Global Cyber Flash: 21st Aug, 2024

August 21, 2024 | Cybersecurity

By Ashwani Mishra, Editor-Technology, 63SATS

The Telecom Regulatory Authority of India (TRAI) is set to implement new regulations in September 2024, aiming to curb spam through stricter controls.

Meanwhile, security researchers have uncovered vulnerabilities in digital wallets like Apple Pay, highlighting potential risks. Additionally, the FakeBat malware is increasingly targeting users searching for popular business software via malvertising campaigns. In response to growing cybersecurity concerns, the Central Electricity Authority (CEA) has proposed new guidelines for India’s power sector, including the establishment of a dedicated response team. Finally, a new phishing campaign in the Czech Republic is using fake banking apps to steal user credentials, posing a significant threat.

Stay informed with our brief guide to the latest in cybersecurity. Keep up with the ever-changing landscape of cyber threats and advancements.

TRAI Tightens Regulations on Telemarketers to Combat Spam

The Telecom Regulatory Authority of India (TRAI) has intensified its efforts against unsolicited spam messages and calls, instructing telecom operators to implement stricter controls over message headers and content templates. Starting September 1, 2024, all service providers must ensure that messages containing URLs, OTT links, or callback numbers are pre-approved. By November 1, 2024, all message trails must be traceable to prevent unauthorized telemarketing.

Digital Wallets Vulnerable to Fraudulent Transactions with Stolen Cards

Security researchers have discovered vulnerabilities in digital wallets like Apple Pay, Google Pay, and PayPal, enabling transactions with stolen or canceled payment cards. Despite some fixes, these flaws allow attackers to add stolen card details to wallets and make purchases even after the card is replaced. Researchers from UMass Amherst and Penn State presented these findings at Usenix Security 2024 in a paper titled “In Wallet We Trust: Bypassing Digital Wallets Payment Security for Unauthorized Transactions.”

FakeBat Malware Targets Popular Software Searches in Malvertising Campaigns

Cybersecurity experts have identified a surge in malware infections from malvertising campaigns spreading a loader known as FakeBat. These attacks target users searching for popular business software and utilize a trojanized MSIX installer to execute malicious scripts. Linked to the threat actor group Eugenfest, FakeBat is being tracked by Google’s threat intelligence team under the name NUMOZYLOD.

CEA Proposes New Cybersecurity Guidelines for the Power Sector

The Central Electricity Authority (CEA) has released draft regulations aimed at bolstering cybersecurity in the power sector in India. The proposed guidelines include the creation of a Computer Security Incident Response Team (CSIRT) for the power sector and the establishment of dedicated Information Security Divisions within responsible entities. The CEA is currently seeking public feedback on these draft regulations.

Czech Mobile Users Targeted by New Phishing Scheme for Banking Credentials

A new phishing campaign targeting mobile users in the Czech Republic aims to steal banking credentials using Progressive Web Applications (PWAs). The attacks focus on customers of Československá obchodní banka (CSOB) and other banks in the region. The phishing apps mimic real banking apps and are nearly indistinguishable, posing a significant threat to users.

CannonDesign Discloses Data Breach Following Avos Locker Ransomware Attack

CannonDesign, a leading architectural and engineering firm, has confirmed a data breach involving the theft of sensitive information from over 13,000 clients. The breach, which occurred in early 2023, was linked to the Avos Locker ransomware group. CannonDesign is notifying affected clients and continues to assess the impact of the attack.