Global Cyber Pulse : January 6, 2025

January 6, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

The cybersecurity landscape witnessed critical developments, highlighting vulnerabilities and evolving threats. India reintroduced data localisation in the draft Digital Personal Data Protection Rules, 2025, aiming to balance regulatory needs and industry stability. High-profile breaches continued, with Nikki-Universal falling victim to a ransomware attack and Volkswagen exposing sensitive EV owner data due to cloud misconfigurations.

Atos denied a breach by Space Bears but acknowledged third-party vulnerabilities. Taiwan faced a surge in Chinese cyberattacks, with 2.4 million daily incidents targeting critical sectors. Meanwhile, India reported a 55% rise in ransomware attacks, emphasizing the global urgency for stronger cybersecurity measures and vigilance.

India Proposes Data Localisation Reforms

The draft Digital Personal Data Protection Rules, 2025, propose forming a committee to oversee personal data localisation. As reported by The Indian Express, IT Minister Ashwini Vaishnaw highlighted the plan to centralise decisions across ministries and regulators, ensuring smooth implementation without disrupting industries with Indian Express.

Data localisation, previously excluded from the 2023 Act, has resurfaced, sparking debate among tech giants. This committee will consult with stakeholders and recommend localisation mandates, a move seen as critical to India’s evolving data privacy landscape. The strategy aims to balance industry needs with regulatory oversight while aligning with global data security standards.

Nikki-Universal Hit by Ransomware

Chemical giant Nikki-Universal confirmed a ransomware attack by Hunters International, encrypting critical servers and stealing 761.8 GB of data. The breach, disclosed on December 27, 2024, saw hackers exfiltrate nearly half a million sensitive files. With a ransom deadline of January 10, 2025, the group threatens data leaks if demands are unmet.

This incident reflects rising corporate vulnerabilities and the escalating sophistication of cybercrime. Nikki-Universal’s breach underscores the urgent need for robust cybersecurity frameworks to counter persistent threats targeting global industries.

China Intensifies Cyber Attacks on Taiwan

Cyberattacks on Taiwan’s government doubled in 2024, reaching an average of 2.4 million daily, mostly attributed to Chinese cyber forces, according to Taiwan’s National Security Bureau. Top targets included telecommunications, transportation, and defense.

The report reveals an alarming escalation of Beijing’s “grey-zone harassment,” combining military drills and cyber intrusions to pressure the island’s sovereignty. While many attacks were blocked, their sheer volume highlights the severity of China’s aggressive hacking activities. Taiwan’s resilience will require bolstered defenses to navigate the growing cyber onslaught.

Ransomware Surge Hits India Hard

India recorded a 55% rise in ransomware incidents in 2024, with 98 attacks peaking in May and October, according to CyberPeace’s “Ransomware Trends 2024” report. Using advanced OSINT tools, researchers tracked 5,233 global claims by 166 threat actor groups.

The U.S. led as the most targeted nation, with India following closely. Killsec emerged as the top threat actor, with Lockbit3 and others showing notable activity. The findings highlight the urgent need for robust defenses to counteract ransomware’s evolving tactics.

Atos Denies Space Bears Breach

French IT firm Atos dismissed claims by ransomware group Space Bears of a system breach. In a January 3 statement, Atos asserted no company-managed infrastructure or proprietary data was compromised. However, it admitted third-party systems with Atos-related data were impacted.

This partial acknowledgment casts a shadow on the company’s denial, raising questions about vendor-related vulnerabilities. The incident underscores the importance of securing third-party collaborations to prevent reputational and operational risks in today’s interconnected digital ecosystems.

Volkswagen Data Breach Exposes EV Owners’ Info

Volkswagen Group faced a data breach exposing personal details of 800,000 EV owners across brands like Audi and Skoda. The breach stemmed from an Amazon cloud misconfiguration managed by subsidiary Cariad. Data included vehicle locations, email addresses, and home details, impacting users in Germany, the UK, and Scandinavia.

Ethical hackers from Chaos Computer Club reported the breach, prompting fixes. Notable victims included German politicians and Hamburg police. This incident highlights the vulnerabilities in cloud storage and the need for stringent data security protocols.