Security this week, July 11, 2020

With the Covid-19 outbreak, the security attacks have increased manifold. This is set to make this year the one with most data breaches. Scams that impersonate big firms that are being run not only through phishing but also through social engineering are increasing day by day. Apart from this, the various platforms are having to level up their security protocols to deal with the increased threats being posed these days. 

Let us have a look at the various happenings in the domain of security in the week gone by:   

2020 set to break data breach records 

2020 is recording a very high number of data breaches amid the pandemic

Even though the pandemic struck world is only halfway through 2020, it is already on track to set a new data breach record. Since the turn of the year, Covid-19 wreaked havoc on the world creating a platform for hackers to take advantage of. Billions of records were stolen across industries like healthcare, social media, entertainment, technology, logistics, etc. According to researchers, a total of around 16 billion records were exposed so far seeing a 273% rise from the numbers of the first half of 2019. Phishing scams have increased manifolds and social engineering have committed many frauds in the year.  

People as well as enterprises are advised to avoid sharing too much information on multiple platforms. Also one should be vigilant for phishing emails and private messages. 

UK victims targeted by HSBC SMS phishing scam 

Phishing attack in name of HSBC attempted in UK

A new phishing scam was uncovered which is targeting people in United Kingdom. The scam is designed to trick its victims into handing over the details of their HSBC bank accounts. Litigation specialists, Griffin Law discovered the scam. They stated further that the security threat begins with a bogus message that claims to be from HSBC. The message is regarding a payment made through HSBC app on their phone and informs the user that if they are not responsible for the payment, they should head to a fake website to validate their bank account from where they extract sensitive information. More than 50 people came forward stating they received such a message. Although no reports have emerged which state that the scam was successful.  

Users are advised therefore to only rely on official messages passed on by the organizations and be vigilant with regards to their information. 

Malware bypasses Google Security to spread through Play Store 

Joker spreads through Google Play thby posing as a legitimate app

An android malware was uncovered by Check Point security researchers called Joker (or Bread). The malware hides under disguise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their consent. The malware supposedly has found a way to bypass Google’s Play Store protections. Joker is found to be notorious for billing fraud along with its spyware capabilities including contact lists, device information, and SMS messages. As a result, 11 suspicious applications were removed by Google. Also, users of the infected apps were advised to check for any suspicious payments which they might not recognize. In addition, they should make sure they scrutinize permissions for every app. 

In such troubling times, hackers are always on the lookout for easy victims, so one needs to keep a constant check on his/her transactions and application usage and permissions accordingly. 

Additional security features unveiled by JioMeet to prevent hacks 

JioMeet enhances its security protocols

JioMeet, Reliance Industries’ unlimited video conferencing application added more security features. The app which allows up to 24 hours of free video conferencing wanted to prevent Zoom-like attacks. These attacks involved the hackers posting obscene images on the screens. It provides encrypted and password protected solutions in which now the host can disallow guests from joining a meeting without sign-in and disclosing their identity. JioMeet also integrated its offerings with traditional enterprise video conferencing solutions along with single use sign on for the enterprise users. Security has become a major issue with applications that offer remote working solutions. They are the ones targeted the most by hackers and their security always needs to be maintained. 

With more methods of hacking being devised everyday, enterprises always need to keep up with the pace in terms of security as well. 

Zoom looking for investments in India after clarifying stance with China 

Zoom clarifies security stance amid Indo Chinese tensions

Video conferencing app, Zoom has seen a huge increase in downloads in these pandemic affected times. Meanwhile, it has also had multiple security concerns in the past months. Also, with increased tension between India and China, there were allegations linking Zoom with China. Zoom denied all the alleged links to China to escape an impending ban on one of its largest customer bases. Back in April, Zoom was issued an advisory. It warned it on the account of it not being a safe platform and issued guidelines for its users. Zoom has been tightening its security since then having acquired Keybase for the same. Zoom hopes not to have any hurdles in expanding further in the market due to such allegations and make its platform more secure for its users. 

Furthermore, with growing tensions between India and China, a lot of applications have come under scrutiny in terms of their security as well has relations with the concerned country. Users are advised to keep their application usage and related permissions in check. 

Your browser doesn’t support HTML5 audio


Digital Transformation

Demystifying DX - Stories, lessons, and applications.