| |
|
|
|
|
|
|
|
|
|
|
Dear Cyber Pulse Subscribers,
Welcome to the latest edition of our Cyber Pulse newsletter! At ReBIT, we understand the critical importance of staying ahead in an ever-evolving digital landscape, and this issue brings you the most up-to-date news and insights from the world of cybersecurity.
In this edition, we will delve into the latest cybersecurity developments and shed light on a particularly concerning issue – the rise of WhatsApp scams.
The world we live in today is highly interconnected, and while technological advancements bring numerous benefits, they also expose us to new risks.
Today, I want to draw your attention to a specific threat that has been gaining traction – WhatsApp scams. As the popularity of this messaging platform continues to soar, cybercriminals are seizing the opportunity to exploit unsuspecting users. Our featured blog in this edition will delve deep into the mechanics of WhatsApp scams, shedding light on the various techniques used by cybercriminals to deceive and defraud users.
These scams often involve impersonation, where fraudsters masquerade as trusted individuals or organisations, tricking users into sharing sensitive information or making financial transactions. Such scams can have devastating consequences for individuals and businesses alike, ranging from financial loss to reputational damage.
To combat these threats effectively, we must empower ourselves with knowledge. At ReBIT, we believe that education and awareness are vital tools in the fight against cybercrime. We are committed to providing you with the resources and insights needed to navigate the digital landscape securely.
In conclusion, I urge you to explore the articles and resources in this edition of Cyber Pulse. Equip yourself with the latest cybersecurity news, learn about the intricacies of WhatsApp scams, and strengthen your defences against evolving threats. Remember, cybersecurity is a shared responsibility, and together, we can create a more resilient digital ecosystem.
Thank you for your unwavering support and trust in our mission. Stay informed, stay vigilant, and let us navigate the complex world of cybersecurity together.
Safeguarding your digital future,
Santhosh George
CEO, ReBIT
|
|
|
|
|
|
|
|
|
|
WhatsApp, the popular messaging app, has unfortunately become a breeding ground for scams in India. Fraudsters are constantly devising new tactics to exploit unsuspecting users, posing risks to personal information, finances, and overall online security. This article aims to shed light on recent WhatsApp scams, including OTP scams, fake job offers, lottery and prize scams, as well as the YouTube channel/video scam and WhatsApp Pink scam. We will explore real-life examples, share relevant statistics, highlight the latest incidents, and provide essential steps to safeguard yourself against these fraudulent activities.
Latest WhatsApp Scams
1. OTP Scam: One of the most prevalent WhatsApp scams in India is the OTP scam. Scammers impersonate known contacts or pose as trusted service providers, tricking users into sharing their One-Time Passwords (OTPs). By obtaining the OTP, fraudsters gain unauthorised access to personal accounts, leading to potential identity theft or financial loss.
2. Fake Job Offers: In this scam, fraudsters pose as recruiters and offer enticing job opportunities via WhatsApp. They request personal details, including copies of identification documents, and may even ask for an advance payment or registration fee. Victims not only lose money but also risk their personal information being misused.
3. Lottery and Prize Scams: Scammers send messages claiming that the recipient has won a substantial sum of money or an extravagant prize in a lottery or contest. To claim the prize, victims are asked to provide personal details or pay a fee. These scams exploit the desire for financial gain, resulting in financial loss and potential identity theft.
4. YouTube Channel/Video Scam: Fraudsters make unsolicited phone calls, often from international numbers, asking people to like, subscribe, or share YouTube channels or videos. They promise rewards or prizes in return. Scammers seek to generate revenue, harvest data, or distribute malware through these scams.
5. WhatsApp Pink Scam: The WhatsApp Pink scam involves a fake version of WhatsApp that fraudsters promote as an enhanced version of the app. Victims unknowingly install malware-infected applications that can steal personal data, compromise device security, and lead to unauthorised access.
Statistics and Latest Incidents
Recent reports have highlighted the rise of WhatsApp scams in India. According to the National Crime Records Bureau (NCRB), cybercrime cases increased by 63.5% in 2020, with a significant portion attributed to WhatsApp scams. Cybercrime police stations, such as the one in Hyderabad, have reported a surge in complaints related to WhatsApp scams, resulting in substantial financial losses for victims.
Steps to Stay Safe
- Be cautious of unknown senders and suspicious messages or calls.
- Enable two-factor authentication for your WhatsApp account.
- Avoid sharing personal information, such as bank details or identification documents, over WhatsApp.
- Independently verify job offers and research companies through official channels.
- Exercise scepticism regarding lottery or prize claims, and never share personal information or pay fees.
- Be wary of unsolicited requests to like, subscribe, or share YouTube channels or videos.
- Stick to official app stores and avoid downloading apps from untrusted sources.
- Keep your devices protected with up-to-date security software, and avoid clicking on suspicious links or downloading files.
- Stay informed about the latest scams, report any suspicious activities to the authorities, and notify WhatsApp.
WhatsApp scams continue to pose a significant threat to users in India. By being vigilant, cautious, and aware of the risks, we can protect ourselves from falling victim to these fraudulent activities. It is crucial to prioritise online security, follow the recommended steps, and report scams to the appropriate authorities. By collectively staying informed and spreading awareness, we can create a safer online environment for all WhatsApp users.
|
|
|
|
|
|
|
|
Governance
RBI proposes cyber security framework for a safer financial system
MK Jain, the RBI's deputy governor, has urged for a global effort to combat cyber risk, claiming that as financial activities shift online, the reliance on IT infrastructure grows rapidly. He proposed six cybersecurity techniques to improve global cybersecurity.
Read more
MPs expressed their concern over multiple data breaches
Concerns over "Multiple" data breaches, such as the most recent suspicion of Co-WIN data leak, and convergence of stolen data were raised, and the nation's cyber security agencies were urged to improve their infrastructure to secure the data.
Read more
National Cyber Security Reference Framework (NCRF) 2023 to be released soon
The government has developed a new cyber security policy in response to an increase in malware attacks on important sectors like as hospitals and oil firms. The National Cyber Security Strategy 2023 is a critical document that replaces the 2013 policy.
Read more
Maharashtra govt. to release ₹54 lakh fund to implement cybercrime helpline 1930
The state government has approved the transfer of ₹54 lakh received from the central government for the successful operation of the state's national cybercrime helpline number 1930.
Cyber Crime
Police in Nellore arrest 10 kids for AePS-based cybercrime
The district's police have discovered a significant financial scam that was carried out by abusing the Aadhaar-enabled Payment Services (AePS). They arrested 10 young people and took ₹51.25 lakhs from them. Without using two-factor authentication, the accused had exploited biometric POS machines to fraudulently withdraw funds from the accounts of unwitting bank customers.
Read more
Haryana energy minister warns of electricity bill fraud
The energy minister for Haryana has warned electricity users to stay wary of online con artists who use misleading messages and links. The minister's warning comes in reaction to an increase in the number of cases where people have been defrauded online. He emphasized the need for consumers to be aware and advised them to use caution when they receive any strange texts.
Read more
As cybercrime rises, all govt staff asked to take online safety course
The Central Government has mandated that all of its employees, including senior officials, complete a brief online course on cyber security in light of the overwhelming number of cyber-attacks that have been reported on the digital platforms of various ministries and agencies in recent years.
Read more
Pune police forms ‘Special 108’ team to combat online fraud and cyber crimes
Pimpri Chinchwad Police has started the process of choosing 108 policemen with experience in the cyber cell to create a specialised team of "cyber experts" to counter the rise in online fraud cases. The establishment of this group, dubbed "Special 108," intends to stop cybercrimes and shield citizens from financial loss.
Read more
'Boss Scam': Cybercrime cops held 2 Bihar men who swindled ₹1.16 cr
The Chennai Police Cyber Crime wing arrested two persons from Bihar who swindled ₹1.16 crore from a senior executive of a company by acting as the company's managing director.
|
|
National cybercrime portal got 21 lakh cases, FIRs in only 2%
Just 0.8% of the 1,95,409 complaints filed from Maharashtra on the National Cybercrime Reporting Portal from Jan 2022 to May 2023 resulted in an FIR, shows information obtained under the RTI Act. Only 2% (42,868) of the total 20,99,618 complaints received on the portal from all states and UTs during the period were converted into FIRs.
Read more
Cyber Security
Paracetamol maker Granules India has identified substantial operations impacted by a cyber assault
Granules India, a pharmaceutical company, has reported a considerable loss of income and profitability because of a cyber security incident late last month. The attack caused significant disruptions to the company's IT systems, as well as delays in achieving regulatory and quality standards.
Read more
US federal entities were targeted in a global hack
According to a leading US cybersecurity group, several US federal government institutions have been the target of a global cyberattack by Russian cybercriminals known as Clop that takes advantage of a flaw in widely used software.
Read more
Cyber Attack
Chinese hackers exploit Barracuda ESG zero-day
A popular email security appliance had a zero-day vulnerability that allowed Chinese hackers working for a state-run cyberespionage operation to compromise hundreds of organisations, claimed cyber threat intelligence firm Mandiant. The targets included Southeast Asian Foreign Ministry, Foreign Trade Offices in Taiwan, and more.
Read more
DDoS attacks are to blame for recent Azure and Microsoft 365 outages
A pro-Russian hacktivist organisation has been using DDoS assaults to disrupt Azure and Microsoft 365 for weeks. The computing behemoth claimed that since early June, a threat actor has been using its collection of botnets to perform DDoS assaults from a few cloud services and open proxy infrastructures.
Read more
Ransomware
Linux version of Akira ransomware targets VMware ESXi servers
In double-extortion attacks against businesses around the world, the Akira ransomware operation encrypts VMware ESXi virtual computers with a Linux encryptor. The threat actors steal data from breached networks and encrypt files to conduct double extortion on victims, demanding payments that reach several million dollars.
Read more
LockBit 3.0 Gang targets world’s biggest chipmaker TSMC in a daring $70 million ransom
In an audacious cyber stunt, LockBit 3.0 ransomware group has targeted the Taiwan Semiconductor Manufacturing Company (TSMC), demanding a whooping $70 million to avoid leaking sensitive data and network details.
Read more
Malware
PyPI suspends new registrations following malicious Python script attack
PyPI, the official Python package repository, has suspended new user and project registrations. The unanticipated change comes as the registry struggles to keep up with an increase of malicious users and packages.
Read more
|
|
|
|
|
|
|
|
|
|
The Cyber Strike is a section dedicated to providing you with a summary of the most significant cyber-attacks that occurred over the past month. With the increasing prevalence of technology in our daily lives, cyber-attacks have become a constant threat to business and individuals alike.
It is important to stay informed about the latest cyber threats and attacks to protect ourselves and our organizations from potential harm.
Let’s dive in and explore the most significant cyber-attacks of the month.
Anonymous Sudan's campaign results in Microsoft Outlook Service outage
Entities Affected: Microsoft Outlook Services
Overview: Anonymous Sudan initiated a campaign targeting American companies and critical infrastructure, leading to disruptions in Microsoft Outlook services for a significant number of users. The group shared images of their activities, coinciding with user complaints on Twitter about difficulties accessing Microsoft 365.
Recommended Action: DDoS mitigation and website security
Read more
AIIMS Delhi faces second cyberattack within a year
Entities Affected: AIIMS Delhi
Overview: A recent cyberattack was experienced by the All-India Institute of Medical Sciences (AIIMS) in New Delhi, but its strong cyber-security systems immediately identified and stopped the malware attack. The Delhi Police, CERT-In, and NIC are all involved in the investigations into this event, which is the second hack against AIIMS in a year that has disrupted its services.
Recommended Action:
- Implement robust cybersecurity measures
- Regularly update software and systems
- Enable automatic backups
- Implement a robust incident response plan
- Establish access controls and least privilege
- Maintain strong network security
Read more
SharpPanda APT targets G20 Nations
Entities Affected: Microsoft Windows
Overview: SharpPanda, a Chinese APT group, has been targeting government officials and organizations in Southeast Asia and G20 countries with spear-phishing emails that exploit vulnerabilities in Microsoft Office documents. The malware installed by these emails can steal sensitive information, such as passwords, credit card numbers, and intellectual property.
Recommended Action:
- Avoid downloading pirated software from warez/torrent websites
- Use strong passwords and implement multi-factor authentication wherever possible.
- Enable automatic software updates on all devices.
- Install and regularly update reputable antivirus and internet security software on all connected devices
- Monitor network traffic for any suspicious activities
- Implement Data Loss Prevention (DLP) solutions on employee systems
Read more
Proof-of-Concept (PoC) exploit revealed for Windows: Win32k bug exploited in attacks
Entities Affected: Microsoft Windows
Overview: Windows local privilege escalation vulnerability (CVE-2023-29336) has a proof-of-concept exploit that has been publicly released. The Win32k subsystem is affected by the vulnerability, which was fixed in the May 2023 update, and it enables users with low privileges to get access to resources with SYSTEM capabilities. To identify exploitation attempts, system administrators are urged to apply the patch and keep an eye out for unusual memory operations linked to window objects.
Recommended Action:
- Apply security patches
- Implement regular patch management
- Strengthen access controls
- Conduct vulnerability assessments
- Provide ongoing cybersecurity awareness and training programs to employees
Read more
New ransomware NoEscape uses DLL Injection technique
Entities Affected: Microsoft Windows, Linux
Overview: NoEscape is a Ransomware-as-a-Service (RaaS) that was recently identified and advertised on a cybercrime site. It offers a configurable ransomware builder interface for creating executables for Windows and Linux systems and actively recruits affiliates to join its network. User Access Control (UAC) in Windows is circumvented by the ransomware, which also deletes system backups and shadow copies and uses powerful encryption to encrypt data. The malware also leaves ransom letters instructing victims to start talks for a ransom payment.
Recommended Action:
- Conduct regular backups of critical data
- Turn on automatic software updates on all devices
- Install reputable antivirus and internet security software on all connected devices
- Immediately detach infected devices from the network
- Be cautious when opening email attachments or clicking on links
- Check system logs for any suspicious events or unauthorized access
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ReBIT is an ambitious, employee-first organisation that believes in empowering our employees to grow alongside the organization's goals and perform to their full potential. We are fascinated by technology, and we admire our employees. We house exceptional talent that contributes to ReBIT's mission.
We’re looking for candidates who have a zeal for technology and innovation. Check out our careers page for opportunities to work with us!
|
|
|
|
We'd love to hear from you!
Share your thoughts with us at communications@rebit.org.in or leave us a feedback by clicking on the button below.
|
|
|
|
|
|
|
|
502, Building No 1, Mindspace Juinagar, Nerul,Navi Mumbai – 400706
|
|
|
|
You are receiving this email as you signed up for our newsletter.
Want to change how you receive these emails?
You can Unsubscribe here.
|
|
|
|
|
