Cyber extortion: New crime on the block

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://timesofindia.indiatimes.com/tech/tech-news/Cyber-extortion-New-crime-on-the-block/articleshow/49038656.cms

When a managing director of a popular ice cream manufacturing company in
the city opened his computer recently to access his company's database, he
saw a message that startled him. "Pay $1,000 to get your data back and do
the payment in Bitcoins."

The perplexed MD tried to refresh and restart the machine, but the message
kept repeating. Most of the company data had been encrypted, cutting off
his access to it. In short, the database had been hacked and the hackers
were demanding money to decrypt the data.

The new trend of 'cyber extortion' has the cyber crime wing of the
Hyderabad police on tenterhooks. "An incident of data being kept hostage
was first reported a year ago. At that time, we did not take it seriously.
But when another victim came with a similar complaint in late July, we
realised that it's a new modus operandi," assistant commissioner of police
(Cyber Crimes) B Anuradha told TOI. "The victims could not access their
data as it was controlled by the hackers," she explained.

It was found that hackers were penetrating the weak security systems of
several companies and demanding payment in Bitcoins, which the police are
now terming as the hawala system of cyber space.

Also in the recesses of the world wide web are several rogue websites that
are putting up for sale the confidential information belonging to
individuals. The information sold can range from email IDs to Aadhaar and
bank account numbers.

"The personal information of people is getting leaked by unscrupulous
employees of banks, who are approached unofficially by those looking for
prospective customers. Data sharing is invaluable for improving businesses.
But in several cases, the information is put up for sale for a few lakhs of
rupees and is bought by organised gangs indulging in various kinds of
frauds," a cyber police officer said.

By feeding the data into the easily-available 'brute force' software tools,
fraudsters generate various possible passwords against an email id or bank
accounts in under a minute. Once the accounts are hacked, financial fraud
like illegal money transfer is readily done.

One of the most common frauds being committed by hackers is to misguide
business partners by sending emails from similar looking email ids and
asking them to transfer money to new accounts.

"Corporates and individuals should always maintain upgraded operating
systems, firewalls and advanced anti-virus softwares to protect data from
intrusion. One should avoid using unlicensed, pirated, free anti-virus
tools available on the web, since many of them are not foolproof.
Corporates should have a periodic cyber audit to avoid data hacking. Never
open unsolicited mails or invites on social media," joint commissioner of
police (CCS), T Prabhakar Rao, told TOI.

He also suggested that users should always have passwords that are
complicated and not predictable like names of family members.

Do's and don'ts:

* Never open or respond to unsolicited emails or invites on social media

* Do not download free mobile apps that offer free talk time

* Default password given by telecom service providers must always be changed

* Do not use pirated operating systems or rely on free anti-virus
softwares. Buy advanced tools

* Erase the three digit number on the rear side of the debit or credit card
and write it some where

* Use complicated passwords for all online accounts

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!