Best printers for Home

Best Mixer Grinder

Best wired Earphones

Best 43 Inch TV in India

Best Wi Fi Routers

Best Home Theatre in India

Smart Watch under 5000

Best Laptops for Education

Best Laptop for Students

Cybercriminals are profiting from X "Gold" verification badge by selling compromised accounts for phishing and scams on the dark web marketplaces and forums, a new report revealed on Thursday. According to the cybersecurity firm <keyword id="20065627" type="General" weightage="50" keywordseo="cloudsek" source="keywords">CloudSEK</keyword>, these accounts pose a huge risk for organisations and individuals alike, as they can be used to spread disinformation, launch phishing attacks, and steal sensitive information. X Gold is a paid feature introduced by the Elon Musk-run microblogging platform, which grants accounts a gold badge alongside the blue and grey tick, signifying legitimacy and brand recognition. However, the ease of obtaining <keyword id="20065624" type="General" weightage="80" keywordseo="twitter-gold" source="keywords">Twitter Gold</keyword> has attracted malicious actors who are purchasing and compromising accounts to further their nefarious activities, the report noted. The researchers found that dark web marketplaces are flooded with advertisements selling X Gold accounts, with prices ranging from $35 for a basic account to $2,000 for accounts with large followings. "The advertisements on the dark web can be traced back to multiple online shops and their marketing partners, such as Facebook, <keyword id="19897633" type="General" weightage="50" keywordseo="telegram" source="keywords">Telegram</keyword>, etc. Some X account providers have hosted their shops successfully for over four years and used the same medium to advertise Twitter Gold accounts," said <keyword id="20065625" type="General" weightage="50" keywordseo="rishika-desai" source="keywords">Rishika Desai</keyword>, <keyword id="20065626" type="General" weightage="50" keywordseo="cyber-threat-researcher" source="keywords">Cyber Threat Researcher</keyword> at CloudSEK. "The amount of shops and service providers today is humongous, and most of them can be detected by running simple Google Dorks," she added. According to the report, hackers can use Twitter Gold accounts to send seemingly legitimate tweets containing malicious links that steal personal information, such as login credentials and credit card numbers. They can also spread false information and propaganda through Twitter Gold accounts, potentially impacting public opinion and causing reputational damage. In addition, hackers can use these accounts to promote fake investment opportunities, cryptocurrency scams, and other financial frauds, the report said. Researchers recommended to regularly monitor brand mentions on Twitter and implement strong password policies to protect against account compromise. Be wary of tweets from unknown accounts, especially those with the Gold badge. Do not click on suspicious links or engage with accounts that seem too good to be true. SEE ALSO:<a href="https://www.businessinsider.in/tech/mobile/news/redmi-note-13-vs-note-13-pro-vs-note-13-pro-plus-redmi-note-13-series-compared/slidelist/106544325.cms" target="_blank"></a> <a href="https://www.businessinsider.in/tech/mobile/news/redmi-note-13-vs-note-13-pro-vs-note-13-pro-plus-redmi-note-13-series-compared/slidelist/106544325.cms" target="_blank">Redmi Note 13 series: Base vs Pro vs Pro Plus compared</a><a href="https://www.businessinsider.in/tech/mobile/news/vivo-x100-review-top-end-camera-centric-smartphone-with-sleek-design/articleshow/106539033.cms" target="_blank"></a> <a href="https://www.businessinsider.in/tech/mobile/news/vivo-x100-review-top-end-camera-centric-smartphone-with-sleek-design/articleshow/106539033.cms" target="_blank">Vivo X100 review – Top-end camera centric smartphone with sleek design</a><a href="https://www.businessinsider.in/tech/mobile/news/vivo-x100-and-x100-pro-camera-centric-smartphones-with-up-to-5400mah-battery-hit-indian-market/articleshow/106537175.cms" target="_blank"></a> <a href="https://www.businessinsider.in/tech/mobile/news/vivo-x100-and-x100-pro-camera-centric-smartphones-with-up-to-5400mah-battery-hit-indian-market/articleshow/106537175.cms" target="_blank">Vivo X100 and X100 Pro camera centric smartphones with up to 5,400mAh battery hit Indian market</a>

Hackers selling X Gold accounts on dark web for phishing, scams: Report

Cybersecurity researchers on Monday said they have discovered a spear <keyword id="1545907" type="General" weightage="20" keywordseo="phishing-campaign" source="Orion">phishing campaign</keyword> targeting multiple IT firms where scammers were sending WhatsApp messages to top tier employees' personal numbers pretending to be their CEO. CloudSEK analysts found a spear phishing campaign targeting multiple corporations wherein a specific form of a message purportedly coming from superiors or CEOs may actually be a fraud. In these messages, the threat actor pretends to be the company's CEO and sends a WhatsApp message to employees (mostly top-level executives) on their personal phone numbers. Scammers misuse CEOs' publicly available pictures by using WhatsApp profile pictures as a social engineering tactic to convince the victim. "The research unveiled lead generation and business information tools being misused by these scammers to extract personal phone numbers," said a CloudSEK researcher. The scam begins with employees receiving an SMS-based message from an unknown number allegedly impersonating a top-ranking executive from the organisation. The reason for impersonating the top-ranking executive is to instill urgency and panic. If the receiver of the SMS acknowledges the scammer with a response, the threat actor/scammer would request to complete a quick task. The quick tasks commonly include purchasing gift cards for a client or employee and/or wiring funds to another business. "In some cases, the scammer may ask employees to send personal information (like PINs and passwords) to third parties, often providing a plausible reason to carry out the request," said the report. Threat actors often use commanding and persuasive language to convince the email victim to respond. Senior employees of the organisation can be looked up from LinkedIn. Threat actors then use popular sales intelligence or lead generation tools such as Signalhire, Zoominfo, Rocket Reach to gather personal identifiable information (PII) like emails, phone numbers, and more. "These online databases of businesses have their methodologies for obtaining, verifying, and then selling the employees' contact details of an entity," said the report. SEE ALSO: <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/tech/apps/news/whatsapp-rolls-out-ability-to-create-avatars-on-ios/articleshow/97625500.cms">WhatsApp rolls out ability to create avatars on iOS</a> <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/tech/news/one-in-four-users-unaware-of-crypto-cybercrime-risks-cybersecurity-firm-kaspersky/articleshow/97622963.cms">One in four users unaware of crypto cybercrime risks: Cybersecurity firm Kaspersky</a>

Scammers sending WA messages to top tier employees' pretending to be their CEO: CloudSEK report

<ul><li>88% of the <keyword id="7964423" type="General" weightage="20" keywordseo="fake-customer-care" source="Orion">fake customer care</keyword> numbers were distributed via Facebook advertisements. </li><li>Entities in the banking and finance sectors were the primary targets of impersonation. </li><li>There have been instances where a customer lost as much as ₹16 lakh due to a <keyword id="6912356" type="General" weightage="100" keywordseo="fake-customer-care-number" source="Orion">fake customer care number</keyword>, <keyword id="6269615" type="General" weightage="80" keywordseo="cloudsek" source="Orion">CloudSEK</keyword> said.</li></ul>When we face any difficulty regarding a product or service, we tend to automatically reach out to the customer service department for a resolution. However, fake customer service calling numbers set up by fraudsters to deceive customers are thriving, as per a report by CloudSEK, an AI company that predicts cyberthreats. XVigil’s (CloudSEK’s risk monitoring platform) Fake Customer Care module has flagged 31,179 such fraudulent numbers, with many of them having been active for over 2 years. The findings show that about 56% (i.e. 17,285) of these were Indian numbers, while the rest were non-Indian. Further, 80% of the Indian numbers were found to be valid and still operational. Analysis of the content present on the source domains associated with each number also showed that entities in the banking and finance sectors (39.4%) were the primary targets of impersonation, followed by those in the telecommunication(31.2%) and healthcare sectors(9.9%). This is an apt modern-day phishing technique, which builds around the trust created in solving customer queries and deceives people into revealing sensitive information, allowing the fraudsters to steal user data. In its report, CloudSEK researchers have analysed a sample of around 20,000 Indian mobile numbers used by fraudsters to run such customer care scams. It found that none of the major telecom carriers, which have vast network connectivity, have been spared by scammers. <cmsannotation type="cmsannotation" annotationid="Social media channels: Scamsters’ vehicle of choice" comment="subhead" text="Social media channels: Scamsters’ vehicle of choice">Social media channels: Scamsters’ vehicle of choice</cmsannotation> Such fake numbers are disseminated predominantly by social media channels. About 88% (15,271) of the fake customer care numbers were distributed via Facebook advertisements, posts, profiles, and pages. Out of the remaining 12% of the numbers, Twitter emerged as the most popular distribution medium, accounting for 6.2% of the total traffic. Twitter was followed by Google. Despite Facebook claiming to have taken down close to 2 billion fake accounts per quarter, scammers continue to flood Facebook with fake profiles and pages. Social media continues to be the preferred medium for scammers to trick people because it allows them to reach a large user base in a short period. To create an impression of authenticity, scammers frequently include a brief introduction and links to their social media accounts or posts alongside the counterfeit customer support numbers. However, a closer examination of these links reveals that they typically lead users to fake domains and fraudulent Whatsapp or Telegram accounts; and sometimes even the email addresses are fake. Scammers leverage social media accounts to lure customers to call on fake customer numbers, visit phishing sites and send emails from their personal accounts, thus compromising their email IDs. The unwary users search for customer care numbers and may end up calling a fake customer care number. When customers call these fake call centres, the scamsters use this opportunity to retrieve financial information, OTP, etc., from aggrieved customers via social engineering methods – which refers to techniques used illegitimately to manipulate people to perform certain actions or reveal specific information. Generally, scammers try to leverage impersonation and the fear factor to collect money from the victims. Thereafter, the threat actors gain access to the victim’s bank account and purchase gift cards, etc, or transfer the amount to another account. There have been instances where a customer lost as much as ₹16 lakh due to a wrong google search leading to a fake customer care number, CloudSEK said. Fake customer care numbers have been thriving under the cyber radar purely because people tend to be ignorant while engaging with customer care numbers.

Callers beware! Over 31,000 fake customer care numbers are out there to scam you

<keyword id="6358777" type="General" weightage="50" keywordseo="new-delhi" source="Orion">New Delhi</keyword>: A new <keyword id="6362094" type="General" weightage="50" keywordseo="ransomware" source="Orion">ransomware</keyword> has been detected in <keyword id="3658" type="General" weightage="50" keywordseo="india" source="Orion">India</keyword> that makes victims donate new clothes to homeless, feed kids in branded <keyword id="14000718" type="General" weightage="20" keywordseo="pizza-outlets" source="Orion">pizza outlets</keyword> and provide financial help to anyone who needs urgent medical attention but cannot afford it, according to digital risk monitoring firm <keyword id="6269615" type="General" weightage="20" keywordseo="Cloudsek" source="Orion">Cloudsek</keyword>. The company warned that the <keyword id="14000719" type="General" weightage="100" keywordseo="Goodwill-ransomware" source="Orion">Goodwill ransomware</keyword> could also result in temporary, and possibly permanent, loss of company data and a possible shutdown of the company's operations and accompanied revenue loss. "<keyword id="74117" type="General" weightage="100" keywordseo="goodwill" source="Orion">GoodWill</keyword> ransomware was identified by <keyword id="14000720" type="General" weightage="20" keywordseo="CloudSEK-researchers" source="Orion">CloudSEK researchers</keyword> in March 2022. As the threat group's name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons," <keyword id="14004512" type="General" weightage="50" keywordseo="clousek" source="Orion">Clousek</keyword> said in a report. Once infected, the GoodWill ransomware worm encrypts documents, photos, videos, database, and other important files and renders them inaccessible without the decryption key. "The actors suggest that victims perform three socially driven activities in exchange for the decryption key- donate new clothes to the homeless, record the action, and post it on social media, take five less fortunate children to Dominos Pizza Hut or KFC for a treat, take pictures and videos, and post them on social media and provide financial assistance to anyone who needs urgent medical attention but cannot afford it, at a nearby hospital, record audio, and share it with the operators," the report said. Once all three activities are completed, the ransomware asks victims to write a note on social media (Facebook or Instagram) on "how you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill." Upon completing all three activities, the ransomware operators verify the media files shared by the victim and their posts on social media. The actor will then share the complete decryption kit which includes the main decryption tool, password file and a video tutorial on how to recover all important files, the report said. "Our researchers were able to trace the email address, provided by the ransomware group, back to an India-based IT security solutions &amp; services company, that provides end-to-end managed security services," the report said. SEE ALSO: <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/tech/news/elon-musk-replies-to-pune-techies-witty-tweet-says-he-does-not-run-the-techies-account/articleshow/91735503.cms">Elon Musk replies to Pune techie's witty tweet, says he does not run the techie's account</a> <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/business/news/billionaire-wealth-rose-more-in-2-years-than-in-the-last-23-years-combined/articleshow/91734674.cms">Billionaire wealth rose more in 2 years than in the last 23 years combined</a>

GoodWill ransomware detected in India makes victim donate to poor, provides financial help to needy patients

<ul><li>The CoinEgg scam uses fake domains and social media accounts to coax users into investing in fake exchanges.</li><li>After making victims invest, scammers approached them as investigative agents who could help with the scam.</li><li>How long the fraud has been going on is unclear at the moment.</li></ul>Despite the immense popularity of cryptocurrencies and crypto-trading in India, users in the country are still falling for high profile scams. Researchers at security firm CloudSEK have unearthed a new scam called CoinEgg, which defrauded as much as ₹10 billion [₹1,000 crore] from users in the country. “We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam,” the company said in a blog <a href="https://cloudsek.com/threatintelligence/coinegg-scam-campaign-steals-victims-cryptocurrency-and-data/">post</a>. <cmsannotation type="cmsannotation" annotationid="CoinEgg Scam: How this works" comment="subhead" text="CoinEgg Scam: How this works">CoinEgg Scam: How this works</cmsannotation> According to the researchers, the threat actors created multiple fake domains impersonating crypto trading platforms, with the word ‘CloudEgg’ in them. “The sites are designed to replicate the official website’s dashboard and user experience,” the company said, adding that the scam is divided in seven phases. After creating the fake domains, in the second phase, the attackers create a female profile on social media “to approach the potential victim and establish a friendship”. This profile is used to influence the victim to invest in crypto and start trading. “The profile also shares USD 100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange,” the firm said. The victims are enticed to sign up for the fake exchanges using this free credit, and start trading using the same, based on instructions from the attacker. They eventually invest their own money and “seemingly” make profits, which in turn convinces them to invest even higher amounts. Once the victim adds their own money, the attacker freezes their account to keep them from withdrawing the funds and disappears. You would think that the scam ends here, would you? It doesn’t. In the seventh phase of the scheme, when the victims take to other platforms to complain about their experience, the attacker uses other fake accounts to reach out to them and pose as if they are investigators. “To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details via email. These details are then used to perpetrate other nefarious activities,” the researchers said. <cmsannotation type="cmsannotation" annotationid="Crypto scams on the rise" comment="subhead" text="Crypto scams on the rise">Crypto scams on the rise</cmsannotation> CloudSEK, of course, isn’t the first or only firm to flag a rise in crypto scams around the world recently. In an <a href="https://www.cnbctv18.com/cryptocurrency/crypto-scammers-using-linkedin-to-target-victims-warns-fbi-13878672.htm">interview with CNBC</a> last week, Sean Ragan, a special agent with the Federal Bureau of Investigation (FBI), said that crypto scammers are targeting users through LinkedIn and pose a “significant threat” to the platform’s users. Yesterday, research by fact-checking platform Logically, <a href="https://www.logically.ai/articles/qanon-crypto-lose-followers-2-million">noted</a> that influencers affiliated with American political conspiracy Qanon have been persuading their followers to invest in fraudulent crypto tokens. Rahul Sasi, the chief executive of CloudSEK, said that in the short-term crypto-related phishing domains have to be taken down earlier; but crypto exchanges, internet service providers, and cyber crime cells have to work together in the long run to avoid such scams. SEE ALSO: <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/cryptocurrency/news/bitcoin-and-ethereum-reverse-crypto-crash-effects-make-a-quick-and-fast-rebound/articleshow/92329970.cms">Bitcoin and Ethereum reverse crypto crash effects; make a quick and fast rebound</a> <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/cryptocurrency/news/dogecoin-spikes-after-elon-musk-says-hell-keep-buying-the-cryptocurrency/articleshow/92316750.cms">Dogecoin spikes after Elon Musk says he'll keep buying the cryptocurrency</a>

Crypto scammers have reportedly stolen ₹1000 crore off Indian users by posing as fake exchanges

In a massive <keyword id="20554969" type="General" weightage="20" keywordseo="cybersecurity-breach" source="keywords">cybersecurity breach</keyword> and hacking of personal and insurance-related data of over 31 million customers of <keyword id="20064584" type="General" weightage="100" keywordseo="Star-Health-Insurance" source="keywords" meta.keywordsubtype="org" meta.entityname="Star Health Insurance" meta.hostid="261" meta.entityid="Star Health Insurance">Star Health Insurance</keyword>, a Chinese hacker going by the name of "xenZen" is selling about 7.24 TB worth of this sensitive data for as much as $1,50,000. Even partial data sets of 1,00,000 entries are also available for sale at $10,000 The leaked data includes details such as names, PAN numbers, mobile numbers, date of birth, email IDs, residential addresses, and certain policy specific information as well, like health card details, policy number, pre-existing conditions and more. Per media reports, the hacker has created <keyword id="23499185" type="General" weightage="20" keywordseo="Telegram-bots" source="keywords">Telegram bots</keyword> to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of Star Health, available till early August. The hacker also accused the company's <keyword id="20035747" type="General" weightage="20" keywordseo="CISO" source="keywords">CISO</keyword> (Chief Information Security Officer) <keyword id="23491174" type="General" weightage="20" keywordseo="Amarjeet-Khanuja" source="keywords">Amarjeet Khanuja</keyword> of selling this data for as much as $43,000. Here's how the entire chain of events allegedly unfolded, per the X account of Debarghya Das (deedydas), who has served as a founding team member in Google Search, and who, along with UK-based researcher Jason Parker, was one of the first to break information of this incident on the internet, alongside video proof: 1. Khanuja reached out to the hacker on July 6th, 2024, via an encrypted chat app called Tox. 2. They settled on $28,000 for selling customer data, which would be paid via Monero, a cryptocurrency. 3. Khanuja sends hackers all requisite details like login credentials and API endpoints on proton mail, a secure, encrypted email facility, and received payment from the hacker. 4. On July 20th, Khanuja pitches for selling claims related data as well. This deal is settled at $15,000. 5. The hacker's access is reportedly revoked 5 days later, when Khanuja demands for $1,50,000 for the 5TB accessed by the hacker, asking for a cut for senior management as well. 6. Hacker demands a full refund. Months later, on September 25, they drop a website titled "starhealthleak", which offered both customer and claim related data through 2 telegram bots. Das further mentions that CloudSEK, an AI-powered digital risk monitoring platform had called this evidence as fabricated. But upon closer investigation it was found that CloudSEK was working on behalf of their client Star Health, whilst taking down the hacker's website. While acknowledging the breach, Star Health strongly denied any involvement in this, terming this as a targeted malicious attack. "We want to categorically mention that our CISO has been duly co-operating in the investigation, and we have not arrived at any finding of wrongdoing by him to date. We request that his privacy be respected as we know that the threat actor is trying to create panic.” Additionally, the insurer has also notified that an extensive forensic investigation is underway, where it is working with independent cybersecurity experts, government and regulatory bodies to address the issue. Earlier, Star Health had filed lawsuits against Telegram, the messaging app, for facilitating the distribution the data, and US software firm <keyword id="23499184" type="General" weightage="20" keywordseo="Cloudfare" source="keywords" meta.keywordsubtype="org" meta.entityname="Cloudfare" meta.hostid="261" meta.entityid="Cloudfare">Cloudfare</keyword>, for allegedly hosting the hacker's website. While Cloudfare has denied the same, the Madras High Court had issued a temporary injunction demanding that Telegram block any chatbots distributing this leaked information. Per xenZen, this is not the first time they have bought and sold data from Indian companies. Previously, it had claimed to have compromised Airtel's servers, and took responsibility of their data breach. However, the data samples were later revealed to be a part of Indian telecom leak, which happened in 2023.

Data of 31 million Star Health Insurance customers allegedly sold by company's CISO: All you need to know about it

<ul><li>The Indian government has refuted that there has been a direct breach from its <keyword id="17689208" type="General" weightage="20" keywordseo="cowin-database" source="Orion">CoWIN database</keyword> that was used for <keyword id="9257042" type="General" weightage="20" keywordseo="covid-vaccination" source="Orion">COVID vaccination</keyword>.</li><li>The data leak, reported on June 12, is from an earlier <keyword id="608402" type="General" weightage="20" keywordseo="data-breach" source="Orion">data breach</keyword>, says the government.</li><li>The Union Minister has clarified the situation on Twitter.</li></ul> The Indian government has swung into action after reports about a<a href="https://www.businessinsider.in/tech/news/covid-19-vaccination-data-reportedly-leaked-id-proof-date-of-birth-and-other-details-available-on-telegram/articleshow/100931799.cms"> data breach</a> from the <keyword id="10440405" type="General" weightage="20" keywordseo="cowin" source="Orion">CoWIN</keyword> database came to light. The government has said that it “does not appear” that the CoWIN app and database have been “directly breached”. CloudSEK, an AI <keyword id="17689209" type="General" weightage="20" keywordseo="digital-risk-management" source="Orion">digital risk management</keyword> company has released a <a href="https://www.cloudsek.com/threatintelligence/cowin-data-leak-claim-and-cloudsek-analysis">report</a> which agrees with the government’s claim that the leak is not new. <keyword id="205969" type="General" weightage="20" keywordseo="rajeev-chandrasekhar" source="Orion">Rajeev Chandrasekhar</keyword>, the union minister of state for the Ministry of Electronics and Information Technology took to Twitter to clarify the government’s stand on the <keyword id="13005926" type="General" weightage="100" keywordseo="cowin-data-leak" source="Orion">CoWIN data leak</keyword> issue. <cmsannotation type="cmsannotation" annotationid="Data leak from a previous breach?" comment="subhead" text="Data leak from a previous breach?">Data leak from a previous breach?</cmsannotation> Chandrasekhar in his tweet mentioned that the data being used by the Telegram bot is from a threat actor database, which is being populated using previously stolen data. To recall, data of over 20,000 people, including their name, mobile number, Covid-19 test result and their address was<a href="https://www.hindustantimes.com/india-news/data-meant-for-cowin-portal-leaked-online-over-20-000-indians-likely-affected-101642767559692.html"> reportedly</a> leaked in 2022. In another instance, data of over 15 crore citizens was<a href="https://www.timesnownews.com/technology-science/article/cowin-apps-covid-19-vaccination-data-of-15-crore-users-leaked-and-up-for-sale-government-denies-breach/769434"> reportedly</a> leaked in 2021 and the hackers put the data on sale. The government however refuted the claim and said that the CoWIN platform was never hacked. Interestingly, the government had so far not confirmed a data breach and has only now confirmed that there was a breach in the past, without revealing any information about the extent of the breach or the cause. <cmsannotation type="cmsannotation" annotationid="API exists to pull data without OTP" comment="subhead" text="API exists to pull data without OTP">API exists to pull data without OTP</cmsannotation> The government in a<a href="https://pib.gov.in/PressReleasePage.aspx?PRID=1931691"> press release</a> has said that while there are no public APIs (application programming interface) to pull CoWIN data without an OTP, there are APIs, which have been shared with third parties such as ICMR that can pull data from CoWIN with just the phone number, similar to what we have seen on the Telegram bot. The government however claims that requests are accepted only from a trusted API. “There are some APIs which have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the Co-WIN application.” <cmsannotation type="cmsannotation" annotationid="Expert take" comment="subhead" text="Expert take">Expert take</cmsannotation> CloudSEK, which provides AI digital risk management solutions has analysed the telegram bot using XVigil, its AI digital risk platform. As per its analysis, the hacker does not have access to the CoWIN platform or its backend database. “Based on matching fields from Telegram data and previously reported incidents affecting Healthworker of a region, we assume the information was scraped through these compromised credentials,” CloudSEK said in its report. According to the company, the data is from a 2022 leak wherein a Russian cybercrime forum offered compromised access to the CoWIN platform for the Tamil Nadu region. SEE ALSO: <a href="https://www.businessinsider.in/stock-market/news/ikio-lighting-ipo-how-to-check-allotment-status-listing-date-and-more/articleshow/100939900.cms">IKIO Lighting IPO - How to check allotment status, listing date and more</a> <a href="https://www.businessinsider.in/tech/news/covid-19-vaccination-data-reportedly-leaked-id-proof-date-of-birth-and-other-details-available-on-telegram/articleshow/100931799.cms">Covid-19 vaccination data reportedly leaked – ID proof, date of birth and other details available on Telegram</a> <a href="https://www.businessinsider.in/finance/news/2000-note-withdrawal-how-to-exchange-notes-is-it-a-legal-tender-and-other-questions-answered/articleshow/100412941.cms">₹2,000 note withdrawal – How to exchange them, is it a legal tender and other questions answered</a>

Cyber security group’s AI analysis supports theory that CoWIN data leak not new

The number of cyber attacks targeting the <keyword id="44734" type="General" weightage="100" keywordseo="indian-government" source="Orion">Indian government</keyword> sector increased by a whopping 95 per cent in the second half of 2022 compared to the same period last year, a report showed on Friday. The attacks on the Indian government intensified to the point where it became the country that was most frequently targeted in this sector in 2022. This expansion is the result of the hacktivist group Dragon Force Malaysia's #OpIndia and #OpsPatuk campaigns, according to cyber-security firm CloudSEK. Numerous hacktivist groups joined and supported these campaigns, which laid the path for subsequent ones. However, this increase has other causes besides the growing hacktivism. "Government agencies in India have become popular targets for extensive phishing campaigns," the CloudSEK report mentioned. The primary motive of most of the threat actors is exfiltrating data and selling it for monetary benefits, yet it is not the only reason they target governments. This change is clearly evident from the emergence of various APT groups and hacktivist campaigns over the last decade. Ransomware groups were also very active in this industry, accounting for 6 per cent of the total incidents reported, with LockBIT as the most prominent ransomware operator. India's premier healthcare institute AIIMS suffered a massive ransomware attack which cripped its network for several days. Also, data of around three crore travellers registered with the Indian <keyword id="6360676" type="General" weightage="80" keywordseo="railways" source="Orion">Railways</keyword> has been hacked and reportedly put on sale on the Dark Web, as per reports. The Railways later denied the claims of a suspected data breach from servers of the Indian Railway Catering and Tourism Corporation (IRCTC). The Twitter handle of the Ministry of Jal Shakti (Water Resources) was also hacked twice in December, promoting fake cryptocurrency giveaway scam. According to the report, India, the US, Indonesia and China continued to be the most targeted countries in the past two years. Together, these four countries accounted for 40 per cent of the total reported incidents in the government sector.

Indian government sector top target for hackers in 2022

Prime Minister Narendra Modi on Monday said that <keyword id="3658" type="General" weightage="80" keywordseo="india" source="Orion">India</keyword> is ready to provide all possible help to the earthquake-affected people in <keyword id="6372909" type="General" weightage="100" keywordseo="turkey" source="Orion">Turkey</keyword>. <keyword id="2238662" type="General" weightage="80" keywordseo="pm-modi" source="Orion">PM Modi</keyword> was addressing the people at the India Energy Week 2023 event, in Bengaluru, Karnataka. While addressing the people, Modi said, "We are all looking at the destructive <keyword id="6362774" type="General" weightage="20" keywordseo="earthquake" source="Orion">earthquake</keyword> that hit Turkey. There are reports of the deaths of several people as well as damage. Damages are suspected even in countries near Turkey. The sympathies of the 140 crore people of India are with all earthquake-affected people." "India is ready to provide all possible help to the earthquake-affected people," he added. PM Modi unveiled the twin-cooktop model of the solar cooking system, developed by Indian Oil, at the India Energy Week 2023 event, in Bengaluru, Karnataka. At least 76 people have been killed across seven provinces in Turkey and 42 were reported dead in <keyword id="6354913" type="General" weightage="50" keywordseo="syria" source="Orion">Syria</keyword> in initial reports after a deadly earthquake struck 23 kilometres (14.2 miles) east of Nurdagi in Turkey's Gaziantep province on Monday, Anadolu Agency reported citing disaster management authorities. Turkish President Recep Tayyip Erdogan said on Twitter that "search and rescue teams were immediately dispatched" to the areas hit by the quake. External Affairs Minister S Jaishankar also tweeted and expressed grief over the loss of lives in the tragic earthquake that jolted both Turkey and Syria. "Deeply distressed by the loss of lives and damage in the earthquake in Turkiye," he wrote on Twitter as he conveyed his support to his Turkish counterpart Mevlut Cavusoglu. The US National Security Advisor also took to Twitter and assured Turkey of timely assistance for the quake-hit country to cope well. He tweeted, "The U.S. is profoundly concerned by today's destructive earthquake in Turkiye &amp; Syria. I have been in touch with Turkish officials to relay that we stand ready to provide any &amp; all needed assistance. We will continue to monitor the situation in coordination with Turkiye closely." Multiple aftershocks followed the quake. SEE ALSO: <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/tech/news/scammers-sending-wa-messages-to-top-tier-employees-pretending-to-be-their-ceo-cloudsek-report/articleshow/97637406.cms">Scammers sending WA messages to top tier employees' pretending to be their CEO: CloudSEK report</a> <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/india/news/supreme-court-gets-five-new-judges-chief-justice-of-india-administers-oath-of-office/articleshow/97638879.cms">Supreme Court gets five new judges, Chief Justice of India administers oath of office</a>

India ready to provide help to earthquake-affected people in Turkey, says PM Modi

Fake cryptocurrency exchanges have duped Indian investors of more than $128 million (nearly Rs 1,000 crore) as the global crypto market tanks, a new report claimed on Tuesday. Cyber-security company CloudSEK said it has uncovered an ongoing operation involving several phishing domains and Android-based fake crypto applications. "This large-scale campaign entices unwary individuals into a huge gambling scam. Many of these bogus websites impersonate "CoinEgg", a legitimate UK-based cryptocurrency trading platform," according to the report. CloudSEK was approached by a victim who allegedly lost Rs 50 lakh ($64,000) to such a cryptocurrency scam, in addition to other costs such as deposit amount, tax, etc. "We estimate that threat actors have defrauded victims of up to $128 million (about Rs 1,000 crore) via such crypto scams," said Rahul Sasi, Founder and CEO of CloudSEK. As investors shift their focus on the cryptocurrency markets, scammers and cheats turn their attention to them as well,' Sasi added. Threat actors first create fake domains that impersonate legitimate crypto trading platforms. The sites are designed to replicate the official website's dashboard and user experience. The attackers then create a female profile on social media to approach the potential victim and establish a friendship. The profile influences the victim to invest in cryptocurrency and start trading. "The profile also shares $100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange," the report mentioned. The victim initially makes a significant profit, which bolsters their trust in the platform and the threat actor. After the victim seemingly makes a profit, the scammer convinces them to invest a higher amount, promising better returns. Once the victim adds their own money to the fake exchange, the threat actor freezes their account, ensuring the victim can't withdraw their investment, and disappears with the victim's money. When victims take to various platforms to complain about losing access to their accounts, the same, or new, threat actors reach out to them in the guise of investigators. "To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details, via email. These details are then used to perpetrate other nefarious activities," the report warned. In the long-term, it is imperative for the collaboration between crypto exchanges, Internet service providers (ISPs), and cyber crime cells to raise awareness and take action against threat groups," said Sasi. SEE ALSO: <a href="https://www.businessinsider.in/cryptocurrency/news/crypto-markets-face-a-long-road-back-after-bitcoin-plunges-below-20000-as-an-every-man-for-himself-attitude-spreads-ubs-strategist-says/articleshow/92337463.cms">Crypto markets face a long road back after bitcoin plunges below $20,000 as an 'every man for himself' attitude spreads, UBS strategist says</a>

Indian investors have lost nearly ₹1,000 crore to fake cryptocurrency exchanges

<ul><li>If India bans virtual private networks, it would join the league of China, North Korea, Russia and UAE in doing so.</li><li>Popular VPN services, like NordVPN, ExpressVPN and IPVanish, give users anonymity on the internet and allow them to access sites that are banned. In India, <keyword id="752657" type="General" weightage="20" keywordseo="vpns" source="Orion">VPNs</keyword> were a rage when the popular mobile game PUBG was banned last year.</li><li>These are also used by companies to allow secure access to the company’s servers and data by employees working remotely who may be using public or unsecured internet connections.</li><li>Check out the latest news and updates on <a href="https://www.businessinsider.in/" data-type="tilCustomLink">Business Insider</a>.</li></ul>The Parliamentary Standing Committee on <keyword id="365819" type="General" weightage="20" keywordseo="home-affairs" source="Orion">Home Affairs</keyword> in India has urged the government to block virtual private networks (VPNs) in India. Just like Belarus, China, Iraq, North Korea, Oman, Russia, and the United Arab Emirates have. So who is it likely to affect? Popular VPN services, like NordVPN, ExpressVPN and IPVanish, give users anonymity on the internet and allow them to access sites that are banned. In India, VPNs were a rage when the popular mobile game PUBG was banned last year. <table style="border-width: initial; border-style: none; table-layout: fixed; width: 468pt;" class="redcator-table-advance"></colgroup><tbody><tr><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Popular VPN services in India </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Free/Paid </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Commonly used for… </td></tr><tr><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">NordVPN </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Paid </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Speed and privacy </td></tr><tr><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">ExpressVPN </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Paid </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Fast speed and access to popular apps </td></tr><tr><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">TorGuard </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Paid </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Torrenting </td></tr><tr><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">IPVanish </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Paid </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Multi-device support </td></tr><tr><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">CyberGhost </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Paid </td><td style="border-left:solid #000000 1pt;border-right:solid #000000 1pt;border-bottom:solid #000000 1pt;border-top:solid #000000 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;">Access to multiple servers </td></tr></tbody><tbody></tbody></table> These are widely used to watch anything from Netflix content in other countries to the hidden websites on the dark web as well as pornographic websites like Pornhub, Xvideos, and Youporn, which are also banned in India. In fact, India is said to have the highest adoption rate of VPNs according to <a href="https://atlasvpn.com/vpn-adoption-index">data</a> from Atlas VPN. VPNs provide greater privacy than even a secured Wi-Fi hotspot. These are also used by companies to allow their employees working remotely to log in to the company network from anywhere and keep company data secure through the encrypted network. So will the ban on VPN hurt remote work? “We believe the ban is primarily not really for VPN tunnels of large companies and business entities but targeting VPN companies which help Indian citizens in bypassing the current internet bans implemented in India to conduct cybercrime activity. We also think the government would allow companies that comply with Indian data laws regulations,” Ashara said. Is it possible to ban VPN? Yes, it is possible to ban VPNs. “The government would release a mandate to Internet service providers to block commonly used VPN protocols and ports used by these VPN services. Additionally, less technical ISPs will still have loose ends in having an effective blanket ban of VPN services,” said Darshit Ashara, Associate VP of CloudSEK’s research team. “Given the current technological world that we reside in, a popular technique named "Deep Packet Inspection" can be implemented to get this done. Alongside IP address or Port blocking techniques can also be used. We have earlier noticed Reliance Jio using SNI-inspection based filtering to block websites,” Ashara added. Why is this ban on VPN being proposed? The committee in its report presented to Rajya Sabha, highlighted the dangers of VPNs that can “bypass cyber security walls and allow criminals to remain anonymous online”. Since VPNs encrypt your internet traffic it gives you the protection of your virtual identity. Your online activities are hidden from the websites you visit and from ISPs as well. But the main purpose of VPNs is to help prevent third parties from tracking your online activities and stealing data. In addition to working with the Ministry of Electronics and Information Technology (MeitY) and internet service providers (ISPs) to identify and block VPNs, the committee suggested a coordination mechanism be developed with international agencies to ensure that the VPNs are blocked permanently. It also urged the government to improve the tracking and surveillance systems to keep a check on the use of VPN and the dark web as well. The dark web consists of hidden internet sites that can be accessed only by a specialised web browser. These websites are used to keep internet activity anonymous and private. Like VPNs, the dark web can be used for both legal and illegal purposes. Will the ban be foolproof? More than the process of blocking <keyword id="12006435" type="General" weightage="20" keywordseo="vpns-in-the-country" source="Orion">VPNs in the country</keyword>, the task of ensuring that the ban is in place would be more important, Ashara added. Similar to how individuals can find ways to bypass bans on apps like PUBG Mobile, the same could be followed for VPNs as well. “If not so sophisticated users are able to evade bans, here we are talking about someone(cybercriminal) who is technically strong or very least knowledgeable,” Ashara said. SEE ALSO: <a href="https://www.businessinsider.in/tech/news/twitter-is-finally-helping-users-safeguard-against-targeted-attacks-and-trolls/articleshow/85850482.cms" data-type="tilCustomLink">Twitter is finally helping users safeguard against targeted attacks and trolls</a> <a href="https://www.businessinsider.in/tech/news/reddit-banned-an-anti-vaccine-anti-mask-community-after-135-of-its-biggest-forums-protested/articleshow/85852024.cms" data-type="tilCustomLink">Reddit banned an anti-vaccine, anti-mask community after 135 of its biggest forums protested</a>

You Searched For "cloudsek report" and got 11 results

Hackers selling X Gold accounts on dark web for phishing, scams: Report

IANS

Scammers sending WA messages to top tier employees' pretending to be their CEO: CloudSEK report

IANS

Callers beware! Over 31,000 fake customer care numbers are out there to scam you

Anagh Pal

GoodWill ransomware detected in India makes victim donate to poor, provides financial help to needy patients

PTI

Crypto scammers have reportedly stolen ₹1000 crore off Indian users by posing as fake exchanges

BI India Bureau

Data of 31 million Star Health Insurance customers allegedly sold by company's CISO: All you need to know about it

BI India Bureau

Cyber security group’s AI analysis supports theory that CoWIN data leak not new

Sourabh Jain

Indian government sector top target for hackers in 2022

IANS

India ready to provide help to earthquake-affected people in Turkey, says PM Modi

ANI

Indian investors have lost nearly ₹1,000 crore to fake cryptocurrency exchanges

IANS

Who should worry about the proposed VPN ban in India

Marcia Sekhose

Popular Keywords

Buying Guides