Traps on the internet

Written by Sudhir Chowdhary | Updated: Sep 23 2013, 07:59am hrs
Picture this. An executive assistant to a vice-president at a multinational company receives an email referencing an invoice hosted on a popular file sharing service. A few minutes later, the same administrative staff receives a phone call from another vice-president within the company, instructing her to examine and process the invoice. As soon as the invoice is processed, a cybercriminal takes control of the executive assistants infected computer and siphons the funds. The company was Francophonedthe invoice was a fake and the vice-president who called the assistant was an attacker.

This is how it happened. The supposed invoice was actually a remote access Trojan (RAT) that was configured to contact a command-and-control (C&C) server located in Ukraine. Once the systems were infected with the RAT, the attacker retrieved identifying information, including disaster recovery plans, of the organisations bank and telecom providers, its points of contact with both providers and its bank and telecom account data.

Using this data, the attacker was able to impersonate a company representative and called the organisations telecom provider. They proved their authenticity to the telecom provider, claimed that a physical disaster had occurred and said that they needed all of the organisations phone numbers to be redirected to attacker-controlled phones.

Immediately following the phone number redirection, the attacker faxed a request to the organisations bank, requesting multiple large-sum wire transfers to numerous offshore accounts. As this was an unusual transaction, the bank representative called the organisations number on record to validate the transaction. This call was redirected to the attacker who approved the transaction. The funds were successfully transferred to multiple offshore accounts, which were subsequently laundered further through other accounts and monetary instruments. Operation Francophone accomplished!

In May this year, 2013, IT security firm Symantec published details on the first attacks of this type targeting organisations in Europe. Further investigations have revealed additional details of the attack strategy. Francophoned is an example of how cybercriminal operations are becoming increasingly sophisticated, a trend that is likely to continue in the future.

If the above mentioned terminology has left you dumbfounded, heres another one which will make you sit back and think on the perils of leading a connected lifestyle. We are talking about ransomware, an evolved form of malicious software which disables your devices functionality and demands a ransom in order to restore the computer to its original state. In other words, its a cyber version of kidnapping for money. Pretty scary isnt it

To add legitimacy and criticality, the recent variant uses law enforcement imagery to the warning messages. The malware uses geo-location services to determine the location of the device and then, after locking the device displays a message appropriate to that country. The message usually claims that the user has broken the law by browsing some illegal material, says Shantanu Ghosh, vice-president & managing director, India product operations, Symantec.

The bad guys see mobility as their next target, while traditional IT isnt paying attention to mobile malware yet. In June this year, Symantec had tracked some initial traces that scammers went beyond computers to target the Android devices using fake apps that locked up devices just like ransomware. Early this month, Symantec confirmed this trend has taken a bigger and more realistic turn as scammers are using social engineering tricks to lure users to download apps and run FakeAV which results in the user being locked out of the device. This discovery confirmed earlier predictions that ransomware would evolve and arise on new platforms, such as mobile devices.

At least 16 different versions of ransomware have been identified over the past year and a half. Each version is not an upgrade from a previous version, but rather a unique variant, associated with a separate gang. These gangs have independently developed, or bought, their own different version of ransomware. The gangs are not new to cybercrime; they have been associated with other threats and scams in the past such as banking Trojans and rogue anti-virus programs. Ransomware has now become a more lucrative enterprise for them, informs the Symantec India head.

It is beyond any doubt that mobile devices have enabled users to lead a digital lifestyle today, wherein personal as well as professional functions are seamlessly carried out using these devices. As per a recent comScore report, Indias internet population witnessed a 31% increase to 73.9 million users, making it worlds third-largest internet population in terms of numbers. In fact, internet usage preference is expected to move from PC to mobile devices. And according to the latest IDC report, India saw a 166% rise in smartphone sales in Q2 2013 when compared to Q2 2012. Therefore, it is evident that mobile devices would become a preferred platform for users to consume data. Therefore, for cybercriminals it is a logical move to follow the consumer preference and given the rise in mobility, cybercriminals would resort to targeting mobile platforms for such attacks, says Shantanu Ghosh.

It was also established according to Symantecs Norton Cybercrime report 2012 that a notable percentage of users choose not to use mobile security even though they are addicted to their mobile devices and often have lost their mobile devices or had it stolen. Therefore, mobile devices become more vulnerable than ever for cybercriminals to effortlessly plot cyber-attacks. Additionally, as the trend of bring-your-own-device (BYOD) is on the rise, such cyber-attacks have an added advantage of capturing business information in addition to personal information. For employees who are always on the move, their mobile devices are as good as their PCs and mission critical business information tends to reside on their devices for a longer span. Buoyed by enterprise apps, peer-to-peer file sharing and downloads within the network, the opportunity for cybercriminals to plant ransomware is enhanced to a great extent. The motivation here is would be financial gain and access to confidential information simultaneously.

Every time there is an event of national or international interest, phishers and spammers get into immediate action. The objective of cyber criminals is to capitalise on internet user curiosity and defraud them of sensitive information, passwords, credit card details, and bank credentials. They keep an eye on the latest news from around the world and convert hot news headers into domain names.

One such example is the domain name, which was registered in July by a registrant from Panama. The name chosen by spammers was based on the big news from the UK, the birth of future king. While the world was celebrating, spammers tried to take advantage of the event.

According to security firm McAfee, with income tax e-filing of tax becoming mainstream, there are exponentially more opportunities for private information to be compromised. It may be recalled that the Central Board of Direct Taxes (CBDT), the administrative authority of the Income Tax department, had recently extended the deadline for filing returns, both manual and electronic, to August 5. As soon as e-filing picked up pace due to last minute rush, cyber criminals were busy using phishing e-mails and fake advertisements to steal confidential financial data of users.

A recent Trend Micro report also warns users about the increasing hazards of online banking. It says that the online banking malware saw 29% increase in Q2, 2013 from the previous quarterfrom 113,000 to 146,000 infections. Online banking threats are spreading across the globe and are no longer concentrated in certain regions like Europe and the Americas. We found an online banking malware that modifies an infected computers HOSTS file to redirect a customer of certain banks to phishing sites. We also saw more Citadel variants (detected as ZBOT) targeting different financial service institutions. These malware not only target the big banks but also smaller ones, including those that exclusively cater to online banking customers. As predicted, cybercriminals carried out developments in malware distribution and refinement for existing tools, says Dhanya Thakkar, managing director, India & SAARC, Trend Micro.

More online banking threats were seen in different countries this quarter, specifically in Brazil, South Korea, India and Japan. These highlighted the need for increased awareness of online banking security. Cybercriminals also came up with more diverse attacks that used various social engineering lures, single sign-on (SSO) and multi-protocol services, and blogging platforms for their malicious schemes.

Of course, there are things that you can do to keep your information and protect yourself from cybercriminals.

According to IT security firms, internet as well as mobile phone users should exercise caution while handling unsolicited or unexpected emails, and ensure the legitimacy of websites while surfing and transacting with them. Dont ever give out your personal information in response to an email, a website you have come to through an external link, or a pop-up screen that appears on a real website. Also, dont respond to strange messages or click links.

According to the Symantec India MD, users should always password-protect their mobile devices with unique and strong passwords to prevent valuable information from being stolen and never store financial information on the device. One should also avoid using unsecure or open Wi-Fi networks to access the internet on their mobile devices. Its equally important for users to check alerts and suspicious notifications from unknown sources via emails, text messages and applications. These might contain links that download malware onto mobile devices or require submitting personal information.

Follow these steps and you can make your Web journey safer.