By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
Cyber threats are evolving fast—from Kaspersky detecting 2 crore offline malware attacks in India via USBs, to Peru denying a ransomware breach claimed by Rhysida. Meanwhile, Darcula PhaaS enabled the theft of 884,000 credit cards through global phishing texts. Scam groups Reckless and Ruthless Rabbit used fake celebrity ads to harvest user data.
The U.S. Department of Defense is revamping its slow, outdated software procurement system to prioritize security. In parallel, attackers are exploiting critical flaws in obsolete GeoVision IoT devices, adding them to a Mirai botnet for DDoS attacks.
Kaspersky Flags 2 Crore Offline Malware Attacks in India
Kaspersky uncovered nearly 2 crore offline malware attacks on Indian businesses in 2024. These threats bypass online defences by using USB drives and removable media to spread. Unlike internet-based threats, offline attacks exploit physical trust, making them harder to detect.
As companies ramp up online security, the firm warns of a growing blind spot. Strengthening endpoint protection and limiting removable device access are now critical in the evolving threat landscape.
Peru Disputes Ransomware Hit After Rhysida Leak
Peru’s government denied being hit by the Rhysida ransomware gang, despite claims of a data breach and ransom demand. The threat group allegedly stole documents from the national domain and demanded 5 bitcoins.
Officials clarified no disruption to national services, although Piura’s tax website was briefly accessed. In response, Peru activated its National Digital Security protocols, emphasizing that while attackers attempted intrusion, core digital infrastructure remained unaffected and fully operational.
Darcula PhaaS Behind Massive Credit Card Theft
Darcula, a phishing-as-a-service (PhaaS) operation, facilitated the theft of 884,000 credit card details via 13 million clicks on malicious text messages. Over seven months, cybercriminals globally used the service to orchestrate large-scale phishing attacks. Investigations by European media and cybersecurity firm Mnemonic traced the network to 600 operators and identified its main architect.
The breach reveals the scale and professionalization of phishing services offered to cybercriminals through subscription-based dark web platforms.
Scam Groups Use Celebrity Endorsements to Steal Data
Two threat actors, dubbed Reckless Rabbit and Ruthless Rabbit, are running investment scams using fake celebrity endorsements. Targeting users through Facebook ads and spoofed crypto platforms, they collect personal data via convincing web forms. Security firm Infoblox exposed how these campaigns use Traffic Distribution Systems to evade detection.
By auto-generating passwords and harvesting names, emails, and phone numbers, scammers lure victims deeper into fraud under the guise of legitimate financial opportunities.
DoD Modernizes Software Procurement with Security First
The US Department of Defense has launched the Software Fast Track (SWFT) initiative to overhaul its outdated software acquisition process. Spearheaded by CIO Katie Arrington, the reform puts cybersecurity and supply chain risk management at its core. Arrington criticized the current system as slow and lacking transparency. The initiative aims to align procurement with modern software development practices, ensuring faster, secure adoption of technologies vital for defense readiness and national cyber resilience.
GeoVision IoT Devices Exploited for DDoS Botnet
Hackers are exploiting critical flaws in outdated GeoVision IoT devices to build a Mirai botnet for DDoS attacks. Akamai researchers found that vulnerabilities CVE-2024-6047 and CVE-2024-11120 allow attackers to run system commands via a command injection flaw.
The exploit abuses the /DateSetting.cgi endpoint, targeting the szSrvIpAddr parameter. These devices, no longer supported, remain active in many networks, making them easy targets for botnet recruitment and escalating IoT-driven cyber threats.
