By Ashwani Mishra, Editor-Technology, 63SATS
The cybersecurity landscape saw significant developments as governments and organizations grappled with escalating digital threats. India’s Ministry of Electronics and IT (MeitY) introduced measures to strengthen cybersecurity, including updated CCTV regulations and initiatives like the Cyber Surakshit Bharat program, which trained 350 officials. Meanwhile, nearly 6 lakh Common Service Centers (CSCs) bridged rural digital divides, providing access to government services.
On the corporate front, Thomas Cook India reported a cyberattack, prompting system shutdowns and expert-led investigations to mitigate risks. Similarly, a phishing campaign targeting Chrome extensions compromised over 35 extensions, impacting 2.6 million users globally. Developers were deceived through fake violation notices, resulting in injected malware.
In healthcare, Indiana University Health disclosed a breach via a compromised email account, exposing sensitive patient data. These incidents highlight the urgent need for robust cybersecurity frameworks to safeguard critical sectors and protect against increasingly sophisticated cyber threats.
MeitY Enhances Cybersecurity and Empowers Citizens via CSC Initiatives
In 2024, MeitY introduced critical measures, including updated CCTV regulations under the Comprehensive Regulatory Order (CRO), ensuring stronger cybersecurity standards. With 138.34 crore Aadhaar numbers issued and 556 crore DIKSHA learning sessions conducted, MeitY also supported education and health with 67 million Ayushman Bharat Health Account (ABHA) numbers.
The Cyber Surakshit Bharat program trained 350 officials to combat threats, while nearly 6 lakh CSCs bridged rural digital divides. By empowering traders and citizens through welfare camps and providing access to over 2,000 government services, MeitY solidified its role as a driver of digital governance and cybersecurity in India.
Thomas Cook India Shuts Down Systems After Cyberattack
On December 31, 2024, Thomas Cook India revealed a cyberattack on its IT infrastructure in a BSE filing. The company promptly shut down affected systems and launched an investigation with cybersecurity experts to mitigate the breach’s impact.
Thomas Cook assured stakeholders of its proactive response, emphasizing its commitment to secure its digital operations. The breach highlights growing cybersecurity risks for travel and hospitality firms, underscoring the need for robust defenses against evolving threats. Investigations continue as Thomas Cook works to restore full functionality while prioritizing data security.
Chrome Extensions Targeted in Massive Phishing Campaign
A phishing campaign compromised over 35 Chrome extensions, affecting approximately 2.6 million users. Cybercriminals injected data-stealing code into extensions, including one by cybersecurity firm Cyberhaven.
Starting in December 2024, the campaign used fake violation notices to lure developers into phishing traps, granting attackers control of the extensions. Earlier traces of the campaign date back to March 2024. Developers are urged to verify links and review extension updates vigilantly. This breach underscores the growing threat to browser security, emphasizing the importance of developer and user awareness.
Indiana University Health Reports Data Breach via Compromised Email
Indiana University Health (IU Health) disclosed a data breach on December 17, 2024, resulting from a compromised employee email account. Between October 4 and October 18, unauthorized parties accessed emails containing sensitive data, including names, addresses, medical record numbers, and health information.
IU Health secured the account and initiated an investigation with external cybersecurity experts. Affected individuals were notified, and resources were provided to mitigate risks of fraud or identity theft. The incident highlights vulnerabilities in email systems and the urgent need for robust protective measures in healthcare IT environments.