MOSCOW — Aleksandr B. Vyarya thought his job was to defend people from cyberattacks until, he says, his government approached him with a request to do the opposite.

Vyarya, 33, a bearded, bespectacled computer programmer who thwarted hackers, said he was suddenly being asked to join a sweeping overhaul of the Russian military last year. Under a new doctrine, the nation’s generals were redefining war as more than a contest of steel and gunpowder, making cyberwarfare a central tenet in expanding the Kremlin’s interests.

"Sorry, I can’t," Vyarya said he told an executive at a Russian military contracting firm who had offered him the hacking job. But Vyarya was worried about the consequences of his refusal, so he abruptly fled to Finland last year, he and his former employer said. It was a rare example of a Russian who sought asylum in the face of the country’s push to recruit hackers.

"This is against my principles — and illegal," he said of the Russian military’s hacking effort.

While much about Russia’s cyberwarfare program is shrouded in secrecy, details of the government’s effort to recruit programmers in recent years — whether professionals like Vyarya, college students or even criminals — are shedding some light on the Kremlin’s plan to create elite teams of computer hackers.

U.S. intelligence agencies say that a team of Russian hackers stole data from the Democratic National Committee during the presidential campaign. On Thursday, the Obama administration imposed sanctions against Russia for interfering in the election, the bedrock of the U.S. political system.

The sanctions take aim at Russia’s main intelligence agencies and specific individuals, striking at one part of a sprawling cyberespionage operation that also includes the military, military contractors and teams of civilian recruits.

For more than three years, rather than rely on military officers working out of isolated bunkers, Russian government recruiters have scouted a wide range of programmers, placing prominent ads on social media sites, offering jobs to college students and professional coders, and even speaking openly about looking in Russia’s criminal underworld for potential talent.

Those recruits were intended to cycle through military contracting companies and newly formed units called "science squadrons," established on military bases around the country.

As early as 2013, Sergei Shoigu, the Russian defense minister, told university rectors at a meeting in Moscow that he was on a "head hunt in the positive meaning of the word" for coders.

The Defense Ministry bought advertising on Vkontakte, Russia’s most popular social network. One video shows a man clanging a military rifle on a table beside a laptop computer, then starting to type.

"If you graduated from college, if you are a technical specialist, if you are ready to use your knowledge, we give you an opportunity," the ad intoned. Members of the science squadrons, the video said, live in “comfortable accommodation,” shown as an apartment furnished with a washing machine.

University students subject to mandatory conscription in the nation’s armed forces, but who wanted to avoid brutal stints as enlistees, could opt instead to join a science squadron. A government questionnaire asks draftees about their knowledge of programming languages.

The ministry posted openings on job forums, according to an investigation by Meduza, a Russian news site based in Riga, Latvia, that first disclosed the recruitment effort. One post from 2014 advertised for a computer scientist with knowledge of "patches, vulnerabilities and exploits," which refers to sabotage used to alter a computer.

Given the size of Russia’s cybercrime underworld, it was not long before the military considered recruiting those it delicately described as "hackers who have problems with the law."

In an article titled "Enlisted Hacker" in Rossiiskaya Gazeta, the government newspaper, a deputy minister of defense, Gen. Oleg Ostapenko, said the science squadrons might include hackers with criminal histories. "From the point of view of using scientific potential, this is a matter for discussion," he was quoted as saying in 2013.

Experts say the strategy was more than just talk.

"There have been cases where cybercriminals are arrested but never ended up in prison," said Dmitri Alperovitch, the co-founder and chief technology officer of CrowdStrike, the cybersecurity company that first identified the group known as Fancy Bear as the perpetrator of the Democratic National Committee hacking.

Vyarya, the programmer who turned down the government’s job offer, was an attractive recruit from the opposite end of the spectrum: someone with a career protecting people against hackers.

Specifically, he had experience shielding websites from a maneuver called a distributed denial of service, or DDoS attack, in which the sites are overwhelmed and disabled by a torrent of fake traffic. Among his clients were Vedomosti, an independent newspaper; TV Rain, an opposition-leaning television station; and the website of Aleksei Navalny, the opposition leader.

Vyarya said that in 2015 he was invited to accompany Vasily Brovko, an executive at the military contracting company Rostec, on a trip to Sofia, Bulgaria. But he said it turned out to be a demonstration of a new software suite capable of staging DDoS attacks.

The Bulgarian firm demonstrating the software briefly crashed the website of Ukraine’s Defense Ministry and Slon.ru, a Russian news website, Vyarya said. Slon has confirmed its site went down inexplicably for about two minutes that day, Feb. 5, 2015.

After the demonstration, Vyarya said Brovko asked him how the program might be improved. Then, according to Vyarya, Brovko offered him a job running the DDoS software, which he said the Russians planned to buy from the Bulgarians for about $1 million.

Vyarya said his problems began when he turned down the offer: He was surveilled, and an acquaintance in law enforcement advised him to flee the country. He left in August 2015 for Finland to seek asylum, he and his former employer said. The Finnish government, citing safety and privacy concerns, would not comment on the asylum application.

"As soon as we saw what was on the table, Sasha was given direct instructions to return to his hotel and stop all contacts," said his former boss, Aleksandr V. Lyamin of Qrator, a cyberdefense company in Moscow, using Vyarya’s Russian nickname. But the overtures from the military contractor persisted, Lyamin said, and Vyarya fled.

Rostec strongly denied Vyarya’s account. Brovko did travel to Bulgaria with Vyarya, the company said, but to evaluate software for defensive, not offensive, cybersystems. A spokeswoman for Brovko called the account of crashing sites in a product demonstration the imagination of a “mentally unstable” man.

The military’s push into cyberwarfare had intensified in 2012, with the appointment of a new minister of defense, Shoigu. The next year, a senior defense official, Gen. Valery Gerasimov published what became known as the Gerasimov Doctrine. It posited that in the world today, the lines between war and peace had blurred and that covert tactics, such as working through proxies or otherwise in the shadows, would rise in importance.

He called it "nonlinear war." His critics called it "guerrilla geopolitics."

But Russia is certainly not alone.

"Almost all developed countries in the world, unfortunately, are creating offensive capabilities, and many have confirmed this," said Anton M. Shingarev, a vice president at Kaspersky, a Russian antivirus company.

Recruitment by Russia’s military should be expected, he said. "You or I might be angry about it, but, unfortunately, it’s just reality. Many countries are doing it. This is the reality."

U.S. intelligence agencies, including the National Security Agency, have for decades recruited on college campuses. In 2015, the NSA offered a free summer camp to 1,400 high school and middle school students, where they were taught the basics of hacking, cracking and cyberdefense.

In Russia, recruiters have looked well beyond the nation’s school system.

In 2013, as Russia’s recruitment drive was picking up, Dmitry A. Artimovich, a soft-spoken physicist, was awaiting trial in a Moscow jail for designing a computer program that spammed email users with advertisements for male sexual enhancement products.

One day a cellmate, convicted of selling narcotics online, sidled up to him with some news. The cellmate said that people incarcerated for cybercrimes could get out before trial, in exchange for working for the government. Another inmate had already taken a deal, he said.

"It was an offer to cooperate," Artimovich said.

"Why else would you work for the government?" he added. "The salaries are tiny. But if you do something illegal, and go to prison for eight or nine years, the FSB can help you," he said, using a Russian abbreviation for the Federal Security Service.

Artimovich said he decided to take his chances at trial, and served a year in a penal colony.

As Russia ramped up its abilities, government agencies were also in the market for surveillance and hacking software, including some from legal suppliers in the West.

In 2014, a Russian company called Advanced Monitoring that has a license to work with the FSB, the agency that succeeded the KGB after the fall of the Soviet Union, bought iPhone hacking software from an Italian company called Hacking Team, according to invoices published by WikiLeaks. Hacking Team has since lost its export license.

Western cybersecurity analysts believe they have identified the one responsible for the breaching the Democratic National Committee: a group nicknamed Fancy Bear.

First known as Advanced Persistent Threat 28, the group has been active since 2007 but its abilities evolved to emphasize attacks, rather than gather intelligence, after the military placed a priority on cyberwarfare.

It stepped up “faketivist” actions that released stolen data through contrived online personalities like Guccifer 2 and websites like DCLeaks, according to Kyle Ehmke, a senior intelligence researcher at ThreatConnect, a cybersecurity company. The group had been called Pawn Storm, named for a chess maneuver. It was nicknamed Fancy Bear in 2014.

This year, the group appropriated the nickname for its own use, setting up the website fancybear.net and publishing hacked data from the World Anti-Doping Agency, which showed that many U.S. athletes including the tennis star Serena Williams had medical exemptions to take banned substances. The hack was apparently in retaliation for revelations of Russian doping in sports.

President Vladimir Putin has said repeatedly, most recently at his annual year-end news conference, that the information released in the recent Democratic National Committee hacks was more important than who was behind them.

"The main thing, to my mind, is the information the hackers provided," Putin said of this summer’s cyberattack.

Democratic Party members and the Obama administration should not look abroad for someone to blame for losing the election, Putin said. "You need to learn how to lose gracefully," he said.

HYDERABAD: Cyber security in India may face increased threats as digital connectivity enhances following demonetisation of Rs 500 and Rs 1000 notes, said BVR Mohan Reddy, former Nasscom chairman.

"With the increase in digital connectivity and with demonetisation, cyber security becomes a crucial element for India," a statement quoting Reddy, also the Founder and Executive Chairman, Cyient Limited said today.

"There is an existing requirement of 5 lakh cyber security professionals in India, which will grow in the coming years," Reddy said.

On the IT and ITeS industry trends and prospects in 2017, he said, skilling will play a role in transforming the organisation into digital enterprise and the digital technology which is grouped as SMAC (Social, Mobile, Analytics and Cloud), contributes to 5-10 per cent of the industry revenue. However, it is anticipated that the digital solutions will touch 60 per cent in 5-10 years.

"The incoming new projects will need combination of multiple technologies, and has to be build by smaller teams in shorter cycles. The need will be for multi-skill high performance organisations. To address the changing needs, workforce has to be reskilled more often and needs different approach," he said.

Developing the local markets into a technology consuming market will be a key challenge and the country is yet to be known as technology consuming country.

According to him, the IT industry went through peaks and lows during 2016 on account of volatile political, economic and technological environment globally.

In spite of all the uncertainties, India's market share continues to be at 7 per cent of the global software and IT services spend, and 57 per cent of global IT services is outsourced to India.

The IT BPM industry is poised to grow at 8-10 per cent for the FY 2017, demonstrating sustained growth, he said.

It is evident that 2016, has been a year filled with all types of cybercrime. Ranging from DDoS attacks to malware, hacking to ransomware, and social engineering to skimming, a lot of havoc has been caused by select groups of individuals. But what were some of the top attack vectors exploited by criminals in 2016?

#4 DDOS ATTACKS ARE GROWING IN NUMBER

The recent attacks against DynDNS go to show how a major denial-of-service attack wave can cripple the Internet as we know it today. But DDoS attacks are becoming more common in general, although not all of them are on the same level as the October 21st attack. Overload or even crashing web servers with a multitude of requests is an effective way to gain glory in the hacker world.

It is rather easy to fight most DDoS attacks in most cases, such as filtering specific traffic types and regions. Moreover, DDoS mitigation is an absolute must for all of the great companies in the world right now. Unfortunately, even the best protection does not mean that hackers won’t find a way to disrupt services.

#3 MALWARE AND RANSOMWARE

Even though the media headlines have been filled with stories about malware and ransomware all year, they are not the big culprit in cyber attacks yet. Granted, the number of malware attacks is growing exponentially, and that trend will continue for some time. Protecting against these intrusions is a top priority, although human error is often to blame for a malware infection.


#2 APPLICATION-SPECIFIC ATTACKS

Albeit his term may sound foreign to a lot of people, application-specific attacks are a prime threat to Internet users. Hackers targeting specific applications is a cause for concern, as it allows them to capture all data packets flowing through that application. For example, a major attack against Skype would put all users’ communications at risk of being leaked. Close to one in five cyber attacks throughout 2016, relied on using application-specific attacks, which is quite a troublesome number.

#1 WEB APPLICATIONS ATTACKS

As most people may have noticed, web applications are becoming a very lucrative target for hackers. In fact, web application attacks have been around for quite some time now. SQL injections, cross-site scripting, and other types of attack are very common. One such attack recently allowed a white hat hacker to obtain sensitive information from UberCENTRAL.

Preventing web applications attacks has been a challenge for security researchers throughout the years. It is up to individual app developers to secure and maintain their code base at all times. Criminals and hackers are always one step ahead in this game, and it is of the utmost importance to even the playing field whenever possible.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

"2016 saw a huge number and variety of cyberattacks, ranging from a high-profile distributed denial-of-service (DDoS) using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. We also saw a rising tide of data breaches, from organisations big and small, and significant losses of people’s personal information. With the year almost over, we’re pondering how some of those trends might play out in 2017."
Current and emerging attack trends
Destructive DDoS IOT attacks will rise. In 2016, Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT (Internet of Things) devices. Mirai's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques. However, cybercriminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities. Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network.
Shift from exploitation to targeted social attacks. Cybercriminals are getting better at exploiting the ultimate vulnerability - humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves.
For example, it is common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorised to collect. Shock, awe or borrowing authority by pretending to be law enforcement are common and effective tactics. The email directs them to a malicious link that users are panicked into clicking on, opening them up to attack. Such phishing attacks can no longer be recognised by obvious mistakes.
Financial infrastructure at greater risk of attack. The use of targeted phishing and "whaling" continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts. We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFT-connected institutions which cost the Bangladesh Central Bank $81 million in February. SWIFT recently admitted that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks: "The threat is very persistent, adaptive and sophisticated – and it is here to stay".
Exploitation of the Internet’s inherently insecure infrastructure. All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky. For example, attacks against BGP (Border Gateway Protocol) could potentially disrupt, hijack, or disable much of the Internet. And the DDoS attack on Dyn in October (launched by a myriad of IoT devices), took down the DNS provider and, along with it, access to part of the internet. It was one of the largest assaults seen and those claiming responsibility said that it was just a dry run. Large-scale ISPs and enterprises can take some steps to respond, but these may well fail to prevent serious damage if individuals or states choose to exploit the Internet's deepest security flaws.
Increased attack complexity. Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organization's network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively. Closely managed by experts, these attacks are strategic, not tactical, and can cause far more damage. This is a very different world to the pre-programmed and automated malware payloads we used to see – patient and evading detection. 
More attacks using built-in admin languages and tools. We see more exploits based on PowerShell, Microsoft's language for automating administrative tasks. As a scripting language, PowerShell evades countermeasures focused on executables. We also see more attacks using penetration testing and other administrative tools that may already exist on the network, need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.
Ransomware evolves. As more users recognize the risks of ransomware attack via email, criminals are exploring other vectors. Some are experimenting with malware that reinfects later, long after a ransom is paid, and some are starting to use built-in tools and no executable malware at all to avoid detection by endpoint protection code that focuses on executable files. Recent examples have offered to decrypt files after the victim shared the ransomware with two friends, and those friends paid to decrypt their files. Ransomware authors are also starting to use techniques other than encryption, for example deleting or corrupting file headers. And finally, with "old" ransomware still floating around the web, users may fall victim to attacks that can't be "cured" because payment locations no longer work.
Emergence of personal IoT attacks. Users of home IoT devices may not notice or even care if their baby monitors are hijacked to attack someone else's website. But once attackers "own" a device on a home network, they can compromise other devices, such as laptops containing important personal data. We expect to see more of this as well as more attacks that use cameras and microphones to spy on households. Cyber criminals always find a way to profit.
Growth of malvertising and corruption of online advertising ecosystems: Malvertising, which spreads malware through online ad networks and web pages, has been around for years. But in 2016, we saw much more of it. These attacks highlight larger problems throughout the advertising ecosystem, such as click fraud, which generates paying clicks that don't correspond to real customer interest. Malvertising has actually generated click fraud, compromising users and stealing from advertisers at the same time.  
The downside of encryption. As encryption becomes ubiquitous, it has become much harder for security products to inspect traffic, making it easier for criminals to sneak through undetected. Unsurprisingly, cybercriminals are using encryption in creative new ways. Security products will need to tightly integrate network and client capabilities, to rapidly recognize security events after code is decrypted on the endpoint.
Rising focus on exploits against virtualized and cloud systems. Attacks against physical hardware (e.g. Rowhammer) raise the possibility of dangerous new exploits against virtualized cloud systems. Attackers might abuse the host or other guests running on a shared host, attack privilege models, and conceivably access others' data. And, as Docker and the entire container (or ‘serverless’) eco-system become more popular, attackers will increasingly seek to discover and exploit vulnerabilities in this relatively new trend in computing. We expect active attempts to operationalize such attacks.
Technical attacks against states and societies. Technology-based attacks have become increasingly political. Societies face growing risks from both disinformation (e.g., "fake news") and voting system compromise. For instance, researchers have demonstrated attacks that might allow a local voter to fraudulently vote repeatedly without detection. Even if states never engage in attacks against their adversaries' elections, the perception that these attacks are possible is itself a powerful weapon.
What can organisations do to protect against new threats?
Unfortunately, many organizations still don’t have their security basics right. We offer six measures organizations should put in place to help keep more complex threats at bay.
Moving from layered to integrated security. Many organizations now possess multiple solutions that were once best-in-breed but are now too costly and difficult to manage. Moving towards integrated solutions where all components communicate and work together will help to solve this. For example, if malware knocks an endpoint's security software offline, network security should automatically quarantine that device, reducing the risk to your entire environment.
Deploying next-generation endpoint protection. As ransomware becomes ubiquitous and endpoints grow more diverse, organizations must refocus on endpoint protection. But signature-based solutions are no longer enough on their own, and can miss zero-day attacks. Choose solutions that recognize and prevent the techniques and behaviors used in nearly all exploits.
Prioritizing risk-based security. No organization possesses the resources to systematically protect everything, and 100 per cent prevention is no longer realistic. Clarify the risks associated with each system, and focus your efforts accordingly. Risks change fast: look for tools that track them dynamically, and respond accordingly. But make sure those tools are easy and practical enough to use.
Automating the basics. You can't afford to waste time running the same reports and performing the same security tasks you always have. Automate wherever it can be done simply and easily, so you can focus scarce resources on serious risks and high-value tasks.
Building staff and process to deter and mitigate social attacks. Since social attacks now predominate, educating users and involving them in prevention is now even more important. Focus education on the threats each group is likeliest to encounter. Make sure it's up-to-date: outdated guidance on topics such as phishing can be counterproductive, offering a false sense of security.
Improving defender coordination. Cybercrime is organized crime: defense must be organized, too. That means choosing tools and processes that eliminate barriers within your organization, so everyone can respond quickly to the same attack. It may also mean looking for legal and practical opportunities to collaborate with other companies and the government, so you can mitigate widespread attacks and learn from others' postmortems.

Folks have had some time to digest the long-awaited release of the final report from President Obama's special Commission on Enhancing National Cybersecurity.

Intended to advise the next administration on where the country ought to go in order to build more robust cybersecurity measures to protect against digital threats in the years to come, the report is extensive.

In his cybersecurity, privacy, and data protection alert, Akin Gump, Strauss Hauer & Feld, LLP, wrote, "The Report identifies 10 foundational principles, nine broad findings, six major imperatives, 16 recommendations and a total of 53 action items associated with those recommendations."

One of the most pronounced recommendations, Action Item 4.1.1, says, "The next President should initiate a national cybersecurity workforce program to train 100,000 new cybersecurity practitioners by 2020."

Some are troubled by this, arguing that the timeframe is unrealistic. "I would even say training 100,000 cybersecurity specialists is not a realistic number," said Anup Ghosh, CEO at Invincea.

An industry in flux makes it difficult to predict what should or could happen in the future, but Ghosh said, "If you are really talking about specialists who can identify attacks, respond to attacks and defend the network, you’re not really going to be able to train 100,000, nor should you be trying to."

GET YOUR DAILY SECURITY NEWS: Sign up for CSO's security newsletters
Given that the skills gap is a topic of great concern, it doesn't really make sense that aiming to train 100,000 people who can fill some of the 1.5 million jobs in cybersecurity is an unrealistic goal, let alone and unnecessary one.

"Yes, there's a lot of unfilled jobs, but there are different levels of faith in the numbers. Maybe if you had all those trained people today, there would be jobs for them, but the reality is you don't have them," Ghosh said.

So did the commission of what The Report called, "Distinguished leaders and experts from academia and industry, including several CEOs, some of whom had previously held critical government roles," miss something? How are these positions going to be filled if not by trained specialists?

MORE ON CSO: 10 ways to prep for – and ace – a security job interview
Perhaps they won't be filled at all. "Software will take over those jobs," said Ghosh. "The problem space is not really scalable to humans. How we solve the problem is with software, big data algorithms like machine learning."

Using the analogy of a police force, Ghosh said that many people approach security with the same mentality that they use to fight crime. If we want to see a reduction in crimes, one inclination is to increase the number of officers working the beat.

"That analogy doesn't actually work in cyberspace," Ghosh said.

What will solve the problem, though, is innovation. "What the adversaries didn't do was recruit another 10,000 or 100,000 people to commit cybercrime," Ghosh said. Instead, they wrote tool kits that cranked out novel attacks in order to hit as many targets as they can.

"That's why they can release 400,000 malware. They don't have 100,000 monkeys coding," said Ghosh. So, is better tools and better algorithms the better solution to taking a bite out of cybercrime?

If national cybersecurity can be enhanced through better software, that doesn't negate the need for more trained specialists. There's quite a difference between 100,000 people and 1.5 million jobs. The solution isn't as black and white as people vs. software.

"Even if you have great talent, if leaders aren't conversant in cybersecurity, they aren't going to make the right decisions," Ghosh said.

Regardless of the number of people the government intends to train, what will not change are the clear and present threats to national security. "Trump has to understand that this is continuous warfare going on and allocate continuous resources, investing in innovation," Ghosh said.

Innovation and leadership, say I.

The government’s Computer Emergency Response Team is readying for a soft launch of its botnet centre, which will help people disinfect their devices as part of efforts to protect citizens online.

CERT-In, the national agency that keeps tabs on cyberattacks, has been working since last year on setting up the Rs 100 crore malware analysis and botnet cleaning centre, which will be rolled out on Tuesday. “We will start sharing our feeds with the Internet Service Providers (ISPs) now, so they can they can communicate it to the users.

They are the ones who know the end users. Once ISPs have the systems in place, we will have a full-fledged launch on December 26,” said Ajay Kumar, additional secretary, ministry of electronics and information technology.

The botnet centre will have development arrangements with antivirus vendors and the users choosing to remove the malware will be directed to the CERT-In website, which will let them select the tool they want to clean up their system with.

“We as an agency can identify which IP addresses are infected, because they are shooting out spam or bots. I can tell the ISP that these are the infected addresses.

The ISP knows who this particular address belongs to, and it can help notify the users and ask them to clean their device – whether laptops, desktops or mobile devices,” a CERT-In official had told ET last month on condition of anonymity.

Kumar said the centre will alert people that their system is compromised and they can go to the botnet site, download antivirus and clean their devices. The success of the programme will depend on cooperation among all parties involved, officials said.

Malware has been identified as one of the primary means to compromise and break into devices. A recent CERT advisory pointed out that “skimming” and malware were the two most common threats to transactions carried out at pointof-sale terminals, which are increasingly being used at retail outlets to accept payments.

The government’s push for digital transactions in the wake of demonetisation has raised the issue of cybersecurity as well as better education about possible threats in this regard. Concerns over cybersecurity have taken centre stage in India in the past three weeks ever since a hacker group identified as ‘Legion’ compromised the emails and Twitter accounts of political leaders, journalists and other individuals.

HYDERABAD: While the government's aim to move to a cashless and digital economy following demonetisation may come with its set of benefits, it also brings along a host of security threats. Catering to this problem are financial technology startups which are helping banks and financial institutions deal with possible security breaches and threats at different stages of a transaction. Financial technology startup Quantum Data Engines (QDE) partners with banks and financial institutions for fraud monitoring, and anti money laundering compliance, among others.

Their services come in three levels -first is to identify potentially suspicious individuals or entities, which is followed by identifying a suspicious transaction and then helping them report the same to the regulator.

In the past month, QDE has received enquiries from their existing custo mers, like Kotak Mahindra, to tweak the software and incorporate new features based on the new guidelines banks have received after demonetisation. "For example, Jan Dhan accounts were not monitored earlier, but banks are required to monitor these accounts because of the sudden inflow of cash in the last one month," said Satya Prakash, cofounder of QDE.

Proximity payment solution-provider ToneTag is using blockchain technology to help avoid financial security breaches and is also tying up with a few public sector banks to use the technology at ATMs that will be live in a few months. The company went live with its proprietary technology for point-of-sale (PoS) machines last month and has seen adoption by 14,000 merchants.

"We can pre-detect fraud through blockchain even before it can take place. When our software is set up at a card-swiping machine, it can track the hardware sector and detect injection of malware. If a merchant uses a PoS machine with malware, with ToneTag, the metadata including payment data and security data that is transferred to an 'envelope' in the blockchain also carries information whether the hardware was compromised," explained Kumar Abhishek, founder of ToneTag. He said the technology is expected to be used at 25,000 cardswiping machines by the end of December. Experts in the field recommend that to mitigate risk, Indian banks must rapidly adopt better secure access mechanisms, such as a strong two-factor authentication both for intranet and customer-facing networks.

"A report by Dell SecureWorks suggests that 56% of breaches originate due to weak secure access systems, especially for command and control infrastructure," said Chakradhar K, director of Unik Systems, a developer of secure communication technologies for the Indian defence and aerospace sectors.

Germany-based industrial conglomerate ThyssenKrupp was hit by a cyberespionage attack earlier this year that resulted in data being stolen from its industrial solutions and steel producing units.

An investigation revealed that the attack was carried out by a professional group of hackers from Southeast Asia and targeted technological know-how and research, according to the group,

While hackers managed to steal some information, its exact nature is not clear, with the exception of certain project data from an engineering company, ThyssenKrupp said in an emailed statement Thursday. As a result, at this time there's no reliable estimation of the damage to the company's intellectual property.

[ Download the State of the CIO 2016 report ]

No evidence of sabotage or manipulation of data or applications has been identified during the investigation, the company said.


Created through the 1999 merger of German steel makers Thyssen and Krupp, ThyssenKrupp has over 470 subsidiaries worldwide. It is one of the largest steel producers in the world, but it also does business in the automotive, aerospace, shipbuilding and battery industries.

The attack only affected systems from the conglomerate's Industrial Solutions and Steel Europe business divisions. Critical IT systems, like those used by its Marine Systems business unit, which builds naval vessels and submarines, or by its blast furnaces and power plants in Duisburg, were not affected, according to the company.

This is the latest in a long string of cyberespionage attacks that have targeted industrial companies in recent years and highlights the challenges they face in today's hostile Internet environment.

ThyssenKrupp did not provide details about how the attack occurred but said that it wasn't the result of security deficiencies at the company or human error.

"Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks," the company said.

Watson has gone through school and ready for first internship. IBM today said its Watson cognitive computing system continues its path to become part of a full-fledged cybersecurity service by announcing 40 customers have begun beta testing the technology as an enterprise protection tool.

+More on Network World: IBM Watson/ XPrize open $5 million AI competition for world-changing applications+

Watson has recruited enterprises from auto, banking and insurance realms -- including Sun Life Financial, University of Rochester Medical Center, SCANA Corporation, Sumitomo Mitsui Financial Group, California Polytechnic State University, University of New Brunswick, Avnet and Smarttech – to help research and develop new security applications that will use the systems natural language and machine learning techniques.

The idea behind the Watson for Cybersecurity project is to automate IT security duties like analyzing the tons of alerts generated daily by security operations. The ultimate goal would be to help automate responses to security problems but that notion is down the road for Watson for now.


+More on Network World: The most momentous tech events of the past 30 years+

The help is needed too as the volume of security data presented to analysts is staggering, IBM said in a recent release. The average organization sees over 200,000 pieces of security event data per day1 with enterprises spending $1.3 million a year dealing with false positives alone, wasting nearly 21,000 hours. Couple this with 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year and over 60,000 security blogs published each month and security analysts are severely challenged to move with informed speed, IBM stated.

The beta customers are using Watson to bring more experience to the system and develop new use-cases such as: Determining whether a current security “offense” is associated with a known malware or cybercrime campaign; if so, Watson provides background on the malware employed, vulnerabilities exploited and scope of the threat, among other insights, said Diana Kelley, executive security adviser to IBM Security. Watson can also improve identifying suspicious behavior and help provide better guidance to whether an activity is malicious.

+More on Network World: Gartner Top 10 strategic technology trends you should know for 2017+

Watson’s internship began earlier this year when IBM announced a year-long research that has Watson working with eight universities on cybercrime issues. The project is feeding about 15,000 security documents into Watson every month, including threat intelligence reports, cybercrime strategies, threat databases and materials from Big Blue’s own X-Force research library. X-Force represents 20 years of security research, including details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities.

Those universities include California State Polytechnic University at Pomona, Penn State, MIT, New York University and the University of Maryland at Baltimore County as well as Canada's universities of New Brunswick, Ottawa and Waterloo.

This story, "IBM amps-up Watson cybersecurity experiences" was originally published by Network World.

Several interesting, and, in some cases, surprising, trends about cybersecurity recently came to light with the publishing of the current Cybersecurity 500. The quarterly report contains a global compilation of the 500 leading companies providing cybersecurity solutions and services, and is managed and updated by research firm Cybersecurity Ventures (full disclosure: I am a member of the firm's advisory board), after analysis that includes continuously looking at thousands of companies, soliciting feedback from CISOs, IT security practitioners, and service providers, and studying hundreds of cybersecurity events and news sources. Creating the list also allows researchers at the firm to discover various trends; here are some of them I thought my readers would find most interesting:

1. Healthcare has replaced financial services as the hardest hit sector
The healthcare sector has risen to become the top vertical being victimized by cyber-attacks. This is particularly interesting when one considers that just two years ago, healthcare was - according to some measures - not even in the top five. (I have previously discussed the problem of ransomware - which has plagued healthcare firms this year like never before.)

2. Email insecurity is on people's minds
Likely as a result of the seemingly incessant discussions about the topic during the recent Presidential election campaign, the public has become much more aware of the security risks related to email, and firms (especially those that have not invested sufficiently in email security in the past) are increasingly spending money to better protect their email infrastructure and data.

3. There is an increased focus on people, rather than on technology
"Pure-play" cybersecurity companies and business units focusing on people more so than on technology continue to gain prominence. This is not surprising - after years of spending on technology, firms are realizing that they need more people -- while simultaneously understanding that people can also become the Achilles Heel of information security.

4. Social media risks are gaining attention
CISOs are starting to recognize the risk that social media is creating for data leaks, and how it is helping criminals more effectively perpetrate sophisticated social engineering attacks (such as spear-phishing) than just a few years ago. As was the case vis-a-vis email security, the presidential election helped bring to the forefront the issue of offensive social media posts and of fake news being shared on social media.

5. Spending is being directed towards large and small firms
While ¾ of publicly traded cybersecurity related firms met or beat analyst expectations for Q3 revenue, money is increasingly being spent upstream - with huge firms like Cisco and IBM - or downstream - with start ups and other niche players.