The heartburn over Heartbleed

Written by Kirtika Suneja | Updated: Apr 28 2014, 06:43am hrs
HeartbleedIndia turned out to be one of the most vulnerable countries when it comes to cyber crime.
The size and scope of breaches is exploding, putting the trust and reputation of businesses at risk, and increasingly compromising consumers personal information from credit card numbers and medical records to passwords and bank account details. The Heartbleed virus has placed millions of internet users personal information at risk; it has impacted many Indian websites too

Even as the catastrophic Heartbleed virus became a global threat early this month for online users, India turned out to be one of the most vulnerable countries when it comes to cyber crime and online scams like phishing, trojans and malware attacks.

As per RSA, the security division of EMC, India emerged as the top

nation in APAC region in terms of phishing attacks by volume closely followed by Australia and China. Estimated loss in India from phishing attacks stood at $225 million. Globally, loss due to phishing attacks was close to $5.9 billion which is significantly higher than $1.5 billion loss in 2012. The total number of phishing attacks in 2013 stood at 448,126 as against 445,004 the previous year.

Brands in the US, UK, India and Canada were targeted by almost 57% of phishing attacks in the first half of 2013. USA and Canada remained the most targeted countries by phishing attacks in 2013 with a total of 63% of the phishing attacks directed at them.

Attackers today are using sophisticated techniques to bypass defenses with many of these sophisticated attacks aimed at data, not dollar signs. Malware attacks today are becoming increasingly sophisticated and are able bypass existing security systems, with the shooting-in-the-blind approach of generalised mass spam emails being abandoned in favour of more targeted attacks.

When it comes to mobile malware infections, Kaspersky Labs said that India received more than 5% of the total attacks. In fact, the deadly Heartbleed bug impacted many Indian websites with a .in domain and more than 611 websites under were vulnerable, as per TrendMicro. It is a direct threat to confidentiality, says Arbor Networks.

The main reason and possibility of the bug affecting the smartphone is that the mobile apps are also connecting to online servers and services to complete various functions, said Dhanya Thakkar, MD, Trend Micro (India & SEA).

It is a new kind of computer virus which exploits the vulnerabilities in the internet. It helps in accessing the usernames and passwords stored on the internet illegally. Heartbleed causes immense memory handling errors as sensitive personal data gets compromised, explains Pavan Duggal, advocate, Supreme Court of India.

Termed as a catastrophic bug, the Heartbleed virus allows hackers to sniff private information of users from the protocol on which the internet works. Though large scale phishing and vishing attacks have been prominent in the past, Duggal says that the attacks of this virus are dramatically different from the others as it discovered a leaking hole in the pipeline of the internet and it directly impacts the privacy of people.

Heartbleed equally affects client software such as Web clients, email clients, chat clients, FTP clients, mobile applications, VPN clients and software updaters, to name a few. In short, any client that communicates over SSL/TLS using the version of OpenSSL is open to attacks.

As per Amit Nath, country manager, India & SAARC, F-Secure Corporation: Critical security vulnerability Heartbleed has affected nearly every company dealing with security software on earth. The vulnerability could allow an attacker to read exactly the kind of information we work hardest to protect -web server private keys and user passwords.

For everyone who uses the web, Nath emphasises the use of strong passwords that are specific to each account. If you have been using the same password for different services, you should update these now whether they are for F-Secure services or not. Using unique passwords for all of your most important accounts is crucial. If you are sick of remembering dozens of unique, strong passwords, you can use a simple password manager such as F-Secure Key.

If this vulnerability is misused, then portions of it can get covered under section 66 of the Information Technology Act. However, this is a bailable offense with three years imprisonment and a fine of R5 lakh. Besides, one can seek damages under compensation if the criminals identity is known under section 43 of the Act. Hence, we need to adopt cybersecurity as a way of life, Duggal adds.