Security this week, July 4, 2020

In the week gone by, we have witnessed Indo-China tensions which have resulted in 59 Chinese applications being banned in India. Furthermore, India has been investigating foreign companies to ensure the safety of the Indian data and imposing regulations for the same. Apart from that hackers have been yet again involved in security attacks across various systems and vulnerabilities have been discovered by researchers and have been patched by the related companies. This shows the need for every user to back up his data and keep his applications updated. 

Now let us have a look at all the major happenings in cybersecurity of the past week: 

GOI reconsidering the presence of Huawei and ZTE Corp in terms of security threats to India 

Huawei and ZTE Corp comme under the radar after banning of 59 Chinese applications

The Government of India after banning 59 Chinese applications, is considering if the presence of China’s Huawei Technology Co and ZTE Corp are a security threat to the nation or not. Some reports linking both companies to the Chinese ruling party and the People’s Liberation Army (PLA) were found. The two companies were formally designated as national threats by Federation Communications Commission (FCC) to the US earlier. The officers of the Department of Telecommunications (DoT) and Ministry of Home Affairs (MHA) are reconsidering these two companies. Both the companies have denied all such allegations linking them with security threats.  

More inspections in the systems of not only Huawei and ZTE but also other Chinese companies are expected to follow amidst the tension between China and India. 

Data storage restrictions set on ecommerce companies 

Restrictions to be imposed on data handling of ecommerce companies

A new draft policy proposed a regulator for the ecommerce activities and an ecommerce law to restrict the data companies can store, use, process, analyze, and transfer. This will result in periodic audits of companies that store Indian user data overseas like Amazon, YouTube, Facebook, etc. The related companies will have to make the data available within 72 hours. If they do not so so, they will have to pay a penalty according to the proposition. This empowers the state to regulate and act accordingly against activities that may threaten the security of the country. The draft is being finalized by the Department for Promotion of Industry and Internal Trade (DPIIT).  

This will lead to strict regulation on the data the companies might use without any sensitive leaking of the same to abroad where some authorities may wish to misuse it. 

MacOS users being targeted by pirated applications 

Ransomware “EvilQuest” targetting MacOS users

A new kind of ransomware was found by researchers from K7 Labs. This targeted macOS users and spread through pirated applications. The ransomware named “EvilQuest” is packaged alongside legitimate applications which disguises itself on installation as Apple’s CrashReporter or Google Software Update. This not only encrypted the user’s files but also had capabilities to endure log keystrokes, steal cryptocurrency wallet related files, ensure persistence, and create a reverse shell. The source of the malware seems to be trojanized versions of macOS software such as Little Snitch and Ableton Live. EvilQuest also has an anti-debugging logic so that the malware does not come under the radar of a debugger. Work is going on to find a weakness in the encryption algorithm used in the malware. Meanwhile, researchers recommended keeping backups of important data to the users.  

This highlights the importance of keeping a backup of the sensitive data which we may have. In case the systems are infected, the users should have a backup at hand to save their data.

Apache Guacamole flaw makes remote desktops vulnerable to hacks 

Remote dekstops using Apache Guacomole vulnerable

According to the security firm Check Point Research, multiple critical reverse RDP vulnerabilities have been found in Apache Guacamole. It is a popular remote desktop application with over 10 million downloads. It is majorly used by system administrators to manage their Linux or Windows systems remotely. The flaws could lead bad actors to gain complete control over the Guacamole server while intercepting and controlling other connected sessions. Through this, an attacker who has compromised a single computer inside an organization can potentially launch an attack on Guacamole gateway while an unsuspected worker tries to connect to an infected system. It was recommended to all the 10 million users of Guacamole to make sure that their servers are not only up to date but also the software used to remote working is fully patched.  

With the transition to remote working amid the Covid-19 pandemic, consequently, security implications of remote connections should not be ignored. 

98% organizations across India impacted by Covid-19 and struggling with insider threats and data breaches 

A large portion of firms affected by Covid-19 in India

India has seen a direct impact on consumer activities in the Covid-19 era. The CIO Perspectives Survey conducted in collaboration with Advanis concluded that 98% of firms have seen impact on business due to Covid-19 in terms of business functioning, lack of communication in the team and incorrect technical deployment. A greater emphasis needs to be given to security with insider threats and data breaches increasing every day. This has led to CIOs pivoting their strategies to business continuity.  

To securely keep up with global trends, enterprises need to invest more in security. Also the need to have professionals for the same as well to ensure the proper safety of their data. 

Your browser doesn’t support HTML5 audio


Digital Transformation

Demystifying DX - Stories, lessons, and applications.