| |
|
|
|
|
|
|
|
|
|
|
Dear Cyber Pulse Subscribers,
Warm greetings to each of you. It is with immense pleasure and gratitude that I welcome you to the 6th-anniversary edition of Cyber Pulse, our platform for examining the latest trends in cybersecurity. Over the years, your unwavering support has been pivotal in our journey to becoming a frontrunner in digital security.
In this milestone edition of Cyber Pulse, we delve into a pivotal development that aligns seamlessly with our commitment to safeguarding digital landscapes – the Digital Personal Data Protection Act of India. This landmark legislation underscores the nation's dedication to safeguarding personal information in our increasingly digitised world. At ReBIT, we recognise the importance of proactive measures to protect user data. Our experts have diligently examined the DPDP Act, providing you with insights that will not only foster understanding but also help you adapt your strategies in compliance with the evolving digital framework.
Beyond legislative updates, the rapidly changing cybersecurity landscape continues to pose new challenges. In this edition, our team unveils the most recent cyber threats, explores emerging attack vectors, and introduces innovative defence mechanisms. It is our hope that these insights empower you to proactively shield your digital assets from ever-evolving threats.
As we celebrate this 6th anniversary, I extend my deepest gratitude to you, our community members. Your feedback, engagement, and commitment have been instrumental in shaping Cyber Pulse’s trajectory. As we continue to innovate and develop cutting-edge solutions, your perspectives remain at the core of our efforts.
Sincerely,
Santhosh George
CEO, ReBIT
|
|
|
|
|
|
|
|
|
|
In the rapidly evolving digital landscape, personal data has become a valuable currency. Individuals, businesses, and governments exchange vast amounts of personal information daily, ranging from sensitive financial data to personal preferences. As the importance of safeguarding this data becomes increasingly evident, governments worldwide are taking steps to establish comprehensive frameworks for data protection. India has joined this global movement with the introduction of the Digital Personal Data Protection (DPDP) Act in the parliament in August 2023.
What is Data Protection and the DPDP Act?
The Digital Personal Data Protection Act is a legislative effort by the Indian government to address the growing concerns regarding the misuse of personal data in the digital realm. The act aims to provide individuals with greater control over their personal information and enhance the accountability of entities that collect, process, and store such data. By regulating data processing practices, the DPDP Act seeks to strike a balance between promoting technological innovation and protecting the privacy rights of citizens.
Key Elements of the DPDP Act
The DPDP Act encompasses several key elements that collectively contribute to a robust data protection framework:
1. Data Protection Authority: The act proposes the establishment of a Data Protection Authority of India (DPA) responsible for monitoring and enforcing compliance with the law. The DPA will have the power to monitor data processing activities, issue guidelines, and impose penalties for violations.
2. Data Fiduciaries and Data Principals: The act introduces the concepts of "data fiduciaries" (entities collecting and processing data) and "data principals" (individuals whose data is being collected).
3. Consent Mechanisms: The act emphasises obtaining informed and explicit consent from individuals before collecting and processing their personal data. Consent can be withdrawn at any time, giving individuals greater control over their data. This puts the power back in the hands of data principals.
4. Sensitive Personal Data: Special provisions are laid out for processing sensitive personal data, such as health records, financial information, and biometric data. Stringent requirements ensure the protection of this type of data.
5. Data Localisation: The DPDP Act promotes the storage of a copy of personal data within the borders of India. Critical personal data must be exclusively processed within the country, enhancing data sovereignty, and reducing the risk of unauthorised access.
6. Cross-Border Data Transfers: The act outlines rules for transferring personal data outside of India, ensuring that data remains adequately protected even beyond national borders.
7. Right to be Forgotten: The DPDP Act grants individuals the right to request the erasure of their personal data from online platforms or services under specific circumstances. This provision empowers individuals to manage their online presence and exercise greater control over their digital footprint.
8. Data Audits and Impact Assessments: Organisations handling sensitive personal data are required to conduct periodic data protection audits to ensure compliance with the DPDP Act's provisions. Additionally, they must perform Data Protection Impact Assessments (DPIAs) before initiating certain processing activities that may pose a high risk to individuals' rights and freedoms.
9. Child Data Protection: The act includes special provisions for the protection of children's personal data. It requires entities to obtain explicit consent from a parent or guardian before processing a child's data. The act aims to prevent the misuse of children's data for targeted advertising or other potentially harmful purposes.
10. Obligations of Data Fiduciaries: The DPDP Act places obligations on data fiduciaries (entities collecting and processing data) to handle personal data responsibly. This includes ensuring data accuracy, providing individuals with access to their data, and implementing measures to prevent data breaches and unauthorised access.
Provisions in the DPDP Act: Protection, Privacy, and Security
The DPDP Act seeks to achieve its goals through various acts embedded within its framework:
1. Protection: The act's primary purpose is to protect individuals' personal data from unauthorised access, misuse, and breaches. It establishes the responsibility of data fiduciaries to ensure the security and integrity of the data they collect.
2. Privacy: The act acknowledges individuals' right to privacy and empowers them to exercise greater control over their personal data. It obligates data fiduciaries to be transparent about their data collection and processing practices.
3. Security: The act places a strong emphasis on data security, requiring data fiduciaries to implement robust security measures to prevent data breaches and unauthorised access.
Fines and Penalties Specified in DPDP Act
The DPDP Act outlines a tiered system of fines and penalties based on the severity of the violations. Non-compliance with various provisions of the act can result in substantial fines for specific offenses. These penalties aim to encourage organisations to take data protection seriously and prioritise the privacy of individuals.
1. Failure of Data Processor or Data Fiduciary to take reasonable security safeguards to prevent personal data breach will result in a penalty up to ₹250 crore.
2. Failure to notify the Board and affected Data Principals in the event of a personal data breach, and Non-fulfilment of additional obligations in relation children under section 9 of this act will result in a penalty up to ₹200 crore.
3. Non-fulfilment of additional obligations of Significant Data Fiduciary under section 10 of this act will result in a penalty up to ₹150 crore.
4. Non-compliance with duties of data principal as mentioned in section 15 of the act will result in a penalty up to ₹10,000.
5. Non-compliance with provisions of the DPDP Act other than the ones listed above will result in a penalty of up to ₹50 crore.
Note: It's important to note that these fines and penalties are subject to amendments and changes as the act progresses through legislative processes.
In an era where personal data has become the new currency, the Digital Personal Data Protection Act serves as India's response to the urgent need for data protection and privacy. By introducing comprehensive regulations, emphasising consent, transparency, and security, the DPDP Act paves the way for a more responsible and ethical use of personal data in the digital landscape. As India takes significant strides towards safeguarding its citisens' privacy rights, the DPDP Act sets a precedent for other nations grappling with similar challenges in the modern data-driven world.
References:
|
|
|
|
|
|
|
|
Governance
RBI launches UDGAM to help find unclaimed deposits
The Reserve Bank of India (RBI) has announced the launch of a unified web portal, UDGAM, which will allow bank customers to locate their unclaimed deposits in a single location. According to a statement from the RBI, UDGAM will facilitate the process of searching for unclaimed deposits across various banks in one convenient location.
Read more
Threat actors exploiting Ivanti EPMM vulnerabilities: A joint cybersecurity advisory from CISA and international partner NCSC-NO
This has been published in response to the active exploitation of the CVE-2023-35078 and CVE-2023-35081 vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. These vulnerabilities can be combined by threat actors to acquire initial, privileged access to EPMM systems and run uploaded files like webshells.
Read more
NIST releases cybersecurity framework 2.0 draft & implementation examples
Cybersecurity Framework 2.0 by NIST is a significant upgrade to the CSF, which was first made available in 2014 as a tool to assist enterprises in lowering cybersecurity risk. The CSF 2.0 draft includes a number of significant modifications, such as an extended scope, the addition of a sixth function called "Govern," and enhanced and expanded implementation guidelines, particularly for making profiles.
Read more
CISA releases cyber defense plan for remote monitoring and management software
A strategy to address systemic cybersecurity vulnerabilities in remote monitoring and management software has been made public by the US Cybersecurity and Infrastructure Agency. The Remote Monitoring and Management Cyber Defense Plan was developed to address the problem of cyberthreat actors infiltrating managed service providers using RMM software and controlling the servers of security service providers.
Read more
Cyber Crime
Cyber crime police stations to be put up in each district of UP
The Chief Minister, Yogi Adityanath, directed that the cyber crime police stations, which are now working at the regional level, be expanded to all 75 districts, as well as the cyber cells, which are currently operating at the district level, to all police stations.
Read more
Man loses ₹1.30 lakh in online fraud without clicking any link or sharing OTP
Even without clicking any links or sharing OTP, a man loses ₹1.30 lakh to online fraud. The victim connected two different bank accounts to Google Pay and Paytm, respectively. He discovered that funds were being fraudulently withdrawn from both of his accounts.
Read more
SpyNote Spyware targets financial institutions
Spying on European banking customers has been on the rise since the start of the year with a large-scale campaign underway. While SpyNote is typically used to gather user data or run espionage campaigns, this time it’s being used to carry out bank frauds on European banking customers.
Read more
|
|
Bulk sales of SIM Cards banned to curb cyber fraud
To prevent cyber-Fraud, the (DoT) has declared that dealers must now register with telecom carriers to tackle the problem of fake SIM cards. Aside from that, the government intends to stop giving bulk connections. Instead, in order to secure connections for their employees and other needs, firms will have to go through a stringent know-your-customer (KYC) procedure.
Read more
Cyber Security
Over 1 lakh cyber security incidents in Government organisations this year
By June this year, government organisations had experienced more than 1 lakh cyber security incidents, while financial institutions had experienced more than 4 lakh incidents, according to data submitted in the Lok Sabha.
Read more
Maharashtra to come up with ‘Cyber Platform’ to prevent financial fraud
To strengthen security, the state of Maharashtra is creating a ‘Cyber Platform’ to centralise all financial activities. The technology will interconnect banks, financial transactions, and crucial state links, improving the ability to prevent cyberattacks and identify financial crimes. The government plans to put all required facilities in one location and the police will actively oversee the platform.
Read more
Ransomware
New BlackCat ransomware variant adopts advanced Impacket and RemCom tools
Microsoft has found a new variant of the BlackCat ransomware that incorporates the Remcom hacking tool and the Impacket networking infrastructure, allowing it to move laterally across a breached network.
Read more
Ransomware surges with 1500 victims globally
Throughout the world, ransomware attacks have affected at least 1500 firms in the first half of 2023. Three significant ransomware gangs, LockBit (35.3%), ALPHV/BlackCat (14.2%), and Clop (11.9%), were responsible for most of these attacks.
Read more
Malware
Malicious apps use sneaky versioning technique to bypass Google Play store scanners
Versioning is a method that threat actors use to get around malware detections in the Google Play Store and target Android users. Versioning campaigns frequently target users' login information, personal information, and money.
Read more
Avg. malware attacks per organisation reaches to 2,152 hits
The average number of attacks per organisation in India reached 2,152 attacks in the first half of 2023, reflecting a significant increase of 20% (year-on-year). In H1 2023, 48 ransomware groups breached over 2,200 victims, with LockBit3 being the most active, reporting 20% increase in victims compared to H1 2022.
Read more
|
|
|
|
|
|
|
|
|
|
The Cyber Strike is a section dedicated to providing you with a summary of the most significant cyber-attacks that occurred over the past month. With the increasing prevalence of technology in our daily lives, cyber-attacks have become a constant threat to business and individuals alike.
It is important to stay informed about the latest cyber threats and attacks to protect ourselves and our organisations from potential harm.
Let’s dive in and explore the most significant cyber-attacks of the month.
Ivanti Sentry Zero-Day flaw actively exploited in the wild
Impact: Ivanti Sentry has a root-level vulnerability that could allow attackers to gain unauthorised access to critical systems, change configurations, execute root-level commands, and potentially take advantage of other vulnerabilities. This vulnerability could lead to data breaches, manipulation of systems, and operational disruptions, which highlights the urgency for organisations to reduce the risk and protect their systems.
Overview: Ivanti has issued a security advisory regarding a critical Zero-Day vulnerability in the IvantiSentry (previously known as MobileError Sentry) that is actively being exploited in the public domain. This vulnerability grants unauthorised access to confidential APIs, potentially allowing attackers to alter configurations and execute commands. The risk is reduced for customers who do not expose port 8443. However, users are encouraged to restrict access to their internal networks and to address this vulnerability in conjunction with other related vulnerabilities (Vulnerability 2023-3935, 2023-3978, and 2023-3981).
Recommended Actions:
- To reduce the risk, users should upgrade to the most up-to-date version.
- Ivanti recommends blocking external access and, where feasible, restricting access to the management network that is accessible only to IT administrators.
New Knight Ransomware Campaign Uses Fake TripAdvisor Complaints
Impact: The Knight ransomware campaign could cause significant damage to organisations by encrypting their critical files and data. This could result in operational downtime, data loss, and financial losses associated with the ransom demanded. Furthermore, the common Bitcoin address in the ransom notes raises fears of third-party intrusion, making payment risk and leaving organisations unsure about successful data recovery.
Overview: The Knight Ransomware is a new variation of Cyclops. The ransomware is being distributed through a spam email campaign that appears to be a TripAdvisor complaint. The spam emails contain a ZIP file attachment or HTML file that, upon opening, downloads an Excel XML file that installs the Ransomware. The Ransomware encrypts the files on your computer and demands a Bitcoin ransom of $5000.
Recommended Actions:
- Prioritise user awareness and education to recognise phishing attempts, suspicious attachments, and websites.
- Implement strong email filtering solutions to automatically identify and quarantine potentially malicious emails.
- Perform regular backups of critical data and systems.
- Keep all software, operating systems, and security solutions up to date.
- Employ intrusion detection and network monitoring systems to identify suspicious outbound traffic that might indicate data exfiltration.
- Implement MFA for accessing sensitive systems and data.
- Develop and regularly update an incident response plan that outlines steps to take in case of a ransomware attack.
- Assess and enforce security measures for third-party vendors and partners who have access to your organisation's systems or data.
- Implement network segmentation to restrict lateral movement for attackers.
New Remote Access Trojan Called Qwixx RAT Targets Windows Systems
Impact: One of the biggest threats facing organisations today is the emergence of QvixxRAT, which can lead to data breaches and the loss of sensitive information if infiltrated. The RAT’s ability to stealthily collect data and hide it from detection could compromise sensitive information, financial data, and operational security, resulting in reputational harm and financial losses.
Overview: A new RAT has surfaced on Telegram and Discord and is being promoted for sale. The RAT sneaks into Windows systems, collects confidential information, and then sends it to the attacker’s Telegram bot, giving them unsecured access to the victim’s data. The RAT is sophisticated, avoids analysis, follows processes, includes a “clipper” for crypto wallet data theft, and is controlled by a Telegram bot. This discovery is in line with similar RATs such as RevolutionRAT and Venom control RAT, and a separate campaign tricking users into installing them.
Recommended Actions:
- Immediately report any theft to appropriate authorities.
- Regularly scrutinise your bank and credit card statements for anomalies.
- Periodically renew your passwords using robust, unique combinations to reduce the risk of data misuse or phishing attempts.
- Introduce an additional security layer against unauthorised breaches by employing two-factor authentication (2FA) on vital accounts.
- Ensure webcam security by covering or disconnecting it when idle to prevent unauthorised access.
- Be wary of dubious emails, links, or attachments.
New Statc Stealer Malware Targets Windows Users
Impact: The threat posed by Statc Stealer could result in data breaches, financial losses, and compromised user credentials for organisations. Its ability to steal sensitive information and hide it from detection could lead to identity theft, fraud, and damage to organisations’ reputations.
Overview: Statc Stealer is a new type of information malware that targets Windows devices to steal personal and financial information. This type of malware is capable of stealing data from a wide range of web browsers, targeting credentials, cookies, and crypto wallets. The malware masquerades as an MP4 video ad to break into systems, uses a variety of tactics to evade analysis, and transfers stolen data safely to remote servers. This powerful malware can target Signal Messenger data and evade detection, as well as cracking.
Recommended Actions:
- Conduct a thorough traffic analysis to identify and block suspicious communication with command-and-control servers.
- Employ robust malware prevention and detection tools that can identify and mitigate threats.
- Train employees about the dangers of interacting with unfamiliar or suspicious content, particularly in advertisements.
- Keep operating systems, browsers, and security software up to date to patch vulnerabilities and minimise potential entry points for malware.
- Implement IDS solutions to monitor network traffic for unusual patterns or activities that could indicate a malware infection
- Adopt a multi-layered security approach that includes firewalls, intrusion prevention systems (IPS), endpoint protection, and email filtering to create multiple barriers against malware intrusion.
- Limit user privileges and access rights to minimise the potential impact of a malware infection. Only grant necessary permissions to reduce the attack surface.
- Employ advanced threat detection techniques, such as behavioural analysis, to identify abnormal activities and potential signs of malware.
Remote Code Execution Vulnerability in Python
Impact:
Python version prior to 3.12
Python version prior to 3.11.4
Python version prior to 3.10.12
Python version prior to 3.9.17
Python version prior to 3.8.17
Python version prior to 3.7.17
Overview: An attacker can use a Python vulnerability to execute arbitrary code, disclose sensitive information, and bypass security restrictions on the target system.
This vulnerability is present in Python because there is a bug in the url.parse module. A remote user can take advantage of this vulnerability by sending a specially crafted URL that begins with empty characters. If this vulnerability is exploited, a remote user can execute remote code, disclose sensitive information, and bypass security restrictions on the target system.
Recommended Action: Apply appropriate security updates.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ReBIT is an ambitious, employee-first organisation that believes in empowering our employees to grow alongside the organisation's goals and perform to their full potential. We are fascinated by technology, and we admire our employees. We house exceptional talent that contributes to ReBIT's mission.
We’re looking for candidates who have a zeal for technology and innovation. Check out our careers page for opportunities to work with us!
|
|
|
|
We'd love to hear from you!
Share your thoughts with us at communications@rebit.org.in or leave us a feedback by clicking on the button below.
|
|
|
|
|
|
|
|
502, Building No 1, Mindspace Juinagar, Nerul,Navi Mumbai – 400706
|
|
|
|
You are receiving this email as you signed up for our newsletter.
Want to change how you receive these emails?
You can Unsubscribe here.
|
|
|
|
|
