| |
|
|
|
|
|
|
|
|
|
|
Dear Cyber Pulse Readers,
As we turn the page from an eventful 2024, the trends indicate that cybersecurity is no longer a reactive posture but a dynamic, ongoing pursuit. These are times when technology has seamlessly woven itself into every aspect of our lives, and the announcement of the Indian government’s allocation of over ₹1,900 crores in its Union Budget 2025 dedicated to cyber security is a step to bolster the nation’s commitment to strengthening its digital journey ahead.
The past year taught us that cyberattacks are now more targeted, more ingenious, and more impactful than ever. In particular, the wave of supply chain attacks served as a wake-up call, exposing vulnerabilities not just within organizations but also across their broader ecosystems.
Yet, even as adversaries refine their tactics, let’s strengthen our defenses and enhance our understanding of their methods. By staying informed and adaptable, we can continue to strengthen our security posture and effectively counteract their threats. In this edition of 2025, we dissect the biggest lessons from 2024 and share strategies to navigate the future. We also feature a major highlight of 2024 - the supply chain attacks. If there’s one takeaway from the past year, it’s that cybersecurity is not a static goal—but a continuous journey.
Above all, 2025 calls for a resolute commitment to staying a step ahead—a mindset that embraces new learning, anticipating emerging risks, and investing in robust defenses. As we stand at the cusp of another transformative year, let us pledge to forge a safer digital ecosystem for businesses, citizens, and governments alike. Here’s to a secure and resilient 2025!
Sincerely,
Santhosh George
CEO, ReBIT
|
|
|
|
|
|
|
|
|
|
While we start out on a new year and bid farewell to another year, it's essential to take a moment and reflect on the evolving cyber threat landscape and prepare ourselves for what lies ahead. Firstly, let us acknowledge the continued growth of cybercrime throughout 2024. Ransomware attacks reached an all-time high, with organizations across various industries paying millions in ransoms. Phishing scams became more sophisticated, often using AI and machine learning techniques to bypass even the most advanced email filters. Now, let's turn our gaze towards the future. The cyber threat landscape in 2025 promises to be more complex and sophisticated than ever before.
Here are some trends that will shape the cybersecurity landscape:
High Sophistication: Hackers continue to develop advanced techniques such as AI-powered attacks, zero-day exploits, and deepfakes. Organizations need to stay informed about these emerging threats and invest in cutting-edge technologies and expertise to protect themselves.
Expansion of Attack Surfaces: With the rise of IoT devices, cloud services, and remote workforces, the attack surface continues to expand. It's crucial for organizations to adopt a holistic approach to cybersecurity, securing each endpoint and ensuring strong access controls.
Armor of Multiskilled Teams: To combat advanced threats, organizations require multiskilled teams capable of handling various aspects of cybersecurity. This includes security engineering, threat intelligence, vulnerability management, and incident response.
Proactive Cybersecurity Posture: Reactive cybersecurity measures are no longer sufficient. Organizations must adopt a proactive approach to cybersecurity by investing in continuous monitoring, threat hunting, and predictive analytics.
Supply Chain Attacks: In today's interconnected world, products are assembled through complex global supply chains involving numerous countries and third-party vendors. This intricate web of relationships brings immense benefits but also introduces new risks, particularly from supply chain attacks.
Global Co-operation: Cybersecurity is a global issue that transcends borders. International cooperation among governments, industry associations, and private organizations is necessary to address common threats and establish best practices, making it easier across the world to stay safe and ahead of the curve.
It’s a fast-changing cyber world in 2025 and will present significant challenges for organizations as a business necessity. However, by embracing a collaborative approach to cybersecurity, focusing on multiskilled teams, and adopting a proactive cybersecurity posture, businesses can effectively mitigate risks and safeguard their digital assets.
|
|
|
|
Sources:Link
When AI Met Cyber Crime in 2024 | A Double-Edged Sword
In 2024, AI had become an integral part of cybersecurity defenses. Machine learning algorithms were employed to analyze vast amounts of data, identify patterns, and predict potential threats before they could cause harm. These advanced systems proved highly effective against known malware and zero-day attacks, providing a significant advantage to businesses and governments worldwide. As we move forward, it becomes crucial to strike a balance between embracing innovation and addressing the associated challenges.
Here are some of the most significant AI-powered threats that organizations faced last year:
AI-Driven Phishing Attacks: AI is increasingly being used to launch highly personalized phishing attacks. Cybercriminals are using machine learning algorithms to analyse personal information from social media and other public sources to craft convincing emails, making it harder for individuals to distinguish legitimate communication from malicious ones.
Ransomware as a Service (RaaS): Ransomware attacks continue to rise, but attackers are now offering "ransomware as a service." Using machine learning models, cybercriminals can more easily target vulnerable systems and launch attacks with minimal effort. These services democratize cybercrime, allowing even those with little technical expertise to carry out devastating attacks. Traditional antivirus software struggled to keep up with these rapidly mutating threats, leaving many organizations vulnerable.
Deepfake Technology in Social Engineering: Another concerning trend was the use of AI for social engineering attacks. Deepfake technology, which uses AI to create hyper-realistic fake videos and audio, is being weaponized to conduct social engineering attacks. Cybercriminals can impersonate high-level executives or other trusted individuals, manipulating employees into disclosing sensitive information or transferring funds. Chatbots programmed with natural language processing capabilities were deployed to engage victims in lengthy conversations, gathering sensitive information through deception and manipulation.
Targeting Critical Infrastructure with AI-Powered Attacks: As critical infrastructure becomes more connected; adversaries are using AI and ML to exploit vulnerabilities. In 2023, attacks against energy grids and water systems utilized automated AI scripts to carry out sustained attacks, aiming to disrupt service or cause physical damage.
Best Practices and Essential Controls
To withstand the ever-evolving landscape of cyber threats, organizations must implement best practices that combine technology, processes, and people. Here are key dos and don’ts, along with essential controls:
Do’s
- Adopt AI and ML-based security tools to proactively detect and mitigate threats in real time.
- Prepare for a post-quantum world by exploring and adopting quantum-resistant encryption algorithms.
- Implement multi-factor authentication (MFA) to reduce the risk of unauthorized access.
- Educate employees on AI-powered phishing tactics and other social engineering attacks to prevent breaches.
- Deploy AI-driven threat detection systems to identify suspicious activities faster and more accurately.
- Encrypt sensitive data with strong, post-quantum cryptography methods to protect against future quantum threats.
- Regularly back up critical data and ensure you have a tested incident response plan in place to recover quickly from attacks.
Don’ts
- Don’t delay security updates—especially for software that may be vulnerable to AI-powered exploits.
- Don’t ignore the risks posed by third-party vendors—they are often a weak link in the security chain.
- Don’t neglect the need for continuous monitoring of systems, especially in the face of advanced AI-driven cyber threats. Controls:
|
|
|
|
|
|
|
|
Governance
New EU cybersecurity rules set to bolster compliance
The European Union's Digital Operational Resilience Act (DORA) commenced recently, with stricter cybersecurity regulations for financial services institutions and their technology providers. This new legislation aims to bolster IT systems against cyberattacks and disruptions. Under DORA, financial firms must implement robust IT risk management, regular testing, threat intelligence sharing, and third-party risk management measures. These rules aim to create an industry that can withstand potential cyber incidents and maintain business continuity.
Read more
UK Govt publishes a new Code of Practice for secure AI
The UK government DSIT has developed the voluntary Code with the intention that it will form the basis of a new global standard for secure AI through the European Telecommunications Standards Institute (ETSI), which will set baseline security requirements. The scope of the Code is focused on “AI systems”, including systems that incorporate deep neural networks such as generative AI. It sets out cyber security requirements for the lifecycle of AI, which it has separated into five phases: secure design, secure development, secure deployment, secure maintenance and secure end of life.
Read more
Cyber Crime
Online suspect registry prevents financial losses of Rs 1,800 crore
Launched under the Ministry of Home Affairs (MHA), three months ago, the online 'suspect registry' contains data of 1.4 million cybercriminals linked to financial fraud and other cybercrimes. The registry, developed by the Indian Cyber Crime Coordination Centre (I4C), has since its inception helped prevent over 6 lakh fraudulent transactions worth Rs 1,800 crore. Central and state investigative agencies have access to this registry, enabling them to effectively combat cybercrimes.
Read more
UN General Assembly adopts Global Treaty to Combat Cybercrime
The UN General Assembly adopted the Convention against Cybercrime, a legally binding agreement aimed at enhancing global cooperation in combating cyber threats. The result of five years of work by members of the commercial sector, academia, cybersecurity specialists, civil society, and UN Member States, the pact emphasizes online human rights protections while establishing a framework for victim protection, criminal prevention, and cross-border evidence exchange.
Read more
|
|
Cyber Security
New UK cyber monitoring Centre to introduce classification of attacks
The Cyber Monitoring Centre (CMC), a UK-based project, has started its work to declare and classify systemic cyber attacks using a unique scale. Initially a joint project between law firm Weightmans and insurer CFC, the CMC aims to help organizations understand the nature of systemic security incidents with widespread impacts. The project's results will be freely available to all security risk owners, helping them better understand the nature of systemic cyber attacks and learn from their impact.
Read more
India gets ₹1,900 crore for cybersecurity in 2025 Budget
The Union Budget for 2025 has designated more than ₹1,900 crore for cybersecurity initiatives and projects, marking an increase from the ₹1,600 crore set aside in the last budget. The National Mission on Interdisciplinary Cyber-Physical Systems saw a significant enhancement, being allocated ₹900 crore, a notable rise from ₹564.46 crore in 2024. This boost in funding is in line with the government's commitment to address cyber threats.
Read more
Malware / Ransomware
SparkCat Malware Target Cryptocurrency Wallets in Apps Store
A new malware campaign called SparkCat has stolen victims' mnemonic phrases linked to cryptocurrency wallets by using a series of fake apps available on Google's and Apple's app stores. This The attack also called as wallet drainer attack, uses an optical character recognition (OCR) model to exfiltrate specific images from photo libraries that contain wallet recovery phrases to a command-and-control (C2) server. While some of the apps seem to provide genuine functionality, others pose as Web3 apps, food delivery apps, and artificial intelligence (AI) apps.
Read more
Browser Syncjacking attack compromises Chrome extensions
A novel assault known as 'Browser Syncjacking' reveals the potential to exploit an apparently harmless Chrome extension to seize control of a target's device. This newly identified technique, found by security experts at SquareX, encompasses multiple phases, including the hijacking of Google profiles, manipulation of the browser, and ultimately, the takeover of the device. Although the process involves several stages, the attack remains discreet, necessitates only slight permissions, and requires nearly no engagement from the victim beyond installing what seems to be a genuine Chrome extension.
Read more
|
|
|
|
|
|
|
|
|
|
|
|
What is Supply Chain Security?
Supply chain security refers to the strategies and measures implemented to protect an organization's supply chain from risks, threats, and vulnerabilities. Supply chain attacks occur when an attacker infiltrates a system through a third-party provider or partner that has access to your data and systems. By compromising the third party's defenses or inserting malicious code into their products, the attacker can gain access to your network, applications, or sensitive data. This type of attack can impact large companies, governments, and even entire industries by exploiting vulnerabilities in the software supply chain.
High Strike Rate
- Starbucks (November 2024): Starbucks experienced operational challenges due to a ransomware attack on Blue Yonder, a supply chain software provider. The attack disrupted Starbucks' ability to process employee schedules and payroll, forcing store managers to use manual processes.
- Okta (October 2023): Okta's support management system was compromised by threat actors who gained unauthorized access to private customer data. The attackers used stolen credentials to infiltrate the system and downloaded a report containing names and email addresses of Okta's customers.
- SiSense (April 2024): attackers compromised SiSense's software, gaining access to their GitLab code repository and exfiltrating several terabytes of customer data stored in Amazon S3 buckets. This breach affected numerous organizations using SiSense's business intelligence tools, exposing millions of access tokens, email account passwords, and SSL certificates.
Supply Chain Security Best Practices
- Risk Assessment: Regularly identify and assess potential risks and vulnerabilities within your supply chain.
- Supplier Vetting: Carefully evaluate and select suppliers and third-party partners based on their security practices and compliance with industry standards.
- Access Controls: Implement strict access controls and follow the principle of least privilege to limit access to sensitive data and systems.
- Data Encryption: Use strong encryption to protect data at rest and in transit.
- Network Segmentation: Divide networks logically to isolate sensitive information and prevent lateral movement of threats.
- Monitoring and Auditing: Continuously monitor and audit the supply chain to detect and respond to security incidents.
- Software bill of materials (SBOM): It is a standardized inventory of software components, including their versions, dependencies, and sources aiding in detecting vulnerabilities, malicious code, and unauthorized changes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Cyber Strike is a section dedicated to providing you with a summary of the most significant cyber-attacks that occurred over the past month. With the increasing prevalence of technology in our daily lives, cyber-attacks have become a constant threat to business and individuals alike.
It is important to stay informed about the latest cyber threats and attacks to protect ourselves and our organisations from potential harm.
Let’s dive in and explore the most significant cyber-attacks of the month.
Advanced Parano Malware
Impact: Parano Stealer, Parano Ransomware, and Parano Screen Locker are sophisticated malware tools created by the actor "Paranodeus," leveraging Python for development. These tools target both individuals and organizations, stealing sensitive data like passwords, cookies, and cryptocurrency information.
Recommended Actions
- Use multi-factor authentication (MFA) especially for all sensitive banking and finance related accounts.
- Educate users about phishing and other social engineering tactics, particularly concerning sensitive applications like Telegram, WhatsApp and wallets.
- Monitor network traffic for unusual or unauthorized outbound data transmissions.
- Deploy anti-malware software capable of detecting obfuscated and evasive malware.
- Regularly audit and verify system startup processes.
Mauri Ransomware Leverages Apache ActiveMQ Flaw
Impact: The CVE-2023-46604 vulnerability in Apache ActiveMQ is being actively exploited by attackers to deploy malware, including coin miners, Quasar RAT, and Mauri ransomware. The attack involves creating backdoor accounts, enabling remote control via tools like FRP and RDP, and stealing or encrypting sensitive data.
Recommended Actions
- Enhance Endpoint Security: Deploy robust endpoint detection and response (EDR) solutions.
- Application Whitelisting: Restrict the execution of unauthorized applications by implementing application whitelisting to allow only trusted software on corporate devices.
- Browser and Credential Management: Encourage the use of password managers and disable browser autofill features to minimize the exposure of sensitive credentials.
- Secure Configuration Management: Regularly update and patch operating systems, applications, and browsers to mitigate vulnerabilities that the stealer may exploit.
SSH Brute Force Attacks Fuel DDoS Botnets
Impact: A new DDoS malware called cShell is reported to have been targeting improperly managed Linux SSH servers. The malware, developed in Go, exploits the `screen` utility and `hping3` tool to execute DDoS attacks. The attacker gains access via SSH brute force, installs the malware, and uses tools like `curl`, `hping3`, and `screen` to maintain persistence and execute DDoS commands. Administrators should secure servers and update them to avoid such exploits.
Recommended Actions
- Harden SSH access by disabling root login and using strong, complex passwords. Implement multi-factor authentication for SSH to prevent brute force access
- Regularly update Linux servers and applications to patch known vulnerabilities
- Use firewalls to limit external access to SSH services and implement network segmentation
- Monitor system logs for suspicious activity and DDoS traffic pattern
Kimsuky's Sophisticated Email Phishing
Impact: Recent phishing campaigns linked to the North Korean-aligned Kimsuky group demonstrate advanced tactics, including the use of malware-less strategies, shifting sender domains from Japan to Russia, and exploiting legitimate services to evade detection. These attacks, often impersonating official entities, aim to harvest credentials and compromise accounts.
Recommended Actions
- Enhance Awareness and Training: Organizations should conduct regular training about phishing tactics, emphasizing the importance of scrutinizing sender addresses and URLs.
- Implement Advanced Email Security Solutions: Deploy email filtering systems that analyze the content and context of emails, not just attachments, to detect phishing attempts.
- Monitor for Indicators of Compromise: Security teams should stay informed about known malicious domains and IP addresses associated with phishing campaigns.
- Strengthen Authentication Mechanisms: Implement multi-factor authentication to reduce the risk of account compromise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
502, Building No 1, Mindspace Juinagar, Nerul,Navi Mumbai – 400706
|
|
|
|
You are receiving this email as you signed up for our newsletter.
Want to change how you receive these emails?
You can Unsubscribe here.
|
|
|
|
|
.jpg)
.jpg)
.jpg)
