By Ashwani Mishra, Editor-Technology, 63SATS
Cybersecurity spending in India is set to hit $3.3 billion in 2025, driven by AI risks, ransomware, and regulatory changes. Meanwhile, Jaguar Land Rover faces a data breach exposing 700 internal documents, and New York sues Allstate for failing to report a breach affecting 165,000 drivers. In healthcare, ESHYFT left 86,000 nurses’ records exposed in an unsecured cloud bucket.
Colombia’s institutions are under attack by Blind Eagle, while North Korea’s Lazarus Group infiltrates npm to steal crypto assets. These incidents highlight the urgent need for stronger cybersecurity measures across industries as cyber threats escalate globally.
India’s Cybersecurity Spending to Hit $3.3B in 2025, Driven by AI, Ransomware Risks
End-user spending on information security in India is projected to total $3.3 billion in 2025, an increase of 16.4 per cent from 2024, according to a new forecast from Gartner Inc. Building on the momentum from the previous year, security services is projected to record the highest growth among all segments, with an expected 19 per cent increase in 2025.
“Persistent security challenges, such as data sprawl from generative artificial intelligence (GenAI) use, ransomware attacks, evolving regulatory landscapes, and robust cloud adoption, are driving Indian enterprises to increase their information security spending across all segments in 2025,” said Shailendra Upadhyay, senior principal at Gartner. “These urgent challenges necessitate real-time threat detection and incident response across hybrid ecosystems.”
“Consequently, chief information security officers (CISOs) in India are prompted to focus on strategic investments in cloud security, access management, and data security and privacy to strengthen their organisation’s security posture and support business resilience.”
Gartner predicts that by 2028, 40 per cent of information technology (IT) services contracts will include a security component.
Jaguar Land Rover Data Breach Exposes 700 Sensitive Documents
According to X handle of FalconFeed.io, a member of BreachForums has posted about a significant data breach involving Jaguar Land Rover (JLR).The leaked data includes around 700 internal documents and a compromised employees dataset exposing sensitive information such as username, email, display name, time zone, and more.
The data breach, reportedly occurring around March 2025, involves the exposure of approximately 700 internal Jaguar Land Rover documents. Among the compromised documents are critical development logs, tracking data, and proprietary source codes. Such materials are highly sensitive, potentially jeopardizing the company’s competitive edge by providing rivals or malicious actors with insights into JLR’s operational and strategic plans.
New York Sues Allstate Over Data Breach, Cites Negligence
New York state sued Allstate (ALL.N), opens new tab on Monday, accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and lacking reasonable safeguards to protect drivers’ private information.
The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan. James said National General’s poor data security led to back-to-back breaches in 2020 and 2021, when hackers targeting its online auto insurance quoting tools accessed license numbers of more than 165,000 New Yorkers and 199,000 people overall.
ESHYFT Exposes 86,000 Nurses’ Records in Misconfigured AWS Bucket
More than 86,000 records containing nurses’ medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months — or possibly even longer — before it was closed it last week.
Cybersecurity researcher Jeremiah Fowler spotted the non-password-protected, unencrypted database on January 4 and two days later reported it to ESHYFT, a New-Jersey-based company that operates in 29 US states and bills itself as being “like an Uber for nurses.”
He said both the name of the database and the documents inside it “indicated that the records belonged to ESHYFT” and he immediately notified the outfit, which he said responded to thank him and say that it was taking action.
Blind Eagle Cyber Attacks Target Colombian Institutions
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.
“The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.
“More than 1,600 victims were affected during one of these campaigns which took place around December 19, 2024. This infection rate is significant considering Blind Eagle’s targeted APT approach.”
Blind Eagle, active since at least 2018, is also tracked as AguilaCiega, APT-C-36, and APT-Q-98. It’s known for its hyper-specific targeting of entities in South America, specifically Colombia and Ecuador.
Lazarus-Linked Malware Found in npm Packages, Targeting Crypto Assets
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information.
The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations. The threat group is known for pushing malicious packages into software registries like npm, which is used by millions of JavaScript developers, and compromising systems passively.
