More than 80% of Indian Companies Experienced Cyber Attacks Last Year: Report
A recent study uncovered significant financial losses for Indian organizations due to cybersecurity issues, with 83% reporting various incidents, including web attacks and phishing. The report, titled “Securing the Future: Asia Pacific Cybersecurity Readiness Survey” by Cloudflare, also indicated that 48% of these companies faced 10 or more cyberattacks in the past year. Financial gain emerged as the primary goal for these incidents, followed by espionage and data exfiltration. Despite these challenges, only 52% of respondents consider themselves well-prepared for cyber incidents. Approximately 47% of organizations incurred financial losses exceeding $1 million, while 27% experienced setbacks surpassing $2 million in the last 12 months. According to Jonathon Dixon, the vice-president and managing director for Asia Pacific, Japan, and China at Cloudflare, fostering a security culture is critical for organizations to manage the evolving cybersecurity landscape effectively. The report also highlighted that cybersecurity incidents led to a reduction in hybrid work, layoffs, and delayed expansion plans for 46% of respondents. Furthermore, talent shortages and insufficient funding were identified as the most significant challenges hindering cybersecurity preparedness for 57% and 44% of Indian business leaders, respectively.
Source – ETCISO
D-Link Affirms Data Breach Following Employee Phishing Attack
Taiwanese networking equipment maker D-Link confirmed a data breach revealing “low-sensitivity and semi-public information.” The compromised data was traced back to an old D-View 6 system, and no evidence suggests that it contained any user IDs or financial details. The breach, involving nearly 700 outdated records, followed an unauthorized party’s claim of a more extensive data theft, prompting D-Link to engage Trend Micro for investigation. The incident stemmed from an employee falling victim to a phishing attack, with D-Link taking measures to bolster its security protocols and reassure customers of minimal impact.
Source – The Hacker News
Synology’s DiskStation Manager Exposed to New Admin Takeover Vulnerability
An exploit in Synology’s DiskStation Manager (DSM) allows attackers to deduce an admin’s password, potentially taking over the account remotely. This medium-severity vulnerability (CVE-2023-2729) rates 5.9 on the CVSS scale and stems from the software’s use of the weak JavaScript Math.random() method, leading to predictable password generation. Although the flaw was rectified in June 2023, attackers who obtain certain GUIDs during setup could reconstruct the seed for the pseudorandom number generator, enabling brute-force password attacks. Claroty’s Sharon Brizinov emphasized the need to avoid using Math.random() for security purposes, suggesting the use of the Web Crypto API for stronger encryption.
Source – The Hacker News
New Campaign by Pro-Russian Hackers Leveraging Recently Discovered WinRAR Vulnerability
Russian hacking collectives have utilized a WinRAR vulnerability (CVE-2023-38831) in a phishing drive to acquire credentials through a contaminated archive containing a destructive PDF file triggering a Windows Batch script and PowerShell commands, ultimately granting remote access. The incident occurs amidst an intensification of Russian cyber operations, including changes in tooling and tactics to complicate detection and analysis. APT29, Turla, and other groups are identified as prominent threat actors in recent Ukrainian-focused cyber activities, with a notable decrease in destructive attacks owing to improved security measures.
Source – The Hacker News
Caution: SpyNote, an Android Trojan That Records Audio and Calls, is on the Loose.
F-Secure’s analysis of the Android banking trojan SpyNote has highlighted its distribution via SMS phishing campaigns, concealed operation features, and resilient design to resist termination attempts. Apart from seeking extensive permissions, including call logs and camera access, SpyNote exploits accessibility permissions to record audio, phone calls, and keystrokes, making uninstallation challenging and necessitating a factory reset. Furthermore, the report uncovers a fraudulent Android app that deceives users with the guise of an OS update to gain accessibility privileges and pilfer SMS and financial data.
Source – The Hacker News
India’s Technology Infrastructure Susceptible to Zero-Day Attacks
According to cybersecurity experts, Indian technology infrastructure faces a similar vulnerability to cyber threats and zero-day attacks as leading western countries, owing to its geopolitical significance. In light of the rising threats across the Japan and APAC region, they emphasized the increased targeting of critical infrastructure by threat actors, both for financial gain and state-sponsored motives. Specific sectors, such as power, transportation, and logistics, are increasingly at risk, with threat actors leveraging malware and bugs to disrupt operations. The experts also noted a surge in evolving individual-level cyber threats, including scams via platforms like WhatsApp and investment groups. Additionally, concerns were raised about the escalating levels of cyber espionage from neighboring countries, particularly targeting India’s telecommunications infrastructure. To bolster defense mechanisms, cybersecurity training and the development of a robust cyber workforce were highlighted as crucial elements in combating the growing threat landscape.
Source – ETCISO
Government Identifies High-Risk Vulnerabilities in Notepad++, Raises Concerns
CERT-In, the central agency responsible for handling cybersecurity incidents, has identified several vulnerabilities in Notepad++. These vulnerabilities, rated as high severity, can potentially be exploited by malicious actors to execute unauthorized code and acquire sensitive data from the compromised system. CERT-In has outlined the specific vulnerabilities present in Notepad++, including the Heap buffer overflow in the Utf8_16_Read::convert() function, as well as the out-of-bounds read errors in CharDistributionAnalysis::HandleOneChar, nsCodingStateMachine::NextState, and FileManager::detectLanguageFromTextBeginning. To exploit these weaknesses, a remote attacker may manipulate a user into opening a specially crafted file. It is crucial to promptly update Notepad++ as recommended by the vendor to mitigate these vulnerabilities and prevent potential security breaches.
Source – ETCISO
Cyber Fraud Depletes Maharashtra Health Company’s Funds by Rs 2.5 Crore
A Maharashtra-based health company fell victim to a phishing scam, losing Rs 2.25 crore to an international hacker. The perpetrator, posing as the ‘corporate communication manager’ of a Singaporean investment company, lured the company proprietor into clicking a malicious link, resulting in the unauthorized transfer of funds from the company’s crypto currency wallet. Despite warnings from authorities about clicking on unknown links, individuals continue to be ensnared by such deceptive tactics. Police investigations suggest that the link could have directed the victim to fraudulent websites aimed at extracting sensitive personal and financial information, including login credentials and credit card details. The case has been escalated to a specialized team at the Maharashtra Nodal Cyber police station for further investigation. The cybercrime portal and the Nodal Cyber have been instrumental in registering the complaint and initiating an inquiry into the incident.
Source – ETCISO
Schedule a Demo
Hiring 
