Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label India. Show all posts
Terrorism
Banking CERT-In Cybe Security Cyberattack DDoS defacement Digital Finance India Infrastructure Misinformation Pahalgam SocialMedia surveillance Terrorism

India Strengthens Cybersecurity Measures Amid Rising Threats Post-Pahalgam Attack

 

In response to a surge in cyberattacks targeting Indian digital infrastructure following the Pahalgam terror incident, the Indian government has directed financial institutions and critical infrastructure sectors to enhance their cybersecurity protocols. These instructions were issued by the Computer Emergency Response Team (CERT-In), according to a source familiar with the development, Moneycontrol reported.

The precautionary push isn’t limited to government networks — private sector entities are also actively reinforcing their systems against potential cyber threats. “We have been extra alert right from the Pahalgam attack, in terms of ensuring cyber security speedily not just by government agencies but also by the private sector,” the source stated.

CERT-In, India’s central agency for cyber defense, has released advisories to banking institutions and other essential sectors, urging them to tighten their digital safeguards. In addition, the government has engaged with organizations like NASSCOM to facilitate a collaborative cyber alert framework.

Recent attacks primarily involved DDoS, or distributed denial-of-service incidents, which overwhelm servers with excessive traffic, rendering websites inaccessible and potentially causing financial damage. Attempts to deface websites — typically for political messaging — were also reported.

This intensified focus on digital defense follows India’s military action against terrorist hideouts in Pakistan, occurring nearly two weeks after the Pahalgam incident, which resulted in the deaths of Indian tourists in Kashmir.

Moneycontrol previously highlighted that cyber surveillance across India's vital digital infrastructure is being ramped up following the Pahalgam attack and the subsequent Operation Sindoor. Critical sectors and strategic installations are under strict scrutiny to ensure adherence to robust cybersecurity practices.

Amid these developments, misinformation remains a parallel concern. Daily takedown requests under Section 69A of the IT Act have surpassed 1,000, as the government works with social media platforms to curb the spread of fake news, the source noted.
Read more »
Pakistan
Cyber Attacks Cyber Warfare Hacking India Internet Pakistan

Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked

Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked

Pakistan's cyber warfare against India

Recently, Pakistan state-sponsored hacker groups launched multiple failed hacking attempts to hack Indian websites amid continuous cyber offensives against India after the Pahalgam terror attack. These breach attempts were promptly identified and blocked by the Indian cybersecurity agencies. 

In one incident, the hacking group “Cyber Group HOAX1337” and “National Cyber Crew” attacked the websites of the Army Public School in Jammu (a union territory in India), trying to loiter on the site with messages mocking the recent victims of the Pahalgam terror attack.

State-sponsored attacks against Indian websites

In another cyberattack, hackers defaced the website of healthcare services for ex-servicemen, the sites of Indian Air Force veterans and Army Institute of Hotel Management were also attacked. 

Besides Army-related websites, Pakistan-sponsored hackers have repeatedly tried to trespass websites associated with veterans, children, and civilians, officials said.

Additionally, the Maharashtra Cyber Department defected more than 10 lakh cyberattacks on Indian systems by hacking gangs from various countries after the April 22 terror attack on tourists in Pahalgam. 

Rise of targeted cyberattacks against India

A Maharashtra Cyber senior police official said that the state’s police cybercrime detection wing has noticed a sudden rise in digital attacks after the Kashmir terror strike.

Experts suspect these cyber attacks are part of a deliberate campaign to intensify tensions on digital platforms. These attempts are seen as part of Pakistan’s broader hybrid warfare plan, which has a history of using terrorism and information warfare against India. 

Besides Pakistan, cyberattacks have also surfaced from Indonesia, Morocco, and the Middle East. A lot of hacker groups have claimed links to Islamist ideologies, suggesting a coordinated cyber warfare operation, according to the police official. 

Read more »
Threat Intelligence
Crypto Crime Crypto Funds Cyber Crime India ISKP Threat Intelligence

Terror Ourfits Are Using Crypto Funds For Donations in India: TRM Labs

 

Transaction Monitoring (TRM) Labs, a blockchain intelligence firm based in San Francisco and recognised by the World Economic Forum, recently published a report revealing the links between the Islamic State Khorasan Province (ISKP) and ISIS-affiliated fund-collecting networks in India. ISKP, an Afghan terrorist outfit, is reportedly using the cryptocurrency Monero (XMR) to gather funds.

Following the departure of US soldiers from Afghanistan, the ISKP terrorist group garnered significant attention. The "TRM Labs 2025 Crypto Crime Report," published on February 10th, focusses on unlawful cryptocurrency transactions in 2024. According to the reports, illicit transactions have fallen by 24% compared to 2023. 

The "TRM Labs 2025 Crypto Crime Report," published on February 10th, focusses on illicit cryptocurrency transactions in 2024. According to the reports, illicit transactions have fallen by 24% compared to 2023. However, it also emphasises the evolving techniques employed by terrorist organisations. 

TRM Labs' report uncovered on-chain ties between ISKP-affiliated addresses and covert fundraising campaigns in India. The on-chain link is a component of the Chainlink network that runs directly on a blockchain, featuring smart contracts that handle data requests and connect to off-chain oracles. The TRM report states that the ISKP has begun receiving donations in Monero (XMR). 

News reports state that Voice of Khorasan, a periodical created by ISKP's media branch, al-Azaim, announced the commencement of the organization's first donation drive in support of Monero. Since then, Monero's fundraising activities have consistently included requests for donations. 

According to the report, ISKP and other terrorist organisations are favouring Monero more and more because of its blockchain anonymity capabilities. Monero is now worth ₹19,017.77. This powerful privacy tool aids in transaction concealment. However, the report emphasises that terrorist groups will choose more stable cryptocurrencies over Monero money for the foreseeable future due to its volatility and possible crackdowns. 

Furthermore, reliance on cryptocurrency mixers and unidentified wallets has risen. The primary venues for exchanging guidance on best practices and locating providers with the highest security requirements are now online forums. Fake proofs are being used by people to get over Know Your Customer (KYC) rules enforced by exchanges, which makes it challenging for law enforcement to follow the illicit transactions. 

In contrast to Bitcoin and other well-known digital assets, Monero gained attention for its sophisticated privacy features that make transactions trickier to identify. Because of this, they are a tempting option for people who engage in illicit financial activity.
Read more »
User Safety
Banking Security Cyber Security India RBI User Safety

RBI Launches "bank.in" Domain to Combat Digital Banking Scam

 

The Reserve Bank of India (RBI) has made the "bank.in" domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise the rising threat of digital banking fraud by establishing a secure and verified online presence for the banks across the nation.

Due to the surge in online banking transactions, fraudsters have taken advantage of vulnerabilities by impersonating actual banks via phishing attacks, phoney banking websites, and fraudulent email campaigns. The only registrar for this will be the Institute for Development and Research in Banking Technology (IDRBT).

It is expected that domain registration will get underway in April 2025. By implementing an exclusive bank.in domain strategy, the RBI lowers the risk of financial fraud by ensuring that users can quickly recognise and trust legitimate banking websites.

Importance of “bank.in” domain in banking security

The increased use of digital banking has transformed financial transactions in India, providing easy access to banking services. However, this digital transformation has resulted in an increase in cyber threats, with scammers creating fake banking portals to trick users into disclosing sensitive data such as login credentials, OTPs, and banking details. The RBI's special domain for banks called "bank.in" intends to: 

  • Enhance banking fraud prevention by eliminating fake sites that pose as authentic banking portals. 
  • Increase consumer trust and awareness by ensuring that all Indian banks use a single, verifiable domain structure.
  • Strengthen India's digital banking security by creating a centralised domain that is challenging for fraudsters to replicate.

The "bank.in" domain will be reserved solely for RBI-regulated banking institutions, guaranteeing that only reputable financial institutions can use this domain extension. Each bank's official website will be hosted under the bank.in domain, making it easy for consumers to check legitimacy. For example, a major bank like State Bank of India (SBI) may have an official URL such as sbi.bank.in, indicating that the website is trustworthy. 

To facilitate this transition, the RBI is working with financial institutions, cybersecurity professionals, and domain regulatory agencies to ensure a smooth transition to the new domain. Banks will be expected to phase out their current domains and redirect consumers to their new "bank.in" addresses, ensuring a smooth transition and avoiding confusion.
Read more »
WhatsApp
Banking Scams Cyber Crime India WhatsApp

The Rising Problem of Banking Scams in East India

The Rising Problem of Banking Scams in East India

Currently, India is battling with a fake banking applications spoofing genuine institutions to loot credentials and money.

The scale of the campaign is massive, impacting around 900 different malware samples linked to more than 1000 different contact numbers used to commit frauds/scams. Experts from Zimperium found that malware was hiding in apps that imitiate financial institutions worth billion-dollars, aimed to target common man in India. 

The rise of banking scams in East India

Throughout India, majority of the people have been getting WhatsApp messages containing malicious Android Package Kit (APK) files. When downloaded, these malicious files change into  fake apps spoofing one or multiple banks- ICICI Bank, State Bank of India (SBI) and more. 

The apps demand targets to provide their personal financial info- this includes ATM PINs, debit/credit card numbers and PAN card deta- used for different government and financial reasons, for instance, opening a bank account or paying taxes- adhar card. 

Stealing confidential info

To let hackers get access into victims' bank accounts, the malware hacks one-time passwords and resends them either to a threat actor-controlled phone number or C3 servers operating on Firebase. 

Additionally, the malware uses stealth and anti-analysis measures such as "packing," where the malware is hidden, compressed, and encrypted in ways that its almost impossible to notice them. It self installs by exploiting accessibility service, and get all required permissions on users' devices by just poking a user to careless click "Allow" when the malware asks nicely. 

Zimperium chief scientist Nico Chiaraviglio says "since we don't see the app, it's not easy to uninstall it." He adds "you [have to deal with the] higher permissions. So if you want to uninstall the app, the device will say you cannot install it because it's a system app. You basically need to connect the phone to a computer and uninstall it using the Android Debug Bridge (ADB). It's not something that you can do from a regular user's standpoint."

The success behind scams in India

Dark Reading reports "Phone numbers tied to the campaign lovingly named "FatBoyPanel" have tended to concentrate in eastern states: West Bengal (30.2%), Bihar (22.6%), Jharkjand (10%)."

According to experts, two reasons add to the problem- use of outdated phones in India that aren't equipped with latest updates, and the rise of scammers trapping innocent victims.

Read more »
User Privacy
Cyber Fraud India Online Scam TRAI User Privacy

TRAI Calling: Fraudsters Are Now Employing Novel Strategy to Target Mobile Users

 

As the government intensifies efforts to raise awareness about digital arrests and online financial fraud, fraudsters have shifted their strategies to stay ahead. A concerning trend has emerged where these individuals pose as representatives of the Telecom Regulatory Authority of India (TRAI). Exploiting the credibility associated with the regulatory body, they attempt to deceive unsuspecting users.

These fraudsters often initiate contact by mimicking official government alert messages that warn the public about scams. The tone and language of their communication are crafted to appear authoritative and urgent, persuading recipients to trust the information. In many cases, the messages aim to extract sensitive data, such as personal identification numbers, bank account details, or login credentials, under the guise of preventing fraud.

Such scams highlight the need for individuals to remain vigilant and verify the authenticity of any unsolicited messages or calls claiming to be from regulatory authorities. It is essential to cross-check the source of the communication, avoid sharing sensitive information over the phone or through unverified links, and report suspicious activities to the appropriate authorities.

By staying informed and adopting proactive measures, users can protect themselves from becoming victims of these evolving schemes, contributing to a safer digital environment for all.


Read more »
Technology
Cyber Security Digital Infrastructure India NCRF Technology

How India is Gearing Up to Tackle Cyber Threats Together

 


At the Bharat National Cybersecurity Exercise (Bharat NCX) 2024, experts highlighted the urgent need for collaboration, training, and technological innovation to protect India's expanding digital infrastructure from rising cyber threats. 

India, one of the most connected countries globally, faces increasing cybersecurity challenges as over 1.4 billion people access the internet. Colonel Nidhish Bhatnagar, Chief Mentor at the School of Information Technology, Artificial Intelligence & Cybersecurity, noted that this rapid digital growth has placed India among the top 10 cyber-resilient nations. Critical infrastructure such as power grids, healthcare, and financial networks now benefit from national-level security measures aimed at preventing large-scale disruptions.  

Training and Innovation: Key to Cyber Defense 

Dr. Jatin Patel, Director of Rashtriya Raksha University, emphasized the importance of simulation-based training exercises to prepare professionals in sectors like energy and healthcare for real-world cyberattacks. "Informed decision-making is crucial to safeguard India's critical infrastructure from targeted attacks," Patel explained. 

Key initiatives launched at the event include: 

1. National Cybersecurity Reference Framework (NCRF) – A standardized guideline for industries to adopt best practices in securing critical systems. 

2. National Cyber Range 1.0 (NCR-1.0) – India’s first indigenous cyber range designed to simulate sophisticated attacks and train cybersecurity professionals. 

Lt. Gen. M.U. Nair (Retd.), National Cyber Security Coordinator, stressed the importance of cross-sector collaboration, while Deputy National Security Advisor T.V. Ravichandran underscored the role of emerging technologies like AI, machine learning, and blockchain in building proactive cybersecurity frameworks. 

“Our goal is to embed cybersecurity into every aspect of critical infrastructure,” Ravichandran said, emphasizing the importance of being proactive rather than reactive in mitigating risks. 

A Vision for a Secure Digital Future 

Bharat NCX 2024 showcased India's commitment to cybersecurity innovation. With initiatives like NCRF, NCR-1.0, and a thriving startup ecosystem, India is well-positioned to tackle evolving cyber challenges. By fostering continuous collaboration, training, and technological adaptation, the nation aims to lead in global cybersecurity resilience, ensuring a secure digital future for all its citizens.

Read more »
Scam
Cyber Awareness Cyber Crime Digital Arrest India Internet Scam

Digital Arrest: How Even The Educated Become Victims

Digital Arrest: How Even The Educated Become Victims

One of the most alarming trends in recent times is the surge in digital arrest scams, particularly in India. These scams involve cybercriminals impersonating law enforcement officials to extort money from unsuspecting victims. 

Cybersecurity threats are rapidly escalating in India, with digital arrest scams becoming a major issue. Even well-educated individuals are falling victim to these sophisticated schemes. 

Digital Arrest: A Scam

The concept of a digital arrest does not exist in law. These scams involve cybercriminals masquerading as law enforcement officials or government agencies like the State Police, CBI, Enforcement Directorate, and Narcotics Bureau. 

These scams often leverage official-sounding language and sometimes even use fake police or court documents to appear legitimate. Scammers sometimes use deepfake technology to create convincing video calls, making it even harder for victims to distinguish between a real and a fraudulent interaction.

Scammers may also send fake arrest warrants, legal notices, or official-looking documents via email or messaging apps. They accuse victims of severe crimes like money laundering, drug trafficking, or cybercrime. 

Common claims include: "a phone number linked to your Aadhaar number is involved in sending abusive messages or making threatening calls," "a consignment with drugs addressed to you has been intercepted," or "your son has been found engaged in nefarious activity." They may even fabricate evidence to make their accusations more credible.

The Problem in India

India has seen a significant rise in digital arrest scams, affecting individuals across different strata of society. The problem is exacerbated by the fact that many people are unaware of the nuances of cybercrime and can easily fall prey to such tactics. 

Factors contributing to the rise of these scams in India include:

  1. Increased Internet Penetration: With more people accessing the Internet, especially on mobile devices, the pool of potential victims has expanded significantly.
  2. Lack of Cyber Awareness: Despite the growth in internet usage, there is a significant gap in cyber awareness and education. Many individuals are not equipped with the knowledge to identify and respond to such scams.
  3. The sophistication of Scammers: Cybercriminals are becoming increasingly sophisticated, using advanced technologies and psychological tactics to manipulate victims.

The impact of digital arrest scams on victims can be severe. Apart from financial loss, victims often experience psychological distress and a loss of trust in digital platforms. Educated individuals, who might otherwise be cautious, can also fall victim to these scams, as the fear of legal repercussions can cloud judgment.

Read more »
Subscribe to: Posts (Atom)