Hackers from Bihar allegedly copied thumb impressions from the website of the Haryana government and used Aadhaar-enabled Payment System (AEPS) machines to withdraw money.
According to the Faridabad Police, the fraudsters used jamabandi.nic.in (the official website for obtaining Haryana land record documents) and downloaded the sale deed. He made silicone thumbprints by copying the thumbprints of the working sides. They then used these thumb impressions and other information to withdraw money.
Deputy Commissioner of Police Nitish Aggarwal has apprised the Director of Land Records about the situation. Because the data is readily available, it is recommended that only the first page of the sale deed be made available to the general public, according to Agarwal. He also suggested an audit of the website to close any gaps.
About the issue, News18 spoke to Venkatesh Sundar, co-founder and CMO of Indusface, a Tata Growth Capital funded SaaS company.
He said: “The crux of the problem here is that a hacker got visibility into an ‘application loophole’ of access to a user’s fingerprint data in a sale deed form, before application owners were aware of the risk or needed to fix it.” (if they knew about it).
“In this case, an ‘application loophole’ was exploited to gain access to other users’ fingerprint data and used to create a payment fraud. In another application, it could be the same fundamental, for example may; to gain access to the last three transactions from a credit card or bank statement, which may be used to verify other forms of fraud on the part of the customer, should not be taken into account What kind of fraud was committed but what should be focused on enabled it and how can one reduce it,” he said.
Additionally, Sundar said: “With everything going digital, applications are powering the point that digitization and businesses and institutions should take an application-centric approach to build their security programmes. If you secure your applications, the person is more or less securing their business and substantially reducing the security risk.”
However, according to him three steps can be followed to avoid such incidents. This:
• Businesses can stay one step ahead of hackers because they only have to worry about their application risks versus hackers spreading the net to phish for those risks. This means businesses can conduct risk assessments more frequently and more in-depth so that being aware of those risks is at least one step ahead of hackers. A regular automated security scan evaluation with periodic business logic testing and manual PT whenever the application goes through a major update, the problem of becoming aware of the risks before a hacker recognizes those risks as an opportunity At least there should be cleanliness to solve it. Them.
• Businesses need to be very agile in addressing those risks once identified, but there are practical challenges and therefore a web application firewall with managed expertise to keep them updated is a must-have for any serious application .
• Businesses need to partner with OEMs who, in addition to throwing tools for risk visibility and protection, manage it on an ongoing basis with new threat vectors and new updates, and gather insights based on actual investigations and attacks Those that are blocked and build a more dynamic defense against them. as part of the policy.
read all Breaking News , today’s fresh news And IPL 2022 Live Updates Here.