1. Home
  2. 'Data of over 6K Indian firms is up for sale on Internet'

'Data of over 6K Indian firms is up for sale on Internet'

Agencies
October 4, 2017

Mumbai, Oct 4: Global IT security firm Quick Heal's Enterprise Security brand Seqrite has discovered an advertisement on DarkNet forum that claims to have access to data of over 6,000 Indian businesses that include Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises.

Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, tracked the advertisement where the unknown hacker has priced the information at 15 Bitcoins (nearly Rs. 42 lakh) and is offering network takedown of affected organisations for an unspecified amount, the company said in a statement on Tuesday.

"This can be a major tool of mass disruption if a non-state actor gets hands on it," Seqrite said on its website.

The organisations whose services may be at risk are: UIDAI (Aadhaar), Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare, Employees' Provident Fund Organisation and various Indian state government portals, among others.

"We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above mentioned organisations and enterprises can get affected," Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal, told IANS.

Following a detailed investigation, researchers identified the affected organisation as India's national Internet registry IRINN (Indian Registry for Internet Names and Numbers) which comes under the National Internet Exchange of India (NIXI).

As a precautionary measure, Seqrite reached out to the government authorities and Asia Pacific Network Information Centre (APNIC), recommending to them to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates.

According to the researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service (DoS) attack-like condition.

"This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India," the company said.

"Along with the access, the hacker is also selling credentials and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC)," it added.

The IRINN provides allocation and registration services of IP addresses and autonomous system numbers.

It comes under NIXI which "is the neutral meeting point of the ISPs in India with the primary objective being the facilitation of exchange of domestic Internet traffic between peering ISP members".

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 18,2020

New Delhi, Jul 18: India's national cybersecurity agency CERT-in, has warned people of credit card skimming spreading across the world through e-commerce platforms.

Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP), the Computer Emergency Response Team (CERT-In) said in a notice on Thursday.

Recently, attackers targeted sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework, it said.

Some of the sites affected by the attack were found to be running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and may contain multiple vulnerabilities, CERT-In said.

The notice also included a list of best practices for website developers including the use of the latest version of ASP.NET web framework, IIS web server and database server.

The advisory is based on research by Malwarebytes which found that this skimming campaign likely began sometime in April this year.

Credit card skimming has become a popular activity for cybercriminals over the past few years, and the increase in online shopping during the pandemic means additional business for them, too, Malwarebytes said in a blog post, adding that attackers do not need to limit themselves to the most popular e-commerce platforms.

Researchers from global cybersecurity and anti-virus brand Kaspersky had warned in December last year that more cybercriminal groups will target online payment processing systems in 2020. 

It said that over the past couple of years, so-called JS-skimming (the method of stealing of payment card data from online stores), has gained immense popularity among attackers. 

Kaspersky researchers in their report said they are currently aware of at least 10 different actors involved in these type of attacks.

Their number will continue to grow during the next year, the report said, adding that the most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 9,2020

New Zealand's research institute in Antarctica is scaling back the number of projects planned for the upcoming season, in an effort to keep the continent free of coronavirus, it was reported on Tuesday.

The government agency, Antarctica New Zealand, told the BBC on Tuesday that it was dropping 23 of the 36 research projects.

Only long-term science monitoring, essential operational activity and planned maintenance will go ahead.

The upcoming research season runs from October to March.

"As COVID-19 sweeps the planet, only one continent remains untouched and (we) are focused on keeping it that way," Antarctica New Zealand told the BBC.

The organisation's chief executive Sarah Williamson said the travel limits and a strict managed isolation plan were the key factors for keeping Scott Base - New Zealand's research facility - virus free.

"Antarctica New Zealand is committed to maintaining and enhancing the quality of New Zealand's Antarctic scientific research. However, current circumstances dictate that our ability to support science is extremely limited this season" she said.

Earlier in April, Australia announced that it would scale back its activity in the 2020-21 summer season.

This included decreasing operational capacity and delaying work on some major projects.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 24,2020

New Delhi, Jun 24: The Centre has made it mandatory for sellers to enter the 'Country of Origin' while registering all new products on government e-marketplace (GeM).

The e-marketplace is a special purpose vehicle (SPV) under the Ministry of Commerce and Industry which facilitates the entry of small local sellers in public procurement, while implementing 'Make in India' and MSE Purchase Preference Policies of the Centre.

Accordingly, the ministry said the move has been made to promote 'Make in India' and 'Atma Nirbhar Bharat'.

The provision has been enabled via the introduction of new features on GeM.

Besides the registration process, the new feature also reminds sellers who have already uploaded their products, to disclose their products' 'Country of Origin' details.

The ministry further said that failing to disclose the detail will lead to removal of the products from the e-marketplace.

"GeM has taken this significant step to promote 'Make in India' and 'Aatmanirbhar Bharat'," the ministry said in a statement.

"GeM has also enabled a provision for indication of the percentage of local content in products. With this new feature, now, the 'Country of Origin' as well as the local content percentage are visible in the marketplace for all items. More importantly, the 'Make in India' filter has now been enabled on the portal. Buyers can choose to buy only those products that meet the minimum 50 per cent local content criteria."

In case of bids, the ministry said that buyers can now reserve any bid for a "Class I Local suppliers. For those bids below Rs 200 crore, only Class I and Class II Local Suppliers are eligible to bid, with Class I supplier getting purchase preference".

In addition to this, the Department for Promotion of Industry and Internal Trade (DPIIT) has reportedly called for a meeting with all e-commerce companies such as Amazon and Flipkart to display the country of origin on the products sold on their platform, as well as the extent of value added in India.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.