Latest news with #SundareshwarKrishnamurthy
Time of India
2 days ago
- Business
- Time of India
Internet, card frauds halve in FY25: RBI data
Chennai: Fraud cases involving internet and cards in the banking sector fell by more than 50% in FY25 over the corresponding year (FY24). It comes a year after a sharp increase in frauds under the internet and cards category, which rose by four times between 2022-23 and 2023-24. Analysts attribute the decrease in digital frauds in FY25 to attack surface reduction through layered controls, raising attackers' cost, and enhancing cybersecurity measures. Data released by RBI said, banks reported 13,516 fraud cases involving Rs 520 crore in FY25. It was a decline by 53.5% (29,082 cases) and 64% (Rs 1,457 crore), respectively in the previous year (FY24). During FY23, 6,699 fraud cases involving Rs 278 crore was reported under the category in public, private, foreign, small finance, payment and local area banks. An assessment of bank group-wise fraud cases over the past three years indicates that frauds have occurred predominantly in the category of digital payments (card/internet) in terms of numbers, India's central bank said in its annual report for 2024-25. Card/internet accounted for 56.5% of overall fraud cases in banks in FY25, while this category share was at 80.6% and 49.7% in FY24 and FY23, respectively. Advances and deposits are the other major areas in fraud cases after digital payments. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Play Chess on Your PC, Free Play Classic Chess Install Now Undo Also, card/internet frauds contributed maximum to the number of frauds reported by private sector banks, the report added. However, digital payment related frauds, wherein credentials such as One Time Password (OTP), card verification value (CVV), and passwords that were compromised by customers themselves does not cause loss to the banks. Sundareshwar Krishnamurthy, partner – cybersecurity, PwC India said, the reduction in card and internet-related frauds can be attributed to various factors including enhancing trust in customer-device-channel linkages. "In short, banks now trust only transactions on authenticated channels and devices, making remote fraud much harder. Banks and regulators have significantly tilted the cost–benefit equation against cybercriminals by making fraud attempts more time-consuming, complex, and easier to detect. Measures such as multi-layered authentication and integration of tools like the mobile number revocation list have made it harder for fraudsters to exploit digital payment channels." Vaibhav Kaul, managing director, Protiviti Member Firm of India said, introduction of RBI-approved '. and '. domains provide customers with verified URLs, helping to counter phishing and fake websites. "Many banks have deployed real-time AI/ML-based fraud detection systems to flag suspicious transactions proactively or enhance their systems,' he added. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
14-05-2025
- Politics
- Time of India
Border fire draws in digital war, tourists looking for quick bucks
Live Events ETtech The India-Pakistan conflict has become an opportunity for several ' digital war tourists ' or foreign hacker groups to seek some quick bucks or drive religious agenda by launching cyberattacks on the national digital researchers have identified an army of state/non-state actors like Moroccan Soldiers, Team R70 (Russia) Lulzsec Arabs (the Middle East), Islamic Hacker Army (Iraq), Sylhet Gang SG (Bangladesh) and Team Azrael-Angel of Death (Palestine) claiming to deface websites and breach sensitive data from several Indian government and private organisations in the past week, cybersecurity experts told these are 'script kiddies' or novice hackers who use pre-written scripts and tools to carry out cyberattacks, they said. Most commonly they use methods like phishing and exploiting vulnerabilities in web firm CloudSEK said it has identified more than 100 claims of data theft or credential loss which were exaggerated, recycled or aren't sophisticated cybercrime syndicates. Instead, they ride the wave of geopolitical unrest to seek attention, drive nationalistic agenda and gain followers, or even financial rewards from buyers on the dark web, experts said.'These attacks—mostly involving DDoS (distributed denial of service), website defacement and data breaches—focus on government, educational, media and ecommerce platforms. Most of these operations appear ideologically driven rather than financially motivated,' said Pagilla Manohar Reddy, a threat intelligence researcher at activities are not unprecedented and have been evident during the ongoing Russia-Ukraine war and Israel-Palestine conflict, he the past week, hacktivist groups have made grandiose claims of cyber breach. For instance, Bangladesh's SYLHET GANG-SG and DieNet claimed to have exfiltrated 247 GB of data from India's National Informatics Centre. However, an analysis of a 1.5 GB sample by CloudSEK showed only publicly available marketing Team Azrael-Angel Of Death claimed 1 million citizen records from the Election Commission, but was debunked as recycled data from a 2023 leak, not a fresh compromise, CloudSEK said.'Cyberattacks often spike around major geopolitical incidents, posing not just financial but also reputational risks—including to public infrastructure,' said Sundareshwar Krishnamurthy, partner and leader, Cybersecurity at PwC should adopt vulnerability scans, real-time threat monitoring, strict network segmentation and regular phishing simulations in such volatile scenarios, he said, adding: 'Even if data is breached, backups enable continuity and limit ransomware impact.'However, there is one real threat – the APT36, a Pakistan-linked espionage group also known as Transparent Tribe. ET reported last week about Quick Heal Technologies detecting three hacking attempts by this group and its parent entity, SideCopy, on India's government and defence IT systems.'The group has used malware payloads, including the AllaKore and Crimson RATs, granting the attackers extensive remote control and unfettered access to infected systems,' said Sanjay Katkar, joint managing director at Quick Heal are also using AI-generated images and videos to carry out phishing social media and messaging apps.'We've seen fake official-looking letters with made-up numbers, or videos that pretend to show new attacks on India but actually use old war pictures to trick people,' CloudSEK's Reddy said."We've seen a spike in low-sophistication cyber activities—website defacements and emotionally manipulative phishing campaigns—often riding on the heightened tensions," said Malcolm Gomes, chief operating officer at identity verification platform IDfy."These typically spread via WhatsApp, Telegram and social media, preying on national sentiment to steal personal data or financial details, as the lowest hanging targets," he said.
Time of India
01-05-2025
- Business
- Time of India
Researchers warn internet users, Pakistani hackers targeting your PCs, laptops and mobile: What to know
Cybersecurity researchers are issuing urgent warnings to internet users in India about a surge in hacking attempts originating from Pakistan, targeting personal computers, laptops, and mobile devices. This escalation in cyber activity appears to be linked to heightened geopolitical tensions between the two nations. According to a report by Economic Times, Pakistani hackers are sending malicious PDF files which are linked to phishing domains . The report also adds that the Indian officials have confirmed that they have thwarted multiple cyberattacks from Pakistan in the last few days. According to cybersecurity experts, this digital aggression follows a pattern of tit-for-tat cyberattacks between suspected pro-India and Pakistan-based hacking groups. Recent claims include an Indian hacktivist group, 'India Cyber Force,' reportedly breaching Pakistani government and private sector databases. In response, a Pakistan-based group, ' Team Insane PK ,' allegedly targeted the Indian Army College of Nursing website with provocative messaging. How Pakistani hackers are targeting your PCs, laptops and smartphones As reported by Economic Times, the hackers are sending malicious PDF documents titled Report & Update Regarding Pahalgam Terror Attack. The document is said to mimic official Indian government website but it is linked to malicious phishing domains. Users who download and open this file risk their devices being compromised. Experts highlight that these attacks are not isolated incidents but rather part of a broader cyber conflict. Vishal Salvi, CEO of cybersecurity solutions firm Quick Heal Technologies, stated there has been a "sharp escalation in Pakistan-backed cyber campaigns targeting Indian defence, government, and critical infrastructure sectors." by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Pressure Transducers for Simple Solutions Pressure Transducer Read More Undo Quick Heal's analysis has identified the hacker group APT36 (Transparent Tribe) as actively deploying CrimsonRAT malware through sophisticated phishing attacks, often in conjunction with a remote monitoring and management (RMM) tool known as MeshAgent. These attacks are strategically timed to coincide with hacktivist-driven DDoS attacks and website defacements aimed at undermining public trust. Furthermore, another sub-group of APT36, known as SideCopy, is reportedly broadening its targets to include sectors like railways and oil, utilizing new malware payloads such as CurlBack RAT. These groups are continuously adapting their tactics to evade detection by security software. Experts emphasise that cyberattacks have evolved beyond mere disruptive acts and are now being employed as deliberate extensions of geopolitical strategy. "Cyberattacks are no longer fringe acts of disruption... They have become deliberate extensions of geopolitical strategy," Sundareshwar Krishnamurthy, partner and leader - cybersecurity at PwC India told Economic Times. What users need to keep in mind to stay safe from cyberattacks Be extremely cautious of unsolicited emails and messages, especially those with attachments or links related to sensitive topics like security or current events. Verify the authenticity of any PDF files or documents before downloading or opening them, especially if they appear suspicious or are received from unknown sources. Double-check the URLs of websites before entering any sensitive information, ensuring they are legitimate and not mimicking official sites. Keep your operating systems, antivirus software, and other security applications up to date. Be wary of clicking on suspicious advertisements, particularly those with provocative or nationalistic imagery. Exercise caution while browsing online, especially on less reputable websites. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
