Tag Archive for: india

India Braces Against Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation for Security Operations


Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasizing the role of Artificial Intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain. Key findings from India include:

 

Current Security Challenges: Threats and Team Readiness

 

  • Most Common Cyber Threats: Phishing and Insider threats are the most predominant cyber threat in India, with Approximately 50% of organizations ranking them as their top concerns. The top five threats include phishing, insider threats, ransomware, unpatched vulnerabilities, and identity theft.

 

  • Ransomware Surge: Ransomware incidents have doubled across India, with 70% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.

 

  • Insider Threats and Remote Work: 88% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity.

 

  • Resourcing IT Security Teams: Only 44% of businesses have dedicated IT resources for security teams. This augments the challenges faced by organizations in strengthening their security measures.

 

  • Impact of Emerging Technologies: Hybrid work, AI, and IT/OT system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organizational vulnerability to cyber threats.

 

SecOps SOS: Struggles with Alert Fatigue and Threat Containment

 

  • Threat Containment and Preparedness: Approximately one out of three…

Source…

Web Threats in India: Hacking Incidents and Cyberattacks in 2023 |


With hacking incidents registering an increase in 2023, nearly two in five (33%) web users in India faced a form of Internet-born cyberattack in 2023, a new report said, highlighting two prominent ways that hackers users to target Indians online.
According to the global cybersecurity company Kaspersky, a total of 62,574,546 Internet-borne cyber threats were detected and blocked in the country.
“With the world moving towards AI and other next-gen technologies, we expect the fraud and scamming scenarios to get more intricate and challenging to detect. Thus, we urge Indian users to install security solutions on their devices to protect themselves from these web attacks,” said Jaydeep Singh, General Manager for South Asia at Kaspersky.
Two ways used by hackers to target Indians
The report by Kaspersky highlighted two most prominent ways that cyber criminals used to undertake cyberattacks. These are: exploiting bugs in browsers and social engineering methods.
Vulnerabilities in browsers: Cybercriminals often exploit the vulnerabilities in browsers and their plugins to attack users’ systems. Users are typically attacked when they visit an infected website and the attack happens without the user’s awareness or action, and may result in the download of harmful malware.
Social engineering: Another popular web threat in India is ‘social engineering’ wherein the users are manipulated by the cybercriminals to download a malicious file and then they take control of the system.
Cybercriminals often trick their victims into thinking they are downloading a legitimate application or programme, and then once the user downloads the programme, they control the victim’s device and use it for malicious purposes.
“Since many threat actors nowadays conceal malicious code to bypass static analysis and emulation, advanced technologies such as proactive Machine Language-based methods and behaviour analysis are used to fight this type of threat,” Singh added.

Source…

Ransomware attacks cause concern, experts suggest precautions | India News


Dark web criminals extorting millions from companies with sophisticated online attacks, experts urge cyber hygiene and stronger defenses.

The threat is for real. The dark web targets companies, organisations and individuals on the internet. Money is extorted by resorting to threats. How big is the problem? What are companies doing to handle this threat? And how are problems being solved?
Prasad Patibandla, Director, Research and Operations at Centre for Research on Cyber Intelligence and Digital Forensics explains how companies and organisations are targeted and what precautions are to be taken.

Source…

India probing iPhone hacking complaints by opposition politicians


(Corrects first name of minister in first paragraph to Ashwini)

NEW DELHI (Reuters) – India’s cyber security agency is investigating complaints of mobile phone hacking by senior opposition politicians who reported receiving warning messages from Apple, Information Technology Minister Ashwini Vaishnaw said.

Vaishnaw was quoted in the Indian Express newspaper as saying on Thursday that CERT-In, the computer emergency response team based in New Delhi, had started the probe, adding that “Apple confirmed it has received the notice for investigation”.

A political aide to Vaishnaw and two officials in the federal home ministry told Reuters that all the cyber security concerns raised by the politicians were being scrutinised.

There was no immediate comment from Apple about the investigation.

This week, Indian opposition leader Rahul Gandhi accused Prime Minister Narendra Modi’s government of trying to hack into opposition politicians’ mobile phones after some lawmakers shared screenshots on social media of a notification quoting the iPhone manufacturer as saying: “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID”.

A senior minister from Modi’s government also said he had received the same notification on his phone.

Apple said it did not attribute the threat notifications to “any specific state-sponsored attacker”, adding that “it’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected”.

In 2021, India was rocked by reports that the government had used Israeli-made Pegasus spyware to snoop on scores of journalists, activists and politicians, including Gandhi.

The government has declined to reply to questions about whether India or any of its state agencies had purchased Pegasus spyware for surveillance.

(This story has been corrected to fix the first name of the minister to Ashwini in paragraph 1)

(Reporting by Rupam Jain and Munsif Vengattil; editing by Miral Fahmy)

Source…