Latest news with #CERT-In
Entrepreneur
7 days ago
- Business
- Entrepreneur
Espionage Emerges as Top Cyber Threat in 2025: Industry Leaders Weigh In
In 2025, government bodies accounted for 42% of all nation-state attack targets, up from 39% in 2023 Opinions expressed by Entrepreneur contributors are their own. You're reading Entrepreneur India, an international franchise of Entrepreneur Media. In an alarming trend, espionage has become the most dominant form of cyberattack globally in 2025, accounting for 86 per cent of all nation-state cyberattacks, according to Wipro's State of Cybersecurity Report 2025. This marks a steady rise from 82 per cent in 2023, signalling how cyber operations are becoming an increasingly strategic tool of statecraft. The report highlights a disturbing shift in the global cyber threat landscape, with government entities being the most targeted, followed by the private sector and civil society. In 2025, government bodies accounted for 42 per cent of all nation-state attack targets, up from 39 per cent in 2023 and 30 per cent in 2021. The private sector also remained vulnerable, holding steady at 32 per cent of attacks since 2023. Civil society accounted for 18 per cent, and military institutions 8 per cent. "This overwhelming focus on espionage shows that nation-state actors are playing the long game—embedding themselves within networks to quietly extract strategic information," said Rahil Patel, Chief Growth Officer at QNu Labs. "The future lies in prevention at the protocol level, not just monitoring at the perimeter. We need to move from resilience after breach to immunity before breach." Also, China, Russia, Iran, and North Korea have emerged as the key aggressor states behind these sophisticated cyber intrusions. India's growing exposure and preparedness gap India remains a top target, with critical infrastructure such as finance, energy, healthcare, and government services repeatedly coming under attack. According to CERT-In, over 1.3 million cybersecurity incidents were reported in 2022 alone. Srinivas Shekar, Founder and CEO of Pantherun Technologies, remarked, "Cyber operations have become integral to modern statecraft. In India, threat actors continue to exploit sectoral vulnerabilities. Strengthening our defences requires continuous monitoring, cross-sector collaboration, and skilled manpower." However, Neehar Pathare, MD, CEO and CIO at 63SATS Cybertech, believes that India's fragmented cyber defence framework is not keeping pace with the rising threat. "There are critical gaps—fragmented frameworks, inconsistent incident reporting, and a lack of unified cyber response," said Pathare. "A centralised Threat Intelligence and Monitoring Response Centre integrating CERT-In, sectoral CSIRTs, and corporate SOCs is vital." Budget and investment challenges Despite the rising stakes, India's cybersecurity budget remains relatively modest. Shekar said that in 2023, the government allocated INR 515 crore (USD 62 million) under the Ministry of Electronics and IT. In contrast, the U.S. Cyber Command's budget request stood at USD 3.3 billion for FY2024. He estimated that a robust, integrated national cyber defence system, encompassing infrastructure, personnel training, and threat detection, would require an initial investment of INR 2,000 to INR 5,000 crore. This figure does not include ongoing costs for upskilling and operational support. Tony Buffomante, SVP & Global Head – Cybersecurity & Risk Services, Wipro, echoed the same: "Cybersecurity budgets are struggling to keep pace with growing threat sophistication. AI helps strengthen defences while optimising costs. CISOs must focus on risk-adjusted returns on investment." Towards quantum-safe and collaborative defence With attacks becoming stealthier and longer-term, there is a growing push for next-generation defences. Quantum-safe security solutions are gaining traction, as traditional encryption methods may not survive future quantum computing capabilities. "There's an over-reliance on legacy encryption. We need a national migration path to quantum-resilient encryption—complemented by policy mandates and sector-specific blueprints," said Patel. He added, "This is not just a technical upgrade, it is a strategic imperative for digital sovereignty. Startups, research labs, and government bodies must collaborate, not work in silos." Public-private partnerships also need to evolve. Rather than acting as vendors, tech firms and government bodies must co-develop secure systems and protocols. Protecting democracy in the digital age The growing targeting of civil society (18 per cent) and military institutions (8 per cent) is not only a security concern, it is a threat to democratic stability. "Securing democracy in the digital age means investing in infrastructure that cannot be undermined by time or tech advances," said Patel. "The quantum threat is borderless; so too must be our response."
Mint
26-05-2025
- Mint
CERT-In issues high-risk advisory over critical Microsoft vulnerabilities: Report
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-risk security advisory for users of Microsoft products,reported Business Standard. As per the publication, the alert, published on CERT-In's official platform, highlights serious vulnerabilities that could potentially expose users and organisations to a range of cyber threats. You may be interested in According to the advisory, the identified flaws reportedly affect a wide range of Microsoft services and tools, including Microsoft Windows, Microsoft Azure, Office, Developer Tools, Dynamics, System Centre, and extended security updates for older Microsoft products. CERT-In has raised concerns that the vulnerabilities could be exploited by attackers to gain elevated privileges, access confidential data, bypass security mechanisms, execute remote code, or initiate denial-of-service (DoS) and spoofing attacks. 'These multiple vulnerabilities in Microsoft products could be exploited to compromise system integrity and put sensitive information at risk,' the agency warned, urging IT administrators, cybersecurity teams, and general users to act promptly. As of now, Microsoft has not issued any official workaround or mitigation for the vulnerabilities. Users are being advised to install the latest security patches released by Microsoft in its May 2025 update to minimise potential risks. It is noteworthy that the advisory serves as a crucial reminder for organisations and individuals to remain vigilant and to ensure that all systems are updated regularly to avoid potential exploitation. Install the latest security updates as detailed in Microsoft's May 2025 release notes. Monitor systems for unusual activity and apply best practices in access management and endpoint security. Engage security professionals to assess vulnerabilities and ensure appropriate defences are in place. With cyberattacks growing increasingly sophisticated, CERT-In's alert underscores the importance of proactive cybersecurity measures in safeguarding digital infrastructure.
&w=3840&q=100)
Business Standard
26-05-2025
- Business Standard
CERT-In issues 'high risk' warning, many Microsoft tools affected: Details
CERT-In warns of multiple Microsoft product flaws that could enable attackers to bypass security, execute code remotely, or cause data leaks and service disruption New Delhi The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Microsoft users, warning of security vulnerabilities in their devices. The central government authority has issued this advisory to alert individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products. CERT-In has classified these vulnerabilities as 'High risk,' warning they could enable attackers to access sensitive data, disrupt services, and carry out other malicious actions. CERT-In in its blog wrote: 'Multiple vulnerabilities have been reported in various Microsoft Products, which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restrictions, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions.' Affected software The full list of affected software includes: Microsoft Windows Extended Security Updates (ESU) for legacy Microsoft products Microsoft Azure Microsoft Developer Tools Microsoft Office Microsoft Apps Microsoft System Centre Microsoft Dynamics How to keep your device protected CERT-In has advised users to apply appropriate security updates as mentioned in Microsoft's May 2025 security update release notes. However, as per Microsoft's website, there are no workarounds to these issues yet, and no mitigation has been done in the matter officially either. In related news, CERT-In issued an advisory for iPhone and iPad users around two weeks back. CERT-In earlier issued a high-severity alert for Apple users, warning of a critical vulnerability affecting iPhones running iOS versions earlier than 18.3 (iPhone XS and later) and several iPad models with outdated iPadOS versions. The warning, marked as 'very high' risk, was released on May 12 and highlights the potential threat to device functionality. According to CERT-In, the flaw could allow malicious apps to make devices unresponsive or unusable until restored. Users are advised to update their iOS and iPadOS versions promptly to avoid possible disruptions.
News18
26-05-2025
- News18
Windows 10, 11 And Microsoft Office Users Face Major Security Risks, Indian Govt Raises Alert
Last Updated: Windows and Office users are facing multiple security issues that can leave them vulnerable to cyber attacks and hacking. Microsoft Windows and Office among other products are facing another big security risk that has forced the Indian government to alert the users across the country. Windows is the popular OS used by millions for their PCs and laptops, while Office lets you use apps like Word, Excel and PowerPoint. The latest concerning issue has been detailed by the Indian Computer Emergency Response Team or CERT-In in May 2025, sharing some worrying details about the security risks that make millions of Windows PCs vulnerable to hacking attacks. The CERT-In alert explains the security risks that are plaguing not just the Windows and Office users but other Microsoft products that are heavily relied on by businesses. 'Multiple vulnerabilities have been reported in various Microsoft Products which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restriction, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions," the security bulletin says. The government alert also points out the Microsoft users who are at risk because of the latest issues: Windows, both latest and legacy versions are vulnerable to the security issues, which makes it critical that everyone using a Windows PC should install the latest patch at the earliest. You also have businesses targeted with products like Azure and dynamics also in the mix. And yes, like we said, Office has a wide suite of apps that are used by both personal and business users. The agency also informs that Individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products could be targeted with ransomware or cyber attacks. So what can you do to protect your systems from the issues? Microsoft has already discovered the risks, and released the patches that will keep your machine safe. We suggest you go to settings, enable auto-update Windows and reboot the system to have the new version installed to keep your PC safe.
News18
23-05-2025
- News18
Zoom Security Warning Issued By Indian Govt For Windows And Android Users: Should You Worry?
Last Updated: Zoom users face multiple security issues that can make them easy target for hackers who can try to steal personal data. The Indian government has raised a new security warning for Zoom users on Windows, macOS and even Android. The latest alert from the Indian Computer Emergency Response Team or CERT-In on May 22 talks about multiple security issues that can make it easy for hackers to attack their system bypassing the Zoom security layers and able to steal data and other information from the targeted users. Zoom was popular during the pandemic because of people working remotely and assisting them with video meetings from anywhere. Even today, people rely on the platform for work which is why the new risks warrant your attention. Zoom Security Issue: What The Alert Says The CERT-In note talks about multiple security issues that are affecting Zoom on various platforms. 'Multiple vulnerabilities exist in Zoom products due to improper input validation, race conditions and memory corruption issues." The agency further suggests that the Zoom security issues could make it high risk for both businesses and personal users. 'Successful exploitation of these vulnerabilities could allow an attacker to affect the integrity of the app, gain elevated privileges or cause denial of service conditions on the targeted system." So who is at risk because of the aforementioned security issues in Zoom, the government agency says pretty much every platform that runs the app needs to be alert: The Zoom workplace app is used by businesses and professionals while the Android and iOS app mentioned here are popular among most people. If the Zoom on your Android, iOS or Windows system is running on the versions prior to the ones written here, you need to update the Zoom app right away. So, We suggest you open the Zoom app on your desktop/mac or mobile device and click on the available software update for the platform and secure your devices from possible hacking threats. First Published:
