Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label India. Show all posts

NTA Faces Exam Security Crisis Amid Darknet Threats

 

The National Testing Agency (NTA) in India is in the midst of a serious crisis, with its staff worried about the safety of any exam due to claims that the NTA's website was hacked. 

Following the cancellation of the UGC-NET due to claimed cyberthreats, an NTA officer has come forward, suggesting further risks to examinations.

According to the local media outlet, a senior NTA official stated that the testing organization's IT and administrative staff are concerned that re-conducting the examinations will be impossible owing to "terrorist organisations" getting into the NTA's security systems via the dark web to expose the chinks this year. 

Earlier this week, the Bihar Police asked for data about six candidates, including their roll numbers. Two of the roll numbers do not exist, and the names of the remaining two candidates do not match. There are other discrepancies, including the timing of the seizures, which took place after the exam, when all of the question papers had already been made public, the official added.

He also stated that simply looking at exam models would not be sufficient, saying that the computer-based ITEP exam had to be cancelled since each file of the examination was 5 GB and had to be downloaded at the allocated centres, and that some applicants received false question papers. 

What's happened so far?

Earlier, the NTA published a statement, claiming that the NTA website and all of its other web portals are completely secure and that accusations of hacking were false and misleading. The clarification comes amid a debate over suspected irregularities in exams such as NEET-UG and UGC-NET.

The investigation into the irregularities in the medical entrance exam NEET-UG has also been handed over to CBI, followed by the assigning of the India Trade Promotion Organisation (ITPO) Chairman and Managing Director Pradeep Singh Kharola as the additional charge of the NTA.

A high-level seven-member team, led by a former ISRO chairman Dr K Radhakrishnan, has been constituted to investigate the functioning and fair conduct of exams by the NTA, and will give its report in two months, the Centre revealed on June 22.

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

A 67-year-old Pune woman lost Rs 1.6 crore of her life savings to cyber crooks after receiving a call claiming that her phone number was used to send vulgar texts and that Mumbai police had arrested her.

She was issued an arrest order under the guise of a 'national security danger' and a 'Supreme Court case', and she was informed that disclosing her ordeal would result in the arrest of her children and seizure of their assets.

The deceptive call

The 67-year-old woman from Kothrud filed a First Information Report in the case at Pune's Cyber Crime Police Station earlier this week. In the first week of May, she received a call from a man posing as a Tilak Nagar police officer in Mumbai. While the individual presented himself as a sub-inspector, he used the identity of an IPS officer now stationed in Pune.

He informed her that vulgar messages had been sent from her phone number and requested her personal, financial, and Aadhar information for further clarity. He then stated that a 'FIR' had been registered in the 'Supreme Court' and that the charges included money laundering. The man said a CBI officer would call her and help.

The ‘fake’ CBI officer

The next day, she received a video call from a man pretending as a 'CBI officer' and providing the name of another working IPS officer. The officer informed her that to ensure that the money in her account was real and not used for money laundering, all funds from her account would have to be transferred to 'beneficiary accounts owned by the Reserve Bank of India.'

The officer informed her that the case against her was classified as 'national secrets' and that the account had been used to commit major crimes. Fearing legal repercussions, the victim made substantial transactions of Rs one crore and Rs 29 lakh from two separate accounts.

Coercion and surveillance: Imposing fear

During these transfers, the complainant was forced to remain on messenger calls, alleging she was under observation. The 'CBI official' informed her that if she shared the case with anyone in the family, her children would be detained and their possessions seized by the government. She was also instructed to make remittances of Rs 50 lakh to the 'Supreme Court.' The woman transferred more than Rs 30 lakh.

The aftermath

As the internet thieves increased their demands, the mother eventually confided in her daughter, who informed her that she had been duped by cybercriminals. She filed a complaint with the Cyber Crime Portal, and the case was then referred to the Cyber Crime Police Station in Pune City.

According to an officer from the Cybercrime Police Station, the crime's modus operandi is the same as that of drugs in parcel scams, but the grounds for threatening the victim differ. In a similar case recorded at Wakad police station in Pimpri Chinchwad, a software engineer in his 40s was duped of Rs 40 lakh after he was told that his number was being 'used to mistreat a woman' and threatened action under "national secret rule."

In these types of schemes, fraudsters mimic IPS personnel to defraud people. They pressure victims into transferring money for a variety of reasons, including customs taxes or legal expenses, as well as by saying that their bank accounts are under threat from hackers. Callers frequently threaten victims, stating they are under monitoring by the government.

Ransomware Attacks on the Rise! Nearly 2900 Assaults Reported in the First Quarter of 2024

 

The increasing frequency of ransomware attacks is a significant challenge, as seen by the recent rise in APT groups with ties to Pakistan before the Indian elections and the disruption of significant Ransomware-as-a-Service (RaaS) operations.

The Seqrite report states that initial access brokers are selling more access to Indian entities (corporate and government) in the underground forums. This led to over 2900 disruptive actions in the first quarter of 2024 by over 85 Telegram hacktivist groups, including DDoS, website defacement, and database dumps. According to the report, there is one ransomware attack for every 650 detections. 

The most recent findings paint a picture of increasing threats, with sophisticated attacks targeting governments, organisations, and individuals alike. 

The report also highlighted a recent spike in cyberattacks by Pakistan-linked APT groups such as SideCopy and APT36 (Transparent Tribe) targeting not only the Indian government and military bodies, which is especially concerning given the ongoing elections, but also new spear-phishing campaigns such as Operation RusticWeb and FlightNight. 

Another crimeware report by Arete discloses that during Q1, law enforcement continued to put pressure on large Ransomware-as-a-Service (RaaS) companies, significantly impacting LockBit activities. While LockBit and ALPHV's combined activity no longer accounts for the majority of ransomware engagements, Arete saw a much broader and more evenly spread threat landscape, with activity from groups such as 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, HsHarada, Medusa, Phobos, Rhysida, and Trigona.

Furthermore, the trend of fewer organisations paying ransoms persisted, with a ransom paid in 34% of Arete engagements in the first quarter of 2024. Another recent report, Cybernomics 101 by Barracuda, found that 71% of respondents had suffered a ransomware assault in the previous year, with 61% paying the ransom. 

Prevention tips

The researchers believe that backing up critical data is the most effective strategy to recover from a ransomware infestation. There are a few things to consider. Backup files should be appropriately safeguarded and stored offline or out-of-band so that attackers cannot target them. Using cloud services may help alleviate a ransomware outbreak because many retain prior copies of files, allowing you to restore to an unencrypted version. Make careful to test backups on a regular basis to ensure their effectiveness. In the case of an attack, ensure that your backups are not compromised before rolling back. 

Additionally, ensure that all of the organization's operating systems, apps, and software are frequently updated. Applying the most recent updates will help close the security gaps that attackers are attempting to exploit. Wherever possible, enable auto-updates so that you always have the most recent security upgrades.

Combatting International Spoofed Calls: India's New Measures to Protect Citizens

 

In recent times, fraudsters have increasingly used international spoofed calls displaying Indian mobile numbers to commit cybercrime and financial fraud. These calls, which appear to originate within India, are actually made by criminals abroad who manipulate the calling line identity (CLI). 

Such spoofed calls have been used in various scams, including fake digital arrests, FedEx frauds, narcotics in courier schemes, and impersonation of government and police officials. To combat this growing threat, the Department of Telecommunications (DoT) and Telecom Service Providers (TSPs) in India have developed a system to identify and block incoming international spoofed calls. 

This initiative aims to prevent such calls from reaching any Indian telecom subscriber. The Ministry of Communications announced that TSPs have been directed to block these calls and are already taking steps to prevent calls with spoofed Indian landline numbers. In addition to this, the DoT has launched the Sanchar Saathi portal, a citizen-centric platform designed to enhance user safety and security amid the rising threat of fraud and international call scams. This portal includes a feature called "Chakshu," which allows individuals to report suspicious calls and messages. 

Chakshu simplifies the process of flagging fraudulent communications, providing an extra layer of protection against cybercriminals. Chakshu serves as a backend repository for citizen-initiated requests on the Sanchar Saathi platform, facilitating real-time intelligence sharing among various stakeholders. The platform also provides information on cases where telecom resources have been misused, helping to coordinate actions among stakeholders. 

Union Minister Ashwini Vaishnaw has highlighted additional measures, including creating a grievance redressal platform for reporting unintended disconnections and a mechanism for returning money frozen due to fraud. These efforts aim to address the concerns of citizens who may have been inadvertently affected by the anti-fraud measures. Since its launch in May last year, the Sanchar Saathi portal has been instrumental in enhancing the security of telecom users. It has helped track or block over 700,000 lost mobile phones and detect more than 6.7 million suspicious communication attempts. 

These efforts underscore the government's commitment to safeguarding citizens from cyber threats and ensuring the integrity of telecom services. The DoT and TSPs' proactive measures, along with the Sanchar Saathi portal, represent significant steps towards protecting Indian citizens from international spoofed calls and other forms of cybercrime. By leveraging advanced technology and fostering collaboration among stakeholders, these initiatives aim to create a safer digital environment for all.

Indian Banks Mull New Move for Faster Freezing of Scammers’ Accounts

 

Indian banks have proposed integrating their systems with the National Cybercrime Reporting Portal (NCRP), a division of the ministry of home affairs, which could enable a quicker freeze on fraudulent accounts in the wake of a cyberattack. 

This is intended to prevent those who commit cybercrimes and phishing attacks from swiftly transferring funds from a target's bank account to accounts with various banks before it is withdrawn or spent. This is a tactic employed by voice phishers and cyber shysters to make it more difficult for banks and law enforcement to recover the funds. 

“Banks, in consultation with cybercrime experts, have recommended API integration with the NCRP to reduce the average response time and quick updation of cases. So, the idea is to mark a lien and freeze a bank account automatically without manual intervention,” noted a banker. “An industry sub-group has suggested this to I4C,” said the person. 

I4C, or the Indian Cybercrime Coordination Centre, is an MHA programme that focuses on combating cybercrime and enhancing coordination between law enforcement agencies (LEAs) and institutions such as banks. NCRP is a vertical under I4C.

API, or 'application programming interface', enables two applications or systems to interact with one another without the need for human intervention. If there is an API between a system with specific data and another system that requires reporting, the two can communicate without the need for manual data entry. In the event of a cybercrime, such as a hacked internet banking account, API integration would allow for the quick transmission of fraud information to a central system or other banks. 

“Typically, money from the account where the fraud happens is moved to accounts with several banks. There is a far better chance of retrieving the amount if the information is available with the entire industry instantaneously. The time spent by Bank A awaiting an instruction from a LEA, then sending emails to bank B, C and D, or calling them up, to request a lien on the accounts where funds have gone, can be saved,” noted another banker.

The group has also advised that data on accounts identified as lien and freeze be made available to banks on a regular basis so that they can reconcile their records. 

In this respect, it has been observed that I4C may share a broad standard operating procedure directing banks to place bank accounts on hold, freeze or de-freeze them, and release funds to victims' bank accounts in cases reported to NCRP. Furthermore, it is believed that the nodal organisation should establish guidelines for communicating 'negative account or KYC details' so that accounts are not opened with the same demographics or KYC details as other banks.

India's Businesses Under Huge Cyber Threats, Kaspersky Reported

Indian businesses are being warned about the looming threat of ransomware attacks by cybersecurity experts. These attacks not only jeopardize company data but also pose a serious risk to user information. To address this urgent issue, experts stress the importance of promptly implementing advanced threat intelligence and industrial cybersecurity solutions. 

Kaspersky, a prominent cybersecurity firm, sheds light on the severity of the situation through their research findings. They indicate that ransomware attacks expected in 2024 could result in significant financial losses similar to those experienced in 2023. This underscores the vulnerability of both IT and operational systems within Indian companies, urging them to take proactive steps to defend against potential cyber threats. 

India's vast user base and thriving enterprises have become prime targets for cybercriminals, as per insights from Kaspersky. The cybersecurity firm reveals that India consistently ranks among the top 12 targeted countries and territories for Advanced Persistent Threats (APTs) globally. 

Kaspersky's data underscores ransomware as the predominant cyber threat in 2024. The company points out that the increasing adoption of digital platforms within Indian organizations has stretched the local ICT supply chain, exposing visible vulnerabilities that attract cyberattacks. 

According to Kaspersky, following are Current Challenges Faced by Organizations in India: 

Escalation of Cyberthreats: The advent of the digital age has exposed organizations to heightened vulnerabilities, underscoring the critical importance of cybersecurity. India grapples with a wide array of cyber threats, spanning from financial fraud and data breaches to sophisticated cyber espionage campaigns. 

Varied Attack Methods: Given its expansive population, India serves as a fertile ground for cybercriminals who employ diverse tactics such as phishing, ransomware, and social engineering to infiltrate systems and networks. 

Sector-Specific Targets: Certain sectors, including financial institutions, e-commerce platforms, and government entities, find themselves particularly susceptible to cyberattacks due to the sensitive nature of the data they handle. 

Surge in Ransomware Attacks: The proliferation of ransomware incidents has witnessed a dramatic surge, resulting in significant disruptions to businesses that endure downtime ranging from several days to weeks. 

Furthermore, according to Kaspersky's report, more than 200,000 ransomware incidents were identified by their solutions in India during 2023. Notable ransomware groups such as Fonix and LockBit have actively targeted Indian organizations spanning various sectors including manufacturing, retail, agriculture, media, and healthcare. 

Additionally, findings from a CISCO study reveal a significant impact of cyber attacks on Indian startup businesses and SMBs. Approximately 62% of these entities have incurred costs amounting to ₹3.5 crore (equivalent to over US$430,000). Interestingly, the financial damages resulting from these cyber attacks surpass the investment required for implementing solutions aimed at mitigating such threats.

Indian Government Warns Social Media Platforms Over Deepfake Misinformation

In a strong statement directed at social media platforms, the government of India has emphasized the critical need for swift identification and removal of misinformation, including deepfakes, or risk facing legal consequences. This warning follows a deepfake scandal involving the esteemed Indian actor Akshay Kumar. 

The controversy erupted after a digitally manipulated video, allegedly portraying Kumar endorsing a gaming application, surfaced online. Despite the actor's explicit denial of any involvement in such promotions, the video circulated widely across social media platforms, fueling concerns over the spread of fabricated content. 

The government's stance underscores the growing threat posed by deepfakes, which are increasingly being used to spread false information and manipulate public opinion. With the rise of sophisticated digital manipulation techniques, authorities are urging social media companies to implement robust measures to combat the dissemination of deceptive content. 

Following the cases of deepfake technology, the Rajya Sabha, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar, talked about how fake news and deepfake videos, which use fancy technology, are causing big problems. 

He reminded everyone about the rules that say social media companies have to quickly remove this fake stuff. If they do not, they can get in big trouble, even facing legal action. The government wants these companies to take responsibility and keep the internet safe and trustworthy. 

Further Minister added under the IT Rules, 2021, “they (intermediaries) lose their safe harbour protection under section 79 of the IT Act and shall be liable for consequential action or prosecution as provided under any law for the time being in force including the IT Act and the Indian Penal Code, including section 469 of the IPC”. 

Additionally, several months ago, deepfake videos featuring other famous Indian celebrities went viral on social media. In response, the Government of India issued an advisory to top social media platforms, stating that they must remove such content within 24 hours or face consequences under the provisions of the IT Rules. 

The advisory highlighted that Section 66D of the IT Act, 2000, prescribes punishment— including imprisonment for up to 3 years and a fine of up to Rs 1 lakh (1,205 US Dollars)—for individuals found guilty of cheating by impersonation through the use of computer resources. 

Let's Understand Deepfake AI Technolgy

Deepfake, a form of artificial intelligence (AI), has emerged as a potent tool capable of creating convincing hoax images, sounds, and videos. Combining the concepts of deep learning and fakery, the term "deepfake" embodies the manipulation of digital content with sophisticated algorithms. 

Utilizing machine learning algorithms, deepfake technology compiles fabricated images and sounds, seamlessly stitching them together to create realistic scenarios and individuals that never existed or events that never took place. 

However, the widespread use of deepfake technology is often associated with malicious intent. Nefarious actors harness this technology to propagate false information and propaganda, manipulating public perception with deceptive content. 

For instance, deepfake videos may depict world leaders or celebrities making statements they never uttered, a phenomenon commonly known as "fake news," which has the power to sway public opinion and disrupt societal trust. 

Recent Deepfake Incidents Shake Global Landscape 

In Pakistan, reports have surfaced of deepfake content being utilized to influence the outcome of the Prime Minister election. 

Meanwhile, in Hong Kong, a finance worker fell victim to a sophisticated deepfake scam, resulting in the fraudulent transfer of $25 million after fraudsters impersonated a company executive during a video conference call. 

Additionally, Iran-backed hackers disrupted streaming services in the UAE by disseminating deepfake news, underscoring the potential for such technology to be weaponized for cyber warfare.

Unprecedented Data Breach Exposes Personal Information of Millions in India

Described as the biggest data breach ever, a big security mistake has apparently leaked the personal info of millions of people around the world. CloudSEK, an Indian cybersecurity company, brought attention to the breach, exposing extensive sensitive data, including names, mobile numbers, addresses, and unique 12-digit Aadhaar card numbers. Surprisingly, two groups involved in cybercrime, including CYBO CREW-affiliated CyboDevil and UNIT8200, are selling the data for $3,000. 

CYBOCREW is a relatively new threat group that was initially identified in July 2023. This group has been focusing on organizations in various sectors like automobile, jewellery, insurance, and apparel, carrying out significant breaches. Among its most active affiliates are CyboDevil and UNIT8200. 

Reportedly in the recent attack 750 million Indians have been hit, constituting around 85% of the country's 1.4 billion population, this disclosure raises serious concerns regarding the security and privacy of personal information, marking a critical incident in the cybersecurity domain. 

The breach's severity is magnified by the revelation of Aadhaar card numbers, a crucial identification document in India. The leaked data encompasses details frequently used for identity verification and authentication, leaving affected individuals susceptible to various forms of exploitation, including identity theft and fraud. 

The repercussions of this breach extend to mobile network subscribers in multiple countries, amplifying concerns about privacy and data security. According to CloudSEK researchers, the compromised database contains sensitive security information and has been compressed from 1.8TB to 600GB. 
In their analysis of the extensive personally identifiable information (PII) within the database, CloudSEK identified the global impact on major telecom providers. 

Despite the widespread implications, users in India face heightened risks due to the exposure of their unique Aadhaar identification numbers. This increased vulnerability raises concerns about potential identity theft, financial fraud, and a greater susceptibility to cybercrime for those affected. 

The situation emphasizes the urgent need to address and mitigate risks associated with such breaches to protect personal information and thwart malicious activities. The database is up for sale on Telegram and Breach Forums, which are well-known places for hackers and cybercrime activities. 

Interestingly, this forum recently had another person threatening to release a database from Hathway, which had information from 4 million users. According to CloudSEK, the person selling the data denies being part of the data breach and says they got it through law enforcement channels and undisclosed asset work. However, the source of the data still needs to be clarified.

Hackers are Targeting Indians Via Novel Courier Scam

 

This year, a fresh scam is on the rise in India's metropolises, scamming people of their hard-earned money. 

Fraudsters posing as police officers or NCRB agents contact people in this new method, known as courier scam, accusing them of engaging in illegal activities involving sending and receiving parcels carrying drugs or other illegal substances.

The scammers then convince the victims that they will be contacted by police, and the entire money extortion racket begins to settle the false complaint against the victims.

The courier scam is primarily targeting people aged 35 to 50, and hundreds of cases have been reported to police this year. 

Modus operandi 

Courier scammers pose as customs officials and call their victims. They mention a parcel booked in their name and claim that it contained narcotic drugs or other banned substances. 

They would then pose as a police officer and speak with them about potential arrest. The victim, who is already terrified, tries to settle the false case by offering money to prevent arrest, which is then transferred to the scammers.

During calls, scammers use psychological tactics to distress victims and collect personal identification and bank details. They ask the victim to provide their Aadhaar number and other identification details, in addition to the bank information, in order to steal money from them.

In other cases, it starts with a missed call. When the person returns the call, they are transferred to an automated voice message informing them that they have reached a courier company's helpline, such as Fedex or Blue Dart. 

The other person on the phone then pretends to be a Mumbai police officer, claiming illegal drugs had been discovered in a parcel delivered to their address. The scammer then blackmails the victim into paying. 

A Bengaluru resident was recently duped out of Rs 1.52 crore after falling victim to the courier scam. On November 10, Debashish Das, 66, received a phone call from a man claiming to be a FedEx employee named Kartikeya. 

Das was then told by the employee that a case had been filed in Mumbai in relation to him after it was discovered that a courier sent to Taiwan under his name had six credit cards, an expired passport, and even 950g of MDMA drugs.

Das was instructed to make a Skype call to the Mumbai cybercrime police station in Andheri. The scammers were able to transfer all of the victim's funds, including his fixed deposits, totaling Rs 1.52 crore to their account after posing as police officers and informing him that bank accounts in his name had been linked to illegal activities. 

Prevention tips

  • Not providing an OTP, Aadhaar number, bank account information, or any other sensitive data. 
  • Be wary of unknown callers and those posing as bank, police, or other officials.
  • Never return calls from unknown or suspicious numbers. 
  • Before providing any information, double-check or verify the caller through official sources.
  • Avoid clicking on any suspicious links sent via text or WhatsApp.

Here's How RegTech is Transforming India's Regulatory Landscape

 

Businesses in India finish their GST returns for the month on the 20th of each month, believing their compliance work for the month is finished. However, they soon receive automated notices pointing out inconsistencies in their reporting. This procedure demonstrates how technology is now being used in India to monitor real-time regulatory compliance data. 

In another case, a borrower fails to make a loan payment, and the bank quickly reports the default to the Reserve Bank of India (RBI) via the CRILC platform. This data is then shared with other banks that are dealing with the same borrower. This illustrates how regulatory reporting helps to raise awareness and control non-performing assets (NPAs) in India. 

Furthermore, when a seller generates an e-invoice or an e-way bill, the recipient is notified. This results in a journal entry in the enterprise resource planning (ERP) system after reconciliation with purchase orders (PO) and goods received notes (GRN). This end-to-end automated workflow exemplifies how regulations and technology are promoting business efficiency. 

These instances demonstrate the far-reaching effects of regulatory technology, also known as RegTech. Technology is becoming increasingly important in managing the complex and ever-changing regulatory landscape. RegTech is critical in assisting organisations in efficiently implementing compliance procedures while also allowing regulators to monitor effectively.

The global RegTech market is expanding. According to Allied Market Research, it is expected to grow at a compound annual growth rate (CAGR) of 23.5% between 2018 and 2025, hitting a market value of $55.28 billion by 2025.

India's regulatory system is widely recognised for its complexity and diversity. Almost every sector is subject to a maze of regulations, ranging from manufacturing and energy to financial services and healthcare. The requirements for compliance can include anything from consumer protection and environmental standards to data security, taxation, and financial reporting. It has always taken a lot of time, money, and risk to navigate this regulatory maze without breaking any laws. 

RegTech's ascent 

The solution to these issues lies in RegTech, a subsector of FinTech. It alludes to the efficient and less expensive use of technology by businesses to help them comply with regulations. RegTech solutions offer businesses the capacity to optimise their operations and make well-informed decisions while adhering to legal requirements by automating compliance processes and utilising data analytics. 

Simplifying the procedures for compliance 

Simplifying compliance procedures is one of the main ways RegTech is changing the regulatory environment in India. In the past, in order to comply with regulations, businesses had to invest a large amount of financial and human resources in manually gathering, analysing, and reporting data. Dealing with intricate spreadsheets and sorting through mountains of paperwork were common requirements. 

RegTech solutions, on the other hand, employ automation and machine learning algorithms to quickly and accurately process huge quantities of data. In the financial sector, for example, RegTech tools can assist banks and financial institutions in automatically monitoring transactions for suspicious activity, lowering the risk of money laundering and fraud. RegTech can help the healthcare industry stay in compliance with patient data protection laws, ensuring that private data is handled securely. 

RegTech's future in India

RegTech in India has a bright future ahead of it. RegTech solutions will become more and more in demand as regulatory requirements become stricter and concerns about data privacy rise. Regulators in India, including the Securities and Exchange Board of India (SEBI) and the Reserve Bank of India (RBI), are beginning to see how RegTech can improve regulatory oversight. 

We may anticipate seeing even more cutting-edge RegTech solutions in the upcoming years that are specifically suited to India's distinct regulatory environment. These solutions will help businesses stay ahead of the curve by automating compliance and offering valuable insight regarding regulatory changes.

DDoS Attacks and Its Preventive Measures Organizations Should Adopt

The proliferation of Internet of Things (IoT) devices, now in the billions, coupled with the advancements in network infrastructure and the swift deployment of 5G, necessitates heightened agility from network operators and IT managers in pinpointing and rectifying security flaws. 

Additionally, in today's landscape, organizations are under constant threat from different types of attacks. These include ransomware, hacktivism, and DDoS attacks, all with the goal of either stealing information or causing disruptions in services. DDoS attacks are a particularly serious form of online service disruption, and they can occur due to either malicious intent or legitimate situations.

Cybercriminals are now employing the cloud to orchestrate DDoS attacks. India has witnessed a notable uptick in such attacks, capable of causing disruptions lasting from hours to even days. This not only affects revenue but also undermines customer trust and tarnishes reputation. Furthermore, targeted organizations may encounter legal or regulatory consequences, particularly if customer data is compromised. 

There are three primary categories of cloud-based DDoS attacks: volumetric, protocol, and app layer. Seasoned Managed Service Providers (MSPs) and cloud providers have robust DDoS filtering and defenses in operation. In order to effectively combat DDoS attacks, clients must swiftly detect attacks, implement countermeasures, closely oversee their systems, and incorporate detailed configurations. 

Now we will learn what are DDoS attacks, how to identify them, and their preventive measures. 

 What are DDoS attacks? 

A Distributed Denial-of-Service (DDoS) attack is when someone tries to disrupt a server, service, or network by flooding it with an enormous amount of internet traffic. This flood overwhelms the target and its supporting infrastructure. To make DDoS attacks work, the attackers use many hijacked computer systems to send attack traffic. 

These compromised systems can be regular computers or even devices like smart gadgets connected to the internet. In simple terms, a DDoS attack is like an unexpected traffic jam that blocks the usual flow of traffic on a highway, stopping it from reaching its destination. 

How to detect a DDoS attack on your system? 

When dealing with a DDoS attack, the most noticeable sign is a sudden slowdown or complete unavailability of a website or service. However, it's important to note that similar performance issues can arise from various causes, including a legitimate increase in traffic. This is why it's crucial to conduct further investigation. 

To identify potential DDoS attacks, traffic analytics tools play a vital role. They can help in recognizing certain red flags: 

  • Unusually high levels of traffic originating from a single IP address or within a specific IP range. 
  • A surge of traffic coming from users who share similar behaviour traits, such as device type, location, or web browser version. 
  • An abrupt and unexplained increase in requests directed at a particular page or endpoint. 
  • Peculiar traffic patterns, like sudden spikes during unconventional hours or patterns that seem artificial (for example, a spike occurring every 10 minutes). 

Ideal preventive measures that organizations should adopt against Distributed Denial of Service (DDoS) attacks are as follows: 

  • Firstly, strengthening security measures involves regularly applying updates, fine-tuning configurations, and reinforcing systems to withstand potential attacks, thus effectively safeguarding them. 
  • Secondly, deploying Anti-DDoS Measures entails configuring resources to be less susceptible to attacks. In the event of an attack, it is crucial to ensure that it does not lead to a complete organizational disruption. 
  • Thirdly, leveraging Anti-DDoS Tools enables the activation of functionalities and the incorporation of specialized instruments to provide a defense against DDoS attacks or reduce their potential impact.
  • Fourthly, developing a DDoS Response Strategy involves preparing your security or operations team for managing a DDoS attack and implementing additional measures to safeguard the system.
  • Furthermore, establishing DDoS monitoring entails vigilantly watching for indicators of an attack and meticulously documenting them for future enhancements.
In today's highly interconnected world, where digital technologies play an ever-expanding role, organizations would be wise to collaborate with a cybersecurity specialist. This becomes particularly crucial if cybersecurity is not their main focus or if they operate with budget constraints. 

Loan App Executive Asks BJP Legislator to Repay Loan That He Never Borrowed

 

Even prominent politicians fall prey to scammers in the world of cybercrime, which is a tremendous leveller. A person who is still unknown repeatedly called and texted the BJP legislator Ashish Shelar, requesting that he pay back a debt for which he had served as guarantee. 

Shelar filed a police complaint of harassment. According to Shelar, he has never taken out a loan and has never offered to serve as a guarantee for the repayment of a borrower. 

The legislator claimed that over the past two weeks, a person posing as from a lending app has bombarded him with calls and messages, to the point that his staff reported the incident to the Bandra police station. The caller persisted in pressing for the loan's repayment. However, he added that the caller didn't make any threats.

According to a Bandra police officer, a cyber crime unit from the police station is working on the complaint to find the source of the communications. "The number from which the calls came has been put on tracking mode," stated the police officer. 

The case was registered after Navnath Satpute (41) of Shelar's office lodged a complaint. Based on the complaint, Shelar was asked to make an immediate payment of Rs 7,700 to cover the overdue loan amount. 

Shelar told a local media outlet: "There was no threat... but I was fed up because of those multiple calls I received in the last two weeks... Despite telling the caller that I did not take any loan or stand guarantor, the calls would not stop…" 

A case has been filed against unidentified individuals under provisions of the Indian Penal Code dealing with impersonation, cheating, and attempting to commit an offence, as well as under sections of the Information Technology Act. 

Cases of fraud involving loans reportedly obtained through lending applications have recently increased. Between January and July, a total of 38 loan fraud incidents were recorded across the Mumbai city, with nine cases being solved and nine people arrested. Meanwhile, 116 cases were recorded in 2022, of which six were registered in 2021, and another 42 were filed in 2021, of which just five were resolved. In total, 41 persons were arrested over the course of these two years.

Private Data of 12,000 SBI Employees Exposed on Telegram Channels

 

Over 12,000 employees of the State Bank of India (SBI) had their personal information compromised in a significant data breach, which was later published on Telegram channels. Employees' names, residences, contact information, PAN numbers, and personal data from their SBI passbooks were among the information that was leaked.

The data breach was discovered after a file with the personal data of over 12,000 workers of the State Bank of India (SBI) was put to a Telegram channel with the handle @sbi_data on Friday, July 8. According to India Today, the file contained the names, residences, contact information, PAN numbers, account numbers, and photo IDs of the employees. 

"Spread Chaos Comrades!" was penned in the channel's bio, and the file's name was "SBI Employee Data Dump." At the time of the leak, the channel only had 608 subscribers, but the file was quickly shared on social media and on other Telegram channels.

The threat actor who released the data of over 12,000 SBI employees also claimed to have access to millions of consumers' financial information. The threat actor also claims to have leaked the hacked material on public leak forums.

They additionally put out screenshots of SBI account balances and latest transactions on a leak site that is open to the public. Based on the screenshots, the threat actor has access to a wide range of financial data, including account numbers, PINs, and transaction histories. The compromised data was also made available for purchase on dark web platforms. 

Rise in data breach incidents 

In India, data breaches and leaks have drastically escalated in recent years. The CyberPeace Foundation said that over 1,250 data breaches occurred in India in 2022, an increase from 550 in 2021.

Popular messaging app Telegram has evolved into a hub for both illegal and legal communication in recent years. 

Numerous high-profile examples involving the usage of Telegram by criminals have surfaced in recent years. TechCrunch revealed in January 2019 that SBI has exposed its customers' financial information via an unsecured server. Partial account numbers, balances, transaction information, and other sensitive data were among the leaked data.

Upsurge in UPI Fraud Cases: How can you Guard Against These Scams

 

India is going digital as more and more individuals use the internet to shop, order food, and complete other activities.

According to a Times of India (TOI) report, in March 2023, Unified Payment Interface (UPI) transactions reached a record high of 865 crores, with a record value of Rs 14.07 lakh crore. The number of transactions totaled 728 crores, which was 18% greater than in February 2023.

However, as UPI transactions have increased, so have instances of online fraud and frauds. More than 95,000 fraud cases using UPI transactions were reported in 2022–2023, up from 84,000 cases in 2021–2022 according to the Union Ministry of Finance. 

Let's focus on UPI frauds in more detail, along with certain precautions you might take.

UPI PIN request 

With the promise of sending money, fraudsters occasionally seduce their victims. To receive the money, they then request that their target enter their UPI PIN. The scammer can easily utilise the victim's UPI PIN to withdraw money if they comply and enter it. Let’s take a look at how UPI scams take place and what you can do to protect yourself. 

“For receiving money, no PIN is required. Anyone asking you for a PIN is a scammer,” Prashant Gautam, DCP of the Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi stated.
 
Customer care fraud 

Fraudsters who pose as customer service representatives are also taken in by the public. A government teacher was recently tricked after calling the number that appeared to be the top search result on Google, thinking it was the Google Pay customer service number. 

The con artist promised to assist the teacher when he complained about inaccurate transactions on the Google Pay app and requested his personal banking information. Following the teacher's disclosure of the information, the fraudster withdrew Rs 2.50 lakh from his bank account.

Cybercriminals will occasionally threaten customers with the blocking of their e-wallet if they do not complete KYC or update their Aadhaar or PAN information under the guise of customer service representatives. Later, "under the guise of verification, they ask the victims to download third-party access apps," the police officer continued, "through which they get remote access to the digital wallets." 

Money sent by 'error' 

Scammers typically send money to their potential targets via UPI apps like Paytm, Google Pay, PhonePe, etc., according to a Delhi Police official, and then contact them to claim that they made a mistake. The cybercriminal then sends the victim a URL and requests that they use it to repay the money. If a person clicks on the link, they lose control of their bank account and digital wallet, which the scammer can then access. 

Prevention tip

Here are three strategies you should learn to use as self-defense against such frauds.

Avoid engaging with fraudsters: Please don't continue if the caller's identity or the source of the information they are sharing are unclear to you or if you are unfamiliar with the number. Especially for food and beverage establishments, be aware of phone numbers listed on public websites as they might not be legitimate. Always confirm someone's identity by checking again. Never forget that your bank will never phone or text you asking for any type of private information. 

Be mindful of the golden rule while receiving payment: No PIN is needed in order to receive money. The 'request money' feature of payment apps is frequently abused by scammers. They will pretend to be interested in purchasing a product you may have posted for sale online. You will NEVER be asked for a PIN if money needs to be debited to your bank account, so keep that in mind at all times. 

Watch out for fake apps: Many fraudulent or malicious apps try to trick you by appearing to be something else. The software will have a similar appearance to the original bank app and be simple to download. Your personal information will be shared with scammers if you unintentionally download and install the bogus app, giving them access to your account and enabling them to steal money. Beware of fake banking apps like Modi Bhim, BHIM Payment-UPI Guide, Bhim Modi App, and BHIM Banking Guide that have been accused of obtaining consumer personal information under the guise of offering a useful service.

Train Platform RailYatri Again Suffered a Breach

On Wednesday, Train ticketing platform RailYatri released its statement in which it confirmed that the platform suffered a data breach in December 2022. The confirmation is coming after the Railway Ministry denied such an attack and also remarked that no user data has been sold on the dark web leaked from the Railways’ side. 

Reportedly, as a result of the breach, over 30 million users’ data have been sold on malicious sites including phone numbers, email addresses, house addresses, city, etc. Nevertheless, in 2020, RailYatri suffered a similar attack which targeted 7,00,000, users. 

“We observed a security breach in our system on December 28, 2022, we quickly established the source of the breach and fixed it within a few hours. Some RailYatri registered user information limited to age, email, preference city, and phone numbers may have been viewed by unauthorized individuals. No other sensitive customer information has been compromised. We have reported the incident to the government authorities and are exploring legal steps to be taken,” a RailYatri spokesperson said. 

Following the incident, the platform further reported that the platform is constantly investigating the attack with the Indian Computer Emergency Response Team (CERT-in) and also auditing its security systems against further security threats. 

“Our platforms have proper authorization and authentication in place and access to the applications is through HTTPS and servers are behind firewalls which can be accessed through VPN only by authorized teams,” the platform further added. 

Also, when the incident was reported to the authorities on December 28, the Railway Board did not name RailYatri when it confirmed the attack on December 30 denying that data were stolen from IRCTC. Along with this, all IRCTC business partners including reselling platforms like RailYatri have been instructed to evaluate their systems. 

The government has already proposed its bill in the parliament which was named the ‘Digital Personal Data Protection Bill, 2022’ to take strict actions against a data breach, however, the law is yet to be passed.

Mewat: The New Cybercrime Hub in India

 

The Mewat region, situated between the Rajasthan and Haryana states of India is emerging as the new cyber fraud hub in India. 
 
After Jamtara, the infamous hotspot for cyber fraud cases where the young fraudsters involved in the racket would acquire SIM cards, open bank accounts, and dupe victims by posing as bank officials or representatives of telecom service providers, Mewat fraudsters have turned up with more malicious ways to dupe the online victims. 
 
Apparently, the Mewat fraudsters leverage sextortion, a blackmail category of cybercrime, as a weapon in order to deceive victims. 
 
The scammers target online victims while posing as young women, engaging them in conversations, and enticing the targets into sharing sexually explicit images. The scam is then followed by victims being threatened to leak the shared images unless paid.  
 
On being asked about the case's method of operation, Yusuf, one of the suspects held for the charges of sextortion revealed his gang's modus operandi. 
 
“It starts by writing a ‘hi’. He (the target) would usually ask about a video call. I’d do the video call. He’d be lured into going explicit. The woman on the phone does the same,” Yusuf says. 
 
On being asked about the ‘woman', Yusuf tells the investigating officer “It’s (actually the video) on the other phone. That device is placed right under the back camera of my phone, with a video of a woman playing over. It’s like a web call.” 
 
Reportedly, a phone on the other side uses screen recording software in order to capture the events. The victims are then threatened, and if they comply, the money is typically credited into a third party's account. 

In another cyber fraud case, a suspect was held for duping online victims via digital marketplaces.  
 
The scammer, Rahul Khan explains his fraud tactics as: Advertising expensive products for sale at deep discounts on online marketplaces such as OLX, claiming to be certain defence personnel, and fabricating a plausible story about distress. 
 
With the stats going higher in recent years, India recorded a total of 52,974 cases of cybercrime in 2021, up from 50,035 in 2020, 44,735 in 2019, and 27,248 in 2018.  
 
As per a report by the National Crime Records Bureau, nearly 60 percent of similar cybercrime cases were witnessed, pertaining to fraud followed by sexual exploitation (8.6 percent) and extortion (5.4 percent) in 2021.

QUAD Nations to Assist Each Other in Taking Action Against Malicious Cyber Activities

 

On Saturday, the leaders of India, the United States, Japan, and Australia, known as the Quad, vowed to work together to ensure the security and resilience of regional cyberinfrastructure.

Following a meeting on the sidelines of the UN General Assembly session in New York, the leaders of the four countries issued a joint statement on the subject. External Affairs Minister S Jaishankar, along with his counterparts Penny Wong of Australia, Hayashi Yoshimasa of Japan, and US Secretary of State Tony Blinken, issued a statement urging states to take reasonable steps to address ransomware operations originating from within their borders.

The Quadrilateral Security Dialogue, comprised of India, the United States, Japan, and Australia, was established in 2017 to counter China's aggressive behaviour in the Indo-Pacific region. According to the statement, the leaders believe that focused initiatives to strengthen Indo-Pacific countries' cyber capabilities will ensure the security and resilience of regional cyberinfrastructure.

"The transnational nature of ransomware can adversely affect our national security, finance sector and business enterprise, critical infrastructure, and the protection of personal data. We appreciate the progress made by the 36 countries supporting the US-led Counter Ransomware Initiative and the regular, practical-oriented consultations against cybercrime in the Indo-Pacific region," they said.

The ministers emphasised that practical cooperation in countering ransomware among Indo-Pacific partners would result in ransomware actors in the region being denied a safe haven.

Recalling the last Quad Foreign Ministers' Meeting on February 11 of this year, the ministers stated their commitment to addressing the global threat of ransomware, which has hampered Indo-Pacific economic development and security.

U.S. Citizens Lost $39.5 Billion to Phone Frauds Alone Over the Past Year

 

A recent study estimates that scams have increased threefold in the US in the last 12 months resulting in the loss of $39.5 billion, which is the highest number registered since Truecaller, Swedish caller identification and spam blocking app, began researching scam and spam calls in the U.S. eight years ago. 

According to the report, which was undertaken in partnership with The Harris Poll in March 2022, 33% of US citizens reported having fallen victim to phone scams, and 20% on more than one occasion. 55.6% of those who fell victim to a phone scam were men, compared to only 42.2% of those who were women. 

Furthermore, men aged 65 and above, and Hispanics were more likely to fall for scams and phone frauds than those aged below or belonging to any other ethnicity. Nearly, 74% of Hispanic people were targeted and lost money in the last 12 months when compared to Black or White adult individuals.

Approximately 63% of Americans feel like they may miss legitimate calls due to the fear of spam calls. To protect themselves, 43% of people reported they downloaded a spam blocker and/or caller ID. A whopping 86% of Americans said only pick up when the caller is recognizable, 60% have stopped picking up calls altogether and have shifted to other methods of communicating. These include texts, emails, social media apps, faxes, etc. 

To mitigate risks, adults preferred to take action by downloading Spam Blocker/Caller ID apps while people above the age of 65 preferred blocking their credit cards or altering account numbers after being scammed. 

The study suggests that despite the Federal Communication Commission’s (FCC) efforts to regulate via the STIR/SHAKEN framework (a set of FCC standards aimed at protecting Americans from robocalls/scammers) nearly 68.4 million Americans fell victim to at least a phone scam in the last 12 months, indicating fraudsters are bypassing government regulation and finding more sophisticated methods to target users. 

“The findings from this year are concerning and shed light on the fact that fraudsters and scammers continue to outsmart increased government regulation. Additionally, with many robocalls coming from overseas, the increase in regulation will need to work in parallel with technological advancements provided by caller ID and spam-blocking apps, such as Truecaller,” stated Alan Mamedi, CEO of Truecaller. 

India: 4th most spammed nation 

According to Truecaller’s Global Scam Report 2021, India received 4th position in spam sales and telemarketing calls and was placed right behind Brazil, Peru, and Ukraine. 

The sales-related calls made up a vast majority (93.5%) of all incoming spam calls in the country. The report also made a special mention of a single number in India that apparently made over 202 Mn spam calls – more than 664,000 calls every day or 27,000 calls every hour.

Chinese Hackers Targeted Indian State Power Grid

 

Chinese state-sponsored malicious actors launched “probing cyberattacks” on Indian electricity distribution centers near Ladakh thrice since December 2021. On Wednesday a report by private intelligence firm Recorded Future confirmed the attack. 

The hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area contested by the two nuclear neighbors, the report added. This attack came to light while the military standoff between the two countries in the region had already deteriorated the relationship. However, the government sources affirmed that the attacks were not successful. 

''In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh," the group said. 

The hackers employed the trojan ShadowPad, which the experts claimed has been developed by contractors for China's Ministry of State Security, thereby concluding  that it was a state-sponsored hacking effort. 

"In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group," Recorded Future said.

Phorpiex Variant Used for Cryptocurrency Assaults in Ethiopia, Nigeria, India, and Other Countries

 

Check Point Research has found new cryptocurrency-related assaults in Ethiopia, Nigeria, India, and 93 other countries. The attackers are employing a variation of the Phorpiex botnet known as "Twizt" by Check Point to steal cryptocurrency through a technique known as "crypto clipping." Because wallet addresses are so long, most systems copy them and allow you to just paste them in during transactions. Cybercriminals have used Twizt to replace the intended wallet address with the wallet address of the threat actor. 

Phorpiex, a long-lasting botnet known for extortion tactics and the use of old-school worms delivered via removable USB drives and instant messaging apps, began broadening its infrastructure in recent years in order to become more durable and deliver more hazardous payloads. The Phorphiex botnet is still active today, with a massive network of bots generating a wide range of malicious activities. These operations, which previously comprised extortion and spamming, have grown to encompass cryptocurrency mining. Researchers also saw a surge in data exfiltration and ransomware delivery in 2018, with the bot installer releasing Avaddon, Knot, BitRansomware (DSoftCrypt/ReadMe), Nemty, GandCrab, and Pony ransomware, among other malware. 

Check Point researchers reported intercepting 969 transactions, stating that Twizt "can operate without active command and control servers, enabling it to bypass security systems," implying that each computer infected can expand the botnet. 

Twizt operators have stolen 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens in the last year, totaling around $500,000. 26 ETG were stolen in one incident alone. Phorpiex bots hijacked over 3,000 transactions worth nearly 38 Bitcoin and 133 Ether between April 2016 and November 2021. The cybersecurity firm stated that this was merely a subset of the attacks that were taking place. 

According to Alexander Chailytko, cybersecurity research and innovation manager at Check Point Software, the new variant of Phorpiex poses two major concerns. "First, Tiwzt is able to operate without any communication with C&C; therefore, it is easier to evade security mechanisms, such as firewalls, in order to do damage. Second, Twizt supports more than 30 different cryptocurrency wallets from different blockchains, including major ones such as Bitcoin, Ethereum, Dash, Monero," Chailytko said. 

"This makes for a huge attack surface, and basically anyone who is utilizing crypto could be affected. I strongly urge all cryptocurrency users to double-check the wallet addresses they copy and paste, as you could very well be inadvertently sending your crypto into the wrong hands," Chailytko added.