AP bandh over Telangana Bill in LS paralyses normal life

Bengaluru, May 21: The COVID-19-induced lockdown saw a spurt in crybercrimes in India with Kerala recording the highest number during the period, according to an analysis of IT security solutions provider K7 Computing.

The report analyses various cyberattacks within India during the pandemic and reveals that threat actors targeted the States with COVID-19-themed attacks aimed at exploiting user trust.

The sudden surge in the frequency of attacks witnessed from February 2020 to mid-April 2020 indicates that scamsters across the world were exploiting the widespread panic around coronavirus at both the individual and corporate level, the company said in a statement.

These attacks aimed to compromise computers and mobile devices to gain access to users confidential data, banking details and cryptocurrency accounts.

The key threats seen during this period ranged from phishing attacks to rogue apps disguised as COVID-19 information apps that targeted users sensitive data.

Phishing attacks were noticed more in Tier-II and Tier-III cities while the metros fared better.

Smaller cities saw over 250 attacks being blocked per 10,000 users.

Users from Ghaziabad and Lucknow seem to have faced almost six and four times the number of attacks, respectively, as Bengaluru users.

In Kerala, regions like Kottayam, Kannur, Kollam, and Kochi saw the highest hits with 462, 374, 236, and 147 attacks respectively, while the state as a whole saw around 2,000 attacks during the period, the highest thus far in the country.

This was followed by Punjab with 207 attacks and Tamil Nadu at 184 attacks, the statement said.

A majority of the recorded attacks were phishing attacks with sophisticated campaigns that could easily snare even the most educated users, it said.

These attacks were aimed at heightening users fears and creating a sense of urgency to take action.

The report noted phishing attacks where scamsters posed as representatives of the United States Department of the Treasury, the World Health Organisation, and the Centres for Disease Control and Prevention.

Users were encouraged to visit links that would automatically download malware on the host computer such as the Agent Tesla keylogger or Lokibot information-stealing malware, infamous banking Trojans such as Trickbot or Zeus Sphinx, and even disastrous ransomware.

Other attacks included infected COVID-19 Android apps like CoronaSafetyMask that scam users with promises of masks for an upfront payment; the spyware app Project Spy; and seemingly genuine apps that are infected with dangerous malware like banking Trojans such as Ginp, Anubis and Cerberus, it was stated.

In a startling revelation, cybersecurity researchers have claimed that a hacker has posted personal details of nearly 2.9 crore Indian job seekers at one of the hacking forums on the Dark Web for free.

As part of the regular sweep over the Deep Web and Dark Web, researchers from cybersecurity firm Cyble came across an interesting item, where a threat actor posted 2.3GB (zipped) file on one of the hacking forums.

"The leak actually has a lot of personal details of millions of Indians Job seekers from different states," Cyble said in its blog on Friday.

This breach includes sensitive information such as email, phone, home address, qualification and work experience etc from job seekers spanning across states, from New Delhi to Mumbai and Bengaluru. 

Cybercriminals are always on the lookout for such personal information to conduct various nefarious activities such as identity thefts, scams, and corporate espionage.

"It appears to have originated from a resume aggregator service given the sheer volume and detailed information," it added.

Cyble indexed this information at ‘AmIbreached.com; – Cyble's data breach monitoring and notification platform.

Cyble researchers have identified a sensitive data breach on the dark web where an actor has leaked personal details of nearly 29 million Indian job seekers from various states. 

"Cyble's team is still investigating this further and will be updating their article as they bring more facts to the surface,” it said in a statement.

Cyble said it has acquired the leaked data. 

The same cyber security firm earlier exposed that Bengaluru-based edtech firm Unacademy was hacked.

According to Cyble researchers, nearly 22 million Unacademy user accounts were affected and the data was dumped and sold on Dark Web.

'We would like to assure our users that no sensitive information such as financial data or location has been breached," said Hemesh Singh, Co- Founder and CTO, Unacademy, in a statement.

In April, hackers sold personal data of a whopping 267 million Facebook users for just Rs 41,500 (approximately 500 Euros) that includes email addresses, names, Facebook IDs, dates of birth and phone numbers.

No passwords of the 267 million Facebook users were exposed by the hacker, according to Cyble.

New Delhi, Jan 4: The Supreme Court on Thursday extended till June 12 its earlier order of May 15 asking the government not to take any coercive action against companies and employers for violation of Centre's March 29 circular for payment of full wages to employees for the lockdown period.

A bench of Justices Ashok Bhushan, S K Kaul and M R Shah reserved the verdict on a batch of petitions filed by various companies challenging the circular of the Ministry of Home Affairs issued on March 29 asking the employers to pay full wages to the employees during the nationwide lockdown due to the coronavirus pandemic.

In the proceedings conducted through video conferencing, the top court said there was a concern that workmen should not be left without pay, but there may be a situation where the industry may not have money to pay and hence, the balancing has to be done.

Meanwhile, the apex court asked the parties to file their written submissions in support of their claims.

The top court on May 15 had asked the government not to take any coercive action against the companies and employers who are unable to pay full wages to their employees during the nationwide lockdown due to the coronavirus pandemic.

The Centre also filed an affidavit justifying its March 29 direction saying that the employers claiming incapacity in paying salaries must be directed to furnish their audited balance sheets and accounts in the court.

The government has said that the March 29 directive was a "temporary measure to mitigate the financial hardship" of employees and workers, specially contractual and casual, during the lockdown period and the directions have been revoked by the authority with effect from May 18.