Rise of Fake Loan App Scams

Executive Summary:

An old video dated 2023 showing the arrest of a Bangladeshi migrant for murdering a Polish woman has been going viral massively on social media claiming that he is an Indian national. This viral video was fact checked and debunked. 

Claim:

The video circulating on social media alleges that an Indian migrant was arrested in Greece for assaulting a  young Christian girl. It has been shared with narratives maligning Indian migrants. The post was first shared on Facebook by an account known as “Voices of hope” and has been shared in the report as well. 

Post Link

Facts:

The CyberPeace Research team has utilized Google Image Search to find the original source of the claim. Upon searching we find the original news report published by Greek City Times in June 2023.

Post Link

The person arrested in the video clip is a Bangladeshi migrant and not of Indian origin. CyberPeace Research Team assessed the available police reports and other verifiable sources to confirm that the arrested person is Bangladeshi.

The video has been dated 2023, relating to a case that occurred in Poland and relates to absolutely nothing about India migrants.

Neither the Polish government nor authorized news agency outlets reported Indian citizens for the controversy in question.

‍

Original Post Link

Conclusion:

The viral video falsely implicating an Indian migrant in a Polish woman’s murder is misleading. The accused is a Bangladeshi migrant, and the incident has been misrepresented to spread misinformation. This highlights the importance of verifying such claims to prevent the spread of xenophobia and false narratives.

• Claim: Video shows an Indian immigrant being arrested in Greece for allegedly assaulting a young Christian girl.
• Claimed On: X (Formerly Known As Twitter) and Facebook.
• Fact Check: Misleading.

Introduction to Grooming

The term grooming is believed to have been first used by a group of investigators in the 1970s to describe patterns of seduction of an offender towards a child. It eventually evolved and began being commonly used by law enforcement agencies and has now replaced the term seduction for this behavioural pattern. At its core, grooming refers to conditioning a child by an adult offender to further their wrong motives. In its most popular sense, it refers to the sexual victimisation of children whereby an adult befriends a minor and builds an emotional connection to sexually abuse, exploit and even trafficking such a victim. The onset of technology has shifted the offline physical proximity of perpetrators to the internet, enabling groomers to integrate themselves completely into the victim’s life by maintaining consistent contact. It is noted that while grooming can occur online and offline, groomers often establish online contact before moving the ‘relationship’ offline to commit sexual offences.

Underreporting and Vulnerability of Teenagers

Given the elusive nature of the crime, cyber grooming remains one of the most underreported crimes by victims, who are often unaware or embarrassed to share their experiences. Teenagers are particularly more susceptible to cyber grooming since they not only have more access to the internet but also engage in more online risk-taking behaviours such as posting sensitive and personal pictures. Studies indicate that individuals aged 18 to 23 often lack awareness regarding the grooming process. They frequently engage in relationships with groomers without recognising the deceptive and manipulative tactics employed, mistakenly perceiving these relationships as consensual rather than abusive.

Rise of Cyber Grooming incidents after COVID-19 pandemic

There has been an uptick in cyber grooming after the COVID-19 pandemic, whereby an adult poses as a teenager or a child and befriends a minor on child-friendly websites or social media outlets and builds an emotional connection with the victim. The main goal is to obtain intimate and personal data of the minor, often in the form of sexual chats, pictures or videos, to threaten and coerce them into continuing such acts. The grooming process usually begins with seemingly harmless inquiries about the minor's age, interests, and family background. Over time, these questions gradually shift to topics concerning sexual experiences and desires. Research and data indicate that online grooming is primarily carried out by males, who frequently choose their victims based on attractiveness, ease of access, and the ability to exploit the minor's vulnerabilities. 

Beyond Sexual Exploitation: Ideological and Commercial Grooming

Grooming is not confined to sexual exploitation. The rise of technology has expanded the influence of extremist ideological groups, granting them access to children who can be coerced into adopting their beliefs. This phenomenon, known as ideological grooming, presents significant personal, social, national security, and law enforcement challenges. Additionally, a new trend, termed digital commercial grooming, involves malicious actors manipulating minors into procuring and using drugs. Violent extremists are improving their online recruitment strategies, learning from each other to target and recruit supporters more effectively and are constantly leveraging children’s vulnerabilities to reinforce anti-government ideologies.

Policy Recommendations to Combat Cyber Grooming

To address the pervasive issue of cyber grooming and child recruitment by extremist groups, several policy recommendations can be implemented. Social media and online platforms should enhance their monitoring and reporting systems to swiftly detect and remove grooming behaviours. This includes investing in AI technologies for content moderation and employing dedicated teams to respond to reports promptly. Additionally, collaborative efforts with cybersecurity experts and child psychologists to develop educational campaigns and tools that teach children about online safety and identify grooming tactics should be mandated. Legislation should also be strengthened to include provisions specifically addressing cyber grooming, ensuring strict penalties for offenders and protections for victims. In this regard, international cooperation among law enforcement agencies and tech companies is essential to create a unified approach to tackling cross-border online threats to children's safety and security.

References:

1. Lanning, Kenneth “The Evolution of Grooming: Concept and Term”, Journal of Interpersonal Violence, 2018, Vol. 33 (1) 5-16. https://www.nationalcac.org/wp-content/uploads/2019/05/The-evolution-of-grooming-Concept-and-term.pdf 
2. Jonie Chiu, Ethel Quayle, “Understanding online grooming: An interpretative phenomenological analysis of adolescents' offline meetings with adult perpetrators”, Child Abuse & Neglect, Volume 128, 2022, 105600, ISSN 0145-2134,https://doi.org/10.1016/j.chiabu.2022.105600. https://www.sciencedirect.com/science/article/pii/S014521342200120X 
3. “Online child sexual exploitation and abuse”, Sharinnf Electronic Resources on Laws and Crime, United Nations Office for Drugs and Crime. https://sherloc.unodc.org/cld/en/education/tertiary/cybercrime/module-12/key-issues/online-child-sexual-exploitation-and-abuse.html 
4. Mehrotra, Karishma, “In the pandemic, more Indian children are falling victim to online grooming for sexual exploitation” The Scroll.in, 18 September 2021. https://scroll.in/magazine/1005389/in-the-pandemic-more-indian-children-are-falling-victim-to-online-grooming-for-sexual-exploitation 
5. Lorenzo-Dus, Nuria, “Digital Grooming: Discourses of Manipulation and Cyber-Crime”, 18 December 2022 https://academic.oup.com/book/45362
6. Strategic orientations on a coordinated EU approach to prevention of radicalisation in 2022-2023 https://home-affairs.ec.europa.eu/system/files/2022-03/2022-2023%20Strategic%20orientations%20on%20a%20coordinated%20EU%20approach%20to%20prevention%20of%20radicalisation_en.pdf 
7. “Handbook on Children Recruited and Exploited by Terrorist and Violent Extremist Groups: The Role of the Justice System”, United Nations Office on Drugs and Crime, 2017. https://www.unodc.org/documents/justice-and-prison-reform/Child-Victims/Handbook_on_Children_Recruited_and_Exploited_by_Terrorist_and_Violent_Extremist_Groups_the_Role_of_the_Justice_System.E.pdf 

‍

Disclaimer:

This report is based on extensive research conducted by CyberPeace Research using publicly available information, and advanced analytical techniques. The findings, interpretations, and conclusions presented are based on the data available at the time of study and aim to provide insights into global ransomware trends.

The statistics mentioned in this report are specific to the scope of this research and may vary based on the scope and resources of other third-party studies. Additionally, all data referenced is based on claims made by threat actors and does not imply confirmation of the breach by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.

CyberPeace Research does not claim to have identified or attributed specific cyber incidents to any individual, organization, or nation-state beyond the scope of publicly observable activities and available information. All analyses and references are intended for informational and awareness purposes only, without any intention to defame, accuse, or harm any entity.

While every effort has been made to ensure accuracy, CyberPeace Research is not liable for any errors, omissions, subsequent interpretations and any unlawful activities of the findings by third parties. The report is intended to inform and support cybersecurity efforts globally and should be used as a guide to foster proactive measures against cyber threats.

Executive Summary: 

The 2024 ransomware landscape reveals alarming global trends, with 166 Threat Actor Groups leveraging 658 servers/underground resources and mirrors to execute 5,233 claims across 153 countries. Monthly fluctuations in activity indicate strategic, cyclical targeting, with peak periods aligned with vulnerabilities in specific sectors and regions. The United States was the most targeted nation, followed by Canada, the UK, Germany, and other developed countries, with the northwestern hemisphere experiencing the highest concentration of attacks. Business Services and Healthcare bore the brunt of these operations due to their high-value data, alongside targeted industries such as Pharmaceuticals, Mechanical, Metal, Electronics, and Government-related professional firms. Retail, Financial, Technology, and Energy sectors were also significantly impacted.

This research was conducted by CyberPeace Research using a systematic modus operandi, which included advanced OSINT (Open-Source Intelligence) techniques, continuous monitoring of Ransomware Group activities, and data collection from 658 servers and mirrors globally. The team utilized data scraping, pattern analysis, and incident mapping to track trends and identify hotspots of ransomware activity. By integrating real-time data and geographic claims, the research provided a comprehensive view of sectoral and regional impacts, forming the basis for actionable insights.

The findings emphasize the urgent need for proactive Cybersecurity strategies, robust defenses, and global collaboration to counteract the evolving and persistent threats posed by ransomware.

Overview:

This report provides insights into ransomware activities monitored throughout 2024. Data was collected by observing 166 Threat Actor Groups using ransomware technologies across 658 servers/underground resources and mirrors, resulting in 5,233 claims worldwide. The analysis offers a detailed examination of global trends, targeted sectors, and geographical impact.

Top 10 Threat Actor Groups:

The ransomware group ‘ransomhub’ has emerged as the leading threat actor, responsible for 527 incidents worldwide. Following closely are ‘lockbit3’ with 522 incidents and ‘play’ with 351. Other Groups are ‘akira’, ‘hunters’, ‘medusa’, ‘blackbasta’, ‘qilin’, ‘bianlian’, ‘incransom’. These groups usually employ advanced tactics to target critical sectors, highlighting the urgent need for robust cybersecurity measures to mitigate their impact and protect organizations from such threats.

Monthly Ransomware Incidents:

In January 2024, the value began at 284, marking the lowest point on the chart. The trend rose steadily in the subsequent months, reaching its first peak at 557 in May 2024. However, after this peak, the value dropped sharply to 339 in June. A gradual recovery follows, with the value increasing to 446 by August. September sees another decline to 389, but a sharp rise occurs afterward, culminating in the year’s highest point of 645 in November. The year concludes with a slight decline, ending at 498 in December 2024 (till 28th of December).

Top 10 Targeted Countries:

1. The United States consistently topped the list as the primary target probably due to its advanced economic and technological infrastructure.
2. Other heavily targeted nations include Canada, UK, Germany, Italy, France, Brazil, Spain, and India.
3. A total of 153 countries reported ransomware attacks, reflecting the global scale of these cyber threats

Top Affected Sectors:

1. Business Services and Healthcare faced the brunt of ransomware threat due to the sensitive nature of their operations.
2. Specific industries under threats:
   1. Pharmaceutical, Mechanical, Metal, and Electronics industries.
   2. Professional firms within the Government sector.
3. Other sectors:
   1. Retail, Financial, Technology, and Energy sectors were also significant targets.

Geographical Impact:

The continuous and precise OSINT(Open Source Intelligence) work on the platform, performed as a follow-up action to data scraping, allows a complete view of the geography of cyber attacks based on their claims. The northwestern region of the world appears to be the most severely affected by Threat Actor groups. The figure below clearly illustrates the effects of this geographic representation on the map.

Ransomware Threat Trends in India:

In 2024, the research identified 98 ransomware incidents impacting various sectors in India, marking a 55% increase compared to the 63 incidents reported in 2023. This surge highlights a concerning trend, as ransomware groups continue to target India's critical sectors due to its growing digital infrastructure and economic prominence.

Top Threat Actors Group Targeted India:

Among the following threat actors ‘killsec’ is the most frequent threat. ‘lockbit3’  follows as the second most prominent threat, with significant but lower activity than killsec. Other groups, such as ‘ransomhub’, ‘darkvault’, and ‘clop’, show moderate activity levels. Entities like ‘bianlian’, ‘apt73/bashe’, and ‘raworld’ have low frequencies, indicating limited activity. Groups such as ‘aps’ and ‘akira’ have the lowest representation, indicating minimal activity. The chart highlights a clear disparity in activity levels among these threats, emphasizing the need for targeted cybersecurity strategies.

Top Impacted Sectors in India:

The pie chart illustrates the distribution of incidents across various sectors, highlighting that the industrial sector is the most frequently targeted, accounting for 75% of the total incidents. This is followed by the healthcare sector, which represents 12% of the incidents, making it the second most affected. The finance sector accounts for 10% of the incidents, reflecting a moderate level of targeting. In contrast, the government sector experiences the least impact, with only 3% of the incidents, indicating minimal targeting compared to the other sectors. This distribution underscores the critical need for enhanced cybersecurity measures, particularly in the industrial sector, while also addressing vulnerabilities in healthcare, finance, and government domains.

Month Wise Incident Trends in India:

The chart indicates a fluctuating trend with notable peaks in May and October, suggesting potential periods of heightened activity or incidents during these months. The data starts at 5 in January and drops to its lowest point, 2, in February. It then gradually increases to 6 in March and April, followed by a sharp rise to 14 in May. After peaking in May, the metric significantly declines to 4 in June but starts to rise again, reaching 7 in July and 8 in August. September sees a slight dip to 5 before the metric spikes dramatically to its highest value, 24, in October. Following this peak, the count decreases to 10 in November and then drops further to 7 in December.

CyberPeace Advisory:

1. Implement Data Backup and Recovery Plans: Backups are your safety net. Regularly saving copies of your important data ensures you can bounce back quickly if ransomware strikes. Make sure these backups are stored securely—either offline or in a trusted cloud service—to avoid losing valuable information or facing extended downtime.  
2. Enhance Employee Awareness and Training: People often unintentionally open the door to ransomware. By training your team to spot phishing emails, social engineering tricks, and other scams, you empower them to be your first line of defense against attacks.  
3. Adopt Multi-Factor Authentication (MFA): Think of MFA as locking your door and adding a deadbolt. Even if attackers get hold of your password, they’ll still need that second layer of verification to break in. It’s an easy and powerful way to block unauthorized access.  
4. Utilize Advanced Threat Detection Tools: Smart tools can make a world of difference. AI-powered systems and behavior-based monitoring can catch ransomware activity early, giving you a chance to stop it in its tracks before it causes real damage.  
5. Conduct Regular Vulnerability Assessments: You can’t fix what you don’t know is broken. Regularly checking for vulnerabilities in your systems helps you identify weak spots. By addressing these issues proactively, you can stay one step ahead of attackers.

 ‍

Conclusion:

The 2024 ransomware landscape reveals the critical need for proactive cybersecurity strategies. High-value sectors and technologically advanced regions remain the primary targets, emphasizing the importance of robust defenses. As we move into 2025, it is crucial to anticipate the evolution of ransomware tactics and adopt forward-looking measures to address emerging threats. 

Global collaboration, continuous innovation in cybersecurity technologies, and adaptive strategies will be imperative to counteract the persistent and evolving threats posed by ransomware activities. Organizations and governments must prioritize preparedness and resilience, ensuring that lessons learned in 2024 are applied to strengthen defenses and minimize vulnerabilities in the year ahead.

‍

‍