By 63SATS Cybertech News Desk
India faces a growing wave of cyber threats—from daily ransomware spikes and SMB-targeted exploits to scams deceiving religious pilgrims. Globally, attackers are ramping up operations: Russia targets Dutch infrastructure, Elusive Comet steals crypto, and Interlock deploys fake IT fixes. Major breaches hit Marks & Spencer, Ahold Delhaize, and Baltimore schools.
Meanwhile, Japan battles $350M in fraudulent trades, and Abilene, Texas, shuts systems post-attack. Amidst this, Microsoft advances phishing-resistant MFA, and Mumbai Police boosts cyber training. RBI’s domain migration and Sophos’ SMB warning highlight the urgent need for infrastructure upgrades and cyber resilience across industries and geographies.
RBI Mandates ‘.bank.in’ Domain to Boost Trust
The RBI has mandated all Indian banks to migrate to ‘.bank.in’ domains by October 31, 2025, enhancing cybersecurity and trust in digital banking. Overseen by IDRBT and NIXI, this move aims to curb phishing and spoofing risks and aligns with global cybersecurity best practices.
Marks & Spencer Hit by Cyber Incident
Marks & Spencer confirmed a cyberattack, leading to temporary operational changes. Despite the breach, its website, app, and stores remain functional. Cybersecurity experts are investigating, and data authorities have been notified. The incident highlights the rising threat to retail operations and sensitive customer data.
Russian Cyber Threats Target Dutch Infrastructure
Dutch military intelligence revealed increased Russian hybrid attacks targeting public services and critical infrastructure. With threats including sabotage and disinformation, the agency warns these state-linked cyber activities will likely persist post-conflict. The report underscores the growing cybersecurity risks facing European allies.
Microsoft Pushes Phishing-Proof MFA
Microsoft announced that 92% of employee accounts now use phishing-resistant MFA under its Secure Future Initiative. Triggered by recent state-sponsored cyberattacks, the company’s efforts mark a significant step in preventing identity theft and credential abuse across enterprise systems.
Texas City Shuts Systems After Cyberattack
A cyberattack on Abilene, Texas, disrupted city services, forcing offline payments and operational slowdowns. Emergency services remain functional, and no financial fraud has been detected. The city is investigating with external experts while urging residents to use online or manual payment alternatives.
Baltimore School Ransomware Attack Exposes Data
A February ransomware attack on Baltimore City Public Schools exposed sensitive data of over 1,150 students, along with staff and contractors. No ransom was paid. The breach highlights vulnerabilities in educational systems and the need for improved defenses to protect personal data.
Mumbai Police Launch Cybercrime Training
Mumbai Police trained 253 officers in cyber forensics, supported by FedEx and United Way. Covering phishing, fraud, and digital crimes, the initiative boosts preparedness across cyber cells and crime branches. Officials emphasized the importance of public awareness and interagency collaboration to counter evolving threats.
$350M Fraud Hits Japan’s Trading Sector
Japan’s FSA reported over $350 million in unauthorized trades across 12 firms, traced to phishing attacks on brokerage sites. Hackers sold stocks from breached accounts to buy Chinese shares. Authorities warn more cases may surface, urging caution among online investors.
Elusive Comet Scams Crypto Users with Fake Brands
Threat group Elusive Comet is stealing crypto through fake websites, brands, and podcasts. Impersonating legitimate firms like “Aureon Capital,” they lure victims via email and social media. Researchers say the group has stolen millions, using social engineering and fake media to deceive investors.
Mustang Panda Unleashes New Cyber Tools
China-linked Mustang Panda targeted a Myanmar entity using its TONESHELL backdoor and introduced new tools like PAKLOG, CorKLOG, StarProxy, and SplatCloak. The campaign reflects evolving tactics aimed at bypassing detection and exploiting geopolitical tensions for espionage.
Sophos: Outdated Tech Jeopardizes Indian SMBs
A Sophos report warns that outdated VPNs, firewalls, and routers are exposing Indian SMBs to major cyber risks. These legacy devices caused 30% of breaches in 2024. With ransomware accounting for 90% of attacks on midsize firms, modernizing infrastructure is now critical.
India Sees Daily Ransomware Spike in 2024
India experienced a surge in ransomware attacks in 2024, with 665 daily incidents, per Kaspersky. The Trojan-Ransom.Win32.Wanna.m strain dominated, locking users out or corrupting data. Both businesses and individuals were hit, highlighting the urgent need for proactive cyber resilience and stronger digital defenses.
Pilgrims Scammed by Fake Yatra Booking Portals
Cybercriminals are targeting Indian pilgrims with fake websites and social media ads offering fraudulent bookings to Kedarnath and Chaar Dhaam. The Ministry of Home Affairs warns against scam portals promising helicopter rides and hotels. I4C urges verification before payments as such schemes exploit faith-based travel during Yatra season.
Chinese Smishing Kit Mimics U.S. Toll Systems
A Chinese toolkit-led smishing scam is targeting U.S. toll users via fake E-ZPass alerts. Victims receive SMS messages directing them to phishing sites. Cisco Talos links the operation to Telegram-based service Lighthouse. States like Texas and Florida remain vulnerable to this ongoing and evolving toll payment fraud.
Ahold Delhaize Confirms Data Breach Across Brands
Ahold Delhaize USA disclosed a data breach impacting chains like Food Lion and Stop & Shop. Attackers accessed internal files during a 2024 cyberattack. Following online service outages, the company continues investigating the breach, which exposes vulnerabilities in retail systems and raises supply chain cybersecurity concerns.
Interlock Ransomware Hides in Fake IT Fixes
The Interlock gang is using fake IT tools in a ClickFix campaign to trick users into executing PowerShell commands. This injects ransomware into networks, targeting Windows and FreeBSD systems. Interlock operates independently with its own leak site, demanding large ransoms while evading detection via clever social engineering.
