By Editorial Desk, 63SATS
A Protiviti India–IIA survey finds AI and cybersecurity as the top risks for enterprises, yet only 16% are prepared to handle them. Union Law Minister Arjun Meghwal calls for stronger cyber protections for women, warning against AI-driven misinformation and online fraud. Google launches AI-powered scam detection, while YouTube warns of deepfake scams impersonating its CEO.
Tata Technologies suffers a ransomware attack, and Gregory & Appel Insurance reports a data breach. Meanwhile, AWS, Microsoft Teams, and aviation networks face sophisticated cyberattacks, reinforcing the urgent need for stronger security measures and digital awareness.
AI and Cybersecurity Top Risk Priorities for Indian Enterprises
A Protiviti India–Institute of Internal Auditors survey reveals that 66% of Chief Audit Executives (CAEs) rank AI, machine learning (ML), bots, and cybersecurity as top risks for Indian enterprises. Despite these concerns, only 16% of organizations feel fully prepared to tackle emerging digital threats.
With AI transforming business operations, companies struggle to develop internal expertise and governance strategies. The lack of skilled cybersecurity professionals increases exposure to data breaches, compliance failures, and financial losses. Experts emphasize proactive risk management, internal audit enhancements, and workforce upskilling to strengthen enterprise security.
Union Law Minister Urges Stronger Cyber Protections for Women
Union Law Minister Arjun Ram Meghwal has called for better digital safety measures for women, emphasizing the importance of strong passwords and limiting personal information online. Speaking at an NCW Cyber Awareness Program, he warned against cyberbullying, AI-driven misinformation, and online fraud.
Meghwal highlighted new legal provisions targeting AI-generated deepfakes, fake profiling, and cyber harassment, urging victims to report incidents immediately. The government is also strengthening cybersecurity laws to tackle digital crimes more effectively.
Google Introduces AI-Powered Scam Detection for Android Users
Google Messages has launched an AI-driven scam detection feature to protect Android users from text-based phishing attacks. The tool monitors SMS, MMS, and RCS messages in real time, identifying suspicious patterns that could indicate fraud.
Once a scam is detected, Google Messages issues an instant warning, allowing users to block and report the sender. This move comes as scammers increasingly use AI-driven conversational phishing to trick users into financial fraud.
Hunters International gang behind Rata Technologies Cyberattack
The Hunters International ransomware gang has claimed responsibility for a January 2025 cyberattack on Tata Technologies, stealing 1.4TB of sensitive data. The engineering and digital solutions firm, which operates in 27 countries, reported minimal operational impact, with no disruption to client services.
Ransomware groups increasingly target large enterprises, exploiting weak security protocols and unpatched systems. Experts warn that such attacks can lead to intellectual property theft, financial losses, and reputational damage.
Gregory & Appel Insurance Data Breach Exposes Social Security Numbers
Gregory & Appel Insurance has reported a data breach that compromised customer names and Social Security numbers. The company discovered the attack on February 5, 2025, when hackers gained access through a fraudulent email impersonating its CFO.
The unauthorized access prompted an internal investigation, revealing that sensitive customer data had been exposed. The company has since notified affected individuals and urged them to monitor financial accounts for identity theft risks.
YouTube Warns Creators of AI-Generated Phishing Scam
YouTube has alerted content creators about a phishing scam using deepfake videos of CEO Neal Mohan. The fake video, privately shared with users, falsely claims monetization policy changes to steal credentials.
“YouTube and its employees will never contact users through private videos,” the company clarified. This scam follows a growing trend of AI-generated impersonation attacks targeting high-profile executives to deceive users.
Majority of Indian Citizens Believe Their Personal Data is Compromised
A survey by LocalCircles reveals that 87% of Indian citizens believe their personal data has been leaked in the public domain. The study, based on responses from 36,000 people across 375 districts, highlights growing concerns over data privacy.
Respondents blame telecom providers (65%), e-commerce platforms (63%), and banks (56%) for data breaches. Many also point fingers at government departments for failing to secure sensitive information.
Cyber Threats in Indian Aviation: 80,000+ Attacks Recorded
A report by CyberPeace highlights escalating cyber threats in India’s aviation industry. Between June and August 2024, simulated attacks recorded 80,588 intrusion attempts, exposing vulnerabilities in Telnet (64,104 attacks), MySQL (15,629), and HTTP (512).
Attackers leveraged brute-force attempts using 296 unique usernames and 15,928 passwords to bypass authentication. The malicious traffic originated from China, India, the US, South Korea, and Taiwan.
Ransomware Attack Hits Penn-Harris-Madison School Network
The Penn-Harris-Madison school district is battling a ransomware attack that forced administrators to shut down network-connected computers.
While desktop systems remain offline as a precaution, students and staff can still use Chromebooks, laptops, and cloud-based applications. The IT team is working to restore services and assess potential data exposure.
Hackers Exploit AWS for Phishing Campaigns
Researchers at Palo Alto Networks Unit 42 have uncovered a phishing campaign exploiting misconfigured AWS environments. Tracked as TGR-UNK-0011 (JavaGhost), the threat actors leverage Amazon SES and WorkMail to send phishing emails.
Rather than exploiting AWS vulnerabilities, attackers take advantage of exposed AWS access keys, making phishing emails appear legitimate and bypass security filters.
Hackers Exploit Microsoft Teams & Quick Assist for Stealth Attacks
Security researchers at Trend Micro have uncovered a cyberattack campaign targeting Microsoft Teams and Quick Assist for unauthorized access.
Since October 2024, 21 incidents have been recorded across North America and Europe. Attackers use social engineering to steal credentials, then exploit Quick Assist for privilege escalation.
India’s Cyber Losses to Cross ₹20,000 Crore in 2025
India is expected to suffer cybercrime-related financial losses exceeding ₹20,000 crore this year, according to CloudSEK. Their study, based on data from 200 firms, 5,000 domain takedowns, and 16,000 brand abuse cases, highlights a worrying trend.
A significant ₹9,000 crore loss stems from brand impersonation, which accounts for nearly one-third of all cyber frauds. The report underscores the urgent need for businesses to strengthen digital defenses as brand abuse plays a role in 70% of high-value cyber scams targeting Indian enterprises.
Hackers Exploit Decades-Old Bugs, Attack Faster Than Ever
Cybercriminals are actively exploiting both newly disclosed vulnerabilities and long-forgotten security flaws, some dating back to the 1990s. GreyNoise’s 2025 Mass Internet Exploitation Report found that 40% of vulnerabilities targeted in 2024 were from 2020 or earlier. Attackers are also accelerating their exploitation speed, sometimes breaching systems within hours of vulnerability disclosure.
The study also notes that ransomware groups accounted for 28% of vulnerabilities exploited before they were flagged by CISA’s KEV catalog. Organizations must adopt rapid patching strategies to counter these growing threats.
Polish Space Agency Hit by Cyberattack
Poland’s Space Agency (POLSA) fell victim to an unauthorized cyber intrusion, prompting authorities to secure compromised systems and launch an investigation. Minister for Digitalization Krzysztof Gawkowski confirmed the breach, stating that aggressive efforts are underway to trace the perpetrators.
Poland has frequently accused Russia of cyber warfare tactics aimed at destabilizing the nation, particularly due to its role in supporting Ukraine. While no official attribution has been made, the attack raises concerns over critical infrastructure security in geopolitical conflicts.
Zapier Security Breach Exposes Customer Data
Automation platform Zapier revealed that an unauthorized actor accessed its code repositories, potentially exposing customer data. The breach occurred when sensitive information was unintentionally copied into debugging files.
While Zapier asserts that its databases, authentication systems, and infrastructure were not affected, the incident highlights risks associated with improper data handling. With Zapier integrating with thousands of business applications, any compromise raises concerns about downstream impacts on users who rely on the platform for workflow automation.
