Trickbot – new entrant in the Indian Online Banking Cyberspace

Mr Govind Rammurthy, CEO & MD, eScan

Ransomware is not the only prevalent threat these days; there are threats too which have been making their foray. We humans tend to forget that security is an on-going process and is not limited to one single threat. We have to be on our toes 24×7 and be alert at all times, ensure that all the SOPs are adhered to and also ensure regular audits of all the security processes and procedures.

For past few weeks, Ransomwares has gained notoriety specifically due to the exploits used by WannaCry Ransomware, however during the same period, TrickBot a banking Trojans too was working towards stealing banking credentials and gaining access to the banking accounts of the victims.

Thanks to the release of the source code of Zeus Bot a couple of years ago, we have observed a rise in Trojans which share the same / similar codebase with that of Zeus. On these similar lines, Trickbot shares many similarities with Dyre yet another banking malware.

Trickbot’s configuration contains the list of Banking URLs which when accessed by the victim would be intercepted and exploited. In recent weeks, Trickbot has expanded its attack vector and has truly gone global and targets numerous banks, payment processors and CMS systems.

Targeting CMS systems, provides Trickbot with the access credentials which can then be further leveraged to carry out targeted attacks which includes spear phishing attacks and up to a certain extent water holing attacks.

Recently, Trickbot added a couple of Indian Banks to its configuration viz. SBI Bank and ICICI considering their huge consumer base, however we are yet to observe any active attack on the consumers.

Moreover, in coming weeks/months we expect much larger campaigns targeting Indian Online Banking Customers and a few more Indian banks to be added by Trickbot into its configuration. Furthermore, based on the success of Trickbot, we may also observe other banking Trojans sneaking into the Indian Cyberspace.

We at eScan believe that it is our duty to be proactive in alerting the users about the potential attacks, which will assist them to take necessary precautions. Moreover, eScan users are protected from the threats posed by Trickbot and all the other Banking Trojans.

Advisory:

• Net-banking users should implement an Antivirus/Internet Security Suites on all of their devices including their mobile phones.
• Regularly apply the patches, which have been released by Software Vendors.
• Implement Email Gateway security solutions to protect your organization from malicious emails.

WannaCry hits Honda; Halts Japan Car Plant

On Sunday, Honda discovered that the virus had affected its networks across Japan, North America, Europe, China and other regions, and has since shut down production at one of its plants in Japan. (Source: Honda halts Japan car plant after WannaCry virus hits computer network)

Commenting on this recent outbreak, Gavin Millard, Technical Director, Tenable said “That the exploitation of MS17-010 through WannaCry and other derivatives is still causing a problem is hardly surprising. Conflicker and MS08-67, the main vulnerability it exploited, is still popping up on occasion nine years after it began infecting millions of systems around the world. To reduce the probability of being infected by ransomware, and more concerning a targeted attack leveraging the same vulnerabilities, continuous visibility into the vulnerability status of every asset in the modern computing environment is critical in reducing the available attack surface. Of course, just patching these bugs isn’t always simple, as it could cause disruption to the organisation. If that is the case, then compensating controls must be put in place and proper, risk-based decisions must be made.”

Put simply if you can’t patch it, protect it, and if you can’t do either then prepare to pay. — Gavin Millard, Technical Director, Tenable.

Doxis4 installation is certified for ISO 14641-1: 2012

The smart “Fort Knox” for information

BONN, Germany / NEW DELHI, India – June 21, 2017 – Data protection, access protection, immutability – these requirements are covered by ISO 14641-1: 2012 in its specifications concerning the design and the operation of an information system for electronic information preservation. The independent certification authority SP Certifications London* has certified that the Doxis4 iECM suite conforms to this high international standard. Information stored in Doxis4 fulfills rigid security standards and is protected from manipulation and unauthorized access.

If documents must be used as valid evidence in a court or administrative process, then their immutability must be irrefutable. In situations like these, the international norm ISO 14641-1: 2012 poses a number of organizational procedures and technical requirements for capturing, storing and accessing electronic documents and processes. With Doxis4, SER customers are able to fulfill these requirements according to the most rigid security standards. “Information is the most valuable good that a company has to protect! With Doxis4, our customers can create their own ISO-14641-1: 2012-certified ‘Fort Knox’ for their data and documents, which are always stored securely and protected from attacks,” explains Klaus Eulenbach, SER’s Head of Technology.

Security is a top priority for SER. Already certified according to ISO 16175-2 (for records management), Doxis4 has achieved one of the highest possible security levels for ECM systems. The installation certification according to ISO 14641-1: 2012 reinforces this even further. The certifications are strong proof for international firms that Doxis4 is the right ECM solution to fulfill international requirements for handling information subject to retention.

# # #

About ISO 14641-1: 2012 (electronic archiving – part 1)

ISO 14641-1: 2012 is based on the French AFNOR standard Z42-013 Systemes d’ Archivage Electronique (SAE), compiled by l’Association des professionals pour l’economie numerique (APROGED). The SAE standard covers the design, the necessary system components, and the operation of electronic archive systems. For more information about ISO 14641-1: 2012, click here.

*Certification of the Doxis4 (version 3) installation was issued by the independent certification authority SP Certifications London at Lakson Technology Private Limited.

About SER Group

SER connects people, products and processes in the most efficient way possible to create the digital workspace of the future. With our leading Doxis4 iECM suite we have been setting new standards in the development of enterprise content management software (ECM) for the past 30 years. More than one million satisfied users worldwide rely on our user-friendly solution to increase their return on information. The unified platform for ECM and BPM (business process management) seamlessly integrates content and processes to the benefit of its users. ECM Excellence by SER unites vision, inspiration, experience, awareness and the expertise of our team of over 550 employees.

With sales representations in Germany, Austria, Switzerland, BeNeLux, France, Iberia, Poland, Russia, United Kingdom, India and China, we offer our customers localized products and services according to their needs. An international network of professional business partners supports us in further locations. For more details please visit www.ser-solutions.com

Edimax AirTracker Outdoor Location Tracking Solution Wins iF Product Design Award

Celebrates yet another remarkable year at Computex 2017 by showcasing AirBox success story and award winning AirTracker smart city air-quality monitoring

NEW DELHI, India – June 9, 2017-Edimax Technology, a leading provider of premier networking solutions, a leading smart-connected home solutions provider, is the proud winner of yet another iF product design award. Recognized internationally as a symbol of design excellence, iF award is one of the worlds most celebrated and valued design competitions. “We are proud & honored to receive ‘iF Product Design Award’ for innovative design award. The award clearly symbolizes our efforts to bring in products with outstanding quality of design, workmanship, environmental compatibility, functionality and innovation,” said Sanjay Joshi, Country Manager at Edimax India. “Edimax will continue its effort to be trend setters, identify future trends, offer service enhancements and fulfill the lives of our consumers through consumer-focused innovations.”  AirTracker: Location Tracking: The Edimax AirTracker consists of the AT-101G, a portable outdoor signal receiver alongside the iF award-winning AT-101T, a wearable outdoor tracker and boasts a range of 5km. A single AT-101G portable receiver can detect up to fifty AT-101T wearable trackers and provide real-time positioning of each connected tracker. It is with great honor that Edimax announces the AT-101T portable tracker’s selection by a panel of esteemed judges for the iF product design award 2017, on criteria including design quality, innovation, functionality and ergonomics. The Edimax AirTracker can pinpoint the location of loved ones or any precious item. The solution is ideal for use while camping, hiking or at large amusement parks and can even be used to establish a ‘safe zone’ around homes to monitor children or the elderly. AirBox: Leading Air-Quality Monitoring Solution: The success story of Edimax’s AirBox, the world’s leading network and big data total air quality monitoring solution, continues to strengthen. Already deployed in more than 1300 schools, AirBox offers real-time detection of air pollution levels, anywhere, anytime. The AI-2002W, a smart IoT indoor air-quality detector can identify more than ten harmful particulates/substances such as PM2.5, HCHO, CO2 and TVOC. Edimax invites city governments, schools and global citizens to join the AirBox project to collectively raise air-quality awareness and develop more livable cities around the world.                                                     # # # About Edimax Technology Headquartered in Taiwan (Republic of China), Edimax was established in 1986. Since inception they have grown to be one of the world’s leading manufacturers of advanced network communication products. Edimax Technology is dedicated to design, development, manufacture, and marketing of a broad range of networking solutions. Their success is based on a positive corporate image and continuous expansion of our partner channel networks. The company’s core values include quality service, professional R&D and innovation. It has been listed at the Taiwan Stock Exchange since 2001 with consistent year-on-year revenue growth. In 2003, Edimax received ISO 9001 and ISO 14000 certification and in 2014 was ranked in the top 35 most valuable international Taiwanese brands by Interbrand. To know more, please visit www.edimax.com

Fireball – The Inferno Within

There are very few countries which emanate threats globally, with China being one of them. Fireball is a legitimate software since it is digitally signed by the very organization which has developed it, however it also bundles up malicious binaries and browser extensions.

Traditionally, ad-wares were never considered to be malicious, since their sole intention was to redirect traffic and bombard the user with advertisements, and furthermore, these ad-wares were always bundled with other legitimate software, so that unsuspecting users ended up installing them too. Besides, there exists Pay-Per-Install (PPI) revenue sharing model between the developers and the bundled software providers. Due to the fact that they piggyback on a popularity of legitimate software, this association is profitable for all the stakeholders.

Fireball, not just installs an ad-ware, but also manipulates the victims default browser search engine to fake ones, which in turn redirect the search query to Yahoo.com or Google.com. However, these fake search engines do a lot more than simple redirect, they track the users and they can spy on their victims too by dropping and executing malwares.

The concern around Fireball is that the adware it installs after downloaded to a device, is capable of installing malwares using backdoor. This in turn could be used by cyber criminals to exploit and use to push malicious codes or exploits to create large scale attacks or disruptions. Though adware installation by various software download applications are seen as an accepted practice by the end-users, however the Fireball issue could be different than what meets the eye, which is a huge concern with its largest install base of more than 250 million devices worldwide.

eScan’s Advisory suggests the below precautions to be implemented for such attacks in the ever growing complex cyber threat landscape:

• eScan recommends using an adware scanner to scan if there is anything wrong with the browser
• Once you found the adware in the system, go to Programs and Features list in the Control panel of Windows OS to uninstall the program
• MacOS users should user finder to locate and uninstall the application. After that empty the trash to delete the compromised file
• Go to your browsers and explore tools and extensions to uninstall anything suspicious
• Do a regular check for any unauthorized or suspicious browser extensions and plug-ins to make sure your homepage and search engine are the ones that you have set
• Always opt for custom installation and then de-select anything that is unnecessary or unfamiliar

The information provided above will help you to protect your system from being victim of Fireball malware.