Global Cyber Pulse, 16 Jan 2025

January 16, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

The Cyber Security Grand Challenge 2.0, launched by MeitY and DSCI, offers â‚ą6.85 crore for innovative solutions in key cybersecurity areas, fostering a secure digital future.

Meanwhile, Change Healthcare faced a massive ransomware attack in February 2024, compromising over 100 million patient records, highlighting vulnerabilities in healthcare systems. Avery Products Corporation reported a data breach where hackers used a card skimmer to steal customer payment data, emphasizing the need for robust e-commerce security.

The Lazarus Group targeted Web3 developers in “Operation 99,” spreading malware via fake LinkedIn profiles. The FTC mandated GoDaddy to overhaul its cybersecurity after multiple breaches, impacting millions of small businesses. Lastly, OneBlood suffered a ransomware attack, exposing Social Security numbers, underlining risks in healthcare supply chains.

Cyber Security Grand Challenge 2.0 Launched with â‚ą6.85 Cr Prize Pool

The Ministry of Electronics & Information Technology (MeitY), in partnership with DSCI, unveiled the second Cyber Security Grand Challenge. With a prize pool of â‚ą6.85 crore, the initiative seeks innovative solutions in API Security, Data Protection, Wearable Privacy, Clone App Mitigation, AI Threat Detection, and Biometric Security. Registrations are open until February 14, 2025.

MeitY Secretary, Shri S. Krishnan, emphasized this effort aligns with Digital India, Atmanirbhar Bharat, and Viksit Bharat initiatives. Participants will benefit from mentorship, capability-building, and market access, fostering a secure digital future. Visit here for details.

Change Healthcare Completes Notifications After Massive Data Breach

In February 2024, a ransomware attack compromised over 100 million patient records from Change Healthcare, the largest known theft of medical data in U.S. history. The breach caused months-long service disruptions across healthcare facilities. Hackers were paid a ransom to secure stolen data, allowing the company to notify affected individuals.

Change Healthcare processes patient billing for millions, making it a critical target. The attack underscores the importance of robust cybersecurity in healthcare. The company continues to strengthen its defenses to prevent future incidents of this magnitude.

Avery’s Website Breach Exposes Credit Card Data

Label giant Avery Products Corporation revealed a data breach involving a card skimmer on its website from July to December 2024. Hackers exfiltrated sensitive payment information from customers using Avery’s online store. Discovered on December 9, 2024, the breach affected transactions during this period.

Digital forensic experts are assisting with the investigation. Avery’s swift action highlights the need for enhanced cybersecurity in e-commerce platforms to safeguard customers’ financial data. Impacted customers are urged to monitor their accounts for suspicious activity.

Lazarus Group Targets Web3 Developers in Operation 99

The notorious Lazarus Group has launched Operation 99, targeting Web3 developers with fake LinkedIn profiles and malicious GitLab repositories. Disguised as recruiters, they lure victims into downloading malware-laden project files.

Once installed, the malware connects to command-and-control servers, compromising the victim’s environment. Significant cases have been reported in Italy, with smaller clusters across the U.S., U.K., and other countries. The campaign highlights the growing threat to cryptocurrency and Web3 developers. Vigilance against phishing and fake profiles is crucial to mitigating risks.

FTC Demands GoDaddy Overhaul Cybersecurity Measures

The Federal Trade Commission (FTC) has mandated web hosting giant GoDaddy to revamp its cybersecurity practices following multiple breaches from 2019 to 2022. Hackers exploited security lapses, redirecting users to malicious sites and compromising customer data. The FTC accused GoDaddy of misleading clients about its security standards.

Like reforms imposed on Marriott, GoDaddy must implement extensive security upgrades. With five million clients, GoDaddy’s compliance will significantly impact small businesses relying on its services. The action underscores the importance of accountability in securing digital ecosystems.

OneBlood Ransomware Attack Exposes Social Security Numbers

Nonprofit blood donation organization OneBlood reported a ransomware attack that compromised names and Social Security numbers. The breach, detected in July 2024, involved unauthorized copying of files from their network.

Regulators in Maine, Vermont, and Massachusetts were notified, but the organization has not disclosed the number of individuals affected. OneBlood’s incident underscores the vulnerabilities in critical healthcare supply chains. Affected individuals are advised to monitor their accounts for fraud and identity theft risks as investigations continue.