Interent transactions today are highly vulnerable to exploitation by cyber criminals. Online transactions in the current situation must be dealt very sensitively and sensibly in order to avoid any kind of data theft. The Secure Sockets Layer (SSL) enables encryption of sensitive data during online transactions through advanced encryption methods and validation processes. Encryption of data makes it very difficult for unauthorised people to view the information during data transmission, thus making your online transaction highly secure.

Almost all websites online are using SSL/TLS for securing their online transactions with their clients. All the popular browsers are having mechanism to identify the certificate and validate it. When you are visiting a secure site the browser will display a “lock” icon in its status bar. The internet address of a secured site begins with https:// rather than http://, where ‘s’ represents that the site is using a secure server. In the absence of any of the above indicators, it is recommended to avoid doing online tranasaction within the site.

Data encryption and SSL/TLS Process
An authenticated website for online transaction gets its SSL/TLS certificate from an Certified Authority (CA) like Verisign. The certificate is installed in the web server hosting the authenticated site.

• When a user tries to access this authenticated site through his web browser, it sends a web page request to the web server.
• The server now responds with the SSL certificate.
• Web browser first verifies the validation of certificate, then encrypts the key seed of the session using SSL Public key and sends it to the server.
• Server sends an indication that all the future transmissions are encrypted.
• Then the communication between server and the browser in encrypted format follows until the connection closes.

Importance of SSL certified sites
Internet today can be called as wild west. This has become a major obstacle for the growth of ecommerce and online transactions. Making secure online transactions in these conditions majorly requires privacy and identity assurance. SSL/TLS certificate ensures both to the user. The encrypted format of data ensures safety from cyber criminals who try to steal the information during transactions. Identity assurance is another major feature of SSL/TLS certificate. This certificate is hard to obtain for ordinary or illegitimate websites. However, working with a website certified by an established CA is also important.

The credibility of SSL/TLS certificate
As mentioned earlier SSL/TLS certificates are not easier to obtain. These are operated by Certified Authorities. Certified Authority (CA) usually will be an well established entity. New comers must have to undergo significant barriers to enter into SSL/TLS certificate market and to be included into the webbrowser’s trusted “root” SSL/TLS certificates list. Thus, if it is an established CA that provides credibility for a SSL/TLS certificate, it is a secure and reliable browser that gives credibility to the CA.

How to validate a website for SSL certificate?
As SSL/TLS certificates are not easy to obtain, cyber criminals use different methods in web programming to create one of their own. However, we can validate a SSL certificate claimed by a website using few simple steps:

1. Open the URL in a website and make sure that the URL starts with “https://” rather than “http://”
2. When the website is loaded in the browser look for the lock icon. The
   

   lock icon is situated in the upper-right corner for Safari; in lower-right corner for Firefox and IE. The lock icon is situated in the right end corner of the address bar for Google Chrome. However, a lock icon doesn’t necessarily mean that the site is SSL certified.

3. In order to validate the SSL certificate click on the lock icon of the browser which displays a pop up window of the page info. Click on view certificate option for further details. This will show further details of the organization and the CA who issued the certificate. Check on the expiry date of the certificate by selecting Validity – > Not After.
   

   Valid SSL Certificate

   Invalid SSL Certificate

4. Always use high security browsers while doing online transactions. As these high security browsers have emerged after the development of the Extended Validation (EV) standard established by the CA/Browser forum, they can perfectly recognize between a valid and non-valid SSL certificate. IE 7+ and Mozilla Firefox 3+ versions are examples of high security web browsers.
   

   Warning message in Firefox

   Many web browsers block the webpage from loading and give an warning message when they find a website with suspicious or invalid SSL certificate.

Website spoofing is one of the deceptive snare used by cyber criminals for phishing. Internet is still a highly vulnerable place for transactions. Cyber-criminals keep finding different ways to exploit a user online. The only way to survive them is through conventional awareness and credible preventive measures.

What are Spoofed Websites?
A spoofed website is usually a replica of a legitimate website. Almost all the features of this site replicate the existing legitimate site including logos, fonts, colors, structure, etc. In few cases, even the URL of the spoofed site is almost close to the URL of the legitimate site so that it is easier for them to trick its visitor.

Techniques used in spoofing:

• URL Redirection: URL redirection is possible through web programming to refer a URL to another URL. Many big companies like Google, Microsoft, etc., use them for legitimate business purposes. However, this has become a phishing tool for cyber criminals.They use a legitimate looking URL (www.domain.com, for example). However, when a visitor tries to visit the site, it actually redirects him to a spoofed site (www.phisher.com). It is possible for the user to identify redirecting URLs by monitoring location bar of his browser.

• URL Cloaking: A legitimate looking URL is used to mask the URL of a spoofed site, by using ‘@’ symbol. Using @ symbol was originally intended as a way to include a username and password in the URL. When a user tries to open the legitimate looking URL, www.bank-domain.com@phisher.com, for example, it actually redirects him to the phishing site www.phisher.com, rather than www.bank-domain.com.

• URL Masking: A illegitmate / phishing site is concealed behind the text of URL of a legitimate site. Web programming has enough attributes to support masking of a URL easily.A user gets an email from phisher containing a link to a legitimate site (www.domain.com, for example). However, the link is the mask of a spoofed site (www.phisher.com). The deception actually happens in the status bar of the browser. When you hover mouse over a link the status bar should show where the link will guide you to. The deceptive link is so well hidden that the user cannot find it even in the status bar on hovering mouse over the link. This is generally done using javascript.

• Typo Scamming: Typos are inevitable when you are typing out on your keyboard. Cyber criminals use this as an advantage and register web addresses that resemble the name of a popular and legitimate site. These URLs are slightly differentiated by adding, excluding, or rearranging letters.For example, web address of a legitimate site www.bankm.com is differentiated as
  • www.banmk.com
  • www.bakm.com
  • www.bankm-online.com

Why beware of spoofed sites?
Spoofed websites are actual sources of phishing. The main job of the phisher is to convince the visitor that his spoofed site is legitimate. From then on it is the visitor who will be submitting his information to the phisher, unknowingly though. It can be his bank username and password, or any such information that is of economical value.

Cyber criminals also use spoofed websites to deploy malware into the visitors PC thus making it as a part of their botnet.

Precautions to take to avoid being a victim of spoofed sites

• Avoid using sites that do not have SSL/TLS certificate while you are banking, buying, selling, transferring money or using credit/debit cards online.
• Make it a habit of checking the SSL/TLS validity every time you visit a site before making financial transactions, by clicking on the lock icon.
• Never click a hyperlink to get to a website for financial transaction unless you are CERTAIN that it is a legitimate link.
• Just type out the URL yourself, use credible search engine results or copy paste it from your records.
• Do not use same username / password for all your online logins.

The recent Mariposa scam which revealed the compromising of 12.7 million computers shows the extent and severity of botnet problem. Mariposa is only one of them; there are many more such botnets like conficker, kraken, srizbi, Zeus, Zdbot, etc which have compromised millions of computers that are connected to internet today. And these in turn are actively trying to infect more and more computers every day. An article from BBC saying that up to a quarter of PCs connected online are part of botnets, tells us how grave the situation is.

Basics about Bots and Botnets
The term bot is related to the word robot. A computer system is first infected by a Trojan virus or any such malware; then the hackers, who are creators of this malware, take over the controls of the system and remotely operate it for their use. Since, the infected computers are obeying the controls of the hacker, these are also called bots or zombies.

A single bot is of not much use to the hacker. Thus, he first tries to increase the number of zombies by spreading the malware via the infected PC. Thus, the network of bots increases and forms a botnet. A typical botnet contains a few hundreds or a couple thousands of computers. However, there are a few botnets that contain millions of infected PCs. All of them serving to the key master – the creator of the botnet.

How/where are they used?
The primary risk of having/using a PC-turned-bot is putting all your credible information (like bank accounts, credit card numbers, passwords, financial information or any such sensitive data) available for the hacker to exploit. Bots also send spam, viruses, spyware to other computers on internet in order to spread their botnet. These are automated processes and do not require commands from the hacker each and every time.

Botnets are also used to perform other tasks online like creating email spam, clickfraud, spamdexing, launching of denial-of-service (DoS) attacks, fast flux, access number replacements, etc.

How to check if your PC is a part of botnet
Your PC Internet connection – turning inexplicably slow either while browsing or while checking mails can be a symptom of botnet infection. The malware used in botnet infection are specially designed to hide themselves even during carrying out the automated processes. Thus, it is hard to trace them down sometimes even with an antivirus installed in your PC. However, Prevx suggests a small technique using which you can check if your PC is part of a botnet follow when your internet becomes slow. The process is as follows:

1. Close all your browsers and email software (like Thunderbird, Outlook, etc)
2. Open Task Manager: Press CTRL+ALT+DEL at a time and then select Task manager from the Window.
3. Open Networking tab and observe the graph or Network Utilization percentage below the graph. If it is showing more than usual percentage, then it might indicate that your PC is infected.

If the above is true in your case, the next steps to do will be:

• Immediately pull off from the internet by disconnecting the LAN cable.
• Use a rescue disk (like Norton antivirus rescue disk) and scan your computer thoroughly.
• Replace your antivirus immediately with a superior one and run thorough scan (because it is already proved that the existing one is ineffective).
• Reconnect PC to the internet and update your MS Windows, antivirus database, browser, adobe reader, and other vulnerable applications that are installed on your PC.

Read the rest of this entry »

Today almost every user browsing Internet is at risk. The increase in threats related to social networking sites, banking security, botnets, and attacks targeting users, businesses, and even applications made Internet a risky landscape. Many industry consultants and analysts refer Internet as ‘Wild West’ because of its huge insecurity, where nobody or no website can be trusted. Every year, cyber crime costs billions of dollars to repair systems hit by attacks and loss in productivity because of disruptions. According to the Federal Bureau of Investigation (FBI), consumers and businesses lost $5.8 billion in 2009 due to cyber crime.

Risks increased exponentially
Today, any user can get affected by cyber threats through browsing, searching or merely visiting legitimate sites than ever before in the Internet history. Malicious web links are sprouting at a rapid pace. According to CA Internet Security Business Unit (ISBU), 78% of threats came from online interaction during the first six months of 2009. IBM’s ‘X-Force 2009 Mid-Year Trend and Risk Report’, states that there was more than 500% increase in new malicious web links in the first six months of 2009. The vulnerability towards the threats seems to have reached the peak point. In the first half of the year 2009 alone, nearly 3,240 new vulnerabilities were discovered.

New threats
With the evolution of web based communities and explosion of Internet services, users are spending more time online and engaging in social networking activities on the Internet than ever before. This is resulting in new threats that exploit these services and communities. When a reputed website hosts third-party content, users often let down their guard while following hyperlinks in the third-party content or installing applications offered by them. Malware authors follow social networking buzz and the most popular activities online to attack the users. They are always ready to exploit significant and popular news stories to trap the netizens. Thus many people become victims of cyber traps.

The attackers are constantly upgrading their tools to attack the unwary users. This criminal activity is scaling new peaks constantly. According to IBM, the SQL injection attacks almost doubled from first quarter to second quarter of 2009. Through SQL attacks, malicious code is injected into genuine web sites to infect the visitors.

For the past few years, Botnets are the primary tools for many cyber criminals. They are always a challenge to the cyber security professionals as it is very difficult to track them down. Botnets can launch almost every type of cyber attack including data exfiltration, sophisticated espionage, and spam.

Targeted attacks
Although targeted attacks were rare earlier, they are seen often these days. Apart from the common people, top management of companies, governments, industries and even journalists are being targeted for private information. Emails with Malware attachments is the popular and preferred method for targeted attacks. According to CA (ISBU), 17% of the infections are distributed through E-mail. There is also an increase in attacks targeting client software using Adobe products including Flash and Acrobat Reader.

Criminals are adapting more effective methods to target online banking system. Trojans are the result of new tactics that go beyond the simple key logging-with-screenshots efforts, which prevailed earlier. CA (ISBU) reported that Trojans were the most common threats representing 71% of the total infections in the first half of 2009. When it comes to Phishing, IBM says that 66% of the phishing attacks targeted financial industry and 31% targeted online payment in the first half of 2009.

Over the years, Internet security issues have been growing. Initially, virus was the only problem. Later with the explosion of Internet, many newer threats have evolved increasing the security vulnerability such as malicious domains or untrusted web sites, presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, mainstream news sites and online magazines. Today you are in a high-risk zone as soon as you are online. It is always advisable to be alert while you are browsing.

There are many service providers who offer online back up services. Some of them are Mozy, BackupandShare.com, Citadel Remote Backup, SafeCopy Backup, Iron Mountains, ElephantDrive, Xdrive, Genie Online Backup, AT&T Online Vault, Carbonite, eSureIT, iBackup. These are only a few to name.

Remote back up service are mostly suitable for individuals and small businesses. However, any of them trying these services without a good broadband connectivity as well as a high performing system – will for-sure visit the hell on earth.

In fact many people and many companies have been relying on some of the services mentioned above. The security of backing up data online is also questioned when services of even bog companies like Google and Twitter are being hacked.

Many of Remote backup services, for example – Mozy, encrypts the files that are to be backed up, in your PC itself so that they are not easily accessible even when steals them in mid of the back up process. In addition, some services even scramble the encrypted data through a SSL connection. This is the same mechanism that is used by online merchants to move credit card information.

What if the data is accessed at the data centers by their employees? Well, there are some services that offer remedy for this too. When they are encrypting the data on your PC, the encryption key will be given by yourself so that decrypting and encrypting can be done by none other than you.

However, there are certain precautions that are required to be taken up before opting for a service.

• Ensure that the service providers are firm at their policies.
• Use strong passwords or encryption keys for files that carry vital or sensitive data.
• Try to add an extra protection like password protecting your documents or using some third party applications to pre-encrypt your data.

As Scareware threats are on rise, millions of Internet users are falling prey to the Scareware scams.

Scareware adopts bogus sales tactics that are designed to scare a user into believing that his or her computer contains critical errors or viruses that have to be fixed immediately. Scareware ads offer an instant solution to the so-called problems on the computer and come for a price. In some cases, this software is harmless – while in others – it is actually a malware or another spyware. The ad might pop up anytime when surfing the web. The ad may open a pop-up window leading people to believe that the message is triggered by their own Operating System. The message claims that the consumer’s computer is infected with a virus and may require a “fix” and that clicking on “OK” would take the user to the download site from where the user could purchase the “fix”. By luring the victims to buy the software, the perpetrators may even steal sensitive information such as credit card details of the victim and these details may be sold to black market forums.

As of June 2009, over 250 rogue programs had been detected by Symantec in a study, which spanned over June 2008-09. Bogus security software could be freely available, may cost up to US$100 or come in a trial version. They may be installed manually by the user or when he opens an attachment or while surfing through a malicious website. Scareware can also be unknowingly advertised on legitimate websites such as social-network sites, forums, blogs, and appear in search engine results that are sponsored by cyber criminals. These crooks also hire sales representatives to sell their products who earn an average of US$23,000 a week. They are paid for every installation they make and even get bonuses like electronic gadgets and luxury cars.

Another tactic of Scareware is scaring users with unanticipated images, sounds or video. This is known as Prank software. An example of this kind of software is “NightMare”, which when executed lies dormant for some amount of time, finally changing the entire screen of the computer to an image of a skull while a horrifying shriek is played on the audio channels.

Many cases have been filed against the perpetrators of such sites and they have been asked to pay for the damages caused by them. In 2005, Microsoft and Washington State successfully sued Secure Computers for US$1million over charges of using scareware pop-ups. Various regulatory bodies like the US Federal Trade Commission are taking an active part in trying to put an end to this menace.

However, it is your responsibility to be aware of these things and avoid being trapped.

As we are aware of the recent issue with a few thousands of emails, lets see how some of these scammers have used the emails they hacked into.

The following email was sent to a small business support’s email id for financial gain from a@gmail.com – an email id belonging to their client.

“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”

The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.

The following reply was sent to the email id of the client.

“Not a problem. Please let us know what we need to do.”

Then this person got suspicious and sent this message immediately.

Is there a number we can reach you?

Within 10 minutes there was a reply from the email id as follows…

“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here

Name : First Lastname
Country Name : New York, United State of America

Thats all you need , You got it right ?”

This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.

India, as the world leader of BPO – has a negative distinction too. According to a recent report from Brighton University, call centre cybercrime is becoming popular here.

This report focuses exclusively on financial cybercrime, specifically credit card fraud and identity theft. Financial cybercrime has increased dramatically in recent years and looks set to increase further as the proliferation of communications technology proceeds apace and reaches regions of the world with many underemployed poor people with information technology skills who can take advantage of cybercrime opportunities.

India stands in 14th place among world hosting phishing websites for 2008. Though the cybercriminal activity in India is very low compared to many other major and emerging economies, the report says that there has been a leap in cybercrime in past few years.

According to the report, “The country’s top ten BPO firms hire up to 25,000 new employees per year, and financial services are one of the fastest growing segments. However, low salaries and fast turnover in the industry might provide an incentive to make extra money through cybercrime.”

However, SMBs in India are turning towards adoption of efficient security measures to check the issue of data security. According to a report from AMI Partners Inc, Indian Small and medium businesses (SMBs, or companies with up to 999 employees) are realizing that data security is not just adopting security solutions but that formulating structured policies is also a critical factor. SMBs in India are on track to spend US$291 million on security-related investments in 2009.

For more information click here.

Courtesy: Search-Marketing.In

There are many Small and Medium businesses in India that operate on critical information from their clients in outside countries as a part of outsourcing. The main reason is of course the availability of highly proficient people at lower wages.

However SMBs are the most vulnerable segment in terms of data security. Data explosion, electronic threats and increased usage of web-based solutions are some of the important factors that increase the risks of SMBs being vulnerable in data security.

This is not confined to just India but is spread across even all the major economic countries. In fact, U.S is the most targeted country in terms of phishing attacks. A recent report from Brighton University says that US gets a significant 53% of total world’s phishing attacks followed by UK, Italy, Spain and Canada.

However, being the world leader of BPO I agree that it is not feasible for India to succumb to phishing attacks and be vulnerable in data security. A recent study from AMI partners Inc., SMBs in India are realizing that data security is not just adopting security solutions but that formulating structured policies is also a critical factor.

The report says that Small and medium businesses (SMBs, or companies with up to 999 employees) in India are on track to spend US$291 million on security-related investments in 2009. Security software accounts for three fourths of the total SMB security expenditure. Managed security services (MSS) is one of the key trends in the SMB security space, which is expected to grow at approximately 21% this year.

Courtesy: Search-Marketing.in