Saturday, August 30, 2014

Internet of Everything @CLOUDSEC Mumbai

I was delighted to be part of CLOUDSEC, Mumbai panel on “The Internet SECURITY of Everything- Strategic perspectives and implications for government and business” hosted by Trend Micro and CNBC TV 18

The proliferation of things connected to the internet and each other will present new cyber security challenges to corporate IT and cloud computing. By 2020, analysts expect tens of billions of devices to be connected to the Internet and to each other. The Internet of Everything (IoE), will be powered by next generation enterprise assets such as corporate servers, mobile technologies, cloud computing, big data, intelligent networking and software applications.  The panel discussed what was available in terms of new strategies and solutions to address the new opportunities and potential risks that the Internet of Everything will introduce to organizations.

This year the theme was based on the emerging security concerns due to the Internet of Everything and the growing maturity of controls to audit and secure cloud infrastructure. One of my key takeaways was that reporting of cybercrimes continues to be low, either because the victim may suffer a reputational loss or the value of the crime was low or because there is not much faith in the ability of law enforcement to track global crime.

For those interested all presentation copies are available on

Founded in 2011, CLOUDSEC is one of the leading vendor neutral internet security conferences in Asia Pacific  hosted by Trend Micro, supported by industry leaders, government agencies, non-government organisations, professional associations, technology vendors, and internet security professionals.

Tuesday, August 26, 2014

Changing lifestyles’ makes kids increasing vulnerable online

Children who are vulnerable are often victims of online predators, as their online activities, usually posts or videos about themselves, cause them to attract the attention of lumpen elements like pedophiles, trolls and criminals. These criminals exploit a child desire for attention, usually derived from not having a healthy relationship with parents or with other kids and at school.  When a child shuts off their normal support system, criminals fill the gap with their sweet talk, gaining trust and access to exploit the child. The degree of exploitation may vary, but at the simplest it involves coaxing a child to perform nude or seminude before a webcam. Recorded videos are sold or shared over porn sites.  In the worst cases children are repeatedly blackmailed into performing and each session is touted by the pedophile as an achievement of the level of control they can exert, to others in their ring.
In today’s world with rising consumerisation, an increasing number of advertisements are directed at younger children to help them look like adults. Today, lingerie for the age group 4-12 is advertised online using children of the same age as models. Parents too, are drawn into promoting their kids. It is not surprising that with instant messaging children are increasingly sending pictures and videos of themselves to other friends, some of which as in the case of sexting may be considered self-made pornography. Statistics from an old study in 2009 and the trend has grown since then show that 22% of teen girls and 20% of teen boys have sent nude or seminude photos of themselves over the Internet or their phones and a majority believe those exchanging sexy content are "expected" to date or hook up. Beside legal action for having such porn stored on their mobiles or being responsible for their distribution, there is the even greater danger of these pictures being used to harass and defame years after. What the child might have sent on the spur of the moment becomes their worst nightmare.

Online lifestyles also allow children to broadcast their talents and create a fan club of unknown fans, some of whom may be undesirable elements and older people. These elements through flattering messages slowly gaining the trust of the child, in pursuit of their nefarious goals.

As lifestyles change parents must keep a closer watch on their children, be more participative and have health dialogues on their online lifestyle

Sunday, August 24, 2014

How to prevent and recover from Ransomware Attacks

The desktop freezes with a warning message from the local police that the user has violated the law by visits to pornographic sites and has been fined 300 dollars or local equivalent. Until the fine is paid, either all critical files on the desktop have been encrypted or access to the system barred via a locked screen. Victims promptly pay up, running scared of the threat of legal action and the resulting public humiliation of having being caught viewing porn. The victim does not realize that he was set-up by a small group of cyber criminals who specialize in setting up malicious sites that  when visited, infect desktops, with a malicious piece of malware known as Ransomware.  Faced with no option but to pay, as it is very hard to crack encryption or to avoid the embarrassment that could follow, victims pay – thereby making the crime profitable.
Ransomware as the name suggests is a piece of malicious software that either encrypts files on or locks screens to shut access to a desktop, tablet or mobile phone until a ransom is paid to obtain a secret key used to decrypt files or to unlock the device.
In case of desktops the malicious software is usually surreptitiously downloaded and installed from malicious or legitimate website infected with malicious code. The user is unaware that the system has been infected until the files have been encrypted and the malware popped-up messages demanding ransom.  Surreptitious download and installation without a user’s acceptance is possible due to vulnerabilities in browsers and made easier if the user possessed administrative rights to install applications. Due to the design of the operating system used in mobiles and tablets, malware once downloaded requires user intervention to install the application. Cybercriminals disguise these applications as system updates or fake versions of popular applications, which users believe are genuine and allow their installation.

How to prevent Ransomware infections
Recovering from a ransomware attack is very difficult, due to the hard to crack encryption. Prevention and regular offline back-ups remain the best defense. Antivirus software alone will not be effective due to the fast emerging variations of ransomware programs and attack methods. A few useful tips to help prevention are:

1.    Restrict administrative rights

2.    Restrict use of Java, flash and other such programs to trusted sites. This can be done through browser settings

3.    Check to see if the pop-ups are genuine. Updates should come from vendor sites

4.    Download apps from genuine app stores

5.    Keep an offline back-up of your data ( online backup can be encrypted by the malware, particularly if automated)

6.    Keep your system patch levels updated

7.    Use antivirus software which will help control access to malicious sites and delete known instances of ransomware.

How to Recover from Ransomware infections
A typical ransom requested is usually below 500$, in the form of vouchers that can be used to buy goods and services online and even if paid there is a good chance that system is not unlocked. It is therefore best to be prepared to lose the data on the device. The two articles (links below) are excellent resources to recover from Ransomware Attacks

Decrypting the Crypto Locker  – a tool from FireEye and Fox-IT to decrypt files encrypted by Cryptolocker, a dangerous strain of ransomware

One of the frequent methods used to recover is by paying the ransom, and if through this the users files were successfully decrypted, it is best to save critical data, wipe the disk clean and reinstall a fresh copy of the operating system and other application executables, as there could be further residual malware of a different type. And then there obviously remains the task of preventing further infections.