Achive.php Cyber-attacks - The Cyber Shark

Cyber-attacks on India continue even after the understanding with Pakistan: Cyber officials

Cyber-attacks

Cyber-attacks on Indian government sites persist despite de-escalation with Pakistan, with threats emerging from Bangladesh, the Middle East, and beyond. Maharashtra Cyber has intensified efforts against cyber fraud, misinformation, and cyber slavery, saving ₹600 crore since 2019. Maharashtra On May 26, cyber officials said that even after India and Pakistan, hackers from Bangladesh, the Middle East, and the surrounding nations are still attacking Indian government websites, agreed to halt military hostilities. According to officials, just 150 out of the 1.5 crore cyberattacks that were launched after the April 22 terror attack in Pahalgam were successful. A top officer from the Maharashtra Cyber Department denied claims to reporters that hackers had stolen information from Mumbai’s Chhatrapati Shivaji Maharaj International Airport, targeted the Election Commission website, and hacked aviation and municipal systems. Investigating cybercrime and upholding security are the responsibilities of Maharashtra Cyber, a central organisation under the Maharashtra government. “The analysis discovered that when India-Pakistan hostilities ceased, cyberattacks on Indian government websites decreased, though they did not entirely stop. Pakistan, Bangladesh, Indonesia, Morocco, and other Middle Eastern nations are still launching these attacks,” the person stated. According to him, 38 out of 83 fake news items have been removed by Maharashtra Cyber, which has started a focused effort against false information on social media. Under the “Nation First Fact First” campaign, the cyber department will combat false information about the Indian government and military, the official continued. Specialised helplines were established to educate the public about online fraud. To get emergency assistance, citizens can ring 1930 or 1945. The official stated that approximately 100 phone lines are operational at the same time and that analysts contact the caller after receiving the distress call. He stated that both the 1930 and 1945 numbers receive 7,000 calls per day. Since 2019, cyber officials have prevented cyber fraud by taking prompt action against cybercriminals, saving Rs 600 crore. “In the last six months, Rs 200 crore has been saved”. According to authorities, a 39-year-old CA student was detained in Indore for reportedly using seven profiles on X to disparage Hindu deities. Since 2021, the accused has reportedly insulted Hindu deities. BJP MP Medha Kulkarni brought this matter to the attention of Chief Minister Devendra Fadnavis. According to the official, Maharashtra Cyber has rescued six young people from Maharashtra who were ensnared in cyberslavery in Laos. If the confined teenagers refused to commit cybercrimes, they were tormented by being shocked with electricity and having their nails pulled out. According to him, Maharashtra Cyber has learned that 29 Indians are ensnared in cyberslavery in the Southeast Asian nation.

Chinese Hackers Double Cyber-Attacks on Taiwan

cyber-attacks

Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most of which were attributed to Chinese state-backed hackers. This represents double the daily average from 2023 which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” the Bureau warned. The report also highlighted a substantial rise in People’s Republic of China (PRC) cyber-attacks targeting critical industries in Taiwan. These include telecommunications (650% increase), transportation (70%), and defined supply chain (57%). Security researchers have also observed significant Chinese cyber-attack activity in Taiwan over recent years amid rising geopolitical tensions around the Island territory’s self-governing status. How Chinese Hackers Target Taiwan The report highlighted a range of techniques employed by People’s Republic of China (PRC) hackers and noted that attacks against Taiwanese government agencies are typically designed to steal confidential data. The Bureau said the People’s Republic of China (PRC) hackers often exploit vulnerabilities in Netcom devices and utilize evasion techniques such as living off the land. Social engineering techniques have also been deployed which target the emails of Taiwanese civil servants for espionage purposes. China uses a range of tactics to infiltrate and compromise Taiwan’s critical infrastructure systems, such as highways and ports, to disrupt the Island’s transportation and logistics. Other cyber-attack tactics include phishing attacks, compromise of zero-day vulnerabilities, and use of Trojans and backdoors. Additionally, DDoS attacks are used to “harass” and “intimidate” Taiwan when carried out in the Island’s transportation and financial sectors. At the same time, China conducts military drills in the area, the Bureau noted. Other commonly observed Chinese attacks against Taiwanese targets include: Ransomware and other cybercrime techniques against manufacturing companies Theft of information about patented technologies developed by start-ups Stealing personal data of Taiwanese nationals and selling that information on the dark web The Bureau said the hack and leak of Taiwanese citizens’ data helps generate profits and are also designed to undermine the credibility of the Taiwanese government. “China has continued to intensify its cyber-attacks against Taiwan. By applying diverse hacking techniques, China has conducted reconnaissance, set cyber-attack ambushes, and stolen data through hacking operations targeting Taiwan’s government, critical infrastructure, and key private enterprises,” the Bureau wrote. The report also highlighted the success of Taiwan’s joint security defines a mechanism for ensuring that threat information is shared in real-time among intelligence sources and government agencies.

How to Protect Yourself Social Engineering Cyber Fraud

cyber fraud

The biggest weakness for cyber fraud in cybersecurity strategy is humans, and social engineering takes advantage of a targeted user’s inability to detect an attack. In a social engineering threat, an attacker uses human emotion (usually fear and urgency) to trick the target into acting, such as sending the attacker money, divulging sensitive customer information, or disclosing authentication credentials. What is Social Engineering? Social engineering is the technique where unscrupulous actors manipulate, deceive, or influence an individual into divulging confidential information like personal or financial information. These include bank account information, passwords, transaction history, social security numbers, etc. These techniques can also manipulate individuals into performing specific actions that “help” the fraudster. For example, if someone tells you to download a particular app or software or share an OTP you received. Social engineering, by itself, isn’t an attack. It is the art of using psychological tactics to build trust and then using that information to commit crimes like theft, money laundering, account takeovers, remote takeovers, etc. The Global Impact of Social Engineering Social engineering has become a key element in the landscape of cyber fraud. It has become the primary technique behind many attacks targeting individuals, businesses, and government organizations. A report by the Association of Certified Fraud Examiners (ACFE) revealed that businesses lose up to 5% of their revenue every year due to fraud, and a significant portion of these frauds can be attributed to social engineering tactics. In India alone, the Reserve Bank of India (RBI) reported an alarming increase in fraud, with digital frauds rising by over 700% in recent years. Social engineering is not limited to the financial sector, although that is where the majority of its consequences are felt. Cyber-attacks based on social engineering techniques have far-reaching consequences: In India, bank frauds increased by nearly 300% over the last two years, with a major surge in digital frauds. A LexisNexis survey found that digital channels were responsible for 52% of overall fraud losses across the EMEA region. Social engineering attacks affect both businesses and individuals. Not only do victims suffer financial losses, but they also face emotional distress, feelings of guilt, and a lack of trust. Victims often hold themselves accountable, particularly in lower-income households, where such attacks can have a devastating impact on family dynamics. For businesses, the consequences go beyond financial losses; the erosion of consumer trust and the potential for high customer churn are significant challenges. For instance, the LexisNexis survey highlighted that 96% of companies in the Middle East reported a drop in customer conversion rates after incidents of fraud. Social Engineering Examples Social engineering attacks can take many forms, targeting both individuals and organizations: On an Individual Level: A retired Indian Administrative Service (IAS) officer fell victim to a scam where he was tricked into investing in a fake forex trading scheme. He ended up losing nearly Rs. 1.89 crore to the cyber fraud. On a Corporate Level: The CEO of OCBC Bank, Helen Wong, described how her company battled against sophisticated phishing attacks, resulting in fraudulent transfers amounting to millions of dollars. National Security Level: Russian hacking groups have reportedly targeted Ukraine with multiple spear-phishing campaigns aimed at disrupting national security. The ripple effect of social engineering is significant. Victims may unwittingly become money mules, transferring illicit funds to further criminal activities. The emotional toll, combined with the financial impact, can be long-lasting. Common Social Engineering Tactics Fraudsters employ a variety of social engineering tactics to manipulate their victims for cyber fraud. Some of the most common methods include: 1. Phishing Phishing is one of the most prevalent social engineering techniques. Fraudsters send fraudulent emails that appear to be from legitimate sources. These cyber fraud emails often contain malicious links designed to: Direct victims to fake websites to steal login credentials. Download malware onto the victim’s device, leading to account takeovers. Phishing is not limited to emails; it also manifests in other forms, such as smishing (SMS phishing) and vishing (voice phishing). In India, where literacy and email usage are lower, vishing is particularly dangerous. 2. Whaling Whaling is a form of phishing that specifically targets high-profile individuals, such as CEOs or other executives. The emails are often meticulously crafted to appear as if they come from trusted sources within the company. The goal is to steal sensitive information or request financial transfers. 3. CEO Scam This cyber fraud involves fraudsters impersonating high-level executives of a company, often through email or text messages. Employees of the targeted company may be tricked into following directives from the supposed CEO, such as transferring funds or sharing sensitive data, under the belief that the request is legitimate. 4. Baiting Baiting involves offering something enticing, like free software, services, or rewards, to lure the victim into a trap. The “bait” might include malicious files, which when opened, compromise the victim’s device. Physical baiting involves leaving infected USB drives in public places, hoping someone will pick them up and plug them into a device, unwittingly exposing themselves to cyber fraud threats. 5. Quid Pro Quo This tactic involves offering a service or benefit in exchange for personal or confidential information. For example, attackers may pose as IT support personnel, offering to help resolve technical issues in exchange for login credentials or other sensitive data. 6. Pretexting Pretexting involves creating a fabricated scenario to persuade the victim to share confidential information. This can involve impersonating trusted figures like police officers, bank officials, or colleagues. Over time, attackers build trust with the victim before executing their fraudulent schemes. Who are the Most Likely Targets of Social Engineering? While anyone can fall victim to social engineering attacks, certain groups are more vulnerable: The Elderly: Older adults are often less familiar with digital technologies , cyber fraud and cybersecurity practices, making them more susceptible to fraud. Common scams targeting seniors include fake government agent impersonations and investment scams. Young Adults and Teenagers: While they may be more tech-savvy, younger individuals often lack experience and may fail to