iStock
iStock

Information is gold and it can be robbed and stolen

The nature of cyberattacks on digital payment channels ranges from phishing to merchant fraud. Here is a look at few of them

When Prime Minister Narendra Modi launched his digital economy initiatives—besides making payments convenient, your money also became more vulnerable to cyber attacks. According to KPMG India’s Crime Survey 2015, financial services and insurance sector was the favourite target for cyber-attacks followed by pharmaceuticals and chemicals. This is in sync with the fact that 63% financial assets of the country are in the banking system followed by insurance at 19%, according to the Financial Stability Board Peer Review Report of India 2016.

The nature of cyberattacks on digital payment channels ranges from phishing to merchant fraud, according to the KPMG report Digital Payments-Analysing The Cyber Landscape, which was released in April. Mint Money has taken you through some of the cyberattacks that happen. You can read about them here. Here is a look at a few more.

Cyber espionage: This is the act of spying and obtaining unauthorised access to information related to individuals, companies, militaries and governments, by using hacking techniques. “Cyber espionage could be done by individuals or sponsored by rival companies or states. In today’s digital era, information is gold and when this information is related to vulnerabilities in systems... (it can) be used to launch massive data breaches," said Amit Jaju, executive director, fraud investigation and dispute services, EY India. He added that while information is protected by cyber security, these defences can be bypassed by exploiting known vulnerabilities in the hardware or software used to store and guard this information. These vulnerabilities are often not public and are known only to the manufacturer of the devices or software. “Recently, the hacking group ‘The Shadow Brokers’ leaked confidential vulnerabilities and related exploits that affected millions of computers globally that were not patched. This exploit was used by the creators of ransomware such as WannaCry 2.0 and PetWrap to wreck havoc across the globe," said Jaju. Usually these attacks happen at an organization level and do not target individuals.

Social engineering: This is also called the science and art of human hacking. It has become quite popular in recent years, given the growth of social media, email and other forms of electronic communication. Social engineering simply means a hacker uses emotional weakness of an individual to get access to passwords. “In the information security field, this term is widely used to refer an array of techniques used by criminals who obtain sensitive information, or to convince targets to perform actions that could compromise their systems. Most cyber criminals wouldn’t spend much time trying out complex technological hacks when they know it’s much easier to use social engineering for their purposes," said Altaf Halde, managing director, Kaspersky Lab (South Asia). Through access to social media accounts, hackers can then gain access to other details. Therefore, never share passwords of your bank account and any social media account.

Distributed Denial of Service or DDoS: In case of a DDoS attack, the company that is attacked will not be able to use its assets—which could be a website or the network infrastructure. In this attack, a company’s online presence can get damaged. For instance, if your bank is attacked, you may experience failed online banking transactions. “This form of attack is also very common today. It is a growing menace for small and medium businesses. Imagine a small e-commerce company with a small budget. For hackers it is easy to take down its websites," said Saket Modi, chief executive officer and co-founder, Lucideus. And, the cost of recovery from these attacks is massive.

Close