Global Cyber Pulse: 10 January, 2025

January 10, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Parliamentarians urged the Home Ministry to strengthen cybersecurity frameworks amid rising cybercrime, highlighting vulnerabilities from rapid digitization. Hackers breached Gravy Analytics, stealing 17TB of sensitive data, raising privacy concerns. Similarly, PowerSchool suffered a breach, exposing student Social Security numbers and medical records.

Chinese state-backed group Silk Typhoon was linked to a U.S. Treasury hack, exploiting a SaaS API key. In India, Haryana led cybercrime prevention, saving $31.2 million in 2024 and refunding $11 million to victims. Meanwhile, CrowdStrike warned of a phishing campaign impersonating its recruiters, targeting developers with Monero cryptocurrency miners. Cyber threats remain a global challenge.

Parliamentarians Discuss Cybercrime Prevention Amid Rapid Digitization

Amid a surge in cybercrime due to rapid digitization, Parliamentarians have proposed measures to curb the issue. In a meeting with the Ministry of Home Affairs, officials, including Home Secretary Govind Mohan, presented insights on cybercrime’s impact and prevention strategies.

As reported by The Economic Times, the Parliamentary Standing Committee emphasized strengthening cybersecurity frameworks as more businesses and citizens embrace digital technologies, exposing vulnerabilities and escalating cyber threats.

Hackers Breach Gravy Analytics, Leak Sensitive Data

Hackers claim to have breached Gravy Analytics and its subsidiary Venntel, exfiltrating 17 terabytes of data, including sensitive customer information and precise smartphone location data.

The attackers, who shared 1.4GB of stolen data samples, allegedly gained root access to the company’s servers and Amazon S3 buckets. The breach has raised serious concerns about data privacy and the potential misuse of location intelligence.

PowerSchool Breach Exposes Sensitive Student Data

Edtech giant PowerSchool has confirmed a breach compromising sensitive data, including student Social Security numbers, grades, and medical records. Hackers accessed the company’s internal customer support portal using stolen credentials.

PowerSchool’s systems, widely used for managing student records, are now under scrutiny as impacted users face significant privacy concerns.

US Treasury Hack Tied to Chinese Group Silk Typhoon

Chinese state-sponsored hackers, dubbed Silk Typhoon, have been linked to the December breach of the U.S. Treasury’s Office of Foreign Assets Control.

Using a stolen SaaS API key, the attackers compromised a BeyondTrust instance, gaining network access. Though the breach’s impact on the Treasury remains under assessment, authorities confirmed no ongoing access post-shutdown.

Haryana Leads India in Tackling Cybercrime

Haryana police reported a fivefold increase in cybercrime prevention savings, reaching $31.2 million in 2024. Stronger alliances with banks and an expanded cyber helpline workforce were credited for the success.

Additionally, $11 million in fraudulently siphoned funds were recovered and refunded to victims, reflecting the state’s proactive approach to cybersecurity.

Fake CrowdStrike Job Offers Spread Crypto Miners

CrowdStrike has uncovered a phishing campaign using fake job offers to distribute Monero cryptocurrency miners. Disguised as legitimate emails from the company, the phishing attack tricks developers into downloading a malicious “employee CRM application.”

The campaign, detected on January 7, poses significant risks to job seekers and highlights the importance of phishing awareness