'Sur­veil­lance is the big thrust area for the next fis­cal'

DQ Channels - - Front page - Au­thored by TARUN WIG Se­nior Con­sul­tant at AuthShield Read the com­plete story on www.dqchan­nels.com

Arati Naik, Coo and Di­rec­tor, Smartlink Net­work Sys­tems Ltd.

Email cor­re­spon­dence is se­cond na­ture in to­day’s dig­i­tal world be­cause of all the inherent ad­van­tages it af­fords. The fore­most among them - it pro­vides a dated writ­ten record which can be eas­ily lo­cated and re­viewed when­ever re­quired, it can be sent in mid of the night and the re­cip­i­ent can go through it once she/he feel com­fort­able to check the mail­box. The most ex­cit­ing things about e-mail­ing is, that it can be ac­cessed from any­where in the world on a host of dif­fer­ent devices. To­day, it is an in­te­gral to daily life, but what hap­pens when some­one hacks your email ac­count?


Re­cently, two big In­dian con­glom­er­ates were forced to pay $5 mil­lion each in or­der to pre­vent hack­ers from dis­clos­ing in­for­ma­tion. In one case, the email sys­tem of a com­pany got com­pro­mised, while in the other case, hack­ers were able to get re­mote ac­cess in­side the com­pany’s IT sys­tem to steal the sen­si­tive in­for­ma­tion. They kept read­ing and even down­load­ing ev­ery cor­re­spon­dence be­tween the em­ploy­ees and val­ued clients. The com­pa­nies were asked to pay $5 mil­lion oth­er­wise they must be ready to face the grim con­se­quences.

In an­other most dis­cussed case, the Oil and Nat­u­ral Gas Cor­po­ra­tion Lim­ited (ONGC) lost

197 crore af­ter cy­ber crim­i­nals du­pli­cated the pub­lic sec­tor firm’s of­fi­cial e-mail ad­dress with mi­nor changes and used it to con­vince a Saudi Ara­bia-based client to trans­fer pay­ments in their bank ac­count. Th­ese days, hack­ing is not re­stricted to the cor­po­rate, it is a big threat for VVIPs too. A few months back, the email ac­count of fi­nance min­istry spokesper­son has been hacked by some­one pur­port­edly in the United King­dom.


Ac­cord­ing to a pub­lic ser­vice an­nounce­ment re­leased by the In­ter­net Crime Com­plaint Cen­ter (IC3), in be­tween Oc­to­ber 1, 2013, and De­cem­ber 1, 2014, there have been nearly 1200 peo­ple in the US and a lit­tle over 900 in other parts of the world have be­come the vic­tim of this mal­prac­tice.

Hack­ers usu­ally tar­get busi­nesses that work with for­eign clients/sup­pli­ers and make mon­e­tary trans­ac­tions on a reg­u­lar ba­sis. They usu­ally at­tack us­ing com­pro­mised email ac­counts as the spring­board for di­vert­ing com­pany funds meant for le­git­i­mate ven­dors. Most of the banks where th­ese il­le­git­i­mate funds got trans­ferred are based in China and Hong Kong. High-level ex­ec­u­tives such as CEO’s, CFO’s and CXO’s are more prone to such types of at­tacks.


Email hack­ing is the lat­est and prob­a­bly one of the big­gest chal­lenges for In­for­ma­tion Se­cu­rity. It tar­gets the weak­est link in the IT Se­cu­rity land­scape and un­aware users. Pri­mar­ily, there are three types of Busi­ness Email Com­pro­mise (BEC) scams are tak­ing place th­ese days:

Mail Com­pro­mise of the Se­nior Part­ners in the Or­ga­ni­za­tion: Hack­ers hack into the mail ID’s of the users in the Fi­nance depart­ment us­ing a sim­ple phish­ing scam where the user is asked to change his user name and pass­word in a mail seem­ingly orig­i­nat­ing from the IT depart­ment. Once the mail is com­pro­mised client de­tails are iden­ti­fied from the mails. In­voices are then re­sent to the client with one small dif­fer­ence – The de­tails of the bank ac­counts are changed. Once the client pays off the money, the funds are im­me­di­ately di­verted to dif­fer­ent banks from where it is with­drawn and si­phoned off.

Spoof­ing the Iden­tity of the Or­ga­ni­za­tion: The email sender im­per­son­ates an ex­ec­u­tive at an­other com­pany. The spoofed sender info uses look-alike do­main names that closely re­sem­ble the cor­po­rate do­main names of the or­ga­ni­za­tion be­ing im­per­son­ated. The spoofed sender ap­pears to be with an ac­tual re­seller or dis­trib­u­tor with a pre-ex­ist­ing cor­po­rate re­la­tion­ship with the tar­geted or­ga­ni­za­tion. The body of the email in­structs the tar­get to pay all new or out­stand­ing in­voices via wire trans­fer to a new bank ac­count. At­tached to the email is a PDF con­tain­ing wire-trans­fer in­struc­tions, in­clud­ing a bank name and ac­count num­ber.

Poach­ing into So­cial Me­dia Ac­counts: Col­lect­ing mail ID’s and other use­ful in­for­ma­tion from pro­fes­sional and so­cial me­dia web­sites such as Naukri, LinkedIn etc.


There are mul­ti­ple steps that need to be fol­lowed by or­ga­ni­za­tions to pro­tect their busi­nesses from email com­pro­mises:

It is im­por­tant for an or­ga­ni­za­tion to sen­si­tize their em­ploy­ees on th­ese scams to en­sure that any sus­pi­cious mail / ac­tiv­ity is re­ported to the IT Team.

Or­ga­ni­za­tions should adopt Two Fac­tor Au­then­ti­ca­tion with their mail ex­change servers that se­verely im­pact upon the func­tion­al­ity of down­load­ing mails on Out­look or phone. To­day, it is pos­si­ble to in­te­grate mail ac­counts such as Out­look, Thun­der­bird, and pro­to­cols such as POP / IMAP or MAPI di­rectly with Two Fac­tor Au­then­ti­ca­tion. This way, it is ex­tremely con­ve­nient for the users to se­cure their cre­den­tials.

Fi­nally, users can add dig­i­tal sig­na­tures on their mails to val­i­date the au­then­tic­ity of the mails.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.