Archive for March 31, 2021

Here’s How to Safeguard Against Mobikwik Data Breach

 

Cybersecurity researchers claimed that the KYC data of as many as 11 crores Mobikwik users had been leaked and put up for sale on the dark web. However, the Gurugram-based digital wallet company is denying the data breach by stating that they have not discovered any evidence of a data leak.

Rajshekhar Rajaharia, an independent cyber-security researcher was the first person who disclosed the data leak in February. He had said that bank details, email addresses, and other sensitive details of nearly 11 crore Indians were leaked on the dark web. 

Approximately, 8 terabytes (TB) of personal user information were stolen from Mobikwik’s main server by a hacker named ‘Jordan Daven’ and put on dark web platforms on January 20, Rajaharia stated. As a shred of evidence, Jordan Devan emailed the link of the stolen database to PTI and stated that they do not have any other motive of using the data except to acquire it from the company and delete it from their end and also shared the private details of Mobikwik founder Bipin Preet Singh and CEO Upasana Taku from the stolen database. 

When approached, Mobikwik denied the claims and stated, “the company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of breach.” 

Precautionary measures for Mobikwik users 

To check out whether your data is compromised or not, you have to download the Tor browser. It is a free and open-source web that helps you anonymously browse the web. You should also update your Mobikwik account by setting new passwords and setting up two-factor authentication. 

Open this link to access the entire database of the leak that is now online. Search for your data by using your email id or contact number. If nothing pops up, you are safe but if something does pop up then you should immediately contact your bank, and block your cards now.

Data Leak of 10cr Users: ‘The Largest KYC Data Leak in History’

 

According to cybersecurity researcher Rajshekahar Rajaharia, mobile payment app Mobikwik came under attack after the data of 10 crores of its users was posted for sale on a hacker website on the dark web. The alleged data breach was conducted by a group of hackers known as the ‘Ninja Storm,' who have also been selling the ‘leaked' details online since March 26. 

The data is being sold for 1.5 Bitcoins, which is nearly Rs 63 lakhs, as per a post by the hacker community. Ever since tens of thousands of people have taken to Twitter to share screenshots of their personal information being exposed. It is the ‘largest KYC data leak in history,' according to cybersecurity researcher Elliot Laderson. 

Personal information of merchants who obtained loans via Mobikwik is also said to be available for purchase in exchange for bitcoins. Over 4 crore Mobikwik customers' card details and hashes are reportedly included in the leak. 

The Gurugram-based fintech firm has maintained a denial of its involvement in the breach, accusing the researchers who made the infringement public of being "media-crazed" and offering "concocted files" as evidence. "We thoroughly investigated and did not find any security lapses. Our user and company data are completely safe and secure," said a spokesperson from Mobikwik. 

On January 20, a hacker named 'Jordan Daven' took over 8 terabytes (TB) of private user data from Mobikwik's main server and posted it on dark-web websites, according to Rajaharia. “Regular keys and passwords should have been changed and logs should have been monitored to prevent this kind of security compromise,” he said. 

Furthermore, in February, Rajaharia claimed that a hacker was selling Mobikwik user data, including PAN card numbers, Aadhar numbers, debit/credit card numbers, phone numbers, and other personally identifiable information that is typically exchanged mostly during Know Your Customer (KYC) process. 

To complicate things, Mobikwik claims that its technology has not been hacked. In a statement, it said, “Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media.“ 

It isn't the first time Mobikwik has been the target of a cyber-attack. The business witnessed another information security incident in 2010. 

According to reports, the Reserve Bank of India is keeping an eye on such security breaches and has enacted many new regulations, along with the upcoming payment aggregator and payment gateway guidelines, that will limit customer data exposure to a few databases of approved gateways.

MIDC’s Server Hacked, Threat to Destroy Data

 

The server of Maharashtra Industrial Development Corporation was hacked as of late. The ransomware 'SYNack' affected the applications and database servers facilitated at the MIDC headquarters in Mumbai by encrypting the information put away in these servers. Hackers have demanded Rs 500 crore, they have mailed a demand of Rs 500 crore on MIDC's official mail ID, sources said. 

The malware additionally tainted some desktop PCs across various office areas of the MIDC. The assailants had attached a ransom note giving details of the assault and the steps needed to be taken to approach them for decryption of information. Nonetheless, no sum was directly referenced in the ransom note, a statement given by the MIDC expressed. After the hack, every one of the 16 regional workplaces in the state, including the head office in Mumbai, has been shut down. 

The total data of all the industrial estates, entrepreneurs, government elements, and different plans identified with MIDC is accessible on an online system. The whole work has come to a halt since last Monday after the hack. The MIDC approached the police after which the Cyber Crime Police started their probe into the hacking incident, joint commissioner of police, crime, Milind Bharambe affirmed to the FPJ. 

 A statement issued by the MIDC read, "On Sunday, March 21, at around 2:30 AM, we received automated alerts that our applications were down. On further analysis during the day, the ransomware attack was confirmed. MIDC’s applications are hosted on ESDS cloud (services managed by ESDS, Cloud Service Provider) and local servers (managed by MIDC internal team). We have Trend Micro anti-virus license for end-point security monitoring. The details of the ransomware were shared with Trend Micro for further analysis." 

"As an immediate measure, the MIDC systems were disconnected from the network to contain the spread of the virus. The backup files for different application servers were stored on a different network segment on Cloud DC and were not infected. As per the recommendations from Cyber Security experts, several steps are being taken to control the spread of virus and minimize the impact," the statement read further.

278,000 GitHub Repositories Affected by a Critical Networking Flaw in Netmask

 

Security researchers have unearthed a critical networking flaw CVE-2021-28918 in a popular npm library netmask. Netmask is commonly utilized by tons of thousands of applications to analyze IPv4 addresses and CIDR blocks or compare them. 

Netmask usually gets over 3 million weekly downloads, and as of today, has scored over 238 million complete downloads over its lifetime. Apart from this, nearly 278,000 GitHub repositories depend on the netmask. Due to improper input validation flaw, netmask sees a different IP and this flaw could allow hackers to achieve server-side request forgery (SSRF) in downstream applications.

 Security researchers Victor Viale, Sick Codes, Nick Sahler, Kelly Kaoudis, and John Jackson were responsible for tracking down the vulnerability in the popular netmask library. The flaw was initially detected when security researchers including Codes were designing a patch for a separate, critical, SSRF flaw (CVE-2020-28360) in downstream package Private-IP, which helps in preventing personal IP addresses from communicating with an application’s internal resources.

According to a GitHub advisory published by Sick Codes, “the primary cause of the problem turned out to be Netmask’s incorrect evaluation of individual IPv4 octets that contain octal strings as left-stripped integers, leading to an inordinate attack surface on hundreds of thousands of projects that rely on Netmask to filter or evaluate IPv4 block ranges, both inbound and outbound.”

Security researchers initially discovered the flaw on March 16 and advised node js developers to examine their projects for use of Netmask and upgrade immediately if they identify the package in use. Sick Codes stated that the 30 billion nodejs packages downloaded last week were mostly installed by automated CI/CD pipelines and with no manual runtime inspections.

Olivier Poitrey, netmask developer and director of engineering at Netflix, released a series of patches [1,2,3] for the bug to GitHub, containing test cases validating that IPv4 octets with 0 prefixes are treated as octal and not decimal numbers. Earlier this month, the Perl component Net::Netmask also suffered from this bug.

Live Broadcast Got Disrupted Due to Cyber-Attack on The Australian Tv Network- Nine

 

A cyber-attack on Australia's Channel Nine TV network has interrupted live broadcasts, raising questions about the country's exposure to hackers. ‘Weekend Today’, the broadcaster's Sunday morning news program that broadcasts from 7:00 a.m. to 1:00 p.m. from its Sydney headquarters, was also unable to air. In addition, the network's 5:00 p.m. newscast was also not broadcasted in Melbourne. 

The hack was being investigated as "criminal sabotage or the work of a foreign nation," according to Nine. On Sunday, Australia's parliament was looking into a potential cyber-attack in Canberra. Entry to IT and emails at Parliament House has been restricted as a precaution, according to Assistant Defense Minister Andrew Hastie. 

“We wish to inform you there has been a cyber-attack on our systems which has disrupted live broadcasts out of Nine Sydney,” reads an email sent by the company to staff. “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units.” 

The company reported that it had placed in position contingencies to ensure that its NRL and 6:00 pm news broadcasts would go ahead as scheduled. While the IT team has been working nonstop to fully restore their systems, that have mainly impacted their broadcast and corporate business units. The publishing and radio systems are still up and running. 

The broadcaster expressed optimism that the ‘Today Show’ would be able to resume with normal programming. Until further information, all employees have been requested to operate from home. Emails did not appear to be affected, according to the company, but the Nine IT network was. The company had previously reported that it was "responding to technical issues" that were impacting its live broadcasting. 

“Cyber hackers have targeted Channel Nine in a massive ransomware attack bringing down its network Australia-wide. No-one has claimed responsibility for the bug but IT experts are working to bring systems back on-line,” said Loxley. 

According to a source, Nine management had told staff that a "malicious" cyber-attack was suspected as the cause. The Australian Financial Review, which is also owned by Nine, also announced that the media group was possibly the victim of a cyber-attack, which could have long-term consequences.