What’s Your New Year's Resolution?
2025 is knocking firmly at our door and we have promises to make and resolutions to keep. Time you make your list for the New Year and check it twice.
- Lifestyle targets 🡪 Check
- Family targets 🡪 Check
- Social targets 🡪 Check
Umm, so far so good, but what about your cybersecurity targets for the year? Hey, you look confused and concerned. Wait a minute, you do not have one, do you?
I get it. Though the digital world still puzzles, and sometimes outright scares us, we still are not in the ‘Take-Charge-Of-Your-Digital-Safety Mode. We prefer to depend on whatever software security we are using and keep our fingers crossed that the bad guys (read threat actors) do not find us.
Let me illustrate why cybersecurity should be one of your top priorities. You know that stress is a major threat to our continued good health, right? However, if your devices, social media accounts, office e-mail or network, or God forbid, bank accounts become compromised, would that not cause stress? Think about it and the probable repercussions and you will comprehend why I am harping on prioritising security.
Fret not. We will keep it brief as we well know you have 101 things to do in the next few days leading up to 01/01/2025. Just add cyber health to the list and put in motion the following:
- Install and activate comprehensive security software on ALL internet-enabled devices you have at home. Yes, including your smartphones.
- Set yourself a date to change and create separate unique passwords for all accounts. Or use the password manager that comes with all reputed security software to make life simpler.
- Keep home Wi-Fi turned off at night
- Do not set social media accounts to auto-download photos/documents
- Activate parental controls on all the devices used by your children to monitor and mentor them. But keep them apprised.
- Do not blindly trust anyone or anything online – this includes videos, speeches, emails, voice calls, and video calls. Be aware of fakes.
- Be aware of the latest threats and talk about unsafe cyber practices and behaviour often at home.
Short and sweet, as promised.
We will be back, with more tips, and answers to your queries. Drop us a line anytime, and we will be happy to resolve your doubts.
Ciao!
Related Blogs

Executive Summary:
Social media is buzzing with a link that claims to offer an iPhone 15 as a gift from LuLu Hypermarket, presented as part of Holi celebrations. This article examines the deceptive tactics behind this fraudulent offer and provides guidance on recognizing and avoiding such scams.
False Claim:
The link being shared is misleading and falsely claims that LuLu Hypermarket is giving away free iPhone 15 phones. This is taking advantage of the Holi festival to trick unsuspecting people. When users click on the link, they are redirected multiple times and end up on a page with LuLu Hypermarket's photo and some simple questions. Fake comments are also used to make the offer seem genuine, but it is all a deception.
The Deceptive Scheme:
The plan uses psychological tricks by linking the offer to a famous brand and a popular celebration. The landing page's simplicity and phoney comments try to make users trust it and feel like they need to act fast, so they'll join the scam.
The Fraudulent Campaign Analysed:
The scammers are using psychological tactics to manipulate people. They're exploiting the trust people have in LuLu Hypermarket and the excitement around the new iPhone 15 during the Holi festival. The fake questionnaire serves no real purpose, but it's a way to engage users and make the scam seem legitimate. Testimonials claiming people have successfully received the iPhone 15 are also fake, designed to create a false sense of credibility. Users are prompted to select a "gift box," which adds an interactive element to draw them in further. When a user selects a box, they're falsely congratulated on winning the iPhone 15, giving them a sense of accomplishment. Finally, users are urged to share the link via WhatsApp to "claim" the gift, spreading the scam to more potential victims.
What do we Analyse? :
- We analyse the deceptive tactics employed by the scam, including psychological manipulation, false engagement techniques, and fake testimonials, all aimed at convincing users of the offer's legitimacy.
Link : (https://sophisticateddistort[.]top/nTiwpTTTT526?llue1696559991144)
- It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by Lulu Hypermarket So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
- The campaign is hosted on a third party domain instead of any official Website of LuLu Hypermarket, this raised suspicion. Also the domain was registered last year.
- The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

- Domain Name: sophisticateddistort.top
- Registry Domain ID: D20230629G10001G_04181852-top
- Registrar WHOIS Server: whois.west263.com
- Registrar URL: www.west263.com
- Updated Date: 2023-07-01T02:55:34Z
- Creation Date: 2023-06-29T06:05:00Z
- Registry Expiry Date: 2024-06-29T06:05:00Z
- Registrar: Chengdu west dimension digital
- Registrant State/Province: Shan Xi
- Registrant Country: CN (China)
- Name Server: curt.ns.cloudflare.com
- Name Server: harlee.ns.cloudflare.com
Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.
CyberPeace Advisory:
- Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
- Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
- Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
- Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
- For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.
Conclusion:
During the festive season, as we engage in merrymaking and online activities, we should be mindful of fraudster's exploitation strategies. Another instance is the illegitimate Lulu Hypermarket offer of the upcoming iPhone 15. With the knowledge and carefulness, we can report any suspicious actions to avoid being victims of fraud in this way. Keep in mind the fact that legitimate offers are usually issued by trustworthy sources while if, the offer looks too good to be true, then it is rather a scam.

Introduction
The Indian Computer Emergency Response Team, CERT-In, is the national statutory agency that responds to Cybersecurity Incidents under the Ministry of Electronics and Information Technology (MeitY) of the Government of India. CERT-In and Information Sharing and Analysis Center (ISAC) have joined hands to develop a focused pool of Cybersecurity Leaders through the National Cyber Security Scholar Program (NCSSP). This National Cyber Security Scholar Program is to create a pool of credible and ethical cybersecurity leaders in the country who prioritise national cyber security in their professional endeavours. This program allows both organisations to jointly issue joint certifications for Cohort 6 of the National Cyber Security Scholar Program (NCSSP). This certification is provided to cybersecurity professionals who complete one of the world’s leading cybersecurity management programs.
About the Program
The National Cybersecurity Scholar (NCSS) is a comprehensive 18-week, 160-hour Instructor-led program for emerging cybersecurity leaders. The ISAC will conduct the program with CERT-IN and KDEM as knowledge partners. This Cyber Security Scholar program aims to provide an extraordinary opportunity, for scholars, to gain hands-on experience in real-world scenarios through activities such as war games. It will allow scholars to acquaint themselves with roles such as that of stakeholders, including attackers, Security Operations Centre (SOC) teams, Forensicators, Chief Information Security Officers (CISOs), and CEOs, and engage in tabletop exercises that simulate a cyber crisis. This program would allow scholars to understand how responses to cyber crises impact the financial performance of an organisation, including, stock prices and sales. It offers a treasure trove of insights into the economic impact of cybersecurity decisions and the importance of proactive risk management.
The program invites applications from various scholars including Mid to senior-level leaders, diplomats and diplomatic corps officers, mid to senior-level government officials involved in homeland and cybersecurity operations, experienced executives from Managed Security Services Providers (MSSPs), faculty members who specialise in new and emerging technologies, cybersecurity professionals in CII sectors and post-doctoral or research scholars in cybersecurity.
CyberPeace Outlook
The National Cyber Security Scholar Program subsumes several key dimensions working towards building a resilient cybersecurity ecosystem for India.
- The program focuses on skill development and enhancing scholars’ knowledge in domains of network security, ethical hacking, cyber forensics, incident response, malware analysis, and threat intelligence.
- The partnership between CERT-In and ISAC, government and Industry entities, ensures that scholars are exposed to different policy-level frameworks and technical expertise, offering a unique blend of perspectives that cater to the country's national security goals and industry best practices.
- The scholar program encourages the development of new methodologies, tools, and frameworks that could be instrumental in tackling future cyber challenges and advancing India's position as a global leader in cybersecurity research and development. Research and innovation in cybersecurity are critical to the program.
- It plays a significant role in providing opportunities for career development by further providing networking platforms with professionals, researchers, and thought leaders in the cybersecurity field, giving them exposure to internships, job placements, and further academic pursuits.
This program aims to support upskilling India’s broader cyber defence strategy through the creation of highly skilled professionals. The scholars are expected to contribute actively to national cybersecurity efforts, whether through roles in government, private sector, or academia, helping to create a more secure and resilient cyberspace. The National Cyber Security Scholar Program is a major advancement in strengthening cybersecurity resilience in India. In a digital world where cyber threats crossing boundaries, such programs are essential for maintaining our national security and economic stability.
References
- https://theprint.in/ani-press-releases/cert-in-and-isac-collaborate-to-develop-focussed-pool-of-cybersecurity-leaders-through-the-national-cyber-security-scholar-program-ncssp/2318021/
- https://isacfoundation.org/national-cyber-security-scholar/
- https://cyberversefoundation.org/national-cyber-security-scholar/

Introduction:
With the rapid advancement in technologies, vehicles are also being transformed into moving data centre. There is an introduction of connectivity, driver assistance systems, advanced software systems, automated systems and other modern technologies are being deployed to make the experience of users more advanced and joyful. Software plays an important role in the overall functionality and convenience of the vehicle. For example, Advanced technologies like keyless entry and voice assistance, censor cameras and communication technologies are being incorporated into modern vehicles. Addressing the cyber security concerns in the vehicles the Ministry of Road Transport and Highways (MoRTH) has proposed standard Cyber Security and Management Systems (CSMS) rules for specific categories of four-wheelers, including both passenger and commercial vehicles. The goal is to protect these vehicles and their functions against cyber-attacks or vulnerabilities. This move will aim to ensure standardized cybersecurity measures in the automotive industry. These proposed standards will put forth certain responsibilities on the vehicle manufacturers to implement suitable and proportional measures to secure dedicated environments and to take steps to ensure cyber security.
The New Mandate
The new set of standards requires automobile manufacturers to install a new cybersecurity management system, which will be inclusive of protection against several cyberattacks on the vehicle’s autonomous driving functions, electronic control unit, connected functions, and infotainment systems. The proposed automotive industry standards aim to fortify vehicles against cyberattacks. These standards, expected to be notified by early next month, will apply to all M and N category vehicles. This includes passenger vehicles, goods carriers, and even tractors if they possess even a single electronic control unit. The need for enhanced cybersecurity in the automotive sector is palpable. Modern vehicles, equipped with advanced technologies, are highly prone to cyberattacks. The Ministry of Road Transport and Highways has thus taken a precautionary measure to safeguard all new-age commercial and private vehicles against cyber threats and vulnerabilities.
Cyber Security and Management Systems (CSMS)
The proposed standards by the Ministry of Road Transport and Highways (MoRTH) clarify that CSMS refers to a systematic risk-based strategy that defines organisational procedures, roles, and governance to manage and mitigate risks connected with cyber threats to vehicles, eventually safeguarding them from cyberattacks. According to the draft regulations, all manufacturers will be required to install a cyber security management system in their vehicles and provide the government with a certificate of compliance at the time of vehicle type certification.
Electrical vehicle charging system
Electric vehicle charging stations could also be susceptible and prone to cyber threats and vulnerabilities, which significantly requires to have in place standards to prevent them. It is highlighted that the Indian Computer Emergency Response Team (CERT-In), a designated authority to track and monitor cybersecurity incidents in India, had received reports of vulnerabilities in products and applications related to electric vehicle charging stations. Electric cars or vehicles becoming increasingly popular as the world shifts to green technology. EV owners may charge their cars at charging points in convenient spots. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This trail of data sharing and EV charging stations in many ways can be exploited by the bad actors. Some of the threats may include Malware, remote manipulation, and disturbing charging stations, social engineering attacks, compromised aftermarket devices etc.
Conclusion
Cyber security is necessary in view of the increased connectivity and use of software systems and other modern technologies in vehicles. As the automotive industry continues to adopt advanced technologies, it will become increasingly important that organizations take a proactive approach to ensure cybersecurity in the vehicles. A balanced approach between technology innovation and security measures will be instrumental in ensuring the cybersecurity aspect in the automotive industry. The recent proposed policy standard by the Ministry of Road Transport and Highways (MoRTH) can be seen as a commendable step to make the automotive industry cyber-resilient and safe for everyone.
References:
- https://economictimes.indiatimes.com/news/india/road-transport-ministry-proposes-uniform-cyber-security-system-for-four-wheelers/articleshow/105187952.cms
- https://www.financialexpress.com/business/express-mobility-cybersecurity-in-the-autonomous-vehicle-the-next-frontier-in-mobility-3234055/
- https://www.gktoday.in/morth-proposes-uniform-cyber-security-standards-for-four-wheelers/
- https://cybersecurity.att.com/blogs/security-essentials/the-top-8-cybersecurity-threats-facing-the-automotive-industry-heading-into-2023