The use of this site and the content contained therein is governed by the Terms of Use. When you use this site you acknowledge that you have read the Terms of Use and that you accept and will be bound by the terms hereof and such terms as may be modified from time to time.
All text, graphics, audio, design and other works on the site are the copyrighted works of nasscom unless otherwise indicated. All rights reserved.
Content on the site is for personal use only and may be downloaded provided the material is kept intact and there is no violation of the copyrights, trademarks, and other proprietary rights. Any alteration of the material or use of the material contained in the site for any other purpose is a violation of the copyright of nasscom and / or its affiliates or associates or of its third-party information providers. This material cannot be copied, reproduced, republished, uploaded, posted, transmitted or distributed in any way for non-personal use without obtaining the prior permission from nasscom.
The nasscom Members login is for the reference of only registered nasscom Member Companies.
nasscom reserves the right to modify the terms of use of any service without any liability. nasscom reserves the right to take all measures necessary to prevent access to any service or termination of service if the terms of use are not complied with or are contravened or there is any violation of copyright, trademark or other proprietary right.
From time to time nasscom may supplement these terms of use with additional terms pertaining to specific content (additional terms). Such additional terms are hereby incorporated by reference into these Terms of Use.
Disclaimer
The Company information provided on the nasscom web site is as per data collected by companies. nasscom is not liable on the authenticity of such data.
nasscom has exercised due diligence in checking the correctness and authenticity of the information contained in the site, but nasscom or any of its affiliates or associates or employees shall not be in any way responsible for any loss or damage that may arise to any person from any inadvertent error in the information contained in this site. The information from or through this site is provided "as is" and all warranties express or implied of any kind, regarding any matter pertaining to any service or channel, including without limitation the implied warranties of merchantability, fitness for a particular purpose, and non-infringement are disclaimed. nasscom and its affiliates and associates shall not be liable, at any time, for any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communications line failure, theft or destruction or unauthorised access to, alteration of, or use of information contained on the site. No representations, warranties or guarantees whatsoever are made as to the accuracy, adequacy, reliability, completeness, suitability or applicability of the information to a particular situation.
nasscom or its affiliates or associates or its employees do not provide any judgments or warranty in respect of the authenticity or correctness of the content of other services or sites to which links are provided. A link to another service or site is not an endorsement of any products or services on such site or the site.
The content provided is for information purposes alone and does not substitute for specific advice whether investment, legal, taxation or otherwise. nasscom disclaims all liability for damages caused by use of content on the site.
All responsibility and liability for any damages caused by downloading of any data is disclaimed.
nasscom reserves the right to modify, suspend / cancel, or discontinue any or all sections, or service at any time without notice.
For any grievances under the Information Technology Act 2000, please get in touch with Grievance Officer, Mr. Anirban Mandal at data-query@nasscom.in.
The risk and severity of cyber-attacks have clearly grown over the last 5-6 months. In the Covid19 situation, dependence on digital platforms, applications, and infrastructure underscores the need for efficient cybersecurity defence.
It goes without saying that the advancement of technology and the wide use of digital media is making attackers smarter by the day. Today these cyber criminals take advantage of individuals and firms who pay less heed to cybersecurity. In the future organizations will face cyber threats under three key areas
Disruption: Over-dependence on fragile connectivity will increase the risk of premeditated internet outages that compromise business operations. Cybercriminals will continue to use ransomware, polymorphic APTs, and Malwares.
Distortion: Spread of misinformation by bots and automated sources will cause a compromise of trust in the integrity of information.
Deterioration: Rapid advances in smart technologies and attackers shall continue to find and exploit vulnerabilities
Spear phishing Attachments
Spear phishing attachment is a specific variant of spear phishing. Spear phishing attachment is different from other forms of spear phishing in that it employs the use of malware attached to an email. All forms of spear phishing are electronically delivered social engineering targeted at a specific individual, company, or industry.
The most common phishing mechanisms are:
Delivery of malicious software (less common)
Delivery of malicious documents
Delivery of a URL lure in the message body or in an otherwise benign attachment
Simple requests for information or assistance
Ransomware as a Service
The ransomware threat is growing. Ransomware attacks are on the rise, and the monetary value for ransomware payments is rapidly increasing. The RaaS business model is gaining popularity with ransomware developers as indicated by the increasing number of ransomware variants using the model. This increase in RaaS support creates more opportunities for external affiliates to use ransomware, further expanding the threat landscape to organizations. Ransomware will remain a problem for the foreseeable future, so it is imperative for organizations to take preventative action to protect themselves.
Third Party and Supply Chain Exploits
Today, almost all organization procure services, products (software and hardware) from third party providers. These days adversaries don’t target their initial goal directly. Instead, they focus on finding and compromising the most vulnerable elements in their victim’s supply chain network: subcontractors and third-party providers an intended victim works with. There are several ways of compromising a supply chain: from sending phishing emails in order to steal a supplier’s identity to injecting malicious code into third-party software. Software supply chain attacks pose the most danger since they are much harder to detect. These attacks target not third-party provider accounts or corporate networks, but third-party software used by a victim. Such an attack can be performed by exploiting existent vulnerabilities in this software or by modifying this software with malicious code insertion.
Cloud Jacking
Cloud Jacking is likely to emerge as one of the most prominent cybersecurity threats in 2020 due to the increasing reliance of businesses on cloud computing. Misconfiguration will drive a majority of the incidents. Code injection attacks, either directly to the code or through a third-party library, are prominently used against cloud platforms. These attacks — from cross-site scripting and SQL injection — are carried out to eavesdrop, take control of, and even modify sensitive files and data stored in the cloud. Attackers alternatively inject malicious code to third-party libraries that users unwittingly download and execute.
Credential Dumping
Credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. These credentials are then used to access restricted information, perform lateral movements, and install other malware.
Credential dumping comes in various shapes and sizes but can be broken down into three main implementation categories:
Accessing hashed credentials
Accessing credentials in plaintext
Acquiring key material (most commonly on Linux and macOS)
Custom AV/EDR signature to block credential dumping tools can prevent this. Continuous API Monitoring, Analysis of Powershell Logs, Process Monitoring, and Deception – credential honeypot can help organizations to detect credential duping.
Malware Persistence
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
DNS Hijacking
DNS (Domain Name System) is crucial to all organizations that rely on the Internet for conducting business – it’s critical for the performance and reliability of your internet applications and cloud services. DNS Hijacking is an attacking technique where the attacker creates a dummy site that looks and feels just like the site they are targeting. Here are steps followed in DNS Hijacking:
The attacker uses a targeted attack (such as spear phishing) to obtain login credentials to the Admin panel of the DNS* provider for the target site.
The attacker then goes into the DNS admin panel and changes the DNS records for the site they are targeting (this is known as DNS Hijacking), so that users trying to access the site will instead be sent to the dummy site.
The attacker forges a TLS encryption certificate that will convince a user’s browser that the dummy site is legitimate.
Unsuspecting users go to the URL of the compromised site and get redirected to the dummy site.
The users then attempt to log in on the dummy site, and their login credentials are harvested by the attacker.
Hardware Trojans
Hardware trojan engineering is on rising. It is a form of malicious circuitry that damages the function or and trustworthiness of an electronic system. In the power, transport, manufacturing, oil and gas sector, integrity and availability of hardware are very crucial.
Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyberinfrastructure.
Application Interfaces: Broken Access Control
Recent studies indicate that application programming interface (API) security readiness typically lags web app security across the majority of organizations today. Additionally, more than two-thirds of the organizations readily make APIs available to the public to allow external developers and partners to tap into their app ecosystems and software platforms.
As the dependence on APIs increases, API-based breaches have become more prominent. This has triggered adverse impacts on high-profile apps in financial processes, messaging, peer-to-peer and social media. As more organizations continue to adopt APIs for their applications, API security will be exposed as the weakest link, which could lead to cloud-native threats and put user data and privacy at risk.
Connection to Proxy
Proxies can also serve as discrete methods for adversaries to access and remove information from networks of interest. Adversaries use a wide variety of proxy methods to hide their command and control traffic, including PuTTY/SSH forwarding, Dynamic DNS, domain fronting, fast flux, Tor, i2p, SOCKS, STUN, and host firewall forwarding.
Adversaries most commonly use connection proxies in the following ways:
Using proxies for internal or external communication
Injecting into trusted processes to make connections
Routing connections through less attributable access points
Proxy Sandbox, Proxy blocklist with TI feeds, Proxy uncategorized website blocklist can be practiced preventing proxy-based attacks.
In this age of digital transformation and globalization, cybercriminals are constantly looking for fresh exploits and coming up with advanced strategies to defraud and damage institutions and organizations. In light of this fact, businesses should be mindful of not just the ever-growing number of vulnerabilities but also of the cybersecurity threats that are on the rise with the time.
Visit AISS2020 page to know more about AISS overview, key sessions, highlights, who should attend & register for FREE: https://www.dsci.in/events/aiss-2020/
That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.
Data acquisition is that the method of gathering information from mobile devices and their associated media. This method reduces the possibilities of information loss thanks to injury or battery depletion throughout storage and transportation.…
With significant data breaches hitting the headlines each year, healthcare cybersecurity is a major and expanding area for investment. Some experts predict the market will grow by almost 20% over the next five years, and it’s not difficult to see…
Look at the biggest names in the digital space – Google, Facebook, Amazon. A common factor in their success stories is how they have aced at connecting with their users, knowing their preferences, browsing habits, topics that interest them, and how…
Client credentials flow in OAuth 2.0 is generally used for authenticating the service rather than the user. This grant_flow is used for machine-to-machine communication.
In this grant flow, the client registers itself with the OAuth 2.0 compliant…
What is the chain of custody in computer forensics?
The chain of custody in digital forensics can also be referred to as the forensic link, the paper trail, or the chronological documentation of digital evidence. It indicates the gathering,…
Web based attack - SQL Injection (SQLi)
SQL Injection (SQLi) is a type of injection attack that allows malicious SQL commands to be executed. These commands are used to control a database server that is connected to a web application. SQL Injection…