Search This Blog

Showing posts with label India. Show all posts

Iranian Threat Actors Have Modified Their Strategies, Attacks Now More Effective


Since the dawn of the digital age, Iranian hackers have been infamous for their attacks on critical infrastructures, targeting governments, and hacking large corporate networks. The main motive behind these attacks is getting espionage intelligence, steal confidential information, ransomware attacks, and target massive data networks. Since 2019, the hackers have been using developed strategies that are more effective in causing damage to the targets, resulting in better monetary benefits, says the Bloomsbury news.


Attack details

  • Earlier this year in April, hacking group APT34 (otherwise knowns as OilRig) launched a modified version of the backdoor named 'RDAT.' The backdoor uses the C2 channel, which can hide commands and data under images via attachments. 
  • Earlier this year in May, APT34 also added a new tool to its hacking inventory, known as DNSExfiltrator. The tool has allowed hackers to become the first hacking group that uses the DoH (DNS-over-HTTPS) protocol in its attacks. 

Keeping view of these new modifications in the hacking realm, organizations should know that the criminals are evolving and modifying their methods over time. It suggests that hackers have become more powerful and possess a more significant threat to the cybersecurity world.

Other developments 

  • In August 2020, the FBI issued a security alert about the hacking group going by the name of 'Fox Kitten' attacking potentially weak F5 networks. The hacker's purpose was to attack private and public U.S. government organizations. 
  • In July 2020, making its comeback, threat actor Charming Kitten launched a cyberespionage campaign, using WhatsApp and LinkedIn to imitate Persian speaking journalists. The targets included the U.S. government, Israeli scholars belonging to Tel Aviv and Haifa universities. 
  • In June 2020, an amateur hacking group from Iran attacked Asian companies using 'Dharma' ransomware. 

According to intelligence reports, the hackers used widely available hacking tools to target companies in China, Russia, Japan, and India. From July 2020, threat actor Fox Kitten is also infamous for giving small corporate networks access on hacking forums. According to experts, it is just trying to generate revenue using other income channels, using systems that lack any intelligence value but provide Iran money.

Indian Prime Minister Announces a New Cyber Security Policy for the Country


On the celebration of India's 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. 

While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India's society, economy, and development. 

He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn't be taken for granted. The prime minister's comments come against the ever-increasing cyber threats and psychological warfare radiating from nations like Pakistan and China. 

As per news reports, during the border tensions at Ladakh, China and Pakistani social media activists had apparently joined hands to dispatch fake news and misinformation campaigns against India. 

At the point when the conflict happened along the Pangong Lake on 5-6 May, Weibo, the Chinese version of Twitter, had featured images of Indian fighters tied up and lying on the ground, with correlations made to Bollywood's 'muscular portrayal' of the Indian Armed forces.

 "The government is alert on this," Modi reassured the nation, later adding that the government will soon come out with a strong policy on this.

Apart from this, phishing attacks offering info on Covid-19 and equipment, or free testing with the aim to steal personal information have additionally been on a steady rise in India over the last few months. 

As indicated by a Kaspersky report, there is a 37% increase in cyber-attacks against Indian companies in April-June quarter, when compared with January-March quarter, with the reason being the implementation of a nationwide lockdown from March which made organizations and companies permit their employees to work from home.

Indian Organizations Suffer the Most in Public Cloud Security Incidents



In a survey of 26 countries for public Cloud security incidents, India emerges as the nation which endured the hardest hits the previous year with 93 percent of the nation's organizations encountering the problem.

The survey included more than 3,500 IT managers across 26 nations in Europe, the Americas, Asia Pacific, the Center East, and Africa that currently host data and workloads at hand in the Public Cloud.

The cybersecurity incidents that Indian organizations suffered most included ransomware (53 percent) and other malware (49 percent), exposed data (49 percent), compromised accounts (48 percent), and cryptojacking (36 percent), said the report titled "The State of Cloud Security 2020" by cybersecurity company Sophos.

While Europeans seem to have endured the least level of security incidents in the Cloud, an indicator that compliance with General Data Protection Regulation (GDPR) guidelines are assisting with protecting organizations from being undermined.

However, India still hasn't enforced a data protection law.

Chester Wisniewski, Principal Research Scientist at Sophos said in a statement, "Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public Cloud."

 "The recent increase in remote working provides extra motivation to disable Cloud infrastructure that is being relied on more than ever, so it's worrisome that many organizations still don't understand their responsibility in securing Cloud data and workloads," Wisniewski added later.

"Cloud security is a shared responsibility, and organizations need to carefully manage and monitor Cloud environments in order to stay one step ahead of determined attackers."

According to the report, more than 55 percent of Indian organizations and businesses revealed that cybercriminals obtained access through the stolen Cloud provider account credentials.

Regardless of this, only 29 percent said managing access to Cloud accounts is a top area of concern. Albeit 'accidental exposure' keeps on plaguing organizations, with misconfigurations exploited in 44 percent of reported attacks on Indian organizations.

With 76 percent of organizations utilizing the Public Cloud, detection and response are driving the Cloud security concern for IT managers in India while data security still stays as a top concern across the world for organizations.

The Trauma of Securing a Code Signing Certificate - The Government of India needs to Intervene against hegemony of MNCs


A boutique Indian cyber security firm (a proprietorship) just went through a nightmarish experience with an MNC when it sought to secure a Code Signing Certificate (CSC). The MNC simply refused to recognise several valid documents issued by the Government of India.

The Indian firm has a GST registration, a MSME registration and has over the last few years continuously offered protection against cyber security threats to over a dozen blue chip firms in the Banking & Financial Services Sector. Most of the firm’s business is repeat business on an annual subscription model.

The firm wrote a small executable which can dig into viruses on hard disks and wanted a secure a code signing certificate in this connection.

The first code signing vendor said that they can only issue a certificate to a company incorporated with the Ministry of Company Affairs and thus rejected the application. Fortunately, no application fee has been paid and the matter ended there.

A second vendor was approached, an application was filed on a website and a fee of approximately US $ 200 paid. Then the nightmare started. The firm received a verification email seeking to know if it were a private limited company. It said that it was a proprietorship, with a GST and MSME registration, and even offered to show the Purchase Orders (POs) from clients in order to prove its legitimacy. However, the vendor was firm and said that it could only issue a certificate to a Private Limited firm. When a refund was sought, there was no reply.

The vendor then said that GST and MSME registrations were not acceptable and sought alternative verification. This involved securing a landline, a certification from the firm’s CA about its existence as a registered and genuine entity, CA’s certification of physical location at the same place as the landline, Aadhar card photocopy (front and back), and also a selfie with the front and back display of the Aadhar card. Further, the firm’s representative was required to be at the landline location to receive a call which proved to be a complication because of the lockdown. Finally, the CA himself had to go through a verification process.

This whole experience highlights the importance of a intervention by the Government of India in the area of code signing certification and a localisation of the same. Otherwise MNCs will end up controlling the process, with the power to even disregard official registrations issued by the Government of India.

Beware of Stalkerware That Has Eyes On All of Your Social Media!


Dear social media mongers, amidst all the talk about the Coronavirus and keeping your body’s health in check, your digital safety needs kicking up a notch too.

Because, pretty recently, security researchers discovered, what is being called as a “Stalkerware”, which stalks your activities over various social platforms like WhatsApp, Instagram, Gmail, Facebook, and others.

‘MonitorMinor’, per the sources, is definitely the most formidable one in its line.

Stalkerware are “monitoring software” or ‘Spyware’ that are employed either by people with serious trust issues or officials who need to spy for legitimate reasons.

Via this extremely creepy spyware kind, gathering information like the target’s ‘Geographical location’ and Messaging and call data is a cakewalk. Geo-fencing is another spent feature of it.

This particular stalkerware is hitting the headlines this hard because, MonitorMinor has the competence to spy on ‘Communication channels’, like most of our beloved messaging applications.

The discoverers of this stalkerware issued a report in which they mentioned that in a “clean” Android system, direct communication between applications is blocked by the “Sandbox” to kill the possibilities of the likes of this spyware gaining access to any social media platform’s data. This is because of the model called “Discretionary Access Control” (DAC).

Per sources, the author of the stalkerware in question manipulates the “SuperUser-type app” (SU utility) (if present) allowing them root-access to the system.

The presence of the SU utility makes all the difference for the worse. Because owing to it and its manipulation, MonitorMinor gains root access to the system.

The applications on the radar are BOTIM, Facebook, Gmail, Hangouts, Hike News & Content, Instagram, JusTalk, Kik, LINE, Skype, Snapchat, Viber, and Zalo-Video Call.

From lock patterns to passwords, MonitorMinor has the power to dig out files that exist in the system as ‘data’. And it obviously can use them to unlock devices. This happens to be the first stalkerware to be able to do so, mention sources.

Per reports, the procedure is such that the “persistence mechanism” as a result of the malware manipulates the root access. The stalkerware then reverts the system section to read/write from the initial read-only mode, copies itself on it, deletes itself from the user section, and conveniently goes back to read-only mode again.

Reports mention that even without the root access, MonitorMinor can do a consequential amount of harm to targets. It can control events in apps by manipulating the “Accessibility Services”. A “keylogger” is also effected via the API to permit forwarding of contents.
Unfortunately, victims can’t do much to eradicate the stalkerware form their systems, yet.

Other functions of the stalkerware include:
• Access to real-time videos from the device’s camera
• Access to the system log, contact lists, internal storage contents, browsing history of on Chrome, usage stats of particular apps
• Access to sound recordings from the device’s microphone
• Control over the device’s SMS commands.

The security researchers released a report by the contents of which, it was clear that the installation rate of it was the maximum in India, closely followed by Mexico and then Germany, Saudi Arabia, and the UK.

The researchers also per reports have reasons to believe that possibly the MonitorMinor might have been developed by an Indian because they allegedly found a ‘Gmail account with an Indian name’ in the body of MonitorMinor.

'Yes Bank' registers a complaint against fake news, alleging it of frightening investors


Yes, Bank filed a police complaint against fake news stating that misinformation was posted on social media concerning the bank's finance. The complaint was filed at Mumbai Police's Cyber cell when the investors withdrew their shares, and the capitals at the stock market hit a downfall. The bank's police complaint says that the fake news was scaring away its investors and depositors.



The rise of mobile internet in India has resulted in social tremors, with users falling prey to false information. Due to the lack of digital literacy, people are easily exposed to Fake News.

One of the biggest reasons is that fake news is usually engaging, and frightening which drives people to share them in a flash. It intends to create chaos among the general public. For a few days, some perpetrators are circulating fake news and ill-disposed falsehoods about Yes Bank on social networking sites and WhatsApp to generate fright among the bank's clients. The information seeks to present the bank in bad standing and is aimed to defame the bank's image among its clients, shareholders, and society.

"Yes Bank filed a charge by Mumbai Police and Cyber Cell on the propagation of fake news and advertising of lies about the bank's economic status on different social media platforms such as WhatsApp," said the bank in its report. The bank also asked the authorities to establish a committee of specialists to look over the issue of rumor-mongering and find the convict guilty of spreading fake news over social media platforms, they also requested the experts to find the origin of the fake news.

The bank requests its stakeholders and investors to be aware of false information. 'We assure our client that Yes Bank's financial standing is safe and reliable and would continue to be the same for a long time,' it says. It is no doubt that since the last few years, fake news has become a threat to Indian democracy and the people of India. Misinformation that is aggressively spread or shared through social media platforms causes chaos and distress among the public.

Income Tax Dept alerts taxpayers of phishing mails by fraudsters




The Income Tax department of India has alerted the taxpayers about a phishing email asking them to verify their tax return even though they have e-verified it.

A taxpayer Anika Gupta, received an email from a suspicious email ID, asking her to e-verify her return, while she had already e-verified her ITR through OTP generated by the Aadhaar card.

The email claiming to be from the Income Tax (I-T) Department, it read, “Hello anxxxxx@xxail.com, Income Tax Return for the Assessment Year 2019-2020 has been successfully filed. After Submission, It is mandatory for Tax Payers to e-Verify the Income Tax Return using various verification methods. For your Income Tax Return, e-verification is not d………..read more”

The mail contains three malicious links with the texts ‘read more’, ‘see here’, ‘pending’ and ‘click here’.

Soon after receiving the mail, Gupta alerted the matter to the grievance section of the I-T Department.

The I-T Department alerted the taxpayers by saying, “Income Tax Department never asks PIN, OTP, Password or similar access information for credit/debit cards, banks or other financial account-related information through e-mail, SMS or phone calls. Taxpayers are cautioned not to respond to such e-mails, SMS or phone calls and not to share personal or financial information.”

The I-T department also requests the user to carefully “Check the domain name. Fake emails will have misspelled or incorrect sounding variants of Income Tax Department web sites and will have incorrect email header.”

The Department further said, “In case if you have received such phishing / suspicious mail – do not open any attachments as it may contain malicious code. Do not click any links. Even if you have clicked on links inadvertently, then do not enter personal or financial information such as bank account, credit/debit/ATM card, income tax details, etc.”

Banning Crypto Could Lead To The Indian Market Plummeting By Billions?




Crypto-currency if banned in India could lead to the Indian market going down by an approximate amount of $13 Billion, experts say.

An analysis of the revenues that companies could generate if crypto-currency were legalized was made by the experts, which also had a premise of Indian-founded crypto-companies.

Per the sources, the analysis reflected that “as part of their total estimated revenue” in India companies could’ve generated $4.9 billion as on crypto-white papers, $2.1 billion from expert blockchain coders, $1.27 billion from content creators and $4.5 billion from miscellaneous jobs.

According to the experts it sure is quite a herculean and next to impossible task for India to ban the crypto-currency on such a mass level and they’d end up regulating it.

The government of India is on the task of banning and is deliberating it with quite some thought. It also is considering imposing sanctions on any crypto related dealings.

The government still has quite a detailed and elaborate reviewing to go through before they draft a proper legislation.

Despite all the reports and analysis displayed by the experts the government has quite a strong will to go with the drafting of the bill that bans the crypto-currency and associated dealings.

Researchers found Third-Party costs the Healthcare Industry $23.7 Billion a Year






The average cost of a data breach has increased to 12% over the past five years to US$3.92 million, according to a report sponsored by tech giant IBM.

The report released by Censinet and the Ponemon Institute which was funded by IBM, conducted research on more than 500 companies around the world that suffered a breach over the past year.

According to the report, 72 percent of respondents believe that the increasing dependence on third party medical devices to the network is most risky, while 68 percent say connecting medical devices to the internet increases the risk of cyberattack. 

“This research confirms that healthcare providers require a better, more cost-effective approach to third-party risk management,” said Ed Gaudet, CEO, and founder of Censinet. “The adoption of technology in healthcare is more rapid and complicated than ever before. As an industry, we must help providers safely enable cloud applications and medical devices optimized to deliver the quality of care hospitals and their patients expect.”

In India, on an average, 35,636 records were compromised in a data breach, and cost ₹12.8 crore to organizations from July 2018 and April 2019,


“It’s clear that healthcare providers are in a tough spot. The number of vendors they rely on is increasing at the same time the threats those vendors pose are escalating in frequency and severity, so it’s easy to see how managing these risks has become an overwhelming problem,” said Dr. Ponemon, chairman and founder of the Ponemon Institute. “But it’s not all bad news – we can very clearly see an opportunity with automation for healthcare providers to monitor, measure, and mitigate the scourge of third-party breaches that continues to plague their industry.”

Cybercrime goes out of control in India



Phishing, data theft, identity theft, online lottery, cyber attacks, job frauds, banking frauds, cyberbullying, online blackmailing, morphing, revenge porn, cyber hacking, child pornography, cyber grooming, cyberstalking, data diddling, software piracy, online radicalisation — the dark web of cybercrimes is spreading across the world and India is one of the hotspots of this digital crime.

With increasing mobile coverage and cheaper data, more and more Indians now access the internet even while on the move. This has exposed unsuspecting ones to fall prey to online fraudsters. Many become victims of sexual exploitation after being made to share personal details while some others use the new media like WhatsApp to spread fake news to create trouble for political and other gains. There have been several lynching incidents in the country in the past couple of years after fake messages about child lifting and cow slaughter were spread through social media.

In spite of an alarming rise in cybercrime in the country, the most recent Government statistics available on this is from 2016. Cybercrimes touched 12,317 cases in 2016 which was an increase from 9,622 reported in 2014. The National Crimes Record Bureau is yet to release the statistics for 2017 and 2018.

The data available is just a tip of the iceberg and the numbers might be much more, says a senior government official. “Many even do not report loss of money or honour out of shame. Many cannot even tell their families that they have lost money in online frauds,” the official said.

Officials say the problem is that common people are not aware of the risks involved while dealing with the internet. Many are unaware, they say, and exercise no caution while using the net. They click unwanted links, unknowingly give the cyber fraudster their personal details and get cheated.

Looking For a Free VPN Service That’s Not Too Messy? Here’s All You Need To Know About TunSafe VPN Service

Not sure how to browse the internet safely away from the claws of hackers and cyber-cons? Not sure how to maintain cyber privacy?

TunSafe VPN is a solution to many such problems. It’s a free VPN service which aids people to connect with websites and social networks without revealing the channel.

It has been essentially developed and includes fresh features and better provisions.

The very high performing VPN follows the WireGuard protocol which enables it to help setup the secure VPN channels swiftly betwixt different platforms.

By way of the latest and most fresh cryptography-Curve25519, ChaCha20, Poly1305, BLAKE2 and HKDF, TunSafe ensures that no third-party hinder the user’s privacy.

All you need is simple configuration files which is specifically provided by the VPN provider..

For Downloading:


1. Go to https://tunsafe.com/
2. Click download.
3. Select the “Download TunSafe 1.4 installer”

For Installation:


1. Open the downloaded file
2. Complete the installation by pressing OK all the way.
3. Finally close it.
4. This is what will appear after that.

5. Click on connect.

6. The above is what will appear after that. This is the main window of TunSafe.

7. Drag the configuration file from the VPN provider onto Tunsafe’s window.

8. Confirm when the dialogue box pops up.


9. If everything works out well, a message will show that the VPN has been connected and the connection, established.

Various Platforms TunSafe Is Available For:
Desktop: Windows, Linux, OSX, Free BSD
Mobile: Android and iOS

Unlike most of the VPN services, TunSafe is free if cost and that’s what makes it better, more efficient and different from all the others.

For more details check www.tunsafe.com

Google and Apple removes TikTok from App Stores in India




Google and Apple has removed the Chinese video app Tiktok from their App Stores, a day after Indian Government urged the companies to do so. 

India’s Ministry of Electronics and Information Technology (MeitY) requested the companies to block the app after the  state court ordered to ban access of the app as questions regarding its usage were raised. It was noted that people were using it for pornographic purposes and exploiting children.

According to  analytics firm Sensor Tower, TikTok had the highest number of users in India, and 75% of them were women. It has been downloaded more than 230 million times. 

However, a TikTok representative said that he “faith in the Indian judicial system.” The company hopes that they would be able to lift the ban and would come stronger than before, “We are optimistic about an outcome that would be well received by over 120 million monthly active users in India.”

The app has already banned in Bangladesh and had faced largest ever fine in the United States for illegaly collecting informations on children. 

TikTok users in India who had previously downloaded the app on their phones were still able to use the service on Wednesday.

TikTok's official statement: ’’At TikTok, we have faith in the Indian Judicial system and the stipulations afforded to social media platforms by the Information Technology (Intermediaries Guidelines) Rules, 2011. We are committed to continuously enhancing our existing measures and introducing additional technical and moderation processes as part of our ongoing commitment to our users in India.’’

‘’In line with this, we have been stepping up efforts to take down objectionable content. To date, we have removed over 6 million videos that violated our Terms of Use and Community Guidelines, following an exhaustive review of content generated by our users in India."




76 percent Indian companies were hit by cyber attacks in 2018





A survey conducted by a UK-based IT security provider Sophos has found out that over 76 percent Indian companies were hit by cyber attacks in 2018.

India stands at third spot of highest number of cyber attacks in 2018 after Mexico and France. Meanwhile, 68 percent organizations in the world admitted of being a victim of the cyber attacks last year.

Managing director sales at Sophos India & SAARC, Sunil Sharma  told Business Today,  "In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them."

The survey was carried out in 12 countries which includes US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa, and there were about  3,000 IT decision-makers from mid-sized businesses.

"Server security stakes are at an all-time high with servers being used to store financial, employee, proprietary and other sensitive data. Today, IT managers need to focus on protecting business-critical servers to stop cyber criminals from getting on to the network," Sharma further added.

"They can't ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can't identify how threats are getting into the system and when."

The survey report reveals that in India, 39 percent of the cybercrimals are detected at the server, 35 percent are on the network, and 8 per cent are found on endpoints.

"It has been found that the visibility is not there. We don't know what kind of attack. We don't know how many modes it has actually traveled. We don't know how the attack is damaging, which are the endpoints, where it has actually made damage. All that visibility is not available and it is also not helping them to take right decisions," Sharma said.

According to the survey report,  97 per cent IT managers admitted that cyber security is the greatest challenge in India.