top of page

The CyberDiplomat Daily

Cybersecurity and Diplomacy News from Around the World

Date: 18th May 2024





Crackdown against fraudsters impersonating as policemen


On May 17, Telangana blocked 137 Skype IDs involved in cases of blackmail, extortion, and digital scams. The Indian Cyber Crime Coordination Centre (I4C) has been cracking down on these activities, resulting in over 1,000 Skype IDs, mule accounts, and mobile numbers being blocked. The Telangana State Cyber Security Bureau (TSCSB) has also been monitoring around 1,500 WhatsApp and virtual numbers, as well as over 500 mule accounts in three hotspots: Hyderabad, parts of Nirmal, and Cyberabad. Superintendent of Police Davender Singh mentioned that the investigation involves tracking the source of communication and following the money trail. Telangana has managed to freeze ₹2.8 crore involved in such cases in April. In April, out of 8,669 cyber crime cases reported in the State, 2,669 (30.79%) were related to impersonation, resulting in citizens losing ₹21.04 crore. The State gives priority to cases involving common cyber criminals who are involved in multiple cases and where the lost amount is higher. However, over 90% of the cyber criminals involved in cases registered in the State are from other parts of the country.




TSCSB Officials Save Woman from Falling Prey to Rs 60 Lakh Cyber Fraud


In a timely intervention, TS Cybersecurity Bureau (TSCSB) police stopped a fraudulent transfer of Rs 60 lakh to cyber criminals. Bureau director Shikha Goel said in a release on Friday that on May 15, a woman from Cyberabad received a call from an unknown number, claiming to be a police officer from Maharashtra. The caller accused her of being involved in a major money laundering offence. The caller said that a warrant was pending against her.




Cyber attribution: Do you really need to know?


Cyber attribution, identifying the perpetrator of a cyberattack, is complex and expensive. To investigate effectively, professionals need to identify Indicators of Compromise (IOCs), review previous attack reports, integrate Human Intelligence, and determine attribution reliability. It is crucial for large organizations, helping in prioritizing cybersecurity investments, enhancing supply chain protection, and supporting cyber research groups. Understanding when cyber attribution is essential will help allocate resources wisely and fortify defenses.




Punjab Police Cyber Crime division bust two fake call centers, 155 employees held


The Punjab Police Cyber Crime Division shut down two fake call centers in Mohali and arrested 155 employees for making fraudulent calls to people in the US. The callers duped foreign nationals by convincing them to purchase gift cards from retailers like Target, Apple, and Amazon. The gift cards were then redeemed by the kingpin or owner, who is currently on the run. Additional Director General of Police (Cyber Crime) V Neeraja stated that after receiving intelligence inputs, police teams raided the call centers and arrested 155 employees. Out of the 155 arrested, 18 employees were taken on police remand, while the rest were sent on judicial remand.



US SEC updates rules to combat cyber-theft of customer data


Wall Street's top regulator has updated rules to ensure investment companies and others detect and respond to hackers' theft of customer data. The changes, approved unanimously by the U.S. Securities and Exchange Commission, apply to rules first adopted in 2000. Under the changes, broker-dealers, investment companies, and others are required to maintain incident response programs to detect and respond to cyber-theft of customers' personal data and notify affected individuals. Companies affected by the rules will have to come into compliance 18 months to two years from the date the changes appear in the Federal Register, according to the agency.




Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks


The Kimsuky (Springtail) APT group, linked to North Korea's Reconnaissance General Bureau, has been using a Linux version of its GoBear backdoor in a campaign targeting South Korean organizations. The backdoor, named Gomir, is almost identical to GoBear, sharing extensive code. It supports 17 commands, enabling file operations, reverse proxy, and more. The malware is distributed through trojanized security programs and rogue installers for Wizvera VeraPort. This campaign highlights the preference for software installation packages as infection vectors for North Korean espionage actors.




Hyderabad: SBI launches cyber security awareness drive


A cyber security awareness drive was launched by SBI, Hyderabad Circle, aiming to raise public awareness about cybercrimes and promote the use of the cyber crime helpline number 1930 and reporting portal www.cybercrime.gov.in. The event, attended by senior management and staff, highlighted the importance of cyber security in preventing financial cyber frauds and emphasized the need for awareness programs to help individuals recognize and avoid cyber threats.



Unexpectedly, the cost of big cyber-attacks is falling


Last October, Anne Neuberger, America’s top cyber official, issued a dire warning. She stated that cybercrime would cost the world more than $23 trillion by 2027, up from $8.4 trillion in 2022. More recently, the IMF noted that cyber-attacks have doubled since the COVID-19 pandemic. The fund stated that "The risk of extreme losses from cyber incidents is increasing," and that these incidents could even pose "an acute threat to macrofinancial stability." However, data collected by Tom Johansmeyer of the University of Kent, a former senior executive at Verisk, an insurance-data firm, suggests that the truth is more complicated. In an analysis first published by Binding Hook, a website focusing on cyber issues, Mr. Johansmeyer considers the case of NotPetya, a Russian attack on Ukraine in 2017 designed to delete data, which inadvertently spread around the world and caused more than $10 billion worth of damage.



Programme on adapting cyber legislations organised in Ganderbal


Government Degree College Ganderbal organized a lecture on “Adapting Cyber Legislations: Addressing Challenges & Solutions” by Dr. Aneeda Jan, Assistant Professor (Law) at the University of Kashmir. The lecture highlighted the need for cyber law and discussed its importance in addressing cybercrimes. Dr. Aneeda also outlined jurisdictional challenges and possible solutions. The principal emphasized the role of educational institutions in promoting awareness of cyber legislation.



NATO Deputy Secretary General: we must be big on cyber defence ambitions


At the NATO 2024 Cyber Defence Pledge Conference in the Hague, NATO Deputy Secretary General Mircea Geoană emphasized the need for greater ambition in cyber defence and called for a new mindset to strengthen resilience against cyber threats. He highlighted the increasing use of cyber and hybrid operations by adversaries and stressed the importance of civil-military cooperation and closer collaboration with the tech industry. The conference, co-hosted by the Netherlands and Romania, also saw the participation of eighteen NATO partner countries for the first time.




The week in GRC: Cyber-threats increase for companies over the past year and Supreme Court says CFPB funding structure is legal


The Wall Street Journal (paywall) reported that 90% of companies surveyed said cyber-security risks increased over the past year. Shareholders at Equinor's AGM rejected a proposal to align the company's strategy with global climate goals. The Norwegian government, which holds a 67% stake, voted against the resolution. Equinor's board stated that the company is already taking sufficient action to address climate goals.





HITRUST and Trium Cyber introduce exclusive cyber insurance


Trium Cyber has partnered with HITRUST to offer an exclusive cyber insurance product to HITRUST-certified customers. This collaboration aims to address the complexities and disparities in the cyber insurance sector. The partnership allows underwriters to leverage HITRUST’s assessment findings through its Results Distribution System (RDS), streamlining the underwriting process for enhanced efficiency and security.



Aussie cops probe MediSecure's 'large-scale ransomware data breach’


Australian prescription provider MediSecure fell victim to a ransomware attack, resulting in the theft of patients' personal and health data. The company suspects the attack originated from a third-party vendor. The Australian government is investigating the breach. In a similar incident, Australian health insurer Medibank experienced a ransomware attack in late 2022, compromising data belonging to nearly 10 million customers. These incidents highlight the urgent need to protect sensitive medical information.




New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs


The report also analyzes differing cybersecurity risks across industries. Industries with a greater number of entities (potential attack points) tend to have more vulnerabilities. Healthcare, for example, has 5 times the exposure of Energy and Utilities. However, the key risk metric is the proportion of exposures that threaten critical assets. Here, the picture flips. Transportation and Energy have a much higher percentage of critical exposures, despite having fewer overall vulnerabilities. This means they hold a higher concentration of critical assets that attackers might target. The takeaway is that different industries require different security approaches. Financial firms have more digital assets but a lower critical exposure rate compared to Energy. Understanding the industry-specific attack surface and the threats it faces is crucial for an effective cybersecurity strategy. 



98% Indian cos fall prey to cyber scammers: Report 


According to a report by US-based cybersecurity firm Rubrik, a survey revealed that a majority of Indian companies’ IT and security leaders admitted to losing sensitive information in 2023. The survey found that 69% of Indian IT and security leaders reported that SaaS had the most malicious cyber activity in 2023. Additionally, 98% of Indian IT and security leaders experienced the loss of sensitive information in 2023, and 55% reported that their companies paid a ransom due to data extortion threats. The report is based on research by Rubrik Zero Labs, which combined telemetry data across its customer base of over 6,100 organizations with findings from a survey conducted by Wakefield Research of more than 1,600 IT and security decision-makers at companies with 500 or more employees.




Nigeria making progress in fight against cyber security – Experts


Experts at Exclusive Networks, a global cybersecurity firm, are optimistic about Nigeria's progress in fighting cyber threats. The company recently opened a regional office in Lagos, Nigeria, reflecting its commitment to the region. The Managing Director highlighted the increasing threat of ransomware attacks and the company's dedication to providing cybersecurity products and services in Nigeria. The CEO of TigerLogic Africa commended Exclusive Networks for supporting the region's growth and expressed confidence in the new office's potential to enhance their partnerships.





Santander reports customer, employee data breach in Spain, Chile, Uruguay


Spanish bank Santander (SAN.MC) reported that some customer and employee data in a database hosted by an outside provider was accessed by an unauthorized party. The bank's operations were not affected, and no transaction data or credentials were compromised. Santander is taking measures to contain the incident and has notified regulators and law enforcement. The bank is also working closely with affected customers. Last month, the International Monetary Fund expressed concerns about rising cyber threats to financial stability.




China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT


Cybersecurity researchers have uncovered a remote access trojan (RAT) known as Deuterbear, used by the China-linked BlackTech hacking group in a cyber espionage campaign targeting the Asia-Pacific region. This RAT, similar to Waterbear, shows advancements in capabilities such as support for shellcode plugins and using HTTPS for C&C communication. BlackTech has been active since 2007 and uses various aliases. The group has historically used Waterbear but has also deployed an updated version called Deuterbear since October 2022. Waterbear is delivered through a patched legitimate executable using DLL side-loading. The RAT module is fetched twice from the attacker-controlled infrastructure. The first instance loads a Waterbear plugin, while the second functions as a backdoor, harvesting sensitive information through a set of 60 commands. The infection process for Deuterbear is similar to that of Waterbear, but with some tweaks. Deuterbear RAT is a more streamlined version of its predecessor, retaining only a subset of the commands in favor of a plugin-based approach to incorporate more functionality. Both Waterbear and Deuterbear continue to evolve independently, rather than one simply replacing the other.


3 views0 comments

Recent Posts

See All

Comments


bottom of page