Expert Profile:
Shifa Cyclewala is a web and mobile application developer with keen experience in the security field. She has experience in software development and security training with a special interest in Social Engineering and Web Security. She is a Director of Hacktify Cyber Security and a Non-profit organization partnered with VT Foundation based in US. She actively promotes women in Cyber Security and started an initiative known as Hacktify for Women. She has initiated a Non-Profit Organization named “Hacktify Community” which provides internships to students. Her students have been in the Top 15 Cyber Security Researchers of India thrice in a Row. She has trained more than 50000+ individuals in Cyber security from 149+ countries. Apart from training, she is a security researcher and a Mobile Application Developer. She has worked for all the topmost international schools of India as a technical Instructor. She is actively working towards the development of women in cyber security and spreading awareness across colleges PAN India. She was invited as a Keynote Speaker at Women in Cyber Security (WCS), WiCyS and InfosecGirls, and VULNCON 2020.
Foreground:
The session was delivered by Shifa Cyclewala who is the Director of Hacktify Cyber Security. The session started with a positive change that came in the Cyber Space. The data of increased Cyber Security Jobs during COVID-19 downtown was discussed. Where most of the people were losing their jobs due to the COVID-19 Pandemic, the cyber security job market stayed strong. Many organizations posted many of job openings. On LinkedIn, organizations posted 261,545 Cyber Security jobs.
- IT and Services 103,001
- Financial Services 67,473
- Computer Software 66,431
- Defense & Space 49,708
- Hospital & Health Care 4,948
Figure 1- Job Openings posted by different organizations
The crucial reason for so many job opportunities in hospitals and health care is protecting the data and to safely preserving the information of patients. To avoid ransomware attacks in hospitals, they hire their own cyber security team. Ransomware attacks are too common these days, where the attacker encrypts the victim’s data and asks for a ransom fee for the decrypting key. An organization should have a strong backup and restore plan to avoid such situations and when the ransom amount is not paid, the worse an attacker can do is erase the data.
COVID-19 Cyber Scams
As pandemic lead to a huge increase in job opportunities in Cyber domains but it also brought a big space to cybercriminals. There are many COVID related Cyber Scams, few of them are as followed:
- “Fraud Portals” related to the Corona Virus Vaccines and Updates.
- Fake versions of the ‘PM CARES Fund’ UPI IDs.
Figure 2- Fake UPI IDs
- Corona Virus Malwares – Malware and Phishing Schemes.
Figure 3 - Fake Online Coronavirus Map Delivers Well-known Malware
(Screenshot of the Malicious Website)
- Fake company created by the fraudsters and they asked for funds to invest.
- Fake News and offers
Figure 4- Fake News, Offers, and Forwards
Such kinds of links come up regularly, it is important for us to avoid clicking on these links as these can be Phishing, any malware can be downloaded or we can be a part of any cyber attack or cyber scam.
The incidents of cyber crimes in India have been increasing at a rapid pace during the COVID-19 Phase.
Figure 5- High Rise in Cyber Crime Cases in India
Then the speaker discussed the various types of Cybercrimes. A few of them are as follows:
- Cyber Stalking/ Harassments – Threats, Hate e-mails
- Phishing Vishing
- Password Cracking, Recovery
- Malware (Virus, Worms, Trojan horse, logic/ time bomb
- DDoS Attacks
- Scam – Charity, Lottery, Shares
- Click frauds – Fake links
- Social Engineering
- Banking Frauds
- Cyber Terrorism
Ms. Shifa Cyclewala ma’am continued the discussion with Social Engineering. The root cause of Social Engineering is Imposter Phone calls when persons share their details and information with random people.
The other main reasons are unsafe browsing and oversharing information on Social Media. The different types of Social Engineering are Impersonation, Phishing, Shoulder Surfing, and Dumpster Diving.
Impersonation is when the attacker pretends to be someone else who he or she is not, they change their personality to perform the attack.
Impersonation is done in both ways virtually or physically. Shoulder surfing is when someone looks into our devices when we enter any super sensitive details. It can also be done in both ways physically and virtually.
Phishing is something very common with emails where the identity of a person is hidden and the fake website is similar to the original website.
Dumpster Diving is when attackers use dumped details like Aadhaar cards or other sensitive information. The session was continued with how the attackers do these. Examples of original v/s fake websites were given by the speaker – “microsoft.com” as “rnicrosoft.com” and “apple.com” as “apple.com”.
The demo was shown how these fake websites are created by attackers with the help of www.namecheap.com and homograph attack.
Then the session was continued with IDN. IDN stands for International Domains Names which are similar-looking alphabets from any other language.
Ms. Shifa Cyclewala Ma’am concluded her talk with the safety measures, which are as follows:
- Analyze, Alert and Avoid
- Control your emotions, don’t fall for everything at first
- Verify the source
- Stay Updated with latest attack vectors
- Beware of Fake Popups
- Doubt yourself is my gf/bf or birthdate a secured password
Then the Talk was Continued by Ms. Ritika; with the Topic, “Why is internet safety important?”
Following are the basic but the most significant measures suggested by Ms. Ritika to detail that why there is an urgent need to know and to implement the measure related to internet safety.
- To protect yourself and your Family
- Keep your data safe
- Avoid from Phishing Attacks
- Avoid Financial Frauds
- Avoid Identity Thefts
Other Safety Measures Discussed by her included:
- Don’t leave your webcams connected
- Don’t share more than necessary
- Don’t meet online strangers alone
- There are no such things as Freebies
- Block and Report people for other safety
The Tips for Digital Hygiene and Safety were also Discussed, which included:
- Login Securely on HTTPS Website
- Check app permissions
- Block Ads, Use Safe Browser like Brave
- Use Duckduckgo
- Share less PII on social media
- Avoid Public Wi-Fi
- Stay Alert and doubt everything in the first place
The talk was concluded with that the cyber crimes should be reported on the website cybercrime.gov.in
Personal Note
Cybercrime has become so prevalent in the COVID Scenario, that many of the terms used to describe it now include new phrases and terms that hardly existed a decade ago. These crimes are no longer restricted to physical borders, they can also be performed in virtual spaces.
Cyber criminals are constantly evolving and are taking advantage of new technologies and methods to create more sophisticated attacks.
Cyber crimes know no borders, either physical or virtual, cause serious harm and pose very real threats to victims worldwide. It is better to maintain Digital Hygiene and to take safety measures to avoid cyber crimes.
Note: All the images used are for educational purposes only. Fore removal kindly email us to sifsinstitute@gmail.com
For detailed insights into the talk, you can visit our youtube Chanel Forensic365