Achive.php cyber news - The Cyber Shark
Contributor

cyber news

Cyber security becomes a Business Imperative: Boards Prioritize Cyber Risk Management amid Rising Threats

Untitled design (2)

Cyber security is now seen as a core business function rather than just an IT task.Cyber security is no longer just an IT problem; it’s a critical part of managing risk across the entire business. Business leaders are increasingly aware of this, especially as cyber risks have multiplied since the pandemic. Interestingly, the percentage of large companies with a cyber-security expert on their board rose from 7 percent in 2013 to 28 percent in 2020. This number is expected to grow, as research predicts that by 2025, 40 percent of boards will have a dedicated cyber security committee led by a qualified member, as per Deloitte’s latest Global Future of Cyber Survey. Cyber security is now seen as a core business function rather than just an IT task. The survey highlights that cyber security is now a “business-critical imperative—57 percent of companies plan to increase their cyber security budgets in the next one to two years, while 58 percent are working to align their cyber security spending with IT, digital transformation, and cloud initiatives. This shift towards a more integrated approach shows that businesses understand strong cyber security is vital to staying resilient in an unpredictable digital landscape. Despite this progress, many organizations still have work to do. Only 52 percent of executives feel highly confident in their board and C-suite’s ability to handle cybersecurity challenges, and among cybersecurity-focused executives, confidence drops to just 34 percent. Even in companies with high cyber maturity, frequent breaches are common, but these firms are often better prepared to manage disruptions and maintain business continuity. “It’s really about getting the basics right and maturing them and being excellent at them, every day, consistently. Things like foundational controls, asset management, and vulnerability management. You need to excel there, almost mindlessly. They just have to happen,” said CISO, Life Sciences and Healthcare Organization As technology advances, more companies are using AI in cyber security, with 39 percent already incorporating it into their programs. On average, companies dedicate USD 39 million of their annual IT budgets to cyber security, a number expected to rise by about 3 percent over the next two years.

The Indian government has frozen approximately 4.5 lakh “mule” bank accounts over the past year.

Untitled design (6)

The Indian government has frozen approximately 4.5 lakh “mule” bank accounts over the past year. These accounts, often opened using stolen identities, are primarily used to launder the proceeds of cyber fraud. State Bank of India, Punjab National Bank, Canara Bank, Kotak Mahindra Bank, and Airtel Payments Bank were found to have the highest number of such accounts. The Indian Cyber Crime Coordination Centre (I4C) recently informed the Prime Minister’s Office (PMO) about this alarming trend. They highlighted the evolving tactics of cybercriminals, who are increasingly resorting to cheque withdrawals, ATM transactions, and digital transfers to siphon funds from these “mule” accounts. The I4C’s analysis, based on data from the Citizen Financial Cyber Frauds Reporting and Management System, revealed a disturbing pattern. Approximately 40,000 suspicious accounts were linked to SBI, 10,000 to PNB, 7,000 to Canara Bank, 6,000 to Kotak Mahindra Bank, and 5,000 to Airtel Payments Bank. Since January 2023, the National Cybercrime Reporting Portal has registered nearly 1 lakh cyber complaints, with estimated losses exceeding Rs 17,000 crore. To address this growing threat, the government’s high-level inter-ministerial panel has identified vulnerabilities in the banking system and directed state and union territory police forces to proactively investigate and take action against “mule” account holders. Bank managers and officials involved in opening such accounts are also under scrutiny. The Reserve Bank of India and the Department of Financial Services have been instructed to implement necessary measures to strengthen security protocols and prevent future incidents. Airtel Payments Bank, in response to these concerns, emphasized its commitment to digital financial inclusion while maintaining robust security measures. The bank highlighted its real-time API integration with the I4C suspect registry, advanced AI/ML models for fraud detection, and innovative customer verification processes like Face Match to mitigate risks associated with “mule” accounts.

Tamil Nadu Cyber Crime Wing Warns of Online Firecracker Sale Scams Ahead of Diwali

Untitled design (14)

  As the festive season approaches, the Tamil Nadu Cyber Crime Wing has warned the public about a surge in online firecracker sale scams. According to the police, scammers are targeting buyers by exploiting Diwali enthusiasm, with 17 complaints reported between September and October through the National Cyber Crime Reporting Portal. The cybercrime police explained that scammers are using social media platforms to post attractive advertisements offering significant discounts on firecrackers. Victims, eager to capitalise on these deals, contact the fraudsters via WhatsApp or phone calls. Scammers then share links to fake websites, such as www.kannancrackers.in and www.sunrisecrackers.com, designed to appear legitimate but intended to steal money. “These sites often display genuine-looking product catalogues, prices, and payment options,” said the police. “Once payment is made, the victims never receive their ordered products, and the scammers vanish with the money.” The public is also at risk of having their personal and financial information compromised. In response, the police have issued an advisory urging people to verify the authenticity of online sellers, ensuring they have legitimate physical addresses and contact information before making any payments. The advisory also warns against ads that promote unrealistic deals, unusually low prices, or limited-time offers. To stay safe, the public is advised to purchase firecrackers from well-known brands, official websites, or established e-commerce platforms. Additionally, the police have encouraged users to report suspicious ads on social media platforms like Facebook, Instagram, and YouTube to prevent others from falling victim to these scams. Victims of such cyber fraud, or those observing suspicious activities, can report incidents through the helpline number 1930 or via the National Cyber Crime Reporting Portal at www.cybercrime.gov.in.

CERT-In and Master Card India sign MoU for collaboration in cyber security to enhance India’s cyber-resilience in Financial Sector

Untitled design (19)

Two entities will leverage their shared expertise to strengthen financial sector cyber security incident response Indian Computer Emergency Response Team (CERT-In) is a Government organization under the Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In has joined hands with Master Card to promote cooperation and information sharing in the area of Cyber security related to the financial sector. The two entities have signed a Memorandum of Understanding (MoU) under which they will leverage their shared expertise with regards to financial sector in the fields of cyber security incident response, capacity building, sharing cyber threat intelligence specific to financial sector and advanced malware analysis. As part of the mutual understanding, Master Card and CERT-In will hold training programs and workshops  for cyber capacity building, latest market trends and best practices to enhance cyber security of financial sector organizations. The two entities will also share relevant cyber threat trends, technical information, threat intelligence, and vulnerability reports to strengthen the financial sector information security of India. “Cyber security is the need of the hour and Prime Minister Shri Narendra Modi government is committed to ensuring that people on digital platforms are secure, as this warfare is not on the ground but in cyberspace. I am confident that this is an important milestone that will benefit not only both entities but also the public at large,” said Shri Jitin Prasada, Minister of State in the Ministry of Commerce & industry; and Electronics and Information Technology. “Master Card’s comprehensive approach to security gives its partners and customers deeper visibility into cyber risk and greater adaptability and resilience, protecting their systems through the latest AI technology. The company is delighted to collaborate with CERT-In to fortify India’s financial digital ecosystem, which has powered unprecedented growth in the country,” said Shri Gautam Aggarwal, Division President, South Asia at Master Card. About CERT-In: www.cert-in.org.in The Indian Computer Emergency Response Team (CERT-In) is a Government organization under Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In operates 24×7 incident response Help Desk for providing timely response to reported cyber security incidents. CERT-In provides Incident Prevention and Response services as well as Security Quality Management Services. About Master Card (NYSE: MA) Master Card is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Cybercriminals Exploiting Docker API Servers for SRB Miner Crypto Mining Attacks

Untitled design (20)

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. “In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical report published today. “The attacker first checked the availability and version of the Docker API, then proceeds with requests for gRPC/h2c upgrades and gRPC methods to manipulate Docker functionalities.” It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption). The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding. Once the server processes the connection upgrade request, a “/moby.buildkit.v1.Control/Solve” gRPC request is sent to create a container and then use it to mine the XRP crypto currency using the SRBMiner payload hosted on GitHub. It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption). The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding. Once the server processes the connection upgrade request, a “/moby.buildkit.v1.Control/Solve” gRPC request is sent to create a container and then use it to mine the XRP crypto currency using the SRBMiner payload hosted on GitHub. The shell script, besides checking and terminating duplicate instances of itself, creates a bash script that, in turn, contains another Base64-encoded payload responsible for downloading a malicious binary that masquerades as a PHP file (“avatar.php”) and delivers a payload named httpd, echoing a report from Aqua earlier this month. Users are recommended to secure Docker remote API servers by implementing strong access controls and authentication mechanisms to prevent unauthorized access, monitor them for any unusual activities, and implement container security best practices.