Tag Archives: Malware

VIF Cyber Review: December 2022

NATIONAL

Minister for Electronics and IT launched ‘Stay Safe Online’ campaign & ‘G20 Digital Innovation Alliance’ as part of Bharat’s G20 Presidency.

On 28 December 2022, the Minister for Electronics and Information Technology, Communications and Railways— Ashwini Vaishnaw launched the ‘Stay Safe Online’ campaign and the ‘G20 Digital Innovation Alliance’ (G20-DIA). Ministry of Electronics and Information Technology (MeitY) is the nodal ministry for the G20 Digital Economy Working Group (DEWG) and has represented Bharat in numerous working groups and ministerial sessions during previous presidencies. In Bharat’s tenure of G20 Presidency, MeitY will focus on three areas— i) Digital Public Infrastructure (DPI), ii) Cyber Security, and iii) Digital Skill Development (DSD).

Addressing the event, the Minister said, “Bharat [India] believes in the philosophy of inclusion. Bharat’s population scale and open source ‘public digital platforms’ such as UPI and Aadhaar have delivered economic and social inclusion and spurred innovation. The two campaigns launched today have the humanitarian way of thinking.”

The objective of the ‘Stay Safe Online’ campaign is to raise awareness among Internet users about how to stay safe while surfing the web. This campaign will make citizens of all ages, particularly children, students, women, senior citizens, the disabled, teachers, faculty, Central/State Government officials, and others, aware of the cyber risk and how to deal with it. To reach a wider audience, the campaign will be carried out in Hindi, English, and local languages. [1]

MoS for Electronics and IT held public consultation with over 200 stakeholders on the DPDP Bill 2022

On 23 December 2022, the Minister of State for Electronics and Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar met over 200 stakeholders to discuss and deliberate on the Digital Personal Data Protection (DPDP) Bill 2022. Public consultations were open until 02 January 2023. The attendees included representatives from industry, think-tanks, law firms, consumer and citizen rights group. “Bill will act as a kinetic enabler for personal data protection while catalysing data led innovation and start-up ecosystem. Post the bill, the intermediaries will have to go for deep behavioural changes, and it will no longer be business as usual for them,” said MoS Chandrasekhar.

The stakeholders made numerous suggestions regarding various clauses of the Bill, such as the penalty regime for data fiduciaries, obtaining parental consent for children, cross-border data flows, and consent managers and how the government intends to regulate them, among many others. The Minister also clarified the deemed consent clause for government data access. [2]

“Bharat (India) will chart its own course on the future of Internet”: MoS Chandrasekhar

Speaking at a session at the India Global Forum held in Dubai, UAE, on 14 December 2022, the Minister of State for Electronics and Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar said over 820 million Internet users deserve to have their own way to decide what kind of internet they want. “European GDPR (General Data Protection Regulation) is considered a gold standard for privacy and data protection. But we [Bharat] would like to disagree. With more than 820 million internet users, we have the largest presence on global internet and deserve an opportunity to shape our own destiny. We will chart our own course and build a framework suitable for us,” said MoS Chandrasekhar.

On Digital Personal Data Protection (DPDP) Bill 2022, the Minister said that “protecting the digital rights of our citizens is an obligation of the Government. But we do not see this as a binary at the expense of slowing down the ecosystem for innovation that exists in India (Bharat) and in partnerships with other countries. The Government would not strongly regulate the Internet but is committed to the principles of open, safe, trusted and accountable internet.” [3]

CERT-In issued advisory on multiple vulnerabilities in Apple iOS and iPdOS

On 15 December 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities reported in Apple iOS and iPadOS which could allow remote attacker(s) to gain access to sensitive information, execute arbitrary code, spoof the UI, gain elevated privileges, bypass security restrictions or cause denial of service conditions on the targeted system. The vulnerabilities exists in the Accounts, Apple Mobile File Integrity, Core Services, GPU Services, among other components of Apple iOS and iPadOS.

Successful exploitation of these vulnerabilities could allow the attacker(s) gain access to sensitive information, execute arbitrary code, spoof the UI, and bypass security restrictions on the targeted system. [4]
As solutions, the advisory suggests users to apply appropriate software updates as mentioned in Apple’s security updates at: Click here to read…

Tata Group to invest USD 90 billion over 5 years into chip manufacturing in Bharat

In an interview with Nikkei Asia on 08 December 2022, the Tata Sons chairman— Natarajan Chandrasekaran informed the Tata Group plans to begin production of Semiconductors in Bharat in next few years, in order to make the country an essential part of global chip supply chains. Tata Group already have announced a semiconductor design and development partnership with Renesas Electronics, Japan, in June 2022.

According to the India Electronics and Semiconductor Association, the semiconductor market will more than double to USD 64 billion between 2021 and 2026. The ongoing ‘disengagement’ between the United States and China in chip-related technology is causing major chipmakers to seek more diverse supply-chain locations. The Government of India and Tata Group are both looking to capitalise on this shift in order to position Bharat as a new semiconductor hub. The chairman also announced a USD 90 billion investment over the next five years as part of that effort. Aside from semiconductors, the company is in the process of launching new businesses such as electric vehicle (EV) and EV battery production, renewable energy production, and the development of ‘super apps’ that allow users to purchase goods and services ranging from groceries to financial products. [5]

Since 2018, stolen data of 6,00,000 Indians sold on Bot markets, claimed study by Nord VPN

According to the study conducted by one of the world’s largest VPN service providers— NordVPN, since 2018, around five million people worldwide, including 6,00,000 Indians, had their data stolen and sold on the Bot market. Bot markets are used by hackers to sell stolen data from victims’ devices with bot malware. The stolen data included user logins, cookies, digital fingerprints, screenshots and other information, with the average price for the digital identity of a person at ₹490 Indian rupees (USD 6.03/USD 1=₹81.14).

As reported by The Times of India, a week after the ransomware attack on AIIMS in November 2022, the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts within 24 hours. [6]
Bharat’s cybersecurity rules have tightened in 2022, with the Indian Computer Emergency Response Team (CERT-In) requiring tech companies to report data breaches within six hours of noticing such incidents and to maintain IT and communications logs for six months. [7]

INTERNATIONAL

Hackers claimed to stole data from multiple electric utilities in a ransomware attack in the US

An unidentified group of hackers claimed to stole data belonging to multiple electric utilities of US government contractor, in a ransomware attack held in October 2022. In a memo distributed to power company executives in December 2022 by the North American Grid Regulator’s Cyber-Threat Sharing Centre, it is stated that while private investigators searched the Dark Web for stolen data, US Federal officials kept an eye on the incident for any potential wider effects on the US power sector.

An engineering firm— Sargent & Lundy, with offices in Chicago, was the target of the ransomware attack. The company has designed over 900 power plants and thousands of kilometres of power lines, and holds sensitive project data. According to the memo shared by the Electricity Information Sharing and Analysis Centre, there is no indication that the “model files” and “transmission data” that Sargent & Lundy used for utility projects, which were stolen, are available on the Dark Web. [8]

LockBit ransomware gang claimed cyber-attack on Port of Lisbon Administration

On 25 December 2022, LockBit ransomware gang carried out a cyber-attack on Port of Lisbon Administration (APL) and claimed to steal financial reports, audits, budgets, cargo information, ship logs, customer PII (personal identifiable information), and more. According to the statement released by APL, “cyber-attack did not impact the port’s operations. All safety protocols and response measures provided for this type of occurrence were quickly activated, the situation being monitored by the National Cybersecurity Center and the Judicial Police.”

The ransomware gang demanded the ransom of USD 15,00,000 and also gave the possibility to delay the publication of the data by 24 hours by paying USD 1,000. The LockBit gang is currently at the third version of their encryptor that powers the notorious RaaS (Ransomware as a Service) project, and one of the most prolific gangs of 2022. [9]

International Police shut down 48 DDoS-for-hire services, arrested 07 alleged administrators

The Europol, on 15 December 2022, announced that the International Police shut down around 48 popular websites, mainly Distributed Denial-of-Service (DDoS), that allowed paying users to launch DDoS attacks, and arrested seven alleged administrators of these websites. According to the US Department of Justice (DOJ), the accused disguised their sites as services that could be used for network testing but actually sought money for conducting DDoS operations against educational institutions, government agencies, gaming platforms, and millions of individuals worldwide. DDoS function by flooding websites with spam traffic, rendering them inaccessible.

The Operation— “Power Off” operation was carried out by law enforcement authorities in the US, the UK, Germany, Poland, and the Netherlands. According to the DOJ, the takedown occurred less than two weeks before the Christmas holiday, which normally results in a large rise in DDoS attacks across the gaming sector. [10]

US extended ban on military and surveillance tech sales to China

On 15 December 2022, the US administration extended a ban on commercial exports of advanced US technology that it said “aids Beijing’s military and hypersonic programs and enables Human Rights violations. The decisions come a month after US President Biden and Chinese President Xi Jinping met in Bali to try to put a “floor” under the relationship’s downward spiral. The Chinese government has accused the US administration of abusing export regulations in order to wantonly hinder and handicap Chinese firms and keep its sci-fi hegemony.

The Entity List includes 36 Chinese firms that are effectively prohibited from getting US technology. All but one, a Chinese subsidiary based in Japan, are based in China. Significantly, 21 of the newly listed corporations are also subject to a new regulation— Foreign Direct Product Rule (FDPR), which prohibits foreign companies from selling to Chinese entities anything manufactured with American technology or equipment. [11]

US National Cyber Director visited Japan to bolster digital cooperation

In December 2022, the United States’ National Cyber Director— Chris Inglis visited Japan to advise government officials posted there on strengthening cyber security defences. The visit was an effort to improve cyber security cooperation with a key alley (Japan) in Asia amid a strained relationship between the US and China. According to Mark Montgomery, former executive director of the Cyberspace Solarium Commission (CSC) and current director of the Centre on Cyber and Technology Innovation (CTI) at the Foundation for Defense of Democracies (FDD), the Biden administration wants to encourage all friendly nations to speed up their investments in cybersecurity. “Boosting cybersecurity collaboration with Japan is crucial for the US amid increasing cyber threats from China, North Korea, and Russia,” said Atlantic Council Cyber Statecraft Initiative Program Assistant Jen Roberts. [12]

Endnotes :

[1] “Shri Ashwini Vaishnaw launches ‘Stay Safe Online’ Campaign and ‘G20 Digital Innovation Alliance’ as part of India’s G20 Presidency”, Press Information Bureau- Ministry of Electronics and IT, 28 December 2022, accessed on 02 January 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1887114
[2][3][4][5][6][7][8][9][10][11][12]

VIF Cyber Review: April 2022

NATIONAL

Cabinet approves upgradation of mobile sites in LWE-affected areas

On 27 April 2022, the Union Cabinet chaired by Prime Minister Narendra Modi, has approved a ‘Universal Service Obligation Fund (USOF)’ project for upgrading 2G mobile services to 4G at security sites in the Left-Wing Extremism (LWE) areas. The Cabinet also authorised Bharat Sanchar Nigam Limited (BSNL) payment of LWE Phase-I 2G site operations and maintenance costs for an additional five years beyond the contractual period of five years at a cost of ₹541.80 crore. The extension will last up to 12 months from the date of Cabinet approval or the commissioning of 4G sites, whichever comes first.

The upgrade will improve internet and data services in certain LWE locations. It satisfies the standards of the Ministry of Home Affairs (MHA) as well as the state governments. It will also meet the communication requirements of the security forces stationed in these regions. The suggestion is consistent with the goal of increasing rural mobile connectivity. Furthermore, delivery of various e-governance, banking, tele-medicine, tele-education, and other services via mobile broadband will be possible in these locations. [1]

CERT-In issued advisory on multiple vulnerabilities in Oracle products

On 22 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities in Oracle products which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, and cause Denial of Service (DoS) attack on the targeted system. Such vulnerabilities are remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. [2] As a solution, CERT-In provided link to apply appropriate patches available at: Click here to read…

India Post issued warning against fraudulent URLs/Websites claiming to give prizes through certain surveys

On 23 April 2022, the India Post issued a warning against various URLs/Websites getting circulated in social media and communication platforms, such as WhatsApp, Telegram, Instagram, and through e-mail/SMS containing tiny URLs, claiming to provide government subsidies as prize money through certain surveys. “We wish to inform the citizens of the Country that India Post is not involved in any such activities like announcing Subsidies, Bonus or Prizes based on Surveys etc. Public receiving such notifications/messages /emails are requested not to believe or respond to such fake and spurious messages or share any personal details.

It is also requested not share any personally identifiable information such as date of birth, Account numbers, mobile numbers, place of Birth & OTP etc”, read the advisory issued by the India Post. The India Post and Fact Check Unit of Press Information Bureau (PIB) have declared these URLs/Websites as fake through social media. [3]

CERT-In issued advisory on Malware targeting ICS/SCADA systems

On 16 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory about the Advanced Persistent Threat (APT) actors targeting Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems through custom made tools. The tools enabled cyber threat actors to scan for, compromise, and control affected systems after gaining access to the operational technology (OT) network.

The APTs are targeting ICS/SCADA and have capabilities to gain complete access control of certain ICS/SCADA devices including:

– Schneider Electric programmable logic controllers (PLCs).

– OMRON Sysmac NEX PLCs, and,

– Open platform communications Unified Architecture (OPC UA) Servers.
According to the advisory, the APT actors could also exploit a known-vulnerable ASRock-signed Motherboard driver— “AsrDrv103.sys”, exploiting CVE-2020-15368, to execute malicious code in the Windows kernel to move laterally within an IT or OT environment and disrupt critical devices or functions. [4]

Qualcomm and MeitY’s C-DAC partner to support Indian Semiconductor start-ups

For 2022, Qualcomm India announced a collaboration with the Centre for Development of Advanced Computing (C-DAC), an autonomous scientific society of the Ministry of Electronics and Information Technology (MeitY), to initiate and conduct Qualcomm® Semiconductor Mentorship Program (QSMP) 2022 for select start-ups from the semiconductor space in India, with further programme to provide and facilitate mentorship, technical training, and industry outreach. Under the collaboration, the C-DAC and Qualcomm India intend to work towards following broad objectives:

– Nurture technical advancements and intellectual-property-driven innovation and product development required for semiconductor design in the Indian ecosystem.

– Help reduce risks in innovation; accelerate the pace of business development; and develop soft skills and knowledge base of Indian start-ups engaged in semiconductor design.

– Facilitate access for the selected start-ups with domain experts, VCs, accelerators, incubators, industry associations and large companies that could help them scale up their business.

– Create platforms and forums that provide opportunities to work with high-growth-potential small businesses and start-ups who have potentially disruptive technologies that could develop or reshape semiconductor supply chains in the future.

Up to ten Indian semiconductor start-ups will be shortlisted for QSMP 2022 by Qualcomm India. Each nominated firm will be connected with a Qualcomm India executive for product development and planning mentoring. Through meetings, webinars, seminars, and tradeshows, C-DAC and Qualcomm India will help these entrepreneurs gain exposure to government stakeholders. [5]

CERT-In issued advisory for safe and trusted Internet

On 28 April 2022, The Indian Computer Emergency Response Team (CERT-In) issued directions related to the best information security practices, procedure, prevention, response, and reporting of cyber-crimes under the provisions of sub-Section (6) of the Section 70B of the Information Technology (IT) Act, 2000. The directions will become effective after 60 days.

The directives included aspects relating to synchronisation of Information and Communication Technology (ICT) system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centres, Virtual Private Server (VPS) providers, Virtual Private Network (VPN) Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. These directions shall enhance overall cyber security posture and ensure safe & trusted Internet in the country. [6] The directions are available at: Click here to read…

INTERNATIONAL

Eurojust and Europol cracked an online investment fraud scheme responsible for losses of at least Euro 20 million

On 21 April 2022, Authorities in Finland, the Netherlands, Lativa, France, Germany, and Ukraine, supported the operation during which more than 50 servers and services were seized in six countries. “At the request of the Estonian authorities, Eurojust and Europol assisted in taking down an online investment fraud scheme, which defrauded victim 21 April 2022.

As modus operandi, the perpetrator— belong to an international Organised Crime Group (OCG) contacted victims by telephone via Internet. They project themselves as brokers of online trading platforms, dealing with Cryptocurrencies, to convince victims to make investments. It is believed that more than 30,000 people from at least 71 countries, at least 522 victims are registered in Estonia alone. [7]

Japan proposed first domestic quantum computer use by March 2023

The Japanese government proposed its intentions to enter the global Quantum Computing campaign by placing its first indigenous quantum computer into service within current fiscal year ending March 2023. As per the new strategy, Japan plans to establish four quantum research centres across the country, which could be finalised this month, after the ruling party— Liberal Democratic Party proposed expanded investment in quantum computing and artificial intelligence (AI). [8] Also, the Japanese government expects 10 million users by the end of decade too.

As for the research centres, one of the two will be established at Tohoku University in Sendai, Miyagi Prefecture, on the north-eastern coast of Japan. The centres will train personnel and support research and development. The other new site, at Okinawa Institute of Science and Technology Graduate University, will serve as a hub for advancing joint research by global scientists,” read a report by Nikkei. [9]

Russian hacktivists launched DDoS attacks against Romania’s govt. websites

On 29 April 2022, the Romanian National Cyber Security and Incident Response Team— DNSC, issued a statement informing a series of Distributed Denial of Service (DDoS) attacks targeting several public websites management by the State authorities. The attacks had been claimed by pro-Russia hacktivist group— ‘Killnet’. According to the statement released by the DNSC, the hacktivist group targeted the following Romania-based servers:

– gov.ro (official website of Romania’s Government),

– mapn.ro (official website of Romania’s Ministry of Defense),

– politiadefrontiera.ro (official of Romanian Border Police),

– cfrcalatori.ro (official website of Romania’s National Railway Transport Company), and

– otpbank.ro (site of a commercial bank operating in Romanian).

According to the Romania’s primary domestic intelligence services— SRI (Serviciul Roman de Informatii), the DDoS attack began at 0400 hrs local time, and it originated from a compromised network equipment outside Romania, and that had been compromised by exploiting security vulnerabilities. [10]

China-backed hackers are targeting Russian State officials

Security researchers discovered a phishing campaign led by China-based threat actors, Mustang Panda aka HoneyMyte, and Bronze President) targeting Russian State officials. Earlier, the threat group— Mustang Panda, was spotted orchestrating intelligence gathering campaigns against the European targets, employing phishing lures inspired by the Russian invasion of Ukraine. Despite, two countries— Russia and China, maintains good geopolitical relationships, Russia has always remained in the Mustang Panda’s cross hair.

Although the files sent are Windows executables (.exe), they are made to appear as PDFs and are named after Blagoveshchensk— Russian city closer to the border with China. This suggests that the targets of this campaign are Russian personnel in the region, which further supports the theory that China may be shifting to new intelligence gathering objectives. Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed .EXE file. [11]

Endnotes :

[1] Government of India. “Cabinet approves upgradation of 2G mobile sites to 4G at security sites in Left-Wing Extremism (LWE) areas”, Press Information Bureau, 27 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1820512
[2] Government of India. “Multiple Vulnerabilities in Oracle Products— CERT-In Advisory CIAD-2022-0011”, Indian Computer Emergency Response Team (CERT-In), 22 April 2022, Available from: https://www.cert-in.org.in/
[3] Government of India. “India Post warns public against fraudulent URLs/Websites claiming to provide subsidies/prizes through certain surveys”, Press Information Bureau, 23 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1819189
[4] Government of India. “Malware targeting ICS/SCADA systems— CIAD-2022-0010”, Indian Computer Emergency Response Team (CERT-In), 16 April 2022, Available from: https://www.cert-in.org.in/
[5] Government of India. “Qualcomm and MeitY’s Centre for Development of Advanced Computing (C-DAC) partner to support Indian semiconductor start-ups”, Press Information Bureau, 29 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1821268
[6] Government of India. “CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet”, Press Information Bureau, 28 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1820904
[7] “Takedown of Infrastructures of call centre involved in online investment fraud responsible for losses of at least EURO 20 million”, European Union Agency for Criminal Justice Cooperation, 21 April 2022, Available from: https://www.eurojust.europa.eu/news/take-down-infrastructure-call-centres-involved-online-investment-fraud-responsible-losses
[8] “Tokyo sets Quantum Computing Deadline— Japan Times”, Asia Financial, 08 April 2022, Available from: https://www.asiafinancial.com/48334-2
[9] Kaur, Dashveenjit. “Japan’s first domestic quantum computer targets 10m users by 2030”, Techwire Asia, 18 April 2022, Available from: https://techwireasia.com/2022/04/japans-first-domestic-quantum-computer-targets-10m-users-by-2030/
[10] Toulas, Bill. “Russian hacktivists launch DDoS attacks on Romanian govt sites”, Bleeping Computer, 29 April 2022, Available from: https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/ ; Government of Romania. “Atacuriciberneticeasupra site-urilorunorinstituțiipubliceșifinanciar-bancare”, SRI, 29 April 2022, Available from: https://www.sri.ro/articole/atacuri-cibernetice-asupra-site-urilor-unor-institutii-publice-si-financiar-bancare.html
[11] Toulas, Bill. “Chinese state-backed hackers now target Russian state officers”, Bleeping Computer, 27 April 2022, Available from:https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/