By Ashwani Mishra, Editor-Technology, 63SATS
Cybercrime Surge: Indians Face Potential Losses of ₹1.2 Lakh Crore Next Year; Fake reCAPTCHA Attack Targets Ukrainian Government; RansomHub Cyberattack Disrupts Mexican Airports; Fortune 500 Firm Henry Schein Reports Data Breach a Year After Cyberattack; Chimienti & Associates Data Breach Exposes Financial and Health Data; Fog and Akira Ransomware Groups Exploit SonicWall VPNs to Infiltrate Corporate Networks.
Stay tuned for the latest updates on global cybersecurity developments.
India’s Cyber Fraud Epidemic: Losses Expected to Hit 0.7% of GDP
India is bracing for cyber fraud losses of over ₹1.2 lakh crore in the coming year, according to projections by the Indian Cyber Crime Coordination Centre (I4C), which operates under the Ministry of Home Affairs. A senior government official revealed that mule bank accounts, used to launder and facilitate illegal transactions, are major drivers of these scams, with cyberfraud potentially costing 0.7% of the nation’s GDP.
A recent I4C report disclosed that between January and June 2024 alone, cyber fraud losses totaled ₹11,269 crore, with financial scams often traced to international networks, notably in China. With daily complaints on the National Cybercrime Reporting Portal hitting an average of 7,000 by May 2024, cybercrime reporting has surged 113.7% compared to 2021-2023.
Fake reCAPTCHA Attack Targets Ukraine Government
Ukrainian government offices are facing a novel cyberattack tactic by Russian-linked APT28 hackers, also known as “Fancy Bear.” CERT-UA recently detected this sophisticated phishing campaign, which uses a reCAPTCHA decoy that mimics Google’s bot prevention screen to lure victims. This reCAPTCHA lookalike surreptitiously installs a malicious PowerShell command onto the clipboard when clicked, triggering malware installation with minimal user interaction.
Targeted emails, circulating under the subject “Table Replacement,” appeared as Google spreadsheet links, and upon click, deployed the decoy reCAPTCHA interface to disguise the malware operation.
RansomHub Threatens to Leak 3TB of Data in Mexican Airport Attack
Grupo Aeroportuario del Centro Norte, managing 13 Mexican airports, including Monterrey, recently reported a cyberattack that forced its IT team to rely on backup systems to maintain operations. The attack, claimed by the RansomHub group, targeted OMA’s network, threatening to leak 3 terabytes of stolen data unless a ransom is paid.
U.S. agencies previously warned of RansomHub’s activity, linking them to over 210 incidents since February 2024. OMA has partnered with cybersecurity experts to investigate the breach and assess the potential impact on data integrity and system availability.
Fortune 500 Firm Henry Schein Reports Data Breach a Year After Cyberattack
One year after being hit by two consecutive ransomware attacks from the BlackCat group, healthcare solutions provider Henry Schein disclosed a data breach affecting over 160,000 people. The company confirmed that personal information was compromised after BlackCat allegedly stole 35 terabytes of sensitive files, including operational data.
The Fortune 500 company, active in over 30 countries, initially took systems offline to contain the October 2023 breach, and again in November 2023. BlackCat has since disbanded, but Henry Schein’s prolonged investigation and delayed disclosure underscore the lasting impact of ransomware attacks.
Chimienti & Associates Data Breach Exposes Sensitive Personal Information
California-based Chimienti & Associates recently reported a data breach, disclosing that sensitive personal data—including Social Security numbers, state IDs, and health information—was exposed. According to a report submitted to the Massachusetts Attorney General, the breach occurred when an unauthorized party accessed an employee’s email account between March 22 and March 26, 2024.
The managing general agency, which specializes in employee benefit solutions, sent data breach notification letters to affected individuals in October. This breach has raised concerns about the company’s cybersecurity measures and data protection protocols.
Fog and Akira Ransomware Groups Target SonicWall VPNs to Breach Corporate Networks
Corporate networks are facing a wave of cyberattacks as the Fog and Akira ransomware groups exploit a critical vulnerability in SonicWall VPN systems. The flaw, CVE-2024-40766, was identified and patched in August 2024, but ransomware groups have since leveraged it to breach at least 30 networks through unpatched SonicWall accounts.
Arctic Wolf security researchers report that 75% of these incidents were linked to Akira, with Fog ransomware accounting for the remainder. The shared infrastructure between the two groups points to ongoing collaboration, highlighting the importance of prompt patch management for network security.
