Cyber Security Archives -

pradeep@brainguru.in +91 9810953232

Category: Cyber Security

‘Storing away data in more nations debilitates protection, security spread’

March 8, 2019 Awdhesh singh 0 Comments

Facebook has taken an extreme remain against putting away information where it works as the organization’s prime supporter and CEO Mark Zuckerberg on Wednesday sketched out another course for the long range interpersonal communication mammoth, which additionally possesses Whats App and Instagram. Facebook, which has been entangled in debates over abuse of client information in decisions, as far as advancing viciousness, said it is happy to be obstructed in a couple of nations.

“There’s an essential contrast between giving an administration in a nation and putting away individuals’ information there,” Zuckerberg composed on the organization’s site. He included that Facebook has picked “not to construct server farms in nations that have a reputation of disregarding human rights, similar to protection or opportunity of articulation” as “it could make it less demanding for those legislatures to take individuals’ data.”

While Zuckerberg did not make reference to anything about India or a particular nation, he included that “putting away information in more nations likewise builds up a point of reference that encourages different governments to look for more noteworthy access to their resident’s information and thusly debilitates protection and security assurance for individuals around the globe.”

Zuckerberg’s announcement comes when Indian government is really busy administering a few arrangements like Personal Data Protection Bill, 2018 and Draft E-trade Policy, which require organizations like Facebook, Google, and Amazon to store touchy information of Indian clients in the nation. Facebook’s arrangements to dispatch installments inside its Whats App informing administration hit an obstacle a year ago when RBI turned out with information localization standards. Facebook is relied upon to be consistent with the standards in the next eight-to-nine months. What’s App has opposed requests by the administration to empower detect-ability of messages to check gossipy tidbits.

“Facebook is encompassed by campaigning and information burglary discussions. Imprint’s announcement demonstrates a subtle provocation to Indian officials, will’s identity intensely subject to Facebook and What’s App in the up and coming general decisions,” said Virag Gupta, legal advisor, and digital master. Gupta has likewise been instrumental with late court procedures of What’s App in India, which was recorded by the Center for Accountability and Systemic Change(CASC) a year ago.

Whenever reached, a Facebook India representative declined to remark on the ramifications of the Zuckerberg’s announcement for India. At this moment Facebook does not have a server farm in India but rather has one in Singapore.


Biggest Cyber Attack of India Tecnimont loses 130 crore through eMail

January 11, 2019 Pradeep Agrawal 0 Comments

Biggest Cyber Attack of India Chinese fraudsters has reportedly siphoned off Rs. 130 crore through eMail from the Indian arm of Italian company Tecnimont SpA by taking native managers into confidence that the cash was needed for a buying deal, one in all the most important cyber heists within the country.

Currently being termed jointly of the most important cybersecurity breaches within the country, the Indian arm of the Italian company, Tecnimont SpA has been hit by a cyberheist of Rs. 130 crore.

The Chinese hackers sent emails to the Indian arm, impersonating because the cluster chief executive officer, asking to transfer cash required for a buying deal, and were convincing enough to form them believe that the cash couldn’t are transferred through Italy thanks to restrictive problems.

As email is that the largest vector of communication for any enterprise around 93% of cyber attacks as well as information breaches, ransomware, malware and cyber heists like this one started at the Human Layer wherever the worker wasn’t able to differentiate a phishing email to a real one.

The tech-savvy criminals sent emails to the chief of Tecnimont Pvt Ltd, the Indian subsidiary of Italy-based Tecnimont SpA, through Associate in a Nursing email account that appeared misleadingly like that of cluster chief officer (CEO) Pierroberto Folgiero.

The report mentioned that the hackers then organized multiple conference calls to speak a few doable “secretive” and “highly confidential” acquisition in China. As per the criticism lodged by Tecnimont Pvt Ltd to the Bombay Police’s crime unit, a lot of individuals compete varied fallacious roles throughout these telecommunication conferences, concealment behind fakes identities, pretense to be the cluster chief executive officer, a position Switzerland-based attorney and alternative senior members of the corporate.

The hackers persuaded the Bharat chief that the fund couldn’t be sent from Italy as a result of sure restrictive problems. He then transferred the cash in 3 tranches throughout one week in Nov. the cash that was sent — USD five.6 million, USD 9.4 million and USD three.6 million — from Bharat to the banks in the city was taken out, inside a couple of minutes. The impostors tried for a fourth transfer, however, by then the fraud had been unearthed. In Dec, it became obvious once Tecnimont SpA chairman El Caudillo Ghiringhelli visited Bharat, the report mentioned.

The hackers conjointly organized a series of conference calls throughout this method, impersonating as representatives of the cluster chief executive officer and an attorney talking concerning a buying deal arrange in China that created the chieftain believe additional firmly into this story.

The money daily quoted a senior govt attentive to the matter as locution that rhetorical scrutiny was done by the firm. conjointly hiring a Mumbai-based law company, the report mentioned that the US-based security firm Kroll is additionally trying into the matter.

#CyberSecurity #Tecnimont


Data Privacy And Cyber-security Issues In Mergers And Acquisitions

November 27, 2018 Pradeep Agrawal 0 Comments

Data privacy and cyber-security issues play a progressively prominent role when evaluating a possible company merger or acquisition target. Knowing a way to manage these issues might mean the difference between a mergers and acquisitions ( M&A ) transaction and one that quickly turns into a liability nightmare for the customer. As data privacy, cybersecurity, and data breach risks are necessary due diligence problems in mergers and acquisitions. Post-acquisition discovery of security issues and even notifiable breaches could be a way too common situation.

Verizon’s acquisition of Yahoo in February 2017 provides a recent, high-profile example. Verizon ultimately determined to move forward with the acquisition, even after discovering that Yahoo had suffered 2 huge data breaches, compromising over one billion user accounts. The foremost extremely publicized example of a merger or acquisition-related cybersecurity downside was Verizon’s discovery of a prior data breach at Yahoo! When having executed an acquisition agreement to acquire the corporate.

Over a third (40%) of acquiring corporations engaged in a very merger and acquisition dealings aforesaid they found a cybersecurity downside throughout the post-acquisition integration of the acquired company. Thus, 80th of respondents aforementioned that cybersecurity issues became extremely necessary within the M&A due diligence method whereas 70th of respondents aforementioned compliance issues are one amongst the foremost common forms of cybersecurity problems uncovered throughout due diligence, whereas 400th aforementioned a lack of comprehensive security design is also common.

Even for those acquiring corporations that shall inspect data security problems as a part of the M&A due diligence method. More often than not, the lawyers ask a battery of routine, privacy-related queries of a corporation even when that company doesn’t collect or handle consumer personal data. The main focus on data privacy, and not security more generally, is due partially to a general lack of awareness of broader cybersecurity issues, and a hyperawareness of the risks related to data breaches. To a large degree, an emphasis on data breach risks isn’t shocking since corporations should publically disclose breaches of private data to customers, and also the media often focuses considerable attention on these breaches, particularly large-scale ones.

This summarizes the growing potential issues like legal, financial, reputational, and operationally associated with cybersecurity, and additionally provides practical solutions on the way to identify, understand, and mitigate those risks throughout the merger or acquisition due to diligence method.
Therefore, in any merger and acquisition deal, conducting a strong level of due diligence is merely the battle. Putting in place representations and warranties during a purchase agreement, significantly as it considerations data privacy and cyber-security matters, is turning into an increasingly vital measure in guaranteeing a smooth and safe transaction.


Cyber Security Check in Indian Banks !

September 11, 2018 Pradeep Agrawal 0 Comments

The extent of data privacy norms in India is way less stringent versus those of the GDPR. Besides, the predomination for banks of public-sector that builds the impression of an implicit sovereign guarantee against the failure of such banks. This reduces the threat of reputation loss of public-sector banks because of cyber attacks.

In August 2018, When Cosmos Bank went through from cyber attack, resulting in approx. Rs 100 crore being siphoned off. In most developed countries similar attacks are rare. Such incidents need an outsized range of accounts to transfer the stolen money. Therefore, In most countries, direct money siphoning from banks through cyber-attacks are small-scale frauds through phishing attacks and stealing of payment cards or data.

Indian banks don’t have a lot of selection regarding a significant revamp of cybersecurity. Cyber attacks are global in nature and, with better cyber-risk preparation in OECD countries, hackers are increasingly specializing in vulnerabilities in emerging-market countries. this may produce existentialist issues for Indian banks. for instance, the money siphoned removed from Cosmos Bank is fourteen times the bank’s FY18 profit.
During 2008-17, banks in India faced 1,30,000 reported cases of cyber fraud involving an estimated Rs 700 crore. this is often comparable to simply 0.006% of the outstanding deposits of Indian banks. in contrast, a severe cyber attack may result in bank failure even once no money is lost directly.

In 2016, the rbi has asked banks to put in place board-approved, strong cyber-risk management systems. The regulator has additionally set norms that put losses because of cyber attacks nearly solely on banks. most significantly, the draft Personal Data Protection Bill, 2018, has projected that for breach of personal data protection, banks would face penalties the same as those under the GDPR.

As several of the ‘old’ private sector banks seem to be better prepared than their larger peers. Indian banks appear to focus a lot of on identification and prevention of cyber-attacks than breach detection, crisis management within the immediate aftermath of detection and corrective measures thenceforth. Quick breach detection and appropriate corrective actions decide the impact of such incidents on banks. Therefore, It is time that Indian banks get up to harsh cyber realities.

#CyberSecurity #cosmosbank #Cybersecuritybanks


Cyber & Malware Attack on Pune-based Cosmos Bank

August 16, 2018 Pradeep Agrawal 2 Comments

Cyber Attack on Pune-based Cosmos Bank, Hackers managed to transfer over Rs 94.24 crore through a malware attack on the server of Cosmos Bank. On Tuesday, the Indian banking system went in shudders when the Cosmos Bank admitted that it fell victim to an international group of hackers who siphoned off a complete of Rs 94.24 crore in 2 cyber attacks on August eleven and August thirteen.

On Wednesday the National Payments Council of India (NPCI) blamed the Cosmos Bank’s “own IT environment” for the unprecedented cyber loot that left over the Pune-based bank poorer by Rs 94.42 crore. In a declaration, the NPCI’s Head Risk Management, Bharat Panchal, aforesaid “the NPCI’s systems are totally secure.

Therefore, the issue has occurred inside the Cosmos Bank’s own IT surroundings due to malware-based attack on the bank’s IT system that has a fraud. Panchal distinguished that Before the attack, the transactions are reported from outside India. He repeats that the systems of NCPI – the umbrella organization for operative retail payments and settlement systems in India were completely secure and it had been endlessly watching the case arising out of the Cosmos Bank episode.

Cybersecurity should be thorough and seamless, regardless or business size. Cyber-crime is unlikely to slow down, despite government efforts and input from specialists. Its growth is being driven by the expanding number of services available online

Having the right level of preparation and specialist assistance is vital to minimize and control damage, and recover from a cyber breach and its consequences.

#CyberSecurity # CyberAttack #CosmosBank