Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label India. Show all posts
Threat Landscape
Cyber Crime Financial Fraud India Indian Banks MHA Threat Landscape

Indian Banks Mull New Move for Faster Freezing of Scammers’ Accounts

 

Indian banks have proposed integrating their systems with the National Cybercrime Reporting Portal (NCRP), a division of the ministry of home affairs, which could enable a quicker freeze on fraudulent accounts in the wake of a cyberattack. 

This is intended to prevent those who commit cybercrimes and phishing attacks from swiftly transferring funds from a target's bank account to accounts with various banks before it is withdrawn or spent. This is a tactic employed by voice phishers and cyber shysters to make it more difficult for banks and law enforcement to recover the funds. 

“Banks, in consultation with cybercrime experts, have recommended API integration with the NCRP to reduce the average response time and quick updation of cases. So, the idea is to mark a lien and freeze a bank account automatically without manual intervention,” noted a banker. “An industry sub-group has suggested this to I4C,” said the person. 

I4C, or the Indian Cybercrime Coordination Centre, is an MHA programme that focuses on combating cybercrime and enhancing coordination between law enforcement agencies (LEAs) and institutions such as banks. NCRP is a vertical under I4C.

API, or 'application programming interface', enables two applications or systems to interact with one another without the need for human intervention. If there is an API between a system with specific data and another system that requires reporting, the two can communicate without the need for manual data entry. In the event of a cybercrime, such as a hacked internet banking account, API integration would allow for the quick transmission of fraud information to a central system or other banks. 

“Typically, money from the account where the fraud happens is moved to accounts with several banks. There is a far better chance of retrieving the amount if the information is available with the entire industry instantaneously. The time spent by Bank A awaiting an instruction from a LEA, then sending emails to bank B, C and D, or calling them up, to request a lien on the accounts where funds have gone, can be saved,” noted another banker.

The group has also advised that data on accounts identified as lien and freeze be made available to banks on a regular basis so that they can reconcile their records. 

In this respect, it has been observed that I4C may share a broad standard operating procedure directing banks to place bank accounts on hold, freeze or de-freeze them, and release funds to victims' bank accounts in cases reported to NCRP. Furthermore, it is believed that the nodal organisation should establish guidelines for communicating 'negative account or KYC details' so that accounts are not opened with the same demographics or KYC details as other banks.
Read more »
Ransomware
2024 cyber crimes Cyber Crime cyber threat Cyber-attacks in India India Kaspersky Ransomware

India's Businesses Under Huge Cyber Threats, Kaspersky Reported

Indian businesses are being warned about the looming threat of ransomware attacks by cybersecurity experts. These attacks not only jeopardize company data but also pose a serious risk to user information. To address this urgent issue, experts stress the importance of promptly implementing advanced threat intelligence and industrial cybersecurity solutions. 

Kaspersky, a prominent cybersecurity firm, sheds light on the severity of the situation through their research findings. They indicate that ransomware attacks expected in 2024 could result in significant financial losses similar to those experienced in 2023. This underscores the vulnerability of both IT and operational systems within Indian companies, urging them to take proactive steps to defend against potential cyber threats. 

India's vast user base and thriving enterprises have become prime targets for cybercriminals, as per insights from Kaspersky. The cybersecurity firm reveals that India consistently ranks among the top 12 targeted countries and territories for Advanced Persistent Threats (APTs) globally. 

Kaspersky's data underscores ransomware as the predominant cyber threat in 2024. The company points out that the increasing adoption of digital platforms within Indian organizations has stretched the local ICT supply chain, exposing visible vulnerabilities that attract cyberattacks. 

According to Kaspersky, following are Current Challenges Faced by Organizations in India: 

Escalation of Cyberthreats: The advent of the digital age has exposed organizations to heightened vulnerabilities, underscoring the critical importance of cybersecurity. India grapples with a wide array of cyber threats, spanning from financial fraud and data breaches to sophisticated cyber espionage campaigns. 

Varied Attack Methods: Given its expansive population, India serves as a fertile ground for cybercriminals who employ diverse tactics such as phishing, ransomware, and social engineering to infiltrate systems and networks. 

Sector-Specific Targets: Certain sectors, including financial institutions, e-commerce platforms, and government entities, find themselves particularly susceptible to cyberattacks due to the sensitive nature of the data they handle. 

Surge in Ransomware Attacks: The proliferation of ransomware incidents has witnessed a dramatic surge, resulting in significant disruptions to businesses that endure downtime ranging from several days to weeks. 

Furthermore, according to Kaspersky's report, more than 200,000 ransomware incidents were identified by their solutions in India during 2023. Notable ransomware groups such as Fonix and LockBit have actively targeted Indian organizations spanning various sectors including manufacturing, retail, agriculture, media, and healthcare. 

Additionally, findings from a CISCO study reveal a significant impact of cyber attacks on Indian startup businesses and SMBs. Approximately 62% of these entities have incurred costs amounting to ₹3.5 crore (equivalent to over US$430,000). Interestingly, the financial damages resulting from these cyber attacks surpass the investment required for implementing solutions aimed at mitigating such threats.
Read more »
Technology
AI AI-generated misinformation Deepfake Technology Goverment of India India Technology

Indian Government Warns Social Media Platforms Over Deepfake Misinformation

In a strong statement directed at social media platforms, the government of India has emphasized the critical need for swift identification and removal of misinformation, including deepfakes, or risk facing legal consequences. This warning follows a deepfake scandal involving the esteemed Indian actor Akshay Kumar. 

The controversy erupted after a digitally manipulated video, allegedly portraying Kumar endorsing a gaming application, surfaced online. Despite the actor's explicit denial of any involvement in such promotions, the video circulated widely across social media platforms, fueling concerns over the spread of fabricated content. 

The government's stance underscores the growing threat posed by deepfakes, which are increasingly being used to spread false information and manipulate public opinion. With the rise of sophisticated digital manipulation techniques, authorities are urging social media companies to implement robust measures to combat the dissemination of deceptive content. 

Following the cases of deepfake technology, the Rajya Sabha, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar, talked about how fake news and deepfake videos, which use fancy technology, are causing big problems. 

He reminded everyone about the rules that say social media companies have to quickly remove this fake stuff. If they do not, they can get in big trouble, even facing legal action. The government wants these companies to take responsibility and keep the internet safe and trustworthy. 

Further Minister added under the IT Rules, 2021, “they (intermediaries) lose their safe harbour protection under section 79 of the IT Act and shall be liable for consequential action or prosecution as provided under any law for the time being in force including the IT Act and the Indian Penal Code, including section 469 of the IPC”. 

Additionally, several months ago, deepfake videos featuring other famous Indian celebrities went viral on social media. In response, the Government of India issued an advisory to top social media platforms, stating that they must remove such content within 24 hours or face consequences under the provisions of the IT Rules. 

The advisory highlighted that Section 66D of the IT Act, 2000, prescribes punishment— including imprisonment for up to 3 years and a fine of up to Rs 1 lakh (1,205 US Dollars)—for individuals found guilty of cheating by impersonation through the use of computer resources. 

Let's Understand Deepfake AI Technolgy

Deepfake, a form of artificial intelligence (AI), has emerged as a potent tool capable of creating convincing hoax images, sounds, and videos. Combining the concepts of deep learning and fakery, the term "deepfake" embodies the manipulation of digital content with sophisticated algorithms. 

Utilizing machine learning algorithms, deepfake technology compiles fabricated images and sounds, seamlessly stitching them together to create realistic scenarios and individuals that never existed or events that never took place. 

However, the widespread use of deepfake technology is often associated with malicious intent. Nefarious actors harness this technology to propagate false information and propaganda, manipulating public perception with deceptive content. 

For instance, deepfake videos may depict world leaders or celebrities making statements they never uttered, a phenomenon commonly known as "fake news," which has the power to sway public opinion and disrupt societal trust. 

Recent Deepfake Incidents Shake Global Landscape 

In Pakistan, reports have surfaced of deepfake content being utilized to influence the outcome of the Prime Minister election. 

Meanwhile, in Hong Kong, a finance worker fell victim to a sophisticated deepfake scam, resulting in the fraudulent transfer of $25 million after fraudsters impersonated a company executive during a video conference call. 

Additionally, Iran-backed hackers disrupted streaming services in the UAE by disseminating deepfake news, underscoring the potential for such technology to be weaponized for cyber warfare.
Read more »
Threats of Technology
Data Breach Data Theft India Information Security Threats of Technology

Unprecedented Data Breach Exposes Personal Information of Millions in India

Described as the biggest data breach ever, a big security mistake has apparently leaked the personal info of millions of people around the world. CloudSEK, an Indian cybersecurity company, brought attention to the breach, exposing extensive sensitive data, including names, mobile numbers, addresses, and unique 12-digit Aadhaar card numbers. Surprisingly, two groups involved in cybercrime, including CYBO CREW-affiliated CyboDevil and UNIT8200, are selling the data for $3,000. 

CYBOCREW is a relatively new threat group that was initially identified in July 2023. This group has been focusing on organizations in various sectors like automobile, jewellery, insurance, and apparel, carrying out significant breaches. Among its most active affiliates are CyboDevil and UNIT8200. 

Reportedly in the recent attack 750 million Indians have been hit, constituting around 85% of the country's 1.4 billion population, this disclosure raises serious concerns regarding the security and privacy of personal information, marking a critical incident in the cybersecurity domain. 

The breach's severity is magnified by the revelation of Aadhaar card numbers, a crucial identification document in India. The leaked data encompasses details frequently used for identity verification and authentication, leaving affected individuals susceptible to various forms of exploitation, including identity theft and fraud. 

The repercussions of this breach extend to mobile network subscribers in multiple countries, amplifying concerns about privacy and data security. According to CloudSEK researchers, the compromised database contains sensitive security information and has been compressed from 1.8TB to 600GB. 
In their analysis of the extensive personally identifiable information (PII) within the database, CloudSEK identified the global impact on major telecom providers. 

Despite the widespread implications, users in India face heightened risks due to the exposure of their unique Aadhaar identification numbers. This increased vulnerability raises concerns about potential identity theft, financial fraud, and a greater susceptibility to cybercrime for those affected. 

The situation emphasizes the urgent need to address and mitigate risks associated with such breaches to protect personal information and thwart malicious activities. The database is up for sale on Telegram and Breach Forums, which are well-known places for hackers and cybercrime activities. 

Interestingly, this forum recently had another person threatening to release a database from Hathway, which had information from 4 million users. According to CloudSEK, the person selling the data denies being part of the data breach and says they got it through law enforcement channels and undisclosed asset work. However, the source of the data still needs to be clarified.
Read more »
User Security
Courier Scam Cyber Fraud India Narcotics User Security

Hackers are Targeting Indians Via Novel Courier Scam

 

This year, a fresh scam is on the rise in India's metropolises, scamming people of their hard-earned money. 

Fraudsters posing as police officers or NCRB agents contact people in this new method, known as courier scam, accusing them of engaging in illegal activities involving sending and receiving parcels carrying drugs or other illegal substances.

The scammers then convince the victims that they will be contacted by police, and the entire money extortion racket begins to settle the false complaint against the victims.

The courier scam is primarily targeting people aged 35 to 50, and hundreds of cases have been reported to police this year. 

Modus operandi 

Courier scammers pose as customs officials and call their victims. They mention a parcel booked in their name and claim that it contained narcotic drugs or other banned substances. 

They would then pose as a police officer and speak with them about potential arrest. The victim, who is already terrified, tries to settle the false case by offering money to prevent arrest, which is then transferred to the scammers.

During calls, scammers use psychological tactics to distress victims and collect personal identification and bank details. They ask the victim to provide their Aadhaar number and other identification details, in addition to the bank information, in order to steal money from them.

In other cases, it starts with a missed call. When the person returns the call, they are transferred to an automated voice message informing them that they have reached a courier company's helpline, such as Fedex or Blue Dart. 

The other person on the phone then pretends to be a Mumbai police officer, claiming illegal drugs had been discovered in a parcel delivered to their address. The scammer then blackmails the victim into paying. 

A Bengaluru resident was recently duped out of Rs 1.52 crore after falling victim to the courier scam. On November 10, Debashish Das, 66, received a phone call from a man claiming to be a FedEx employee named Kartikeya. 

Das was then told by the employee that a case had been filed in Mumbai in relation to him after it was discovered that a courier sent to Taiwan under his name had six credit cards, an expired passport, and even 950g of MDMA drugs.

Das was instructed to make a Skype call to the Mumbai cybercrime police station in Andheri. The scammers were able to transfer all of the victim's funds, including his fixed deposits, totaling Rs 1.52 crore to their account after posing as police officers and informing him that bank accounts in his name had been linked to illegal activities. 

Prevention tips

  • Not providing an OTP, Aadhaar number, bank account information, or any other sensitive data. 
  • Be wary of unknown callers and those posing as bank, police, or other officials.
  • Never return calls from unknown or suspicious numbers. 
  • Before providing any information, double-check or verify the caller through official sources.
  • Avoid clicking on any suspicious links sent via text or WhatsApp.
Read more »
Technology
Data Safety Financial Regulators India RegTech Technology

Here's How RegTech is Transforming India's Regulatory Landscape

 

Businesses in India finish their GST returns for the month on the 20th of each month, believing their compliance work for the month is finished. However, they soon receive automated notices pointing out inconsistencies in their reporting. This procedure demonstrates how technology is now being used in India to monitor real-time regulatory compliance data. 

In another case, a borrower fails to make a loan payment, and the bank quickly reports the default to the Reserve Bank of India (RBI) via the CRILC platform. This data is then shared with other banks that are dealing with the same borrower. This illustrates how regulatory reporting helps to raise awareness and control non-performing assets (NPAs) in India. 

Furthermore, when a seller generates an e-invoice or an e-way bill, the recipient is notified. This results in a journal entry in the enterprise resource planning (ERP) system after reconciliation with purchase orders (PO) and goods received notes (GRN). This end-to-end automated workflow exemplifies how regulations and technology are promoting business efficiency. 

These instances demonstrate the far-reaching effects of regulatory technology, also known as RegTech. Technology is becoming increasingly important in managing the complex and ever-changing regulatory landscape. RegTech is critical in assisting organisations in efficiently implementing compliance procedures while also allowing regulators to monitor effectively.

The global RegTech market is expanding. According to Allied Market Research, it is expected to grow at a compound annual growth rate (CAGR) of 23.5% between 2018 and 2025, hitting a market value of $55.28 billion by 2025.

India's regulatory system is widely recognised for its complexity and diversity. Almost every sector is subject to a maze of regulations, ranging from manufacturing and energy to financial services and healthcare. The requirements for compliance can include anything from consumer protection and environmental standards to data security, taxation, and financial reporting. It has always taken a lot of time, money, and risk to navigate this regulatory maze without breaking any laws. 

RegTech's ascent 

The solution to these issues lies in RegTech, a subsector of FinTech. It alludes to the efficient and less expensive use of technology by businesses to help them comply with regulations. RegTech solutions offer businesses the capacity to optimise their operations and make well-informed decisions while adhering to legal requirements by automating compliance processes and utilising data analytics. 

Simplifying the procedures for compliance 

Simplifying compliance procedures is one of the main ways RegTech is changing the regulatory environment in India. In the past, in order to comply with regulations, businesses had to invest a large amount of financial and human resources in manually gathering, analysing, and reporting data. Dealing with intricate spreadsheets and sorting through mountains of paperwork were common requirements. 

RegTech solutions, on the other hand, employ automation and machine learning algorithms to quickly and accurately process huge quantities of data. In the financial sector, for example, RegTech tools can assist banks and financial institutions in automatically monitoring transactions for suspicious activity, lowering the risk of money laundering and fraud. RegTech can help the healthcare industry stay in compliance with patient data protection laws, ensuring that private data is handled securely. 

RegTech's future in India

RegTech in India has a bright future ahead of it. RegTech solutions will become more and more in demand as regulatory requirements become stricter and concerns about data privacy rise. Regulators in India, including the Securities and Exchange Board of India (SEBI) and the Reserve Bank of India (RBI), are beginning to see how RegTech can improve regulatory oversight. 

We may anticipate seeing even more cutting-edge RegTech solutions in the upcoming years that are specifically suited to India's distinct regulatory environment. These solutions will help businesses stay ahead of the curve by automating compliance and offering valuable insight regarding regulatory changes.
Read more »
India
Anti-DDoS Measures Cloud technology Cyber Security DDoS India

DDoS Attacks and Its Preventive Measures Organizations Should Adopt

The proliferation of Internet of Things (IoT) devices, now in the billions, coupled with the advancements in network infrastructure and the swift deployment of 5G, necessitates heightened agility from network operators and IT managers in pinpointing and rectifying security flaws. 

Additionally, in today's landscape, organizations are under constant threat from different types of attacks. These include ransomware, hacktivism, and DDoS attacks, all with the goal of either stealing information or causing disruptions in services. DDoS attacks are a particularly serious form of online service disruption, and they can occur due to either malicious intent or legitimate situations.

Cybercriminals are now employing the cloud to orchestrate DDoS attacks. India has witnessed a notable uptick in such attacks, capable of causing disruptions lasting from hours to even days. This not only affects revenue but also undermines customer trust and tarnishes reputation. Furthermore, targeted organizations may encounter legal or regulatory consequences, particularly if customer data is compromised. 

There are three primary categories of cloud-based DDoS attacks: volumetric, protocol, and app layer. Seasoned Managed Service Providers (MSPs) and cloud providers have robust DDoS filtering and defenses in operation. In order to effectively combat DDoS attacks, clients must swiftly detect attacks, implement countermeasures, closely oversee their systems, and incorporate detailed configurations. 

Now we will learn what are DDoS attacks, how to identify them, and their preventive measures. 

 What are DDoS attacks? 

A Distributed Denial-of-Service (DDoS) attack is when someone tries to disrupt a server, service, or network by flooding it with an enormous amount of internet traffic. This flood overwhelms the target and its supporting infrastructure. To make DDoS attacks work, the attackers use many hijacked computer systems to send attack traffic. 

These compromised systems can be regular computers or even devices like smart gadgets connected to the internet. In simple terms, a DDoS attack is like an unexpected traffic jam that blocks the usual flow of traffic on a highway, stopping it from reaching its destination. 

How to detect a DDoS attack on your system? 

When dealing with a DDoS attack, the most noticeable sign is a sudden slowdown or complete unavailability of a website or service. However, it's important to note that similar performance issues can arise from various causes, including a legitimate increase in traffic. This is why it's crucial to conduct further investigation. 

To identify potential DDoS attacks, traffic analytics tools play a vital role. They can help in recognizing certain red flags: 

  • Unusually high levels of traffic originating from a single IP address or within a specific IP range. 
  • A surge of traffic coming from users who share similar behaviour traits, such as device type, location, or web browser version. 
  • An abrupt and unexplained increase in requests directed at a particular page or endpoint. 
  • Peculiar traffic patterns, like sudden spikes during unconventional hours or patterns that seem artificial (for example, a spike occurring every 10 minutes). 

Ideal preventive measures that organizations should adopt against Distributed Denial of Service (DDoS) attacks are as follows: 

  • Firstly, strengthening security measures involves regularly applying updates, fine-tuning configurations, and reinforcing systems to withstand potential attacks, thus effectively safeguarding them. 
  • Secondly, deploying Anti-DDoS Measures entails configuring resources to be less susceptible to attacks. In the event of an attack, it is crucial to ensure that it does not lead to a complete organizational disruption. 
  • Thirdly, leveraging Anti-DDoS Tools enables the activation of functionalities and the incorporation of specialized instruments to provide a defense against DDoS attacks or reduce their potential impact.
  • Fourthly, developing a DDoS Response Strategy involves preparing your security or operations team for managing a DDoS attack and implementing additional measures to safeguard the system.
  • Furthermore, establishing DDoS monitoring entails vigilantly watching for indicators of an attack and meticulously documenting them for future enhancements.
In today's highly interconnected world, where digital technologies play an ever-expanding role, organizations would be wise to collaborate with a cybersecurity specialist. This becomes particularly crucial if cybersecurity is not their main focus or if they operate with budget constraints. 
Read more »
User Privacy
Call Center Scam Cyber Crime Fraud Call India Loan App User Privacy

Loan App Executive Asks BJP Legislator to Repay Loan That He Never Borrowed

 

Even prominent politicians fall prey to scammers in the world of cybercrime, which is a tremendous leveller. A person who is still unknown repeatedly called and texted the BJP legislator Ashish Shelar, requesting that he pay back a debt for which he had served as guarantee. 

Shelar filed a police complaint of harassment. According to Shelar, he has never taken out a loan and has never offered to serve as a guarantee for the repayment of a borrower. 

The legislator claimed that over the past two weeks, a person posing as from a lending app has bombarded him with calls and messages, to the point that his staff reported the incident to the Bandra police station. The caller persisted in pressing for the loan's repayment. However, he added that the caller didn't make any threats.

According to a Bandra police officer, a cyber crime unit from the police station is working on the complaint to find the source of the communications. "The number from which the calls came has been put on tracking mode," stated the police officer. 

The case was registered after Navnath Satpute (41) of Shelar's office lodged a complaint. Based on the complaint, Shelar was asked to make an immediate payment of Rs 7,700 to cover the overdue loan amount. 

Shelar told a local media outlet: "There was no threat... but I was fed up because of those multiple calls I received in the last two weeks... Despite telling the caller that I did not take any loan or stand guarantor, the calls would not stop…" 

A case has been filed against unidentified individuals under provisions of the Indian Penal Code dealing with impersonation, cheating, and attempting to commit an offence, as well as under sections of the Information Technology Act. 

Cases of fraud involving loans reportedly obtained through lending applications have recently increased. Between January and July, a total of 38 loan fraud incidents were recorded across the Mumbai city, with nine cases being solved and nine people arrested. Meanwhile, 116 cases were recorded in 2022, of which six were registered in 2021, and another 42 were filed in 2021, of which just five were resolved. In total, 41 persons were arrested over the course of these two years.
Read more »
User Security
Bank Employees Data Breach Data Leak India Personal Data User Security

Private Data of 12,000 SBI Employees Exposed on Telegram Channels

 

Over 12,000 employees of the State Bank of India (SBI) had their personal information compromised in a significant data breach, which was later published on Telegram channels. Employees' names, residences, contact information, PAN numbers, and personal data from their SBI passbooks were among the information that was leaked.

The data breach was discovered after a file with the personal data of over 12,000 workers of the State Bank of India (SBI) was put to a Telegram channel with the handle @sbi_data on Friday, July 8. According to India Today, the file contained the names, residences, contact information, PAN numbers, account numbers, and photo IDs of the employees. 

"Spread Chaos Comrades!" was penned in the channel's bio, and the file's name was "SBI Employee Data Dump." At the time of the leak, the channel only had 608 subscribers, but the file was quickly shared on social media and on other Telegram channels.

The threat actor who released the data of over 12,000 SBI employees also claimed to have access to millions of consumers' financial information. The threat actor also claims to have leaked the hacked material on public leak forums.

They additionally put out screenshots of SBI account balances and latest transactions on a leak site that is open to the public. Based on the screenshots, the threat actor has access to a wide range of financial data, including account numbers, PINs, and transaction histories. The compromised data was also made available for purchase on dark web platforms. 

Rise in data breach incidents 

In India, data breaches and leaks have drastically escalated in recent years. The CyberPeace Foundation said that over 1,250 data breaches occurred in India in 2022, an increase from 550 in 2021.

Popular messaging app Telegram has evolved into a hub for both illegal and legal communication in recent years. 

Numerous high-profile examples involving the usage of Telegram by criminals have surfaced in recent years. TechCrunch revealed in January 2019 that SBI has exposed its customers' financial information via an unsecured server. Partial account numbers, balances, transaction information, and other sensitive data were among the leaked data.
Read more »
User Safety
Data Privacy India Malicious Apps Mobile Security UPI Scam UPI Payment User Safety

Upsurge in UPI Fraud Cases: How can you Guard Against These Scams

 

India is going digital as more and more individuals use the internet to shop, order food, and complete other activities.

According to a Times of India (TOI) report, in March 2023, Unified Payment Interface (UPI) transactions reached a record high of 865 crores, with a record value of Rs 14.07 lakh crore. The number of transactions totaled 728 crores, which was 18% greater than in February 2023.

However, as UPI transactions have increased, so have instances of online fraud and frauds. More than 95,000 fraud cases using UPI transactions were reported in 2022–2023, up from 84,000 cases in 2021–2022 according to the Union Ministry of Finance. 

Let's focus on UPI frauds in more detail, along with certain precautions you might take.

UPI PIN request 

With the promise of sending money, fraudsters occasionally seduce their victims. To receive the money, they then request that their target enter their UPI PIN. The scammer can easily utilise the victim's UPI PIN to withdraw money if they comply and enter it. Let’s take a look at how UPI scams take place and what you can do to protect yourself. 

“For receiving money, no PIN is required. Anyone asking you for a PIN is a scammer,” Prashant Gautam, DCP of the Intelligence Fusion and Strategic Operations (IFSO) unit of Delhi stated.
 
Customer care fraud 

Fraudsters who pose as customer service representatives are also taken in by the public. A government teacher was recently tricked after calling the number that appeared to be the top search result on Google, thinking it was the Google Pay customer service number. 

The con artist promised to assist the teacher when he complained about inaccurate transactions on the Google Pay app and requested his personal banking information. Following the teacher's disclosure of the information, the fraudster withdrew Rs 2.50 lakh from his bank account.

Cybercriminals will occasionally threaten customers with the blocking of their e-wallet if they do not complete KYC or update their Aadhaar or PAN information under the guise of customer service representatives. Later, "under the guise of verification, they ask the victims to download third-party access apps," the police officer continued, "through which they get remote access to the digital wallets." 

Money sent by 'error' 

Scammers typically send money to their potential targets via UPI apps like Paytm, Google Pay, PhonePe, etc., according to a Delhi Police official, and then contact them to claim that they made a mistake. The cybercriminal then sends the victim a URL and requests that they use it to repay the money. If a person clicks on the link, they lose control of their bank account and digital wallet, which the scammer can then access. 

Prevention tip

Here are three strategies you should learn to use as self-defense against such frauds.

Avoid engaging with fraudsters: Please don't continue if the caller's identity or the source of the information they are sharing are unclear to you or if you are unfamiliar with the number. Especially for food and beverage establishments, be aware of phone numbers listed on public websites as they might not be legitimate. Always confirm someone's identity by checking again. Never forget that your bank will never phone or text you asking for any type of private information. 

Be mindful of the golden rule while receiving payment: No PIN is needed in order to receive money. The 'request money' feature of payment apps is frequently abused by scammers. They will pretend to be interested in purchasing a product you may have posted for sale online. You will NEVER be asked for a PIN if money needs to be debited to your bank account, so keep that in mind at all times. 

Watch out for fake apps: Many fraudulent or malicious apps try to trick you by appearing to be something else. The software will have a similar appearance to the original bank app and be simple to download. Your personal information will be shared with scammers if you unintentionally download and install the bogus app, giving them access to your account and enabling them to steal money. Beware of fake banking apps like Modi Bhim, BHIM Payment-UPI Guide, Bhim Modi App, and BHIM Banking Guide that have been accused of obtaining consumer personal information under the guise of offering a useful service.
Read more »
Indian Digital Railways platform
Data Breach Data Theft India Indian Digital Railways platform

Train Platform RailYatri Again Suffered a Breach

On Wednesday, Train ticketing platform RailYatri released its statement in which it confirmed that the platform suffered a data breach in December 2022. The confirmation is coming after the Railway Ministry denied such an attack and also remarked that no user data has been sold on the dark web leaked from the Railways’ side. 

Reportedly, as a result of the breach, over 30 million users’ data have been sold on malicious sites including phone numbers, email addresses, house addresses, city, etc. Nevertheless, in 2020, RailYatri suffered a similar attack which targeted 7,00,000, users. 

“We observed a security breach in our system on December 28, 2022, we quickly established the source of the breach and fixed it within a few hours. Some RailYatri registered user information limited to age, email, preference city, and phone numbers may have been viewed by unauthorized individuals. No other sensitive customer information has been compromised. We have reported the incident to the government authorities and are exploring legal steps to be taken,” a RailYatri spokesperson said. 

Following the incident, the platform further reported that the platform is constantly investigating the attack with the Indian Computer Emergency Response Team (CERT-in) and also auditing its security systems against further security threats. 

“Our platforms have proper authorization and authentication in place and access to the applications is through HTTPS and servers are behind firewalls which can be accessed through VPN only by authorized teams,” the platform further added. 

Also, when the incident was reported to the authorities on December 28, the Railway Board did not name RailYatri when it confirmed the attack on December 30 denying that data were stolen from IRCTC. Along with this, all IRCTC business partners including reselling platforms like RailYatri have been instructed to evaluate their systems. 

The government has already proposed its bill in the parliament which was named the ‘Digital Personal Data Protection Bill, 2022’ to take strict actions against a data breach, however, the law is yet to be passed.
Read more »
Sextortion
Bank fraud Cyber Crime Cyberattacks CyberCrime Frauds Fraudsters India Malicious actor Sextortion

Mewat: The New Cybercrime Hub in India

 

The Mewat region, situated between the Rajasthan and Haryana states of India is emerging as the new cyber fraud hub in India. 
 
After Jamtara, the infamous hotspot for cyber fraud cases where the young fraudsters involved in the racket would acquire SIM cards, open bank accounts, and dupe victims by posing as bank officials or representatives of telecom service providers, Mewat fraudsters have turned up with more malicious ways to dupe the online victims. 
 
Apparently, the Mewat fraudsters leverage sextortion, a blackmail category of cybercrime, as a weapon in order to deceive victims. 
 
The scammers target online victims while posing as young women, engaging them in conversations, and enticing the targets into sharing sexually explicit images. The scam is then followed by victims being threatened to leak the shared images unless paid.  
 
On being asked about the case's method of operation, Yusuf, one of the suspects held for the charges of sextortion revealed his gang's modus operandi. 
 
“It starts by writing a ‘hi’. He (the target) would usually ask about a video call. I’d do the video call. He’d be lured into going explicit. The woman on the phone does the same,” Yusuf says. 
 
On being asked about the ‘woman', Yusuf tells the investigating officer “It’s (actually the video) on the other phone. That device is placed right under the back camera of my phone, with a video of a woman playing over. It’s like a web call.” 
 
Reportedly, a phone on the other side uses screen recording software in order to capture the events. The victims are then threatened, and if they comply, the money is typically credited into a third party's account. 

In another cyber fraud case, a suspect was held for duping online victims via digital marketplaces.  
 
The scammer, Rahul Khan explains his fraud tactics as: Advertising expensive products for sale at deep discounts on online marketplaces such as OLX, claiming to be certain defence personnel, and fabricating a plausible story about distress. 
 
With the stats going higher in recent years, India recorded a total of 52,974 cases of cybercrime in 2021, up from 50,035 in 2020, 44,735 in 2019, and 27,248 in 2018.  
 
As per a report by the National Crime Records Bureau, nearly 60 percent of similar cybercrime cases were witnessed, pertaining to fraud followed by sexual exploitation (8.6 percent) and extortion (5.4 percent) in 2021.
Read more »
QUAD
Cyber Activities Cyber Security Government India Nations QUAD

QUAD Nations to Assist Each Other in Taking Action Against Malicious Cyber Activities

 

On Saturday, the leaders of India, the United States, Japan, and Australia, known as the Quad, vowed to work together to ensure the security and resilience of regional cyberinfrastructure.

Following a meeting on the sidelines of the UN General Assembly session in New York, the leaders of the four countries issued a joint statement on the subject. External Affairs Minister S Jaishankar, along with his counterparts Penny Wong of Australia, Hayashi Yoshimasa of Japan, and US Secretary of State Tony Blinken, issued a statement urging states to take reasonable steps to address ransomware operations originating from within their borders.

The Quadrilateral Security Dialogue, comprised of India, the United States, Japan, and Australia, was established in 2017 to counter China's aggressive behaviour in the Indo-Pacific region. According to the statement, the leaders believe that focused initiatives to strengthen Indo-Pacific countries' cyber capabilities will ensure the security and resilience of regional cyberinfrastructure.

"The transnational nature of ransomware can adversely affect our national security, finance sector and business enterprise, critical infrastructure, and the protection of personal data. We appreciate the progress made by the 36 countries supporting the US-led Counter Ransomware Initiative and the regular, practical-oriented consultations against cybercrime in the Indo-Pacific region," they said.

The ministers emphasised that practical cooperation in countering ransomware among Indo-Pacific partners would result in ransomware actors in the region being denied a safe haven.

Recalling the last Quad Foreign Ministers' Meeting on February 11 of this year, the ministers stated their commitment to addressing the global threat of ransomware, which has hampered Indo-Pacific economic development and security.
Read more »
User Security
Cyber Fraud India phone scams Spam Call U.S. User Security

U.S. Citizens Lost $39.5 Billion to Phone Frauds Alone Over the Past Year

 

A recent study estimates that scams have increased threefold in the US in the last 12 months resulting in the loss of $39.5 billion, which is the highest number registered since Truecaller, Swedish caller identification and spam blocking app, began researching scam and spam calls in the U.S. eight years ago. 

According to the report, which was undertaken in partnership with The Harris Poll in March 2022, 33% of US citizens reported having fallen victim to phone scams, and 20% on more than one occasion. 55.6% of those who fell victim to a phone scam were men, compared to only 42.2% of those who were women. 

Furthermore, men aged 65 and above, and Hispanics were more likely to fall for scams and phone frauds than those aged below or belonging to any other ethnicity. Nearly, 74% of Hispanic people were targeted and lost money in the last 12 months when compared to Black or White adult individuals.

Approximately 63% of Americans feel like they may miss legitimate calls due to the fear of spam calls. To protect themselves, 43% of people reported they downloaded a spam blocker and/or caller ID. A whopping 86% of Americans said only pick up when the caller is recognizable, 60% have stopped picking up calls altogether and have shifted to other methods of communicating. These include texts, emails, social media apps, faxes, etc. 

To mitigate risks, adults preferred to take action by downloading Spam Blocker/Caller ID apps while people above the age of 65 preferred blocking their credit cards or altering account numbers after being scammed. 

The study suggests that despite the Federal Communication Commission’s (FCC) efforts to regulate via the STIR/SHAKEN framework (a set of FCC standards aimed at protecting Americans from robocalls/scammers) nearly 68.4 million Americans fell victim to at least a phone scam in the last 12 months, indicating fraudsters are bypassing government regulation and finding more sophisticated methods to target users. 

“The findings from this year are concerning and shed light on the fact that fraudsters and scammers continue to outsmart increased government regulation. Additionally, with many robocalls coming from overseas, the increase in regulation will need to work in parallel with technological advancements provided by caller ID and spam-blocking apps, such as Truecaller,” stated Alan Mamedi, CEO of Truecaller. 

India: 4th most spammed nation 

According to Truecaller’s Global Scam Report 2021, India received 4th position in spam sales and telemarketing calls and was placed right behind Brazil, Peru, and Ukraine. 

The sales-related calls made up a vast majority (93.5%) of all incoming spam calls in the country. The report also made a special mention of a single number in India that apparently made over 202 Mn spam calls – more than 664,000 calls every day or 27,000 calls every hour.
Read more »
trojan ShadowPad
China China Cyber Security Cyber Attacks Cyber Threats India Nation-State Attacks State Sponsored Hackers trojan ShadowPad

Chinese Hackers Targeted Indian State Power Grid

 

Chinese state-sponsored malicious actors launched “probing cyberattacks” on Indian electricity distribution centers near Ladakh thrice since December 2021. On Wednesday a report by private intelligence firm Recorded Future confirmed the attack. 

The hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area contested by the two nuclear neighbors, the report added. This attack came to light while the military standoff between the two countries in the region had already deteriorated the relationship. However, the government sources affirmed that the attacks were not successful. 

''In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh," the group said. 

The hackers employed the trojan ShadowPad, which the experts claimed has been developed by contractors for China's Ministry of State Security, thereby concluding  that it was a state-sponsored hacking effort. 

"In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group," Recorded Future said.
Read more »
Technology
cryptocurrency cybercriminals Ethereum India Security Researchers Technology

Phorpiex Variant Used for Cryptocurrency Assaults in Ethiopia, Nigeria, India, and Other Countries

 

Check Point Research has found new cryptocurrency-related assaults in Ethiopia, Nigeria, India, and 93 other countries. The attackers are employing a variation of the Phorpiex botnet known as "Twizt" by Check Point to steal cryptocurrency through a technique known as "crypto clipping." Because wallet addresses are so long, most systems copy them and allow you to just paste them in during transactions. Cybercriminals have used Twizt to replace the intended wallet address with the wallet address of the threat actor. 

Phorpiex, a long-lasting botnet known for extortion tactics and the use of old-school worms delivered via removable USB drives and instant messaging apps, began broadening its infrastructure in recent years in order to become more durable and deliver more hazardous payloads. The Phorphiex botnet is still active today, with a massive network of bots generating a wide range of malicious activities. These operations, which previously comprised extortion and spamming, have grown to encompass cryptocurrency mining. Researchers also saw a surge in data exfiltration and ransomware delivery in 2018, with the bot installer releasing Avaddon, Knot, BitRansomware (DSoftCrypt/ReadMe), Nemty, GandCrab, and Pony ransomware, among other malware. 

Check Point researchers reported intercepting 969 transactions, stating that Twizt "can operate without active command and control servers, enabling it to bypass security systems," implying that each computer infected can expand the botnet. 

Twizt operators have stolen 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens in the last year, totaling around $500,000. 26 ETG were stolen in one incident alone. Phorpiex bots hijacked over 3,000 transactions worth nearly 38 Bitcoin and 133 Ether between April 2016 and November 2021. The cybersecurity firm stated that this was merely a subset of the attacks that were taking place. 

According to Alexander Chailytko, cybersecurity research and innovation manager at Check Point Software, the new variant of Phorpiex poses two major concerns. "First, Tiwzt is able to operate without any communication with C&C; therefore, it is easier to evade security mechanisms, such as firewalls, in order to do damage. Second, Twizt supports more than 30 different cryptocurrency wallets from different blockchains, including major ones such as Bitcoin, Ethereum, Dash, Monero," Chailytko said. 

"This makes for a huge attack surface, and basically anyone who is utilizing crypto could be affected. I strongly urge all cryptocurrency users to double-check the wallet addresses they copy and paste, as you could very well be inadvertently sending your crypto into the wrong hands," Chailytko added.
Read more »
Technology
Business E-services India saaS Technology

Software-as-a-Service: Next Big Thing in Tech, Could be Worth $1 Trillion

 

Since the late 1980s, India has been a destination for low-cost, outsourced software and support services and that was the time when the labor force became a cost-effective solution for multinational companies globally. Historically, the labor arbitrage model has increased the country's wealth, also providing employment and fuelling urbanization. 

Because of the world pandemic, global industries are forced to increase their investment in digital infrastructure, boosting the influence of companies providing software-as-a-service, or SaaS. According to a KPMG survey, last year organizations spent an extra $15 billion per week on technology to improve safe remote working environments. 

While India’s software-as-a-service industry will be worth $1 trillion by 2030, it will also likely increase employment by nearly half a million new jobs, according to a recent report compiled by consulting firm McKinsey & Co. and SaaSBoomi, a community of industry leaders. 

SaaS companies are also known as "on-demand software" and Web-based/Web-hosted software facilitates applications that take care of the software. There are some best-known SaaS companies including Zoom (ZM), Salesforce (CRM), SAP Concur, and the messaging app Slack. 

SaaS has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software. 

According to the report, there are thousands of such companies in India, of which 10 are unicorns, their startups' worth is $1 billion in value. 

"This can be as big an opportunity as the IT services industry was in the 90s," said Girish Mathrubootham, CEO of Freshworks India’s best-known SaaS Company. Last month, the company (Freshworks) filed for an IPO, joining the league of other Indian unicorns that are going public this year.
Read more »
Phishing scam
Banking Trojan Income Tax Returns India malware Phishing scam

Banking Trojan Posing as I-T Refund hits 27 Indian Banks

 

In India, cyberspace has identified a banking Trojan virus that lurks at attacking bankers using Android smartphones, stated the country’s federal cyber security agency, CERT-In, in an advisory alert. Further, the Indian Computer Emergency Response Team (CERT-In ) has claimed that the virus has attacked clients from over 27 public and private sector banks. 

The phishing malware seems to masquerade as the 'income tax refund' – a social engineering piece of malware which targets personal information – and can 'effectually endanger the confidentiality of sensitive customer information and lead to massive attacks and financial frauds,' the CERT-In said, adding: “It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik Android malware.” 

While explaining the invasion operation, the agency said that a victim would have been prompted to fill in personally identifiable information, download and install malicious APK files to finish the requisite verification on a phishing website (as it is on the website of the tax service). The victim would get a link redirecting it to a phishing website. 

“If the user does not enter any information on the website, the same screen with the form is displayed in the Android application and the user is asked to fill in to proceed,” they said. 

Furthermore, Full name, PAN number, Aadhaar number, permanent addresses, birthdates, cell phone number, and financial information, such as bank details, account number, IFSC code, CIF number, debit cards, expiration date, CVV, and PINs, are included as part of the data asked to be filled by the user. 

Once the user has submitted the details, the program claims that a refund amount may be deposited to the user's bank account, and the application exhibits an error and displays a false upgrade page whenever the user enters the amount and selects the "transfer" options. 

During the display of the screen to install the update, Trojan will forward the information about the user to the attacker. 

"These details are then used by the attacker to generate the bank-specific mobile banking screen and render it on the user's machine. The user is then requested to enter the mobile banking credentials which are captured by the attacker," it said. 

The advisory proposes several counter efforts to stop such attacks and malware, such as downloading apps from the official app shops, installing suitable updates and patches on Android, using secured internet browsing tools, carrying out detailed research before clicking on a link in the message, and looking for true certificates of encryption by checking for a green browser lock.
Read more »
PLA
Cyber Espionage Campaign Cyber Security India PLA

Chinese Military Unit Linked to Cyber Espionage Campaign Targeting India

 

Recorded Future, a US security firm, revealed a cyber espionage campaign linked to a suspected Chinese state-sponsored threat activity group, named RedFoxtrot. Recorded Future's threat research arm Insikt Group, discovered evidence dating back to 2014 that interconnects RedFoxtrot and Chinese military-intelligence apparatus, the People's Liberation Army (PLA) Unit 69010. 

Before restructuring in 2015, PLA’s cyber-attack unit 69010 was known as the Lanzhou Military Region’s Second Technical Reconnaissance Bureau, and now it has been incorporated into the Network Systems Department of the PLA’s Strategic Support Force (SSF). According to a report published by Recorded Future’s Insikt Group, cybersecurity experts have detected intrusions targeting aerospace, defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan.

“Notable RedFoxtrot victims over the past 6 months include multiple Indian aerospace and defense contractors; telecommunications companies in Afghanistan, India, Kazakhstan, and Pakistan; and several national and state institutions in the region. Activity over this [past six-month] period showed a particular focus on Indian targets, which occurred at a time of heightened border tensions between India and the People’s Republic of China (PRC,” analysts explained.

According to the research team, for its attacks, the RedFoxtrot group employs both bespoke and publicly available malware families, including IceFog, ShadowPad, Royal Road, PCShare, PlugX, and web server infrastructure to host and deliver payloads and to collect stolen information. Some of the group’s past campaigns have been previously documented by other security firms under different names in something that has become a common sight in modern-day threat hunting.

“The recent activity of the People's Liberation Army has largely been a black box for the intelligence community. Being able to provide this rare end-to-end glimpse into PLA activity and Chinese military tactics and motivations provides invaluable insight into the global threat landscape. The persistent and pervasive monitoring and collection of intelligence is crucial in order to disrupt adversaries and inform an organization or government's security posture", Christopher Ahlberg, CEO, and Co-Founder of Recorded Future, stated.

Recorded Future researchers were successful in making connections inside this nebula of Chinese state-sponsored hacking activity to RedFoxtrot (and subsequently to PLA Unit 69010) due to lax operational security (OpSec) measures of one of its members. 

“Insikt Group is not publicly disclosing the identity of this individual; however, an extensive online presence provided corroborating evidence indicating that this individual is located in Ürümqi, has an interest in hacking, and also has a suspected historical affiliation with the PLA’s former Communications Command Academy located in Wuhan,” the researchers further stated.
Read more »
UK
Cisco Cyber Attacks India Russia Threat actors UK

Cisco Smart Install Protocol is Still Being Exploited in Cyber-Attacks

 

Five years after Cisco issued its first warning, the Smart Install protocol is still being utilized in assaults, and there are around 18,000 internet-exposed devices that might be targeted by hackers. Smart Install is a plug-and-play configuration and image-management technology from Cisco that allows new switches to be deployed with zero-touch. Smart Install can be extremely important to organizations, but it can also be a significant security concern. 

A Smart Install network consists of a group of networking devices known as clients that are served by a common Layer 3 switch or router that serves as a director. You can use the Zero-Touch Installation process in a Smart Install network to install new access layer switches without the help of the network administrator. The director acts as a central management point for client switch images and configuration. When a new client switch is added to the network, the director immediately recognizes it and determines which Cisco IOS image and configuration file should be downloaded. 

The function remains enabled and can be accessed without authentication once a device has been set up via Smart Install. Malicious actors have been able to remotely target devices with Smart Install enabled, including reloading devices, loading a new operating system image, and running arbitrary commands with elevated privileges. 

After an exploitation tool was made public in 2016, Cisco issued a warning on the misuse of Smart Install. In 2017 and 2018, the company sent more alerts, identifying hundreds of thousands of vulnerable devices, including those in critical infrastructure organizations. In 2018, it was revealed that hacktivists targeted the Smart Install function in assaults on Cisco switches in Iran and Russia as part of an ostensibly pro-US attack, as well as a state-sponsored cyberespionage group affiliated to Russia. 

In 2016, the number of networking equipment vulnerable to Smart Install assaults surpassed 250,000, but by 2018 it had reduced to 168,000. The Shadowserver Foundation is still keeping track of the number of potentially susceptible devices, reporting that almost 18,000 are currently online, including many in North America, South Korea, the United Kingdom, India, and Russia. 

Last month, Lumen Technologies' Black Lotus Labs cybersecurity unit discovered that a hacktivist group had compromised at least 100 internet-exposed routers belonging to both public and private sector entities, most of which were based in the United States.
Read more »
Subscribe to: Posts (Atom)