A new cybersecurity industry plan is being drafted by the Chinese Ministry of Industry and Information Technology. It’s a three-year plan aiming to build the country’s cyber-security industry, estimating the sector may be worth more than 250 billion yuan by 2023. All data-rich tech companies with 1mn+ users were asked to undergo security reviews before being listed overseas. The draft follows the case of DiDi Chuxing for alleged violation of data privacy laws.
US and British agencies said Russian spies, accused of interfering in the 2016 US presidential elections, have been using VPNs for the last two years to target hundreds of organisations globally. The names of the targets have not been identified but the location is the US and Europe. The Russian Unit 26165 has been alleged to be the group trying to break into Democratic Party emails and was accused of attempting to break into Linux systems.
Sophos announces findings of its survey report in the Asia Pacific and Japan region, in association with TRA. The study states that despite cyber-attacks, cybersecurity budgets have remained unchanged. India has a shortfall of skilled cybersecurity experts, and Indian companies are struggling to recruit cybersecurity staff, the study pointed out. The need to appoint a CISO will increase from 33% to 40% in the next 24 months.
Cybersecurity researchers have found a flaw in the encryption algorithm used for GPRS or 2G cell phones. This may have allowed hackers to gather information on data traffic for over 20 years. Experts suggest that the flaw in GEA-1 was created intentionally to allow a backdoor for law enforcement agencies. The GEA-1 algorithm was supposed to be removed from smartphones back in 2013 but researchers have found them in android and iOS devices, as well.
Volkswagen, in a statement, said a data breach at a vendor has affected 3.3 mn customers and potential buyers in North America. Almost all of them were customers or potential buyers of Audi. The vendor had left sales and marketing information from 2014-19 in an e-file unsecured. Limited personal information about customers and potential buyers was exposed to hackers. VW will offer free credit protection services to the 90,000 customers affected by the leak.
100 mn users’ personal data has been exposed due to a misconfiguration of a third-party cloud service by android mobile app developers. Chats, emails, pictures, passwords, and locations are included in the data exposed. 23 android apps were analyzed by CheckPoint Research where developers have left a bug by not adhering to best practices while configuring and integrating third-party cloud into their apps. Logo maker, Astro guru, T’Leva are some of these apps.
Four days after the ransomware attack, the Irish health system is still struggling to return to full functionality. Thousands of diagnostic appointments, cancer treatments, and surgeries have been canceled. Russian-speaking group named Conti has demanded a ransom of $20 mn and threatened to start selling private data soon if the demands are not met. The hospital telephones are also out of service, as the hospital is assessing its 2,000 IT-patient facings.
A Check Point report said that every week since April an average of 1,000 firms witnessed ransomware attacks. The first trimester of 2021 saw a rise of 21% in attacks and a 7% rise since April 2021. Compared to the start of 2020, a rise of 102% in ransomware attacks has been witnessed this year. APAC firms were attacked 51 times on average every week, 14% higher than the start of the year. India was the most impacted country in the world with an avg weekly attack of 213.