Cyber Security

Globally, in Q1 2023, the education/research sector was hit the hardest with the highest number of attacks, averaging 2,507 per organisation per week, representing a 15 per cent surge from Q1 2022. The government/military sector was the second most targeted, with an average of 1,725 attacks per week, indicating a 3 per cent increase from the previous year.

According to the "Dark Web Price Index" by online data security provider Privacy Affairs, cybercriminals are selling various types of fraudulently obtained financial account information on the dark web, reports Cointelegraph. The prices of some of the ill-gotten verified cryptocurrency accounts include -- Kraken ($1,170), Binance ($410), Crypto.com ($300), Coinbase ($250), Blockchain.com ($85), and US-verified Bittrex account ($30), among others.

According to TechCrunch, hackers exposed social security numbers and bank account details of employees of the company which designs and manufactures network infrastructure products. "It's unclear exactly how many employees have been affected. CommScope employs more than 30,000 people worldwide," the report mentioned.

Ransomware players targeted critical infrastructure organisations and disrupted critical services in order to pressurise and extract ransom payments in 2022, according to the "India Ransomware Report 2022". "Variant wise, Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. Many new variants were observed in 2022 such as Vice society, BlueSky etc," said CERT-In.

According to cybersecurity company Sophos, the smish campaign consists of a text with a link addressed to customers of the most popular Indian banks. It sends a text falsely claiming that the recipient's bank account will be blocked, and telling the recipient to update their PAN and AADHAR card information on their accounts.

"There have been reports that state and federal government websites may be targeted" by an Indonesian "hacktivista organisation, according to a cybersecurity notice issued by the Indian Cyber Crime Coordination Centre (I4C), a division of the Ministry of Home Affairs. According to the notice, the Indonesian cyber attack group is purportedly targeting 1,200 government websites in the country.

In connection with the ongoing incident, an unauthorised third party gained access to a number of the company's systems. Upon discovery of the incident, the company implemented response efforts and initiated an investigation with the assistance of leading outside security and forensic experts.

The top six industries affected by malware in India in 2022 were banking, government, manufacturing, technology, healthcare, and finance. However, there was a slight decline in the number of malware detections across the six critical sectors, indicating that appropriate measures are being taken, according to the report by global cyber-security firm Trend Micro.

According to the ICS threat landscape report by cybersecurity firm Kaspersky, the second half of 2022 was marked by a rising number of attacks carried out using malicious scripts, phishing pages (JS and HTML) and denylisted internet resources. Malicious scripts and phishing pages (JS and HTML) were distributed both online and via email, while, a significant part of denylisted internet resources were used to distribute malicious scripts and phishing pages.

According to Cisco's Cybersecurity Readiness Index, India scored high in the global chart in terms of maturity, performing above the global average of 15 per cent on cybersecurity readiness. "The Index has been built with a focus on five core pillars of identity, devices, network, applications, and data, and examines organisational postures in securing these," said Vish Iyer, Vice President, Architectures, Cisco APJC.