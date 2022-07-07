84 years of service to the nation
Begin typing your search above and press return to search.
National

Hackers target national portal of India via 'unprecedented' phishing technique

By IANS

Bengaluru, July 7: Cyber-security researchers on Thursday said they have discovered an "unprecedented, sophisticated" phishing technique that has been targeting government websites across the world, including the Indian government's portal https://india.gov.in, extorting the affected users.

The threat actors have been targeting the Indian government's portal by utilising a bogus URL to trick users into submitting sensitive information such as credit card numbers, expiration months and CVV codes, according to AI-driven cyber-security firm CloudSEK.

Hackers are imitating the browser window of the Indian government website, most often SSO (single sign-on) pages, with a unique login, in a most-advanced phishing technique commonly known as Browser-in-the-Browser (BitB) attack.

BitB attacks imitate legitimate sites in order to steal user credentials as well as other sensitive data, such as personally identifiable information (PII).

The new URL that pops-up as a result of the BitB attack appears legitimate.

"The bad actors have also replicated the original page's user interface. Once their victims click into the phishing page, a pop-up appears on the phoney window claiming that their systems have been blocked, posing as a notification from the Home Affairs Enforcement and Police," the researchers claimed.

The users are then notified of their excessive use of pornographic websites, which is illegal under the Indian law, and are requested to pay a fine of Rs 30,000 to unlock their systems.

"They are given a form to fill out in order to pay the fine, which asks them to divulge personal information, including their credit card information. The victims become panicked because the warning has a sense of urgency and appears to be time-bound," the researchers said.

The information that the victims enter into the form is transferred to the attacker's server.

Once the attackers get the card information, it might be sold to other buyers in a larger network of cyber criminals, or the victim could be extorted for extra money.

The BitB attack begins when users attempt to connect to a website and click on a malicious link that looks to them as an SSO login pop-up window.

When users visit the supplied link, they are prompted to log in to the website using their SSO credentials. After there, the victims are sent to a bogus website that looks exactly like the SSO page.

The attack usually stimulates single sign-on windows and displays fake websites that cannot be distinguished from the original page.

"Combine SSO with MFA (multi-factor authentication) for secure login across accounts, check for suspicious logins and account takeovers and avoid clicking on email links from unknown sources," the researchers suggested.

IANS


More in Entertainment
Robber injured in police firing while trying to flee in Kokrajhar

Robber injured in police firing while trying to flee in Kokrajhar

Assam logs 161 Covid cases, highest in nearly five months

Assam logs 161 Covid cases, highest in nearly five months

Despite flowing above danger mark, Barak river shows receding trend

Despite flowing above danger mark, Barak river shows receding trend

Next Story
Similar Posts
Nonagenarian journalists who covered pre-independent struggle to be feted in Rajasthan
2022-07-06T20:30:53+05:30

Jaipur, July 6: As part of 'Azadi Ka Amrit Mahotsav' celebrations, five senior journalist from...

— Dalai Lama(THIS IS STATIC)

Father daughter duo creates history in IAF, flies Hawk-132 aircraft in same formation
6 July 2022 11:04 AM GMT

Guwahati, July 6: While father-son joining the armed forces has often been heard about, a father...

— Dalai Lama(THIS IS STATIC)

SC declines urgent listing of plea seeking Nupur Sharma's arrest
6 July 2022 10:23 AM GMT

New Delhi, July 6: The Supreme Court on Wednesday declined to list urgently a petition seeking to...

— Dalai Lama(THIS IS STATIC)

Rahul Gandhi video: Cong files complaint with NBDSA against Zee News, its anchor; seeks action
6 July 2022 10:02 AM GMT

New Delhi, Jul 6: The Congress has filed a complaint with the News Broadcasting and Digital...

— Dalai Lama(THIS IS STATIC)

IAF gets highest number of job applications under Agnipath scheme
6 July 2022 8:33 AM GMT

New Delhi, July 6: The Indian Air Force has received the highest number of job applications under...

— Dalai Lama(THIS IS STATIC)

Fresh batch of nearly 6,000 pilgrims leave for Amarnath shrine amid tight security
6 July 2022 7:59 AM GMT

Jammu, Jul 6: A fresh batch of nearly 6,000 pilgrims left Bhagwati Nagar base camp here on Wednesday...

— Dalai Lama(THIS IS STATIC)

NHAI bribery case: Trial proceedings delayed as CBI awaits Centre's nod even after 7 months
6 July 2022 6:15 AM GMT

New Delhi, Jul 6: The CBI needs one more month to get sanction to prosecute Akil Ahmad, the NHAI...

— Dalai Lama(THIS IS STATIC)

Active Covid cases in country rise to 1,15,212
6 July 2022 5:05 AM GMT

New Delhi, Jul 6 (PTI) India logged 16,159 new coronavirus infections taking the total tally of...

— Dalai Lama(THIS IS STATIC)

In a first, states ranked for food & nutrition
2022-07-05T20:30:19+05:30

New Delhi, July 5: In the first ever 'State Ranking Index' under the National Food Security Act...

— Dalai Lama(THIS IS STATIC)

Twitter moves court against Indian govt's content blocking orders
5 July 2022 11:12 AM GMT

New Delhi, July 5: Twitter has moved the Karnataka High Court against the Indian government's...

— Dalai Lama(THIS IS STATIC)

Gang of fake sadhus from Rajasthan arrested in Hyderabad
5 July 2022 11:03 AM GMT

Hyderabad, July 5: Telangana police have arrested a gang of fake sadhus who duped a person to the...

— Dalai Lama(THIS IS STATIC)

PDP demands high level probe against BJP leadership for 'sheltering' LeT terrorist
5 July 2022 10:49 AM GMT

Jammu, Jul 5: PDP on Tuesday staged a protest demonstration here against the BJP over alleged...

— Dalai Lama(THIS IS STATIC)

Nupur Sharma case: Retired judges, bureaucrats term SC observations 'unfortunate, unprecedented'
5 July 2022 7:59 AM GMT

New Delhi, July 5: A group consisting of 15 retired judges of various high courts, 77 retired...

— Dalai Lama(THIS IS STATIC)

Hackers target national portal of India via

Bengaluru, July 7: Cyber-security researchers on Thursday said they have discovered an "unprecedented, sophisticated" phishing technique that has been targeting government websites across the world, including the Indian government's portal https://india.gov.in, extorting the affected users.

The threat actors have been targeting the Indian government's portal by utilising a bogus URL to trick users into submitting sensitive information such as credit card numbers, expiration months and CVV codes, according to AI-driven cyber-security firm CloudSEK.

Hackers are imitating the browser window of the Indian government website, most often SSO (single sign-on) pages, with a unique login, in a most-advanced phishing technique commonly known as Browser-in-the-Browser (BitB) attack.

BitB attacks imitate legitimate sites in order to steal user credentials as well as other sensitive data, such as personally identifiable information (PII).

The new URL that pops-up as a result of the BitB attack appears legitimate.

"The bad actors have also replicated the original page's user interface. Once their victims click into the phishing page, a pop-up appears on the phoney window claiming that their systems have been blocked, posing as a notification from the Home Affairs Enforcement and Police," the researchers claimed.

The users are then notified of their excessive use of pornographic websites, which is illegal under the Indian law, and are requested to pay a fine of Rs 30,000 to unlock their systems.

"They are given a form to fill out in order to pay the fine, which asks them to divulge personal information, including their credit card information. The victims become panicked because the warning has a sense of urgency and appears to be time-bound," the researchers said.

The information that the victims enter into the form is transferred to the attacker's server.

Once the attackers get the card information, it might be sold to other buyers in a larger network of cyber criminals, or the victim could be extorted for extra money.

The BitB attack begins when users attempt to connect to a website and click on a malicious link that looks to them as an SSO login pop-up window.

When users visit the supplied link, they are prompted to log in to the website using their SSO credentials. After there, the victims are sent to a bogus website that looks exactly like the SSO page.

The attack usually stimulates single sign-on windows and displays fake websites that cannot be distinguished from the original page.

"Combine SSO with MFA (multi-factor authentication) for secure login across accounts, check for suspicious logins and account takeovers and avoid clicking on email links from unknown sources," the researchers suggested.

IANS


More in Entertainment
Robber injured in police firing while trying to flee in Kokrajhar

Robber injured in police firing while trying to flee in Kokrajhar

Assam logs 161 Covid cases, highest in nearly five months

Assam logs 161 Covid cases, highest in nearly five months

Despite flowing above danger mark, Barak river shows receding trend

Despite flowing above danger mark, Barak river shows receding trend

Similar Posts
Nonagenarian journalists who covered pre-independent struggle to be feted in Rajasthan
2022-07-06T20:30:53+05:30

Jaipur, July 6: As part of 'Azadi Ka Amrit Mahotsav' celebrations, five senior journalist from...

— Dalai Lama(THIS IS STATIC)

Father daughter duo creates history in IAF, flies Hawk-132 aircraft in same formation
6 July 2022 11:04 AM GMT

Guwahati, July 6: While father-son joining the armed forces has often been heard about, a father...

— Dalai Lama(THIS IS STATIC)

SC declines urgent listing of plea seeking Nupur Sharma's arrest
6 July 2022 10:23 AM GMT

New Delhi, July 6: The Supreme Court on Wednesday declined to list urgently a petition seeking to...

— Dalai Lama(THIS IS STATIC)

Rahul Gandhi video: Cong files complaint with NBDSA against Zee News, its anchor; seeks action
6 July 2022 10:02 AM GMT

New Delhi, Jul 6: The Congress has filed a complaint with the News Broadcasting and Digital...

— Dalai Lama(THIS IS STATIC)

IAF gets highest number of job applications under Agnipath scheme
6 July 2022 8:33 AM GMT

New Delhi, July 6: The Indian Air Force has received the highest number of job applications under...

— Dalai Lama(THIS IS STATIC)

Fresh batch of nearly 6,000 pilgrims leave for Amarnath shrine amid tight security
6 July 2022 7:59 AM GMT

Jammu, Jul 6: A fresh batch of nearly 6,000 pilgrims left Bhagwati Nagar base camp here on Wednesday...

— Dalai Lama(THIS IS STATIC)

NHAI bribery case: Trial proceedings delayed as CBI awaits Centre's nod even after 7 months
6 July 2022 6:15 AM GMT

New Delhi, Jul 6: The CBI needs one more month to get sanction to prosecute Akil Ahmad, the NHAI...

— Dalai Lama(THIS IS STATIC)

Active Covid cases in country rise to 1,15,212
6 July 2022 5:05 AM GMT

New Delhi, Jul 6 (PTI) India logged 16,159 new coronavirus infections taking the total tally of...

— Dalai Lama(THIS IS STATIC)

In a first, states ranked for food & nutrition
2022-07-05T20:30:19+05:30

New Delhi, July 5: In the first ever 'State Ranking Index' under the National Food Security Act...

— Dalai Lama(THIS IS STATIC)

Twitter moves court against Indian govt's content blocking orders
5 July 2022 11:12 AM GMT

New Delhi, July 5: Twitter has moved the Karnataka High Court against the Indian government's...

— Dalai Lama(THIS IS STATIC)

Gang of fake sadhus from Rajasthan arrested in Hyderabad
5 July 2022 11:03 AM GMT

Hyderabad, July 5: Telangana police have arrested a gang of fake sadhus who duped a person to the...

— Dalai Lama(THIS IS STATIC)

PDP demands high level probe against BJP leadership for 'sheltering' LeT terrorist
5 July 2022 10:49 AM GMT

Jammu, Jul 5: PDP on Tuesday staged a protest demonstration here against the BJP over alleged...

— Dalai Lama(THIS IS STATIC)

Nupur Sharma case: Retired judges, bureaucrats term SC observations 'unfortunate, unprecedented'
5 July 2022 7:59 AM GMT

New Delhi, July 5: A group consisting of 15 retired judges of various high courts, 77 retired...

— Dalai Lama(THIS IS STATIC)

X
X