Nepal's cyber security why weaknesses point



Nepal's cyber security why weaknesses point

A few weeks ago, about two thousand government websites were hacked after four hours closed. Question has been raised in Nepal's cyber security.




Experts believe that the hackers attack on the server of national information technology centering of government agencies websites showed a weak state of cyber security.
They said that the incident is large and threatening the national security in the future, will not increase its lessons. Officials say that after the incident adopting more vigilance for cyber security, government officials.


Due to weakness of cyber security, the lack of necessary policy and action plan, lack of investment in security and lack of regular safety test is the main three reasons.

Ø  Predecessor required
According to Cyber ​​Security Advisor Saroj Lamichenne, the government should formulate policy and method for dealing with such incidents.
Lamichhane says: "To avoid such threats, it is necessary to set a definite period and plan cyber security with priority."
He suggested that the criteria for purchase equipment of information technology used in government bodies should be made.
In the event of increasing the use of technology globally, Nepal also needs to formulate timely policy.

"Cyber ​​assault for Nepal cannot be seen as a major subject in the instantaneous situation, even if it is not serious about such issues, it may have to face a major risk at once," he added.
 


Ø  Low investment in security

 

Vice President of Computer Association Nepal (CAN) Federation, Sunnah Pandey said that due to government depression, the country could not invest in information technology sector because the country could not progress relatively well about cyber security.

He said that the government has started keeping important personal details such as citizenship and driver's permission on websites, and said that there could be no higher cost in the future, if not to invest immediately in that area.
Pandey says, "The website seems to be justified after leaving the website now. Information may be stolen at the time of the website running.


He has experienced two or three teams to secure the server in other countries.
"A team is working to attack the server in a new way and another team will resist it so that it can be done immediately after the attack is attacked."
He said that the government wants to save the software from cyber-attack in Nepal.

 

Ø  Security alert

 

Based on the needs of the government, based on a certain type of software, rather than using a website by using the website, then officials say successful hackers are able to attack the same number.
Information Officer of National Information Technology Center, Ramesh Prasad Pokharel told BBC Nepali service, "It has started using non-software software to minimize such incidents - it will likely reduce the potential to hack in future."
According to him, the recent hack did China and India hackers, and it affected the flow of service to various important bodies.

The release issued by the Center was stated that government service was blocked in the official domain name server (gov.np DNS) due to the huge traffic coming from abroad in the Government Unified Data Center.
Pokharel says: "Such conditions have also been made repeatedly, even if there is no definite criterion or policy about making important things like government agencies websites. “There is no security test to continue at that time."

 

 

Ø  Policy arrangements

 

Although cyber assault through the internet cannot be stopped, it can be said that Rosa Kiran Basukula, deputy director of the Nepal Telecommunication Authority, was made rapidly by speeding the process of making necessary policy rules.
Bacukala says: "We have presented the documents regarding cyber security policy in collaboration with the International Telecommunications Association before the government."

He said that it is important to safeguard the website and discourage cybercrimes if the payment for online banking and internet is accelerating.
Sources By: BBCNEPAL

Hackers Use Linux Malware HiddenWasp to Attack Linux Systems for Gaining Remote Access


Hackers Use Linux Malware HiddenWasp to Attack Linux Systems for Gaining Remote Access

A new sophisticated, unique Linux malware dubbed HiddenWasp used in targeted attacks against victim’s who are already under attack or gone through a heavy reconnaissance.

The malware is highly sophisticated and went undetected; the malware is still active and has a zero detection rate. The malware adopted a massive amount of codes from publically available malware such as Mirai and the Azazel rootkit.

Unlike Windows malware, Linux malware authors won’t concentrate much with evasion techniques, as the trend of using Anti-Virus solutions in Linux machine is very less when compared to other platforms.

However, the Intezer report shows “malware with strong evasion techniques does exist for the Linux platform. There is also a high ratio of publicly available open-source malware that utilizes strong evasion techniques and can be easily adapted by attackers.” In the past, we saw many malware focussed on crypto-mining or DDoS activity, but the HiddenWasp is purely a targeted remote control attack.

The malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. Researchers spotted the files went undetected in VirusTotal and the malware hosted in servers of a hosting company ThinkDream located in Hong Kong.

While analyzing scripts, Intezer spotted a user named ‘sftp’ and hardcodes, which can be used for initial compromise and also the scripts has variable to clear the older versions from the compromised systems.

The scripts also include variables to determine server architecture of the compromised system and download components from the malicious server based on the compromised server architecture. Once the components installed, the trojan will get executed on the system. “Within this script, we were able to observe that the main implants were downloaded in the form of tarballs. As previously mentioned, each tarball contains the main trojan, the rootkit, and a deployment script for x86 and x86_64 builds accordingly.” .

Author: Gurubran

Big issued an Emergency warning to update windows for "Bluekeep RDP" Flaw



Big issued an Emergency warning to update windows for "Bluekeep RDP" Flaw

Microsoft Warned Second Time to Update Windows for Bluekeep RDP Flaw – Exploits Already Available in Hackers Hand

Its a second time Microsoft urged users to update the recently patched Warmable BlueKeep Remote desktop protocol vulnerability due to the seriousness of this flaw let the hackers perform WannaCry level Attack.

Microsoft already warned first on May 14 when they released a patch for a critical Remote Code Execution vulnerability, CVE-2019-0708.

We have reported about “Bluekeep vulnerability” earlier this week. Successful exploitation of this vulnerability, allows an attacker to execute arbitrary code on the windows machine and to install programs on the machine with elevated privileges.

Since the vulnerability is ‘wormable,’ that means, any future malware that exploits this vulnerability could propagate from vulnerable computer to another vulnerable computer. “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights. ”

Microsoft strongly believes that the attackers already prepared an exploit for this RDP flaw, and soon they will start similarly attacking the vulnerable systems as the WannaCry malware spread across the globe in 2017.

A recent analysis revealed that more than one million PCs on the public internet are still vulnerable to wormable, BlueKeep RDP flaw.

Robert Graham conducted an RDP scan looking for port 3389 used by Remote Desktop to find the possible vulnerable machines. He discovered that 923,671 machines are still vulnerable.

McAfee, Kaspersky, Check Point, and MalwareTech created a Proof-of-Concept (PoC) that would use the CVE-2019-0708 vulnerability that could remotely execute the code on the victim’s machine.

Many Corporate networks are vulnerable
Microsoft also believes many of the corporate networks are still vulnerable, and they are more vulnerable than individual users since there are many systems connected in a single network.

Author: Balaji by Networksecurity