Android Century
  • Home
  • Android Zone
    • Android Apps
    • Android Games
    • Apps APk Files
    • Games Apk Files
    • Apps Hack Tricks
  • Reviews
  • Fantasy Zone
    • Entertainment
    • Quotes and Status
    • Life Style
    • Home Made Tips
    • Hair Care
    • Skin Care
    • Fantasy Tips
  • Tricks
    • Free Recharge
    • Free Internet
    • shopping Cashback
    • Recharge Cashback
  • Tech
  • Mobiles
  • Gadgets
  • News
  • How To's
  • Software
Breaking
  • How to Take Great Photos With Apple's iPhone X
  • Samsung Galaxy S9+ Review
  • Asus VivoBook 15 (X510UA) Review
  • Xiaomi Redmi 5 with 18:9 display
  • Vivo V9 with dual rear cameras
  • Xiaomi Redmi 5 launch
  • Vodafone partners with Tecno to offer Rs 2200 cashback
  • LG G7 with iPhone X-like notch
  • Oppo F7 India launch confirmed
  • Alcatel 1x with Android Oreo (Go edition) announced in India
  • Huawei P20, P20 Pro, P20 Lite price
  • Xiaomi MIUI 9 global stable ROM rolling out for all smartphones
  • Nokia 9 to sport iPhone X-like notch
  • Samsung Galaxy S9 passes scratch
  • Huawei Y9 2018 with four cameras, 4000mAh battery launched
  • OnePlus 5T gets Android 8.1 Oreo in open beta 4
  • Samsung Galaxy Note 9 won’t get under-display fingerprint scanner
  • Oppo F7, Mi Mix 2S, LG G7 and more
  • Oppo F7 with iPhone X-style notch to launch
  • Motorola could cancel Moto X5, layoffs hit Chicago office

Featured post

How to Take Great Photos With Apple's iPhone X

Recent Posts

Labels

  • Android Apk Files
  • Android Apps
  • Android Games
  • Apps Apk Files
  • Entertainment
  • Fantasy Tips
  • Gadgets
  • Hair Care
  • HomeMade Tips
  • How To's
  • News
  • Quotes
  • Quotes & Status
  • Recharge Cashback
  • Recharge Promo Codes
  • Shopping Cashback
  • Technology
  • skin care
Home / News / Hitachi hackers cashed in on security gaps in India's worst-ever cybersecurity breach

Hitachi hackers cashed in on security gaps in India's worst-ever cybersecurity breach

Latest Govt. Jobs 21:25:00 News Edit
Hitachi hackers cashed in on security gaps in India's worst-ever cybersecurity breachFrom late May to end July of 2016, India was struck by what till now is the worst cyber breach to compromise the country’s payments network. Bank customers, including several foreign travellers, using as many as 3.2 million debit cards feared that their accounts had been hacked.

Weeks after the panic — by when thousands had lost money — it surfaced that hackers had penetrated the network of Hitachi to which some banks had outsourced their ATM transaction processing.

RBI sent out a flurry of dos and don’ts to banks, held meetings with payments companies such as VISA, MasterCard and National Payments Corporation of India; and Hitachi hired a Bengaluru-based payments security firm to carry out a forensic audit.

The audit report, which was submitted to the regulator last week, brings out an uncomfortable truth that most Indian banks and corporates will now have to deal with: anti-virus and anti-malware devices they have installed are no match for targeted cyber attacks. What this means is that if the code of a malware, floated by the hacker, is written in a clever way, it can overcome most anti-malware walls.

The forensic team, stunned by the level of sophistication and ingenuity of hackers who targeted Hitachi, has found that the malware (which is nothing but a software) was so ingenuously written that it could spread within the Hitachi system at an alarming rate. This was despite Hitachi using some of the best security devices.

ET learns that the hackers created a ‘dummy code book’ within the Hitachi system — capturing all possible four-digit numbers from 0000 to 9999 — to steal the PINs (personal identification numbers) of customers as and when they used their cards to withdraw money from ATMs of a private bank in India.

Hitachi hackers cashed in on security gaps in India's worst-ever cybersecurity breach

“What has happened is something of a very sophisticated nature and we have not seen this in our other investigations. I will not able to provide further specifics of Hitachi breach as SISA respects client confidentiality in forensic investigations… We have received a direction from National Security Coordinator, Government of India, to share this report only with Hitachi…” Dharshan Shanthamurthy, founder-CEO of SISA, the company which was hired by Hitachi for the forensic audit, told ET.

SISA has shared some learnings with government agencies. After repeated requests from NPCI, Hitachi is learnt to have shared the report with the national payments company.

The Kill-chain

There are four stages in the ‘kill-chain' of a cyber breach: (1) how the malware gets in; (2) how it escalates within the system; (3) how data is taken out; (4) how effectively the hacker cleans the system it penetrates.

Besides the scale and extent of the compromise, what distinguishes the Hitachi breach compared with past attacks is the pace at which the malware travelled within the Hitachi network once it was inside. “The code was written in a way that it made sure the malware worked on the Hitachi system... it was virtually sitting on the administrator’s laptop,” said another person familiar with the investigation.

According to KK Mookhey, founder of Network Intelligence, which investigated the matter on behalf of one of the banks, the Hitachi breach, with its advanced and targeted nature, was a “watershed moment in the Indian cybersecurity space”.

“Incident response is an area in which most Indian organisations have very nascent capabilities. This breach brought those gaps to light. It also served notice that attackers see Indian financial institutions as lucrative targets,” he said.

While banks have focussed on protecting against malicious code (or malware), attackers are using spear-phishing to get valid usernames and passwords, and then use built-in capabilities of the operating systems like Windows to complete the hack.

“Trying to catch malware is a strategy doomed to failure. Banks have a lot of focus on guarding the perimeter (city walls). However, once somebody sneaks through, they cannot detect the ‘privilege escalation’ and ‘lateral movement’ phase of the attack (behind the city walls). I feel the Hitachi attack was highly targeted, with a specific goal in mind and also succeeded without any prior detection,” said Sahir Hidayatullah, CEO of Smokescreen, which specialises in deception tactics to battle cyber crime.

Beyond ATMs

Besides the sinister power of smartly coded malware, other lessons from the Hitachi breach are:

It’s a mistake to believe that such an attack is isolated to ATM processor environment and will not impact other verticals and establishments in the payments industry.

“This attack vector can happen to any payment environment — banks, wallet companies, UPI (Unified Payments Interface), IMPS (Immediate Payment Service), retailers (ecommerce/brick-and-mortar), national switches and processors. These attacks are not restricted to cardholder environment and can apply to any payment form factor,” said SISA’s Shanthamurthy.

For businesses, the focus has to shift to ‘detection’ rather than ‘prevention’ as preventing the attacker getting an initial foothold is almost impossible. A malware has to be detected before the attacker succeeds at ‘lateral movement’ and ‘privilege escalation’, said Hidayatullah.

If an attack has been successful in one environment, it will most likely be used again and it is not necessary that it will happen in the same industry vertical.

“The bad guys have a better information-sharing mechanism than what we have. They in all probability will go behind the next most vulnerable organisation where they can compromise larger payment data,” said Shanthamurthy.
Share on Facebook Share on Twitter Share on Google Plus

RELATED POSTS


Xiaomi Redmi 5 with 18:9 display

Vivo V9 with dual rear cameras

Xiaomi Redmi 5 launch
Hitachi hackers cashed in on security gaps in India's worst-ever cybersecurity breach Hitachi hackers cashed in on security gaps in India's worst-ever cybersecurity breach Reviewed by Latest Govt. Jobs on 21:25:00 Rating: 5

0 comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments ( Atom )

Search This Blog

TEST BOOK FOR GOVT ENTRANCE TEST

TEST BOOK FOR GOVT ENTRANCE TEST
Find All Latest book for preparation of SSC,RAILWAYBANK PO,RBI,BANK CLERK,GATE ME,GATE CE are available here in less prices, to check out the books click here

Translate

  • Popular Post
  • Random posts
  • Category

Popular Posts

  • Teen Patti Offer 2018: Refer and Earn Flipkart Vouchers Free
    Teen Patti Offer 2018: Refer and Earn Flipkart Vouchers Free
    Teen Patti Refer & Earn Offer:  Hey Guys! Today I make an article about Teen Patti Referral ...
  • 11 things you should understand approximately iOS 11
    Apple introduced the following version of its running system for the iPhone and iPad, iOS eleven ...
  • KingRoot 4.8.1 (136) APK Latest Version Download
    Download KingRoot Latest Version 4.8.1 In Tools by Developer KingRoot Studio ( 4.x / 5  average ...
  • How to Disable Your Mac’s Touchpad When Another Mouse Is Connected
    Laptop trackpads can be annoying. Your palm hits them while you’re typing, moving your cursor ...
  • How to Gain Root Access of An Android Device via KingoRoot Software
    What Does Root Access Mean? Gaining root access of Android is the process of modifying the ...
  • Researchers trick 'CEO' email scammer into giving up identity
    Businesses targeted in email scams don’t always have to play the victim. They can actually ...

Random Posts

  • Here How to Delete your old  WhatsApp Messages
    Here How to Delete your old WhatsApp Messages
    05.03.2017 - 0 Comments
    Sometimes you just want to delete a message from WhatsApp. Maybe it’s something private like a password,…
  • Free Rs.50 PayTM Cash By Doing Your 1st UPI Transaction
    Free Rs.50 PayTM Cash By Doing Your 1st UPI Transaction
    17.02.2018 - 0 Comments
    Meanwhile Here is Another Chance to Get The Free Rs.50 PayTM Cash From The PayTM App With Doing The UPI…
  • TCL P-series Roku smart TV Review
    TCL P-series Roku smart TV Review
    08.07.2017 - 0 Comments
    No entertainer loves to hit the degree at the heels of an act that killed, but such changed into the fate of…
  • 11.02.2016 - 0 Comments
    Love is knowing that some one is there for you ... always
  • UPCOMING MOBILE (SAMSUNG GALAXY C9 PRO)
    UPCOMING MOBILE (SAMSUNG GALAXY C9 PRO)
    09.11.2016 - 0 Comments
    SUMMARY The Samsung Galaxy C9 Pro mobile features a 6.0 Inch display and runs on Android…

Labels

Android Apk Files Android Apps Android Games Apps Apk Files Apps Hack Tricks Entertainment Free Internet Freecharge Gadgets Games Apk Files How To's Laptops Guide Mobiles Reviews Technology Viral's android zone free recharge

Entertainment

Tricks

Popular Posts

  • Researchers trick 'CEO' email scammer into giving up identity
    Businesses ...
  • How to Gain Root Access of An Android Device via KingoRoot Software
    What Does Root ...
  • How to Disable Your Mac’s Touchpad When Another Mouse Is Connected
    Laptop ...
  • Tinyowl Freecharge Offer – Get 15% Cashback + extra 25% cashback using Freecharge [Ultimatez Tricks]
    Tinyowl Freecharge ...
  • Infocus Vision 3 review
    What happens when ...
  • EVGA redesigns its graphics cards following overheating concerns
    Following a ...
  • 11 things you should understand approximately iOS 11
    Apple introduced ...

Random Posts

  • You Can Probably Get Free Lynda.com Access From Your Local Library
    You Can Probably Get Free Lynda.com Access From Your Local Library
    12.03.2017 - 0 Comments
    Maybe you’ve heard of Lynda.com, a popular website with thousands of tutorial videos teaching…
  • Freecharge WIN75 – Get Rs 75 Cashback On Recharge Of Rs 75 (Windows Phone Users)
    Freecharge WIN75 – Get Rs 75 Cashback On Recharge Of Rs 75 (Windows Phone Users)
    17.04.2016 - 0 Comments
    Freecharge is back again with new Freecharge WIN75 offer . Freecharge is offering Rs 75 cashback on recharge…
  • How to Make LibreOffice Writer Templates
    How to Make LibreOffice Writer Templates
    27.01.2018 - 0 Comments
    Templates let you configure all the relevant settings you want pre-applied to documents—font settings,…
  • ZTE Blade V7 with 5.20-inch Display, 2GB Ram Launched
    ZTE Blade V7 with 5.20-inch Display, 2GB Ram Launched
    22.02.2016 - 0 Comments
    ZTE Blade V7 with 5.20-inch Display, 2GB Ram Launched: ZTE mobile makers has launched the ZTE Blade V7 in…
  • Intel merges its AI operations into a brand new unit, focusing on new chips and software program
    Intel merges its AI operations into a brand new unit, focusing on new chips and software program
    25.03.2017 - 0 Comments
    Intel's artificial intelligence efforts have been scattered over many different units but are now being…

Most Popular

  • Teen Patti Offer 2018: Refer and Earn Flipkart Vouchers Free
    Teen Patti Offer 2018: Refer and Earn Flipkart Vouchers Free
    Teen Patti Refer & ...
  • SAMSUNG GALAXY J7 (2016) REVIEWS
    SAMSUNG GALAXY J7 (2016) REVIEWS
    SAMSUNG GALAXY J ...
  • Top 5 Best SmartPhones under 7000 Rs (March 2017)
    Looking for the ...
  • Apple, IBM, Cisco are huge because of Indians, do not deny them H-1B visa: RBI Governor Urjit Patel
    ...
  • SAMSUNG GALAXY J7 (2016) Specifications
    SAMSUNG GALAXY J ...
  • BlackBerry Teases Marshmallow Beta Testing for Priv by Next Week
    Blackberry ...
  • LG Q6 Review
    LG Q6 Review
    2017 is ...

Contact Form

Name

Email *

Message *

Offers Zone

Created By Android Century Distributed by Android Century
  • Home
  • About us
  • Contact us
  • Privacy policy
  • Terms of use
  • Advertise here
Subscribe Via Email Subscribe To Android Century By Email And Get Free Updates. ;-)


Your email address is safe with us!