacks have come a long way. From amateurish attacks in the early 2000s, when hackers attacked to gain quick fame and make world stand up to their hacking prowess, present day cyber attacks have become sophisticated and deadly.

Fame has taken a back seat and money, big bucks, is now every hacker’s ultimate goal.

The attack on major banks and enterprises recently point out to the level of sophistication of modern day hackers, who use spamming, phishing and botnets (Tens of thousands of compromised PCs), to make their attack huge successes.

I caught up with Prabhat Kumar Singh, director, Security Response, Symantec, to explain me this nexus between spammers, phishers and bot masters and how all of them are working together to inflict heavy losses to enterprises across the world.

Singh, a veteran in security domain with extensive experience in designing and developing security solutions, also explains the reasons for the recent spurt in image and PDF spamming, and how the new methods are being used by hackers to bypass anti-spam tools.

We now don’t hear of mass mail attacks by hackers on a global scale like the ‘I Love you Virus’ in 2000, when PCs across the world got affected and resulted in $2.6 billion losses worldwide. So can we presume the days of mass mail attacks are over?

Prabhat Kumar Singh: I would say no. Attacks by hackers on global scale still happen. Only they have become more organized and are being strategized in a very controlled manner.

Read more on Hackers prowl in packs

Bank of India’s website now safe

The website of Bank of India, which was breached on Friday morning and was serving malware is now safe. However the site was still offline for visitors at the time of filing this report.

The attack initially reported by SunbeltBLOG, had reported that Bank of India’s website was “seriously compromised” and attempts were made to load multiple pieces of malware which were different password stealing Trojans.

The attack was the handiwork of Russian Business Network (RBN), an underground criminal gang in Russia responsible for many attacks in the past.

Read rest of Bank of India’s website now safe


Bank of India breached

Expert advises bank customers to stay away from the website for the time being

Bank of India website has come under attack and is serving malware. The attack reported by SunbeltBLOG reports that Bank of India was “seriously compromised” and attempts are being made to load multiple pieces of malware.
Confirming the attack, senior security specalist, FSecure, Patrick Runald, says hidden iframe have been inserted on the front page of the site which is loading URL from another website. This file in turn uses three iframes to load three other URLs

Read More on Bank of India Breached

Increase in cyber attack against home users

Latest report from security software vendor Symantec today warned home users against cyber attackers  who had doubled their ‘evil’ designs to hack personal computers for theft, fraud and other financially motivated crimes.

“Home users have very poor established security measures in place,” the report said, thus making them the most targeted group, accounting for 86 per cent of all attacks, followed by financial services businesses.

The Symantec Internet Security Threat Report released here said that attackers are now using a variety of techniques to escape detection and prolong their presence on systems in order to gain more time to steal information

 Read More on  Increase in cyber attack against home users

Organisations face serious threat from within

Contrary to common belief, insiders rather than external hackers pose the most serious threats to an organisation’s assets. This is because insiders have extensive knowledge about their environment, ample opportunity and probably access to resources, and often motivation stemming from impending layoffs or, in their eyes, lack of recognition and reward, says Hugh Penri Williams , Chief Information Security Officer (CISO) at Alcatel and Chairman Information Security Forum.

Hugh is a veteran in IT security domain with close to 30 years experience in information security, with particular interest in financial, operational and information systems audits and special investigations including fraud.

In an exclusive interview with me, Hugh gives insights about the ISF, the security threats confronting enterprises and the role of CISO.

Excerpts from interview

 

Open environments invite hackers

The all-pervasive networking environment has an inherent risk of making enterprise network vulnerable to disruptive elements resulting in financial losses and legal liabilities

BANGALORE, INDIA: Open and collaborative working environments help enterprises to scale up their operations and improve upon their productivity but also expose the enterprise networks to external world of hackers and crackers.

This was the stated by J. Pazhamalai general Manager, Information Risk Management and Policy Compliance, Wipro Technolgies. J. Pazhamalai was speaking at the Frost & Sullivan conference on advancements in technology behind Web security. The conference aimed to address the concerns of Indian CIOs towards threats emanating from the web.

Read More on  Open environments invite hackers