thecybershark - The Cyber Shark

48 Arrested in Telangana’s Cybercrime Sweep, Uncovering 2,194 Cases Nationwide

Telangana Cyber Bureau detained 48 suspects for causing Rs 8.16 crore losses. The arrested individuals are involved in 508 cases in Telangana and 2,194 cases across India. In a significant move against cybercrime, the Telangana Cyber Security Bureau (TGCSB) recently arrested 48 suspects linked to a widespread cybercrime network. The state-wide crackdown, conducted in collaboration with local law enforcement, targeted suspects involved in 508 cases in Telangana and over 2,194 cases across India, amounting to financial losses of more than Rs 8.16 crore. The operation, initiated by the TGCSB Headquarters Police Station, involved extensive data analysis and intelligence gathering. Suspects face charges under various provisions, including the Information Technology Act, with cases involving fraudulent investment schemes, job scams, courier fraud, and other digital cons. The arrested individuals comprised 38 “mule account holders” who allowed cybercriminals to use their bank accounts for financial transfers, while 10 acted as “agents” who coordinated with these mule account holders to facilitate the illicit operations. The suspects include unemployed individuals, cab drivers, small business owners, and IT professionals, with educational qualifications ranging from secondary school to college degrees. The ages of the arrested suspects range from 20 to 55 years, and they were apprehended from various areas across Hyderabad and Telangana. In the raids, authorities seized 53 mobile phones, four laptops, five CPUs, two monitors, 18 bank passbooks, 16 checkbooks, 10 ATM cards, and a motorcycle, all believed to have been used in these cybercrime operations. The detained suspects are now under investigation by various police units. TGCSB Director Shikha Goel commended her team for their detailed planning and operation, highlighting the contributions of SP Devender Singh and Deputy Superintendents of Police KV Surya Prakash, Harikrishna, and KVM Prasad. Goel emphasized TGCSB’s commitment to enhancing cybersecurity and urged the public to be vigilant with personal information and cautious when dealing with unverified sources.

Cyber security becomes a Business Imperative: Boards Prioritize Cyber Risk Management amid Rising Threats

Cyber security is now seen as a core business function rather than just an IT task.Cyber security is no longer just an IT problem; it’s a critical part of managing risk across the entire business. Business leaders are increasingly aware of this, especially as cyber risks have multiplied since the pandemic. Interestingly, the percentage of large companies with a cyber-security expert on their board rose from 7 percent in 2013 to 28 percent in 2020. This number is expected to grow, as research predicts that by 2025, 40 percent of boards will have a dedicated cyber security committee led by a qualified member, as per Deloitte’s latest Global Future of Cyber Survey. Cyber security is now seen as a core business function rather than just an IT task. The survey highlights that cyber security is now a “business-critical imperative—57 percent of companies plan to increase their cyber security budgets in the next one to two years, while 58 percent are working to align their cyber security spending with IT, digital transformation, and cloud initiatives. This shift towards a more integrated approach shows that businesses understand strong cyber security is vital to staying resilient in an unpredictable digital landscape. Despite this progress, many organizations still have work to do. Only 52 percent of executives feel highly confident in their board and C-suite’s ability to handle cybersecurity challenges, and among cybersecurity-focused executives, confidence drops to just 34 percent. Even in companies with high cyber maturity, frequent breaches are common, but these firms are often better prepared to manage disruptions and maintain business continuity. “It’s really about getting the basics right and maturing them and being excellent at them, every day, consistently. Things like foundational controls, asset management, and vulnerability management. You need to excel there, almost mindlessly. They just have to happen,” said CISO, Life Sciences and Healthcare Organization As technology advances, more companies are using AI in cyber security, with 39 percent already incorporating it into their programs. On average, companies dedicate USD 39 million of their annual IT budgets to cyber security, a number expected to rise by about 3 percent over the next two years.

The Indian government has frozen approximately 4.5 lakh “mule” bank accounts over the past year.

The Indian government has frozen approximately 4.5 lakh “mule” bank accounts over the past year. These accounts, often opened using stolen identities, are primarily used to launder the proceeds of cyber fraud. State Bank of India, Punjab National Bank, Canara Bank, Kotak Mahindra Bank, and Airtel Payments Bank were found to have the highest number of such accounts. The Indian Cyber Crime Coordination Centre (I4C) recently informed the Prime Minister’s Office (PMO) about this alarming trend. They highlighted the evolving tactics of cybercriminals, who are increasingly resorting to cheque withdrawals, ATM transactions, and digital transfers to siphon funds from these “mule” accounts. The I4C’s analysis, based on data from the Citizen Financial Cyber Frauds Reporting and Management System, revealed a disturbing pattern. Approximately 40,000 suspicious accounts were linked to SBI, 10,000 to PNB, 7,000 to Canara Bank, 6,000 to Kotak Mahindra Bank, and 5,000 to Airtel Payments Bank. Since January 2023, the National Cybercrime Reporting Portal has registered nearly 1 lakh cyber complaints, with estimated losses exceeding Rs 17,000 crore. To address this growing threat, the government’s high-level inter-ministerial panel has identified vulnerabilities in the banking system and directed state and union territory police forces to proactively investigate and take action against “mule” account holders. Bank managers and officials involved in opening such accounts are also under scrutiny. The Reserve Bank of India and the Department of Financial Services have been instructed to implement necessary measures to strengthen security protocols and prevent future incidents. Airtel Payments Bank, in response to these concerns, emphasized its commitment to digital financial inclusion while maintaining robust security measures. The bank highlighted its real-time API integration with the I4C suspect registry, advanced AI/ML models for fraud detection, and innovative customer verification processes like Face Match to mitigate risks associated with “mule” accounts.

QR code-based citizen launched in Chandigarh review service

Chandigarh Police launched 12 November two citizen-focused initiatives — the QR code-based Citizen Review Service and Cyber Awareness Kiosks — during an event at the Multipurpose Hall, UT Secretariat. Punjab Governor and Chandigarh Administrator Gulab Chand Kataria attended as the chief guest, joined by senior officials from the Chandigarh Administration and members of Samavesh advisory committees. These initiatives, introduced by SSP Kanwardeep Kaur, mark significant steps toward improving police transparency and public cyber safety. DGP Surendra Singh Yadav welcomed the chief guest and dignitaries, thanking Kataria for his support in bringing these citizen-centric services to Chandigarh. The Citizen Review Service is designed to gather public feedback on police interactions through an easy-to-use QR code system. Citizens visiting police stations, Samavesh centres, police headquarters, and traffic lines can scan a QR code to rate their experience on factors such as police behaviour, response time, station cleanliness, honesty, and accessibility. This feedback will be collected monthly to rank police stations, with the results displayed on the Chandigarh Police website, promoting transparency and highlighting top-performing stations. The initiative empowers citizens to voice their experiences directly, allowing police to identify areas for improvement and validate service quality. The Cyber Awareness Kiosks focus on educating the public about cyber safety in an increasingly digital world. Strategically positioned in high-traffic areas such as Sector-17 Plaza, Sukhna Lake, and Elante Mall, these kiosks offer resources on cyber safety, including updates on recent cybercrime trends, practical tips for secure online behavior, and contact information for reporting cyber incidents. Through interactive modules, visitors can learn how to protect themselves from online threats such as phishing, identity theft, and online scams. The kiosks provide an accessible means for citizens to stay informed on cyber threats, helping them navigate the digital world safely. In his address, Kataria lauded Chandigarh Police for these “innovative, citizen-friendly” measures and their ongoing commitment to digital and community-oriented initiatives, such as eFIR, eBeat/eSathi, and Cyber Swachhta Mission, which bring police services closer to the public. SP (Headquarters) Ketan Bansal delivered the vote of thanks, expressing gratitude to Kataria and other officials for their support in launching these initiatives.

US cyber Security Firm Commvault Strengthens India Operations with Coimbatore Facility

Commvault, a leading provider of cyber resilience and data protection solutions for the hybrid cloud, today announced the launch of an advanced, facility in Coimbatore, Tamil Nadu. This facility, which complements Commvault’s existing operations in Bangalore and strengthens the company’s presence in India, will be a key centre for research and development, focusing on ground-breaking offerings like Cloud Rewind and Cleanroom Recovery. The Coimbatore facility will also serve as an innovation hub for engineering and technical talent, focusing on supporting regulatory compliance and AI advancements. The innovations will ultimately be utilized by customers across a wide array of verticals from banking, financial services, and healthcare, to public services and manufacturing. The facility’s launch follows a string of innovations from Commvault, including its recent acquisition of Apprenix, a leader in cloud-native rebuild resilience. The talented engineering team from Appranix, now integrated into Commvault’s R&D organization, will leverage this new hub to drive advancements in cloud-native application recovery and resilience. With Appranix’s expertise, Commvault is already equipping enterprises to swiftly rebuild cloud applications following outages or attacks with solutions like Cloud Rewind™, now available on the Commvault Cloud platform. This unique offering, which integrates cloud-native distributed application recovery and rebuild capabilities from the Appranix acquisition, gives cloud-first organizations a secret weapon to transform their cyber resilience strategies. Rajesh Nambiar, President Designate, nasscom, remarked, “Commvault’s expansion into Coimbatore is a testament to India’s evolving tech landscape and the country’s role as a global innovation hub. Coimbatore’s growing reputation as a technology centre, coupled with the availability of top-tier talent, makes it an ideal location for such a cutting-edge facility. We are excited to see how Commvault will continue to innovate and contribute to the future of cyber resiliency, especially in India.” Speaking about the new centre, Sarv Saravanan, Chief Customer Officer at Commvault, stated, “The Coimbatore facility marks a major step in expanding Commvault’s global R&D footprint. Our goal is to harness the city’s outstanding talent to drive high-end cloud engineering capabilities, empowering our customers to be resilient against escalating and rampant cyber attacks, and rapidly rebuild, reconstruct, and recover when the inevitable happens.” Ramesh Kalanje, Vice President, Centre of Excellence at Commvault, stated, “Culture and collaboration have been the cornerstone of Commvault’s success, and with the launch of our new facility in Coimbatore, we will continue to enhance our commitment to empowering customers to operate in a state of continuous business.”

PAN Card Misuse: Government Plans To Take Strict Actions Against Companies

The Ministry of Home Affairs has called for action against unauthorized use of personal data across various platforms. This and more in today’s ETtech Morning Dispatch. The Ministry of Home Affairs (MHA) has instructed the Indian Cybercrime Coordination Centre (I4C) to crack down on all forms of unauthorized use of personal data of Indian citizens across multiple platforms. Driving the news: The Income Tax department has been directed by I4C to stop unauthorised database access, targeting fintech companies’ data harvesting practices. Why it matters: Fintech and loan companies have been using PAN numbers to: Pull customer details including addresses Access phone numbers Obtain full names Build customer profiles Cross-sell products like personal loans But why: The Union government wants every unauthorized access to the system database to be restricted in the event of the notification of the Digital Personal Data Protection Act, 2023. The Act will bring in strict checks on who can access citizens’ data and for what purpose. To tighten its systems, the government is taking up this move. Industry disruption: The fintech industry, which used technology to streamline processes like credit underwriting, data gathering, and similar services, is finding many such avenues getting shut. Recently, the National Payments Corporation of India (NPCI) asked banks to shut down any unauthorized access to the UPI database.

Cyber Attack Warning As Hackers Use AI And Gmail In New Campaign

Unlike the deepfake AI-generated cyber attack that so nearly compromised a Gmail account user by impersonating Google support, the newly uncovered CopyRh(right) adamant campaign is simultaneously more sophisticated and a lot simpler. Let’s deal with that overly complicated name first: this cyber attack, described as a large-scale phishing campaign by Check Point Software researchers, uses a newly discovered variant of the Rhadamanthys information stealer malware. The attack also uses a false premise of the victim being responsible for copyright infringement violations. The conflation of these two things giving us that awful, pun-laden, CopyRh(right)adamantly label. The Check Point team has been tracking multiple threat actors utilizing Rhadamanthys information stealer malware, including an Iranian group operating in Israel called Void Manticore and Handala, a hacktivist group linked to it. A new large-scale phishing operation targeting both individuals and organizations. Rather than a political or nation-state agenda, the Check Point analysis suggests the motivation is purely financial and carried out by a criminal cybercrime operative. Gmail and AI at the Heart of New Cyber Attack The Check Point report reveals that the cyber attackers in question are using dedicated Gmail accounts, created solely to distribute emails that impersonate legitimate organizations to claim copyright violations on social media accounts, primarily Facebook. “Using falsified Gmail accounts sending emails from these well-known companies,” Check Point said, “the email addresses and language are customized per each target to inform the victim of their supposed copywriting violation.” It should come as no surprise that AI capabilities have been leveraged as part of this new cyber-attack campaign. However, according to the researchers, these capabilities are limited to older optical character recognition models which are using AI automation “to create customized emails and multiple Gmail accounts per target.” Sergey Shykevich, threat intelligence group manager at Check Point Software, said that the discovery of the CopyRh(right)”Adamantys”cyber-attack campaign reveals not only the evolving sophistication of cyber threats but also “highlights how cybercriminals are leveraging AI for marketing purposes and use automation to enhance their reach and operational scale. For security leaders.” As such, Shykevich concluded, “it’s a wake-up call to prioritize automation and AI in defense strategies to counteract these globally scaled, financially motivated phishing campaigns.”

Cyber criminals make fake WhatsApp accounts of Goa minister, another MLA

Several top Goa politicians including ministers were attacked by cyber fraudsters with fake WhatsApp accounts created in their names. Police complaints have been lodged at multiple police stations related to the attempt at defrauding the politicians which are under investigation at Vasco and Porvorim. Three ministers — Ravi Naik, Mauvin Godinho and Rohan Khaunte — were among the politicians targeted and all three have filed complaints. Among the MLAs Jeet Arolkar, Nilesh Cabral and Premendra Shet were targeted by the fraudsters. Some of the targeted politicians have issued public notices through social media warning their acquaintances and karyakartas about conmen seeking money through their fake WhatsApp profiles. Tourism Minister Rohan Khaunte filed a complaint at the Porvorim police station against an unknown person for impersonating him and using his name and photo on WhatsApp to send messages to people to trick them. In his complaint, Khaunte stated that on Thursday at about 2.50 pm, he was informed by his staff that an unknown person had sent him a WhatsApp text pretending to be Rohan Khaunte using his name and picture. Khaunte said he then immediately instructed his staff to check the contact number and other corresponding credentials of the said person. It was noticed that the unknown person had created a business account under his name and had used a photo which was uploaded on the website of the Goa Legislative Assembly, to make the WhatsApp contact look authentic. Khaunte then lodged a complaint against the miscreant for impersonating him and using his name and reputation to send messages to people under Section 319, 204 and 205 of the Bharatiya Nyaya Sanhita (BNS), Section 66D & 66D of IT Act, 2000 and Representation of the People Act, 1951. The minister requested the Porvorim police to register a First Information Report as the incident clearly discloses commission of a serious crime. He has also demanded an immediate investigation by police. In Vasco, a complaint was filed against an unknown person for allegedly creating a fake WhatsApp account in the name of Transport Minister Mauvin Godinho, in a fraudulent attempt to solicit money. Condemning the fraudulent activities, Godinho said, “It has come to my attention that a false message has been circulated in my name and image on WhatsApp, requesting money through an Amazon Pay e-gift card. This message is fraudulent, and I strongly condemn such malicious activities.” The minister confirmed that an official complaint has been lodged with the police, and an investigation is underway. He also appealed to the public to exercise caution when encountering suspicious requests. “I urge everyone to remain vigilant and not engage with any suspicious requests. Thank you for your cooperation and support,” Godinho added. The incident has raised concerns about online scams targeting public figures and unsuspecting individuals. Police are investigating the case.

84-year-old cyber fraud victim gets Rs 53 lakh refund in Hyderabad

Hyderabad police have helped in refunding Rs 53 lakh to an octogenarian, who lost Rs 2.88 crore to cyber fraudsters. The victim, who was cheated by cyber fraudsters on the pretext of wrongdoing, received the amount on the court’s order. City Cybercrime Police had taken up the investigation after a complaint from an 84-year-old man from Hyderabad. According to Hyderabad Police Commissioner CV Anand, the fraudsters contacted the complainant through a WhatsApp video call, posing as CBI officials. They claimed that he was involved in Rs 68 crore financial fraud and threatened to send him to jail. Frightened over this, the victim on the instructions of fraudsters transferred Rs 2.88 crore to the bank accounts given by them. The Cyber Crime Police registered a case under Sections 66(C), 66(D) of the IT Act, and 308(2), 318(4), 319(2), 336(3), 338, 340(2) of BNS, and investigated the case. The police officials sent notices to the bank officials, followed up with them to freeze the fraudulent amount, and guided the complainant to file a petition in court for the refund of the amount held in the fraudulent accounts to the complainant’s bank account. The Police Commissioner said due to the sincere efforts of staff, the court issued orders to the banks for a refund of the amount. The court directed Axis Bank, Surat to refund Rs 53 lakh and State Bank of India Kerala to refund Rs 50 lakh. On regular follow-up with the bank officials, Rs 53 lakh was transferred today to the complainant’s account, the Police Commissioner said. He cautioned people not to be afraid of threatening calls that they will be arrested. Police will not make such calls and people have to keep in mind that it is only fraudsters who make such calls. Never send money to such fraudsters, block such calls, and lodge an online complaint immediately on the helpline number 1930 or through the National Cybercrime Reporting Portal cybercrime.gov.in, he urged people. People have been requested to follow Hyderabad Cyber Crime Police Station’s social media handles regularly to get time-to-time awareness about such cyber frauds. There is a possibility to get a refund of at least part of the lost amount and a ‘put on hold’ amount, if the fraud is reported immediately.

Union Minister Scindia Launches Call Prevention System to Shield Indians from Cyber Criminals

Another step by Department of Telecom (DoT) to protect Citizens from cyber frauds The system identifies and blocks the incoming international calls posing as Indian phone numbers System identified and blocked about 1.35 crore calls as spoofed calls in last 24 hrs, which are 90 % of all the incoming international calls Shri Jyotiraditya M. Scindia, Minister of Communications and Development of North Eastern Region today launched ‘International Incoming Spoofed Calls Prevention System’, in the presence of Minister of State for Communications & Rural Development Dr Pemmasani Chandra Sekhar. The launch ceremony was attended by Secretary Telecom and other senior officers. This is another milestone of DoT’s efforts towards building a safe digital space and protecting citizens from cyber-crime. Of late, cyber criminals have been committing cyber-crimes by making international spoofed calls displaying Indian mobile numbers (+91-xxxxxxxxx). These calls appear to be originating within India but are actually being made from abroad by manipulating the calling line identity (CLI) or commonly known as phone number. These spoofed calls have been used for financial scams, impersonating government officials, and creating panic. There have also been cases of cyber-crime threatening disconnection of mobile numbers by DoT/TRAI officials, fake digital arrests, drugs/narcotics in courier, impersonation as police officials, arrest in sex racket etc. Department of Communications (DoT) and Telecom Service (TSPs) have collaborated and devised a system to identify and block such incoming international spoofed calls from reaching the Indian telecom subscribers. The system was made operational and it has been observed that within 24 hours of operation of the system, about 1.35 crore or 90% from all the incoming international calls with Indian phone numbers were identified as spoofed calls and blocked by TSPs from reaching Indian telecom subscribers. Indian telecom subscribers should see a significant reduction in such spoofed calls with +91-xxxxxxx numbers with implementation of this system. Despite such best efforts, there could be cases where fraudsters succeed through other means. For such calls, you can help by reporting such suspected fraud communications at Chakshu facility on Sanchar Saathi (www.sancharsaasthi, gov.in). The DoT remains committed to proactively combating cybercrime. For those who have already lost money or been victims of cybercrime, please report the incident at the cybercrime helpline number 1930 or website https://www.cybercrime.gov.in

Author: thecybershark