The Chhattisgarh

Tag: cybersecurity

  • Security Alert for Google Chrome Users! Govt Issues High-Severity Warning; Here’s How to Stay Safe |

    New Delhi: Google Chrome users in India have received a high-security warning from the Cybersecurity watchdog Indian Computer Emergency Response Team (Cert-In). Amid multiple vulnerabilities discovered in Google Chrome. the government has ordered Indian users to update their browsers with the latest security update that Google rolled out earlier this month.

    Notably, Google Chrome users can update their browsers to version 127.0.6533.99/.100 (for Windows and Mac) and 127.0.6533.99 (for Linux) to prevent themselves from being affected by this security flaw. 

    As per the latest security warning, Chrome users on desktops or PCs should exercise extreme caution when clicking on suspicious emails or downloading files from untrustworthy links.

    Recently, the cybersecurity agency also issued a warning for users using Android smartphones powered by Qualcomm and MediaTek chipsets. It noted that the impacted smartphones are operating on Android versions 12, 12L, 13, and 14. 

    Moreover, a “severe” warning was also issued to Apple users who own iPhones, iPads, Macs, and more regarding multiple vulnerabilities by the cybersecurity agency.

    Google has confirmed that the security update has already been released to stable users on Windows and Mac, while Linux users can expect to receive the update in the coming days or weeks.

  • Got Traffic e-Challan Message On WhatsApp? Check How Vietnamese Threat Actors Are Targeting Indian Users |

    Bengaluru: A highly technical Android malware campaign by Vietnamese hackers is targeting Indian users through fake traffic e-challan messages on WhatsApp, according to a report on Wednesday. 

    Researchers from CloudSEK, a cybersecurity firm, identified the malware as part of the Wromba family.

    It has infected more than 4,400 devices and led to fraudulent transactions exceeding Rs. 16 lakh by just one scam operator, they said.

    “Vietnamese threat actors are targeting Indian users by sharing malicious mobile apps on the pretext of issuing vehicle challan on WhatsApp,” said Vikas Kundu, Threat Researcher, CloudSEK.

    Scammers are sending fake e-challan messages impersonating the Parivahan Sewa or Karnataka Police and tricking people into installing a malicious app.

    The app steals personal information and also facilitates financial fraud.

    Clicking the link within the WhatsApp message would lead to the download of a malicious APK disguised as a legitimate application.

    Once installed, the malware requested excessive permissions, including access to contacts, phone calls, SMS messages, and the ability to become the default messaging app.

    It then intercepts OTPs and other sensitive messages, which enables attackers to log in to victims’ e-commerce accounts, purchase gift cards, and redeem them without leaving a trace.

    Kundu explained that once the app gets installed, it extracts all the contacts to scam more users.

    Further, all the SMSes will be “forwarded to the threat actors thus allowing them to log in to various e-commerce and financial apps of the victim,” he added.

    Using proxy IPs, the attackers avoid detection and maintain a low transaction profile.

    Using the malware, attackers have accessed 271 unique gift cards, conducting transactions worth Rs 16,31,000, according to the report.

    Gujarat has been identified as the most affected region, followed by Karnataka.

    To protect against such malware threats CloudSEK urged users to stay vigilant and adopt security best practices installing apps only from trusted sources like Google Play Store; limiting app permissions and regularly reviewing them, maintaining updated systems, and enabling alerts for banking and sensitive services.

  • Cop Connect Café: Zscaler And ISAC Foundation Unveil New Cybersecurity Unit In Bengaluru’s DSATM | Internet & Social Media News

    In a bid to tackle the rising cybercrime issues in India, Zscaler, a leading cybersecurity firm, and ISAC Foundation, a non-profit organisation in cybersecurity, have launched the ‘Cop Connect Café’ at Dayananda Sagar Academy of Technology & Management (DSATM) in Bengaluru. This venture, part of Zscaler’s Corporate Social Responsibility (CSR) program, is aimed at promoting cyber hygiene and security within communities around the world.

    The recent inauguration of the new café in Bangalore will offer the community a secure environment to receive expert help and advice on cyber fraud issues. The café integrates a team of cyber psychologists, technical specialists, and legal consultants to provide comprehensive, personalized support to those affected by cybercrimes.

    Speaking at the event, Karnataka High Court Judge H.P. Sandesh highlighted the café’s role in providing immediate help to cybercrime victims and emphasized the importance of using technology to prevent cybercrimes. 

    In partnership with ISAC, the café aims to develop a strong cybersecurity network in the region by empowering individuals with the knowledge, training, and assistance required to counteract online threats. Additionally, the café will organize general cybersecurity awareness sessions and establish women safety clubs to enhance cyber hygiene within colleges.

    Vishal Gautam, Vice President of Engineering and Site Managing Director at Zscaler, underscored the significance of cybersecurity awareness and hygiene in India, likening it to the Swachh Bharat Abhiyan cleanliness initiative. He stressed the necessity of collaboration between the public and private sectors to address the escalating cyber-attack threats.

    Rajshekhar P, Founder Director of ISAC, pointed out that while cybersecurity awareness and cybercrime first aid are fundamental to Cop Connect Café, tools like the Hacked Or Not Kiosk (HONK) play a crucial role in safeguarding individuals and their internet-connected devices.

    ISAC Foundation works with CERT-IN, AICTE, and the Ministry of Education to bolster India’s cybersecurity landscape. Zscaler is actively investing in setting up Cop Connect Cafés in educational institutions nationwide. These cafés offer a specialized space for the public and students to obtain expert assistance and support in dealing with cyber fraud incidents.

  • Beware Of Calls Impersonating DoT, Threatening To Disconnect Mobile Numbers; WhatsApp Calls Starting With +92

    The DoT has cautioned on misuse of mobile numbers, WhatsApp calls from foreign origin mobile numbers (like +92-xxxxxxxxxx) impersonating Government officials.
     

  • End-User Spending On Security, Risk Management To Reach $2.9 Billion In India: Reports

    Indian firms will enhance their security budget owing to legacy IT modernisation using cloud technology, industry demand for digital platforms, updated regulatory environment, and continuous remote/hybrid work.

  • Safeguarding India’s Digital Frontier: Unveiling Ransomware Challenges And Cybersecurity Strategies |

    The global expansion of the technology ecosystem has led to a significant rise in cybersecurity challenges. India, too, faces these challenges, underscoring the crucial need for robust measures and collaborative initiatives to ensure the safety, integrity, and continual growth of our cyber ecosystem.

    Recent findings from the Data Security Council of India (DSCI), an active consortium of cybersecurity ecosystem participants, reveal a projected demand for 64,000 cybersecurity professionals in India. The DSCI anticipates a substantial increase in the demand for cybersecurity products and services, expecting the workforce to grow from 1.10 lakh employees in 2019 to over 10 lakh employees by 2025-26. Despite the rising demand and salaries in the cybersecurity industry, a notable concern is the projected 30% demand-supply gap by the end of 2023.

    The alarming gap in the cybersecurity workforce isn’t confined to national borders but spans globally, reaching an impressive 4.7 million by 2023. Despite this, the workforce gap has notably widened, experiencing a substantial 26.2% year-on-year increase in 2022. This underscores the pressing need to urgently address and narrow the expanding imbalance within the cybersecurity workforce.

    Ransomware attacks have become increasingly common. When asked why they predominantly affect SME and MSME sectors, Kaushik Ray, COO of WhizHack Technologies, explained, “The SME and MSME sector, lacking regulation, face heightened cyber threats. Sophos’ report reveals that 83% of targeted organizations have under 1,000 employees, with missing logs in 42% of attacks. Despite holding valuable data, limited resources and a false sense of security make them vulnerable. The improved cybersecurity infrastructure is evident in a 44% decrease in ransomware ‘dwell time.’ However, with the rising sophistication of attacks, SMEs, adopting technology at just 36%-37%, remain at risk. A crucial shift in mindset and substantial technology adoption is necessary for robust cyber defense.”

    With each passing day, hackers are advancing their techniques in tandem with technology. It raises the question of whether there’s a standard module or if hackers employ diverse techniques to target businesses. Ray said, “These attacks evolve constantly, with hackers keenly aware of defense levels. They possess a well-developed playbook to navigate defenses. SMEs are especially vulnerable to spam, phishing, DDoS attacks, ransomware, and corporate account takeovers. As MSMEs shift to the cloud for digital transformation, the risk of cyberattacks on cloud services increases. Security experts note that smaller organizations using Infrastructure as a Service (IaaS) are particularly susceptible to cyber extortion attempts, where ransomware encrypts files, demanding payment for decryption keys.”

    Regarding the sophistication of ransomware attacks, he said, “India has faced a surge in state-sponsored attacks, a concern we’ve highlighted since our inception. Over the last three years, these attacks have increased by 278%. State-sponsored attacks inherently possess complexity and sophistication. Until September, service companies in India, particularly in IT and BPO, reported the majority of these incidents. The same report notes a 460% increase in attacks on government agencies and a 508% rise in the SME sector. Ransomware attacks are proliferating in the cybersecurity sector, evolving beyond existing defenses. The most severely impacted and vulnerable is the SME sector. Modern cyberattacks utilize advanced tactics, circumventing traditional malware detection and operating within the intricacies of their targets’ environments, aiming to steal data, install ransomware, encrypt data, and cause widespread disruption.”

    It’s evident that the cyber attacks on MSMEs and SMEs are very common now and affect the entire economy at a large scale. Kaushik believes that India’s position is not very good. The WhizHack COO further said, “Once again, based on the numbers, globally, state-sponsored attacks stand at 68%, while India stands at 72%. Many Indian SMEs, integral to the nation’s growth, face heightened susceptibility to global ransomware attacks, exposing them to risks such as service disruptions, delivery delays, and significant financial losses. To address these threats, organizations need to proactively prepare and establish recovery strategies in anticipation of potential attacks. There is a significant dependency on threat countermeasures and reactive approaches, such as firewalls and anti-malware software, which are proving insufficient against increasingly sophisticated attacks. Simple yet cost-effective practices, which organizations often overlook, need to be implemented. The starting point is creating awareness.”

    Talking about how vulnerable the MSME and SME sectors are to these cyber attacks, the WhizHack COO added, “Ransomware attacks have affected a significant portion of respondents in the last two years, with 73% reporting an incident. Among those affected, 28% admitted to paying the ransom, while an additional 42.5% acknowledged the possibility of considering such payments. Cybercriminals are now also attempting to exfiltrate intellectual property from companies, victimizing industries like BFSI, Chemicals, Automobiles, Airlines, and Food & Beverage. A study revealed that industries considering ransom payments include Construction (74%), Technology (51%), and Energy (43%). Regarding the impact on specific sectors, Legal (92%), Financial Services (78%), Manufacturing (78%), and Human Resources Services (77%) were most likely to have experienced ransomware attacks. Construction companies, in particular, may find themselves compelled to pay due to potential losses of crucial plans, disrupting large contracts, and jeopardizing deadlines and downstream projects. In terms of impact, the Manufacturing and Technology industries ranked highest for ransomware incidents, with Retail and Wholesale experiencing a notable increase in victims throughout the year, rising from 9th place to the top three.”

    Now it is a fact that the government’s involvement and policy efforts have a significant ability to improve the susceptibility of Small and Medium-sized Enterprises (SMEs) to ransomware. Yet, the effectiveness of these actions depends on how carefully they are put into practice, how easily they are accessed, and how well they address the specific challenges faced by the sector. A well-thought-out and complete plan that includes these elements can greatly strengthen SMEs against ransomware attacks.

    Government involvement and strategic policies can significantly enhance SME resilience against ransomware. Meticulous implementation, accessibility, and tailored solutions are crucial. “To initiate this process, providing financial support for cybersecurity measures, implementing training and awareness programs, establishing regulatory standards and compliance support, offering incident response and recovery assistance, and fostering collaborative information sharing are essential components,” he suggests.

    There’s a significant need for an approach that equips the sector to confront and mitigate the threat of ransomware more effectively. It is high time when it must accelerate technology adoption, necessitating a mindset shift. “Addressing naivete, a lackadaisical cyber defense approach, and distrust is imperative. Adopting best practices is crucial, including employee training, robust password use, Multi-factor Authentication (MFA), regular software updates, and investing in effective Firewalls and Antivirus Software. Continuous technology review and updates are essential, as cybersecurity is an ongoing commitment. Like a virus, cyber threats evolve, demanding a proactive defense. Well-planned data backup mechanisms and regular cybersecurity drills are equally vital, akin to fire drills.”, says Kaushik Ray.

    WhizHack Technologies, a 100% Make in India firm, offers services and solutions to businesses to mitigate ransomware-related vulnerabilities and is actively making changes to enhance the integrity of its services. 

    “By simulating a ransomware attack, one can not only enhance awareness of ransomware security within a company but can also assess the effectiveness of systems in preventing and detecting ransomware, and provide customized advice to improve overall defense against ransomware. This simulation involves a proactive and controlled exercise designed to replicate a genuine ransomware attack in a secure setting. It serves as a deliberate test by organizations to assess their preparedness and response to a simulated cyber threat without causing any actual harm to their systems or data,” said Ray.

    It is believed to a large extent that cybersecurity is very expensive, which is why the SME sector players have been fence-sitters in adopting and upgrading their cyber defense. It is good that Swadeshi companies are working to help the MSME and SMEs by building a safe cyber-ecosystem and software in India.

  • Android Users Beware: ‘Chameleon’ Malware Poses Serious Threat – Read Details |

    New Delhi: In the ever-evolving landscape of online threats, a new menace has emerged targeting Android users. Dubbed ‘Chameleon,’ this malware goes beyond the typical deceptive tactics, disguising itself as trusted apps like Google Chrome.

    The danger lies not only in its ability to breach device security but also in its sinister mission to pilfer sensitive financial data, including crucial bank account passwords. (Also Read: Bengaluru Engineer Falls Victim To Bitcoin Investment Scam; Loses 95 Lakhs)

    Recent research by ThreatFabric reveals that ‘Chameleon’ is not a newcomer; it has been circulating for approximately a year. However, recent enhancements by cybercriminals have elevated its sophistication, employing an HTML trick that easily bypasses a user’s device security, granting access to vital information. (Also Read: Home Loan Benefits For Women In India: Check What Advantage They Can Avail)

    What sets ‘Chameleon’ apart is its distribution method through Zombinder, enabling it to linger undetected while users innocently engage with everyday apps like Google Chrome. Alarmingly, this malware can effortlessly circumvent device biometrics, as highlighted in the findings by ThreatFabric.

    The potential consequences are severe. ‘Chameleon’ not only steals personal data but leverages it to gain unauthorized entry to bank accounts, leading to financial losses and compromising personal information.

    To safeguard against this threat and avoid the risk of losing both money and digital identity, users are urged to exercise extreme caution.

    The primary defense against such malware is to refrain from downloading apps and APKs from unverified sources, particularly those promising premium apps for free.

    Downloading from random websites poses long-term challenges and can result in more harm than good. Therefore, it is crucial to avoid downloading any official app from unfamiliar links or suspicious-looking websites.

    An additional layer of protection comes from enabling Google’s Play Protect, a built-in tool that significantly contributes to the safety of Android devices. By taking these precautions, users can fortify their defenses against the evolving threat landscape and ensure a safer online experience.

  • Bengaluru Techie Loses Rs 68 Lakh While Trying To Sell Bed Online In OTP Scam |

    New Delhi: In another OTP Scam incident, an engineer hailing from Bengaluru lost a whopping Rs 68 lakh while he was trying to sell his bed online, as per media reports.

    A report in The Times Of India said, the 39-year-old engineer was looking to sell his bed on OLX and posted an advertisement for the same. A person, who claimed to be a store owner from a furniture store called him up and agreed to buy the used bed for Rs 15,000. However, the person expressed inability to make UPI transaction, citing some error at his end. This is when the harrowing scam unfolded.

    The techie was asked by the buyer to send him Rs 5, for which the latter sent Rs 10. Then he was asked to send Rs 5,000 for which the person returned Rs 10,000. Then he was asked to send Rs 7,500 for which the person claimed that sent Rs 30,000 by accident. The fraudster then asked the techie to return the money using a link and share OTP. Once the engineer fell into the OTP trap, he began losing his money to the tune of Rs 68 lakh.

    Notably, banks, NCPI and RBI have repeatedly warned customers stating that is incredibly important never share One-time password with anyone. Users must use it only if you are in the process of placing an order, and on a trusted website or app. 

    However, if you have received an OTP that you haven’t initiated, it is important to change your account passwords immediately and notify your bank about this unauthorized transaction.