50,362 cyber security related incidents were logged in 2016, says CERT-In

Image Credit: Venture Beat

  09 Feb 2017 , 08:56

Over 50,300 cyber security incidents like phishing, website intrusions and defacements, virus and denial of service attacks were observed in the country during 2016, Parliament was informed today. “As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 44,679, 49,455 and 50,362 cyber security incidents were observed during the year 2014, 2015 and 2016, respectively,” Minister of State for Electronics and IT P P Chaudhary said in a written reply to Lok Sabha.

He added that the types of cyber security incidents included phishing, scanning/probing, website intrusions and defacements, virus/malicious code and denial of service attacks. “With the proliferation of Information Technology and related services, there is a rise in instances of cyber crimes in the country like elsewhere in the world,” he said.

As per the data maintained by National Crime Record Bureau (NCRB), a total of 5,693, 9,622 and 11,592 cybercrime cases were registered during the years 2013, 2014 and 2015, respectively, showing a rise of 69 per cent during 2013 to 2014 and 20 per cent during 2014 to 2015. “This includes cases registered under the IT Act, 2000 and related sections of Indian Penal Code and Special and local laws involving compouter as a medium/target. Similar data for the year 2016 is under collection,” he said.

Also, RBI has registered a total of 9,500, 13,083, 16,468 and 8,689 cases of frauds involving credit cards, ATM/debit cards and internet banking during the year 2013-14, 2014-15, 2015-16 and 2016-17 (upto December 2016), respectively. Further, CBI has registered a total of 87 cases during 2014 to 2016. Out of these 87 cases, charge sheets have been filed in 36 cases, status report filed in copmpettent court in 4 cases, 6 cases were closed and 41 cases are under investigation by CBI.

Besides, 4,699 and 6,266 cases were registered during the year 2014 and 2015, respectively for stalking women (Section 354D IPC) during 2014-15, as per data maintained by NCRB. This is a rise of 25 per cent during 2014 to 2015. The Minister said a total number of 28,481 websites were hacked in 2013, 32,323 (2014), 27,205 (2015) and 33,147 (2016).

“It has been observed attacks are launched through compromised computer systems located in different parts of the world. Masquerading techniques and hidden servers are also used to hide the identity of the actual systems being used by malicious actors,” he said. The attacks are observed to be originating from various countries including China, Germany, Hong Kong, Japan, Malaysia, Pakistan, Romania, the UK, the US, Syria, the UAE and Italy, he added.

PTI

India and US sign memorandum of understanding to continue cooperation in cyber security

  12 Jan 2017 , 09:53

India and the US have signed a memorandum of understanding (MoU) on cooperation in the field of cyber security, an official statement said on Wednesday. “India and the US have signed a memorandum of understanding between the Indian Computer Emergency Response Team (CERT- In) under the Ministry of Electronics nd Information technology of the government of India and the Department of Homeland Security, government of the United States of America on cooperation in the field of cyber security,” the statement said.

The agreement was signed by Aruna Sundararajan, secretary, Ministry of Electronics and Information Technology, and Richard Verma, US Ambassador to India, on Wednesday here. “The MoU intends to promote closer co-operation and the exchange of information pertaining to the cyber security in accordance with the relevant laws, rules and regulations of each economy and this MoU and on the basis of equality, reciprocity and mutual benefit,” the statement said.

Earlier the US and India had signed an MoU on July 19, 2011 to promote closer cooperation and timely exchange of information between the organisations of their respective governments responsible for cyber security. Since, July 19, 2011, regular interactions between CERT-In and US CERT are taking place to share the information and discuss cyber security-related issues.

In continuation to the cooperation in cyber security areas both have renewed the MoU, the statement added.

IANS

Synaptics has announced optical fingerprint sensors for Smartphones

  15 Dec 2016 , 15:28

Synaptics, a human interface solution developer has unveiled “Natural ID FS9100” optical fingerprint sensor family for smartphone and tablets, which is capable of high-resolution scanning through 1mm of full cover glass and enables clean, button-free industrial designs. The FS9100 optical solution excels with wet finger performance, and being protected by glass, is durable, scratchproof, waterproof, and eliminates ESD concerns.

“Synaptics’ FS9100 family of fingerprint sensors represent a new breed of optical fingerprint sensor technology that is designed to meet the needs of mobile devices, including the ability to image through thick 2.5D glass,” said Anthony Gioeli, Vice President, Marketing, Biometrics Product Division, Synaptics, in a statement.

Unlike optical fingerprint sensors used for access control and public biometric identity verification, the advanced FS9100 sensor leverages unique Synaptics optical technology developed for mobile devices and breaks through key technical barriers with an extremely thin form factor and minimal power consumption. Natural ID FS9100 optical fingerprint sensors are designed for placement under the cover glass, including 2.5D glass, located in the front, bottom bezel of devices.

FS9100 optical fingerprint sensors feature Synaptics’ SentryPoint technology, offering OEMs a wide-range of unique and highly secure authentication features including Quantum Matcher with PurePrint anti-spoof technology. PurePrint examines fingerprint images using unique artificial intelligence technology to distinguish between fake and actual fingers, the company said.

Reuters

Nasscom Data Security Council: India can play important role in global cyber security

  15 Dec 2016 , 13:55

India can aspire to build a cyber security product and services industry of USD 35 billion by 2025, generating a skilled workforce of one million in the security sector, in line with the booming global demand, a report by Nasscom-Data Security Council of India today said.

The global cyber security market is expected to reach about USD 190 billion by 2025 from USD 85 billion currently, driven primarily by increasing digitisation wave and smartphone penetration, it said.

“For India to become a global cyber security hub, a list of 16 initiatives has been formulated by NASSCOM-DSCI. These initiatives vary in terms of priority and should be pursued within the next five years,” DSCI CEO Rama Vedashree said.

These include strengthening policy and regulations, developing skilled manpower, enhancing R&D and innovation, formation of clusters and funding startups working on cybersecurity solutions, she added. “An evaluation of global cyber security clusters shows that policy and financing incentives along with opportunities for skill development emerge as pivotal factors,” she said.

These clusters have contributed immensely to the development of the cyber security industry in the respective countries and are important to promote growth of cyber security startups and SMEs as well, Vedashree said.

PTI

Video bloggers will now need a license to broadcast in China

  14 Dec 2016 , 18:39

Video bloggers in China must register their real identities before publishing anything online from January 1, the Ministry of Culture announced Wednesday. All presenters — including amateurs, many of whom have gained enormous fame on the internet — would be compelled to comply with the new regulations in the new year, Xinhua reported.

The Chinese administration has asked online video bloggers to seek operating licenses from the authorities, as well as identify themselves via interviews or video calls starting 2017, said the report. Foreign video bloggers would require special permission, as well as those coming from Hong Kong, Macao and Taiwan.

The new regulation was arrived at after months of censorship on this type of new audiovisual media. The operators of video hosting services “must carry out real-time supervision of performances and keep records of all the shows”, it said. They would also have to create mechanisms for handling “emergencies” such as suspending content that violates the regulations and report any infringement to authorities.

The Chinese Ministry of Culture also announced the creation of a “blacklist” of video bloggers who failed to comply with these regulations in order to “ensure the sector’s healthy and orderly growth”. In recent months, the authorities have suspended video blog accounts and even arrested some of the presenters, claiming that they were broadcasting rude, erotic or violent content.

In April, China removed the online videos of blogger Papi Jiang, who had become famous for her monologues as she joked about daily life in China using sarcastic language. Chinese President Xi Jinping had called for culture and media to be subordinated to the values of the communist regime, which has resulted in high levels of censorship not seen in decades.

IANS

Cyber attacks in China and Hong Kong grew 969% from 2014 to 2016, says survey

Image credit: Reuters

  30 Nov 2016 , 10:53

Cyber attacks on Chinese companies have soared in the past two years, according to a survey, with new technologies that connect household items to the internet and allow them to receive and send data seen as particularly vulnerable.

The average number of cyber attacks detected by companies in mainland China and Hong Kong grew 969 percent between 2014 and 2016. The number of attacks averaged more than 7 a day for each of the survey’s 440 China-based respondents – around half of the global average of 13.

However, the average number of attacks fell by 3 percent globally over the last two years, and 30 percent since 2015, in contrast to the rise in China.

China’s rapid adoption of new consumer and industrial technology for the ‘Internet of Things (IoT)’ era may be part of the reason. PwC said such connected devices are the leading targets of cyber-attacks.

“IoT devices in general have not paid attention to cyber security,” said Marin Ivezic, a partner on cyber security at PwC in Hong Kong.

“In China and Hong Kong … we have more adoption than anywhere else in the world,” he said, noting China was also one of the biggest manufacturers of these items.

Chinese-made connected home devices such as webcams with security loopholes that gave way to botnet malwares were blamed by security researchers for a massive cyber attack in the US last month that temporarily paralyzed major internet sites.

The Chinese companies surveyed had cut their cybersecurity budget by 7.6 percent in 2016 compared with flat global spending. Thirty four percent of them identified competitors as a source of attacks, a rate higher than anywhere else in the world.

The PwC survey does not track the country of origin of the attacks, which Ivezic said is “almost impossible”. The drop in the global number of cyber attacks did not reflect a safer environment, he said, but was rather the result of more sophisticated cyber criminals who more selective in who they targeted.

Reuters

Symantec Corporation announces new AI-powered “Symantec Endpoint Protection 14”

Image Credit: Symantec

  10 Nov 2016 , 14:30

Leading cyber security company Symantec Corporation on Wednesday announced “Symantec Endpoint Protection 14” — powered by artificial intelligence (AI) on the endpoint and in the cloud for better security. The “Endpoint Protection 14” is the industry’s first solution to fuse essential endpoint technologies with advanced machine learning and memory exploit mitigation in a single agent, delivering a multi-layered solution to stop advanced threats, the company said in a statement.

The solution delivers protection in a lightweight package, building on industry-leading 99.9 percent efficacy, low false positives and a 70 percent reduced footprint over the previous generation through new advanced cloud lookup capabilities.  “Multi-layered protection, enabled by AI, backed by the world’s most powerful threat intelligence force and powered by the Cloud, this is literally the smartest choice in endpoint technologies,” Tarun Kaura, Director, Solution Product Management, Asia Pacific and Japan of Symantec, said in a statement.

This comes right after the company exceeded its revenue estimates in the earnings report released on November 3, 2016. According to the company, the acquisition of Blue Coat along with continued growth and expansion in enterprise security market has helped the company surpass the earning projections.

With inputs from IANS

US Congress lawmakers ask for clarification on new hacking rules

Image Credit: RT.com

  28 Oct 2016 , 13:20

A bipartisan group of lawmakers in the U.S. Congress on Thursday asked the Justice Department to clarify how a looming rule change to the government’s hacking powers could impact privacy rights of innocent Americans.

The change, due to take place on December 1, would let judges issue search warrants for remote access to computers located in any jurisdiction, potentially including foreign countries. Magistrate judges can normally only order searches within the jurisdiction of their court, which is typically limited to a few counties.

“We are concerned about the full scope of the new authority that would be provided to the Department of Justice,” 23 senators and representatives wrote to Attorney General Loretta Lynch.

The Supreme Court in April approved amendments to Rule 41 of the federal rules of criminal procedure that would allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.

Those amendments will take effect on December 1 of this year unless Congress passes legislation that would reject, amend or postpone the changes. Some lawmakers, led by Democratic Senator Ron Wyden of Oregon, have introduced legislation that would halt the changes, but it has yet to gain much traction.

In their letter, the lawmakers asked how the government would prevent under the expanded rule so-called “forum shopping,” where prosecutors seek warrants in districts considered more favorable to law enforcement.

They also asked how the Justice Department intends to notify users when electronic devices have been searched and whether law enforcement has the authority to disable malicious software on a protected device, including those belonging to innocent Americans, among other questions.

The Justice Department has worked on Rule 41 changes for years, arguing they are procedural in nature and necessary to keep pace with criminal threats posed by evolving technology.

Civil liberties groups and some technology companies, including Alphabet Inc’s Google, have said the changes could allow for searches that run afoul of privacy rights. The Justice Department is reviewing the lawmakers’ letter, which asked for a response within two weeks, spokesman Peter Carr said.

Reuters

Comedian Leslie Jones lashes back at hackers in “Saturday Night Live” over recent celeb hacks

  24 Oct 2016 , 15:02

A day after hackers unleashed an attack on some of the world’s best-known websites, comedian Leslie Jones weighed in on cyber-security in a commentary on “Saturday Night Live,” saying cyber criminals could put their talents to far better use than hacking celebrities. Jones, whose own website was hacked in August resulting in nude photos and personal information including her passport and driver’s license being posted, offered her perspective during her recurring gig as an impassioned contributor to the weekly comedy show’s “Weekend Update” news segment.

“I am very comfortable with who I am. I am an open book,” Jones declared, noting “I keep my porn in a folder labeled porn.” “If you wanna see Leslie Jones naked, just ask,” the comedian added, in what one Twitter user, an entertainment website editor, said may have been Jones’ “finest SNL moment.” After starring in the “Ghostbusters” film this summer, Jones briefly quit Twitter because she was bombarded by racist and abusive comments.

“If I was good at computers, I wouldn’t waste it trolling on people,” Jones said. Instead, “I would do something useful, like renew my driver’s license from home. I would hack into Tinder and delete all those other girls’ profiles, so no matter where you swipe, you get me.”

Adopting a seemingly more serious tenor, Jones scolded hackers by saying “If you want to hurt anybody these days, you’re going to have to do way more than leak their news or call them names. You can’t embarrass me more than I have embarrassed myself.”

“At a certain point you got to stop being embarrassed and just start being you, and I have been me for 49 years. Because the only person who can hack me is me,” she vowed, adding: “My firewall is a crazy-ass bitch with a shovel.”

Reuters

Microsoft focussing on cybersecurity investments in India

By tech2 News Staff /  21 Oct 2016 , 15:39

Microsoft India had launched a full-scale Cybersecurity Engagement Center (CSEC) in India. Located in Delhi, Microsoft says it will be first-of-its-kind center to bring together the company’s capabilities to foster deeper cybersecurity collaborations with public and private sector organizations to create a secure computing environment.

It already had a pilot project for about a year and over the last 12 months, the Microsoft cybersecurity engagement team says it met with over 100 organisations in India. And, based on those conversations, it has observed three common IT environment challenges for cybersecurity namely, unmanaged and unregulated IT assets usage, procurement and maintenance; poor knowledge of cyber hygiene among users within organizations; inability of companies to timely monitor, detect and remove cyber threats.

The CSEC in Delhi becomes the seventh center in the world and it is also said to function as a satellite to the company’s Redmond Digital Crimes Unit (DCU). Besides, the company has also rolled out a nationwide campaign to

Avast may further look to expand business after AVG integration says CEO

#AVAST

  01 Oct 2016 , 11:47

Avast Software, maker of the world’s most popular computer antivirus program, will need a year to absorb its $1.3 billion buy of rival AVG but may seek further acquisitions before an expected flotation, its chief executive said in an interview. Prague-based Avast closed its purchase on Friday of AVG Technologies, another software firm with Czech roots specializing in consumer security.

The combined company will have over 400 million users and 40 percent of the consumer computer market outside of China. While Avast will delist AVG shares, it has its own plans to eventually offer shares, maybe as soon as 2019. Before that, it must fully integrate AVG and will then look at mid-tier acquisitions for its push into mobile and, possibly, to expand its small- and medium-sized business offering.

“We have to digest AVG first and that is going to take us pretty much all of 2017 to really integrate. Then we will look at expanding the business after that,” Avast CEO Vincent Steckler said. “If we do something else to bulk up the company it would be substantive and I expect it would be in the hundreds (of millions of dollars).” Avast had long sought to tie up with AVG, which also started around 25 years ago as then-Czechoslovakia shifted to free markets after decades of communism.

The new Avast, which will still offer both brands, will have combined revenue of more than $700 million in 2016. The bulk of that will come from its consumer products, but it wants to grow its income from the mobile and business sectors. The tie-up, the biggest deal in company history, will give Avast heft to compete with the likes of Microsoft or McAfee, part of Intel Security.

Steckler said the company would avoid recognizable names when it seeks acquisitions in future but said potential targets would be bigger than start-ups. He said future deals would look at growing the company’s mobile business outside the United States, where it already has a good presence. On the business side, it could concentrate on adding network security solutions.

Reuters