Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cyber threat. Show all posts
malware
antivirus protection cyber threat DLL injection Fake VPN GitHub malware Lumma Stealer malware

New Cyber Threat: Fake VPNs on GitHub Spreading Lumma Stealer Malware

 

Security researchers are raising alarms about a newly emerging cyber threat involving counterfeit VPN software distributed through GitHub. According to a recent report by Cyfirma, threat actors are disguising malware as a legitimate tool called “Free VPN for PC” to trick users into downloading what is actually a dropper for the notorious Lumma Stealer malware.

This deceptive malware has also been spotted masquerading as a “Minecraft Skin Changer,” targeting unsuspecting gamers and individuals seeking free utilities. Once installed, it activates a multi-layered attack process that includes techniques such as obfuscation, dynamic DLL loading, memory injection, and misuse of trusted Windows components like MSBuild.exe and aspnet_regiis.exe—all designed to stay hidden and maintain control over the infected system.

A key part of the attack’s effectiveness lies in its use of GitHub for distribution. One example includes the repository at github[.]com/SAMAIOEC, which hosted password-protected ZIP archives and provided usage instructions to enhance the appearance of legitimacy.

The malware payload, encoded in Base64 and peppered with French text, is concealed within these ZIP files.

“What begins with a deceptive free VPN download ends with a memory-injected Lumma Stealer operating through trusted system processes,” Cyfirma reports.

Upon launching, a file named Launch.exe begins decoding a Base64-encoded string, ultimately dropping a DLL file named msvcp110.dll into the user’s AppData directory. This DLL remains hidden, is loaded only during runtime, and calls a function—GetGameData()—that triggers the final payload.

Reverse engineering the threat is difficult, thanks to anti-debugging measures like IsDebuggerPresent() and heavily obfuscated control flows.

This attack is aligned with known MITRE ATT&CK tactics, including DLL side-loading, sandbox evasion, and in-memory execution.

How to Stay Protected:

  • Avoid unofficial software: Stay away from tools claiming to offer free VPNs or game modifications from unknown sources.
  • Be cautious with GitHub downloads: Even if hosted on trusted platforms, avoid downloading password-protected ZIP files or tools with unclear installation instructions.
  • Block executables in risky folders: Prevent programs from running in directories like AppData, commonly used by attackers to conceal malicious files.
  • Scrutinize DLL files: Investigate any suspicious DLLs found in roaming or temp folders.
  • Monitor unusual system behavior: Keep an eye on tasks like MSBuild.exe in your task manager that may indicate malicious activity.
  • Use behavior-based security tools: Employ antivirus solutions with behavioral detection, DDoS protection, and full endpoint security to safeguard against advanced threats such as memory injection and API misuse.

By remaining vigilant and using comprehensive cybersecurity tools, users can defend themselves against sophisticated attacks like this one.
Read more »
Websites
cyber threat CyberCrime Cybersecurity Digital Slavery Global Network Ingram Micro IT Infrastructure Ransomware Attach Websites

Ingram Micro Faces Major Outage Following Ransomware Incident


 

An assault on Ingram Micro's global network started on July 3, which crippled parts of the company's global network as well as disrupted its ordering portals and customer service channels. Ingram Micro is currently restoring critical systems. 

It became evident that the disruption was caused first when clients were suddenly unable to place orders or communicate with account teams via standard telephone lines, particularly resellers and managed service providers that rely heavily on the distributor's platforms. 

A wide array of regional websites became unavailable as a consequence of the outage, which forced them into maintenance mode landing pages that offered only minimal contact information for sales and technical support, emphasising the extent of the damage and how urgent it was to get them back online. 

A ransomware attack that began on July 3 triggered widespread disruptions across Ingram Micro's global infrastructure, severely affecting the ability of company to support its partners and customers. As a first sign of trouble, customers began experiencing difficulties placing orders and getting in touch with account representatives through standard communication channels, especially resellers and managed service providers, which comprise a substantial portion of the company's customer base. 

After a series of disruptions, the company decided to redirect traffic to temporary maintenance pages that contained only basic contact information for sales and support teams, as traffic to its regional websites had quickly escalated. While it was necessary to move, this move highlighted the extent of the problem and the limited availability of core services. As one of the world's largest IT distributors, Ingram Micro relied heavily on interconnected digital systems, and the impact was far-reaching, affecting partners throughout multiple countries. 

Since then, the company has worked tirelessly to restore its systems, focusing on service restoration as well as launching an investigation into the nature and extent of the breach. Ingram Micro is a global leader in business-to-business technology distribution and service providers, recognised as one of the most important and reliable technology service providers globally. 

As a leading provider of comprehensive IT solutions encompassing hardware, software, cloud computing, logistics, and professional training, Ingram Micro plays a crucial role in the IT supply chain. As a key enabler of digital infrastructure for organisations around the world, the company serves a vast network of resellers, system integrators, and managed service providers. 

It has been unresponsive since Thursday, including its official website, online ordering systems, and support systems, leading to a significant operational disruption for customers who use its digital platforms to access inventory in real-time, place orders, and receive support. Despite the fact that Ingram Micro did not publicly disclose the cause of the outage, the sustained downtime has raised concerns across the entire technology distribution ecosystem as the sustained outage has raised increasing concern. 

The incident has not only hampered the company's day-to-day operations but has also rippled across supply chains and service delivery for its clients and partners, due to the company's integral position in the global IT channel. When the cyberattack began on Thursday, it quickly took Ingram Micro's primary website, as well as significant parts of the global network infrastructure, offline and inoperable.

Late Saturday night, the company released a brief public statement acknowledging the incident, informing customers of its intent to restore systems as quickly as possible to resume order processing and core operations. Before the opening of the financial markets in the United States on Monday, Ingram Micro formally notified its shareholders regarding the breach, indicating that there may be a negative impact on the business continuity and the interest of investors. 

As a result of the timing of this outage, coincidental with the approaching long holiday weekend, it immediately triggered immediate concern, especially since ransomware attacks on high-profile organisations are becoming increasingly common during times of diminished staffing and increased vulnerability. 

With headquarters in California, Ingram Micro holds a prominent position as one of the largest distributors of hardware, software, and information technology solutions in the global technology supply chain, with several products on offer. As well as providing distribution services, the company is also a managed service provider (MSP), offering cloud management and outsourced IT services to a wide range of corporate clients, particularly small and mid-sized organisations. 

A significant portion of the outage has extended beyond logistical and e-commerce functions, with reports indicating that software licensing processes have also been disrupted as a result of the outage. Ingram Micro's backend systems have been compromised by this attack, which has made it more difficult for many customers to provision or access certain digital products which are dependent on them. It has also impacted the company's service ecosystem on multiple levels.

On Saturday evening, Ingram Micro released an official statement confirming that a ransomware attack caused the service outage that had gone on for almost 48 hours, validating the concerns expressed by the company's global customer base. In parallel with the public disclosure of the incident, the company also filed a Form 8-K with the Securities and Exchange Commission, which indicated that the incident was likely to have a significant impact on the company's operations and materiality. 

There is no doubt that this formal regulatory filing emphasises the seriousness of the attack and shows how the company is expected to maintain transparency with its stakeholders, investors, and regulators in the aftermath of a cybersecurity breach of this magnitude, as well as the seriousness of the incident. According to industry analysts, Ingram Micro's handling of the incident highlights just how critical it is to communicate rapidly, transparently, and coordinatedly during large-scale cyber crises of any scale. 

A cascading effect has been caused across the entire global IT supply chain as core systems have been severed from vendors and clients as a result of the attack, even though it is still unclear how much damage has been caused. It is not just apparent that interconnected ecosystems can be operationally vulnerable, but the incident also serves to underscore the importance of cybersecurity resilience in the digital age in terms of strategic importance. 

"Neil Shah, Vice President at Counterpoint Research, stated that the attack exposed vulnerabilities in a broader IT value chain, particularly due to the central role Ingram Micro plays in channel operations. As a consequence of this event, Ingram's IT infrastructure was disabled, preventing access to its partners as well as its clients from being able to work. 

Consequently, Shah explained to me that this caused significant delays in processing and fulfilment, as well as the potential exposure to sensitive customer information, such as pricing structures and data related to channel partnerships,” he explained. As well, Greyhound Research's Chief Analyst and CEO, Vir Gogia, echoed these concerns by stating that cyberattacks targeting IT distributors can directly hinder the agility of global supply chains. 

If fulfilment platforms fail, a ripple effect takes place: enterprise buyers are left with backlogs and shipment delays, OEMs lose insight into downstream demand, resellers are unable to meet customer service level agreements (SLAs), and enterprise procurement teams are forced to defer capital recognition. According to the author, the consequences of centralised procurement models are especially acute in industries and regions with large-scale retail, government, and telecommunications. 

A renewed interest has also been drawn to the systemic risks associated with cloud-based infrastructures as a result of the incident. As today's supply chains rely heavily on cloud-based logistics, vendor-client management systems, and real-time data visibility, the breach at Ingram Micro highlights one of the biggest vulnerabilities in today's cloud-centric IT ecosystems. 

Besides halting the company's global operations, Ingram Micro was also disrupted by the ransomware attack, disrupting the flow of billions of dollars worth of channel transactions, which forced resellers and enterprise customers to seek alternative sources for procurement. As a result of this sudden shift in purchase behaviour, business continuity across the supply chain was severely compromised, and Ingram Micro's reputation for operational reliability and efficiency for logistical reasons was temporarily eroded. 

Industry analysts have cautioned that the incident might result in revenue deferrals, contract fulfilment delays, and possible penalties due to breaches of service-level agreements (SLAs). Several experts, however, have also pointed out that the timely disclosure of the company's issues and the coordination of remediation efforts have played a crucial role in reducing the reputational and financial consequences for the company in the long run. 

In light of this incident, the entire industry has been jolted awake, reinforcing the urgency for robust cybersecurity preparedness and agile response frameworks. During Ingram Micro's experience with the SafePay ransomware variant, it was clear that maintaining a secure and modern IT infrastructure, including security patches updated to the latest version, optimised system configurations and constant threat monitoring protocols, was imperative. 

There has been a great deal of learning from this breach, such as the importance of clear, fast communication, both internally among operational teams as well as externally to partners, clients, and regulatory authorities. Through the company's response strategy, which involved a thorough investigation and a structured recovery process, actionable insights have been gained that can be applied to enhancing cybersecurity resilience. 

In the future, this event is expected to help shape future risk management practices by emphasising the importance of being proactive and preventative in defending against cyber threats that are evolving. In the wake of the Ingram Micro ransomware attack, the broader IT industry has to reexamine and strengthen its cyber preparedness posture as soon as possible in order to recover from the incident. 

The resilience of technology supply chains depends on more than just operational efficiency, as digital infrastructure increasingly intertwines with global commerce. They must also have a strong cyber foundation in place to protect them. Organisations, particularly large-scale distributors, service providers, and vendors, need to prioritise developing incident response frameworks that are both agile and deeply integrated into business continuity plans to stay on top of cyber threats. 

The organization must adopt zero-trust architectures, run regular threat simulations, ensure system visibility in real-time, and establish clear escalation protocols with technical, legal, and communications teams simultaneously, in order to ensure real-time system visibility. Enhanced vendor risk management, third-party audits, and contingency procurement strategies should no longer be optional safeguards, but rather become a standard part of operations. 

The Ingram Micro incident has highlighted the vulnerabilities inherent in today’s cloud-reliant ecosystems; moving forward, we need to focus on proactive cyber resilience not just as a precautionary measure, but as a vital part of ensuring trust, continuity, and competitive viability in a digital economy that is increasingly dependent on cloud technologies.
Read more »
Postal Service
Amazon Brushing Scam customer privacy Cyber Fraud cyber threat Data Fraud data security Data Theft Postal Service

Brushing Scam Targets Amazon Customers with Unsolicited Packages and Hidden Cyber Threats

 

Ray Simmons was confused when he received an unexpected Amazon package containing beet chews. Initially, he thought it might be a joke from someone encouraging him to eat healthier. However, it turned out to be part of a broader scam known as “brushing,” where consumers receive unsolicited deliveries from online sellers attempting to manipulate product ratings and reviews. 

Brushing scams involve third-party sellers who send low-value goods to individuals whose names and addresses are often scraped from publicly available online sources. After the product is delivered, scammers use the recipient’s identity or create a fake account that resembles the recipient to leave positive reviews. These fake reviews can artificially boost a product’s credibility, helping it rank higher in search results and increasing sales. 

While receiving a free item might seem harmless, the scam carries hidden dangers. The U.S. Postal Inspection Service (USPIS) warns that these incidents indicate misuse of personal information. Even more concerning is the potential for packages to include QR codes, which might direct recipients to malicious websites. Scanning such codes can result in the installation of malware or the theft of personal data. 

The scam is a reminder that personal data is often accessible and can be exploited without a consumer’s knowledge. USPIS stresses the importance of not interacting with suspicious elements included in unsolicited packages. Inspector David Gealey noted that even though these items may appear insignificant, they are a signal that someone has unauthorized access to your personal information. 

Fortunately, the package Simmons received did not include a QR code. Nonetheless, he took immediate action by checking his Amazon and banking accounts for any signs of unauthorized access. This kind of vigilance is exactly what USPIS recommends for anyone in a similar situation. 

Authorities advise that recipients of such packages should not scan any QR codes or click on any related links. They also emphasize that there is no obligation to return unsolicited items. Instead, consumers should monitor their financial and e-commerce accounts for any suspicious activity and report the incident to local law enforcement, USPIS, or the Federal Trade Commission.  

Though brushing scams may appear to be minor nuisances, they reflect deeper issues related to data privacy and cyber fraud. Staying informed and cautious can help consumers protect themselves from further harm and support efforts to hold malicious actors accountable.
Read more »
USPS
Cybbersecurity Cyber Crime cyber threat CyberCrime Identity Theft Postal Service SMS Phishing SMS Spoofing USPS

Identity Theft Concerns Rise as USPS Flags Suspicious Package Deliveries

 


Recently, the United States Postal Service (USPS) issued an advisory in which it advised citizens to be more vigilant in light of an increase in sophisticated mail fraud schemes. In addition to the deceptive activities that have notably increased across the country, particularly during the recent holiday season, consumers' financial and personal security have been threatened significantly as a result of these deceptive activities. In addition to traditional phishing emails and fraudulent text messages, the USPS reports that these scams are now taking a more sophisticated form. 

As the number of unsolicited packages delivered is on the rise, criminals are using increasingly inventive methods to deceive the recipients of their mail to exploit them. This makes it more difficult to tell a genuine email from a fraudulent email. There has been an increase in the number of individuals who are being affected, and as a result, the USPS has intensified its anti-fraud initiatives, reinforcing its commitment to maintaining the integrity of the national postal system in the long run. 

A collaboration between the agency and law enforcement agencies, and consumer protection agencies is being undertaken to track these schemes as well as educate the public about identifying and reporting suspicious activity. There has been a noticeable rise in text message fraud scams impersonating the United States Postal Service (USPS), posing an urgent threat to public data security. In these fraudulent communications, the recipient often receives an alleged pending package and is requested to take additional action to make sure that it is delivered by taking steps to ensure its delivery. 

Even though the message appears authentic, there is a malicious intent behind it, designed to deceive individuals into disclosing sensitive financial and personal information. The most alarming aspect of these scams is their sophisticated presentation. In most cases, the messages are designed to evoke a sense of urgency and legitimacy by using language that sounds official and even replicating USPS logos and branding. 

The victim is usually directed to click on links in the emails, which lead to fake websites that harvest personal information such as banking credentials, ID numbers, and other private data, utilising embedded links. To avoid falling victim to these unscrupulous tactics, it is important to recognise and resist them. In an era of increasingly advanced cyber threats, individuals are advised to maintain vigilance to protect themselves against identity theft and financial exploitation. 

As a result of this, individuals should scrutinise unexpected delivery notifications, refrain from engaging with suspicious links, and report any suspicious messages to the appropriate authorities. During the past few years, cybercriminals have become increasingly sophisticated with regards to the USPS-related text message scams, posing as automated postal service notifications. Under the pretence of facilitating package redelivery, these deceptive messages are designed to convince recipients that they have missed a delivery, causing them to confirm their personal information or click on embedded links. 

While these texts may seem innocuous at first glance, they are a deliberate attempt to compromise the privacy and security of individuals, as well as their financial security. Social engineering plays a significant role in the strategy behind these scams. In a first method, known as pretexting, a plausible narrative, usually a delayed or incomplete delivery, is used to trick the recipient into providing sensitive information in exchange for a fee. 

The second method of attack, SMS spoofing, allows attackers to conceal their true identity by modifying the sender's information to disguise the fraudulent message's origin, thereby appearing as though it has been sent by an official United States Postal Service. In general, these schemes are referred to as smishing, a type of phishing that involves sending text messages in exchange for a reward. Typically, the victims are directed to counterfeit websites that look remarkably similar to official USPS interfaces. 

When users get there, they will be prompted to provide personally identifiable information (PII) as well as their contact information, under the false assumption that this information is necessary to redeliver or verify their package. Many malicious websites out there are not only designed to gather sensitive information, but also to use fraudulent payment services to charge a small transaction fee. Often, the stolen data can be sold on illegal marketplaces or used directly to commit identity theft and financial fraud.

Individuals must be aware of the threats that continue to evolve regarding delivery-related messages and verify any requests that they make through official USPS channels to avoid harm. It has become increasingly apparent that crime has become increasingly sophisticated and frequent in the country's postal infrastructure, as the number and nature of criminal activity have increased. In response to this crime wave, the United States Postal Service (USPS) has intensified its efforts to improve its operations to combat these crimes. 

To implement this initiative, the Government of the United States has decided to implement a comprehensive 10-year strategy, Delivering for America, a $40 billion investment which is intended to transform the postal system into a secure, efficient, and financially sustainable institution that will meet the needs of future generations, thereby transforming the entire postal system. Project Safe Delivery was initiated as part of this larger strategy by USPS, in partnership with the US Postal Inspection Service, as a targeted enforcement campaign to combat crimes aimed at ensuring the safety of mail services and ensuring their integrity. 

It has been more than two years since this joint operation was launched, but since then, it has been able to achieve tangible results, such as more than 2,400 arrests and a significant decrease in mail carrier robberies by more than 27%. This program has been proving to be an effective tool for deterring and prosecuting postal crime, with over 1,200 people apprehended in 2024 alone for mail-related theft, thus demonstrating the program's effectiveness in deterring and prosecuting it. USPS has taken extensive measures to further enhance the security of its delivery network. 

In addition, over 49,000 high-security mailboxes have been installed across the country, designed to prevent tampering and unauthorised entry. Also, advanced electronic locking mechanisms are being installed in the mail carriers' offices to replace the traditional mechanical locks they were using in the past. These upgrades are essential for preventing the widespread theft of carrier keys, which have become frequent targets of criminal activity. It is also vital for the USPS's security framework to emphasise the importance of encouraging public cooperation. 

A substantial monetary reward program has been instituted, and individuals providing credible information that leads to arrests in postal robberies can now receive up to $150,000 for providing credible information. It is also possible for the agency to pay up to $100,000 for actionable tips that lead to the arrests of mail thieves, a practice that reinforces the agency's commitment to protecting both mail workers and the American public. According to Secretary of State Sherry Patterson, the United States Postal Service (USPS) is committed to confronting and dismantling any schemes that attempt to exploit the postal system to maximise revenue. 

USPS has released a set of precautionary guidelines for individuals to follow when receiving suspicious or unsolicited package deliveries, an increasingly common tactic used by identity thieves and fraudsters, as part of its public safety outreach program. When an unrequested parcel is received by a recipient, it is strongly recommended that the recipient refrain from engaging with any embedded links, QR codes, or digital prompts that may accompany the delivery or related notification.

There is a high probability that these elements will act as a gateway to malicious websites that will be used to harvest personal information or to install malware, so it is recommended that users report questionable mail or packages directly to the USPS using their official website. Also, recipients need to maintain ongoing vigilance, monitoring their financial accounts for any anomalies or unauthorised transactions that may suggest fraudulent activity. 

In addition to taking care of users' credit profiles as a precautionary measure, it is also advised that they review them periodically and consider freezing their credit profiles temporarily as an added measure of security. The proactive approach taken by the Post Office is one of the most effective methods of preventing unauthorised credit activity since it can help prevent a crime from potentially occurring, especially in the aftermath of an identity theft. Together, these measures form one of the most effective lines of defence against postal-related scams.
Read more »
Hacking
AI technology AI Threat CrowdStrike Cyber Security cyber threat CyberCrime cybercriminals Hacking

Cybercrime in 2025: AI-Powered Attacks, Identity Exploits, and the Rise of Nation-State Threats

 


Cybercrime has evolved beyond traditional hacking, transforming into a highly organized and sophisticated industry. In 2025, cyber adversaries — ranging from financially motivated criminals to nation-state actors—are leveraging AI, identity-based attacks, and cloud exploitation to breach even the most secure organizations. The 2025 CrowdStrike Global Threat Report highlights how cybercriminals now operate like businesses. 

One of the fastest-growing trends is Access-as-a-Service, where initial access brokers infiltrate networks and sell entry points to ransomware groups and other malicious actors. The shift from traditional malware to identity-based attacks is accelerating, with 79% of observed breaches relying on valid credentials and remote administration tools instead of malicious software. Attackers are also moving faster than ever. Breakout times—the speed at which cybercriminals move laterally within a network after breaching it—have hit a record low of just 48 minutes, with the fastest observed attack spreading in just 51 seconds. 

This efficiency is fueled by AI-driven automation, making intrusions more effective and harder to detect. AI has also revolutionized social engineering. AI-generated phishing emails now have a 54% click-through rate, compared to just 12% for human-written ones. Deepfake technology is being used to execute business email compromise scams, such as a $25.6 million fraud involving an AI-generated video. In a more alarming development, North Korean hackers have used AI to create fake LinkedIn profiles and manipulate job interviews, gaining insider access to corporate networks. 

The rise of AI in cybercrime is mirrored by the increasing sophistication of nation-state cyber operations. China, in particular, has expanded its offensive capabilities, with a 150% increase in cyber activity targeting finance, manufacturing, and media sectors. Groups like Vanguard Panda are embedding themselves within critical infrastructure networks, potentially preparing for geopolitical conflicts. 

As traditional perimeter security becomes obsolete, organizations must shift to identity-focused protection strategies. Cybercriminals are exploiting cloud vulnerabilities, leading to a 35% rise in cloud intrusions, while access broker activity has surged by 50%, demonstrating the growing value of stolen credentials. 

To combat these evolving threats, enterprises must adopt new security measures. Continuous identity monitoring, AI-driven threat detection, and cross-domain visibility are now critical. As cyber adversaries continue to innovate, businesses must stay ahead—or risk becoming the next target in this rapidly evolving digital battlefield.
Read more »
Data Theft
Cyber Security cyber threat Data Security Breach Data Theft

U.S. Soldier Who Hacked AT&T and Verizon Sought to Sell Stolen Data to Foreign Intelligence, Prosecutors Say


A U.S. soldier who pleaded guilty to hacking AT&T and Verizon attempted to sell stolen data to what he believed was a foreign military intelligence service, according to newly filed court records reviewed by Media. 

The documents also reveal that the soldier, Cameron John Wagenius, searched online for “U.S. military personnel defecting to Russia” and “can hacking be treason.” Wagenius, who operated under the online aliases “kiberphant0m” and “cyb3rph4nt0m,” unlawfully obtained and transferred confidential phone records, including those of high-ranking public officials. 

Prosecutors allege that he posted these records for sale in November 2024 and demanded $500,000 from AT&T in exchange for deleting the stolen information, all while on active duty at Fort Cavazos. His activities were part of a larger cyberattack against multiple Snowflake customers during the summer of 2024, impacting at least ten organizations, including Live Nation Entertainment Inc. and Advance Auto Parts Inc. 

Court documents state that hackers linked to the AT&T breach targeted records associated with prominent figures, including former First Lady Melania Trump, Ivanka Trump, Vice President Kamala Harris, and the wife of Senator Marco Rubio. However, it remains unclear what specific data Wagenius attempted to sell to the foreign intelligence service.  
Prosecutors have described the extortion attempt as “only a small part of Wagenius’ malicious activity.” According to a government memorandum filed Wednesday, Wagenius allegedly communicated with an email address he believed was linked to a foreign intelligence agency and, days later, searched for information about countries that do not extradite to the U.S. 

The memorandum states, “Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service.” Authorities have also uncovered thousands of stolen identification documents, including passports and driver’s licenses, on Wagenius’ devices, along with access to large amounts of cryptocurrency. 

Additionally, he researched the Russian embassy in Washington, D.C., raising further concerns about his intentions. Wagenius’ co-conspirator, Connor Moucka, a Canadian citizen, is set to face an extradition hearing in Canada on charges of stealing AT&T and Snowflake customer data. Another alleged accomplice, John Binns, an American living in Turkey, was reportedly fearful of being tracked by U.S. intelligence agencies. 

The extensive hacking operation, which prosecutors say resulted in millions of dollars in ransom payments, has prompted warnings from the FBI about potential risks to national security. The agency has cautioned that the breach could compromise communications between FBI agents and confidential sources.
Read more »
TRAI
COAI Cybeattacks Cyber Crime cyber threat CyberCrime Cyberhackers Cyberscam Cybersecurity TCCCPR Telecom TRAI

TRAI Enforces Stricter Regulations to Combat Telemarketing Spam Calls

 


There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)'s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations. These amendments will take effect on February 12, 2025, and prohibit the use of 10-digit mobile numbers for telemarketing purposes, addressing the growing concern that mobile users have with fraudulent and intrusive messages.

To ensure greater transparency in telemarketing practices, the Telecom Regulatory Authority of India (TRAI) has enforced several measures that aim to ensure communication integrity while increasing the intelligence of telemarketers. A comprehensive consultation process was undertaken by the Telecom Regulatory Authority of India (TRAI), which involved a comprehensive stakeholder consultation process for the approval of changes to the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, as a result of which significant changes have been made. This revision is intended to protect consumers against unsolicited commercial communications (UCCs) as well as to enhance compliance requirements for the providers of telecom services. 

Cellular Operators Association of India (COAI,) however, has expressed its concern over the updated regulation, especially about the penalties imposed on service providers as a result of it. The second amendment to the TCCCPR allows consumers to lodge complaints up to seven days after receiving the call or message, allowing them greater flexibility in reporting spam calls and messages for the second amendment. Furthermore, because of the new regulations, individuals are now able to lodge complaints without the need to first register their preferences for communication. 

Additionally, telecom operators are required to respond to complaints within five business days, a substantial reduction from the previous deadline of 30 days. A new set of stricter enforcement measures imposed by the law mandates that senders who receive five complaints within ten days must be held accountable for the complaint. To further safeguard consumer interests, telecom service providers will now be required to provide users with the option of opting out of all promotional emails. 

TRAI has also mandated a standard messaging format, which requires message headers to contain specific codes that indicate that they are promotional, service-related, transactional, or government-related. This structured labelling system aims to enhance transparency and help users distinguish between different types of communication by adding a structured llabellingsystem to their communication systems. 

As a part of the regulatory framework implemented by the Telecom Regulatory Authority of India (TRAI) to improve transparency and curb unsolicited commercial communications (UCCs), 10-digit mobile numbers will no longer be allowed to be used for commercial purposes. A telemarketer is required to use a series of designated numbers for promotional and service calls, ensuring that the two are clearly distinguished.

It is expected that the existing ‘140’ series will remain available for promotional purposes while the newly launched ‘1600’ series will be used for transactional and service-related communications. TRAI has also removed the requirement for the consumer to pre-register their communication preferences in advance of lodging a complaint against spam messages and unwanted phone calls from unregistered senders as part of its anti-spam practices.

In addition to simplifying the complaint process, TRAI has also expanded the reporting period from three days to seven days to improve user convenience in reporting violations, providing consumers with more flexibility in reporting complaints with essential details. To further strengthen consumer protection, TRAI has extended the complaint reporting window from three days to seven days, thus creating an environment of greater flexibility for users. 

There has been a significant reduction in the timeframe for telecom operators to respond to UCC complaints, which was previously 30 days, down to five days now. Further, the threshold for penalizing senders has been lowered as well, with only five complaints within ten days instead of the earlier benchmark of ten complaints within seven days, requiring penalties to be imposed. To improve accessibility and foster consumer engagement, the government is now requiring that mobile applications and official websites of telecom service providers prominently display complaint registration options as a means of promoting consumer engagement. 

Several regulatory initiatives have been taken to improve the accountability, transparency, and consumer-friendly nature of the telecommunications sector while also making sure the anti-spam directives are strictly followed. A stringent series of measures has been introduced by the Telecom Regulatory Authority of India (TRAI) to counter the rising threat of spam calls and to prevent malicious entities from misusing SMS headers and content templates to forward fraudulent or deceptive messages to subscribers. 

Several initiatives are being implemented by the TRAI that will ensure that consumer interests are protected and a safer and more transparent messaging environment is established. To ensure compliance with telemarketing regulations, TRAI has mandated strict penalties for entities making unauthorized promotional calls that violate telemarketing regulations. A violation of these terms can result in severe consequences such as the disconnection of all telecommunications resources for a period of up to two years, a blacklisting for up to two years, and a prohibition on acquiring any new telecommunications resources during the period of blacklisting. 

More than 800 entities and individuals have been blacklisted as a result of these measures, and over 1.8 million SIP DIDs, mobile numbers, and other telecommunications resources have been deactivated as a consequence. As a consequence, fraudulent commercial communications have been eliminated in large part. TRAI's directives call for access providers to list URLs, APKs, and links to OTTs within SMS content, and we have implemented this requirement with effect from October 1, 2024, to further enhance consumers' protection.

In an attempt to ensure consumer safety, a regulation moving forward will limit the use of links in text messages that have been verified and authorized by the user, thereby reducing the risk of consumers being exposed to harmful websites, fraudulent software, and other online risks. The '140xx' numbering series is further enhanced by migrating all telemarketing calls that originate from this series of numbers to the Distributed Ledger Platform (Blockchain) platform. In this way, the surveillance and control of telemarketing activities can be improved. 

There have also been advances in technical solutions being deployed by access providers to improve traceability to ensure that every entity involved in the message transmission, from the initial sender through to the final recipient, is accounted for within the chain of communication. Any traffic containing messages that omit a clearly defined chain of telemarketers and can be vverifiedor deviate from the pre-registered framework will be automatically rejected as of December 1, 2024. Several significant advancements are being made in regulatory oversight in the telecom sector as a result of these measures. Consumer protection is reinforced,d and accountability is enhanced within the industry as a result of these measures. 

To ensure that consumers have an easier and more convenient way to report unsolicited commercial communications violations, telecom service providers are required to prominently display complaint registration options on their official websites and mobile applications, making the complaint system more user-friendly and accessible for them. As part of this initiative, consumers will have the opportunity to easily flag non-compliant telemarketing practices, allowing the complaint process to be streamlined. Furthermore, service providers must provide consumers with a mandatory ‘opt-out’ option within all promotional messages to give them greater control over how they want to communicate. 

The new Consumer Rights Rule establishes a mandatory 90-day waiting period before marketers can re-engage users who have previously opted out of receiving marketing communication from a brand before re-initiating a consent request for them. By implementing this regulatory measure, the telecom industry will be able to protect consumers, eliminate aggressive advertising tactics, and develop a more consumer-centric approach to commercial messaging within its infrastructure.

It was announced yesterday that the Telecom Regulatory Authority of India (TRAI) has introduced stringent compliance requirements for access providers to make sure unsolicited commercial communications (UCC) are curbed more effectively. This new set of guidelines requires telecom companies to comply with stricter reporting standards, with financial penalties imposed on those companies that fail to accurately report UCC violations. 

According to the punishment structure, the initial fine of 2 lakh rupees for a first offence is followed by a fine of 5 lakhs for the second offence and a fine of 10 lakhs for subsequent violations. There has been a move by access providers to further enhance the level of regulatory compliance by mandating that telemarketers place security deposits that will be forfeited if any violation of telemarketing regulations occurs. A telecom operator may also be required by law to enter into legally binding agreements with telemarketers and commercial enterprises, which will explicitly define and specify their compliance obligations, as well as enumerating the repercussions of non-compliance. 

This means that reducing spam levels will be a major benefit for businesses while ensuring that they can communicate through authorized, transparent, and compliant channels, leading to a significant reduction in spam levels. TRAI aims to increase the consumer safety and security of the telecommunications ecosystem by enforcing these stringent requirements while simultaneously balancing regulatory oversight with legitimate business needs to engage with customers by the means approved by TRAI.
Read more »
Ransomwares
Cyber Security cyber threat Data Hackers Data Theft Huntress SMB Report Ransomware threats Ransomwares

Ransomware Tactics Evolve as Hackers Shift Focus to Data Theft

 

Ransomware groups are adapting their strategies to outsmart stronger cybersecurity defenses and increasing law enforcement pressure, according to the Huntress 2025 Cyber Threat Report. The findings reveal that attackers are moving beyond traditional encryption-based ransomware, instead focusing on data theft and extortion to bypass modern protections. 

In 2024, 75% of ransomware cases Huntress investigated involved remote access Trojans (RATs), allowing hackers to infiltrate systems discreetly. Additionally, 17.3% of incidents featured the misuse of legitimate remote management tools such as ConnectWise ScreenConnect, TeamViewer, and LogMeIn. This shift reflects a growing reliance on “living off the land” techniques, where attackers use trusted administrative tools to avoid detection. 

A significant trend noted in the report is that sophisticated tactics once reserved for targeting large enterprises are now common across businesses of all sizes. Huntress observed that cybercriminals are increasingly disabling or tampering with security software to maintain access and avoid detection, effectively closing the gap between attacks on major corporations and smaller organizations.  

Huntress’ analysis of over 3 million endpoints also revealed that nearly 24% of ransomware incidents in 2024 involved infostealer malware, while malicious scripts designed to automate attacks and evade security tools appeared in 22% of cases. Greg Linares, principal threat intelligence analyst at Huntress, states that ransomware groups must constantly evolve to survive in the competitive cybercrime landscape.

“If malware isn’t staying ahead of detection techniques, it becomes obsolete fast,” Linares explained. Another key insight from the report was the speed of modern ransomware campaigns. On average, the time from initial access to the delivery of a ransom demand — known as time-to-ransom (TTR) — was just 17 hours. Some groups, including Play, Akira, and Dharma/Crysis, were even faster, with TTRs averaging around six hours.  

Interestingly, Huntress noted a clear shift in ransomware tactics: rather than encrypting data, many attackers now opt to exfiltrate sensitive information and threaten to leak it unless a ransom is paid. This change is seen as a direct response to stronger ransomware defenses and increased law enforcement efforts, which led to the takedown of major groups like Lockbit. 

However, this shift presents new challenges for companies. While endpoint detection and ransomware protections have improved, the report points out that data loss prevention (DLP) measures remain underdeveloped. Linares noted that DLP solutions are often overlooked, especially in organizations with remote work and bring-your-own-device (BYOD) policies. These environments, he said, often lack the comprehensive monitoring and control needed to prevent data exfiltration. 

To stay ahead of these evolving threats, Huntress recommends that businesses not only strengthen their ransomware defenses but also implement more robust DLP strategies to protect sensitive data. As ransomware gangs continue to adapt, companies must be proactive in addressing both encryption and data theft risks.
Read more »
Subscribe to: Posts (Atom)