Hexaware Acquires CyberSolve to Strengthen Global Identity Security and AI-Driven Cyber Resilience

Hexaware Technologies [NSE: HEXT], a global provider of IT solutions and services, today announced it has acquired CyberSolve, a global specialist in identity and access management (IAM) solutions. Together, the companies will help enterprises modernize identity foundations, automate controls with artificial intelligence (AI), and run secure operations across complex, hybrid technology estates.

Across boardrooms, chief information officers cite cybersecurity as a top priority, as trusted digital identity—and the governance, risk, and compliance frameworks around it—now underpin every transformation, from cloud adoption and application modernization to data protection and workforce productivity.

CyberSolve brings nearly a decade of focused work in large identity programs, with 230+ specialists, 20+ IAM tech alliances, and 650+ implementations across sectors including retail, healthcare, pharma, automotive, financial services, logistics, government, and technology. Its teams are known for fast, reliable app onboarding, smooth platform migrations, and audit-ready operations. Hexaware adds consulting depth, engineering excellence, and 24x7 cybersecurity and resilience operations, spanning GRC, cloud security, and DevSecOps—helping clients move from isolated fixes to an integrated identity capability that reduces risk and accelerates growth at global scale.

“Cybersecurity has moved from an IT concern to a business imperative, and chief information officers tell us that getting identity right is at the top of the agenda,” said Siddharth Dhar, President & Global Head – Digital IT Operations & AI, Hexaware. “By bringing CyberSolve into Hexaware, we combine their craftsmanship in identity programs with our platform-led delivery and global operations. Clients will see faster value, stronger controls, and a clearer path to secure digital growth.”

“Our mission has always been to inspire trust in every digital interaction,” said Mohit Vaish, CEO, CyberSolve. “Joining Hexaware allows us to scale that mission—expanding our reach, applying AI more deeply, and creating measurable security outcomes for enterprises worldwide.”

Atul Agrawal, Managing Partner, CyberSolve, said, “We’re truly delighted to join Hexaware. The combined strengths of our IAM expertise and Hexaware’s AI-first operations create tremendous potential to redefine how global enterprises approach digital identity and security.”

Shubham Khandelia, Managing Partner, CyberSolve, added, “This is an exciting milestone for our people and clients alike. Together, we can deliver broader capabilities, faster innovation, and stronger assurance, building on our shared commitment to trust and excellence.”

Client organizations also welcomed the announcement. Chris Lugo, VP – CISO, Blue Cross Blue Shield Association, said, “CyberSolve has consistently helped bring clarity and momentum to complex initiatives. With Hexaware, they’ll have the scale and structure to deliver even greater impact. I’m excited to see what the two teams achieve together.”

The combined team will focus on what leaders need most today, delivering accurate and effective identity security, dependable operations, and easier adoption of change across large enterprises, resulting in faster onboarding, smoother migrations, continuous compliance, and secure work from anywhere.

UP Police Embraces AI and Cyber Training in Yogi Adityanath’s Hybrid Model for 60,244 Recruits

In a landmark move to modernize law enforcement, Uttar Pradesh Chief Minister Yogi Adityanath has unveiled a tech-forward hybrid training model for 60,244 newly appointed police personnel. The initiative marks one of India’s largest digital transformations in police training, integrating artificial intelligence, cybercrime modules, and simulation-based learning into the traditional curriculum.

Tech Highlights of the Hybrid Training Model

• AI-Powered Simulations: Recruits will engage with artificial intelligence-driven scenarios that mimic real-world policing challenges—ranging from crowd control to cyber fraud detection. These simulations aim to sharpen decision-making and situational awareness.
• Cybercrime and Digital Forensics: The curriculum includes hands-on training in cybercrime investigation, digital evidence handling, and online threat mitigation. Officers will learn to trace IP addresses, decrypt digital trails, and respond to phishing and ransomware cases.
• Smart Classrooms and E-Learning: Training centers are being equipped with smart boards, biometric attendance systems, and cloud-based learning platforms. Recruits can access legal modules, case studies, and forensic tutorials remotely.
• Drone and Surveillance Tech: Select units will receive exposure to drone operations, facial recognition systems, and real-time surveillance tools—preparing them for tech-assisted field operations.
• Data Ethics and Privacy: Officers will be sensitized to digital rights, data protection laws, and ethical boundaries in tech-enabled policing.

Strategic Vision

The hybrid model reflects CM Yogi Adityanath’s broader vision to align UP Police with global standards in digital law enforcement. By embedding technology into foundational training, the state aims to build a force that is not only physically agile but digitally literate and ethically grounded.

Accenture Announces Its Largest Ever Cybersecurity Acquisition of CyberCX

Global consulting giant Accenture has announced its largest-ever cybersecurity acquisition, acquiring Australian firm CyberCX in a landmark deal reportedly valued at $650 million. The move significantly expands Accenture’s cyber defense capabilities across the Asia-Pacific region and beyond.

CyberCX is one of the largest and most prominent cybersecurity firms in the Asia Pacific region. The company’s end-to-end services extend across consulting, transformation and managed security services and include advanced capabilities in offensive security and cyber physical security, crisis management, threat intelligence, managed detection and response, as well as strategic advisory, identity, cloud and network security.

Accenture’s acquisition of Australian cybersecurity firm CyberCX for a reported $650 million marks its largest-ever cybersecurity deal to date.

Why CyberCX?

• CyberCX employs approximately 1,400 cybersecurity professionals.
• Operates across Australia, New Zealand, London, and New York.
• Specializes in sovereign cloud security, threat intelligence, and crisis response.
• Offers advanced AI-powered cybersecurity platforms.

CyberCX was founded in October 2019 by John Paitaridis, who serves as CEO, and Alastair MacGibbon, the company’s Chief Strategy Officer. Paitaridis brought extensive experience from his leadership roles at Optus and Telstra, while MacGibbon contributed deep expertise from his tenure as Australia’s national cybersecurity advisor. Their vision was to create a sovereign cybersecurity powerhouse rooted in Australian and New Zealand capabilities.

CyberCX was financially backed by BGH Capital, a private equity firm that facilitated the rapid consolidation of 17 cybersecurity businesses to form CyberCX. This strategic roll-up enabled CyberCX to quickly establish itself as a dominant force in the region’s cybersecurity landscape.

Strategic APAC Expansion

Australia has faced a wave of high-profile cyberattacks in recent years, including breaches at Optus, Medibank, and Qantas. CyberCX’s strong local presence and government partnerships make it a strategic asset for Accenture’s push into the region. The acquisition positions Accenture as a dominant force in securing digital ecosystems across APAC.

Accenture’s Cybersecurity Growth Trajectory

Since 2015, Accenture has completed 20 security acquisitions, including most recently acquiring Morphus, MNEMO Mexico and Innotec Security.

Year	Company	Country
2023	Morphus	Brazil
2022	MNEMO	Mexico
2021	Innotec Security	Spain
2025	CyberCX	Australia

What This Means for the Industry

The acquisition signals a broader trend of consolidation in the cybersecurity sector, as global firms race to bolster defenses against increasingly sophisticated threats. For Accenture, it’s a bold step toward becoming the go-to provider for end-to-end cyber resilience, especially in geopolitically sensitive regions.

Think Before You Click: SEBI’s #SEBIvsSCAM Campaign Targets Fake Apps, Deepfakes, and Dubious Tips

Securities and Exchange Board of India (SEBI) has launched a nationwide investor awareness campaign titled #SEBIvsSCAM, aimed at educating investors about various types of financial scams and how to safeguard themselves. This initiative is part of SEBI’s ongoing commitment to protect the retail investors from such scams in the securities market. Under SEBI’s guidance and regulatory oversight, the National Stock Exchange of India Ltd. (NSE) has rolled out a comprehensive investor protection drive to support this campaign.

The campaign comes at a critical time when digital financial frauds are on the rise, with fraudsters using increasingly sophisticated and deceptive methods to target investors. From fake trading apps and deepfake videos to unregistered investment advisors and misleading stock tips on social media, scammers are exploiting technology and denting investor’s trust. Many individuals fall prey to schemes promising guaranteed returns/unusually high returns, pump-and-dump tactics, dabba trading, fraudulent foreign portfolio investment offers, etc—often resulting in significant financial losses.

#SEBIvsSCAM seeks to raise public awareness, promote safe investing habits and empower investors to make informed decisions. By spotlighting common scams and offering guidance, the campaign aims to help investors recognize warning signs, verify sources and report suspicious activities—ultimately contributing to a more secure and transparent financial ecosystem.

To ensure maximum outreach, NSE, under the aegis of SEBI will leverage a mix of media platforms including television, radio, print, digital and social media. We will also spread the Investor Awareness messages through Investor Awareness Programs which are done through physical, digital and hybrid modes. This multi-channel approach is designed to reach investors across urban and rural areas, in multiple languages and through formats that are accessible and engaging to diverse audiences.

Investor Advisory: Stay Alert, Stay Protected

• Do not fall for promises of assured or fixed returns in the securities market. Such offers are illegal and misleading.
• Avoid unsolicited messages from unknown sources. Always verify information through official websites such as SEBI, NSE or the concerned company.
• Do not download unregulated apps or join chat groups offering investment advice.
• Engage only with SEBI-registered intermediaries or research analysts. Verify their credentials at: https://www.sebi.gov.in/sebiweb/other/OtherAction.do?doRecognised=yes
• Download trading apps only from SEBI-registered trading members via official app stores. Verify apps https://www.nseindia.com/trade/members-compliance/list-of-mobile-applications
• Transfer funds only to registered client bank accounts of your stockbroker. Verify account details at https://enit.nseindia.com/MemDirWeb/form/tradingMemberLocator_beta.jsp
• From October 1, 2025, investors will be able to make payments to SEBI-registered intermediaries using a standardized UPI handle format (e.g., abc.brk@validbank) .
• Report any fraudulent activity at www.cybercrime.gov.in or call the Cybercrime Helpline at 1930. For investor support, contact NSE at 1800 266 0050.

Issued in public interest by the National Stock Exchange of India Ltd under the aegis of Securities and Exchange Board of India.

Deeptech QNu Labs Launches QNu Academy to Power India’s Quantum-Ready Workforce

• This launch marks a strategic milestone in India's journey toward achieving quantum self-reliance & digital sovereignty
• The academy is designed to serve a wide range of learners, including universities, faculties & students to build a skilled workforce capable of securing India’s digital future

QNu Labs, India’s first and world’s no.1 integrated end-to-end quantum secured cybersecurity platform today announced the launch of QNu Academy, a global educational initiative aimed at building a future-ready talent pipeline in quantum technologies and cyber-security. As India advances its digital infrastructure and aligns with the National Quantum Mission, QNu Academy, backed by National Quantum Mission aims to bridge the existing talent gap. This launch marks a strategic milestone in India's journey toward achieving quantum self-reliance and digital sovereignty.

QNu Academy offers in-depth education and practical training in advanced technologies such as Quantum Key Distribution (QKD), Quantum Random Number Generation (QRNG), and Post-Quantum Cryptography (PQC). The curriculum blends self-paced learning and instructor-led modules, curated in collaboration with experts from premier Indian institutions like the IITs and DRDO, as well as global quantum research bodies. Learners benefit from real-world use cases, hands-on lab assignments, continuous assessments, and mentorship from industry practitioners.

• The academy is designed to serve a wide range of learners, including universities, faculties, and students, to build a skilled workforce capable of securing India’s digital future. In addition, QNu Academy actively supports educational institutions through Faculty Development Programs and the creation of Centres of Excellence (CoE) Labs to promote quantum innovation and applied research. Placement support, certifications and career readiness initiatives are also integrated into the learning journey.

Speaking on the launch, Sunil Gupta, Co-Founder & CEO of QNu Labs, said, “QNu Academy is more than an educational platform. It is a national mission to democratize access to quantum education and build widespread awareness around quantum communications. Our goal is to create a sustainable ecosystem for quantum learning in India through faculty development programs, industry-relevant programs, CoE labs, certified programs, real-time projects, and assignments with placement opportunities to develop quantum experts, empowering you to become a future leader. The future of cybersecurity in India depends on how well we prepare today’s learners to tackle tomorrow’s threats.”

“Through QNu Academy, we hope to foster a culture of innovation, encourage indigenous R&D in quantum tech and empower India’s workforce to lead on the global stage,” he added.

QNu Academy represents a timely and important investment in human capital. The program aligns well with India’s broader goals of technological development, digital resilience, and global leadership in quantum innovation. It is envisioned as a long-term commitment to enabling India’s readiness for quantum disruption and equipping the country with the skilled manpower needed to thrive in the post-quantum era.

Quick Heal's Seqrite Labs Identifies 650+ Cyber Incidents Linked to Geopolitical Tensions Surrounding ‘Operation Sindoor’

Quick Heal Technologies Limited, a global cybersecurity solutions provider, through its Seqrite Labs, India’s largest malware analysis facility, has revealed some critical details about coordinated cyberattacks exploiting geopolitical tensions during ‘Operation Sindoor’, India’s military counterterrorism response to the April 22, 2025 Pahalgam terror attack. While the Indian Armed Forces conducted precision strikes on terrorist infrastructure in Pakistan-administered Kashmir from May 7-10, 2025, the threat intelligence team at Seqrite Labs, identified parallel cyber campaigns by Pakistan-aligned threat actors targeting defense, healthcare, telecom, and government sectors across India.

The cyber offensive began on April 17, 2025, with spear-phishing emails distributing weaponized files such as Final_List_of_OGWs.xlam and Preventive_Measures_Sindoor.ppam. These attachments exploited public concern about national security by masquerading as official Indian government advisories. Forensic analysis confirmed the use of Ares RAT, an evolved variant of APT36’s Crimson RAT malware, which established covert communication channels with command-and-control (C2) servers at IP 167.86.97[.]58:17854. Attackers spoofed legitimate Indian domains like nationaldefensecollege[.]com and zohidsindia[.]com to bypass security protocols.

Between May 7-10, Seqrite’s telemetry recorded 650+ cyber incidents, including DDoS attacks on telecom providers (Jio, BSNL), defacements of state education portals, and credential harvesting campaigns against healthcare institutions like AIIMS and Apollo Hospitals. Hacktivist collectives such as #OpIndia and #OperationrSindoor coordinated via Telegram, claiming responsibility for leaking sensitive data from defense contractors and municipal databases.

The attackers’ infrastructure leveraged virtual private servers (VPS) in Russia, Germany, and Indonesia to mask origins. Malicious .ppam and .Ink files triggered PowerShell scripts that disabled security tools, exfiltrated military communication logs, and deployed ransomware on healthcare systems. Seqrite’s countermeasures included 26 custom detection signatures deployed across Seqrite XDR, integration of YARA rules into national threat intelligence platforms, real-time alerts for spoofed domains, and threat advisory dissemination to Indian entities.

The targeted cyberattacks on Indian institutions in wake of rising geopolitical tensions between India and Pakistan paint a clear picture of how nation-state actors now collaborate with non-state hacktivists, merging technical intrusion with psychological operations. The evolution of APT36 and the simultaneous hacktivist attacks signal a deliberate convergence of cyber espionage and ideological warfare. Instead of isolated malware campaigns, we now face digitally coordinated war games run with a common objective: that of destabilizing, disinforming, and disrupting.

In light of these alarming findings, Seqrite urges organizations to exercise utmost caution with respect to their digital security. It is advised to adopt a zero-trust approach, deploy advanced, multi-layer security systems, create regular backups, and conduct awareness drives to impart essential cybersecurity training which can help reduce human error. Seqrite’s cutting-edge suite of cybersecurity solutions, including EPS, ZTNA, EDR, and XDR, along with Seqrite Malware Analysis Platform and Seqrite Threat Intel Platform, can help organizations of all sizes strengthen their cybersecurity stanc

Hackers vs. AI: 86% of Firms Hit by Cyber Threats—Who’s Winning?

Cisco's 2025 Cybersecurity Readiness Index reveals that only 4% of organizations worldwide have reached a "Mature" level of cybersecurity readiness. This is a slight improvement from last year's 3%, but it still highlights significant gaps in global preparedness.

The Index evaluates companies' readiness across five pillars—Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification— and encompassing 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, respondents detailed their deployment stages for each solution. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature.

Key Findings:

The lack of cybersecurity readiness globally is alarming as 71% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months.

• AI-related security incidents affected 86% of organizations in the past year.
• 49% of respondents believe their employees fully understand AI-related threats, while 48% think their teams grasp how malicious actors use AI for attacks.
• Nearly half of organizations suffered cyberattacks, struggling with complex security frameworks.
• 71% of respondents anticipate business disruptions due to cyber incidents within the next 12 to 24 months.
• Only 45% of organizations allocate more than 10% of their IT budget to cybersecurity, down from 53% last year.

The report evaluates cybersecurity readiness across five pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. AI is both a security tool and a threat, with 89% of organizations using AI for threat detection, response, and recovery

The report said that — to tackle today’s cybersecurity challenges, organizations must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritizing AI for threat detection, response, and recovery is essential, as is addressing talent shortages and managing risks from unmanaged devices and shadow AI.

India-US Researchers Creates Quantum-Safe Video Encryption Framework to Tackle Deepfake-like Threats

Researchers from India and the USA have created a quantum-safe video encryption framework to tackle modern cyber threats like deepfakes and data manipulation. This innovative framework combines quantum computing's inherent randomness with advanced SSL-encrypted HTTP transmission, providing unmatched security and efficiency.

The research, led by experts from Florida International University and the National Forensic Sciences University, has been featured in IEEE Transactions on Consumer Electronics.

This framework integrates quantum encryption with classical video transmission methods to enhance security against evolving cyber threats.

This breakthrough is expected to significantly enhance video communication security, especially for sensitive communications in defense, government, and military operations.

Dr. Naveen Kumar Chaudhary from the National Forensic Sciences University in India collaborated with Dr. S.S. Iyengar and Dr. Yashas Hariprasad from Florida International University has led to the development of this quantum-safe encryption framework.

A promising step towards a more secure digital future, the framework is based on hybrid quantum video encryption, which uniquely combines the power of quantum encryption with classical video transmission techniques, ensuring robust protection against potential quantum computing threats.

The Quantum Encryption utilizes the principles of quantum mechanics to create encryption keys that are virtually impossible to crack using classical computing methods.

The framework incorporates advanced SSL-encrypted HTTP transmission to maintain high-quality video communication. It Merges the strengths of both quantum and classical encryption, offering a dual layer of security.

It has varied cybersecurity applications with an aims to protect sensitive video communications, particularly in sectors like defense, government, and military.

Designed to withstand the advancements in quantum computing, making it a long-term solution for secure video transmission, the framework is a significant leap forward in cybersecurity, addressing the growing concerns over deepfakes and data manipulation.

It's a promising development that could reshape the landscape of secure digital communication. The research has been funded by U.S. Army DEVCOM Army Research Laboratory and U.S. National Science Foundation (NSF), an independent agency of the United States federal government. 

Tackling Deepfakes

The quantum-safe encryption framework tackles deepfake threats by leveraging the inherent randomness of quantum computing and advanced SSL-encrypted HTTP transmission. Here's how it works:

1. Pseudorandom Keys: The framework uses quantum-generated pseudorandom keys to encrypt video streams. These keys are extremely difficult to predict or replicate, making it challenging for deepfake creators to manipulate the video content.

2. Quantum-Safe Protocols: Individual frames of the video are secured using quantum-safe protocols, ensuring that each frame is protected against tampering.

3. Enhanced Security: By combining quantum encryption with classical methods, the framework provides a dual layer of security, significantly outperforming current methods.

4. Authenticity and Integrity: The encryption ensures the authenticity and integrity of video communications, making it difficult for malicious actors to create convincing deepfakes.

This approach is particularly effective in sensitive sectors like defense, government, and military operations, where the authenticity of video communications is crucial.

Indian Govt Issues Advisory Warning on AI Generated Deepfake Threats

India's national nodal agency for responding to computer security incidents in the country, the Indian Computer Emergency Response Team (CERT-In), has recently issued an advisory warning about the rising threats posed by Al-generated deepfakes.

Deepfake technology, which involves the use of artificial intelligence (AI) to create highly realistic and convincing fake videos, images, and audio, is becoming increasingly sophisticated. This technology poses significant risks, including the potential for disinformation, fraud, and social engineering attacks.

The advisory highlights risks such as misinformation, financial fraud, and privacy violations, and provides guidance for individuals and organizations to detect and counter these threats.

Here are some key points from the advisory:

1. Verify Sources: Ensure digital content is from reliable sources before sharing or acting on it.

2. Look for Anomalies: Identify signs such as unnatural blinking, mismatched lip-sync, inconsistent lighting, or distorted visuals.

3. Cross-Reference Information: Confirm the accuracy of content through multiple trusted sources

4. Limit Personal Data: Avoid sharing high-resolution images or videos online.

5. Use Multi-Factor Authentication (MFA): Secure accounts with MFA to reduce risks of hacking.

6. Monitor Public Channels: Keep track of potential deepfake content targeting your Organization.

7. Adopt Secure Communication: Use encrypted channels for sensitive discussions to prevent interception.

The advisory also urges organizations to strengthen detection tools, monitor public channels, and enhance digital forensics capabilities.

The advisory, with original issued date of 27 November 2024, serves as a critical resource for identifying, assessing, and mitigating the threats posed by synthetic media.

It's crucial to stay informed and vigilant about these threats.

US Govt's CISA Issues Guidance for Cisco Devices Frequently Targeted by China-affiliated Threat Actors

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued specific guidance for network engineers and defenders to patch and secure Cisco network devices in response to the Salt Typhoon cyber-espionage campaign linked to the People's Republic of China (PRC). 

Cisco gear has been frequently targeted by PRC-affiliated threat actors, says the CISA guidance, which is developed in collaboration with other cybersecurity agencies from Australia, Canada, and New Zealand.

The guidance titled "Enhanced Visibility and Hardening Guidance for Communications Infrastructure" is a joint publication by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate's Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand's National Cyber Security Centre (NCSC-NZ).

The guide aims to provide best practices for network engineers and defenders to strengthen visibility and harden network devices against cyber threats, particularly those affiliated with the People's Republic of China (PRC).

CISA has provided Cisco-specific advice, including patching vulnerable devices and following best practices outlined in Cisco's IOS XE Hardening Guide and Guide to Securing NX-OS Software Devices.

Enhancing visibility means having detailed insight into network traffic, user activity, and data flow, which helps in quickly identifying threats and vulnerabilities. Hardening involves implementing measures to secure network devices and reduce potential entry points for cyber threats.

Scope of Attacks: The attacks compromised networks of eight telecommunications providers, exfiltrating customer call records and compromising private communications.

The guide includes recommendations such as patching vulnerable devices, monitoring configuration changes, and implementing strong network flow monitoring solutions.

Enhanced Visibility and Hardening Guidance

Patch Vulnerabilities: Ensure all network devices, including routers, switches, and firewalls, are up-to-date with the latest security patches.

Monitor Configuration Changes: Implement comprehensive alerting mechanisms to detect unauthorized changes to network devices. Store configurations centrally and push them to devices.

Network Flow Monitoring: Implement a strong network flow monitoring solution to gain visibility into network traffic and detect anomalies.

Strong Authentication: Use strong passwords and implement two-factor authentication (2FA) to enhance security

End-to-End Encryption: Adopt end-to-end encryption for communications to protect data from interception.

Regular Audits: Conduct regular security audits and penetration tests to identify and address vulnerabilities.

Implementation Steps

Update Systems: Regularly update all network devices and software to the latest versions.

Implement Monitoring Tools: Deploy network monitoring tools to track traffic and detect unusual activities.

Centralize Configurations: Store device configurations centrally and push updates to devices to prevent unauthorized changes.

Enable Alerts: Set up alerts for any configuration changes or unusual activities on network devices.

Use Strong Passwords: Enforce the use of strong, unique passwords for all network devices and accounts.

Implement 2FA: Enable two-factor authentication for accessing critical network devices and systems.

Encrypt Communications: Ensure that all sensitive communications are encrypted end-to-end.

Conduct Audits: Perform regular security audits and penetration tests to identify and fix vulnerabilities.

By following these recommendations, telecommunications providers can significantly enhance their network security and protect against sophisticated cyber-espionage campaigns like Salt Typhoon.

Began in 2022, Salt Typhoon has targeted at least eight U.S. telecommunications providers, including major companies like AT&T, Verizon, and Lumen Technologies. The malicious campaign has also affected telecommunications infrastructure in other countries, highlighting the global nature of cybersecurity threats.

Cisco's Firewall is Now AI-driven, Designed to Write Its Own Codes, Test Them in Real-Time

Cisco has recently launched an AI-driven firewall. The network security firm networking said that its firewall is now AI-driven, which autonomously manages and updates itself, aimed at simplifying cyber-defence for its enterprise clients.

The new firewall is designed to write its own codes and test them in real-time within the user's environment. This means it can autonomously manage and update itself, reducing manual oversight. It can deploy the rules across different platforms, including data centers and the cloud.

The AI-powered firewall can also automatically remove rules once it deems them unnecessary.

This was announced by Raj Chopra, Chief Product Officer-Security Business Group, Cisco, at Accel Cybersecurity Summit 2024.

This development comes at a time when enterprises face increasing cyber-attacks globally. Cisco's approach aims to simplify cyber-defense for its enterprise clients, similar to how modern web browsers update automatically in the background. You can think of it as a "never have to upgrade ever again" solution.

Additionally, Cisco has also introduced the Cisco AI Assistant for Security, which leverages AI to speed up firewall management, making it simpler for administrators to identify, troubleshoot, and optimize complex policy environments.

Infosys' US-based Subsidiary Reportedly Faced Data Breach Affecting Over 6 Mn Individuals

IT consulting giant Infosys' U.S.-based subsidiary, McCamish Systems, experienced a significant data breach. Following a November ransomware attack attributed to the LockBit ransomware operation, data from over 6.078 million individuals was compromised reported Security Affairs.

Initially, it was believed that sensitive information on approximately 57,000 people had been stolen. However, further investigation revealed that the threat actors had accessed valuable intel on more than six million individuals.

The stolen data includes a wide range of personal information, such as Social Security Numbers (SSN), birth dates, medical details, biometric data, email addresses, passwords, Driver’s License numbers, state ID numbers, financial account information, payment card details, passport numbers, Tribal ID numbers, and US military ID numbers. This wealth of information could potentially be used for phishing or identity theft attacks.

Infosys McCamish, the center of excellence for Infosys' Life Insurance software solutions and services offerings in the U.S., has been providing software and services to the life insurance industry for over 22 years.

To mitigate the impact, McCamish Systems provided affected individuals with free identity protection and credit monitoring services through Kroll for a period of two years. The incident was initially reported by Bank of America, which identified Infosys McCamish Systems as an outside counsel for the bank.

The specific details of how the breach occurred have not been publicly disclosed. However, ransomware attacks often exploit vulnerabilities in software, weak passwords, or social engineering tactics. In the case of Infosys McCamish Systems, the LockBit ransomware group likely gained unauthorized access to their systems, encrypted data, and demanded a ransom for its release. Organizations typically respond by enhancing security measures, patching vulnerabilities, and improving incident response protocols to prevent future breaches.

With 13.7% of All Cyber Attacks, India is Most Targeted Country; 100% Increase in State-Sponsored Attacks

• India is the most targeted country with 13.7% of all cyber attacks directed at it
• US, Indonesia and China are next 3 most targeted countries by threat actors
• Govt agencies across nations emerge as the topmost target with 95% of the cyber attacks aimed at them
• State sponsored cyber attacks increased by 100% on India in 2022
• Healthcare sector most targeted in India followed by education, research, govt and military sectors
• Cyfirma research shows 39 active campaigns against India in 2023 coming from state sponsored threat actors from China, North Korea, Pakistan, Russia
• Threat actors actively targeting India include FancyBear, Mission 2025 (China), TA505 (Russia), Transparent Tribe (Pakistan) Turla Group, Stone Panda and Lazarus Group (North Korea)

CYFIRMA, an external threat landscape management platform, has released India Threat Landscape report 2023 focusing on threats targeting India and strategies to counter them.

According to the report, India is the most targeted country, with 13.7% of all attacks followed by the US with 9.6%, Indonesia and China with 9.3% and 4.5% respectively. The number of cyberattacks on government agencies has increased significantly year-on-year. In the second half of 2022, there were 95% more cyberattacks on government agencies than in the same period in 2021. The number of state-sponsored cyber attacks in India increased by more than 100% in 2022 compared to 2021. India was the most targeted country in 2022 as attacks on government agencies more than doubled.

 

Healthcare is the most targeted sector by hackers followed by education, research, government and military sectors. The data from the report shows that an organization in India was attacked 1,866 times per week on average in 2022.

The most common types of cyber attacks in India are — phishing attacks, malware attacks, and ransomware attacks. 78% of Indian organizations experienced a ransomware attack in 2021, with 80% of those attacks resulting in data encryption.

 

Kumar Ritesh, CEO & Founder, Cyfirma, says, “It comes as no surprise that India is the most targeted country in the world by threat actors. India’s growing prominence at the world stage and push from Western economies to favour India over other large countries, a young and tech savvy population with low cybersec maturity has played a key role in hackers coming after critical assets, govt agencies with an intent to breach them and harm India’s strategic interests. While sectors like BFSI, healthcare and software companies have spent significantly on improving their security posture, there is an urgent need to understand the external threat landscape. We believe that unless you don't know who to defend against, billions spent in cybersec will not yield expected results.”

India’s geo-political importance has never been greater than it is today. This has given way to threat actors uniting against India. A disturbing trend of North Korean threat actors collaborating with China and Russia has been observed with the former offering itself as hacker as a service (HaaS) for financial gains.

Between Jan to July 2023, as part of the external threat landscape monitoring and analysis, CYFIRMA observed 39 campaigns targeting various industries in India. Known groups like FancyBear, TA505, Mission 2025, Stone Panda and Lazarus Group are suspected to be behind these campaigns. Of these 39 campaigns, 14 have been orchestrated by China State sponsored groups with an intent of espionage. 11 of these campaigns were planned by North Korea backed hackers as part of HaaS. While 10 attacks originated from Russian threat actors, of which only 4 were state sponsored.

Key trends and attack methods being used by threat actors:

Ransomware: Ransomware operators are continuously improving their techniques with an intent to intimidate and force victims to pay the ransom. At present, ransomware operators are suspected to follow a 4-layer approach of targeting organizations which includes:

1. Infiltrate into the target organization’s network.
2. Exfiltrate and encrypt data.
3. Demand ransom and “Name & Shame”.
4. Leave behind footprints in the targeted organizations to come back and attack again.

Crimeware- as-a service: CaaS threats include SMS spoofing, phishing kit,custom spyware, hackers for hire, exploit kit.

Carpet Bombing of SMEs: SMEs are not spared by cyberwar, businesses of all sizes are targeted.

Supply Chain disruption: Software supply chain will continue to be targeted

With the rising attacks, it is critical for the govts and Organizations to engage a comprehensive ETLM tool, which can take the intel gathered and relate it back to infrastructure, digital footprint, brand, industry, technology, and geolocation. Because when you unify different capabilities, you get a prioritized list of actions to prepare an effective response plan.

CYFIRMA is an external threat landscape management platform company. We combine cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. Our cloud-based AI and ML-powered analytics platforms provide the hacker’s view with deep insights into the external cyber landscape, helping clients prepare for impending attacks. CYFIRMA is headquartered in Singapore with offices in Japan, India, the US, and the EU. Customers include both government as well as Fortune 500 companies across manufacturing, financial services, retail, industrial products, natural resources and pharmaceutical Industries.

 

Beacon of Cybersecurity in Telangana – The State Police Launch India’s 1st Law Enforcement CISO Council

Telangana Police launched India’s First Law Enforcement CISO Council.

It is termed as a Beacon of Cybersecurity in Telangana

DGP Anjani Kumar, Principal Secretary Jayesh Ranjan unveiled amidst the presence of Commissioner of Cyberabad, Stephen Raveendra; SCSC Secretary Ramesh Kaza and Industry stalwarts

Telangana Police with support from Industry and Academia launched the Law Enforcement CISO (Chief Information Security Officers) Council, a first-of-its-kind initiative in India. 

DGP of Telangana State Anjani Kumar, Principal Secretary Jayesh Ranjan unveiled it amidst the presence of Commissioner of Cyberabad, Stephen Raveendra; SCSC Secretary Ramesh Kaza and Industry stalwarts in a function held at Cyberabad Police Commissionerate on Saturday late evening.

Addressing the gathering immediately after the launch, the Director General of Police, Govt of Telangana, Anjani Kumar said those who handle the subject take it casually. It is not just the case of Police but in every other profession as well. He narrated an example of a colleague who upon returning from a Seminar on Cyber Security, sought his help as he fell victim to a cyber fraud and lost INR 5 lakh. The senior police officer also cited another example of how 20,000 women died in a country over a period of 20 years due to the unmindful and casualness of doctors. They found that too after 20 years, a simple cause for the death of so many mothers. The same doctors who performed postmortems also performed deliveries and used the same contaminated tools. With these two examples, Anjani Kumar made a point that it doesn’t matter how big an expert you are but your casual approach may lead to trouble.

Anjani Kumar seen addressing at the launch of  India’s First Law Enforcement CISO Council

Speaking further he said, Telangana is called bright star in the country. It is a home to implement many firsts in the country. And CISO Council is one such example.

Cyberabad Police created a history of sorts by getting Rs 2.2 crore returned to the cyber fraud victims. The police have successfully managed to pass through all hurdles and get the lost money back fast. He appreciated the Cyberabad Police for this achievement. They must develop SOP(Standard Operating Protocols) to help others, replicate it and successfully navigate the journey.

DGP Anjani Kumar talked about two bright starts in the hall and one of them was Stephen Raveendra. The DGP appreciated him for the remarkable work done and for setting up an example in managing to bring syphoned money back in cyber fraud case. Another star he mentioned was Jayesh Ranjan. Speaking about him, Anjani Kumar said, Jayesh Rajan upgrades himself (in terms of updating developments in his domain of specialization) faster than Apple upgrades its different series of phones.

 

Stephen Raveendra seen addressing at the launch of  India’s First Law Enforcement CISO Council

DGP Anjani Kumar_Jayesh Ranjan_Stephen Raveendra seen with CISO Council tream at its launch of Indias first  Law Enforcement Council

DGP Anjani Kumar and Cyberabad Police Commissioner Stephen Raveendra seen at the launch of India's first law enforcement  CISO Council

Telangana has managed to stand where it is because of collective efforts. There are many Industry professionals who possess domain knowledge more than police, he added

Definition of the crime is changing fast. There is no jurisdiction in cybercrimes. This now poses a lot of challenges for police.

Anjani Kumar expressed his concern at the rate at which cybercrimes are on the rise. As my earlier speaker pointed out, $8 trillion will be lost to cybercrimes by the end of 2023, which is almost a third of the USA's GDP in 2022 and twice as much as India's predicted GDP in this year, he said.

Jayesh Ranjan 

Jayesh Ranjan said India’s First Law Enforcement CISO Council is a beacon of Cyber Security in Telangana. The initiative is the best example of the PPP model, that we often keep talking about. Cyber Security breaches are multiplying and will grow by leaps and bounds when the next billion internet users start going digital. The enterprises are also going to be at risk.

He gave an example of his meeting Ajay Banga formerly with Master Cards, who upon asked by him in a meeting in New York some time ago on a visit to the USA said, that the company was subjected to 10,000 cyber-attacks on a good day and the number would go to 30,000 on a bad day. Individuals or enterprises, no one is an exception to cyber threats and frauds, he added.

The good thing about the new initiative Rajan said was to share intelligence. If you become a victim of cyber fraud and suffer, you must see that the other 20 are saved from falling prey to such attacks. But in reality, that is not happening.

Jayesh Ranjan offered a few suggestions. He asked the team of the CISO council to work with the IT Department of Telangana and a few centers of excellence in the state such as SOC—Security Operations Center; Cyber Security Center of Excellence, Data Security Council of India and the Computer Emergency Response Team (CERT). Also, he asked them to work with startups as they are known for innovative and agile thinking and tools development; and ethical hackers. He also told them to take the help of the IT Department of Telangana to forge international associations.

Giving his opening remarks Stephen Raveendra, Commissioner of Police, Cyberabad said with a 300% surge in cyber incidents over the past year, we need to defend our digital space, Government organizations, Critical Infrastructure, and Industry including vulnerable MSMEs which are repeatedly besieged by threats and are ill-equipped to handle compared to their larger multinational counterparts. The recent targeted attacks on Govt and Critical infrastructure institutions during the G20 event in Delhi highlight the imminent need to institutionalize the fight against cyber threats.

Every Cyber Security breach has an element of Criminality in it and every Cyber attack has an element of cybercrime in it. Law Enforcement CISO Council is the way forward.

What does this means is Reduced Attack Surface, Enhanced Resilience, Real-time Threat Intelligence, Legal and Regulatory Guidance, Opportunities for Public-Private Partnerships and, A Platform for Networking and Learning among several other outcomes, he added.

Ramesh Kaza, Secretary of SCSC said human-updated ransomware attacks are up more than 200%. There is a notable increase in the number of password-based attacks, the numbers skyrocketed in 2023 with a ten fold increase. In the year 2023, approximately 1,56,000 daily BEC (Business Email Compromise) attempts were observed. Attacks targeting open-source software have grown on average 742%. Gartner Analysts predicted that over the next two years, 45% of global organizations will be impacted by a supply chain attack. 57% of IoT/OT devices are on legacy firmware which is exploitable

A couple of CISO industry stalwarts Sindhu Sridhar, and Suvabratha Sinha also spoke on the occasion.

Abhishek Kumar, Director of Governance, Principal Group Manager, Microsoft said that they would bring the full force and were happy to contribute to enabling the collective experience of decades.

Ramesh Ganesh, Director of Technical of CoE and CyberEye said that the team would work on how to contain, reduce and mitigate Cyber Attacks.

Several industry stalwarts and corporate executives, CISOs attended the launch.

Apply Ancient Wisdom To Your Digital Lives: Cyber Security DCPs

• Most of the victims of cyber fraud or crime, 95% of them are well-educated and 80% are software professionals: Cyber Crime DCPs
• Cyber Crimes are becoming more organised now: Ms Ritraj, DCP, Cybercrimes, Cyberabad
• If you are using ChatGPT, even cybercriminals are also using it. Be alert, tell experts
• Report Cyber Crimes to the 1930 helpline

FLO (FICCI Ladies Organisation) organised a session “Unlocking Cyber Secrets’, on Safe Guarding Against Digital Threats with three top cyber expert police officers of Telangana Police at Integrated Control and Command Center at Jubilee Hills on Friday. 

The session was inaugurated by Mr CV Anand, Police Commissioner, Hyderabad.

Giving her opening remarks, Ritu Shah, Chairperson of FLO said, Cybersecurity is a social responsibility. We all have a role to play, she said quoting Magda Chelly, a noted expert on Cyber security.

We are living in an age where technology seamlessly intertwines with every facet of our lives. From the moment we wake up to the time we rest our heads on our pillows, technology accompanies us like a steadfast companion. Cybersecurity is the bedrock upon which our digital society rests, ensuring the integrity, confidentiality, and availability of data and systems that shape our modern existence. It's a profound honour to welcome you to this distinguished panel discussion, "Unlocking Cyber Secrets, Safeguarding Against Digital Threats”, she said.

This discussion promises to unveil insights, strategies, and solutions to protect our digital landscape, she added.

Participating in the panel discussion moderated by Mr Santosh Kaveti, CEO and Founder of ProArch, Ms Sneha Mehra, IPS, DCP Cyber Crimes, Hyderabad; Dr B. Anuradha, DCP Cyber Crimes, Rachakonda, and Ms Ritraj, DCP Cyber Crimes, Cyberabad, said people must be able to differentiate who is a foe and who is a friend. Most of the victims of Cyber Fraud, it is very sad to note that are well-educated. 95 per cent of them are highly qualified. And 80 per cent of them are Software professionals.

(Right-most) CV Anand - Police Commissioner Of Hyderabad Seen inaugurating Session on Cyber Security also seen are Ritu Shah, Sneha Mehra, Dr Anuradha

Cybercrimes are happening because of a lack of logical thinking, and awareness. People must use common sense, they added. 

Another reason for becoming a victim of many cyber frauds is a lack of Cyber Hygiene. The practices and steps that users of computers and other devices need to take regular initiatives to maintain system health and improve online security. These practices, said Ms Sneha, are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted.

(L-R) Ritu Shah , Sneha Mehra, Dr B Anuradha and Ritraj DCPS

Safe Cyber Transactions must become part of your daily conversations, advised Ms Sneha Mehra.

Cyber Criminals use public fear, greed, and guilt as their opportunities and their weapons to cheat people. You must be aware of this fact. If somebody promises easy money, the simple thing is to use your common sense. Illiterate people are safe because they use common sense. But unfortunately, many learned people who are falling prey to these cyber crooks are not using their minds. Think before you act, Dr Anuradha said.

She narrated how a woman who returned from abroad recently fell prey to a part-time job racket and lost rupees two crores a couple of days back in Rachakonda, is now living in guilt for ignorantly sharing a ten-second nude video to come out of the mess she landed in. She is now being counselled by a professional appointed by Rachakonda Police. 

When she approached the police along with her husband, it was too late and scamsters syphoned of the booty through 100 different accounts and the money had gone down through 30 layers and the police were helpless, Dr Anuradha added. 

Another sad thing is despite being social animals, many people in these kinds of situations suffer in silence and don’t share with any of their family members and friends. 

Santosh, the moderator reminded 150 plus FLO members of the Thirty Crow story and advised them not to be greedy and get tempted by easy money offers. They must cross-check, verify and consult experts before they act upon them. If the crow could use its common sense so as we, he said.

Another fraud that is trending off-late is that cybercriminals are taking the help of ChatGPT to draft alluring and tempting messages, offers that you are bound to take seriously. So be aware of these trends and act accordingly, he said. 

Ritraj said cyber crimes are becoming more organised. They are trying to get more professionals.

Referring to many calls people receive in the disguise of SBI Bank, she said, no public sector bank like SBI calls you at odd hours or after bank hours. They don’t call you from a private number. They don’t use social media to communicate. She advised people to think logically and act, she said.

You can report it to the 1930 helpline or log in National Cyber Crime Reporting Portal and report it they advised the public.

Juice Jacking: A New Cyber Stealing that Empties Bank Account When Smartphones Connect To Charging, RBI Warns

You may have hardly noticed this, but today big-fatvhackers around the world are stealing people's confidential data by planting 'malware' in public cables or USB ports. This is called 'Juice Jacking'.

Cyber ​​thieves are adopting new tactics every day. Some are cheating people by sending messages on WhatsApp, while some are cheating by sending YouTube video links to like. Juice Jacking is also a type of scam about which very few people know. Many of you may already know about it and many may not know, but this juice jacking can destroy your entire life's earnings in a jiffy. India's central bank, Reserve Bank of India (RBI) has issued a warning regarding this.

Let us know what is juice jacking and what is the way to avoid it?

Juice jacking is a type of cyber stealing, where, once your mobile is connected to unknown / unverified charging ports, unknown apps / malware are installed with which, the fraudsters can control / access / steal sensitive data, email, SMS, saved passwords.

Precaution —

Always avoid using public/ unknown charging ports/cables.

When battery of your mobile, tablet or laptop runout at times when you're at public place like a railway station, airport or hotel, and you may start charging the device with the charging cable or USB port you see there, but have you thought that the battery of the device gets charged? Your bank account could be empty or your private messages, emails, mobile passwords or other information could be stolen.

Steps To Follow To Avoid Juice Jacking

• Never use the pre-installed charging cable in train, airplane or at station-hotels.
• Don't use the charging cable or port that you get as a promotional gift.
• Use the original charger and cable that came with your phone.
• If you are traveling then keep a power bank with you.
• Use an adapter instead of using the USB port at a charging station.
• Do not charge phone or any other Gadgets using USB port at hotels. 

An Investigative Study of 120 Mn IoT Devices Revealed that IoT Devices Globally Generating Whopping 3.6 Bn Security Events

NETGEAR’s “2023 IOT SECURITY LANDSCAPE REPORT” BRINGS IoT SECURITY CONCERNS INTO SHARP FOCUS

The Internet of Things (IoT) is a network of devices, vehicles, home appliances, and other items that use sensors, software, and network connectivity to collect and exchange data. These connected devices are changing the way we live, work, and communicate. Along with their myriad blessings, they are also opening up new avenues for crime. As a result, IoT devices have emerged as the most vulnerable equipment in the world today.

As manufacturers increasingly scrap “dumb” devices in favor of smart Internet-connected versions, smart homes are growing around their owners, enveloping the humans that own them without them being aware of it. The once romanticized notions of the smart house, often portrayed on TV as a cheery aide to a seamless life, have given way to privacy invasions, data breaches, and ruthless ransomware attacks targeting network-attached storage. If improperly configured, or shipped with vulnerabilities and security hazards that were overlooked during quality assurance, these devices can spell catastrophes for privacy and data integrity. They can even jeopardize the integrity of the Internet itself.

2023 IoT Security Landscape Report: Key Findings

As per a recently released report “2023 IoT Security Landscape Report” brings into sharp focus the immense security concerns involving IoT devices. Based on threat intelligence sampled by 2.6 million smart homes around the world, the NETGEAR Study investigated nearly 120 million IoT devices. The study revealed that IoT devices are generating a whopping 3.6 billion security events around the world every day. This translates into 20 connected devices per household, with 8 cyber attacks occurring every 24 hrs.

The report, no doubt, makes shocking revelations about the vulnerabilities of Smart Homes. To get a clear understanding of these Smart Homes, let’s take look at the most popular devices and the top vulnerabilities affecting them:

• SMARTPHONES - Almost 41% of the devices connected to home routers are smartphones. This number includes guest devices that can be temporarily associated with the network.
• COMPUTERS - Computers and laptops are the most common devices found in connected homes. While they have lost to mobile devices in popularity, they still witness steady growth worldwide.
• STREAMING DEVICES - Streaming devices are popular means of turning a “dumb” TV into an Internet connected device.
• TABLET - Tablets have gained significant traction during the COVID-19 outbreak as schools have started issuing tablets for online education.
• CONSOLE - Game consoles also double as entertainment centers. They come with dedicated hardware and software for playing games and typically connect to a TV or monitor to display the game.

Common Vulnerabilities of IoT Devices

Going by the security incidents of 2022, most attacks spotted last year rely on already known common vulnerabilities and exposures (CVEs) included in automated attack toolkits. Although these common vulnerabilities are known to both IoT vendors and attackers, firmware vendors may take significant time to assess, patch, and deliver fixes for the devices already deployed in smart homes. This potentially provides cybercriminals a window of opportunity. Blocking these attacks, calls for layered technologies to stop them cold before they reach the vulnerable IoT device in your network.

The exploitation of IoT devices targets different outcomes, depending on device type and purpose, connectivity options, and monetization opportunities. Vulnerability outcomes range from undermining the systems' capacity to perform expected functions to executing code on the device and hijacking its functions.

IoT RISKS TO CONSIDER

• CYBERSECURITY RISKS: Smart homes are vulnerable to cyber-attacks, as many IoT devices have weak security measures. This can allow hackers to gain access to personal information, such as passwords and financial data, and even take control of smart devices.
• PRIVACY CONCERNS: Many smart devices are equipped with cameras, microphones, and other sensors that can collect data about users without their knowledge or consent. This can result in a violation of privacy, which is of particular concern for in-house deployment.
• PHYSICAL SAFETY RISKS: Smart plugs, door locks, and cameras are becoming increasingly popular. These devices control physical security aspects such as lighting, access control, and surveillance. Any disruption in operation or loss of control can impact physical security.

PREDICTIONS 2023

• Privacy concerns will demand change - IoT devices thrive on big data. An FTC study in 2015 estimated that “fewer than 10,000 households can “generate 150 million discrete data points a day” or approximately, one data point every six seconds for each household. Today, things are even worse. The 2022 Connectivity and Mobile Trends Survey by Deloitte outlines that one in two IoT users expressed concerns over the security vulnerabilities in smart home devices that might expose the troves of collected information, while 40% of respondents fear that they might be spied on.
• Botnets will continue to grow - IoT devices will increasingly become targets for botnets, which can launch large-scale distributed denial-of-service (DDoS) attacks. Cybercriminals will continue to invest significant efforts in exploitation and persistence mechanisms to help them grow their infected device base.
• IoT security will get worse before it gets better - Vendors' slow reaction to vulnerability disclosure and patching will persist into 2023. Although new regulations - such as the EU Cyber Resilience Act -are anticipated to provide some relief by imposing mandatory cyber-security standards for products sold within the bloc, their enforcement is not expected until at least 2025.

TOP SIX BEST PRACTICES TO SECURE YOUR IOT DEVICES

• Both home users and employees should be aware of active IoT devices in their networks and keep them up to date. If some devices are past their life, replace them immediately with newer models.
• Move all smart devices to a dedicated guest network to isolate them from the main network
• Patch devices as soon as a new firmware version becomes available.
• Use routers or gateways with built-in security.
• Probe the home network for vulnerable devices with a smart home scanner
• Avoid exposing LAN devices to the Internet unless necessary

Cybercriminals Using 15-year-old Tactics to Target Overlooked Gaps in Security

Cybercriminals Exploit Outdated Security Flaws Warns Barracuda

Experts state that cybercriminals are using 15-year-old tactics to target overlooked gaps in security

Barracuda, a trusted partner and leading provider of cloud-first security solutions, has released a Threat Spotlight revealing that cyber attackers are relying on outdated tactics and overlooked security weaknesses to target organizations. These attackers aim to gain remote control of systems, install malware, steal information, disrupt business operations through denial-of-service attacks, and more.

The findings are based on an analysis of three months’ worth of detection data from the Intrusion Detection Systems (IDS) used by Barracuda’s Security Operations Center (SOC), part of Barracuda XDR. The IDS tools provide not just a powerful early warning system of potential attack – they also reveal the weaknesses that attackers are targeting and the most popular tactics they are using to do so.

Top malicious tactics detected by Barracuda's firewall IDS integration

Top suspicious network detections detected by Barracuda's IDS tool (in millions)

The analysis of the detection data highlights several key points, including:

• Attackers try to gain remote control of vulnerable systems by using a tactic from 2008 that would let them take advantage of a misconfigured web server to get to data such as application code or sensitive operating system files that they should not have access to.
• Another tactic designed to achieve the goal of remote-control dates from 2003 and involves trying to inject specially crafted malicious code into a legitimate process which would allow the attacker to read sensitive data, modify operations, and send instructions to the operating system.
• Other established tactics target bugs in the programming languages that developers use to create applications which are integrated into common web-based systems or into “middleware” that processes data, such as when someone adds an item to their online shopping cart. The potential reach of a successful attack using these tactics is therefore extensive.
• Attackers try to get hold of sensitive information by targeting vulnerable servers to obtain passwords or lists of users, or by misusing a legitimate process to find out how many computers on a network have an active IP connection. This can help with planning and preparing for a bigger attack.
• Attackers are also trying to cause general chaos, disruption, and denial of service by messing with online traffic data packets, making them too small or fragmenting them so that the communications channels and destination servers become overwhelmed and crash.

"Security weaknesses do not have an expiration date, and over time they can become deeply embedded, shadow vulnerabilities within a system or application. The tactics used to exploit them do not necessarily have to be new or sophisticated to succeed," emphasized Merium Khalid, Senior SOC Manager, Offensive Security, Barracuda XDR. "A multi-layered approach to protection with multiple levels of detection and scrutiny is essential. Understanding the vulnerabilities present in your IT environment, who may target them, and how they do so is crucial, as is the ability to respond and mitigate these threats."

To learn more about the prevalent attack tactics and targets check out the blog here.

About Barracuda  

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.  

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S., and other countries.