Cyber Crime
Top 10 Daily Cybercrime Brief by FCRF [21.08.2024]: Click here to Know More
Important global cybercrime news has been curated by Futurecrime Researchers to keep you informed about various types of digital fraud occurring worldwide and to provide insights into the best mitigation strategies. Read below to learn more in detail.
1. SEBI Introduces New Cybersecurity Guidelines for Regulated Entities
SEBI introduced a new cybersecurity framework, effective January 2025, requiring regulated entities to enhance security monitoring. A Cyber Capability Index (CCI) will assess cybersecurity maturity. Small entities will receive assistance from NSE and BSE’s Security Operation Centers (SOCs) to achieve cyber resilience.
2. Panchkula: 54-Year-Old Contractor Falls Victim to Rs 2.17 Lakh Cyber Scam
A 54-year-old contractor in Panchkula was defrauded of Rs 2.17 lakh by cybercriminals posing as cement suppliers. The contractor, working with military engineering services, was tricked into paying in advance for non-existent cement. A case was registered under relevant sections at the cyber crime police station.
3. KPMG India Partners with Zscaler to Combat Cyber Risks for Businesses
KPMG India partnered with Zscaler to offer Zero Trust cybersecurity services, aiming to protect cloud environments and enhance security operations for Indian organizations. The alliance responds to the rising need for robust cybersecurity, especially given the new challenges posed by generative AI and evolving digital threats.
4. City Artist Granted Bail in Rs 2 Crore Cyber Fraud Case
A Mumbai court granted bail to Surendra Bapu Surve, accused of Rs 1.98 crore in cyber fraud. Despite the serious charges, Surve claimed ignorance of the technology used in the fraud, while police continue investigating his role in the crime.
ALSO READ: FCRF Launches ‘Cyber Safe Uttar Pradesh’ Initiative to Combat Rising Cyber Crime
5. Hyderabad Resident Escapes Cybercrime Operation in Cambodia
Hyderabad’s Gulam Moinuddin escaped a cybercrime ring in Cambodia and returned to India. Tricked into working at a scam call center, he sought refuge at the Indian Embassy in Phnom Penh. Telangana Cyber Security Bureau has registered a case of trafficking based on his testimony.
INTERNATIONAL
6. Identifying AWS Account Breaches: Essential CloudTrail Log Indicators for Compromised API Keys
AWS CloudTrail is vital for monitoring API activity in AWS accounts to detect unauthorized access, especially via stolen API keys. Key indicators include unusual API spikes, suspicious IAM activity, anomalous data movement, and unexpected security group changes. Enforcing strict access controls and using tools like GuardDuty and AWS Config are crucial for mitigating risks.
7. Iranian Hacking Group TA453 Deploys AnvilEcho Malware Against Jewish Leader
Iranian threat group TA453, linked to IRGC, targeted a prominent Jewish figure in July 2024 with spear-phishing emails, aiming to deliver the AnvilEcho trojan via a new toolkit called BlackSmith. This reflects ongoing Iranian cyber efforts against Israeli interests.
8. U.S. Companies Sound Alarm Over ‘Unprecedented’ Cyber Regulations in Hong Kong
Proposed Hong Kong cyber regulations raise concerns among US firms over potential government access to private computer systems. Critics argue the rules could threaten confidence in the digital economy and deter tech investment, while the government claims they protect critical infrastructure without extraterritorial effects.
9. Australia: QBE Highlights Cyber Threats to the Financial Services Sector
Australian financial services face heightened cyber threats, including ransomware and supply chain attacks, amid global geopolitical tensions. Despite improvements, the sector remains a target due to its perceived vulnerability compared to Europe and North America.
ALSO READ: FutureCrime Summit: Biggest Conference on Cyber Crimes Set to Return in February 2025
10. Czech Mobile Users Face a new banking credential Scam
A novel phishing campaign targets Czech mobile users by tricking them into installing fake Progressive Web Applications (PWAs) that mimic banking apps to steal credentials. The attack bypasses traditional browser warnings, making it difficult for users to detect.