Tag Archives: CERTIN

VIF Cyber Review: September 2022

NATIONAL

Pegatron Mobile Manufacturing facility in Tamil Nadu: another milestone added to PM’s vision of making India a global electronics manufacturing hub.

On 30 September 2022, the Minister of State for Electronics & Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar, inaugurated the Pegatron mobile manufacturing facility in Chenglapattu near Chennai, Tamil Nadu and said that the facility is another milestone in Prime Minister Narendra Modi’s vision of making India a global electronics manufacturing hub. “It is a symbol of the partnership between the Central and State government to help India achieve the target of USD 300 billion in electronics manufacturing, from the current USD 75 billion,” said Minister Chandrasekhar during the inaugural of the facility. The facility was established by Taiwan’s electronics giant— Pegatron Technology India, under the Indian government’s Production Linked Incentive (PLI) scheme, in an industrial park in Chenglapattu, near Chennai.

The PLI scheme has played a significant role in ushering the investments and employment in electronics manufacturing and has catalysed an investment of ₹ 6,500 crores in a short period, generating employment of over 40,000 in Tamil Nadu alone. “It has been an extraordinary journey for Pegatron to be in India. We are overwhelmed by the support extended by the Government of India and Tamil Nadu,” said Cheng Jian Jong, Chairman of Pegatron Technology India.[1]

Ministry of Communications initiated the ‘Public Consultative’ process on the draft of the Indian Telecommunication Bill, 2022.

The Ministry of Communications, Government of India (GoI), had initiated a public consultative process to draft a contemporary and futuristic legal framework in telecommunications. As per the process, in July 2022, the ministry published a consultation paper on ‘Need for a new legal framework governing Telecommunications in India’ and invited comments/suggestions from various stakeholders, including industry associations.

Based on the consultations and suggestions, the ministry has prepared the draft Indian Telecommunication Bill, 2022. The draft Bill and explanatory note can be accessed at: https://dot.gov.in/relatedlinks/indian-telecommunication-bill-2022. The deliberations can be shared with the ministry by 20 October 2022.[2]

“Pervasive digital infrastructure and ensured access to digital services to all is key for a better digital future,” said MoS for Communications.

On 25 September 2022, the Minister of State (MoS) for Communications— Devusinh Chauhan, addressed the Ministerial Roundtable, part of the International Telecommunication Union (ITU) in Bucharest, Romania. The Minister said that a better digital future could only be built on pervasive digital infrastructure, developing digital platforms to deliver government services to all citizens and ensuring access to digital services to all.

The MoS also cited stories about the Government of India’s (GoI) commitment to building telecom infrastructure, such as the plan to extend mobile services to all 6,40,000 villages in India by 2023 and Optical Fibre by 2025. It is the result of citizen-centric and industry-friendly public initiatives and policies that point to a bright future for India’s digital economy. The MoS also highlighted the success of the Digital India Initiative, mainly the Aadhaar and Aadhaar Enabled Payment System (AEPS), under the leadership of Prime Minister Narendra Modi. As per the data, around 400 million transactions were carried out on AEPS, which is the best example of financial inclusion affected by the development of digital infrastructure. “India has been contributing to the goals of the ITU and will take all necessary steps to fulfil Sustainable Development Goals (SDGs) 2030,” said MoS Chauhan.[3]

Indian banking users targeted by SOVA Android Trojan.

On 10 September 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory about Indian banking customers being targeted by a new variant of mobile banking malware using SOVA Android Trojan. In July 2022, SOVA added India to its target list, where the US, Russia, and Spain were already enlisted. The latest version of this malware hides within fake Android applications that show up the logo of a few famous legitimate apps, such as Chrome and Amazon, to deceive users into installing them. The malware captures the credentials when users log into their net banking apps and access bank accounts. The new version of the malware— SOVA- seems to target over 200 mobile applications, including banking apps and crypto exchanges.

SOVA’s list of functions includes the ability to:

  • Collect keystrokes,
  • Steal cookies,
  • Intercept Multi-Factor Authentication (MFA) tokens,
  • take screenshots and record videos from a webcam,
  • copy/paste,
  • Mimic over 200 banking and payment applications.

Another feature of SOVA is its “protections module” refactoring, which aims to protect itself from different victims’ actions. For instance, if the user tries to uninstall the malware from the settings, SOVA can intercept these actions and prevent them (through the abuse of Accessibilities) by returning to the home screen and showing a pop-up displaying “this app is secured”. The attack can effectively jeopardise the privacy and security of sensitive customer data and result in large-scale attacks and financial fraud. The advisory also includes detailed information about the malware and best practices to avoid being a victim of SOVA.[4]

Quad Foreign Ministers committed to an open, secure, stable, peaceful cyberspace.

The foreign ministers of India, Australia, Japan, and the United States (US) met on September 23, 2022, to discuss the Quad’s commitment to an open, secure, stable, and peaceful cyberspace, as well as regional initiatives to strengthen nations’ ability to put the United Nations’ (UN) Framework for Responsible State Behaviour in Cyberspace into practice. The security and resiliency of the cyber infrastructure in the region would be guaranteed through targeted actions to improve the cyber capabilities of Indo-Pacific nations.

The Foreign Ministers emphasised their commitment to addressing the global ransomware threat, which has hampered the security and economic growth of the Indo-Pacific region, and referred back to their previous meeting held on 11 February 2022. Ransomware’s global reach has the potential to harm the national security, the financial and commercial sectors, key infrastructure, and the privacy of individuals. The Quad nations value the strides the 36 nations supporting the Counter Ransomware Initiative (CRI) under US leadership and the ongoing, pragmatic consultations against cybercrime in the Indo-Pacific region.a href=”#_edn5″ name=”_ednref5″>[5]

In 2021, the Indian healthcare sector faced a 7.7 per cent share of cyber-attacks on the global healthcare sector.

According to a report prepared by CloudSEK on “Increased cyber-attacks on the global healthcare sector”, India recorded the second highest number of cyber-attacks, with a total of 7.7 per cent of total cyber-attacks on the healthcare industry in 2021. The United States (US) healthcare sector witnessed 28 per cent of global attacks. According to the same report, the cyber-attack incidence on the Indian healthcare industry translates into over 71 lakh records, whereas Australia has been the most-hit country with around 70 crore records in the first four months of 2022.[6]

In India, 2021 saw the highest cyber-attacks/breaches in the last four years.

According to the data presented in Lok Sabha (the Lower House of the Indian Parliament), India witnessed the highest number of cyber-attacks or breaches compared to the last four years. A total of 160,560 Indian websites were hacked between 2016 and 2021, translating to around 73 websites per day. The year 2021 reported the highest number of cyber-attacks, with a total of 28,897 cyber-attacks, including on 186 government websites.

Some of the significant cyber-attacks involved the State Bank of India (the year 2019), COVID-19 test results (the year 2021), Air India (2021), and Domino’s (2021).[7]

INTERNATIONAL

Denmark banned Hikvision camera purchases based on a security assessment.

One of the most populous regions of Denmark, which includes Copenhagen, banned the purchases of China-made Hikvision cameras, followed by a security assessment that highlighted Hikvision as a ‘critical’ threat to security. In January 2022, Denmark’s intelligence agency warned against PRC (People’s Republic of China)-made cameras, calling out Hikvision’s vulnerabilities and PRC data laws.

On 26 September 2022, Region Hovedstaden, Denmark’s Capital Region, declassified a June 2022 briefing stating that the Capital Region’s Steering Group for IT and Information Security “has decided to purchase video cameras from the manufacturer Hikvision must be discontinued.” On 15 February 2022, the Danish Security and Intelligence Service (PET/ Politiets Efterretningstjeneste) and the Centre for Cyber Security sent a “Security recommendation regarding the use of surveillance cameras.” The threat consists of a backdoor that “makes it possible for an attacker to access the camera without the use of authentication.” However, the recommendation did not recommend bans but urged patches, and those video cameras are connected to their own (domestic) network.”[8]

Huawei Technologies staged its ‘Huawei Connect’ in Thailand.

In efforts to avoid a crackdown from the West, mainly the United States (US), China’s Huawei Technologies showcased its ‘Huawei Connect’ annual technology showcase in Thailand, where Digital and Economic ministers from Thailand, Indonesia, the Philippines, and Bangladesh had gathered to attend the event. All four countries have already allowed their respective mobile network operators to source 5G telecom equipment from Huawei, despite security concerns, warnings and sanctions/bans issued by the US and European governments.

In South-East Asia, Vietnam has become an alternative destination for electronics manufacturers leaving China, while Indonesia and Thailand are vying to be the centre of a regional electric vehicle supply chain. After Thailand, Huawei Connect will be held in Dubai and Paris. France has discouraged telecom operators from using Huawei 5G equipment but has allowed Huawei to build a factory. Despite US concerns, Gulf countries, including the United Arab Emirates (UAE), have continued to use Huawei in their networks.[9]

Optus data breach: hacker released 10,000 records from the Australian Prime Minister’s and Defence Minister’s office.

On 26 September 2022, a purported hacker released a text file of 10,000 customer records and ‘promised’ to leak around 10,000 per day for the next four days unless Optus paid them USD 1 million. “Federal Police investigated a post on an online forum purported to release the records from the recent data breach and threatened to release more until a USD 1 million ransom is paid,” said CEO of Optus— Kelly Bayer Rosmarin. The customer records included e-mail addresses from the Department of Defence and the Office of the Prime Minister and Cabinet. The Optus attack has affected up to 10 million customer records. On 27 September 2022, the hacker deleted the original post with links to the data and apologised for attempting to sell data.[10]

US Senators aimed to amend the Cyber Security bill to include Crypto.

The US Senators Marsha Blackburn (Tennessee) and Cynthia Lummis (Wyoming) attempted to provide frameworks for the digital asset industry. Both Senators urged the Cybersecurity Information Sharing Act, 2015 amendment to include cryptocurrency. The Electronic Transactions Association endorses the bill.

According to Senator Blackburn, Some criminals have utilised cryptocurrencies to conceal their unlawful activities and escape punishment. The revised “Cryptocurrency Cybersecurity Information Sharing Act” will review and revise current laws to directly address this misuse. It will give bitcoin companies a voluntary way to report rogue actors and safeguard cryptocurrency from risky practices. The bill also aims to mitigate losses from several cyber-related incidents, including data breaches, ransomware attacks, and network damages.[11]

Endnotes :

[1]Press Information Bureau. “Pegatron plant roll out another milestone in PM Shri Narendra Modi ji’s vision of making India a global electronics manufacturing hub: MoS Shri Chandrasekhar”, Ministry of Electronics and IT, 30 September 2022, accessed on 03 October 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1863721
[2]Press Information Bureau, “Inviting comments on the draft Indian Telecommunication Bill, 2022”, Ministry of Communications, 22 September 2022, accessed on 03 October 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1861399
[3]Press Information Bureau, “Better digital future can only be built on pervasive digital infrastructure, developing digital platforms and ensuring access to digital services to all – Shri Devusinh Chauhan”, Ministry of Communications, 25 September 2022, accessed on 03 October 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1862131
[4] “SOVA Android Trojan targeting Indian banking users”, Indian Computer Emergency Response Team, 10 September 2022, available from: https://www.cert-in.org.in/
[5]“Quad Foreign Ministers’ Statement on Ransomware”, Ministry of External Affairs- Government of India, 23 September 2022, accessed on 05 October 2022, available from: https://mea.gov.in/bilateral-documents.htm?dtl/35746/Quad_Foreign_Ministers_Statement_on_Ransomware
[6]PTI. “cyber-attacks on Indian healthcare industry second highest in the world: CloudSEK”, Outlook, 20 September 2022, accessed on 05 October 2022, available from: https://www.outlookindia.com/business/cyber-attacks-on-indian-healthcare-industry-second-highest-in-the-world-cloudsek-news-224600
[7]Basu, Orin and Suparna Shree. “73 websites hacked every day in India, 2021 saw highest cyber breaches in four years”, Zee News, 23 September 2022, accessed on 05 October 2022, available from: https://zeenews.india.com/india/73-websites-hacked-every-day-in-india-2021-saw-highest-cyber-breaches-in-four-years-2513355.html
[8]Rollet, Charles. “Danish Capital Region bans Hikvision purchases, calls ‘critical threat to security’”, IPVM, 28 September 2022, accessed on 05 October 2022, available from: https://ipvm.com/reports/danish-capital?code=1&utm_source=substack&utm_medium=email
[9]Regalado, Francesca. “Huawei courts Thailand, Indonesia with supply chain support”, Nikkei Asia, 19 September 2022, accessed on 05 October 2022, available from: https://asia.nikkei.com/Business/Technology/Huawei-courts-Thailand-Indonesia-with-supply-chain-support
[10]May, Natasha and Josh Taylor. “Purported Optus hacker releases 10,000 records including e-mail addresses from defence and prime minister.” The Guardian, 27 September 2022, accessed on 05 October 2022. available from: https://www.theguardian.com/business/2022/sep/27/police-all-over-dark-web-ransom-threat-to-release-10000-customer-records-a-day-optus-ceo-says
[11]Melinek, Jacquelyn. “US Senators aim to amend cybersecurity bill to include crypto”, Tech Crunch, 29 September 2022, accessed on 06 October 2022. available from: https://techcrunch.com/2022/09/28/us-senators-aim-to-amend-cybersecurity-bill-to-include-crypto/

VIF Cyber Review: August 2022

National

Telecom equipment manufacturers respond enthusiastically to the design-led incentive programme

Indian Prime Minister (PM) Narendra Modi had outlined his vision of making India a self-reliant or Atmanirbhar nation. In line with the vision, in 2021, the Govt. of India launched the Production Linked Incentive (PLI) scheme to encourage telecom equipment manufacturing in the country. So far,31 companies are beneficiaries of the scheme for manufacturing various telecom equipment. In June 2022, the design-led PLI scheme was also introduced to advance the entire value chain in telecom manufacturing. All the existing incentives in the said scheme will be increased by 01 per cent. India is primed to become a telecom and networking equipment design and production centre.[1]

Ministry of Communication hosted ITU’s Regional Standardisation Forum for Asia and Oceania region in New Delhi, India

On 08 August 2022, the Ministry of Communication hosted the International Telecommunication Union (ITU)’s Regional Standardisation Forum (RSF) for Asia and Oceania region in New Delhi, India. The Forum focused on “Regulatory and Policy aspects of Telecommunications/ICT” and was followed by the four-day meeting of ITU-T Study Group 3 Regional Group Asia and Oceania (ITU-T SG3RG-AO) from 09th-12th August 2022. Minister of State for Communication Devusinh Chauhan inaugurated the RSF.

The Forum serves as a platform for the constructive exchange of ideas on issues related to standardisation, such as India’s experience in various technological fields, such as Sustainable Digital Transformation (SDT), the function of ITU standards, utilising technology for financial and digital inclusion in emerging markets, the evolution of the data value chain, and digital health. The RSF was addressed by 15 eminent speakers from academia, international Organisations, the ICT sector and the Government of India (GoI). Over 250 delegates from 20 countries participated in the RSF. The key takeaways from the deliberations in the RSF will be presented atthe ITU-T Regional Group of Asia and Oceania meeting for further work on standardisation in the emerging areas.[2]

CERT-In hosted the Cyber Security exercise “Synergy” as part of the International Counter-Ransomware Initiative-Resilience Working Group

On 31 August 2022, the Indian Computer Emergency Response Team (CERT-In), in collaboration with the Cyber Security Agency (CSA) of Singapore, designed and conducted the Cyber Security exercise “Synergy” for 13 countries as a part of the International Counter-Ransomware Initiative-Resilience Working Group (ICRI-RWG), led by India under the leadership of National Security Council Secretariat (NSCS).

The exercise theme was “Building Network Resiliency to Counter Ransomware Attacks”. The exercise scenario was inspired by real-life cyber incidents in which a low-impact domestic ransomware issue developedinto a global cyber security disaster. The CERT-In sponsored the exercise “Synergy” on its exercise simulation platform. Each State sent a National Crisis Management Team (NCMT) comprised of several government entities such as National CERTs/CSIRTs, Law-Enforcement Agencies (LEAs), Ministry of Communication & IT, and security agencies.[3]

Reliance Jio will launch ‘World’s most extensive’ 5G services during the Deepawali festival

At Reliance Industries Limited (RIL)’s 45th Annual General Meeting (AGM), the company’s Chairman Mukesh Ambani announced that Jio would commence the world’s most extensive 5G services to its subscribers in metro cities in the next two months. “Jio 5G will be the world’s largest and most advanced 5G network. Jio will deploy the latest version of 5G, called standalone 5G, which has zero dependencies on the 4G network. Jio further announced that they are committed to making India a data-powered economy even ahead of the US and China,” Jio has emerged as the biggest investor by committing US$19 Billion on 5G Communication services including US$11 Billion on Airwaves.

Threat actors exploiting “Zimbra” Collaboration Suite Vulnerability

According to the Indian Computer Emergency Response Team (CERT-In),threat actors actively exploit an authentication bypass Remote Code Execution (RCE) vulnerability in Zimbra Collaboration Suite. The exposure enables the attacker to access the target network and launch additional attacks. The RCE vulnerability exists in the Zimbra collaboration suite due to improper uploading of files by the mboximport function. An authenticated attacker with admin rights could exploit this vulnerability by executing a specially crafted request to upload arbitrary files. Successful exploitation of the vulnerability could allow the attacker to traverse directories on the target system.[4]

CERT-In issued the “India Ransomware Report for H1-2022.”

On 02 August 2022, the Indian Computer Emergency Team (CERT-In) released a report titled “Indian Ransomware Report for H1-2022,” which covered the most recent tactics and approaches and sector-specific trends detected in the first half of 2022 in the Indian Cyber Space.[5] The report also addressed ransomware-specific incident response, remediation, and mitigation techniques in light of the current threat scenario. The information is available at https://cert-in.org.in/PDF/RANSOMWARE_Report.pdf

International

An organisation in Eastern Europe became a victim of the most significant DDoS attack— 659 million Packets/Second

At the end of July and beginning of August 2022, an organisation became a victim of the biggest DDoS (Distributed Denial of Service) attack with traffic of 659 million Packets per second (Mpps). Akamai Technologies announced that on 21 July 2022, they detected and mitigated the most significant DDoS attack launched against a European customer on the Prolexic platform. The attack was massive, with globally distributed attack traffic at 853.7 Gbps (Gigabits per second) and 659.6 Mpps over 14 hours.

The victim based in Eastern Europe was targeted 75 times in the past 30 days with horizontal attacks consisting of UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood, among others. In September 2021, Yandex— a Russian Internet company, was hit by the Meris botnet, which launched DDOS (Distributed Denial of Service) attacked with more than 21 million random packets. The use of DDoS attacks as a form of hacktivism has become increasingly popular in Eastern Europe due to incidents involving DDoS taking on a political tint.[6]

Chinese govt supported hackers deceptively carried out a year-long cyber espionage campaign against Australia

In a sophisticated year-long cyber espionage campaign, Chinese government-aligned hackers posed as media outlet employees and targeted Australian government agencies, news outlets, and manufacturing companies via the implantation of malicious software on targeted computers. In a phishing scam, these hackers claimed to be employees of Australian news publications, including The Australian and the Herald Sun.

In the cyber espionage campaign, the hackers targeted an array of defence contractors, manufacturers, universities, government agencies and legal firms across the Asia-Pacific. According to a report prepared by PwC and Proofpoint— a US cyber security firm, a prolific China-based entity known as TA423 or ‘Red Ladon’ executed the cyber espionage operation. The group— TA423 has been operating since 2013. “China was using cyber-attacks to gain a long-term economic and military advantage over other nations,” said cyber security expert— Sherrod DeGrippo. The Chinese embassy in Canberra, Australia, Countering the claims, stated that “China always firmly opposes cyber-attacks and cyber theft in all forms. All such accusations are groundless.”[7]

Hackers increasingly exploited DeFi bugs to steal cryptocurrency: FBI

In a statement released, the Federal Bureau of Investigation (FBI) warned investors about the cyber-criminals’ increasingly involvement in exploiting security vulnerabilities in Decentralised Finance (DeFi) platforms to steal cryptocurrency. The FBI encouraged investors to contact the FBI via the Internet Crime Complaint Centre (IC3) or the local FBI field office in case of any such theft. According to an estimate, around USD 1.3 billion in cryptocurrency was stolen between January and March 2022, stealing almost 97 per cent of it from DeFi platforms.

Attackers have utilised various ways to hack and steal cryptocurrency from DeFi platforms, including launching flash loans that trigger attacks in the platforms’ smart contracts and leveraging signature verification issues in its token bridge to withdraw all assets. The FBI has also observed hackers manipulating cryptocurrency price pairs by abusing a series of flaws, including the DeFi platforms’ use of a single price Oracle and then conducting leveraged trades to avoid slippage checks.[8]

Singapore witnessed a rise in cybercrime, phishing and ransomware threats in 2021

According to a report released by Singapore’s Cyber Security Agency (CSA), on 29 August 2022, firms and individuals faced a rise in cybercrime, phishing, and ransomware threats in 2021. In 2020, around 89 ransomware incidents were recorded; in 2021, the numbers jumped by 54 per cent, and 137 incidents were reported. Phishing cases also rose by 17 per cent in 2021, where about 55,000 unique Singapore-hosted phishing URLs with a “.sg” domain were observed; in 2020, around 47,000 such URLs were identified. “This was possibly driven by malicious actors’ exploitation of public interest in WhatsApp’s updated privacy policy announcement on users’ phone numbers being shared with Facebook,” informed the CSA. [9]

Endnotes :

[1] “Design led Incentive scheme gets enthusiastic response from Telecom Equipment manufacturers”, Ministry of Communications, 26 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1854731
[2] “ITU’s Regional Standardisation Forum (RSF) for Asia and Oceania region to be inaugurated tomorrow by Shri Devusinh Chauhan”, Ministry of Communications, 07 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1849356
[3] “CERT-In hosts Cyber Security Exercise ‘Synergy’ for 13 countries as part of International Counter Ransomware Initiative-Resilience Working Group”, Ministry of Electronics & IT, 31 August 2022, available from:https://pib.gov.in/PressReleasePage.aspx?PRID=1855771
[4] “Threat Actors exploiting Zimbra Collaboration Suite Vulnerability”, Indian Computer Emergency Response Team, 18 August 2022, accessed on 03 September 2022, available from: https://cert-in.org.in/
[5] “Indian Ransomware Report for H1-2022 by CERT-In”, Indian Computer Emergency Response Team, 02 August 2022, accessed on 03 September 2022, available from: https://cert-in.org.in/
[6]Sparling, Craig. “Largest European DDoS Attack on Record”, Akamai Technologies, 27 July 2022, accessed on 03 August 2022, available from: https://www.akamai.com/blog/security/largest-european-ddos-attack-ever
[7]Knott, Matthew. “Chinese hackers pose as Australian News Corp sites in cyber espionage scam”, The Sunday Morning Herald, 30 August 2022, accessed on 02 September 2022, available from: https://www.smh.com.au/politics/federal/chinese-hackers-pose-as-australian-news-corp-sites-in-cyber-espionage-scam-20220830-p5bduz.html
[8]Gatlan, Sergiu. “FBI: Hackers increasingly exploit DeFi bugs to steal cryptocurrency”, Bleeping Computer, 29 August 2022, accessed on 03 September 2022, available from: https://www.bleepingcomputer.com/news/security/fbi-hackers-increasingly-exploit-defi-bugs-to-steal-cryptocurrency/
[9]Ganesan, Natasha. “Singapore faced more cybercrime, phishing, and ransomware threats in 2021”, Channel News Asia, 29 August 2022, accessed on 03 September 2022, available from: https://www.channelnewsasia.com/singapore/cybercrime-ransomware-phishing-cybersecurity-2021-2906386

VIF Cyber Review: May 2022

NATIONAL

CERT-In issued advisory on Mobile-based Malware

On 30 May 2022, Indian Computer Emergency Response Team (CERT-In) issued advisory on mobile-based malware, along with methods and countermeasures. With the advent of smartphones and high-speed Internet connection, mobile accounts for more than 50 per cent of the Internet traffic worldwide, making it a worthwhile attack surface for cybercriminals.

The advisory included methods through which cybercriminals carried out activities, including fake applications, On-device fraud, Bypassing App store, fake calls, and where mobile-based malware are also using design practices like accessibility engines, infrastructure and C2 protocols that enable them to update their capabilities. Along with, the advisory also suggested countermeasures and best practices for users, including keeping OS (Operating System) and applications updated, use of strong authentication such as biometric and PIN, safe browsing practices, deleting data before discarding the device. [1]

Cisco Launched a tool of SMBs to assess Cyber Security Readiness

Cisco, on 26 May 2022, launched a cyber security tool for Small and Medium-sized Businesses (SMBs) based in Asia-Pacific region to assess their cyber security readiness amid of hybrid work environment. The tool’s concept is based on the premise that no attempt to access an organisation’s network architecture can succeed until trust is verified. As per Cisco’s cyber security for SMBs: Asia-Pacific businesses prepare for digital defense study, 62 per cent of Indian SMBs suffered cyber incidents in 2021 and cyber-attacks cost their business over ₹ 3.5 crore. Around 74 per cent SMBs also reported 85 per cent of customer information loss in cyber incidents.

“When a user accesses an application using a device, both the user and device are verified, with that trust continuously monitored. This helps secure the organisation’s applications and environments from any user, device, and location,” read the statement released by Cisco. The threat landscape for the SMBs becoming more sophisticated due to the digitisation at speed, therefore, securing their businesses is one of the top priorities for SMBs. “With new tool, the SMBs will ensure end-to-end protection across their workforce, and the workplace, with adoption of a zero-trust strategy to manage and strengthen their cyber security posture in a cloud-first world,” said Cisco India & SAARC’s Senior Director (System Engineering)— Anand Patil.[2]

The 7th Edition of India-Japan ICT Joint Working Group meeting recognised the importance of India-Japan Digital Partnership

On 13 May 2022, V L Kantha Rao (Additional Secretary, Department of Telecommunications, India) and Sasaki YUJI (Vice-Minister for Policy Coordination— International Affairs, Japan) virtually co-chaired the 7th edition of India-Japan ICT Joint Working Group (JWG) under the India-Japan ICT Comprehensive Cooperation Framework. Senior representatives from both governments and non-governmental stakeholders from industry, R&D, and Academia attended the meeting.

Recalling the India-Japan Summit held in March 2022, both sides recognised the need to strengthen the growing cooperation under India-Japan digital partnership, with a vision to enhance digital economy through promotion of joint projects for digital transformations. The JWG discussions were focused on enhancing further cooperation in various fields like 5G, Open RAN, Telecom Network Security, submarine cable systems, and Quantum Communications. [3]

Government of India proposed to set up India Data Management Office

Under the Digital India Corporation, India’s Ministry of Electronics and Information Technology (MeitY) will set up an India Data Management Office (IDMO), which will be responsible for framing, managing, reviewing, and revising the National Data Governance Framework Policy. The draft of the National Data Governance Framework Policy was released by the MeitY, seeking public comments on the draft till 11 June 2022.

The earlier version of the policy— India Data Accessebility and Use Policy had faced many criticism from experts, who believed that there was a lack of security safguards for anonymization, privacy infringement, and economic incentivisation. As per the draft of the data governance framework, the IDMO will design and manage the India Datasets platform which will in turn handle the requests of Indian researchers and start-ups which require access to non-personal or anonymised datasets. [4]

CERT-In issued discovery of Remote Code Execution (RCE) vulnerability in Apple products

On 20 May 2022, the Indian Computer Emergency Response Team (CERT-In) highlighted a Remote Code Execution (RCE) vulnerability in Apple watchOS, tvOS, and macOS, affecting Apple Watch, Apple TV, and Apple Mac systems. The vulnerability existed due to an out-of-bounds write issue in the AppleAVD component. Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code with kernel privileges on the targeted system.[5]

INTERNATIONAL

Canada to ban China’s Huawei and ZTE from its 5G/4G networks

Following to the review by Canada’s independent security agencies and consultation with ‘closest’ allies, the Government of Canada decided to ban China’s Huawei and ZTE products and services from Canada’s 5G/4G communication networks. In a statement released on 19 May 2022, the Minister of Innovation, Science and Industry— Francois-Philippe Champagne has stated that “the Government of Canada is ensuring a long term safety of telecommunication infrastructure. As a part of that, the government intends to prohibit the inclusion of Huawei and ZTE products and services in Canada’s telecommunication systems.” [6]

As per the decision, the companies that already using the Huawei and ZTE equipment installed in their networks would be required to cease its use and remove it. The implementation of these measures are part of a broader agenda to promote security of Canada’s telecommunications networks, in consultation with industry.

Mastercard strengthen cyber security consulting practice with new Cyber Front threat simulation platform

In recent years, Mastercard invested in risk quantification, Always-On security monitoring and fraud prevention, to help its customers strengthen their cyber resilience. On 24 May 2022, Mastercard made an announcement of launching a new attack simulation and assessment platform— Cyber Front. The platform will assist businesses and governments enhance their cyber security operational resilience. Cyber Front is enabled by a strategic minority investment in Picus Security.

By leveraging a continuously updated library of more than 3,500 real-world threat scenarios, the Cyber Front highlights security gaps and provides mitigation insights in real-time so that organisations can improve upon security investments with continuous validation. The goal of Cyber Front is for organisations to understand if their current systems are effective and identify areas of exposure to ensure greater protection in both— immediate and long term.[7]

Spanish Prime Minister’s phone hacked with Pegasus tool

On 02 May 2022, the Spanish government informed that Prime Minister (PM) Pedro Sanchez’s phone was hacked with Pegasus software. Earlier, in May-June 2021, Spanish Defence Minister— Margarita Robles’ phone was also hacked using the same software. Pegasus software is an Israel-made digital hacking tool to snoop on phone communication.

Researchers investigate and revealed that in April 2022, several political figures in Catalonia were victims of digital espionage. [8] It is assumed that top European Union (EU), the United Kingdom (UK), Poland and Hungary officials may also been targeted with Pegasus software. The use of digital hacking tools such as Pegasus has helped security officials around the world fight crime and ward off national security concerns, therefore, European governments have been wary of delving into the intricacies of spyware programs.[9]

Amid foreign hacking threats, Pentagon contractors looking for software flaws through VDP

Considering Russia and China’s efforts to steal sensitive data from the United States (US) defence industrial base, Pentagon’s pilot program discovered an array of software vulnerabilities with dozens of defence contractors. The objective of pilot program— “Vulnerability Disclosure Program” (VDP) is to identify and fix flaws in the e-mail programs, mobile devices and industrial software used by the Pentagon’s defence contractors before hackers can take advantage of these vulnerabilities.

“We really wanted to focus on those smaller defence contractors that may not have the budget and resources,” said Melissa Vice, interim director of the Department of Defense (DoD) Cyber Crime Centre’s DoD VDP. In the business sector, VDPs are widespread practise, in which vetted cyber professionals scan systems for defects and report them internally. The Pentagon has been running a VDP since 2016, but after the pilot, the intention is to permanently expand the programme to include defence contractors.[10]

Cybercriminals used call forwarding technique to obtain WhatsApp accounts

Cybercriminals used call forwarding as a technique, allowing them to hijack a targeted WhatsApp account and gain control to messages and contact list. The method relied on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a OTP (One-Time Password) verification code via voice call.

According to the founder and CEO of ‘CloudSEK’— a digital risk protection company— Rahul Sasi, after knowing the targeted WhatsApp account number and some social engineering, the attacker convinced the victim to make a call to a number that starts with Man Machine Interface (MMI) code that mobile carrier set up to enable call forwarding. A separate MMI code can send all calls to a terminal to a different number or merely when the line is busy or there is no reception, depending on the carrier. “First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405* (subject to be vary as per the mobile carrier). Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account”, said Rahul Sasi.

As a protection against such attack, turning on Two-Factor Authentication (TFA) protection in WhatsApp is an effective measure. By requiring a PIN (Personal Identification Number) whenever you register a phone with the messaging app, this feature prevents malicious actors from gaining control of the account.[11]

Endnotes :

[1]India. “CERT-In Advisory CIAD-2022-0014”, Indian Computer Emergency Response Team, 30 May 2022, Available from: https://cert-in.org.in/
[2]“Cisco launches new tool for SMBs to assess their cyber security readiness”, Financial Express, 26 May 2022, Available from: https://www.financialexpress.com/industry/sme/msme-tech-cisco-launches-new-tool-for-smbs-to-assess-their-cybersecurity-readiness/2538348/
[3]India. “7th India-Japan ICT Joint Working Group meeting held under India-Japan ICT Comprehensive Cooperation Framework”, Press Information Bureau- Ministry of Communication, 13 May 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1825159
[4]ET Tech. “Government proposes to set up India Data Management Office”, ET Telecom, 28 May 2022, Available from: https://telecom.economictimes.indiatimes.com/news/government-proposes-to-set-up-india-data-management-office/91846155?utm_source=Mailer&utm_medium=ET_batch&utm_campaign=ettelecom_news_2022-05-28&dt=2022-05-28&em=YW51cmFnQHZpZmluZGlhLm9yZw==
[5]India. “Remote Code Execution vulnerability in Apple products”, Indian Computer Emergency Response Team , 20 May 2022, Available from: https://cert-in.org.in/
[6]Canada. “Statement from Minister Champagne on telecommunications security”, Ministry of Innovation, Science and Industry, 19 May 2022, Available from: https://www.canada.ca/en/innovation-science-economic-development/news/2022/05/statement-from-minister-champagne-on-telecommunications-security.html
[7] “Another arrow in the quiver: Mastercard strengthens cybersecurity consulting practice with new cyber front threat simulation platform”, Mastercard, 24 May 2022, Available from: https://www.mastercard.com/news/press/2022/may/another-arrow-in-the-quiver-mastercard-strengthens-cybersecurity-consulting-practice-with-new-cyber-front-threat-simulation-platform/
[8]Aarup, Sarah Anne. “Pegasus spyware targets top Catalan politicians and activists”, Politico, 18 April 2022, Available from: https://www.politico.eu/article/pegasus-spyware-targets-top-catalan-politicians-and-activists/
[9]Manancourt, Vincent. “Hack of Spanish PM’s phone deepens Europe’s spyware crisis”, Politico, 02 May 2022, Available from: https://www.politico.eu/article/pegasus-hacking-spyware-spain-government-prime-minister-pedro-sanchez-margarita-robles-digital-espionage-crisis/
[10]Lyngaas, Sean. “Pentagon contractors go looking for software flaws as foreign hacking threats loom”, CNN, 02 May 2022, Available from: https://edition.cnn.com/2022/05/02/politics/pentagon-defense-contractors-software-flaws/index.html
[11]Ilascu, Ionut. “Hackers steal WhatsApp accounts using call forwarding trick”, Bleeping Computer, 31 May 2022, Available from: https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/

VIF Cyber Review: April 2022

NATIONAL

Cabinet approves upgradation of mobile sites in LWE-affected areas

On 27 April 2022, the Union Cabinet chaired by Prime Minister Narendra Modi, has approved a ‘Universal Service Obligation Fund (USOF)’ project for upgrading 2G mobile services to 4G at security sites in the Left-Wing Extremism (LWE) areas. The Cabinet also authorised Bharat Sanchar Nigam Limited (BSNL) payment of LWE Phase-I 2G site operations and maintenance costs for an additional five years beyond the contractual period of five years at a cost of ₹541.80 crore. The extension will last up to 12 months from the date of Cabinet approval or the commissioning of 4G sites, whichever comes first.

The upgrade will improve internet and data services in certain LWE locations. It satisfies the standards of the Ministry of Home Affairs (MHA) as well as the state governments. It will also meet the communication requirements of the security forces stationed in these regions. The suggestion is consistent with the goal of increasing rural mobile connectivity. Furthermore, delivery of various e-governance, banking, tele-medicine, tele-education, and other services via mobile broadband will be possible in these locations. [1]

CERT-In issued advisory on multiple vulnerabilities in Oracle products

On 22 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities in Oracle products which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, and cause Denial of Service (DoS) attack on the targeted system. Such vulnerabilities are remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. [2] As a solution, CERT-In provided link to apply appropriate patches available at: Click here to read…

India Post issued warning against fraudulent URLs/Websites claiming to give prizes through certain surveys

On 23 April 2022, the India Post issued a warning against various URLs/Websites getting circulated in social media and communication platforms, such as WhatsApp, Telegram, Instagram, and through e-mail/SMS containing tiny URLs, claiming to provide government subsidies as prize money through certain surveys. “We wish to inform the citizens of the Country that India Post is not involved in any such activities like announcing Subsidies, Bonus or Prizes based on Surveys etc. Public receiving such notifications/messages /emails are requested not to believe or respond to such fake and spurious messages or share any personal details.

It is also requested not share any personally identifiable information such as date of birth, Account numbers, mobile numbers, place of Birth & OTP etc”, read the advisory issued by the India Post. The India Post and Fact Check Unit of Press Information Bureau (PIB) have declared these URLs/Websites as fake through social media. [3]

CERT-In issued advisory on Malware targeting ICS/SCADA systems

On 16 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory about the Advanced Persistent Threat (APT) actors targeting Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems through custom made tools. The tools enabled cyber threat actors to scan for, compromise, and control affected systems after gaining access to the operational technology (OT) network.

The APTs are targeting ICS/SCADA and have capabilities to gain complete access control of certain ICS/SCADA devices including:

– Schneider Electric programmable logic controllers (PLCs).

– OMRON Sysmac NEX PLCs, and,

– Open platform communications Unified Architecture (OPC UA) Servers.
According to the advisory, the APT actors could also exploit a known-vulnerable ASRock-signed Motherboard driver— “AsrDrv103.sys”, exploiting CVE-2020-15368, to execute malicious code in the Windows kernel to move laterally within an IT or OT environment and disrupt critical devices or functions. [4]

Qualcomm and MeitY’s C-DAC partner to support Indian Semiconductor start-ups

For 2022, Qualcomm India announced a collaboration with the Centre for Development of Advanced Computing (C-DAC), an autonomous scientific society of the Ministry of Electronics and Information Technology (MeitY), to initiate and conduct Qualcomm® Semiconductor Mentorship Program (QSMP) 2022 for select start-ups from the semiconductor space in India, with further programme to provide and facilitate mentorship, technical training, and industry outreach. Under the collaboration, the C-DAC and Qualcomm India intend to work towards following broad objectives:

– Nurture technical advancements and intellectual-property-driven innovation and product development required for semiconductor design in the Indian ecosystem.

– Help reduce risks in innovation; accelerate the pace of business development; and develop soft skills and knowledge base of Indian start-ups engaged in semiconductor design.

– Facilitate access for the selected start-ups with domain experts, VCs, accelerators, incubators, industry associations and large companies that could help them scale up their business.

– Create platforms and forums that provide opportunities to work with high-growth-potential small businesses and start-ups who have potentially disruptive technologies that could develop or reshape semiconductor supply chains in the future.

Up to ten Indian semiconductor start-ups will be shortlisted for QSMP 2022 by Qualcomm India. Each nominated firm will be connected with a Qualcomm India executive for product development and planning mentoring. Through meetings, webinars, seminars, and tradeshows, C-DAC and Qualcomm India will help these entrepreneurs gain exposure to government stakeholders. [5]

CERT-In issued advisory for safe and trusted Internet

On 28 April 2022, The Indian Computer Emergency Response Team (CERT-In) issued directions related to the best information security practices, procedure, prevention, response, and reporting of cyber-crimes under the provisions of sub-Section (6) of the Section 70B of the Information Technology (IT) Act, 2000. The directions will become effective after 60 days.

The directives included aspects relating to synchronisation of Information and Communication Technology (ICT) system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centres, Virtual Private Server (VPS) providers, Virtual Private Network (VPN) Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. These directions shall enhance overall cyber security posture and ensure safe & trusted Internet in the country. [6] The directions are available at: Click here to read…

INTERNATIONAL

Eurojust and Europol cracked an online investment fraud scheme responsible for losses of at least Euro 20 million

On 21 April 2022, Authorities in Finland, the Netherlands, Lativa, France, Germany, and Ukraine, supported the operation during which more than 50 servers and services were seized in six countries. “At the request of the Estonian authorities, Eurojust and Europol assisted in taking down an online investment fraud scheme, which defrauded victim 21 April 2022.

As modus operandi, the perpetrator— belong to an international Organised Crime Group (OCG) contacted victims by telephone via Internet. They project themselves as brokers of online trading platforms, dealing with Cryptocurrencies, to convince victims to make investments. It is believed that more than 30,000 people from at least 71 countries, at least 522 victims are registered in Estonia alone. [7]

Japan proposed first domestic quantum computer use by March 2023

The Japanese government proposed its intentions to enter the global Quantum Computing campaign by placing its first indigenous quantum computer into service within current fiscal year ending March 2023. As per the new strategy, Japan plans to establish four quantum research centres across the country, which could be finalised this month, after the ruling party— Liberal Democratic Party proposed expanded investment in quantum computing and artificial intelligence (AI). [8] Also, the Japanese government expects 10 million users by the end of decade too.

As for the research centres, one of the two will be established at Tohoku University in Sendai, Miyagi Prefecture, on the north-eastern coast of Japan. The centres will train personnel and support research and development. The other new site, at Okinawa Institute of Science and Technology Graduate University, will serve as a hub for advancing joint research by global scientists,” read a report by Nikkei. [9]

Russian hacktivists launched DDoS attacks against Romania’s govt. websites

On 29 April 2022, the Romanian National Cyber Security and Incident Response Team— DNSC, issued a statement informing a series of Distributed Denial of Service (DDoS) attacks targeting several public websites management by the State authorities. The attacks had been claimed by pro-Russia hacktivist group— ‘Killnet’. According to the statement released by the DNSC, the hacktivist group targeted the following Romania-based servers:

– gov.ro (official website of Romania’s Government),

– mapn.ro (official website of Romania’s Ministry of Defense),

– politiadefrontiera.ro (official of Romanian Border Police),

– cfrcalatori.ro (official website of Romania’s National Railway Transport Company), and

– otpbank.ro (site of a commercial bank operating in Romanian).

According to the Romania’s primary domestic intelligence services— SRI (Serviciul Roman de Informatii), the DDoS attack began at 0400 hrs local time, and it originated from a compromised network equipment outside Romania, and that had been compromised by exploiting security vulnerabilities. [10]

China-backed hackers are targeting Russian State officials

Security researchers discovered a phishing campaign led by China-based threat actors, Mustang Panda aka HoneyMyte, and Bronze President) targeting Russian State officials. Earlier, the threat group— Mustang Panda, was spotted orchestrating intelligence gathering campaigns against the European targets, employing phishing lures inspired by the Russian invasion of Ukraine. Despite, two countries— Russia and China, maintains good geopolitical relationships, Russia has always remained in the Mustang Panda’s cross hair.

Although the files sent are Windows executables (.exe), they are made to appear as PDFs and are named after Blagoveshchensk— Russian city closer to the border with China. This suggests that the targets of this campaign are Russian personnel in the region, which further supports the theory that China may be shifting to new intelligence gathering objectives. Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed .EXE file. [11]

Endnotes :

[1] Government of India. “Cabinet approves upgradation of 2G mobile sites to 4G at security sites in Left-Wing Extremism (LWE) areas”, Press Information Bureau, 27 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1820512
[2] Government of India. “Multiple Vulnerabilities in Oracle Products— CERT-In Advisory CIAD-2022-0011”, Indian Computer Emergency Response Team (CERT-In), 22 April 2022, Available from: https://www.cert-in.org.in/
[3] Government of India. “India Post warns public against fraudulent URLs/Websites claiming to provide subsidies/prizes through certain surveys”, Press Information Bureau, 23 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1819189
[4] Government of India. “Malware targeting ICS/SCADA systems— CIAD-2022-0010”, Indian Computer Emergency Response Team (CERT-In), 16 April 2022, Available from: https://www.cert-in.org.in/
[5] Government of India. “Qualcomm and MeitY’s Centre for Development of Advanced Computing (C-DAC) partner to support Indian semiconductor start-ups”, Press Information Bureau, 29 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1821268
[6] Government of India. “CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet”, Press Information Bureau, 28 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1820904
[7] “Takedown of Infrastructures of call centre involved in online investment fraud responsible for losses of at least EURO 20 million”, European Union Agency for Criminal Justice Cooperation, 21 April 2022, Available from: https://www.eurojust.europa.eu/news/take-down-infrastructure-call-centres-involved-online-investment-fraud-responsible-losses
[8] “Tokyo sets Quantum Computing Deadline— Japan Times”, Asia Financial, 08 April 2022, Available from: https://www.asiafinancial.com/48334-2
[9] Kaur, Dashveenjit. “Japan’s first domestic quantum computer targets 10m users by 2030”, Techwire Asia, 18 April 2022, Available from: https://techwireasia.com/2022/04/japans-first-domestic-quantum-computer-targets-10m-users-by-2030/
[10] Toulas, Bill. “Russian hacktivists launch DDoS attacks on Romanian govt sites”, Bleeping Computer, 29 April 2022, Available from: https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/ ; Government of Romania. “Atacuriciberneticeasupra site-urilorunorinstituțiipubliceșifinanciar-bancare”, SRI, 29 April 2022, Available from: https://www.sri.ro/articole/atacuri-cibernetice-asupra-site-urilor-unor-institutii-publice-si-financiar-bancare.html
[11] Toulas, Bill. “Chinese state-backed hackers now target Russian state officers”, Bleeping Computer, 27 April 2022, Available from:https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/