Today’s Cache | Why ransomware attacks on Indian IT firms are concerning?; Google, X ads promoting sites with crypto malware; U.S. court rules Twitter breached contract over failure to pay bonuses | #ransomware | #cybercrime

(This article is part of Today’s Cache, The Hindu’s newsletter on emerging themes at the intersection of technology, innovation and policy. To get it in your inbox, subscribe here.)

Why ransomware attacks on Indian IT firms are concerning? 

IT services company, HCL Technologies stated in its quarterly report on 20 December that a ransomware incident had affected its restricted cloud environment post which the company’s share prices fell. HCL Tech clarified that it hadn’t seen an “observable” impact due to attack but did not share any details around it. An investigation was then launched after consulting with relevant shareholders to determine the root cause of the hack. 

A recent trend of increasing cyber-attacks on Indian companies has become worrying. A 2023 study conducted by Sophos, a cybersecurity organisation showed that 73% of companies reported being victims of ransomware attacks, up from 57% in the last year. IT companies are particularly vulnerable because of the massive amounts of data they hold. In November this year, IT giant Infosys had been at the facing end of another ransomware attack. In another noted incident, in the same month, a ransomware attack had crippled the All India Institute of Medical Sciences (AIIMS) for days with the hackers demanding Rs. 200 crores in cryptocurrency from the hospital.

Google, X ads promoting sites containing malware

Advertisements promoted on Google and microblogging platform X included sites with a cryptocurrency drainer that had reportedly stolen $59 million from $63,210 victims over the past nine months. A report by Bleeping Computer stated that thousands of phishing sites were found using the drainer from March 2023 until 23 December with spikes in activity observed in May, June and November. Malicious ads on Google Search exploiting a loophole in Google’s tracking template showed up as if they belonged to official domains while on X the ads were much more prevalent and were posted from “verified” accounts carrying the blue tick badge. 

The ads on X also promoted NFT airdrops and new token launches on sites with the drainer. A drainer is a malicious smart contract or a suite made to drain funds from a crypto owner’s wallet without their consent by appearing as a website that looks legitimate. 

U.S. court rules Twitter broke contract with workers

On 22 December, a U.S. federal court ruled that Twitter now called X, had violated contracts by failing to pay annual performance bonuses it had orally promised employees. The lawsuit had been filed by former Twitter employee Mark Schobinger in June. The lawsuit had alleged that Twitter had promised employees a 2022 performance bonus if employees stayed with the company through the final possible payout date which was in the first quarter of this year. The court eventually threw out Twitter’s dismissal of the lawsuit calling Schobinger’s claims valid under California law. X can still choose to appeal the decision. 

Musk’s X has lately been under fire for multiple reasons including prevalence of antisemitic content which has driven big advertisers away, an EU probe that is currently investigating disinformation and criticism of the platform’s response to a recent riot in Dublin. The company’s value has sunk to less than half of the valuation for which Musk bought it in October last year, according to a report by The Verge. 

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every

You have exhausted your free article limit.
Please support quality journalism.

You have exhausted your free article limit.
Please support quality journalism.

This is your last free article.

Source link

National Cyber Security