What’s Your New Year's Resolution?

Anandita Mishra
Anandita Mishra
Senior Consultant CyberPeace
PUBLISHED ON
Dec 30, 2024
10

2025 is knocking firmly at our door and we have promises to make and resolutions to keep. Time you make your list for the New Year and check it twice.

  • Lifestyle targets 🡪 Check
  • Family targets 🡪 Check
  • Social targets 🡪 Check

Umm, so far so good, but what about your cybersecurity targets for the year? Hey, you look confused and concerned. Wait a minute, you do not have one, do you?

I get it. Though the digital world still puzzles, and sometimes outright scares us, we still are not in the ‘Take-Charge-Of-Your-Digital-Safety Mode. We prefer to depend on whatever software security we are using and keep our fingers crossed that the bad guys (read threat actors) do not find us.

Let me illustrate why cybersecurity should be one of your top priorities. You know that stress is a major threat to our continued good health, right? However, if your devices, social media accounts, office e-mail or network, or God forbid, bank accounts become compromised, would that not cause stress? Think about it and the probable repercussions and you will comprehend why I am harping on prioritising security.

Fret not. We will keep it brief as we well know you have 101 things to do in the next few days leading up to 01/01/2025. Just add cyber health to the list and put in motion the following:

  • Install and activate comprehensive security software on ALL internet-enabled devices you have at home. Yes, including your smartphones.
  • Set yourself a date to change and create separate unique passwords for all accounts. Or use the password manager that comes with all reputed security software to make life simpler.
  • Keep home Wi-Fi turned off at night
  • Do not set social media accounts to auto-download photos/documents
  • Activate parental controls on all the devices used by your children to monitor and mentor them. But keep them apprised.
  • Do not blindly trust anyone or anything online – this includes videos, speeches, emails, voice calls, and video calls. Be aware of fakes.
  • Be aware of the latest threats and talk about unsafe cyber practices and behaviour often at home.

Short and sweet, as promised.

We will be back, with more tips, and answers to your queries. Drop us a line anytime, and we will be happy to resolve your doubts.

Ciao!

PUBLISHED ON
Dec 30, 2024
Category
TAGS
No items found.

Related Blogs

#FactCheck – Debunking the False Claim: Alleged iPhone 15 Giveaway Scam Exposed this Holi"
#FactCheck – Debunking the False Claim: Alleged iPhone 15 Giveaway Scam Exposed this Holi"
10
March 23, 2024

Executive Summary:

Social media is buzzing with a link  that claims to offer an iPhone 15 as a gift from LuLu Hype­rmarket, presente­d as part of Holi celebrations. This article e­xamines the deceptive tactics behind this fraudulent offe­r and provides guidance on recognizing and avoiding such scams.

False Claim:

The link be­ing shared is misleading and falsely claims that LuLu Hype­rmarket is giving away free iPhone­ 15 phones. This is taking advantage of the Holi fe­stival to trick unsuspecting people. Whe­n users click on the link, they are­ redirected multiple­ times and end up on a page with LuLu Hype­rmarket's photo and some simple que­stions. Fake comments are also use­d to make the offer se­em genuine, but it is all a de­ception.

The Deceptive Scheme:

The plan uses psychological tricks by linking the offe­r to a famous brand and a popular celebration. The landing page's simplicity and phoney comments try to make users trust it and fe­el like they ne­ed to act fast, so they'll join the scam.

The Fraudulent Campaign Analysed:

The­ scammers are using psychological tactics to manipulate pe­ople. They're e­xploiting the trust people have­ in LuLu Hypermarket and the e­xcitement around the ne­w iPhone 15 during the Holi festival. The­ fake questionnaire se­rves no real purpose, but it's a way to e­ngage users and make the­ scam seem legitimate­. Testimonials claiming people have­ successfully receive­d the iPhone 15 are also fake­, designed to create­ a false sense of cre­dibility. Users are prompted to se­lect a "gift box," which adds an interactive e­lement to draw them in furthe­r. When a user sele­cts a box, they're falsely congratulate­d on winning the iPhone 15, giving them a se­nse of accomplishment. Finally, users are­ urged to share the link via WhatsApp to "claim" the­ gift, spreading the scam to more pote­ntial victims.

What do we Analyse? :

  • We analyse the deceptive tactics employed by the scam, including psychological manipulation, false engagement techniques, and fake testimonials, all aimed at convincing users of the offer's legitimacy.

Link : (https://sophisticate­ddistort[.]top/nTiwpTTTT526?llue1696559991144)

  • It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by Lulu Hypermarket So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
  • The campaign is hosted on a third party domain instead of any official Website of LuLu Hypermarket, this raised suspicion. Also the domain was registered last year.
  • The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

  • Domain Name: sophisticateddistort.top
  • Registry Domain ID: D20230629G10001G_04181852-top
  • Registrar WHOIS Server: whois.west263.com
  • Registrar URL: www.west263.com
  • Updated Date: 2023-07-01T02:55:34Z
  • Creation Date: 2023-06-29T06:05:00Z
  • Registry Expiry Date: 2024-06-29T06:05:00Z
  • Registrar: Chengdu west dimension digital
  • Registrant State/Province: Shan Xi
  • Registrant Country: CN (China)
  • Name Server: curt.ns.cloudflare.com
  • Name Server: harlee.ns.cloudflare.com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

  • Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
  • Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
  • Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
  • Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
  • For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

During the festive season, as we engage in merrymaking and online activities, we should be mindful of fraudster's exploitation strategies. Another instance is the illegitimate Lulu Hypermarket offer of the upcoming iPhone 15. With the knowledge and carefulness, we can report any suspicious actions to avoid being victims of fraud in this way. Keep in mind the fact that legitimate offers are usually issued by trustworthy sources while if, the offer looks too good to be true, then it is rather a scam.

Empowering Future Cyber Leaders: The CERT-In and ISAC Partnership for NCSSP
Empowering Future Cyber Leaders: The CERT-In and ISAC Partnership for NCSSP
Empowering Future Cyber Leaders: The CERT-In and ISAC Partnership for NCSSP
10
October 26, 2024

Introduction

The Indian Computer Emergency Response Team, CERT-In, is the national statutory agency that responds to Cybersecurity Incidents under the Ministry of Electronics and Information Technology (MeitY) of the Government of India. CERT-In and Information Sharing and Analysis Center (ISAC) have joined hands to develop a focused pool of Cybersecurity Leaders through the National Cyber Security Scholar Program (NCSSP). This National Cyber Security Scholar Program is to create a pool of credible and ethical cybersecurity leaders in the country who prioritise national cyber security in their professional endeavours. This program allows both organisations to jointly issue joint certifications for Cohort 6 of the National Cyber Security Scholar Program (NCSSP). This certification is provided to cybersecurity professionals who complete one of the world’s leading cybersecurity management programs.

About the Program

The National Cybersecurity Scholar (NCSS) is a comprehensive 18-week, 160-hour Instructor-led program for emerging cybersecurity leaders. The ISAC will conduct the program with CERT-IN and KDEM as knowledge partners. This Cyber Security Scholar program aims to provide an extraordinary opportunity, for scholars, to gain hands-on experience in real-world scenarios through activities such as war games. It will allow scholars to acquaint themselves with roles such as that of stakeholders,  including attackers, Security Operations Centre (SOC) teams, Forensicators, Chief Information Security Officers (CISOs), and CEOs, and engage in tabletop exercises that simulate a cyber crisis. This program would allow scholars to understand how responses to cyber crises impact the financial performance of an organisation, including, stock prices and sales.  It offers a treasure trove of insights into the economic impact of cybersecurity decisions and the importance of proactive risk management. 

The program invites applications from various scholars including Mid to senior-level leaders, diplomats and diplomatic corps officers, mid to senior-level government officials involved in homeland and cybersecurity operations, experienced executives from Managed Security Services Providers (MSSPs), faculty members who specialise in new and emerging technologies, cybersecurity professionals in CII sectors and post-doctoral or research scholars in cybersecurity. 

CyberPeace Outlook

The National Cyber Security Scholar Program subsumes several key dimensions working towards building a resilient cybersecurity ecosystem for India.

  1. The program focuses on skill development and enhancing scholars’ knowledge in domains of network security, ethical hacking, cyber forensics, incident response, malware analysis, and threat intelligence. 
  2. The partnership between CERT-In and ISAC, government and Industry entities, ensures that scholars are exposed to different policy-level frameworks and technical expertise, offering a unique blend of perspectives that cater to the country's national security goals and industry best practices.
  3. The scholar program encourages the development of new methodologies, tools, and frameworks that could be instrumental in tackling future cyber challenges and advancing India's position as a global leader in cybersecurity research and development. Research and innovation in cybersecurity are critical to the program.
  4. It plays a significant role in providing opportunities for career development by further providing networking platforms with professionals, researchers, and thought leaders in the cybersecurity field, giving them exposure to internships, job placements, and further academic pursuits.

This program aims to support upskilling India’s broader cyber defence strategy through the creation of highly skilled professionals. The scholars are expected to contribute actively to national cybersecurity efforts, whether through roles in government, private sector, or academia, helping to create a more secure and resilient cyberspace. The National Cyber Security Scholar Program is a major advancement in strengthening cybersecurity resilience in India. In a digital world where cyber threats crossing boundaries, such programs are essential for maintaining our national security and economic stability.

References

Cybersecurity in the Automotive Sector (Shielding Vehicles from Cyber Threats)
Cybersecurity in the Automotive Sector (Shielding Vehicles from Cyber Threats)
10
November 21, 2023

Introduction:

With the rapid advancement in technologies, vehicles are also being transformed into moving data centre. There is an introduction of connectivity, driver assistance systems, advanced software systems, automated systems and other modern technologies are being deployed to make the experience of users more advanced and joyful. Software plays an important role in the overall functionality and convenience of the vehicle. For example, Advanced technologies like keyless entry and voice assistance, censor cameras and communication technologies are being incorporated into modern vehicles. Addressing the cyber security concerns in the vehicles the Ministry of Road Transport and Highways (MoRTH) has proposed standard Cyber Security and Management Systems (CSMS) rules for specific categories of four-wheelers, including both passenger and commercial vehicles. The goal is to protect these vehicles and their functions against cyber-attacks or vulnerabilities. This move will aim to ensure standardized cybersecurity measures in the automotive industry. These proposed standards will put forth certain responsibilities on the vehicle manufacturers to implement suitable and proportional measures to secure dedicated environments and to take steps to ensure cyber security. 

The New Mandate

The new set of standards requires automobile manufacturers to install a new cybersecurity management system, which will be inclusive of protection against several cyberattacks on the vehicle’s autonomous driving functions, electronic control unit, connected functions, and infotainment systems. The proposed automotive industry standards aim to fortify vehicles against cyberattacks. These standards, expected to be notified by early next month, will apply to all M and N category vehicles. This includes passenger vehicles, goods carriers, and even tractors if they possess even a single electronic control unit. The need for enhanced cybersecurity in the automotive sector is palpable. Modern vehicles, equipped with advanced technologies, are highly prone to cyberattacks. The Ministry of Road Transport and Highways has thus taken a precautionary measure to safeguard all new-age commercial and private vehicles against cyber threats and vulnerabilities.

Cyber Security and Management Systems (CSMS)

The proposed standards by the Ministry of Road Transport and Highways (MoRTH) clarify that CSMS refers to a systematic risk-based strategy that defines organisational procedures, roles, and governance to manage and mitigate risks connected with cyber threats to vehicles, eventually safeguarding them from cyberattacks. According to the draft regulations, all manufacturers will be required to install a cyber security management system in their vehicles and provide the government with a certificate of compliance at the time of vehicle type certification.

Electrical vehicle charging system

Electric vehicle charging stations could also be susceptible and prone to cyber threats and vulnerabilities, which significantly requires to have in place standards to prevent them. It is highlighted that the Indian Computer Emergency Response Team (CERT-In), a designated authority to track and monitor cybersecurity incidents in India, had received reports of vulnerabilities in products and applications related to electric vehicle charging stations. Electric cars or vehicles becoming increasingly popular as the world shifts to green technology. EV owners may charge their cars at charging points in convenient spots. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This trail of data sharing and EV charging stations in many ways can be exploited by the bad actors. Some of the threats may include Malware, remote manipulation, and disturbing charging stations, social engineering attacks, compromised aftermarket devices etc.

Conclusion

Cyber security is necessary in view of the increased connectivity and use of software systems and other modern technologies in vehicles. As the automotive industry continues to adopt advanced technologies, it will become increasingly important that organizations take a proactive approach to ensure cybersecurity in the vehicles. A balanced approach between technology innovation and security measures will be instrumental in ensuring the cybersecurity aspect in the automotive industry. The recent proposed policy standard by the Ministry of Road Transport and Highways (MoRTH) can be seen as a commendable step to make the automotive industry cyber-resilient and safe for everyone.

References:

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
Indian schools and colleges under digital siege: Massive cyber breach crisis exposed
Over 2 lack cyberattacks, 4 lakh data breaches hit Indian educational institutions in 9 months
Lessons in Cybersecurity Required: 2 Lakh Cyberattacks Shake Indian Education Sector in Just Nine Months
2 lakh cyberattacks, 4 lakh data breaches in Indian educational sector in 9 months

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now