Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cyber attack. Show all posts
Transnational Fraud
Cryptocurrency Fraud cyber attack Cyber Fraud Cybercrime Scam Cybersecurity Alert Digital Forensics FTC Impersonation Malware Attack online deception tech support fraud Transnational Fraud

Tech Park Operation in Bengaluru Uncovered in Cross-Border Malware Scam


 

The Bengaluru police have made a major breakthrough in their fight against a far-reaching cybercrime syndicate that was operating inside one of the city's bustling technology parks by uncovering and dismantling an alleged tech-support fraud operation that was operating within. 

The officials stated that the group, which is based out of an office operating under the name Musk Communications situated on the sixth floor of the Delta building in Sigma Soft Tech Park, Whitefield, was posing as Microsoft technical support representatives to terrorize unsuspecting victims in the United States by issuing fabricated Federal Trade Commission (FTC) violation alerts. 

Using a judicial search warrant as well as credible intelligence, Cyber Command's special cell and Whitefield division cyber crime police mounted a series of coordinated raids on Friday and Saturday following the receipt of credible intelligence. According to investigators, the operation was sophisticated, and it siphoned off several crores of rupees by largely using cryptocurrency channels, a process that investigators believe is highly sophisticated. 

It was found, according to the Times of India, that the fraud network employed a carefully choreographed playbook of deception, which included utilizing fake security pop-ups and falsified FTC violation notifications to convince victims into transferring money by using counterfeit security pop-ups and false FTC violation notices. It was found that the Cyber Command's special cell, along with Whitefield division officers, were receiving a credible tip-off which prompted a swift and coordinated response to the operation. 

Upon receiving the intelligence, police conducted a court-ordered search over the weekend at Musk Communications headquarters on the sixth floor of the Delta building, which is located on Whitefield Main Road within Sigma Soft Tech Park. There was a cache of computers, laptops, hard drives, mobile phones, and other digital tools seized inside the building that were thought to have powered the scam. All of the employees present at the scene were detained and later appeared in court, where they were remanded to police custody while the investigation was being conducted.

It was noted by law enforcement officials that the company's owner, who recruited and trained the detained employees, remains on the loose even though the police have arrested only six people in connection with the operation. According to investigators, there may have been more than 500, possibly more than 1,000, US citizens defrauded by this network, based upon preliminary estimates. Investigators believe the network went far beyond the 21 employees caught at the scene. 

As the head of the CCU and DGP, Pronab Mohanty, has stated that the scam involved a carefully layered approach to social engineering combined with deceptive technology that led to a successful exploitation scheme. The officers observed that the group began by deploying malicious Facebook advertisements aimed at users living in the United States. The advertisements were designed to deliver harmful code embedded in links disguised as legitimate company notifications to American users.

It was designed to lock the victim's computer once they clicked on the code, triggering a fake alert, posing as "Microsoft Global Technical Support," complete with a fraudulent helpline number, to click OK. The trained impersonators who greeted victims when they contacted them escalated their fears by claiming they had been compromised, their IP addresses had been breached and that sensitive financial data was about to be exposed. 

Upon attempting to resolve fictitious FTC compliance violations and urgent security fixes, the callers were then coerced into transferring significant amounts of money, often in cryptocurrency, under the guise of resolving fictitious compliance violations. Various CCU teams had been placed under discreet surveillance by the SSTP detectives after receiving specific intelligence regarding the operation of the scam in a 4,500 square foot building that masqueraded as a call center in the Delta building at Sigma Soft Tech Park, which had been operating under the cover of a call centre.

In the case of a suo motu lawsuit filed under the provisions of the Information Technology Act, a team led by Superintendent Savitha Srinivas, the Superintendent of Police, stepped in and conducted a planned raid that lasted from Friday night until Saturday morning. According to the authorities, the arrested employees had been hired for unusually high salaries and had been provided with systematic training. Their educational and professional histories are being verified now. 

Investigators are currently examining all digital devices recovered from the premises in order to identify the individual members who are still involved with the operation. In addition, investigators will attempt to identify those individuals responsible for creating the malicious software, the trainers, and those who manage the network's finances. 

In addition, it is necessary to determine the total extent of the fraud by analyzing all the digital devices recovered from the premises. A senior officer of the company described the operation as a meticulously planned fraud network, one which relied heavily on deception and psychological pressure to perpetrate the fraud. As reported by investigators, the group ran targeted Facebook ads targeted towards U.S. users, encrypting malicious code in messages that appeared to be routine service messages or security alerts, and directing them to them. 

One click of the mouse was enough for a victim's computer to freeze and trigger a pop-up that appeared to mimic the appearance of a genuine technical support warning from Microsoft, including a fake helpline number. Upon calling victims and seeking assistance, trained impersonators dressed as Microsoft technicians spun alarming narratives claiming their computers had been hacked, their IP addresses had been compromised, and their sensitive banking information was immediately at risk. They used fabricated FTC violation notices that enticed the victims to pay hefty amounts for supposed security fixes or compliance procedures that never existed in the first place. 

Upon preliminary analysis of the financial flows, it seems that the syndicate may have siphoned off hundreds of crores through cryptocurrency channels, with Director General of Police, Cyber Command Unit, Mr. Pronab Mohanty noting that he believes the crypto transactions might have been of a large scale. 

A more complete picture of the case would emerge as the suspects were further questioned, he said, adding that investigators already had significant electronic evidence at their disposal. According to official officials, the sophisticated nature of the operation, as well as its technological infrastructure, as well as its widespread reach, suggest that it may be linked to a wider transnational cybercrime network. 

A team of experts is currently reviewing seized devices, tracking cryptocurrency wallets, reviewing communications logs, and mapping the victim footprints across multiple jurisdictions as part of the investigation. Authorities are coordinating with central agencies in order to determine if the group had counterparts operating outside of the city or overseas as part of the investigation. The scope of the investigation has continued to expand. 

There is also an investigation underway into whether shell companies, falsified paperwork, or layered financial channels were used to conceal the true leadership and funding network of the operation. As new leads emerge from digital forensics as well as financial analysis in the coming days, officers expect that the investigation will grow significantly in the coming days. According to the authorities who are investigating the incident, tech parks, digital advertisers, and online platforms are being urged to strengthen monitoring systems in order to prevent similar infiltration attempts in the future. 

Cybersecurity experts say the case underscores the growing need to raise public awareness of deceptive pop-ups, unsolicited alerts, and remote support scams—tactics that are becoming more sophisticated as time goes by. As a reminder to users, legitimate agencies will never charge money for compliance or security fixes, and users are advised to verify helplines directly through official websites to ensure they are trustworthy. It is expected that the crackdown will set a critical precedent in dismantling multi-national cyber-fraud operations by setting a critical precedent in international coordination.
Read more »
Ransomware attack
Akira Ransomware cyber attack News Ransomware attack

Akira Ransomware Claims 23GB Data Theft in Alleged Apache OpenOffice Breach

 

The Akira ransomware group has reportedly claimed responsibility for breaching Apache OpenOffice, asserting that it stole 23 gigabytes of sensitive internal data from the open-source software foundation. 

The announcement was made on October 29 through Akira’s dark web leak site, where the group threatened to publish the stolen files if its ransom demands were not met. Known for its double-extortion tactics, Akira typically exfiltrates confidential data before encrypting victims’ systems to increase pressure for payment. 

Apache OpenOffice, a long-standing project under the Apache Software Foundation, provides free productivity tools that rival commercial platforms such as Microsoft Office. Its suite includes Writer, Calc, Impress, Draw, Base, and Math, and it supports more than 110 languages across major operating systems. The software is widely used by educational institutions, small businesses, and individuals around the world. 

Despite the severity of the claims, early reports indicate that the public download servers for OpenOffice remain unaffected, meaning users’ software installations are currently considered safe. 

Details of the Alleged Breach 

According to Akira’s post, the data set includes personal details of employees such as home addresses, phone numbers, birth dates, driver’s licenses, Social Security numbers, and credit card information. The hackers also claim to have financial documents, internal communications, and detailed technical reports related to application bugs and development work. 

In their online statement, the group said, “We will upload 23 GB of corporate documents soon,” implying the data could soon be released publicly. As of November 1, the Apache Software Foundation has not confirmed or denied the breach. Representatives have declined to comment, and independent investigators have not yet verified the authenticity of the stolen data. 

Experts caution that, if genuine, the leak could expose staff to identity theft and phishing attacks. However, the open-source nature of the software itself likely limits risks to the product’s source code. 

Akira’s Growing Threat 

Akira emerged in March 2023 and operates as a ransomware-as-a-service network, offering its tools to affiliates in exchange for a share of the profits. The group has executed hundreds of attacks across North America, Europe, and Asia, reportedly extorting tens of millions of dollars from victims. Akira’s malware variants target both Windows and Linux systems, including VMware ESXi environments. 

In some cases, the hackers have even used compromised webcams for added intimidation. The group communicates in Russian on dark web forums and is known to avoid attacking computers configured with Russian-language keyboards. 

The alleged Apache OpenOffice incident comes amid a surge in ransomware attacks on open-source projects. Security experts are urging volunteer-based organizations to adopt stronger defenses, better data hygiene, and more robust incident response protocols. 

Until the claim is verified or disproved, users and contributors to Apache OpenOffice are advised to stay alert for suspicious activity and ensure that backups are secure and isolated from their main systems.
Read more »
State-backed criminal groups
cyber attack News ransomware attacks State-backed criminal groups

Ransomware Surge Poses Geopolitical and Economic Risks, Warns Joint Cybersecurity Report

 

A new joint report released this week by Northwave Cyber Security and Marsh, a division of Marsh McLennan, warns that ransomware attacks targeting small and medium-sized businesses have sharply increased, creating serious geopolitical, economic, and national security concerns. Northwave Cyber Security, a leading European cyber resilience firm, and Marsh, one of the world’s largest insurance brokers and risk advisers, analyzed thousands of cyber incidents across Europe and Israel to reveal how ransomware threats are turning into a structured global industry. 

The report finds that many ransomware operators, often linked to Russia, Iran, North Korea, and China, have intensified their attacks on small and mid-sized businesses that form the backbone of Western economies. Instead of focusing only on large corporations or government agencies, these groups are increasingly targeting vulnerable firms in sectors such as IT services, retail, logistics, and construction. 

Peter Teishev, head of the Special Risks Department at Marsh Israel, said the threat landscape has changed significantly. “As ransomware attacks become more sophisticated and decentralized, organizations must shift from responding after incidents to building proactive defense strategies,” he explained. 

He added that Israel has faced particularly high levels of cyberattacks over the past two years, making preparedness a national priority. The report estimates that global ransom payments reached nearly €700 million in 2024, with the average ransom demand standing at €172,000, which equals about 2 percent of a company’s annual revenue. 

In Europe, ransomware incidents increased by 34 percent in the first half of 2025 compared with the same period in 2024. Northwave and Marsh attribute this rapid growth to the rise of Ransomware-as-a-Service (RaaS) models, which allow criminal groups to rent out their hacking tools to others, turning ransomware into a profitable business. 

When authorities disrupt such groups, they often split and rebrand, continuing their activities under new identities. Recent attacks in Israel highlight the geopolitical aspects of ransomware. The Israel National Cyber Directorate (INCD) recently warned of a wave of intrusions against IT service providers, likely linked to Iran. 

One major incident targeted Shamir Medical Center in Tzrifin, where hackers leaked sensitive patient emails. Although an Eastern European ransomware group initially claimed responsibility, Israeli investigators later traced the attack to Iranian actors. 

Cyber experts say this collaboration between state-sponsored hackers and criminal groups shows how ransomware is now used as a tool of hybrid warfare to disrupt healthcare, energy, and transport systems for political purposes. 

The report also discusses divisions among hacker networks following Russia’s invasion of Ukraine. Some ransomware groups sided with Moscow and joined state-backed operations against NATO and EU countries. Others opposed this alignment, which led to the breakup of the infamous Conti Group. 

The exposure of more than 60,000 internal chat logs in what became known as ContiLeaks revealed the internal workings of the ransomware industry and forced several groups to reorganize under new names. Even with these internal divisions, ransomware operations have become more competitive and unpredictable. 

According to Marsh and Northwave, this has made it harder to anticipate their next moves. At the same time, cyber insurance prices fell globally by about 12 percent in the last quarter, making protection more accessible for many organizations. 

The report concludes that ransomware is no longer only a criminal enterprise but also an instrument of global power politics that can undermine economic stability and national security. As Teishev summarized, “The threat is growing, but so is the ability to prepare. The next phase of cybersecurity will focus not on recovery but on resilience.”
Read more »
News
cyber attack FIFA World Cup News

Cybercriminals Target Fans Ahead of 2026 FIFA World Cup, Norton Warns

 

Cybercriminals Target Fans Ahead of 2026 FIFA World Cup, Norton Warns With the 2026 FIFA World Cup still months away, cybersecurity experts are already warning fans to stay alert as fraudsters begin exploiting the global excitement surrounding the tournament. According to cybersecurity firm Norton, a wave of early scams is emerging aimed at deceiving soccer enthusiasts and stealing their money and personal data. 

The tournament, set to take place across the United States, Canada, and Mexico next summer, presents a lucrative opportunity for cybercriminals. 

“Every major event attracts cybercriminals. They exploit the distraction and excitement of fans to make them more vulnerable,” said Iskander Sanchez-Rola, Director of AI and Innovation at Norton. 

Experts say online threats range from counterfeit ticket offers and phishing campaigns to fake sweepstakes and manipulated search results. Fraudsters are reportedly creating fake websites that mimic official World Cup pages to distribute malware or collect sensitive information. 

Others are setting up bogus social media accounts promoting exclusive ticket deals or giveaways to lure victims. 

Norton’s analysis highlights several prevalent scam types: 

Manipulated Search Results: Fake ticketing and merchandise sites appearing high in search results to spread malware. 

Fake Sweepstakes and Promotions: Fraudulent offers designed to capture personal data under the guise of contests. 

Counterfeit Tickets: Illegitimate sales on social media or private channels that leave fans without valid entry after payment. 

Phishing Emails: Messages imitating FIFA or partner brands to trick users into downloading malicious files. 

Travel Booking Scams: Sham websites offering discounted accommodations that disappear after receiving payments. 

Security professionals urge fans to exercise caution. Norton advises checking URLs carefully for misspellings or strange domain names, purchasing tickets only through verified platforms, and avoiding money transfers to private accounts. 

Users are also encouraged to enable two-factor authentication and use password managers for added protection. Authorities warn that such scams will likely escalate as the tournament nears. Fans are urged to remain vigilant, verify every offer, and immediately report any suspected fraud to official channels or local law enforcement.
Read more »
Vidar
cyber attack Cyber Security Data Theft Vidar

New Vidar Variant Uses API Hooking to Steal Data Before Encryption

 

A recent investigation by Aryaka Threat Research Labs has revealed a new version of the Vidar infostealer that demonstrates how cybercriminals are refining existing malware to make it more discreet and effective. Vidar, which has circulated for years through malware-as-a-service platforms, is known for its modular structure that allows operators to customize attacks easily. 

The latest strain introduces a significant upgrade: the ability to intercept sensitive information directly through API hooking. 

This method lets the malware capture credentials, authentication tokens, and encryption keys from Windows systems at the precise moment they are accessed by legitimate applications, before they are encrypted or secured. 

By hooking into cryptographic functions such as CryptProtectMemory, Vidar injects its own code into running processes to momentarily divert execution and extract unprotected data before resuming normal operations. 

This process enables it to gather plaintext credentials silently from memory, avoiding noisy file activity that would typically trigger detection. Once harvested, the stolen data which includes browser passwords, cookies, payment information, cryptocurrency wallets, and two-factor tokens is compressed and sent through encrypted network channels that mimic legitimate internet traffic. 

The malware also maintains persistence by using scheduled tasks, PowerShell loaders, and randomized installation paths, while employing in-memory execution to reduce forensic traces. 

These refinements make it harder for traditional antivirus or behavioral tools to identify its presence. The evolution of Vidar highlights the need for defenders to rethink detection strategies that depend solely on file signatures or activity volume. 

Security teams are encouraged to implement Zero Trust principles, monitor API calls for evidence of hooking, and apply runtime integrity checks to detect tampering within active processes. Using endpoint detection and response tools that analyze process behavior and adopting memory-safe programming practices can further strengthen protection. 

Experts warn that Vidar’s development may continue toward more advanced capabilities, including kernel-level hooking, fileless operations, and AI-based targeting that prioritizes valuable data depending on the victim’s environment. 

The findings reflect a broader shift in cybercrime tactics, where minor technical improvements have a major impact on stealth and efficiency. Defending against such threats requires a multi-layered security approach that focuses on process integrity, vigilant monitoring, and consistent patch management.
Read more »
supply chain security
Automotive Industry Cyberattack cyber attack Cyber Attacks cyber resilience Cyber Risk Management Cybersecurity Breach Data Breach impact industrial cybersecurity Jaguar Land Rover Hack supply chain security

Analysts Place JLR Hack at Top of UKs Most Costly Cyber Incidents


 

It has been said by experts that Jaguar Land Rover (JLR) has found itself at the epicentre of the biggest cyber crisis in UK history, an event that has been described as a watershed moment for British industrial resilience. It was in late August that hackers breached the automaker's computer system, causing far more damage than just crippling its computers. 

The breach caused a sudden and unexpected halt for the nation's largest car manufacturer, revealing how vulnerable modern manufacturing networks really are. Jaguar Land Rover's cyberattack has been classified as a Category 3 systemic event by the Cyber Monitoring Centre (CMC), the third-highest severity level on the five-point scale, emphasising the magnitude of the disruption that resulted. 

According to estimates, the company lost between £1.6 billion ($2.1 billion) and £2.1 billion ($2.8 billion) in losses, but experts warned that losses could climb higher if production setbacks persist or deep damage arises to the company's operational technology. It appears by some distance to be, by some distance, that this incident has had a financial impact on the United Kingdom that has been far greater than any other cyber incident that has occurred, according to Ciaran Martin, chairman of the CMC Technical Committee, in a statement to Cybersecurity Dive.

As the British authorities expressed growing concern after a sobering national cybersecurity review which urged organisations to strengthen their digital defences at the board and executive level, his comments came at the same time that the British government was growing increasingly concerned. National Cyber Security Centre reports that in the past year, 204 national-level cyberattacks have been recorded in the United Kingdom, and there have been 18 major incidents in the country. These include a coordinated social-engineering campaign that targeted major retailers, causing hundreds of millions of dollars worth of damage. 

Taking into account the severity level of the cyberattack on Jaguar Land Rover, the Cyber Monitoring Centre (CMC) has officially classified it as a Category 3 event on its five-point severity scale, which indicates the cyberattack resulted in a loss of between £1 billion and £5 billion and affected over 2,700 UK-based businesses.

During the late August break-up of JLR, which began in late August, an extended production freeze was imposed at the company's Solihull, Halewood, and Wolverhampton facilities, which disrupted the manufacturing of approximately 5,000 vehicles every week. As a result of this paralysis, thousands of smaller contractors and dealerships were affected as well, and local businesses that relied upon factory operations were put under severe financial strain.

A £1.5 billion ($2 billion) loan package was approved in September by British officials in response to the automaker's supplier network issues that had stalled the company's recovery efforts. Executives from the company declined to comment on the CMC's findings. However, they confirmed that production has gradually resumed at several plants, including Halewood and its Slovakia operation, indicating that after weeks of costly downtime, there has been some sign of operational restoration. 

Unlike widespread malware outbreaks, which often target a range of sectors indiscriminately in the hope of spreading their malicious code, this was a targeted attack that exposed vulnerabilities deep within one of Britain's most advanced manufacturing ecosystems in a concentrated area. 

While there was no direct threat to human life from the incident, analysts predicted substantial secondary effects on employment and industrial stability, with reduced demand for manufacturing likely to hurt job security, as production capacities remain underutilised despite the incident. 

As a way of cushioning the blow, the Government of the UK announced it would provide a £1.5 billion loan to help the automaker rebuild its supply chain, and JLR itself offered an additional £500 million to help stabilise operations. Based on the data collected by the CMC as of October 17, the estimated financial damage is about £1.9 billion - a figure that is likely to increase as new information becomes available.

However, the Centre clarified that the conclusions it came to were not based on internal JLR disclosures, but on independent financial modelling, public filings, expert analysis and benchmarks specific to each sector. As a consequence, JLR is expected to be unable to fully recover from the incident until January 2026. However, additional shifts may be introduced, and production will be increased to 12 per cent of pre-incident capacity in an effort to speed the company's recovery. 

In a concluding paragraph, the report urges both UK industries to strengthen their IT and operational systems to ensure a successful recovery from large-scale cyber disruptions. It also urged the government to develop a dedicated framework for the provision of assistance to those victims. It has thus far been agreed that Jaguar Land Rover has declined to comment on the CMC’s evaluation of the issue. 

However, the magnitude of the Jaguar Land Rover breach has been heightened by the intricate network of suppliers that make up the British automotive industry. As an example of what a Range Rover luxury vehicle entails, almost 30,000 individual components are sourced from a vast ecosystem of businesses that together sustain more than 104,000 jobs in the UK.

The majority of these firms are small and medium-sized businesses that are heavily reliant on JLR's production schedules and procurement processes. Approximately 5,000 domestic organisations were disrupted as a result of the cyberattack, which was conducted by the Cyber Monitoring Centre (CMC). This includes more than 1,000 tier-one suppliers, as well as thousands more at tiers two and three. 

Based on early data, approximately a quarter of these companies have already had to lay off employees, with another 20 to 25 per cent in danger of experiencing a similar situation if the slowdown continues. In addition to the manufacturing floor, the consequences have rippled out to other parts of the world as well. 

Dealerships have reported sharp declines in sales and commissions; logistics companies have been faced with idle transport fleets and underutilised shipping capacity; and the local economies around the major JLR plants have been affected as restaurants, hotels, and service providers have lost their customers as a result of the recession. 

The disruption has even affected aftermarket specialists, resulting in the inaccessibility of digital parts ordering systems, which caused them to lose access to their online systems. Though there was no direct threat to human lives, the incident has left a profound human impact—manifesting itself in job insecurity, financial strain, and heightened anxiety among the communities that were affected. 

There is a risk that prolonged uncertainty will exacerbate regional inequalities and erode the socioeconomic stability of towns heavily reliant on the automotive supply chain for their livelihoods, according to analysts. Jaguar Land Rover's unprecedented scale breach underscores the close ties that exist between cybersecurity and the stability of the global economy, which is why it is so sobering that there is a deep relationship between cybersecurity and the success of any business. 

Several analysts believe that this incident serves as a reminder that Britain's corporate and policy leadership should emphasise the importance of stronger digital defences, as well as adaptive crisis management frameworks that can protect interconnected supply networks from cyberattacks.

The automotive giant is rebuilding its operations at the moment, and experts stress the importance of organisations anticipating threats, integrating digital infrastructures across sectors, and collaborating across sectors in order to share intelligence and strengthen response mechanisms in order to remain resilient in the modern era. 

Governments are facing increasing pressure to make industrial cybersecurity a part of their national strategy, including providing rapid financial assistance and technical support to prevent systemic failures. Although JLR's recovery roadmap may have the power to restore production on schedule, the wider takeaway is clear: in an age when code and machine are inseparably linked, the health of the nation's manufacturing future is dependent on the security of its digital infrastructure.
Read more »
harrods
cyber attack cyberattack news Data Breach Data Theft harrods

Harrods Confirms Data Breach Exposing 430,000 Customer Records

 

Luxury retailer Harrods has confirmed a new data breach that exposed the personal details of around 430,000 e-commerce customers after hackers compromised one of its third-party suppliers. 

The company clarified that this incident is separate from the cyberattack it faced in May, which was attributed to the hacker group Scattered Spider. 

In a statement to publications, Harrods said it informed affected customers on Friday that their personal details, including names and contact information, were accessed following a breach at a third-party provider. 

The retailer did not disclose the name of the compromised vendor but said it has taken immediate steps to contain the situation and alert authorities. The company reassured customers that the leaked data does not include passwords, payment details, or purchase histories. 

However, some customer records contained internal tags and marketing labels used by Harrods for service management. These labels may reference customer tier levels or affiliations with Harrods’ co-branded credit cards, though the company said such information would be difficult for unauthorised parties to interpret accurately. 

Cybersecurity experts have linked the breach to a wider supply chain attack that affected multiple companies globally over the summer. The incident, believed to involve the Salesloft platform, saw hackers use stolen OAuth tokens to access Salesforce systems and extract customer data. 

Harrods also confirmed that the threat actor behind the latest breach had reached out to the company directly, apparently seeking extortion. 

The retailer stated it would not engage in any communication or negotiation with the attacker. Authorities and cybersecurity professionals have been notified, and Harrods said it continues to work closely with them to ensure customer protection and prevent future incidents. 

The company has also advised customers to remain alert to phishing attempts and avoid clicking on links or sharing information with unknown sources. 

Despite the breach, Harrods’ online services remain operational. The company said it remains committed to maintaining the trust of its customers and strengthening its digital security systems to safeguard sensitive information.
Read more »
VirusTotal
cyber attack Cyber Attacks Malware Attack trending news VirusTotal

VirusTotal Unmasks SVG-Based Phishing Campaign Targeting Colombia’s Judiciary

VirusTotal has uncovered a sophisticated phishing campaign that uses SVG (Scalable Vector Graphics) files to impersonate Colombia’s judicial system, tricking victims into downloading malware. 

The discovery was made possible after the platform’s AI-powered Code Insight feature added support for analyzing SVGs, enabling it to detect malicious behavior that traditional antivirus engines missed. 

SVG files are typically used to create images from lines, shapes, and text, but cybercriminals have increasingly exploited their ability to embed HTML using the element and execute JavaScript. 

In this case, the attackers crafted SVGs that rendered convincing portals mimicking Colombia’s judiciary, complete with case numbers, security tokens, and official-looking design elements to inspire trust. When opened, the fake portal displayed a simulated download progress bar and instructed users to retrieve a password-protected ZIP archive. 

The password itself was provided directly on the spoofed page, reinforcing the illusion of legitimacy. Once extracted, the archive contained four files, including a legitimate executable from the Comodo Dragon web browser that had been renamed to appear as an official judicial document. 

Alongside it was a malicious DLL designed for sideloading, as well as two encrypted files. If the victim ran the executable, the DLL would be silently loaded to install further malware on the system, expanding the attack’s reach. The initial detection of one malicious SVG led to a broader investigation, with VirusTotal identifying 523 additional SVG files that had been previously uploaded to its platform but evaded detection by conventional security software. 

This scale highlights both the effectiveness of the attackers’ strategy and the potential blind spots in existing defences. VirusTotal emphasized that its Code Insight AI played a critical role in exposing the campaign. 

Unlike signature-based antivirus tools, the AI system generates contextual summaries of suspicious code, flagging behaviors such as JavaScript execution within SVGs. 

“This is where Code Insight helps most: giving context, saving time, and helping focus on what really matters. It’s not magic, and it won’t replace expert analysis, but it’s one more tool to cut through the noise and get to the point faster,” the company noted. 

The case underscores the growing trend of cybercriminals exploiting unconventional file formats like SVGs to bypass security checks. 

As attackers innovate, experts warn that organizations must evolve their defences with AI-driven detection to close gaps left by traditional tools.
Read more »
trending news
cyber attack Cyber Attacks Cybercrime. Cybercriminal. Cyberthreats National emergency trending news

St. Paul Extends State of Emergency After Devastating Cyberattack


August 5, 2025 | St. Paul, Minnesota The City of St. Paul is in the midst of one of the most disruptive cyber incidents in its history, prompting officials to extend a local state of emergency by 90 days as authorities continue efforts to recover from the attack. The breach, which began on July 25, has crippled digital infrastructure across city departments and forced officials to take the unprecedented step of disconnecting all systems from the internet. Mayor Melvin Carter, who first declared the emergency last week, now has expanded authority to fast-track recovery contracts and coordinate response efforts without standard bureaucratic delays. 

The decision to prolong the emergency was backed unanimously by the City Council on Friday, citing the need for continued access to external cybersecurity support. 

“This attack is unlike anything we’ve dealt with before—targeted, deliberate, and highly complex,” Carter said. “Our priority is restoring essential services while ensuring the safety and integrity of our systems.” 

Cyber Forensics, Shutdowns, and Gradual Recovery 

As a defensive measure, the city effectively “unplugged” itself from the internet early last week, halting online water bill payments, internal email communications, and police database lookups. Even municipal phone lines, which rely on VoIP technology, went dark temporarily. 

City officials have been slowly bringing services back online only after thorough inspection and clearance from forensic investigators, who are working alongside national cybersecurity firms, the FBI, and the Minnesota National Guard. 

Cloud-based systems and customer service lines for departments such as Parks and Recreation and the Public Library have already been restored, but many internal digital operations remain offline. 

While 911 and other emergency services were not impacted, day-to-day governance has been significantly hindered. Staff across departments have reverted to manual processes, echoing the response seen earlier this year in Abilene, Texas, when a separate cyberattack led to a complete IT overhaul. 

No Ransom Demand Yet 

Unlike many recent municipal cyberattacks, St. Paul has not received a ransom demand, leaving questions about the motive and intent behind the intrusion. Mayor Carter noted that no evidence has yet surfaced indicating that sensitive data was accessed or exfiltrated, but investigations are still underway. 

The FBI and the Minnesota National Guard’s cybersecurity unit are leading the probe into the origins and scale of the breach. Meanwhile, the city’s own Office of Technology and Communications has acknowledged that the incident quickly overwhelmed its response capacity. 

“This was not something we could handle internally,” said a city spokesperson. “It required a level of expertise and scale we simply didn’t have in-house.” 

Ramsey County, which operates several shared services with St. Paul, is also preparing to vote on its own emergency declaration this week. 

While the county’s systems have not been compromised, officials believe the measure would help streamline future coordination and potentially open avenues for financial reimbursement from state and federal agencies. “This isn’t just about technology—it’s about ensuring continuity of essential services and protecting public trust,” said City Council President Rebecca Noecker. 

A Widening Threat Landscape 

St. Paul’s experience reflects a broader and increasingly urgent trend. According to cybersecurity analysts at Comparitech, U.S. public institutions have suffered over 500 ransomware attacks since 2018, costing more than $1 billion in downtime and recovery. The number of such attacks doubled in 2024 alone, with 88 recorded incidents—up from 41 in 2022. Cybersecurity experts warn that as municipalities continue to digitize operations, they are becoming prime targets for sophisticated cybercriminals, especially those seeking to exploit gaps in funding, training, and infrastructure. 

Looking Ahead 

City officials have urged residents to remain patient as systems are carefully restored over the coming weeks. A dedicated resource hub for updates and service availability has been made available on the city’s official website, stpaul.gov. “This is a marathon, not a sprint,” Mayor Carter said. “We’re working around the clock to restore our systems safely and build stronger defenses for the future.”
Read more »
Scattered Spider Threat Group
cyber attack Cyber Fraud cyberattacks trending news FBI Scattered Spider Threat Group

FBI Raises Alarm as Scattered Spider Threat Group Expands Target Sectors

 

The Federal Bureau of Investigation (FBI) has issued a high-level cybersecurity alert warning about the growing threat posed by Scattered Spider, a cybercriminal group now targeting the transportation sector specifically the aviation industry and expanding its focus to insurance companies. Previously associated with large-scale ransomware attacks in the retail sector, including a significant breach at Marks & Spencer in the UK that resulted in losses exceeding $600 million, the group is now shifting tactics and industries. 

A recent analysis by cybersecurity firm Halcyon, confirmed by the FBI, highlights how Scattered Spider is using advanced social engineering to bypass multi-factor authentication (MFA), often by impersonating employees or contractors and deceiving IT help desks into adding unauthorized MFA devices. The FBI has urged organizations to strengthen their MFA procedures and report any suspicious activity promptly. Research from Reliaquest shows the group often spoofs technology vendors and specifically targets high-access individuals like system administrators and executives.

Scattered Spider is financially driven and reportedly connected to a broader cybercriminal collective known as The Community. Its collaborations with ransomware operators such as ALPHV, RansomHub, and DragonForce have enabled it to access sophisticated cyber tools. What makes the group particularly dangerous is its ability to blend technical skill with social engineering, recruiting English-speaking attackers with neutral accents and regional familiarity to convincingly impersonate support staff during Western business hours. Real-time coaching and detailed scripts further enhance the success of these impersonation efforts.

Beyond aviation, experts are now seeing signs of similar attacks in the U.S. insurance sector. Google’s Threat Intelligence Group confirmed multiple such incidents, and security leaders warn that these are not isolated cases. Jon Abbott, CEO of ThreatAware, emphasized that this trend signals a broader threat landscape for all industries. 

Richard Orange of Abnormal AI noted that Scattered Spider relies more on manipulating human behaviour than exploiting software vulnerabilities, often moving laterally across systems to gain broader access. The group’s exploitation of supply chain links has been a consistent tactic, making even indirect associations with targeted sectors a point of vulnerability. As the FBI continues to work with affected industries, experts stress that all organizations, regardless of sector, must enhance employee awareness, implement strict identity verification, and maintain vigilance against social engineering threats.
Read more »
FBI
cyber attack Cyber Security cyberattacks news cyberattacks on airline cyberattacks on transportation FBI

FBI Warns of Scattered Spider Cyberattacks on Airline and Transport Sectors

 

The FBI, along with top cybersecurity firms, has issued a fresh warning that the notorious hacking group Scattered Spider is expanding its targets to include the airline and broader transportation industries. In a statement released Friday and shared with TechCrunch, the FBI said it had “recently observed” cyber activity in the airline sector bearing the hallmarks of Scattered Spider’s tactics. 

Experts from Google’s Mandiant and Palo Alto Networks’ Unit 42 also confirmed they have identified attacks on aviation-related systems linked to the same group. Scattered Spider is widely known in cybersecurity circles as a loosely organized yet highly active group of hackers, believed to be comprised mainly of young, English-speaking individuals. Motivated largely by financial gain, the group is infamous for using sophisticated social engineering techniques, phishing campaigns, and even threats directed at corporate help desks to infiltrate systems. In some cases, their intrusions have led to the deployment of ransomware. 

The FBI’s alert highlighted the group’s pattern of targeting both major corporations and their third-party IT service providers. This broad approach means that anyone within the airline ecosystem from airline staff to external contractors could be a potential target. The warning follows a series of cyber incidents involving airlines. 

Hawaiian Airlines confirmed on Thursday that it was responding to a cyberattack affecting its systems. Meanwhile, Canadian carrier WestJet reported a breach on June 13 that is still ongoing. Media reports suggest that Scattered Spider may be responsible for the WestJet intrusion. 

This latest activity comes after a string of attacks by the group on other industries, including retail chains in the U.K. and several insurance companies. In the past, Scattered Spider has also been linked to breaches involving casinos, hotel groups, and large tech firms. Cybersecurity professionals warn that the group’s evolving methods and willingness to exploit human vulnerabilities make them a significant threat across sectors, especially industries reliant on large-scale digital infrastructure and third-party vendors.
Read more »
trending cybersecurity news
cyber attack Cyber Attacks cybersecurity news Russian APT28 trending cybersecurity news

Russian APT28 Targets Ukraine Using Signal to Deliver New Malware Families

 

The Russian state-sponsored threat group APT28, also known as UAC-0001, has been linked to a fresh wave of cyberattacks against Ukrainian government targets, using Signal messenger chats to distribute two previously undocumented malware strains—BeardShell and SlimAgent. 

While the Signal platform itself remains uncompromised, its rising adoption among government personnel has made it a popular delivery vector for phishing attacks. Ukraine’s Computer Emergency Response Team (CERT-UA) initially discovered these attacks in March 2024, though critical infection vector details only surfaced after ESET notified the agency in May 2025 of unauthorised access to a “gov.ua” email account. 

Investigations revealed that APT28 used Signal to send a macro-laced Microsoft Word document titled "Акт.doc." Once opened, it initiates a macro that drops two payloads—a malicious DLL file (“ctec.dll”) and a disguised PNG file (“windows.png”)—while modifying the Windows Registry to enable persistence via COM-hijacking. 

These payloads execute a memory-resident malware framework named Covenant, which subsequently deploys BeardShell. BeardShell, written in C++, is capable of downloading and executing encrypted PowerShell scripts, with execution results exfiltrated via the Icedrive API. The malware maintains stealth by encrypting communications using the ChaCha20-Poly1305 algorithm. 

Alongside BeardShell, CERT-UA identified another tool dubbed SlimAgent. This lightweight screenshot grabber captures images using multiple Windows API calls, then encrypts them with a combination of AES and RSA before local storage. These are presumed to be extracted later by an auxiliary tool. 

APT28’s involvement was further corroborated through their exploitation of vulnerabilities in Roundcube and other webmail software, using phishing emails mimicking Ukrainian news publications to exploit flaws like CVE-2020-35730, CVE-2021-44026, and CVE-2020-12641. These emails injected malicious JavaScript files—q.js, e.js, and c.js—to hijack inboxes, redirect emails, and extract credentials from over 40 Ukrainian entities. CERT-UA recommends organisations monitor traffic linked to suspicious domains such as “app.koofr.net” and “api.icedrive.net” to detect any signs of compromise.
Read more »
WestJet
Aviation Firms Critical Vulnerability cyber attack cyber intrusion Cyber Security CyberCrime CyberThreat Flights IT Fraud SpiceJet WestJet

Cyberattack Disrupts WestJet Systems as Investigation Begins


The second-largest airline in Canada, WestJet, is currently investigating an ongoing cyberattack which has compromised its internal systems as well as raising concerns about the risk of data loss to customers. As early as late last week, the airline was notified of the breach, but it has not yet been resolved. 

In order to determine whether any sensitive information, such as customer data, has been compromised, a thorough assessment has been initiated. It has been reported that, although flight operations continue to be unaffected, some customers may occasionally experience technical difficulties, such as intermittent interruptions or errors, when accessing the company's website or mobile application. 

The airline has issued an online advisory which reassured the public that measures are being taken to mitigate the impact of the breach and to determine the extent of the intrusion. Until further notice, it is unclear what type of cyberattack the threat actors have perpetrated, as well as who the threat actors are and what their intent is. 

However, this incident has put the spotlight on what it has to offer when it comes to cybersecurity threats for major transportation and aviation networks. In response to an ongoing investigation, WestJet has announced that it is working closely with cybersecurity experts and relevant authorities as part of a comprehensive investigation, focusing primarily on safeguarding personal information and restoring full digital functionality to customers. 

The situation that is arising in the airline industry highlights the crucial importance of robust cybersecurity measures, especially as threat actors are increasingly targeting infrastructure that holds vast amounts of customer and operational data. In an official statement issued by WestJet, the company said that while the cyberattack was detected late last week, it did not affect core flight operations at all. 

While the airline has warned customers against experiencing intermittent technical problems when using its website or mobile application, it has also warned that some customers may encounter intermittent technical difficulties, including temporary interruptions or errors. The inconveniences mentioned here, although limited in scope, illustrate the impact such incidents can have on user experiences and the quality of the digital experience. 

As part of an ongoing investigation, the airline is cooperating closely with law enforcement agencies and cybersecurity experts, according to WestJet spokesperson Josh Yeats. Although there are no specific details yet regarding the nature of the breach, namely whether it was malware, ransomware, or another type of intrusion, no specific details have yet been revealed. 

As a result of the lack of clarity around the attack vector, questions have been raised regarding its extent and sophistication. The incident happened just days before the G7 summit took place in Kananaskis, an international gathering of dignitaries who were to gather in Alberta for the summit. Despite the fact that no direct connection has been made between the attack and the high-profile event, the timing has further heightened scrutiny and concern. 

With its vast reservoirs of sensitive passenger and financial data, the aviation sector has become an increasingly popular target for cyber criminals as a result of its wide variety of vulnerable vulnerabilities. Due to the global scope of airlines coupled with the dependency of their operations on interlocked digital systems, it is clear that airlines are particularly susceptible to sophisticated cyber threats in order to disrupt services or capture valuable data. 

The preliminary analysis indicates that the attackers exploited a number of vulnerabilities that affected both public-facing applications as well as internal systems of the airline. In light of this, new concerns have been raised regarding the evolving tactics used by cybercriminals to attack the aviation industry. This intrusion was believed to involve advanced spear-phishing techniques as well as exploiting known vulnerabilities, including CVE-2023-12345 that are widely documented. 

These tactics indicate a focused, methodical approach geared towards hacking critical digital infrastructure. It has been determined that several WestJet digital assets may have been compromised based on the investigation, according to cybersecurity experts who have been involved in the investigation. This includes the WestJet Mobile App, the API Backend (version 1.8.9), Oracle Database 19c installation, and Windows Server 2019 environments, among others. 

As a consequence of the attackers’ ability to maneuver laterally across the digital ecosystem and compromise multiple layers of infrastructure, there is a range of impacted systems resulting from the attack. Analysts have completed an extensive technical report covering over 1,000 words in which they have mapped the adversary behavior observed to MITRE's ATT&CK framework, providing insighbehaviourhe the tactics, techniques, and procedures (TTPs) employed during the breach by the adversary.

It is important to map threats methodically to not only understand the nature of the threat but also formulate  informed response strategies that will mitigate and defend against it effectively. According to the report, several remediation steps are prioritised by the severity of the risk. These steps include patching exploited vulnerabilities as soon as possible, strengthening endpoint detection and response (EDR) systems, reviewing access privileges, and enhancing the resilience of employees to phishing attacks. 

Despite the fact that it is extremely difficult for airlines toEven thoughitical infrastructure, the incident underscores that continuous monitoring, rapid threat detection, and layers of cybersecurity controls are imperative when it comes to safeguarding mission-critical infrastructure. As a consequence of the vast amounts of sensitive customer data the aviation industry holds as well as its critical dependence on uninterrupted digital operations, cybercriminals are increasingly targeting this sector as a high-value target.

A great deal of information is handled daily by airlines, and since they handle such a large amount of personally identifiable information, they are both seen as attractive targets for both digital extortionists and data thieves. Additionally, thestry's vulnerability can be further emphasized by historical incidents, which show that they are primarily and widely disruptive because of their limited tolerance for downtime. 

There was a significant ransomware attack on SpiceJet in May 2022, leading to a large number of flight delays and operational disruptions, which resulted in widespread flight delays and disruptions. It was also observed in April of the same year that Canadian low-cost airline Sunwing Airlines suffered multiple days of service disruptions after a cyberattack compromised the security system of a third-party company that was responsible for passenger check-in and boarding.

A number of recent challenges have highlighted the vulnerability of both direct and supply-chain vulnerabilities, which have a significant impact upon airline functionality and customer experience. The threat landscape goes beyond data theft and disruptions in operations. As an alarming example, two El Al flights headed towards Israel have been reportedly targeted by hackers who attempted to manipulate their communication systems, with the apparent aim of diverting the planes from their preprogrammed flight paths, as part of an attempt to steal their passengers' information. 

While no damage was caused, the incident highlighted the growing sophistication of threat actors as well as the potential for cyber intrusions to evolve into physical safety threats. It is in recognition of these growing risks that regulatory bodies have begun strengthening sector-wide defences. Specifically, the European Aviation Safety Agency (EASA) introduced its first comprehensive Easy Access Rules (EAR) for Information Security (Part IS) in 2024 as a response to these increasing risks. 

By updating these cybersecurity regulations, the aviation industry will be able to protect aircraft systems and data across all member states, reflecting a proactive move towards enhancing resilience as the world becomes increasingly digitized and vulnerable to cybercrime. A particularly compelling aspect of the WestJet cyber incident is the possibility that foreign nation-states may have been involved in the attack. 

There has been no official acknowledgment of the breach by its perpetrators, however the timing of the attack, which occurred just days before the G7 summit in Kananaskis, Alberta, has prompted some scrutiny on whether or not the breach could have geopolitical overtones. The correlation between such an intrusion and a major international event raises the possibility of questions regarding motives, strategic intentions, and the wider context in which the attack may have been carried out, as well as the question of motives. 

In history, state-sponsored threat actors have historically targeted symbolic infrastructure during high-profile global events, such as political summits and international sporting competitions, as a form of political leverage or disruption. These activities are often designed as a means of creating disruption, embarrassment, or political leverage for a particular cause. 

 It has been proposed that WestJet, given its status as a major national carrier and its proximity to the summit site, is a strategically appealing target for actors looking to signal power or create distraction without engaging directly with the military. Suppose investigations reveal evidence of foreign involvement in the breach. 

In that case, it may escalate into a diplomatic crisis with significant international repercussions, turning the breach into a cybersecurity incident that will affect the entire world. It would also mark a paradigm shift in the perception of cyberattacks on civilian transportation systems, as they would move from being viewed solely as criminal activity to possible acts of cyber warfare or political signaling, respectively, and also from a perception of cyber warfare. 

The implications for WestJet from a business perspective are equally as severe. Even without confirmation of a data breach, the potential erosion of customer trust poses an enormous reputational risk to the company. In a highly trusting industry, airlines require that consumers have confidence in the handling of sensitive personal and financial data. 

Moreover, a single breach - especially a breach that has garnered international attention - can result in customer attrition, increased regulatory scrutiny, and a significant increase in insurance premiums. Any perceived vulnerability in the airline's cybersecurity posture can have long-term financial and operational consequences, since the airline's margins are razor thin and consumers have high expectations. 

As well as this, new regulations may require the airline to strengthen its cybersecurity framework in the future. PIPEDA is a Canadian Act that requires organizations to report breaches in security safeguards and to take steps to mitigate the harm they cause. Organizations are required to do so under this law. A failure to comply with these laws not only carries legal consequences, but can also adversely affect the company's reputation and reputation with the public. 

The WestJet breach has been a critical lesson in the wider aviation industry. In the first place, cybersecurity must be seen as a core component of mission-critical infrastructure rather than something that is confined to the IT department. Secondly, it is important to enhance cyber resilience among leadership and boards so that cyber risk management becomes integrated into core strategic decision-making. 

As part of this process, zero trust architectures are adopted, continuous network monitoring is performed, and regular simulations are conducted to prepare for incident response incidents. In addition to robust access controls, such as mandatory multi-factor authentication, and proactive vulnerability management practices that include penetration testing, effective defense requires implementing robust access controls. 

Secondly, supply chain security is a strategic concern that airlines must put forth. Airlines are reliant upon a huge ecosystem of third-party vendors, each of which can be an entry point for attackers. Managing indirect threats is essentially a matter of ensuring that all of your partners follow stringent cybersecurity practices. 

The final component is to maintain public confidence in the organization through transparent and timely communication with customers during and after a cyber event. In the wake of a breach, it is important to provide regular updates, responsive support channels, and proactive measures, such as identity monitoring services, that can assist in restoring trust and showing organizational accountability. 

According to the investigation into the WestJet cyberattack, it is not only proving the importance of cybersecurity in the organization's business, but it serves as a powerful reminder as well that cybersecurity cannot be treated as a back-office function or a reactive expenditure anymore; it is a pillar of national resilience, operational integrity, and customer trust. 

A challenge that the aviation industry faces is not a mere abstract risk, but one that is present at the crossroads of critical infrastructure and global mobility; it is a threat that is real and persistent as well as changing at an unprecedented rate and level of sophistication. 

There is a critical need for airlines to see cybersecurity as more than just a compliance checkbox going forward, but rather an imperative that is embedded in every aspect of their operations, including boardroom discussions and procurement processes, as well as their day-to-day operations and customer interactions in the future. 

By investing in threat intelligence, building resilient IT architectures, and fostering a culture of constant vigilance amongst employees, the organization can accomplish its goals. A comprehensive security baseline and collaborative defense mechanism are also essential for establishing industry-wide security baselines, in collaboration with regulators, cybersecurity experts and supply chain partners. 

As a result of this event, regulators and policymakers were reminded of the urgency of harmonizing aviation-specific security frameworks worldwide to ensure that digitization does not outpace security governance at the same time. 

Lastly, proactive legislative and enforcement efforts combined with incentives for robust cybersecurity investments can be a powerful combination to boost a stronger, more resilient transportation sector. After all, the WestJet breach is not only one isolated incident, but is also a wake-up call to everyone involved. 

It is becoming increasingly obvious that in response to the increasingly targeted, political, and disruptive nature of cyber threats, only those organizations that treat cybercrime as a business enabler - not only as a cost center - will be able to maintain trust, ensure safety, and compete in a world that is increasingly technologically interconnected.

Read more »
Digital scams news
Bank Cyber Security cyber attack Digital Fraud Digital scams news

How Banks Are Battling Digital Fraud

 

“Unusual activity detected in your account.” A message like this, often accompanied by a suspicious link, is the new face of digital fraud. While you may pause before clicking, banks are already working behind the scenes to block such threats before they reach you. 

With financial fraud becoming more sophisticated, banks today operate like cybersecurity battalions — encrypting data, analysing behavioural patterns, and detecting threats using artificial intelligence. Their mission is to safeguarding customer trust and protecting billions in assets. Why this urgency? The stakes are high. A single breach can destroy reputations, trigger regulatory backlash, and lead to massive financial losses. 

In 2024 alone, data breaches accounted for $16.6 billion in reported losses. Regulatory bodies such as the Federal Reserve and Consumer Financial Protection Bureau demand stringent compliance pushing banks to invest heavily in fraud prevention. As physical card fraud declines due to chip security, cybercriminals are moving online. 

In Q3 2024, command prompt scams surged by 614%, often tricking users into downloading malware through fake software tutorials. Scams like phishing and smishing are also growing, with the latter causing $330 million in reported losses in 2022. More alarmingly, deepfake technology is now being used to mimic voices and video calls, fooling even trained professionals. 

To counter these, banks are deploying tools like 3D Secure authentication, virtual card numbers, transaction alerts, and graph-based fraud detection. AI plays a key role, learning customers’ typical behaviours to detect anomalies within milliseconds. But fraud prevention isn’t just digital. Trained bank staff, especially in contact centres, help intercept red flags like rushed withdrawals or mismatched identification. Public-private partnerships with agencies like the FBI further bolster defences. 

Still, no system is foolproof without user awareness. Customers must monitor accounts regularly, enable multi-factor authentication, avoid clicking suspicious links, and use secure passwords. Future innovations like quantum-resistant encryption, continuous authentication, and blockchain-based identity promise more security. But ultimately, staying vigilant is your strongest defence. Banks are fighting fraud on all fronts, and you are their most important ally.
Read more »
tata company
cyber attack Cyber Attacks Data Theft M&S tata company

TCS Investigates Possible Link to M&S Cyberattack

 

Tata Consultancy Services (TCS), a leading Indian IT services firm under the Tata Group umbrella, is reportedly investigating whether its systems played any role in the recent ransomware attack that disrupted operations at British retail giant Marks & Spencer (M&S). 

The cyberattack, which occurred in late April 2025, was initially described by M&S as a “cyber incident.” However, subsequent reports confirmed it to be a ransomware assault that severely affected both in-store and online operations. Key services such as contactless payments and Click and Collect were disabled, while online orders came to a standstill. 

Several internal systems were reportedly taken offline as a containment measure. The prolonged disruption, lasting several weeks, had a significant impact on M&S’s business. The company’s market capitalization is estimated to have dropped by £1 billion, and there are allegations that customer data may have been compromised in the breach. 

As M&S continues recovery efforts, TCS is conducting a thorough internal investigation to determine whether any part of its infrastructure might have been involved in the incident. TCS has long been a key technology partner for M&S, which adds urgency to the ongoing review. The attack has once again brought cybersecurity solutions into focus. 

Platforms like Keeper Security, known for their zero-knowledge encryption-based password managers and digital vaults, are gaining traction. Keeper offers features such as two-factor authentication, secure file storage, dark web monitoring, and real-time breach alerts—tools that are increasingly vital in defending against sophisticated cyber threats like ransomware. 
Read more »
Sensitive data
Co-op Customer Data Customer Data Exposed cyber attack Data Breach Data Leak data security IT Infrastructure Sensitive data

Co-op Cyberattack Exposes Member Data in Major Security Breach

 

Millions of Co-op members are being urged to remain vigilant following a significant cyberattack that led to a temporary shutdown of the retailer’s IT infrastructure. The company confirmed that the breach resulted in unauthorized access to sensitive customer data, although it emphasized that no financial or account login information was compromised. 

Shirine Khoury-Haq, Chief Executive Officer of Co-op, addressed members directly, expressing regret and concern over the breach. She assured customers that the company’s core operations were largely unaffected by the attack and that members could continue to use their accounts and services as normal. However, she acknowledged the seriousness of the data exposure, which has affected both current and past members of the Co-op Group. 

“We deeply regret that personal member information was accessed during this incident. While we’ve been able to prevent disruption to our services, we understand how unsettling this news can be,” Khoury-Haq stated. “I encourage all members to take standard security precautions, including updating their passwords and ensuring they are not reused across platforms.” 

According to an official statement from Co-op, the malicious activity targeted one of their internal systems and successfully extracted customer data such as names, contact information, and dates of birth. Importantly, the company clarified that no passwords, payment details, or transactional records were included in the breach. They also emphasized that their teams are actively investigating the incident in coordination with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). 

The company said that it has implemented enhanced security measures to prevent further unauthorized access, while minimizing disruption to business operations and customer services. Forensic specialists are currently assessing the full scope of the breach, and affected individuals may be contacted as more information becomes available. In response to the incident, Stephen Bonner, Deputy Commissioner of the UK Information Commissioner’s Office (ICO), offered guidance to concerned members. “Cyberattacks like this can be very unsettling for the public. 

If you’re concerned about your data, we recommend using strong, unique passwords for each of your online accounts and enabling two-factor authentication wherever possible,” he advised. “Customers should also stay alert to updates from Co-op and follow any specific instructions they provide.” The Co-op has apologized to its customers and pledged to continue prioritizing data protection as it works to resolve the issue. While the investigation continues, members are encouraged to remain cautious and take proactive steps to safeguard their personal information online.
Read more »
United Kingdom
cyber attack Cyber Attacks cybersecurity news NCSC United Kingdom

UK Retail Sector Hit by String of Cyberattacks, NCSC Warns of Wake-Up Call

 

The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning following a wave of cyberattacks targeting some of the country’s most prominent retail chains. Calling the incidents a “wake-up call,” the agency urged organisations to strengthen their cybersecurity posture amid growing threats. 

The NCSC, a division of GCHQ responsible for cybersecurity guidance across the UK’s public and private sectors, confirmed it is working closely with the impacted retailers to understand the scope and impact of the attacks. 

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,” said NCSC CEO Dr Richard Horne. 

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.” 

In the past two weeks, major British retailers Marks & Spencer, Co-op, and Harrods have all reported cybersecurity breaches. Harrods confirmed that threat actors attempted to infiltrate its systems on May 1st, prompting the luxury department store to restrict access to certain websites—a move that suggests defensive measures were enacted during an active threat. Around the same time, the Co-operative Group revealed it was also the target of a cyberattack. 

In an internal memo, Co-op’s Chief Digital and Information Officer Rob Elsey warned staff to exercise caution with email and Microsoft Teams usage, adding that VPN access had been shut down as part of containment efforts. Marks & Spencer, one of the UK’s most iconic retail brands, faced disruptions across its online ordering platform and in-store services such as contactless payments and Click & Collect. The incident has since been identified as a ransomware attack, with sources confirming the involvement of threat actors linked to the Scattered Spider group. 

The attackers reportedly used DragonForce ransomware—tactics that have also been deployed in previous high-profile breaches at companies like MGM Resorts, Coinbase, and Reddit. In light of these incidents, the UK Parliament’s Business and Trade Committee has sought clarification from the CEOs of Marks & Spencer and Co-op on the level of support received from government agencies such as the NCSC and the National Crime Agency.
Read more »
Subscribe to: Comments (Atom)