Security News
Indian payment app maker MobiKwik has denied its security has been breached, saying that if it's true, as has been claimed, that its customers' information has appeared on the dark web, then some other platform was totally responsible for that. "Some users have reported that their data is visible on the dark web," reads a message from the company, dated March 30.
The first "Quad summit" of leaders from Australia, India, Japan, and the USA has announced the group will create a "Critical and Emerging Technology Working Group". The joint "Spirit of the Quad" statment said the group will: "Respond to the economic and health impacts of COVID-19, combat climate change, and address shared challenges, including in cyber space, critical technologies, counterterrorism, quality infrastructure investment, and humanitarian-assistance and disaster-relief as well as maritime domains."
India's Telecom Regulatory Authority has paused the rollout of a national SMS "Scrubbing" service and blamed business for the delay. The authority, aka TRAI, introduced the scrubbing service to curb text spam in India, where mobile phone users can expect a couple of unsolicited messages every day according to spam-blocking app Truecaller.
Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector.
Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting a wide range of critical infrastructure targets in India, including power plants, electricity distribution centers and Indian seaports. Despite these overlaps with known APT actors, Recorded Future said it will contrinue to track the group as a distinct actor because there isn't enough evidence to firmly attribute the activity to a singular group.
After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies. India's Internet Freedom Foundation has slammed this traceability requirement, claiming it will be impossible to implement strong end-to-end encryption as a result, and thus could harm privacy.
The malware strains named Hornbill and SunBird have been delivered as fake Android apps by the Confucius advanced persistent threat group, a pro-India state-sponsored operation known to spy on Pakistani and South Asian targets, since at least 2013. A report from California-based cybersecurity firm Lookout has revealed counterfeit Android apps laden with malware that was used by pro-India actors to spy on Pakistan's military and nuclear authorities, in addition to Kashmir's election officials.
Authorities in India determined that a major power outage that occurred last month in Mumbai, the country's largest city, may have been caused by hackers, according to reports. It took two hours to restore power just for essential services, and up to 12 hours to restore power in some of the affected areas.
Indian Prime Minister Narendra Modi has called on the nation's technology industry to start designing products for the world, and for youth to create new digital defences. In a speech to the Bengaluru Tech Summit, a major Indian tech event, Modi opened by saying: "Today, I am glad to say that Digital India is no longer being seen as any regular Government initiative. Digital India has become a way of life."
India's Securities and Exchange Board appears to have sent a circular to stock exchanges that calls for market participants to upgrade information security as bad actors seek to take advantage of the financial services industry's move to working from home. SEBI appears not to have made its document public, but India's National Stock Exchange - the nation's largest - plus the Bombay Stock Exchange and Multi Commodity Exchange of India all late last week published the same 14-point security guidelines that say SEBI has called for market participants to implement a security baseline on the computers their staff use when working from home.