Case studies on how companies and individuals across the world tackled cyber attacks on them and 9 Steps of Cyber-security !
Posted by anhad on 2025/07/17
Below is a summary of recent cyber crimes reported the world over the past 12 months (August 2024 to July 2025) that have resulted in significant financial losses for companies or individuals associated with businesses, based on available news reports. The information focuses on incidents involving company-related losses.
### Notable Cybercrime Incidents in the World (August 2024 – July 2025) :
(I) Case study of cyber crimes on Free Software Foundation, U.S.A
The FSF SysOps team consists of two full-time tech team employees and
a handful of dedicated volunteers. A large part of our work is running
the software and physical servers that host websites and other
services for GNU, FSF, and other free software projects, including
virtual machines for the browser extension [JShelter][1], the desktop
environment and software collection [KDE][2], and [Sugar Labs][3], an
organization that creates learning tools for children. We recently
counted seventy different services, and have a dozen physical servers
across two Boston-area data centers.
[1]: https://jshelter.org/
[2]: https://directory.fsf.org/wiki/Kde
[3]: https://www.sugarlabs.org/
Since [we last wrote][4], much has happened, and while I’d love to
talk about all of it, including the process of deploying four new
servers to our data centers, I want to focus on the huge task of
maintaining our services in the face of ongoing (and increasing)
distributed denial of service (DDoS) attacks. A DDoS attack typically
happens when attackers control thousands or millions of machines and
get them all to send requests or other traffic to a target
server. Then, the server gets overwhelmed with processing those
requests and fails to respond to requests from legitimate users. A
common way of defending against a DDoS attack, which we often use, is
to figure out a way of identifying which IP addresses are sending
requests as part of the DDoS, and then have the server ignore requests
from those IP addresses.
[4]: https://www.fsf.org/blogs/sysadmin/the-fsf-sysops-team-needs-your-help
Our infrastructure has been under attack since August 2024. Large
Language Model (LLM) web crawlers have been a significant source of
the attacks, and as for the rest, we don’t expect to ever know what
kind of entity is targeting our sites or why.
In the [fall *Bulletin*][6], we wrote about the August attack on
[gnu.org][5]. That attack continues, but we have mitigated it. Judging
from the pattern and scope, the goal was likely to take the site down
and it was not an LLM crawler. We do not know who or what is behind
the attack, but since then, we have had [more attacks][7] with even
higher severity.
[5]: https://www.gnu.org/
[6]: https://www.fsf.org/bulletin/2024/fall/fsf-sysops-cleaning-up-the-internet
[7]: https://www.fsf.org/bulletin/2025/spring/defending-savannah-from-ddos-attacks
To begin with, GNU Savannah, the FSF’s collaborative software
development system, was hit by a massive botnet controlling about five
million IPs starting in January. As of this writing, the attack is
still ongoing, but the botnet’s current iteration is mitigated. The
goal is likely to build an LLM training dataset. We do not know who or
what is behind this.
Furthermore, [gnu.org][5] and [ftp.gnu.org][8] were targets in a [new
DDoS attack][9] starting on May 27, 2025. Its goal seems to be to take
the site down. It is currently mitigated. It has had several
iterations, and each has caused some hours of downtime while we
figured out how to defend ourselves against it. Here again, the goal
was likely to take our sites down and we do not know who or what is
behind this.
[5]: https://www.gnu.org/
[8]: https://ftp.gnu.org/gnu/
[9]: https://hostux.social/@fsfstatus/114586973567734587
In addition, [directory.fsf.org][0], the server behind the Free
Software Directory, has been under attack since June 18. This likely
is an LLM scraper designed to specifically target Media Wiki sites
with a botnet. This attack is very active and now partially mitigated.
[0]: https://directory.fsf.org/
As we developed programs to identify IP addresses belonging to the
botnet, they sometimes misidentified legitimate user’s IP
addresses. We’ve removed them from the list of DDoS IP addresses and
improved our defenses to be more precise. If you do not have access to
[gnu.org][5] right now, please send us an email at <sysadmin@fsf.org>
with your IP address and we will look into it. If you are having
trouble with a VPN (virtual private network), try switching exit nodes
and skip writing us — we know our attackers use VPNs, which leads us
to block the ones they are using.
[5]: https://www.gnu.org/
More recently, automated software build systems have become an issue
for us. These usually go by the non-obvious term CI/CD, which stands
for “continuous integration or continuous deployment.” They send
automated requests to check for new code on Savannah in order to
rebuild their software. They often send far more requests than is
necessary, which looks and acts like a DDoS attack even though it is
not intended to be. The CI/CD tooling does not typically have contact
information labeling their traffic, so we do not have a way to contact
them if there is a problem outside of banning their addresses or
sending abuse reports if we can find a place to send them. We had to
block some of these IP addresses, which often prompts them to search for
better ways to accomplish the same goals.
On top of all of that, we have our run-of-the-mill standard crawlers,
SEO (search engine optimization) crawlers, crawlers pretending to be
normal users, crawlers pretending to be other crawlers, uptime
systems, vulnerability scanners, carrier-grade network address
translation, VPNs, and normal browsers hitting our sites. It is taxing
for our sites and for our team of staff and volunteers, since we have
to figure out a specific defense approach for each attack. Some of the
abuse is [not unique to us][10], and it seems that the health of the
web has some serious problems right now.
[10]: https://thelibre.news/foss-infrastructure-is-under-attack-by-ai-companies/
When you visit a website, it might send your browser one or more
JavaScript programs. These JavaScript programs are usually
proprietary. We explain this more in [“The JavaScript Trap.”][11] If a
website sends you a free JavaScript program, you can develop a
modified version, share that with other people so they can benefit,
and you can configure your browser to run your modified version
instead of what the website sends. But some JavaScript programs are
malware, which do things like spy on you, and the only modification
any user would want is to stop it from ever running.
[11]: https://gnu.org/philosophy/javascript-trap.html
Some web developers have started integrating a program called
[Anubis][12] to decrease the amount of requests that automated
systems send and therefore help the website avoid being DDoSed. The
problem is that Anubis makes the website send out a free JavaScript
program that acts like malware. A website using Anubis will respond to
a request for a webpage with a free JavaScript program and not the
page that was requested. If you run the JavaScript program sent
through Anubis, it will do some useless computations on random numbers
and keep one CPU entirely busy. It could take less than a second or
over a minute. When it is done, it sends the computation results back
to the website. The website will verify that the useless computation
was done by looking at the results and only then give access to the
originally requested page.
[12]: https://directory.fsf.org/wiki/Anubis_captcha
At the FSF, we do not support this scheme because it conflicts with
the principles of software freedom. The Anubis JavaScript program’s
calculations are the same kind of calculations done by crypto-currency
mining programs. A program which does calculations that a user does
not want done is a [form of malware][13]. Proprietary software is
[often malware][14], and people often run it not because they want to,
but because they have been pressured into it. If we made our website
use Anubis, we would be pressuring users into running malware. Even
though it is free software, it is part of a scheme that is far too
similar to proprietary software to be acceptable. We want users to
control their own computing and to have autonomy, independence, and
freedom. With your support, we can continue to put these principles
into practice.
[13]: https://en.wikipedia.org/wiki/Cryptojacking
[14]: https://www.gnu.org/proprietary/proprietary.html
Even though we are under active attack, [gnu.org][5],
[ftp.gnu.org][8], and [savannah.gnu.org][15] are up with normal
response times at the moment, and have been for the majority of this
week, largely thanks to hard work from the Savannah hackers Bob,
Corwin, and Luke who’ve helped us, your sysadmins. We’ve shielded
these sites for almost a full year of intense attacks now, and we’ll
keep on fighting these attacks for as long as they continue.
[5]: https://www.gnu.org/
[8]: https://ftp.gnu.org/gnu/
[15]: https://savannah.gnu.org/
(II) Enviro Infra Cyber Fraud (July 2025): – Details: Enviro Infra, a company, suffered a cyber fraud resulting in a loss of ₹11.15 crore. The promoters announced they would forgo their salaries to compensate for the financial impact. – Source: X post by @AimInvestments. – Impact: This incident highlights the direct financial hit to a company’s operations, with promoters taking significant measures to mitigate the loss.
(III) Mumbai Stock Trading Scam Wave (Reported July 2025): – Details: Mumbai reported a surge in stock trading scams, with losses amounting to ₹253 crore in 2025. These scams targeted individuals and businesses through fraudulent trading platforms promising high returns. A notable case involved a 50-year-old Bengaluru businessman losing ₹6.6 crore via WhatsApp-based scams luring victims into online stock trading. – Source: Free Press Journal; X post by @timesofindia.[](https://x.com/timesofindia/status/1853402199738733046)[](https://freepressjournal.in/tech/cybercrime-surges-in-chhattisgarh-victims-lose-107-crore-in-18-months) – Impact: While primarily affecting individuals, such scams often involve businesses or corporate entities as victims or intermediaries, impacting investor confidence and financial operations.
(IV) Nationwide Cyber Fraud Losses (January – May 2025): – Details: According to the Ministry of Home Affairs (MHA) and the Indian Cyber Crime Coordination Centre (I4C), India lost over ₹7,000 crore to online scams in the first five months of 2025, averaging ₹1,000 crore monthly. Over half of these losses were linked to scam syndicates in Southeast Asia (Cambodia, Myanmar, Vietnam, Laos, Thailand), often targeting businesses and individuals through phishing, brand impersonation, and fake apps. The banking and e-commerce sectors were among the hardest hit. – Source: Indian Express; LiveMint; The420.in; X posts by @BharatStockLive, @IndiaToday.[](https://x.com/IndiaToday/status/1944973465519579350)[]
(https://indianexpress.com/article/india/exclusive-indians-losing-rs-1000-crore-cyber-frauds-cambodia-southeast-asian-countries-mha-analysis-10125610)
(https://livemint.com/news/india/indians-lost-staggering-7-000-crore-to-online-scams-in-5-months-of-2025-report-11752556670962.html) – Impact: These scams have significantly affected corporate sectors, particularly banking and e-commerce, leading to substantial financial losses and operational disruptions.
(V) Hyderabad Cyber Fraud Cases (June 2025): – Details: The Hyderabad Cyber Crimes Police arrested 25 individuals involved in 453 cases across India, including 66 in Telangana, with ₹72.85 lakh refunded to victims. One case involved a victim duped by fraudsters posing as Indian Oil Corporation Limited (IOCL) representatives, using fake documents to siphon funds. Such scams often target businesses or their employees. – Source: The Hindu.[](https://www.thehindu.com/news/national/telangana/hyderabad-cyber-crime-unit-makes-25-arrests-in-june-recovers-over-4-crore-from-online-fraudsters/article69796504.ece) – Impact: Companies like IOCL face reputational and financial risks due to impersonation scams, which can disrupt business operations and trust.
(VI) Navi Mumbai Cyber Fraud (July 2025): – Details: The Navi Mumbai cyber police arrested two members of a cybercriminal gang operating from Rajasthan, involved in two fraud cases. One case saw a woman duped of ₹78.63 lakh in a shares trading scam between April and May 2025, indicating how businesses and their stakeholders are targeted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Freedom or Swatantra software provides Cyber-security and Proprietary software does not provide Cyber-security :
- Freedom or Swatantra software provides 4 essential software freedoms which provides cyber-security. The source code of Freedom or Swatantra software is available to its users for study and checking. Please read the philosophy of Free software. ‘Free’ means freedom and not free of cost :
https://www.gnu.org/philosophy/philosophy.html
Examples of Freedom software – GNU linux operating system, Prav app
2. Proprietary software does not provide cyber-security. The source code of proprietary software is not available to its users for study and checking. Examples of Proprietary software – Facebook, Google, Microsoft windows, Apple IOS.
This is the difference between the terms ‘Hacking’ and ‘Cracking’ :
The term ‘Hacking’ means modifying the source code of the software by software programmers and modifying the hardware of the gadgets for improvement. Hacking is not only related with computers. Hacking means to explore and excel the skills but not stealing or cracking or exploiting something. So when we talk about computers, a hacker means someone who wants to improve his or her programming skills for understanding how computers work. Hackers do useful things. Contrary to the false belief, Hackers are not criminals.
Modifying the source code of software is one of the freedoms of philosophy/ideology of GNU Project and these softwares are called Freedom or Swatantra software. Examples of Hackers – Richard Stallman sir, Abhas Abhinav sir.
Cracking is done by criminals who steal and crack using backdoors in proprietary softwares. This is why we give them the name “crackers” and they are criminals. Examples of some crackers – Microsoft, Apple, Facebook.
9 Steps of Cyber-security :
1. Privacy respecting hardware of gadgets, operating system and web-browser for viewing and managing your business website –
Mostly Harmless, Bengaluru sells Liberated laptops/desktops, Liberated mobile phones and Liberated Routers. The Operating system installed on these Laptops/Desktops is GNU-LInux Debian or Trisquel. The Operating system installed on these mobile phones is Lineage. Please purchase liberated laptops, liberated mobile phone and routers from Mostly Harmless, Bengaluru. This is the online shop of Mostly Harmless for cyber-security gadgets :
https://mostlyharmless.io/phones/
https://mostlyharmless.io/computers/
https://mostlyharmless.io/routers/
Technoethical sells mobile phones with Replicant operating system, laptops with Trisquel GNU-Linux operating system
https://tehnoetic.com/mobile-devices
https://tehnoetic.com/laptops
Please use GNU Icecat or Epiphany browser on GNU-linux operating system (Trisquel or Debian) installed on your Mostly Harmless laptop and desktops. Please use Icecat Mobile browser on Replicant operating system installed on Mostly Harmless mobile phones.
2. Cyber-security of Website –
a) The operating system installed on the server that hosts your website should be GNU-Linux. We provide the source code of the website that we create for our customers.
Example of Source code for the website of Prav app :
Prav Website –
https://prav.app
Source code of Prav app website :
https://codeberg.org/prav
b) We provide 2-factor authentication or web authentication for login of website to the customers. The customer can login their website only after entering One-time password received on the connected mobile no.
c) The Electronic Frontier Foundation offers several free software security projects, including HTTPS Everywhere, a browser extension that encrypts your communications with many Web sites.
https://directory.fsf.org/wiki/HTTPS_Everywhere
https://www.eff.org/
d) Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
https://letsencrypt.org/about/
e) To improve security of our customer’s website, you can request us for a code audit from a security expert. This security audit will be a proof that the source code of the website provided to you by us is safe.
With cutting-edge AI and the largest community of security researchers, HackerOne helps the world’s top brands eliminate vulnerabilities and outsmart attackers.
https://www.hackerone.com/why-hackerone
f) When looking to ensure that our computers are running freedom software, we usually turn our attention to the operating system and programs we install. Increasingly, we also need to look at the Web sites we visit and us. Simply visiting many sites loads software onto your computer, primarily JavaScript, that carry proprietary licenses.
Web sites should work without requiring that users run any proprietary software. The JavaScript programs in question create menus, buttons, text editors, music players, and many other features of Web sites, so browsers generally come configured to download and run them without ever making users aware of it. Contrary to popular perception, almost no JavaScript runs “on the Web site” — even though these JavaScript programs are hidden from view, they are still non-freedom code being executed on your computer, and they can abuse your trust.
Examples of proprietary JavaScript abuses :
JavaScript can identify you by the way you type
More on fingerprinting
Capturing user input before submitting a form
Resources for safe viewing of websites you visit :
GNU Icecat web-browser – Please install and use GNU Icecat web-browser which has these 2 browser extensions :
GNU LibreJS, a browser extension to identify nonfree JavaScript. This extension allows the user to identify and run only freely licensed scripts.
JShelter, a browser extension meant to combat threats arising from nonfree JavaScript. This browser add-on will limit the potential for JavaScript programs to do harmful actions by restricting default behavior and adding a layer of control.
g) Security and Firewall plugin for your WordPress website –
FIREWALL & FILE PROTECTION SECURITY SUITE
A Web Application Firewall (WAF) is your website’s first line of defence, protecting your site by monitoring traffic and blocking malicious requests. In essence, a security plugin will help you maintain the security and integrity of your website.
– Progressively activate firewall settings: These range from basic, intermediate and advanced.
– Automatic protection from the latest threats: Our team maintains a list of known exploits, actively building protections against them which are then released as new firewall rules to free and paying customers.
– 6G blacklist: All-In-One Security incorporates ‘6G Blacklist’ firewall rules, protecting your site against a known list of malicious URL requests, bots, spam referrers and other attacks (courtesy of Perishable Press).
– Protect against fake Google bots: Bots presenting as Google crawlers can steal your content and litter your webpage with comment spam. Protect against it with the All-In-One Security Web Application Firewall.
– Blacklist functionality: Ban users by IP address, IP address range or by specifying user agents.
– Prevent DDOS attacks: Prevent malicious users from performing DDOS attacks through a known vulnerability in WordPress XML-RPC pingback functionality.
– Prevent image hotlinking: Protect server bandwidth and your website’s content by preventing other sites from using your imagery via hotlinking.
– Cross site scripting (XSS) protection: All-In-One Security prevents attackers from injecting malicious script into your website via a special cookie.
– File change detection: Security scanners alert you to file changes in your WordPress system, so you can see if a change is legitimate or suspicious, and investigate as appropriate.
– Disable PHP file editing: Protect your PHP code by disabling the ability to edit files in the WordPress administration area.
– Permission setting alerts: Identify files or folders where the permission settings are not secure and correct with one-click.
– Ability to create custom rules: Advanced users can add custom rules to block access to various resources on your site.
– Access prevention: Prevent external users from accessing the readme.html, license.txt and wp-config-sample.php files of your WordPress site.
CONTENT PROTECTION SECURITY SUITE
Eliminate spam, protect your WordPress content, and your search engine rankings with these important security features from All-In-One-Security.
– Comment SPAM prevention : Webpages littered with spam comments damage your brand, effect the user experience and impact SEO. All-In-One Security stops SPAM at the source by preventing comments that originate from other domains. AIOS automatically and permanently blocks spammers’ IP addresses. Site owners can use Cloudflare Turnstile or Google reCAPTCHA to reduce comment spam and block malicious users with just one click.
– iFrame protection: Preventing other websites from reproducing your content via an ‘iFrame’ is a useful security feature that protects your intellectual property and your website visitors.
– Copywriting protection: Stop users from stealing your content by disabling the right-click, select and copy text function.
– Disable RSS and Atom Feeds: RSS and Atom Feeds can be used by bots to ‘scrape’ your website content and present it as their own. This feature prevents that by disabling RSS and Atom Feeds on your website.
3. Cyber-security Search Engine :
https://search.sapti.me
4. Cyber-security platform for Video streaming :
https://peertube.bgzashtita.es/
5. Cyber-security platform for Social Media :
a) Mastadon – https://mastodon.social/@ethicalsoftwares
b) Pixelfed – https://pixelfed.org/
6. Cyber-security App store and safe Instant messaging app for mobile phones :
F-droid – https://f-droid.org/
Prav app – https://prav.app/
7. Cyber-security payment platform :
Please do not use UPI payment apps like Googlepay, PhonePe or Paytm on your Google Android phone. Please use net-banking service provided by your banks.
What is Liberapay?
Liberapay is a way to donate money recurrently to people whose work you appreciate.
Payments come with no strings attached. By default, recipients don’t know who their patrons are, and donations are capped at ₹10,000.00 per week per donor to dampen undue influence.
By default, the total amount you give and the total amount you receive are public (you can opt out of sharing this info).
Liberapay does not take a cut of payments, the service is funded by the donations to its own account. However there are payment processing fees.
Liberapay is an open project, you can help us translate it, improve its code, and manage its legal entity. If you do so, you’ll be able to join the Liberapay teamand receive a share of the money that our users donate to keep the service running.
Website of Liberapay – https://liberapay.com/
8. Email service with GNUpg email encryption for communication – Please use paid email service for personal use or professional brand email service provided by Ethical Softwares :
Email service for personal use – http://safe-mail.net/
Gnu gpg (Gnu Privacy Guard) is a command line tool for encryption and decryption of emails. Without end to end encryption, the contents of emails are easily exposed to email service provider and to mass surveillance. Technically, OpenPGP (Pretty Good Privacy) is the encryption standard, and GNU Privacy Guard (often shortened to GPG or GnuPG) is the program that implements the standard. Most email programs like Icedove (created by Debian) provide an interface of Gnupg manager for storing GnuPG keys.
9. Report cyber attack or cyber crime – If their is any incident of cyber attack or cyber crime, then please report the incident through an email to the cyber crime branch of your country. This is the website of India’s cyber crime branch :
https://cybercrime.gov.in/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I provide a 30-minute consultant call to all my customers to check their company’s cyber-security loopholes or cyber-security risks. Based on this check, i advise how 9 Steps of cyber-security can help you in safety from cyber attacks. This 30-minute consultant call is free of cost. I can provide you this consultant call, either voice call on Prav app or video call on Jitsi meet.
You can schedule an appointment for this consultant call using this appointlet software by clicking on this web-address :
https://appt.link/book-meetings-with-kuber-kapoor-ZofhFXHS/phone-call
OR
Please send an email to info@ethicalsoftwares.in for scheduling your 30-minute consultant call.
Options for 30-minute Consultant Call :
- Details about Prav app –
Please install Prav app on your Google android phone from Google Play store or F-droid app store. Prav app is not yet launched for Apple IOS mobile phones. https://prav.app - Details about Jitsi Meet –
Please install Jitsi meet app on your Google android phone from Google Play store or F-droid app store or Apple IOS mobile. https://jitsi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the SHOP menu of Ethical Softwares for purchasing our services :
https://ethicalsoftware.noblogs.org/shop/
Filed under General
Professional brand email service and Email encryption for your email self-defense
Difference between the terms Hacking and Cracking stated by Mert sir of Free Software Foundation !