This new digital workforce has pushed most employees to go online, including video conferencing, which has led to privacy issues and phishing attempts, including ransomware attacks.
We can’t stress enough how cyber threats will rise in the coming years. The recent COVID-19 pandemic has opened doors to many cybercriminals to target enterprises to acquire confidential data. Organizations have begun adapting to the recent changes and are allowing employees to work remotely from home. However, this adaptation has allowed cybercriminals to hack employees to reveal confidential information secretly. Many companies have reported that providing security to their remote workforce is becoming a challenge. So, is your company ready to face such a threat?
Billion Indian Aadhaar card details were leaked and this is one of the massive data breaches that happened in 2018.UIDAI released the official notification about this data breach and mentioned that around 210 Indian Government websites were hacked. Aadhaar Software Hacked: This data breach included Aadhar, PAN, bank account IFSC codes, and other personal information of the users and anonymous sellers were selling Aadhaar information for Rs. 500 over Whatsapp. Also, one could get an Aadhaar card printout for just Rs.300.
180 million Domino’s India pizza orders are up for sale on the dark web, according to Alon Gal, CTO of cyber intelligence firm Hudson Rock.
Gal found someone asking for 10 bitcoin (roughly $535,000 or ₹4 crore) for 13TB of data that they said included 1 million credit card records and details of 180 million Dominos India pizza orders, topped with customers’ names, phone numbers, and email addresses. Gal shared a screenshot showing that the hacker also claimed to have details of the Domino’s India’s 250 employees, including their Outlook mail archives dating back to 2015.
Jubilant Food Works, the parent company of Domino’s India, told IANS that it had experienced an information security incident, but denied that its customers’ financial information was compromised, as it does not store credit card details. The company website shows that it uses a third-party payment gateway, PayTM.
Another shocking cyberattack that made everyone alert was done in July 2017. The attack was on one of India’s biggest banks; Union Bank of India.
The attack was initiated when an employee opened an email attachment. This email attachment had a malware code. It allowed the hackers to get inside the bank’s system and steal the bank’s data. The email attachment forged a central bank email.
The employee overlooked the details and trusted the email, which initiated a malware attack and allowed the hackers to get inside the bank’s data and steal Union Bank’s access codes for the Society for Worldwide Interbank Financial Telecommunication (SWIFT). SWIFT is used for international transactions. The hacker used these codes and transferred $170 million to a Union Bank account at Citigroup Inc in New York.
Three million text messages sent to customers divulged, An anonymous security researcher revealed that the country’s largest bank, State Bank of India, left a server unprotected by failing to secure it with a password.
The vulnerability was revealed to originate from ‘SBI Quick’ – a free service that provided customers with their account balance and recent transactions over SMS. Close to three million text messages were sent out to customers.
Personally identifiable information of 500,000 Indian police personnel was put up for sale on a database sharing forum. Threat intelligence firm CloudSEK traced the data back to a police exam conducted on 22 December, 2019.
The seller shared a sample of the data dump with the information of 10,000 exam candidates with CloudSEK. The information shared by the company shows that the leaked information contained full names, mobile numbers, email IDs, dates of birth, FIR records and criminal history of the exam candidates.
Further analysis revealed that a majority of the leaked data belonged to candidates from Bihar. The threat-intel firm was also able to confirm the authenticity of the breach by matching mobile numbers with candidates’ names.
This is the second instance of army or police workforce data being leaked online this year. In February, hackers isolated the information of army personnel in Jammu and Kashmir and posted that database on a public website.
COVID-19 lab test results of thousands of Indian patients have been leaked online by government websites.
What’s particularly worrisome is that the leaked data hasn’t been put up for sale in dark web forums, but is publicly accessible owing to Google indexing COVID-19 lab test reports. First reported by Bleeping Computer, the leaked PDF reports that showed up on Google were hosted on government agencies’ websites that typically use *.gov.in and *.nic.in domains. The agencies in question were found to be located in New Delhi.
The leaked information included patients’ full names, dates of birth, testing dates and centres in which the tests were held. Furthermore, the URL structures indicated that the reports were hosted on the same CMS system that government entities typically use for posting publicly accessible documents.