By Ashwani Mishra, Editor-Technology, 63SATS
Britain faces escalating cyber threats from Russian and Chinese hackers, with a threefold rise in severe incidents reported by the UK’s National Cyber Security Centre (NCSC) in 2023-24. Meanwhile, North Korea-aligned Kimsuky hackers have adopted Russian email domains for credential theft attacks, underscoring the global rise in cybercrime. Adding to the concerns, over a dozen malicious Android apps containing SpyLoan malware have been identified on the Google Play Store, exposing millions to extortion and financial losses.
In the corporate world, Apple faces a lawsuit over allegations of monitoring employees’ personal devices and restricting discussions on workplace conditions, raising privacy concerns. Additionally, Indian digital ID verification provider Signzy confirmed a cyberattack impacting its operations, affecting financial institutions globally.
Together, these incidents highlight the growing complexities of cybersecurity in an interconnected world, with businesses, governments, and individuals facing an increasing need for robust defenses against sophisticated cyber adversaries.
Britain Underestimates Cyber Threats Amid Rising Attacks
Britain faces a threefold increase in severe cyberattacks over the past year, with escalating threats from Russian and Chinese hackers, according to a report from GCHQ’s National Cyber Security Centre (NCSC). Richard Horne, head of the NCSC, emphasized the widening gap between cyber threats and existing defenses during his first major speech.
“Russian aggression and highly sophisticated Chinese cyber actors pose significant risks,” said Horne, highlighting the vulnerabilities of UK businesses and public services. The NCSC reported 430 incidents in 2024, up 16% from the previous year, including significant data exfiltration and ransomware cases.
Apple Faces Lawsuit for Alleged Employee Monitoring
Apple is under legal scrutiny following accusations of monitoring employees’ personal devices and restricting discussions about pay and working conditions. A California-based lawsuit alleges Apple required employees to install monitoring software on personal devices, granting the company access to private data such as emails, photos, and health information.
The plaintiff, Amar Bhakta, an Apple employee since 2020, claims he was barred from discussing work on podcasts and had to remove workplace details from his LinkedIn profile. The lawsuit highlights concerns over employee privacy and Apple’s confidentiality policies.
SpyLoan Malware Found in Over 8 Million Downloads
McAfee Labs identified over a dozen malicious Android apps on the Google Play Store, collectively downloaded more than 8 million times. These apps, disguised as quick loan providers, target users in countries like Mexico, Indonesia, and Peru.
The malware, dubbed SpyLoan, employs social engineering to extract sensitive information and permissions, leading to extortion and financial loss. McAfee warned that some of these apps remain active despite attempts to comply with Google’s policies.
Kimsuky Hackers Adopt Russian Email Tactics
The North Korea-aligned hacker group Kimsuky has shifted tactics, using Russian email domains to conduct credential theft campaigns. South Korean cybersecurity firm Genians reported that phishing emails now appear to originate from Russia, leveraging services like Mail.ru.
The phishing attacks target financial institutions and portals like Naver, demonstrating Kimsuky’s evolving methods to deceive victims.
Signzy Faces Security Incident Impacting Global Financial Clients
Signzy, a Bengaluru-based firm offering digital ID verification services, confirmed a cyberattack affecting its global operations, as reported by TechCrunch. Serving over 600 financial institutions, including India’s top banks, Signzy facilitates 10 million customer onboardings monthly.
India’s CERT-In acknowledged the incident, stating it was “taking appropriate action.” The breach underscores the vulnerabilities of even well-established tech startups in the face of increasing cyber threats.