I hope this message finds you well, and I'm delighted to connect with you through our latest edition of Cyber Pulse. As the world of cybersecurity continues to evolve at an unprecedented pace, it's crucial that we stay informed and vigilant. In this edition, we’ll like to highlight some of the most significant developments and trends in the realm of cybersecurity, as well as shed light on key strategies to keep us safe in the online world.
Today, we live in a cyber age where all our activities are facilitated by the Internet highways. Seamless, fast, and secure digital services have opened global marketplaces at the fingertips of consumers. While the month kept us busy with multiple training and awareness initiatives, the edition provides an overview of the key threats and prevention strategies to be cyber-aware and secure netizens.
In this edition, we highlight mobile app frauds—the new haven for cybercriminals in India. The country is witnessing a fast-growing mobile app economy driven by convenience to manage basic services like healthcare, finances, shopping, leisure, etc.—all at your fingertips. But these digital doors need to be guarded with fraud prevention strategies to ensure we do not fall prey to miscreants. We also discuss the dawn of passwordless authentication as the next step in data security. Multi-factor authentication is the way forward.
We must be alert and aware of the new threats and tactics of cybercriminals. Whether we are an organization or an individual, ensuring key simple steps in protecting our data can keep our digital world secure and avoid online dangers.
Our commitment to cutting-edge technology and unwavering dedication to cybersecurity excellence are the major drivers behind providing the best possible solutions to safeguard your digital assets. In the coming months, we will continue to explore these topics in more detail, providing you with actionable insights to bolster your cybersecurity posture and thrive in the ever-changing digital landscape.
of digital transformation is at an all-time high across global economies and India
has taken the lead in this digital revolution early on. Scripted by the deep
penetration of connectivity and the power of the Internet reaching the last
mile if there’s one thing we’ve learned over the past two decades, it’s that technology has changed, cybersecurity has changed but human behavior has never
been more important in protecting sensitive data in cyberspace.
is globally marked as National Cyber Security Awareness Month (NCSAM) with a
view to educating the public and private sectors to increase the cyber
resilience. And it comes at a time when India is expected to have nearly 1 billion Internet users by 2025. The month-long activities across organizations aim to
promote key cybersecure behaviors through awareness programs to refresh the
commitment to cybersecurity with alerts on new methods for cyberattacks and
The Rise of Digital Citizens in the Cyber World
India is considered as one among the largest and fastest-developing markets for
digital consumers. The phenomenal rise in online usage has put India ahead of
some of the world's largest digital economies. The new era of digital India has
transformed governments, governance, businesses, and enterprises and has
introduced a new class of digital consumers who are technology savvy and
present in rural and urban areas across the country. As digital citizens of
India, they have been fast adopters of the digital way of life, enjoying the
freedom to access information, make payments, buy groceries, pay electricity
bills and more—all cashless, anytime, anywhere.
Unsafe Online Transactions: Digital Doors for Cyber Attack
In October 2023 there were a record-breaking 11.4 billion (1,140 crore)
transactions on the mobile payments network Unified Payments Interface (UPI),
with transaction values exceeding Rs 17.6 lakh crore. The online payments interface acts as a digital door for users to exchange their banking information with other applications and avail digital services. Cybercriminals are
quick to pick on these trends and have devised new fraud techniques that target
users of smartphones and mobile applications. e-Commerce, social media, and banking apps have emerged as major targets for cyberattacks in recent times. Hence, it’s important that with while
we enjoy the digital purchasing power and cyber freedom, we should also
practice cyber hygiene - keeping our sensitive data confidential.
Safeguarding Your Social
today's interconnected world, social media plays a central role in our lives,
but it's not immune to security risks. Protecting your online presence is
paramount. Start by setting strong, unique passwords for your accounts, and
enable two-factor authentication for an extra layer of defense. Be cautious
about sharing personal information and be mindful of phishing attempts, which
can lead to account compromise. Regularly review and update your privacy
settings to control who can see your content. Finally, stay informed about the
latest threats and best practices in social media security to keep your online
identity safe from prying eyes and cyber threats.
Social Media security tips:
Strong Passwords: Use
complex, unique passwords for each platform.
Enable 2FA for added security.
Privacy Settings: Regularly
review and adjust privacy settings.
Limited Sharing: Be
cautious with personal information.
Phishing Awareness: Watch
for suspicious links and emails.
Third-Party Apps: Review
and revoke app permissions.
Public Wi-Fi: Avoid logging
in on unsecured networks.
Regular Logouts: Sign out
when not using social media
Secure Devices: Keep your
devices and apps updated.
Education: Stay informed
about new threats and best practices.
By following these simple
steps, you can enjoy social media while keeping your personal information and
accounts secure. Be Alert and Stay Safe Online.
NPCI asks banks to introduce mandatory AePS security
Aadhaar-enabled Payment System (AePS) providers are asked by the NPCI to implement extra security measures in
order to prevent the growing number of frauds attempts on the network. It also suggested that banks should offer the option to either ‘enable’ or
‘disable’ AePS as a debit mode through multiple modes like mobile banking,
branch banking etc.
Telangana cybercrimes spiked during festival season
Cyberattacks on the rise, says the Telangana State Cyber
Security Bureau, with many offers and discounts on online shopping platforms
during the festival season. The allure of discounts and offers is irresistible
to avid shoppers, but it also attracted cybercriminals and fraud cases.
Phishing attack scams a healthcare startup of Rs 2.25
international hacker defrauded a health startup company of Rs 2.25 crore
through phishing when an unidentified individual pretended to be the corporate
communication manager of a Singaporean company showing interest to invest in
CBI Operation Chakra II to combat cyber-enabled frauds
Operation Chakra-II is an effort by the Central Bureau of
Investigation (CBI) of India to combat cyber-enabled financial frauds that are
multinational, organized, and enabled by cyberspace. The organization has
collaborated with national and international organizations, Microsoft, and
Amazon, among others, to oppose and demolish the infrastructure of call
One of the biggest defense and space contractors in the world, Boeing, announced that it was looking into a cyber event that affected some of its components and distribution business. Suspected to be a ransomware attack, it has started a law enforcement investigation into it. Russia-linked LockBit ransomware gang has claimed the responsibility for the cyberattack.
The Cyber Strike is a section dedicated to
providing you with
a summary of the most significant cyber-attacks that occurred over the past
month. With the increasing prevalence of technology in our daily lives,
cyber-attacks have become a constant threat to business and individuals alike.
It is important to stay informed
about the latest cyber threats and attacks to protect ourselves and our
organisations from potential harm.
Let’s dive in and explore the
most significant cyber-attacks of the month.
StripedFly: A Multi-Functional Wormable Framework
Impact: Highly sophisticated malware StripedFly acting as a cryptocurrency miner, is a complex malware
with a multi-functional wormable framework. The malware payload encompasses
multiple modules, enabling the actor to perform as an APT, as a crypto miner,
and even as a ransomware group, potentially expanding its motives from
financial gain to espionage.
Overview: The malware employed a custom EternalBlue SMBv1 exploit to infiltrate its victims’
systems. What set this particular worm apart from other malware that used
EternalBlue was its distinctive propagation pattern. It spread quietly,
allowing it to avoid detection by most security solutions.
Network Segmentation: Implement network segmentation to
isolate critical systems and data from less secure parts of the network. This
can limit the lateral movement of attackers within the organization.
Data Encryption: Encrypt sensitive data both at rest
and in transit to protect it from theft or unauthorized access.
User Privilege Management: Implement the principle of least
privilege, granting users the minimum level of access necessary for their roles
to limit potential damage caused by compromised accounts.
Secure Supply Chain: Carefully vet and monitor the security
practices of suppliers and contractors who have access to your organization's network.
Multiple Vulnerabilities in VMware vCenter Server
Impact:Multiple vulnerabilities have been reported VMware vCenter
Server which could allow remote attackers to execute arbitrary code and obtain
sensitive information on the targeted system.
Overview: This vulnerability exists in the VMware vCenter Server due
to flaw in out-of-bounds write. A remote attacker could exploit this vulnerability
by sending a specially crafted request. Successful exploitation of this
vulnerability could allow the attacker to execute arbitrary code on the target
Recommended Actions: Update
to the latest version
Information Disclosure Vulnerability in Sophos Firewall
Sophos Firewall version v19.5 MR3 (19.5.3) and prior versions
Overview: A password disclosure vulnerability exists in the Secure PDF eXchange (SPX) feature of Sophos Firewall when the password type is set to "specified by sender". Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information on the targeted system.
Recommended Actions: Obtain
the fixed version and upgrade
Multiple Vulnerabilities in WordPress
Impact: WordPress versions prior to 6.3.2. Multiple vulnerabilities have been reported in WordPress which could allow an attacker to obtain sensitive information, execute
arbitary code or can conduct cross site scripting attacks on the targeted system.
Overview: These vulnerabilities exist in WordPress due to improper validation of user-supplied input in Footnotes Block, Comments, REST API, Application Password Requests, Navigation Block and Subscriber. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information, execute arbitary code or can
conduct cross site scripting attacks on the targeted system.
Recommended Actions: Obtain the fixed version and upgrade.
ReBIT is an ambitious, employee-first organisation that believes in
empowering our employees to grow alongside the organisation's goals and perform
to their full potential. We are fascinated by technology, and we admire our
employees. We house exceptional talent that contributes to ReBIT's mission.
We’re looking for candidates who have a zeal for technology
and innovation. Check out our careers
page for opportunities to work with us!