The incident was informed to Chennai Police by a concerned customer, as he feared his bank account could have been breached by malicious parties. Local authorities contacted the client’s branch managers, who late explained that transfer notification messages were wrongly sent to multiple users, causing confusion and requiring a software patch.

Eventually, dozens of users began making social media posts about the incident: “My HDFC Bank account showed a balance of Rs 2.4 million yesterday morning,” a customer of the banking institution said via Twitter.

After multiple complaints, the bank’s official account on Twitter started a customer service process through the social platform:

At the time of writing, nearly 100 accounts affected by this strange security incident were known. Most of the error messages showed a balance of Rs 130 million, although the alleged amounts paid varied between the different users affected.

In an update published a few hours later, a representative of the bank confirmed that everything was due to a technical failure during a routine maintenance process to the bank’s computer systems, completely ruling out the hypothesis of a cyberattack, which had feared hundreds of customers. 

Bank employees took additional measures, such as temporarily blocking the affected accounts: “There was no money deposited in these accounts, but to be sure, we restricted movements until the problem was fixed,” the spokesperson added.

By Monday morning, the bank had already reinstated restricted features for 80% of affected users. HDFC Bank will publish a supplementary report once the investigations are concluded.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Indian HDFC Bank deposits millions in customers’ accounts by mistake. Hacking incident or just a software flaw? appeared first on Information Security Newspaper | Hacking News.

The update considers any system storing personally identifiable information (PII) as critical equipment, making them subject to regular reviews and testing processes. Technology implementations interacting with critical operating and maintenance systems are also considered critical.

Entities providing investment services shall also maintain an updated inventory of their systems, including hardware, software, storage units, network resources and data flows. System administrators should perform frequent security audits, performed only by entities previously approved by CERT-In.

If that were not enough, all organizations that provide these services must submit their security reports within ten days after receiving this notification.

As many readers may guess, ten days is a ridiculously short deadline to achieve such goals, so it is anticipated that many organizations will try to challenge this decision of the Indian government.

Online platforms think this is mission impossible, especially considering that the deadline granted by the authorities includes two weekends.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Indian companies listed in stock exchange to provide infosec audits and information system inventory to government. New SEBI guidelines appeared first on Information Security Newspaper | Hacking News.

These rules were announced overnight in late April, receiving criticism from major players in the industry because system administrators were required to report 22 types of cybersecurity incidents just six hours after their detection, in addition to establishing as a requirement the registration of VPN users and other controversial measures.

The Government of India published an FAQ document related to these new rules and specifying that improvements and revisions will continue to apply. For example, India has clarified that minor security incidents, such as social media account takeover, will not have to be reported within six hours; on the other hand, only the most severe incidents, capable of disrupting operations in the affected organization, will have to be reported within this period.

Authorities also reversed the restriction of using only a couple of Indian Network Time Protocol (NTP) servers, specifying that the use of other NTP servers synchronized with local operators is also allowed.

The document also more clearly lists the requirements for entities that can operate in India without having a physical presence in the nation. As it reads, these companies must designate a point of contact to communicate with CERT-India, which administers the new rules. Non-Indian organizations can store certain data abroad, but must make it available to the CERT-In.

Indian officials avoided making any mention of the criticism the first version of this project received. The FAQ does not address objections to measures such as VPN user retention, in addition to frequently referencing that some of these measures were implemented for national security purposes, making it difficult to change specific aspects.

This document also does not offer any explanation as to how CERT-In will use the documents it collects to analyze security incidents, a matter of interest as organizations can submit reports in formats such as PDFs or faxes that do not lend themselves to automated ingestion or analysis.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post India relaxes cyber security incidents reporting rules and says new rules apply to MNCs appeared first on Information Security Newspaper | Hacking News.

Razorpay Software Private Limited provides online payment services that allow businesses in India to collect payments via credit card, debit card, net banking, and even cryptocurrency wallets.

The malicious activity was detected when a team at Razorpay Software Private Limited was auditing the transactions. Company employees were unable to reconcile transaction files with funds in enterprise accounts.

Abhishek Abhinav Anand, in charge of legal disputes and legislative compliance at Razorpay, filed a complaint with the southeast Indian cybercrime unit earlier this week.

Authorities are trying to identify the hacker or hacker group responsible for the attack, based on recorded online transactions. Meanwhile, Razorpay also ordered an internal investigation, revealing that the attacker compromised and manipulated the transaction authorization process to complete the attack; as a result, threat actor approved a total of 831 failed transactions, which mean losses around $1 million.

Razorpay shared with law enforcement detailed information about these 831 illegitimate transactions, including date, time and IP address.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hackers steal $1 million USD from Razorpay appeared first on Information Security Newspaper | Hacking News.

On its reasons for making this determination, the agency mentions that its teams identified “certain gaps that hinder the analysis of security incidents”; in addition to this new deadline, CERT-In will encourage the submission of incident reports by analog mediums such as telephone or fax, in addition to e-mail.

The new mechanisms will apply to service providers, intermediaries, data center operators, enterprises and government organizations that manage IT infrastructure.

As mentioned above, the report lists 20 types of security incidents, including information breaches and ransomware infections. Although it is obvious that the situation merits a report in these cases, on other occasions CERT-In provides very little concrete definitions, as is the case of those defined as “Attacks or suspicious activities that affect systems/servers/software/applications in the cloud”.

In addition to ambiguous definitions, CERT-In has received criticism about how short the report window is. Other legislative frameworks such as EU’s General Data Protection Regulation (GDPR) establish a deadline of 72 hours for the reporting of security incidents after their detection, while for the U.S. Government 24 hours are more than enough to submit these reports.

This is not the only update to the security incident reporting process in India. According to the new guidelines, organizations under this regulation must also keep a detailed record of all their information systems during the 180 days after the report, also having the obligation to deliver this data to CERT-In when requested.

Finally, additional requirements were established for organizations operating with cryptocurrency. Providers of services related to virtual assets will have to verify the identity of their customers and safeguard this data for at least five years, in what appears to be an aggressive measure against money laundering through cryptocurrency.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post CERT-IN makes mandatory for Indian companies to report hacking/cyber security incidents to government within six hours after detecting them appeared first on Information Security Newspaper | Hacking News.

Investigators collected multiple pieces of evidence that Chinese hackers managed to target seven Indian state centers responsible for carrying out the dispatch of electric power, in addition to taking control of a network located at a border point.

The hackers would have used the Trojan known as ShadowPad during the attack. This malware would have been developed by cybercriminals paid by the Government of China, a common practice of state-sponsored hacking.

In its report, Recorded Future mentions that ShadowPad continues to be used by an increasing number of groups linked to the People’s Liberation Army and the Ministry of State Security, with its origins linked to Chinese government contractors.

Chinese Foreign Ministry spokesman Zhao Lijian said his government is aware of these reports, saying China has always spoken out against cyberattacks: “I would like to advise the company in question that if they are really concerned about global cybersecurity, they should pay more attention to cyberattacks by U.S. government hackers against the rest of the world.”

On the other hand, Indian Ministry of External Affairs spokesman Arindam Bagchi said his country has not discussed the issue with China: “We have seen reports. There is a mechanism in place to safeguard our critical infrastructure to keep it resilient. We have not raised this issue with the government of China.”

Features of this incident such as prolonged targeting of India’s power grid make researchers believe that the main objective of this campaign is to collect information around surrounding critical infrastructure systems, or to have an access point to critical information for future hacking campaigns.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.  

The post How Chinese hackers tried to shutdown Indian electrical grids appeared first on Information Security Newspaper | Hacking News.

Experts mention that the group, also known as APT36 or Mythic Leopard, has undergone significant changes over the past year, adopting new attack mechanisms and multiple malware variants during its intrusions. Specifically hackers have used small, customizable downloaders, capable of adapting to various environments quickly and efficiently.

In the most recent campaign by Trasparent Tribe, multiple malware delivery methods were identified, including executables disguised as legitimate application installers or storage files. Indian users who encountered any of these malicious payloads could have been infected with one of the malware variants described below:

• CrimsonRAT, a remote access Trojan (RAT) variant frequently used by these hackers to deploy cyber spying operations targeting military organizations
• A lightweight .NET-based implant able to run arbitrary commands on infected systems
• A previously unknown Python-based stager that leads to the deployment of .NET-based reconnaissance tools and RATs

This operation also relies on the use of fake domains posing as legitimate government organizations to deliver malicious payloads. This is a tactic commonly linked with this group. Besides, although not their most common tactic, threat actors can also use phishing messages from the Indian government regarding the COVID-19 pandemic.

The researchers believe that tools like CrimsonRAT would allow threat actors to persist and long-term remote access to affected systems for espionage purposes, plus the attack vector remains functional for this and other groups of threat actors. While Transparent Tribe is not considered a sophisticated hacking group, its practices demonstrate great persistence and motivation to maintain an attack, so this threat should not be taken lightly especially considering their main goal seems to be cyber spying and remote access to critical systems.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.  

The post How this APT group is hacking Indian government officials to spy on their activities appeared first on Information Security Newspaper | Hacking News.

The arrested individuals were found in raids deployed in Mumbai, Delhi, Gurugram and Jaipur. In addition to the arrests, authorities confiscated fifteen laptops and nine mobile phones.

On the scam, cybersecurity specialists mention that India has been experiencing problems related to online exam submission, with hacking groups dedicated to using remote access tools to present some evidence on behalf of individuals interested in obtaining jobs in the government and some private companies.

In a recently revealed incident, a group of scammers allegedly helped a candidate score 780 out of 800 on the Graduate Management Admission Test (GMAT), an unusually high rating but one that so far has not been proven fraudulent.

Authorities claim that this individual was in contact with Russian hackers and even visited Russia in 2018. This group would have accessed the exam systems through a remote access tool, which could not be detected by security measures on the affected systems.

Finally, hackers developed a tool to remotely access the online exam system developed by a reputable IT company.

“Members of this cybercriminal group collaborated with the lab owners, installed the tool over LAN, and then accessed the systems through remote access. They also opened several online testing laboratories for this purpose,” the authorities’ report concludes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hacking GMAT exam 780 out of 800: Police arrests a gang who worked with Russian hackers appeared first on Information Security Newspaper | Hacking News.

For the investigation of this jackpotting campaign, the whistleblowers delivered images captured at the ATMs related to this possible fraud. In these images you can see two individuals manipulating the ATM and filling a bag with money.

After mounting a complex surveillance operation, the authorities managed to identify the fraud operators, unraveling the hackers’ mode of operation. Thanks to this operation, local authorities identified the vehicles used by the attackers, accessing the license plates and linking this data to the individuals involved in the fraud, including Krishna Gopal. Although the police tried to question Gopal at his home, the individual had already left this place.

The car was purchased in 2019, shortly before Gopal was arrested for other criminal conduct. Because of this, the defendant deliberately left his old address and changed the old phone numbers to avoid being tracked.

The traditional investigation was not paying off for the police, so they had to resort to other methods to obtain information. Soon after, a phone number was identified in the name of Gopal’s wife, registered at a gas station. The gas company was consulted by the authorities, although they mentioned that it was not possible to hand over the information of its customers.

After that, the team worked tirelessly and checked between ten and fifteen gas agency records in order to identify the user behind these attacks. The approach used by the authorities, fully professional and technology-based helped to develop the full identity and current address of the person previously identified as Krishna Gopal.

During a raid on his current home, authorities seized a Raspberry Pi device, two banking skimming devices and some expired debit cards, as well as 4 smartphones and thousands of rupees in cash.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How Indian Delhi police solved the most interesting case of ATM jackpotting appeared first on Information Security Newspaper | Hacking News.

According to the report, online certifications are being offered by a large number of companies and include the presentation of several courses that applicants to some jobs need to submit to be considered for a job. The usefulness of the online exam had skyrocketed after the outbreak of COVID-19 and the closure of educational institutes during the coronavirus isolation.

These certifications are being provided by several reputable organizations in various fields, such as CISCO certifications, CompTIA certifications, and EC-Council certifications, which play a pivotal role in the selection and placement of an employee in the technology, telecommunications, and other sectors.

Institutions conducting online testing must implement various measures to safeguard the overall integrity of the selection process, which involves the legitimacy of the exam. These processes even involve the use of artificial intelligence to monitor users who take their exams remotely.

As India Today mentions, those arrested contacted users who were going to present this evidence to offer this illegitimate help; through a VoIP service and with the data of a bank account, users arranged the deal. The hackers asked the user to download the Iperius Remote software, which gave them remote access to the user’s computer so they could take the exam instead. After multiple cases of unusually high scores, authorities began investigating, even employing decoys to lure hackers.

Having enough information, the authorities determined that the exams were being manipulated using hacking methods, so the intervention of the police forces was ordered in the localities where this behavior was detected. During the investigation, the phone number, bank account number and IP address of a member of this group were detected, allowing Indian authorities to identify other suspects. The first arrests were made on November 24.

The method the hackers used to access insider information from the exams is still unknown, although the intervention of an internal attacker could be the answer.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Cyber criminals who helped people cheat and pass CISCO Certifications, CompTIA Certifications, EC- Council certifications arrested. New modus operandi discovered appeared first on Information Security Newspaper | Hacking News.

At the time of their arrest, the defendants were seized two laptops, two smartphones, a desktop computer and other hacking tools. The defendants admitted having issued some 800 fake birth and death certificates after hacking into the websites of states such as Haryana, Bihar, Madhya, Pradesh, Rajasthan and Uttar.

Although the defendants managed to operate inadvertently for a couple of months, it was all discovered when a doctor at Karnal Civil Hospital realized that his access credentials to the Birth and Death Certificate Registration Unit had been compromised, as the threat actors managed to change these passwords.

The affected doctor filed a charge against those responsible because they violated multiple provisions of the Indian Penal Code and the Information Technology Act.

In a statement, Haryana authorities note that the defendants also managed a WhatsApp group to contact their potential clients; interested users only had to contact the defendants, agree on a price and wait for the work to be completed.

The defendants would subsequently log into the target website and issue the fake certificate in the customer’s name, sending a link via WhatsApp and using a forged signature.

So far, it is unknown what exactly are the charges facing the defendants, in addition to waiting to know the final sentences they face.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Booming business in India: Fake death and birth certificates. Hackers get into government websites to generate 800 fake birth and death certificates appeared first on Information Security Newspaper | Hacking News.

Participants at the meeting, held Oct. 13-14, agreed, defining ransomware as a significant threat to all kinds of activities, from local businesses and academic institutions to hospital services and power grids. For the members of this new effort, it is important to improve the capacities of each country for the detection, containment and response to these infections, which they hope to achieve through collaboration between the public and private sectors, with the participation of specialists in the field and civil society.

Among the agreements reached during this summit are the improvement of the resilience of networks and a new approach to prevent the abuse of financial mechanisms for the laundering of money obtained from this criminal activity. Some members of the cybersecurity community also contributed their observations on these agreements, which are listed below.

Network resilience: This is an objective that goes beyond the technical capacities of each country, since it also involves the implementation of effective policies, the delegation of responsibilities, establishment of a consistent legal framework, and advice to countries with less capacity to respond to security incidents and the training of a specialized body.

Although not an easy goal to achieve, cybersecurity experts say that a computer infrastructure that meets these standards is significantly less prone to ransomware attacks.

Financial intelligence: It is necessary to remember that the main goal of ransomware groups is to obtain profits, which must be subjected to various methods of money laundering. The member countries of this new group agreed to focus on tracking and intercepting the flow of money from these attacks, reducing the economic incentive for cybercriminals.

For experts, the implementation of measures to bring down the current revenue model used by these hackers requires highly coordinated activity, involving the monitoring of all virtual asset transfer systems, platforms highly used by cybercriminals to eliminate the trace of the money obtained.

The Counter Ransomware Initiative is one of the most prominent diplomatic efforts to combat a cybercriminal practice, so the cybersecurity community expects the authorities of member countries to consolidate their objectives to disrupt these attacks.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post India, Mexico, Nigeria, Singapore, South Africa and 25 other nations form a taskforce with United States to stop Ransomware payment appeared first on Information Security Newspaper | Hacking News.