Is Your Industry Vulnerable To Cyber Attacks?

The number of security incidents in India have also been increasing gradually year-on-year. According to data from CERT-In, there were 50,362 cyber security incidents in 2016. In comparison, there were 27,482 incidents in 2017 until June 2017. We have seen several cyber security incidents in 2017 like the Mirai botnet Malware, Petya, data breaches and WannaCry.

Goverment Agencies

They form the widest reservoir of PII data, given the information they hold on its citizens. These include license records, healthcare information, tax records etc. The data these agencies hold also become a multiple access point to other PII for cyber criminals. Unfortunately, this is also the group that has the least funding for cyber security measures. This makes it a prime and easy target. The worrying aspect is often the intentions behind the cyber attacks on government bodies, given the threat they pose to the safety of a nation.

Hotels And Hospitality

The hotel industry has always been a veritable gold mine of data for hackers who want to sell information on the black market, or get hold of some high value credit card information fast. This is because hotels handle a huge amount of transactional data every single day, and guests often expect a high reserve transaction, or lots of small ones to appear on their statements when they stay in hotels. Hotels also tend to use third party software to handle their reservations and bookings, which means hackers don’t even have to target the hotel itself – they just need to infiltrate the third-party software instead. 

Financial Services

This one really is unsurprising, if we’re honest. Financial services businesses of any kind, even small asset finance outfits, will handle some of the most valuable data out there, along with a hefty bank balance to handle financial transactions. what needs to be kept in mind is that cyber attacks on financial services firms will get more sophisticated as more and more data is now being moved to the cloud. Security vulnerabilities in the financial sector have increased more than 400 percent from 2013, according to cyber security and risk mitigation expert NCC Group.However while they might not realise it, their bank balance isn’t usually what the hackers are after – it’s their customer data. That data includes names, banks, account information and much, much more. All of this information will fetch a small fortune, when sold on the information black market, as well as give them access to some of the most valuable assets out there, so criminals make a habit of targeting financial institutions.

Small Businesses

Even small businesses can handle decent amounts of money, or valuable data, and some of them don’t even know it. The problem however is that small businesses rarely think they can afford the resources and protections they need to keep the business safe. One-man bands are particularly prone to this; thinking that keeping their data on one machine in their home will be enough to protect it – or worse not thinking about it at all.Credit card fraud has now become easier, as information has become accessible and users are often not educated on the basics of privacy and security online. E-commerce has opened a new and not so cryptic access to hackers looking to exploit both the ignorance of common shoppers and the un-advanced security measure taken by vendors online

HealthCare

Healthcare businesses of any size are an attractive target to cyber criminals, but not usually for financial gain. Instead, the root cause of attacks on healthcare institutions usually lies in the wealth of patient data they hold. Cyber criminals aren’t always looking for money after all, sometimes they may wish to steal someone’s identity instead

Manufacturing

Manufacturing is an interesting one, as it doesn’t tend to hold huge amounts of financial or personal data. Instead, the reason for targeting these is often to disrupt the manufacturing process and cause harm to a brand or business that way. It isn’t always the manufacturing firm that’s the end target either – but if that firm has a big contract for the target, cutting off their product supply by interfering with the manufacturing firm is a good way to ensure problems. This could be through DDOS attacks, halting manufacturing or simply deleting data sets to prevent products being created.

Transportation

The digitalization of the transportation industry has opened a gateway to hackers looking to extract PII data from the millions of consumers that access their services. The sheer volume of cross-industry data that is also accurate and time-relevant makes it an easy target for cyber crime, as this data is often passed along different platforms with not necessarily consistent levels of cyber security. These loop holes often form an access way for hackers.

Every day, the malicious software and hacking ecosystem grows by leaps and bounds. Although efforts to combat the threats are mostly reactionary, there are several steps one can take to mitigate the risk of exposing priceless company data, and safeguard your business in the process. It is important to have a foolproof security plan and meticulously follow up on security measures, to be equipped with both the knowledge and the tools to implement the correct actions to secure company and customer data.

Read More

7 Types Of Hackers You Should Know About

   

Hackers can be classified into different categories such as white hat, black hat, and grey hat, based on their intent of hacking a system. These different terms come from old Spaghetti Westerns, where the bad guy wears a black cowboy hat and the good guy wears a white hat.

Script Kiddie 

Script Kiddies don’t really care about hacking into systems and stealing things. They simply copy code and use it for a virus, SQLi or something else. Script Kiddies will never hack for themselves, they will just download some overused software (such as LOIC or Metasploit) and watch a YouTube video on how to use it. A very common Script Kiddie attack would be a DOS (Denial of Service) or DDOS (Distributed Denial of Service), where they flood an IP with so much useless information that it collapses, preventing other people from using it.

White Hat

White Hat hackers are also known as ethical hackers, and they’re the good guys of the hacker world. They help you remove viruses, perform pen tests and generally help people understand where their vulnerabilities are and fix them. Most White Hat hackers will hold some form of computer or security related qualification, and often pursue careers in hacking and cyber security. They love the challenge of finding the holes but have no interest in doing anything with them. There are even a number of qualifications specifically for them – Offensive Security Certified Professional (OSCP), CREST Certified Infrastructure Tester and CREST Certified Application Security Tester. 

Black Hat

Black Hat hackers, or ‘crackers’ are the types of people you often hear about on the news and from businesses trying to sell cyber services. They find banks and big companies with weak security systems and steal credit card information, confidential data or money. Their methods are varied but actually fairly basic most of the time. 

Grey Hat

As with everything in this world, nothing is just black and white. Grey Hat hackers don’t steal information or money like Black Hat hackers (though they may sometimes deface a website for fun), nor do they help people out like white hack hackers. Instead, they spend most of their time just playing around with systems, without doing anything harmful. This type of hacker actually makes up most of the hacking community, even though Black hat hackers garner most of the media’s attention.

 Green Hat

Green Hat hackers are the babies of the hacker world. They are new to the game and mainly use script, like Script Kiddies, but they have aspirations of becoming full blown hackers. They are often found asking questions of fellow hackers and listening with childlike curiosity.

 Red Hat

Red Hat hackers are the vigilantes of the hacker world. They’re like white hats in the sense that they put a stop to Black hat attacks, but they are downright scary in how they do it. Instead of reporting the malicious hacker they find lurking inside a business, they shut them down by uploading viruses, DoSing and accessing their computer to destroy it form the inside out. Red hats use many different aggressive methods to force the cracker out and potentially even kill their computer. The good news is, businesses don’t need to worry about these. 

Blue Hat

And finally, we have the Blue Hat hackers. If a Script Kiddie ever took revenge, he would become a Blue Hat Hacker. Blue Hat hackers will seek vengeance on anyone who has made them angry. Most Blue Hat hackers are fairly new to the hacking world, but unlike green hats, they have no desire to learn.

 This clears a few things up, and gives you a bit of an insight into the world of hacking in all of its color. At Bridewell, our job as White Hat hackers is to keep all of the other hackers out of your business by identifying weaknesses and shoring them up, protecting you, your clients and your data. For more information or to inquire about out security testing process

Read More

The Essential Skills to Become a Master in Hacking

   Many of them want to become a Hacker but they have no idea of what skills we must have to become one. "What skills do I need to be a good hacker????

As the hacker is among the most skilled information technology disciplines, it requires a wide knowledge of IT technologies and techniques. To truly be a great hacker, one must master many skills. Don't be discouraged if you don't have all the skills I list here, but rather use this list as a starting ground for what you need to study and master in the near future.

The Fundamental Skills

These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section, you can move into the intermediary level.Basic Computer Skills

1.Basic Computer Skills

It probably goes without saying that to become a hacker you need some basic computer skills. These skills go beyond the ability to create a Word document or cruise the Internet. You need to be able to use the command line in Windows, edit the registry, and set up your networking parameters.

Many of these basic skills can be acquired in a basic computer skills course like A+.

2.Networking Skills

You need to understand the basics of networking, such as the following.

• DHCP
• NAT
• Subnetting
• IPv4
• IPv6
• Public v Private IP
• DNS
• Routers and switches
• VLANs
• OSI model
• MAC addressing
• ARP

As we are often exploiting these technologies, the better you understand how they work, the more successful you will be. Note that I did not write the two guides below, but they are very informative and cover some of the networking basics mentioned above.

Hacker Fundamentals: A Tale of Two Standards

The Everyman's Guide to How Network Packets Are Routed

3.Linux Skills

It is extremely critical to develop Linux skills to become a hacker. Nearly all the tools we use as a hacker are developed for Linux and Linux gives us capabilities that we don't have using Windows.

If you need to improve your Linux skills, or you're just getting started with Linux, check out my Linux series for beginners below.

Linux Basics for the Aspiring Hacker.

4.Wireshark and TCP-Dump

Wireshark is the most widely used sniffer/protocol analyzer, while tcpdump is a command line sniffer/protocol analyzer. Both can be extraordinarily useful in analyzing TCP/IP traffic and attacks.

An Intro to Wireshark and the OSI Model

Wireshark Filters for Wiretappers

5.Virtualization

You need to become proficient in using one of the virtualization software packages such as VirtualBox or VMWare Workstation. Ideally, you need a safe environment to practice your hacks before you take them out in the real world. A virtual environment provides you a safe environment to test and refine your hacks before going live with them.

6.Security Concepts and Technology

A good hacker understands security concepts and technologies. The only way to overcome the roadblocks established by the security admins is to be familiar with them. The hacker must understand such things as PKI (public key infrastructure), SSL (secure sockets layer), IDS (intrusion detection system), firewalls, etc.

The beginner hacker can acquire many of these skills in a basic security course such as Security+.

7.Wireless Technologies

In order to be able to hack wireless, you must first understand how it works. Things like the encryption algorithms (WEP, WPA, WPA2), the four-way handshake, and WPS. In addition, understanding such as things as the protocol for connection and authentication and the legal constraints on wireless technologies.

To get started, check out my guide below on getting started with wireless terms and technologies, then read our collection of Wi-Fi hacking guides for further information on each kind of encryption algorithms and for examples of how each hack works.

Getting Started with Wi-Fi Terms & Technologies

The Aspiring Hacker's Guide to Hacking Wi-Fi

The Intermediate Skills

This is where things get interesting, and where you really start to get a feel for your capabilities as a hacker. Knowing all of these will allow you to advance to more intuitive hacks where you are calling all the shots—not some other hacker.

8.Scripting

Without scripting skills, the hacker will be relegated to using other hackers' tools. This limits your effectiveness. Every day a new tool is in existence loses effectiveness as security admins come up with defenses.

To develop your own unique tools, you will need to become proficient at least in one of the scripting languages including the BASH shell. These should include one of Perl, Python, or Ruby.

Perl Scripting for the Aspiring Hacker

Scripting for the Aspiring Hacker, Part 1: BASH Basics

Scripting for the Aspiring Hacker, Part 2: Conditional Statements

Scripting for the Aspiring Hacker, Part 3: Windows PowerShell

The Ultimate List of Hacking Scripts for Metasploit's Meterpreter

9.Data Skills

If you want to be able to proficiently hack databases, you will need to understand databases and how they work. This includes the SQL language. I would also recommend the mastery of one of the major DBMS's such SQL Server, Oracle, or MySQL.

The Terms & Technologies You Need to Know Before Getting Started

Hunting for Microsoft's SQL Server

Cracking SQL Server Passwords & Owning the Server

Hacking MySQL Online Databases with Sqlmap

Extracting Data from Online Databases Using Sqlmap

10.Web Applications

Web applications are probably the most fertile ground for hackers in recent years. The more you understand  how web applications work and the databases behind them, the more successful you will be. In addition, you will likely need to build your own website for phishing and other nefarious purposes.

How to Clone Any Website Using HTTrack

How to Redirect Traffic to a Fake Website

11.Cryptography

Although one doesn't need to be a cryptographer to be a good hacker, the more you understand the strengths and weaknesses of each cryptographic algorithm, the better the chances of defeating it. In addition, cryptography can used by the hacker to hide their activities and evade detection.

12.Reverse Engineering

Reverse engineering enables you to open a piece of malware and re-build it with additional features and capabilities. Just like in software engineering, no one builds a new application from scratch. Nearly every new exploit or malware uses components from other existing malware.

In addition, reverse engineering enables the hacker to take an existing exploit and change its signature so that it can fly past IDS and AV detection.

Read More

CYBER CRIME & TYPES

What is Cyber Crime

While the term cybercrime has gained widespread recognition and popular use, it has taken some time for the term to be recognized by an actual definition used by dictionary, legal, and crime prevention sources. Cybercrime is now defined as any criminal offense that is facilitated by, or involves the use of, electronic communications or information systems, including any electronic device, computer, or the internet.

Types of Cyber Crime

While the umbrella term of cybercrime covers a great many possibilities as to types of crimes, these are broken into several categories. In some types of cybercrime, a computer or other electronic communication device is used to commit the crime, and in other types of cybercrime, the computer or device is the actual target of the crime..

Computer Viruses

A computer virus is simply a small computer program that places copies of itself onto other computers without the users’ consent. The most common way for the makers of computer viruses to propagate their virus programs is to attach or embed them in emails. When the email is opened, the virus activates and does whatever it was programmed to do, such as steal valuable hard drive disk space, destroy data on the recipient’s computer, access personal information, or to send information (or itself) out to other computers using the original victim’s contact list.

Identity Theft

Identity theft involves stealing an individual’s personal information, then using that information to either use their financial resources without their consent, or to open new financial or credit accounts, enabling the identity thief to use the victim’s credit without their knowledge. Information commonly stolen to make these crimes possible include the individual’s name, date of birth, social security number, and/or credit card numbers.

While such information can be physically obtained from written records, such as credit applications discarded by a retailer, it is frequently stolen through breaches in people’s computer security, spyware, and viruses. Personal identifying information can also be stolen when a computer-savvy person hacks into a computer network, such as a network over which a bank or retail establishment shares information with its branches. These types of breaches allow hackers to snare huge blocks of information at a time.

Cyberbullying

Cyberbullying occurs when someone uses the internet, a cell phone, email, instant messaging, chat rooms, or social networks, such as Facebook and Twitter, to harass, demean, embarrass, or intimidate someone else. It is commonly a crime committed by kids and teens, as their growing access to electronic communication makes it possible to make fun of or ostracize others. The problem spreads like wildfire as the bully can hide behind the anonymity of a login identity, while encouraging other kids to join in the “fun” of harassing the victim.

It should be noted, however, that cyberbullying is not the exclusive domain of adolescents, but is committed by, and on adults. Cyberbullying is a crime, garnering such criminal charges as harassment, libel, assault, and even terrorism. In addition to criminal charges, cyberbullies may be held responsible for the damage they do in a civil lawsuit, where they may be ordered to pay medical bills and other expenses, as well as money for pain and suffering and mental anguish.

Cyberterrorism

Cyberterrorism is defined as any threat of harm or extortion via the internet. As computers and computer systems grow in size and power, cyberterrorism makes use of well-planned attacks on government and corporate computer systems. Such attacks may include targeting computer-controlled strategic services, such as electricity, water, and communications services.

The U.S. legal system defines cyberterrorism as “the use of computing resources against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”

Cybercrime Prevention

Cybercrime has become a bigger criminal moneymaker than illegal drug trafficking.

Every 3 seconds, someone’s identity is stolen as a result of cybercrime.

Without a quality internet security program, a computer can become infected with a virus within four minutes of connecting to the internet.

Companies in the U.S. lose more than $525 million each year due to cybercrime.

FBI Cybercrime Division

The FBI Cybercrime Division leads the country’s law enforcement effort to investigate, prevent, and prosecute high-tech crimes, including all manner of cybercrime. In an effort to stay abreast of emerging cybercrime trends, the FBI cybercrime division shares intelligence and evidenced gathered with both public law enforcement units and private sector cybercrime prevention partners all over the globe.

Read More

HACKING LAWS

  Computer Hacking Laws

As the country progresses towards a digital age where everything would be available with the click of a button, the threat of data and private information being stolen has constantly been disturbing. It is ironical to see that the most trusted source of information and a store for data can turn out to be a wide platform for some to steal information. The Information and Technology Act, 2000 (IT Act) covers all types of cyber crime committed in the country including hacking

Hacking earlier used to refer to a crime under section 43 of the IT Act but at the same time, ethical hacking or better known as white collar hacking was considered legal. Ethical hacking is also being taught by various professionals at schools and colleges. So a need was felt to differentiate between good and bad hacking. Under the amendment IT Act in 2008, the word ‘hacker was removed from the act. The reason for the same was that ethical hacking is taught by a lot of professionals at various schools and colleges, and colleges cannot teach anything illegal. So the same word should not be used. The amendment rephrased section 66 and section 43 by removing the word hacking from the Act.

   Hacking in India

There have been numerous hacking attacks on Indian government websites where state government websites or defense websites have been hacked. Some time back, the Principal Comptroller of defense accounts website was hacked due to which defense officials could not access their salary information. The government, to reduce hacking of precise work, has agreed to the proposal of DEITY, which is the department of information and technology to stop using popular email ids for official purpose and has sanctioned a budget of Rs. 100 cores to safeguard the data. The websites of state governments have also been hacked in the past. The official website of Maharashtra government was hacked, and the hackers were not traceable.There have been some professional hackers in India who have taken huge amounts to hack data from websites. In the infamous case of Amit Tiwari, who was a global hacker, he has hacked more than 950 accounts since 2003 and was caught by the police only in 2014. This shows the lack of evidence and the difficulty in arresting a hacker.

The effectiveness of Computer Hacking Laws

Like any other law, the effectiveness must be determined by its deterrence. While there will always be those that want to see if they can do it, and get away with it (any crime), there are always the many more who may not do something if they are aware of its unlawfulness - and possible imprisonment. 

In the early 1990's, when hacker efforts stopped AT&T communications altogether, the U.S. Government launched its program to go after the hackers. This was further stepped up when government reports (by the GAO) indicate that there have been more than 250,000 attempts to hack into the Defense Department computers. First there were the laws - now came the bite behind it. One of the effects of computer hacking brought about focused efforts to catch them and punish them by law. 

Then, more recently, the U.S. Justice Department reveals that the National Infrastructure Protection Center has been created in order to protect our major communications, transportation, and technology from the attack of hackers. Controlling teens and hackers have become the focus of many governmental groups to stop this maliciousness against individuals, organizations, and nations.

Read More

INTRO OF ETHICAL HACKING

WHAT IS ETHICAL HACKING!!

Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks. Cybercrime is committing a crime with the aid of computers and information technology infrastructure. Ethical Hacking is about improving the security of computer systems and/or computer networks.

ETHICAL HACKER!!

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat.

One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers.

Read More