Data Security News Headlines 30th June 2017

  1. India globally seventh most affected by Petya attack

Petya ransomware attacks that began infecting computers in several countries, including Russia, Ukraine, France, India and the United States on Tuesday and which demands $300 ransom was not designed with the intention of restoring the computers at all. According to the global cyber security firm Symantec, India has become the worst-hit country in the Asia Pacific and Japan (APJ) region and the seventh most affected nation globally as a new ransomware ‘Petya’ hit on June 27. The country’s largest container port and some local manufacturing units of global companies were hit, as confirmed by the Government on Wednesday. Once infected by the ransomware, the systems are locked and a demand of USD 300 in Bitcoins is made to recover the files. The local cyber-security firm Kaspersky Lab estimated the number of victims of the Petya malware at 2,000.

Cyber Security Tips: To prevent oneself from Petya ransomware users are strongly recommended to install patch released by Microsoft, keep yourself up-to-date, if you are using unsupported windows system apply the emergency patch released by Microsoft, modify your firewall configurations to block access to SMB ports over the network or the Internet, Disable SMB, Keep your Antivirus software up-to-date, Backup Regularly and be aware of phishing.

  1. Dhankawdi resident loses 1.47 lakh to card fraud

PUNE:  Cyber criminals are targeting users to steal their banking credentials. According to a latest report Mr. Arun Kale (59) a resident of Pune had shared his debit card details with a telecaller and lost Rs 1.47 lakh at one go.  According to the cyber cell, Mr. Anil got a fraudulent call asking for banking details to upgrade his card. Mr. Anil shared details such as the 16-digit number, PIN, card verification value (CVV) and one time password with the caller, who had offered to upgrade his card. In his complaint, Kale said a man, who identified himself as Anil Kumar, had called him saying that the bank where he has an account had given them a contract for upgrading its debit card consumers.

Cyber Security Tips: To prevent from such fraud users are recommended to avoid sharing any banking details such as 16-digit number, PIN, card verification value (CVV) and one time password to anyone.

  1. The Author of Petya Ransomware is Back & to Help NotPetya Victims

After Petya ransomware targeted systems worldwide, there have been new research materials and perceptions coming in each and every day. According to a latest report, the original author of Petya is back again. He appeared on Twitter to help victims unlock their files encrypted by a new version of Petya, known as NotPetya. According to his tweet, author suggests that he may have held on a master decryption key, which if worked for the new variant of Petya infected files, victims would be able to decrypt their files locked in the recent cyber outcry. Initially, a new variant of Petya ransomware, NotPetya, was blamed for infecting systems worldwide, but later, the NotPetya story took an interesting turn. Yesterday, it researchers found that NotPetya is not a ransomware, rather it’s a wiper malware that wipes systems outright, destroying all records from the targeted systems. NotPetya also uses NSA’s leaked Windows hacking exploit EternalBlue and EternalRomance to rapidly spread within the network, and WMIC and PSEXEC tools to remotely execute malware on the machines.

Cyber Security Tips: Janus is examining the new code and even if his master key succeeds in decrypting victims’ hard drive’s master file table (MFT), it won’t be of much help until researchers find a way to repair MBR, which is wiped off by NotPetya without keeping any copy so users are recommended to wait until the final solution is made and pay attention.

  1. Beware! Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

A critical vulnerability has been discovered in Systemd, the popular init system and service manager for Linux operating systems. systemd is an init system used in Linux distributions to bootstrap the user space and manage all processes subsequently, instead of the UNIX System V or Berkeley Software Distribution (BSD) init systems. The successful exploitation could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability, designated as CVE-2017-9445, actually resides in the ‘dns_packet_new’ function of ‘systemd-resolved,’ a DNS response handler component that provides network name resolution to local applications. The DNS response overflows the buffer, allowing an attacker to overwrite the memory which leads to remote code execution. It means that attackers can remotely run any malware on the targeted system or server via their evil DNS service.  The bug is present in Ubuntu versions 17.04 and version 16.10; Debian versions Stretch (aka Debian 9), Buster (aka 10) and Sid (aka Unstable); and various other Linux distributions that use Systemd.

Cyber security Tips: The patches has already released so users and system administrators are strongly recommended to install them and update their Linux distros as soon as possible.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: