Achive.php cyber security Archives - Page 7 of 7 - The Cyber Shark
Contributor

cyber security

Cyber Fraud: UP Police shares must-watch video ahead of Mahakumbh

Mahakumbh

Ahead of the Mahakumbh Mela, which is scheduled to begin on January 13, the Uttar Pradesh Police released an awareness video on its social media account on 05/01/2025, urging people to stay cautious of cyber fraud related to any kind of online booking for the Mahakumbh. Mahakumbh Mela The Mahakumbh in Sangam Nagari Prayagraj is likely to be attended by 40 crore people. In light of the rising incidents of cyber fraud in recent times, this video has been created to create awareness among people about digital fraud. The Video’s Message: The short film portrays the experience of a family who falls victim to cyber fraud while booking a hotel online. Tempted by attractive offers, the family makes a booking through a fake website. However, upon reaching the given location in Prayagraj, they find an empty plot instead of the promised hotel. In another instance, the family scans a QR code displayed on the street to book a stay, but instead of securing their booking, their money gets deducted fraudulently. Towards the end, Bollywood actor Sanjay Mishra appears in the video, cautioning people about such scams and advising them to avoid fake links and websites. Safety Advice: Sanjay Mishra urges devotees to use the official Maha Kumbh website Kumbh.gov.in to check the list of verified accommodations and make bookings. The video has been shared across all social media platforms of the Uttar Pradesh Police. Additionally, a link to the list of available accommodations in Prayagraj has been provided to assist devotees in making safe and informed decisions. Important Information for Devotees: Devotees planning to visit Prayagraj during the Maha Kumbh 2025 are encouraged to use the verified list or official website for their bookings. This initiative by the Uttar Pradesh Police aims to safeguard devotees from cyber fraud while ensuring a secure and smooth pilgrimage experience during the Maha Kumbh 2025.

Beware of online sextortion: boys and girls

online sextortion

Online Sextortion occurs when a fraudster threatens to circulate your private and sensitive material online if you do not provide images of a sexual nature, sexual favors, or money. The perpetrator may also threaten to harm your friends or relatives by using information they have obtained from electronic devices unless you comply with their demands. Sextortion is a form of Online Sextortion abuse, wherein the cybercriminal makes use of various channels like instant messaging apps, SMS, online dating apps, Online Sextortion media platforms, porn sites, etc., to lure the users into intimate video/audio chats and makes them pose nude or obtains revealing pictures from them. The fraudsters later make use of this material to harass, embarrass, threaten, exploit, and blackmail the victims. Dangers Abuse and Exploitation Harassment Blackmail Threats of public humiliation Mental distress Modus Operandi The fraudsters try to lure the users into sharing intimate content in different ways posting messages for video/audio chat using fake accounts/profiles creating pages/ad campaigns The users get victimized when they pay for such services and pose nude or in a compromising position in video calls accepts or sends friend requests to the fake account/profile and is involved in intimate interaction posing nude in video chats, sending revealing pictures, etc., The fraudster records video/ takes screenshots/ takes pictures/makes use of revealing pictures/morphs the pictures sent The fraudster starts blackmailing the victim leading to sextortion. The users of porn sites may also fall prey to sextortion when their chats/video calls on porn sites are used for blackmail by fraudsters. Channels used for trapping the victims into sextortion The fraudsters resort to sextortion following the modus operandi given above using various channels like – Messaging apps Dating apps Online Sextortion media platforms Porn sites etc., Warning signs indicate attempts of sextortion by cybercriminals Repeated untoward messages/video calls from unknown number/s Repeated friend requests from an unknown person Repeated requests for private intimate pictures, video chats, photos Manipulating or redirecting the conversation toward intimate topics Rush through the things and try to develop intimacy Warning signs that may indicate victimization Signs of fear, nervousness, anxiety, depression Isolating self and being very reactive & emotional Feeling desperate and frustrated Having suicidal thoughts and self-harming behavior. Safety tips to protect yourself against online sextortion Never share any compromising images, posts, or videos of yourself with anyone, no matter who they are Remember that the internet never forgets or forgives. If you have shared something once, it will remain present on the Net forever, in one form or the other. Never accept or request friendship from unknown people on social media platforms. Enable privacy and security features on your Online Sextortion media accounts and instant messaging apps. Use the “Report User” option on Online Sextortion media platforms to report any such Do not share your personal/private pictures publicly. Turn off your electronic devices and web cameras when you are not using them. Use two-factor authentication with strong passwords and different passwords for different social media accounts. During an Online Sextortion interaction or chat, if the person on the other side is trying to rush through things and develop intimacy, then it is cause for alarm. Never allow anyone, however close to capture any private part or intimate activity with any device. Such data can be misused at a later stage. Do not accept video calls or open attachments from people you do not know. Save the evidence and the screenshots for referring to the incident later. Do not suffer in silence, know that you are not alone, and reach out and seek help from trusted family and friends. File a complaint against sextortion Online Sextortion or at your nearest cybercrime cell. Remember that you can also anonymously file an Online Sextortion complaint against such an offense on the national cybercrime reporting portal cybercrime.gov.in. Avoid clicking intimate/nude/semi-nude photos/videos on your phone, which if leaked could cause embarrassment. Several rouge mobile apps could access your gallery/storage and can be used to blackmail you. Don’t hesitate to file a complaint or contact the police due to shame, embarrassment, and self-blame. Know what the Law Says about this offense? It is a punishable offense by law and attracts sections 354 (D), 506 / 507, 509 IPC, and 384 IPC, and Sec.67 of the IT Act is also applicable. Offenders in such crimes usually thrive on the victim’s silence and lack of clarity in the law. Hence, everyone needs to be aware of the codes and sections that will help them in such cases. Section 108(1)(i)(a) of the Criminal Procedure Code empowers the victim to call the magistrate of her locality and inform him/her about the person whom she believes could circulate any obscene matter. The magistrate has the power to detain such person(s) and can order him to sign a bond to stop him from circulating the material. This might deter the accused. This is a quick remedial section because the victim can complain to the magistrate without any direct evidence against the accused. Section 292 of the Indian Penal Code (IPC) incriminates any person who distributes or threatens to disperse any intimate and compromising images of someone through any electronic means, including apps and other social media. If a picture of the woman is clicked obscenely without her knowledge and is distributed, a voyeurism case under Section 354C of the IPC can also be filed along with the aid of other relevant sections from the Information Technology Act.

10 the Top News Stories and Cybersecurity of 2024

Cybersecurity

The ransomware juggernaut rolled inexorably in 2024, yet again, leaving more devastated Cybersecurity in its wake. This year, the UK’s NHS found itself at the receiving end of some particularly nasty attacks, but there were other high-profile victims as well. Meanwhile, state-backed cyber intrusions from China and Russia continued apace, driven by global geopolitical uncertainty. Many long-running Cybersecurity espionage campaigns were exposed. But if 2024 proved one thing only, it was that shining a light on the cyber underworld is working. The British are coming for the bad guys, as new attributions from the National Cybersecurity Centre (NCSC), takedowns led by the National Crime Agency (NCA), and proposed legislation highlighting ransomware threats to critical sectors is proving. If 2024 is remembered for anything in the cyber community, it may just be the year in which the good guys took the gloves off and fought back properly. Here are Computer Weekly’s Top 10 Cyber Crime stories of 2024. British Library ransomware attack could cost up to £7m The effects of the British Library ransomware attack at the end of 2023 continued to be felt into 2024 as the venerable institution continued to struggle to bring its crippled systems back online. In January 2024, it emerged that the scale of the ransomware attack was so immense and its effects so devastating, that it could end up costing the British Library up to £7m, dwarfing the £650,000 ransom demand. Later in the year, in a remarkable display of transparency, the British Library’s leadership published a detailed breakdown of their experience at the hands of the Rhysida ransomware crew, to help others learn and understand. SolarWinds hackers attack Microsoft in apparent recon mission Also in January, Cosy Bear, the Russia-backed hacking outfit behind the SolarWinds Sunburst incident, was back in action, breaking into Microsoft’s systems with a brute force, password spraying attack and from there accessing corporate accounts belonging to leadership and Cybersecurity employees. Microsoft is one of some suppliers that finds itself at the receiving end of such intrusions, thanks in part to its global reach and scale, and its in-depth relationships with Western governments, and has faced tough questions over its Cybersecurity posture in recent years as a result. Lock Bit locked out in NCA-led takedown One of the biggest stories of the year unfolded dramatically on a dull February day when the infamous Lock Bit ransomware gang was taken down and its infrastructure hacked and compromised in Operation Cronos, led by the UK’s National Crime Agency (NCA). In the immediate aftermath of the takedown, Computer Weekly took the temperature of the Cybersecurity community, finding upbeat sentiment, but also tempered by the knowledge that one swallow does not make a summer. Throughout the year, the NCA has been sharing a trove of information it gathered during the exercise, as well as taking time to mock and troll Lock Bit’s leader since named as Dmitry Khoroshev, who at one time boasted of his luxury lifestyle as he toyed with law enforcement. Mandiant formally pins Sandworm cyber-attacks on APT44 group In April, threat intel leaders Mandiant formally “upgraded” the malicious activity cluster known as Sandworm to a full-blown, standalone advanced persistent threat (APT) actor to be tracked as APT44 – other companies have different taxonomies, Mandiant’s is alphanumeric. APT44 is run out of Russia’s Main Intelligence Directorate (GRU) within Unit 74455 of the Main Centre for Special Technologies (GTsST) and is described as one of the most brazen threat actors around. Although it confines its activities to those in service of the Russian state rather than financially motivated criminality, the links between cybercrime and cyber espionage continued to blur during 2024, with some nation-state APTs even acting as initial access brokers (IABs) for ransomware gangs. NHS services at major London hospitals disrupted by cyber attack In early June, a major cyber-attack on Synovia, a pathology lab services provider that works with Guys and St Thomas’ and King’s College hospitals in London, as well as other NHS sites in the nation’s capital, was laid low by a Qulin ransomware attack. This intrusion resulted in a major incident being declared in the NHS, with patient appointments and surgeries cancelled, and blood supplies running dangerously low. The ramifications of this truly callous cyber-attack are still being felt six months on. UK Cyber Bill teases mandatory ransomware reporting All eyes were on Westminster in July for the first King’s Speech held under a Labour government in over a decade , and for the Cybersecurity community, there was plenty to pick over as Keir Starmer’s administration proposed implementing compulsory cyber incident reporting – including ransomware – for operators of critical national infrastructure (CNI), in a new Cybersecurity and Resilience Bill. According to the government for Cybersecurity , the law will expand the remit of existing regulation give regulators a more solid footing when it comes to protecting digital services and supply chains, and improve reporting requirements to help build a better picture of Cybersecurity . The Bill will likely be introduced to Parliament in 2025. NCSC and allies call out Russia’s Unit 29155 over cyber-warfare In September, the UK and its Five Eyes allies joined forces with the European Union (EU) and Ukrainian cyber authorities to highlight a dastardly campaign of cyber espionage conducted by Unit 29155, another Russian APT. Unit 29155 targets victims to collect information for espionage purposes, sabotages websites and daily operational capabilities and tries to cause reputational damages by selectively leaking important data. It has conducted thousands of exercises across NATO and the EU with a notable focus on CNI, government, financial services, transport, energy, and healthcare. It is also particularly notable for its involvement in the Whisper Gate campaign of destructive malware attacks against Cybersecurity to Ukraine in advance of the 2022 invasion. Money transfer firm MoneyGram rushes to contain cyber attack US-based financial services and money transfer outfit MoneyGram was another high-profile cyber attack victim to emerge in 2024, with its systems taken down in an apparent ransomware attack in September 2024.

WhatsApp, the biggest social media platform misused by cyber criminals in India

cyber criminals

14,746 complaints file for cyber criminals were related to WhatsApp, 7,651 against Telegram, 7,152 against Instagram, 7,051 against Facebook, and 1,135 against YouTube till March 2024, says MHA report WhatsApp remains the biggest social media platform that is possibly misused by cyber criminals in India, according to the latest annual report of the Union Home Ministry. The data published in the report on “cybercrime complaints where Big Tech platforms have been misused” shows that 14,746 complaints were related to WhatsApp, 7,651 against Telegram, 7,152 against Instagram, 7,051 against Facebook, and 1,135 against YouTube till March 2024. “Big techs play an important role in proactive identification and action on cyber criminals. I4C has partnered with Google and Facebook for sharing intelligence and signals for proactive actions,” the report said. National Cybercrime Threat Analytical Unit (NCTAU) of I4C analyses the complaints reported on the portal and prepares analysis reports on the latest trends of cybercrime and misuse of services provided by service providers, it said. “These reports are shared with all the concerned stakeholders, i.e., banks, wallets, merchants, payments aggregators, payment gateways, e-commerce, and other departments to take preventive measures and mitigate the misuse of their platforms/services,” the report said. The Ministry has also rolled out a Cyber Volunteer Framework, which enables citizens to enroll as cyber volunteers for reporting unlawful content on the Internet, dissemination of cyber hygiene, and as cyber experts to aid law enforcement under which 54,833 volunteers had registered by March 31, 2024, according to the report. The Ministry’s integrated platform Citizen Financial Cyber cyber criminals Reporting and Management System (CFCFRMS), where all stakeholders, including law enforcement agencies of States/Union Territories, all major banks and financial intermediaries, payment wallets, crypto exchanges, and e-commerce companies, work in tandem. The platform ensures quick, decisive, and system-based effective action to prevent the flow of money from the victim’s account to the cyber fraudster’s account, and the seized money is restored to the victim following due legal process, it said. “Since its launch in April 2021, so far this platform has been able to save more than Rs 16 billion from going into the hands of fraudsters, and thus benefiting more than 5,75,000 victims,” it said.