By Ashwani Mishra, Editor-Technology, 63SATS
Cybercriminals are evolving faster than law enforcement, leveraging polymorphic malware to bypass security, causing massive financial losses. Karnataka ramps up its cyber defense, but outdated tools remain a challenge. Meanwhile, Infosys settles a $17.5M lawsuit over a major data breach.
Fraudsters impersonate Clop ransomware to extort businesses, and Denmark warns of rising cyber espionage in Europe’s telecom sector. North Korean hackers deploy KoSpy malware to spy on Android users, while a Coinbase phishing scam tricks victims with fake wallet migration emails. These threats highlight the urgent need for advanced cybersecurity measures and vigilance.
Karnataka Fights Cybercrime, But Hackers Stay a Step Ahead
Karnataka is enhancing its cybercrime response by appointing 16 cyber technicians, but cybercriminals continue evolving. A new threat—polymorphic malware—changes its code constantly, evading detection. This advanced malware has contributed to low cybercrime resolution rates, with only 1,248 of 20,092 cases cracked in 2024, leading to losses of ₹2,900 crore.
Karnataka, the first state to establish a cybercrime police station, is upgrading its forensic lab. However, outdated security tools remain a challenge. The state relies on signature-based cybersecurity, which struggles to detect ever-changing threats, highlighting the urgent need for AI-driven security solutions.
Infosys Settles $17.5M Cyber Lawsuit Over Data Breach
Infosys has agreed to a $17.5 million settlement to resolve class-action lawsuits linked to a cyber incident at its subsidiary, Infosys McCamish Systems (IMS). The breach, which exposed data of 6.5 million individuals, resulted from unauthorized access, triggering legal action. IMS flagged the breach with its third-party vendor, eDiscovery.
The settlement, reached after a March 13 mediation, is pending court approval. The cyberattack, which occurred in November 2023, disrupted IMS systems, leading to lawsuits. Infosys denies liability but opted for settlement to conclude the legal proceedings.
Fraudsters Pose as Clop Ransomware Gang to Extort Firms
Cybercriminals are impersonating the Clop ransomware gang to extort businesses, according to Barracuda Networks. Attackers claim they exploited a Cleo file transfer vulnerability to steal data and demand payment. To appear credible, they reference real Clop breaches affecting 66 Cleo customers.
This tactic highlights a growing trend of cyber scammers masquerading as notorious ransomware groups. Clop itself has previously exploited file transfer vulnerabilities, making these fraudulent claims seem authentic. Businesses are urged to verify threats before responding to ransom demands.
Denmark Warns of Rising Cyber Espionage in Europe’s Telecom Sector
Denmark’s cybersecurity agency has raised the cyber espionage threat level to “high”, citing increased state-sponsored attacks on Europe’s telecom sector. The report hints at concerns over China-linked Salt Typhoon, though no official attribution was made. U.S. intelligence previously suggested European firms had been compromised by this group.
Unlike U.S. agencies, many European cybersecurity bodies lack advanced attribution capabilities, making it harder to identify perpetrators. The warning signals heightened risks for Europe’s telecom industry, which remains a prime target for cyber spies.
North Korean Hackers Deploy KoSpy Malware to Target Android Users
Cybersecurity firm Lookout has uncovered KoSpy, a North Korean surveillance malware targeting Android users. Linked to the ScarCruft group (APT27/Reaper), KoSpy has been active since 2022, masquerading as legitimate apps like File Manager, Smart Manager, and Kakao Security.
The malware collects SMS, call logs, location data, files, and even records audio and screenshots. Though the infected apps have been removed from Google Play, their presence highlights the persistent risk of nation-state cyber espionage. ScarCruft, known for its Windows-targeting RokRAT malware, has expanded its reach to macOS and Android.
Coinbase Phishing Scam Targets Users with Fake Wallet Migration
A sophisticated Coinbase phishing scam is deceiving users by impersonating an official wallet migration notice. The email falsely claims that Coinbase is transitioning to self-custodial wallets following a legal mandate.
Victims are tricked into setting up a wallet with a recovery phrase controlled by attackers, granting cybercriminals full access. The phishing email references a non-existent class-action lawsuit, adding legitimacy to the scam. Users are urged to verify official communications and avoid entering recovery phrases on unverified platforms.
