Latest news with #Qilin
Hindustan Times
3 days ago
- Business
- Hindustan Times
Bridging the gap between ground reality and global standards
India is leading the race of digital transformation and currently stands at the crossroads in its cybersecurity journey. Cybersecurity (Shutterstock (PIC FOR REPRESENTATION)) With over 800 million internet users in the country and a rural penetration of 488 million, it would not be incorrect to say that digital transformation is being driven through the remotest villages and towns of the country. Add to this, the reliance on digital transactions through revolutionary tech of UPI payments system, and the stakes for cybersecurity become astronomically high. The country has made significant strides in establishing a regulatory framework to counter the threats coming to the fore for digital adoptions by launching key initiatives. But the ground reality of an expanding cyber threat landscape continues to pose formidable challenges when compared to the global cybersecurity standards. India's ambition of being a leader in the digital realm is clear. But the path is intertwined with a dynamic interplay of vulnerabilities and evolving defences. India's digital footprint grew ten-fold especially in the years post pandemic. With an expansive digital footprint, the country has inevitably broadened its attack surface and invariably making it a prime target for cyber adversaries. According to the Cyble's Threat Landscape Report, India ranked as the most targeted country in Asia and second most globally. Another report on defining the ransomware threat landscape, also quoted India as the prime target in the APAC region. Qilin, RansomHub and Cl0P were the most active actors with information technology (IT) and manufacturing being the most targeted sectors. The financial toll is equally alarming. The country lost an astounding ₹22,845.73 crore to cybercriminals in 2024, marking a sharp 206% surge from the previous year. The main cyber threats include ransomware, phishing campaigns, data breaches, and a rising number of Artificial Intelligence (AI)-driven deepfake attacks. In the underbelly of these alarming numbers are persistent and systemic vulnerabilities that are out in the open yet often ignored. Some of them are: Low cybersecurity awareness: A significant portion of the population, like mentioned earlier, is from rural parts where awareness is usually restricted to only checkbox campaigns. But this is not just a rural or urban problem. Many enterprises in tier 1 and 2 cities also lack basic awareness of safer online practices. This makes human error a leading cause of breaches. A significant portion of the population, like mentioned earlier, is from rural parts where awareness is usually restricted to only checkbox campaigns. But this is not just a rural or urban problem. Many enterprises in tier 1 and 2 cities also lack basic awareness of safer online practices. This makes human error a leading cause of breaches. Skill shortage: There is huge gap in the demand and supply for skilled cybersecurity professionals. Of course, universities and education system, in general, is now taking note of this. There is huge gap in the demand and supply for skilled cybersecurity professionals. Of course, universities and education system, in general, is now taking note of this. Outdated frameworks and resource constraints: Several organisations, particularly MSMEs, struggle with legacy systems and resource limitations. Some of the core banking functionalities in India also still run on outdated technology which makes the adoption of advanced security solutions difficult. Several organisations, particularly MSMEs, struggle with legacy systems and resource limitations. Some of the core banking functionalities in India also still run on outdated technology which makes the adoption of advanced security solutions difficult. Under-reporting: Reputational damage is the biggest fear businesses and organisations face when it comes to breaches and security incidents. This is the prime reason why several incidents often go unreported. Despite the challenges, India has made significant efforts to match the capabilities of its foreign counterparts. The country is moving towards a multi-layered cybersecurity framework designed to safeguard its digital ecosystem. The Information Technology (IT) Act, 2000, although a couple of decades old, has undergone significant amendments. It serves as baseline legislation and governs cybercrime, data protection, and electronic transactions. The law requires organisations handling sensitive personal data of Indian to follow reasonable security practices and procedures. To further strengthen its data governance and give the power of owning the data to its uses, the government has also introduced the Digital Personal Data Protection Act of 2023 (DPDP Act). This act not only strengthens individual data privacy rights but also align India more closely with global data protection standard like the European Union's GDPR framework. With a view to help industry specific incident response, the country also established the Indian Computer Emergency Response Team (CERT-In). It aids organisations in providing first-hand incident response by collecting, analysing and disseminating threat intelligence. Additionally, the government has established the Indian Cyber Crime Coordination Centre (I4C), and the National Critical Information Infrastructure Protection Centre (NCIIPC) which provides added expertise with threats related to frauds and critical infrastructure. Other government Initiatives like Cyber Swachhta Kendra offer free tools for malware analysis and botnet tracking, while the National Centre of Excellence (NCoE) in collaboration with DSCI focuses on cybersecurity technology development and entrepreneurship among the younger generation. India believes cyber threats transcend borders and thus also actively forging partnerships through Memoranda of Understanding (MoUs), which will help in sharing of threat intelligence with its allies like the UK, Japan, and the US. On paper, India's legislative and institutional architecture looks robust and promising, the challenge though lies in its consistent and widespread implementation across a diverse and rapidly digitising economy. Regulatory gaps persist and many businesses are striving to achieve full compliance with evolving laws. India aspires to build its own capabilities, reduce external dependence, and emerge not just as a leading consumer of digital technologies, but also a trusted global provider of tech products, services, and solutions. The recently drafted National Telecom Policy 2025 (NTP-25) is the proof of India's commitment towards it. The policy explicitly factors in next-generation technologies like 5G/6G, AI, IoT, and quantum communications, aiming for a 10% global share in 6G-related Intellectual Property Rights (IPR) by 2030. This signals a strategic push towards not just following but setting global standards in critical areas. The journey from ground reality to global leadership in cybersecurity is complex and continuous. It demands sustained investment in talent development, a proactive approach to emerging threats like AI-powered attacks, the widespread adoption of advanced security paradigms like AI-driven threat intelligence, and a cultural shift towards prioritising cybersecurity at every level. India's digital future and its national security hinges on its ability to effectively bridge this crucial gap. This article is authored by Ankit Sharma, senior director and head, solutions engineering, Cyble.
Techday NZ
5 days ago
- Business
- Techday NZ
Global ransomware attacks drop 43% but threats evolve quickly
Ransomware attacks worldwide declined by 43% in the second quarter, yet threats continue to adapt and evolve according to a new report from NCC Group. The report found a notable decrease in global ransomware activity, with incidents dropping by six percent month-on-month in June, amounting to 371 cases. Over the quarter, attacks fell by 1180 cases compared with the previous quarter. Experts attribute the reduction to seasonal slowdowns, including holiday observances such as Easter and Ramadan, as well as increased law enforcement interventions disrupting key ransomware operators. Analysis suggested the downturn may be temporary, with warnings that cybercriminals are likely to use this time to regroup and adopt more sophisticated social engineering strategies. Key disruptions in the ransomware ecosystem have opened opportunities for emerging groups to exploit gaps and continue targeting organisations. Sectors under attack The industrial sector remained the most targeted, experiencing 27% of all recorded attacks in June. Across the entire quarter, industrials represented nearly 30% of ransomware incidents, reaffirming the sector's prominence as a target for cybercriminals. Attacks on the consumer discretionary sector, which includes retail, dropped notably from 102 incidents in May to 76 in June, coinciding with reduced activity from the Scattered Spider group. Previously, Scattered Spider had claimed responsibility for prominent attacks on major retailers such as Marks & Spencer and the Co-op in May. Healthcare was the third most targeted sector, recording 42 attacks in June, almost double the figures reported in May. The information technology sector followed, with 33 attacks during June. Threat groups' activities In June, the ransomware group Qilin was named the most active, responsible for 16% of all attacks - rising from third place in May - and increasing its activity from 95 incidents in the first quarter to 151 in the second quarter. Qilin has increasingly targeted both industrial and IT sectors and now offers legal assistance to its affiliates, helping them navigate law enforcement risks and improve their ability to pressure victims into paying ransoms. This is seen as indicative of the more structured, business-oriented approach developing within ransomware-as-a-service models. Akira was the second most active group in June with 31 recorded attacks, rising from its fourth-place ranking in May, while the Play group fell to third with 29 incidents. The SafePay group followed, dropping to fourth place with 27 attacks after suspicions of a recent rebranding. Geographical impact North America experienced the highest proportion of ransomware attacks, accounting for 58% of incidents in June and 52% across the entire second quarter. Europe saw a decrease in attacks by 8% to make up 21% of global cases, fewer than half the number reported in North America. Asia was the origin of 12% of attacks, with South America recording the smallest regional share at four percent. Cyber warfare and political motives The report observed that ransomware is increasingly being used as part of political and cyber warfare tactics. In June, the Handala group - a pro-Palestine entity - claimed responsibility for targeting 17 Israeli organisations in the aftermath of significant regional conflict between Iran and Israel. The timing of the attacks, which began immediately following Israeli strikes on Iran, indicated a likely retaliatory motivation and suggested that ransomware could become further entrenched as a political tool. The UK Government's recent Industrial Strategy has highlighted the importance of cybersecurity in protecting vital national interests. Increased cyber warfare activity is leading to more robust state-level responses and driving the adoption of cybersecurity-focused policies globally. "The volume of victims being exposed on Ransomware leak sites might be declining but this doesn't mean threats are reduced. Law enforcement crackdowns and leaked ransomware source code is possibly a contributing factor as to a drop in activity, but ransomware groups are using this opportunity to evolve through rebranding and the use of advanced social engineering tactics. We've already tracked 86 new and existing active attack groups this year, and we're on course to surpass 2024's record. The increased number of attackers means a broader range of attack methods that businesses need to be prepared for. Both organisations and nations should take this as a sign to remain vigilant. Investing in cyber security and intelligence-led defences is the key to staying ahead of increasingly agile threat actors." These comments from Matt Hull, Global Head of Threat Intelligence at NCC Group, reflect ongoing concerns that while raw attack numbers may have declined, the risk from ransomware remains significant due to the continued evolution of both criminal tactics and the number of threat actors.
TECHx
12-07-2025
- Business
- TECHx
Ransomware on the Rise
Home » Emerging technologies » Cyber Security » Ransomware on the Rise Ransomware attacks in the Emirates are escalating, and while the region has cutting-edge digital infrastructure, it is now being tested by a wave of increasingly sophisticated cybercrime. According to the UAE Cybersecurity Council, ransomware incidents surged by 32% in 2024 compared to the previous year. Financial institutions, energy companies, and healthcare providers were among the most frequently targeted, as threat actors capitalized on the region's digital transformation. This isn't just a local concern. Globally, ransomware is evolving from blunt-force encryption to more insidious, double-extortion models, stealing sensitive data before locking systems, and threatening to release it publicly unless ransoms are paid. In the UAE, where government trust and corporate reputation are paramount, the stakes are exponentially higher. The Anatomy of a Threat The UAE's ransomware landscape is shaped by global crime syndicates that now operate like tech startups, professional, agile, and productized. Groups such as LockBit, Qilin, Flocker, and DarkVault are some of the main perpetrators operating in the region, according to These groups often use ransomware-as-a-service (RaaS) models to scale operations without getting their digital hands dirty. In 2024 alone, 34 ransomware incidents were recorded in UAE financial institutions, up from 27 in 2023, as highlighted by ZCyberSecurity's UAE Threat Report. The attackers used phishing emails, unpatched software, and increasingly social engineering tactics powered by AI. Notably, a ransomware attack on Moorfields Eye Hospital Dubai encrypted over 60 GB of sensitive patient data, placing immense pressure on healthcare regulators to reinforce digital defenses, as reported in CentralEyes' breach analysis. Why the UAE Is a Prime Target The UAE's hyper-digital economy is both a strength and a soft spot. With aggressive investment in smart cities, fintech, and AI-driven public services, the attack surface has expanded dramatically. The country's economic diversity and digital-first culture present a high-reward scenario for threat actors. Additionally, the UAE's reputation on the global innovation stage makes its digital vulnerabilities headline-worthy. Cybercriminals are keenly aware that breaches here have the potential to make international news, raising pressure on victims to pay ransoms quickly and quietly. To Pay or Not to Pay? A particularly troubling statistic comes from Nearly 50% of UAE-based organizations impacted by ransomware chose to pay the ransom in 2024. This is significantly higher than the global average and signals a dangerous precedent. Paying ransoms might offer a short-term solution, but experts warn that it invites repeat attacks and funds future criminal operations. Worse yet, ransom payments don't guarantee full data recovery, a reality many UAE businesses have painfully learned. Shifting from Reaction to Prevention Despite the spike in attacks, the UAE is not standing still. The government has deployed AI-powered defense systems capable of detecting and neutralizing up to 200,000 attacks per day on critical infrastructure. The UAE Cybersecurity Council has also intensified its public-private sector collaboration, including partnerships with GISEC, Dubai Police, and major cloud providers. Cybersecurity regulations have evolved as well, requiring mandatory breach reporting and encouraging the use of 'zero trust'. While large enterprises and government entities have fortified their defenses, SMEs remain vulnerable. Many lack dedicated cybersecurity teams or even basic security hygiene. This makes them low-hanging fruit for attackers using automated tools to scan for weaknesses. Moreover, despite rising awareness, cyber insurance uptake remains low, and many organizations are unclear on whether they're even covered in the event of a ransomware attack. With threat actors evolving faster than policies, regulatory bodies are now pushing for more transparency and minimum security standards across sectors.
Business Wire
10-07-2025
- Business
- Business Wire
Ransomware Groups Multiply as Attack Surface Rapidly Expands, GuidePoint Security Finds
RESTON, Va.--(BUSINESS WIRE)-- GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today the release of its quarterly Ransomware & Cyber Threat Report from the GuidePoint Research and Intelligence Team (GRIT). Affiliates are regrouping under existing or emerging banners, and many are standing up their own operations using recycled tools. Covering the second quarter of 2025, the new GRIT Q2 2025 Ransomware & Cyber Threat Report offers exclusive in-depth analysis of the evolving Ransomware as a Service (RaaS) ecosystem, threat actor behaviors and emerging cybercrime trends—including a 45% year-over-year increase in the number of active ransomware groups. 'While law enforcement's disruption of dominant groups like LockBit, AlphV and BreachForums has dealt significant blows to cybercriminal networks, the sharp year-over-year rise in active ransomware groups makes it clear that a significant threat remains,' said Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security. 'Unfortunately, the quarterly slowdown in publicly reported ransomware incidents appears to stem from more temporary headwinds, such as seasonality, fragmentation and strategic regrouping within the RaaS ecosystem. As groups like Qilin, Akira and Play continue to gain ground, defenders must remain vigilant and prepare for what's next.' The Q2 2025 Ransomware & Cyber Threat Report also investigates Iranian cyber threat activity, the growing momentum of the RaaS group DragonForce and law enforcement's impact on Lumma Stealer, a prolific information-stealing malware favored by cyber criminals. Key findings include: A 45% year-over-year increase in active ransomware groups, climbing from 45 in Q2 2024 to 71 in Q2 2025. Ransomware victim numbers remain elevated year-over-year (+43%), but a 23% decline in Q2 2025 hints at changing attacker patterns beyond seasonal norms. An 85% increase in activity from Qilin, the most active threat group of this quarter. 52% of observed ransomware victims in Q2 2025 were based in The United States, followed by Singapore (23%) and Canada (5%). The manufacturing, technology and legal industries were most heavily impacted by ransomware. Notably, the healthcare sector dropped out of the top five most targeted industries for the first time since Q2 2022. 'We're seeing a reshuffling within the ransomware ecosystem,' Timothy added. 'Disruption of major RaaS players hasn't reduced overall threat capacity so much as redistributed it. Affiliates are regrouping under existing or emerging banners, and many are standing up their own operations using recycled tools. As we head into the second half of the year, security teams should expect familiar tactics under new names.' The Ransomware & Cyber Threat Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape. For more information: About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint's unmatched expertise has enabled 40% of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at
Reuters
26-06-2025
- Health
- Reuters
UK health officials say patient's death partially down to cyberattack
WASHINGTON, June 26 (Reuters) - A cyberattack last year against British diagnostic services provider Synnovis contributed to the death of a London hospital patient, British health officials said, providing one of the first confirmations of a death tied to hacking activity. The patient at King's College Hospital in south London died in part because the hack caused a "long wait" for blood test results as well as other factors, the hospital's managing body said on Wednesday, without identifying what they were. The hospital said the patient's family had been informed but did not provide other details. Synnovis' CEO Mark Dollar said in a statement Wednesday: "We are deeply saddened to hear that last year's criminal cyberattack has been identified as one of the contributing factors that led to this patient's death." In the June 2024 hack - attributed to the Qilin ransomware gang - media reports said attackers demanded $50 million from Synnovis for its data. The company did not pay, and the stolen data was later published on the dark web, reports said. The attack disrupted the U.K. healthcare network, and snarled operations at some of London's busiest hospitals. In January Synnovis, opens new tabsaid the hack led to more than 32 million pounds ($43 million) in costs. Medical services providers have been hard hit by ransomware as hackers suspect they will pay quickly to avoid interruptions to healthcare. Deaths have been tied to past ransomware incidents, including a baby in Alabama in 2019, opens new tab and a 78-year-old woman in Germany in 2020, opens new tab, although direct causation can be difficult to establish. The Qilin hackers did not respond to a request for comment on the death. News of the U.K. death was first reported by British healthcare publication HSJ, opens new tab. ($1 = 0.7323 pounds)
