India coronavirus deaths jump to 38, cases stand at 1,637

Several India-based firms are spoofing the World Health Organisation (WHO) by creating fake Gmail accounts and luring business leaders in disguise of informing them of latest COVID-19 announcements and hack their personal and financial information, Google has warned.

These "hack-for-hire" firms, many based in India, have been creating Gmail accounts spoofing the WHO, largely targeting business leaders in financial services, consulting, and healthcare corporations within numerous countries including, the US, Slovenia, Canada, India, Bahrain, Cyprus, and the UK.

"The lures themselves encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that bear a strong resemblance to the official WHO website," security researchers from Google's Threat Analysis Group said on Wednesday.

The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers.

On any given day, Google's Threat Analysis Group (TAG) said it is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries.

Last month, it sent 1,755 warnings to users whose accounts were targets of government-backed attackers.

"Our team of analysts and security experts is focused on identifying and stopping issues like phishing campaigns, zero-day vulnerabilities and hacking against Google, our products and our users," said the tech giant.

Google continues to see attacks from groups like Charming Kitten on medical and healthcare professionals, including WHO employees.

"We're seeing a resurgence in COVID-related hacking and phishing attempts from numerous commercial and government-backed attackers," said the company.

Government-backed or state-sponsored groups have different goals in carrying out their attacks: Some are looking to collect intelligence or steal intellectual property; others are targeting dissidents or activists, or attempting to engage in coordinated influence operations and disinformation campaigns.

Google said that since March, it has removed more than 1,000 YouTube channels that were part of a large campaign and behaving in a coordinated manner.

"These channels were mostly uploading spammy, non-political content, but a small subset posted primarily Chinese-language political content similar to the findings of a recent Graphika report," said the company.

Several cybersecurity firms have seen a spike in COVID-19 related scams and hacking attempts. Hackers are also creating scam sites similar to COVID-19 relief packages.

Researchers at Check Point Software Technologies revealed in mid-May that they have seen 192,000 coronavirus-related cyber-attacks per week over the past three weeks, a 30 % increase compared to previous weeks.

In a startling revelation, cybersecurity researchers have claimed that a hacker has posted personal details of nearly 2.9 crore Indian job seekers at one of the hacking forums on the Dark Web for free.

As part of the regular sweep over the Deep Web and Dark Web, researchers from cybersecurity firm Cyble came across an interesting item, where a threat actor posted 2.3GB (zipped) file on one of the hacking forums.

"The leak actually has a lot of personal details of millions of Indians Job seekers from different states," Cyble said in its blog on Friday.

This breach includes sensitive information such as email, phone, home address, qualification and work experience etc from job seekers spanning across states, from New Delhi to Mumbai and Bengaluru. 

Cybercriminals are always on the lookout for such personal information to conduct various nefarious activities such as identity thefts, scams, and corporate espionage.

"It appears to have originated from a resume aggregator service given the sheer volume and detailed information," it added.

Cyble indexed this information at ‘AmIbreached.com; – Cyble's data breach monitoring and notification platform.

Cyble researchers have identified a sensitive data breach on the dark web where an actor has leaked personal details of nearly 29 million Indian job seekers from various states. 

"Cyble's team is still investigating this further and will be updating their article as they bring more facts to the surface,” it said in a statement.

Cyble said it has acquired the leaked data. 

The same cyber security firm earlier exposed that Bengaluru-based edtech firm Unacademy was hacked.

According to Cyble researchers, nearly 22 million Unacademy user accounts were affected and the data was dumped and sold on Dark Web.

'We would like to assure our users that no sensitive information such as financial data or location has been breached," said Hemesh Singh, Co- Founder and CTO, Unacademy, in a statement.

In April, hackers sold personal data of a whopping 267 million Facebook users for just Rs 41,500 (approximately 500 Euros) that includes email addresses, names, Facebook IDs, dates of birth and phone numbers.

No passwords of the 267 million Facebook users were exposed by the hacker, according to Cyble.

Mumbai, Mar 8: A day after the Enforcement Directorate registered a money laundering case against Yes Bank founder Rana Kapoor and raided his premises, he was taken to the agency's office in Mumbai on Saturday for further questioning.

Kapoor, who was grilled by central agency's officials on Friday night at his Samudra Mahal residence in Mumbai, was shifted to the ED office in the metropolis around 12.30 pm.

ED officials said Kapoor was questioned throughout the night, with some rest time.

A senior ED official connected with the probe told IANS: "Kapoor will be questioned about Yes Bank loans to Dewan Housing Finance Limited (DHFL)."

The official said that during searches a lot of incriminating documents were found and the agency wanted to grill him on his links with DHFL promoters and other companies.

Kapoor's alleged role in the disbursal of loan to a corporate entity and kickbacks reportedly received in his wife's bank account are also under probe.

The ED had filed the money laundering case against Kapoor and raided his residence, apart from issuing a look-out circular so that he does not flee the country.

The ED registered a money laundering case against Kapoor as a continuation of its probe against the DHFL wherein it was allegedly found that Rs 12,500 crore was diverted to 80 shell companies using one lakh fake borrowers. The transactions with these shell companies date back to 2015.

An ED official in New Delhi told IANS that the DHFL probe revealed that funds diverted by the DHFL originated from Yes Bank.

He said that the searches at Kapoor's residence on Friday night were meant to find out any irregularity in grant of loans to the DHFL by the Yes Bank.

The ED has accused Kapil and Dheeraj Wadhawan of DHFL of purchasing shares in five firms -- Faith Realtors, Marvel Township, Abe Realty, Poseidon Realty, and Random Realtors -- after which they were amalgamated with Sunblink.

The outstanding loans of these five firms, totalling around Rs 2,186 crore till July 2019, were allegedly appropriated onto the books of Sunblink to cover up the diversion of loans acquired from DHFL.

The ED's action comes after the RBI superseded Yes Bank Board for 30 days and appointed an administrator, putting a cap of Rs 50,000 on withdrawals by account holders for a month.

The RBI said that the bank's board was superseded "owing to serious deterioration in the financial position of the bank".

Former SBI CFO Prashant Kumar was appointed as administrator of Yes Bank, which has over 1,000 branches and 1,800-plus ATMs across the country.

On Thursday, Union Finance Minister Nirmala Sitharaman said that the bank was on watch since 2017 and developments relating to it were monitored on a day-to-day basis.