By Ashwani Mishra, Editor-Technology, 63SATS
Cybersecurity threats are escalating globally, with India witnessing a 175% surge in financial phishing attacks, targeting sectors like e-commerce and banking, driven by AI-enabled tactics. In Turkey, Twitch faced a $58,000 fine for a 125 GB data breach due to insufficient proactive measures, while Otsego Public Schools reported unauthorized access to personal data, raising concerns about security in educational institutions.
Meanwhile, Equinox disclosed a breach compromising sensitive health data, the Library of Congress fell victim to a foreign adversary’s prolonged email hack, and APT group DONOT targeted Pakistan’s maritime and defense sectors with sophisticated cyber espionage.
Stay tuned for more updates on the ever-evolving world of cybersecurity.
India Faces 135,173 Financial Phishing Attacks in First Half of 2024
According to Business Standard India experienced a staggering 135,173 phishing attacks targeting financial sectors such as e-commerce, banking, and payment systems between January and June 2024, marking a 175% year-over-year increase.
The surge is attributed to growing digital adoption and the use of AI and automation by cybercriminals to craft convincing scams. According to Kaspersky, this trend is amplified by the accelerated use of online banking post-COVID-19, providing a larger pool of potential victims. According to Kaspersky cybercriminals are becoming more aggressive in their pursuit of users’ data and money, with fraudulent activities outpacing any decline in user vigilance.
Turkey Fines Twitch $58,000 for Data Breach
Turkey’s Personal Data Protection Board (KVKK) fined Twitch, Amazon’s gaming platform, 2 million lira ($58,000) over a data breach involving a 125 GB data leak.
The investigation revealed Twitch’s failure to implement adequate security measures before the breach, with risk and threat assessments deemed insufficient. KVKK noted that Twitch only addressed the issue after the incident, prompting the fine to ensure stricter adherence to data protection laws.
Otsego Public Schools Reports Cybersecurity Incident Exposing Personal Data
Otsego Public Schools announced a cybersecurity breach on October 19, 2023, where an unauthorized actor accessed private systems, potentially exposing personal information, including Social Security numbers, tax IDs, driver’s licenses, and financial details.
Although investigators have found no evidence of data misuse, the district launched an extensive investigation with external cybersecurity experts to assess and mitigate the situation.
Equinox Cyber Breach May Have Exposed Sensitive Health Data
Equinox, a US-based health services provider, reported a cybersecurity breach that may have compromised sensitive health data of clients and staff.
Detected on April 29, 2024, the breach involved unauthorized access to internal systems, with affected individuals notified on November 15, 2024. Forensic specialists uncovered that the attackers potentially acquired sensitive files, prompting Equinox to enhance its security measures and ensure better system protection.
Library of Congress Email Systems Hacked by Foreign Adversary
The Library of Congress suffered a significant email system hack between January and September 2024, allegedly by a foreign adversary. The breach targeted communications between Library staff and congressional offices, though it remains unclear if accounts tied to the House and Senate were compromised.
The FBI is investigating the scope of the breach, with the Library implementing measures to mitigate vulnerabilities and prevent future incidents.
APT Group DONOT Targets Pakistan’s Maritime and Defense Sectors
The APT group DONOT, known for its cyber espionage activities in South Asia since 2016, launched a targeted attack on Pakistan’s maritime and defense sectors. Using advanced malware and social engineering tactics, the group compromised sensitive infrastructure.
Reports from Cyble Research and Intelligence Labs highlight DONOT’s history of stealth operations, leveraging custom-built tools to infiltrate networks of government agencies, military entities, and diplomatic missions.