Cyber Pulse May Jun 2024

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1688361430017_cyberpulse_june_2023_intro_banner_01.jpg

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1688361507886_content_list.jpg

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1688363407285_ceo_s_desk_banner.jpg

Dear Cyber Pulse Readers,

In today's hyper-connected world, artificial intelligence (AI) is ubiquitous, seamlessly integrated into our daily lives. From personalized recommendations on streaming platforms to sophisticated fraud detection in banking, AI is reshaping industries and redefining convenience. However, it is a double-edged sword when used by fraudsters for cybercrime making the cyber-attacks more sophisticated.

Hence, in this fast-changing digital environment around us where AI technology evolves at a breakneck pace, the importance of AI literacy cannot be overstated. AI literacy equips individuals with the knowledge to discern authentic content from manipulated media, identify phishing attempts, and understand the implications of data breaches.

This special edition looks at the changing face and impact of social engineering attacks using AI technology capabilities to orchestrate more potent attacks. The increasing prevalence of AI in cybercrime—through methods such as deepfakes, automated phishing schemes, and intelligent malware that underscores the urgent need for widespread AI literacy.

The key lies in a balanced approach that integrates technology, education, and proactive security measures. While technology rapidly advances to counter these threats, it is imperative that we recognize and address the human factors in cybersecurity. Training people and awareness building programs are crucial in reducing the risk of human error. Regular drills, phishing simulations, and comprehensive cybersecurity education can significantly enhance an organization's defense posture.

We had conducted AI awareness program in the month of June and have dedicated the month of July for AI literacy at ReBIT as a way to reinforce awareness on AI. Let us continue to practice caution, exercise responsibility and mindfulness in our online activities as leave digital footprints on social media. Thank you for your continued support as we continue to bring you the latest updates on best practices and emerging trends in cyber security.

Sincerely,

Santhosh George

CEO, ReBIT

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1687152301122_banners_01.jpg

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1687870512613_recent_whatsapp_scams_and_how_to_stay_safe_in_india_banner.jpg

In the fast ever-evolving landscape of cyber-attacks, social engineering remains one of the most common threats trespassing our digital identities. Traditionally, social engineering attacks have relied on exploiting human psychology to trick individuals into divulging sensitive information or performing actions that compromise security.

However, the advent of artificial intelligence (AI) and its benefits in terms of information processing speed and accuracy, same can be utilized maliciously in mastering the art of tracking through digital identities and carrying out cyber fraud attacks. Fraudsters exploit your trust, urgency, and authority to manipulate you into compromising sensitive information.

Imagine an ad promoted by an influencer you trust, urging you to click a link for an exclusive offer. Picture your banker calling, insisting on urgent details to secure your account. Visualize an email from your CEO, directing an immediate transaction. These scenarios are just a few examples of social engineering attacks among the many that cyber attackers have been using, now cyber attacks are more sophisticated with help of AI. Let's discover how AI transforms these deceptive tactics, making them harder to detect and more dangerous than ever and accelerating strike rate with potential targets.

Sources: Link 1 Link 2 Link 3 Link 4 Link 5 Link 6 Link 7 Link 8 Link 9 Link 10 Link 11

Machine Learning is expanding the boundaries of social manipulation, infiltrating your favored social media sites, communication apps, and even harmless looking web surveys. With over half of the global population using social media, it's essential to stay alert to safeguard your personal information and privacy. The easily available AI tools cleverly craft messages packed with personalization, an emotional hook or bait which increases the effectiveness of cyber-attacks. The easiest barrier to break is the human trust, which can be done from emails, ads on social media platforms, through realistic videos or audio recordings of influencers, or authority figures, know family and friends.

AI-Enhanced Phishing Attacks

Phishing remains one of the most common forms of social engineering. AI has taken phishing to a new level by automating and refining the process. AI algorithms can analyze vast amount of data from social media, corporate websites, and other sources to craft personalized messages that appear legitimate. These messages often mimic the communication style and tone of trusted contacts, making them more convincing. For instance, AI can generate emails that seem to come from a colleague or a supervisor, with specific references to recent projects or events. This level of personalization increases the likelihood of the target falling prey for the scam, as the message appears authentic and contextually relevant.

Deepfakes and Impersonation

AI-driven deepfake technology has introduced a new dimension to social engineering attacks. Deepfakes involve creating realistic audio or video content that can impersonate individuals convincingly. Cybercriminals can use deepfakes to simulate the voice or appearance of a company executive, tricking employees into transferring funds or sharing sensitive information. For example, a deepfake audio recording of a CEO requesting an urgent wire transfer can be highly persuasive, especially if it includes specific details about the transaction. The realistic nature of deepfakes makes it challenging for employees to discern the authenticity of the request, leading to successful breaches.

Key Safeguards Against Social Engineering Attacks

As AI continues to enhance the capabilities of cybercriminals, here are some key strategies to mitigate the risk of AI-driven social engineering attacks:

1. Awareness and Training: Regularly train employees on the latest social engineering tactics and the importance of verifying requests. Simulated phishing exercises and awareness programs can help reinforce vigilance and encourage reporting of suspicious activities. Employees should cross-verify the details before going ahead with any transactions or sharing information.

2. Advanced Threat Detection: Implement AI-powered threat detection systems that can identify and respond to sophisticated social engineering attempts. These systems can analyze communication patterns, detect anomalies, and flag suspicious activities in real-time. Systems like a Anti APT, UBA solutions etc. can be of help.

3. AI-Driven Defense Solutions: Leverage AI to develop defense mechanisms that can anticipate and counteract AI-driven attacks. For instance, AI can be used to detect deepfakes by analyzing inconsistencies in audio and video files like video authentication, fake catchers, reality defenders etc.

4. Incident Response Planning: Establish a robust incident response plan that includes protocols for handling social engineering attacks. Rapid response and containment can minimize the impact of a successful attack.

The integration of AI into social engineering attacks represents a significant challenge for cybersecurity professionals. By understanding the capabilities of AI in the hands of cybercriminals and implementing proactive defense strategies, people can stay one step ahead and safeguard their assets against these sophisticated threats.

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1687152331070_banners_03.jpg

Governance

CERT-In alerts on SAP and Google Chrome vulnerabilities

Users of SAP products and Google Chrome for desktop have been alerted to vulnerabilities by the Indian Computer Emergency Response Team (CERT-In), that could give an attacker the ability to execute arbitrary code or cause a denial-of-service condition on the targeted system. The affected software in Google Chrome for desktop includes Chrome versions prior to 126.0.6478.54 before 126.0.6478.56/57 for Windows and Mac. Read more

RBI to set up digital payments intelligence platform

The Reserve Bank of India (RBI) in continuation on its efforts for the safety and security of digital payments to maintain public confidence in digital payment systems stated a need for network-level intelligence and real-time data sharing across payment systems. It has therefore proposed to set up a Digital Payments Intelligence Platform which will harness advanced technologies to mitigate payment fraud risk and has constituted a committee to examine various aspects of setting up a digital public infrastructure for Digital Payments Intelligence Platform.

Read more

Cyber Crime

Mumbai witnesses a 700% rise in investment frauds

As to the authorities, the scammers' approach involves first promoting their investment plans on social media and then coercing the victim into joining a WhatsApp group they set up that offers guidance on stock trading. Subsequently, the victims are requested to download a fraudulent trading application and utilize it to make stock market investments. After being persuaded to transfer money to various bank accounts, the victims can view their earnings on the aforementioned app.

A large-scale 911 S5 proxy botnet taken down

With a global reach reaching over 190 nations, the botnet served as the 911 S5 residential proxy service and was allegedly used for cyberattacks, financial fraud, identity theft, bomb threats etc. The international law enforcement operation involved US, German, Singapore, and Thailand agencies and during the operation, roughly 70 servers and 23 domains used by the 911 S5 botnet were taken into control, said the

US Justice Department.

Cyber Security

Paris Olympics 2024: Experts alarm on cyber threats

The Paris Olympic organizers are strengthening cybersecurity measures in response to warnings from experts and law enforcement that a spike in cyberattacks is anticipated prior to this summer's Games. With more than 13 million tickets sold and over 15 million projected visitors, the Olympic Games, which begin on July 26, 2024, experts caution that the huge ticketing system and spike in sales make the Games a prime target for cyberattacks.

Software outage and a major cyberattack shuts down auto dealership in United States and Canada

The hacking incidents against CDK Global, a company that supplies software to almost 15,000 car dealerships across the United States and Canada, resulted in the suspension of sales, financing, and payroll operations for numerous dealers. The attack affected the main offering of CDK — a collection of software applications known as a dealership management system, or DMS, that supports nearly every aspect of the daily operations of car dealerships.

Read more

Malware / Ransomware

Ransomware attack on Indonesia's national data centre

Indonesia's Temporary National Data Center (PDNS) computers were infected with Brain Cipher, a new version of the infamous LockBit 3.0 ransomware, according to a statement released by the ministry on Monday. Investigations using digital forensics are ongoing, and further information is still pending. Data from local governments and state agencies may be compromised by the incident.

Read more

Outdated Android phones targeted by Rafel RAT attack for ransomware

Recent research findings show Rafel RAT, an open-source Android malware being used by cybercriminals to attack outdated devices. These included Android versions that had reached the end of life (EoL) and were no longer receiving security updates. It demands payment on Telegram and is spread through various means. Most infections occurred on Android versions 11 and older, which accounted for over 87.5% of the total. The malware requests access to risky permissions during installation.

Read more

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1687152379902_banners_06.jpg

Securing Your Digital Identity from Social Engineering Attacks

The Growing Threat of Social Engineering Attacks and the Imperative of Digital Caution

According to Statista, Facebook was the first social network to surpass one billion registered accounts and currently sits at more than three billion monthly active users. There are more than 378 million Facebook users in India alone, making it the leading country in terms of Facebook audience size. A perfect ground for social engineering attacks and knocking on a million digital doors for the next cyber fraud attack.

In the digital age, our online activities leave behind a trail of data known as a digital footprint. This includes everything from social media posts and online purchases to forum comments and app usage. While a digital footprint can be harmless, it can also be a goldmine for cybercriminals conducting social engineering attacks. By analyzing an individual’s online behavior, attackers can craft highly convincing and contextually accurate scams.

The pervasive nature of social media exacerbates this problem. People often share personal milestones, opinions, and even seemingly trivial details that, when pieced together, provide a comprehensive profile. For attackers, this information is invaluable, allowing them to impersonate friends, colleagues, or trusted entities with alarming accuracy. The digital realm offers immense benefits but also harbors significant risks, particularly from social engineering attacks that exploit human vulnerabilities. By understanding these threats and managing our digital footprints with caution, we can safeguard our personal and professional lives from being compromised.

1. Baiting: A type of social engineering attack where a scammer uses a false promise to lure a victim into a trap which may steal personal and financial information or inflict the system with malware. Baiting tempts victims into knowingly or unwittingly giving up sensitive information, or downloading malicious code, by tempting them with a valuable offer, or even a valuable object.

2. Tailgating: Tailgating also known as "piggybacking". A physical breach where an unauthorized person manipulates their way into a restricted authorized area using social engineering tactics.

3. Phishing: Phishing attacks are digital or voice messages that try to manipulate recipients into sharing sensitive information, downloading malicious software, transferring money or assets to the wrong people, or taking some other damaging action. Scammers craft phishing messages to look or sound like they come from a trusted or credible organization or individual—sometimes even an individual the recipient knows personally. There are many types of phishing scams: Bulk phishing emails , Spear phishing, Voice phishing or vishing, Smishing, Angler phishing.

4. Quid pro quo: In a quid pro quo scam, hackers dangle a desirable good or service in exchange for the victim’s sensitive information. Fake contest winnings or seemingly innocent loyalty rewards (‘thank you for your payment—we have a gift for you’) are examples of quid pro quo ploys

5. Watering hole attack: In watering hole attack hackers inject malicious code into a legitimate web page frequented by their targets. Watering hole attacks are responsible for everything from stolen credentials to unwitting drive-by ransomware downloads.

In this ongoing battle between cybersecurity and cyber threats, awareness, vigilance, and proactive measures are our best allies. The onus is on each of us to remain informed and cautious, ensuring that the digital spaces we inhabit are as secure as possible.

10 Safeguards for Your Digital Footprint

#1 Strengthen Your Passwords

Use complex, unique passwords for each account.

#2 Enable Multi-Factor Authentication (MFA)

Add an extra layer of security to your accounts.

#3 Adjust Privacy Settings

Review privacy settings regularly on social media platforms.

#4 Be Suspicious of Unsolicited Requests

Try to verify the source before sharing any information.

#5 Provide Education and Awareness

Stay informed about the latest social engineering tactics and share with those around.

#6 Monitor Your Digital Footprint

Remove outdated or unnecessary information.

#7 Update Software Regularly

Keep your operating systems and applications up-to-date.

#8 Use Secure Connections

Avoid public Wi-Fi for sensitive transactions.

#9 Avoid Urgency in Taking Action

Take time or mention that you would do it later to check and verify information.

#10 Report Suspicious Activity Immediately

Report any suspected phishing attempts or security breaches.

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1687152367832_banners_04.jpg

The Cyber Strike is a section dedicated to providing you with a summary of the most significant cyber-attacks that occurred over the past month. With the increasing prevalence of technology in our daily lives, cyber-attacks have become a constant threat to business and individuals alike.

It is important to stay informed about the latest cyber threats and attacks to protect ourselves and our organisations from potential harm.

Let’s dive in and explore the most significant cyber-attacks of the month.

Multiple vulnerabilities in Google Chrome

Impact:

Google Chrome versions prior to 124.0.6367.118/.119 for Mac and Windows. These vulnerabilities exist in Google Chrome due to use-after-free flaw in Dawn and Picture in Picture components. An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted website. Successful exploitation of these vulnerabilities could allow a remote attacker to trigger remote code execution and denial of service condition on the targeted system.

Recommended Actions

Upgrade to latest software version as released by Google Chrome

GitLab multiple vulnerabilities

Impact: GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 16.11.1, 16.10.4 and 16.9.6.

1. Authentication bypass vulnerability: These vulnerabilities exist due to improper authentication mechanisms. These vulnerabilities could allow an attacker to gain system privileges and access to the credentials of the targeted system.

2. Security Restriction Bypass: This vulnerability exists due to flaw in handling of domain-based restrictions when processing crafted email addresses. This vulnerability could allow an attacker to bypass security restrictions on the targeted system.

3. Denial of service: These vulnerabilities exist due to path traversal vulnerability and an inefficient regular expression. These vulnerabilities could allow an attacker to unauthorized system access and to cause denial of service (DoS) condition on the targeted system.

Recommended Actions

Apply appropriate software/application updates of GiTLab.

Multiple Vulnerabilities in Ivanti Endpoint Manager (EPM)

Impact: These vulnerabilities exist in Ivanti Endpoint Manager (EPM) due to SQL injection vulnerability in core server of Ivanti EPM 2022 SU5. An attacker could exploit this vulnerability by sending specially crafted request. Successful exploitation of these SQL injection vulnerabilities could allow an unauthenticated attacker within the same network to execute arbitrary code on the targeted system.

Recommended Actions

Apply appropriate software updates as mentioned by the vendor.

DDoS Attacks with CatDDoS and DNSBomb Botnet

Impact: The CatDDoS malware botnet, exploiting over 80 known security vulnerabilities in various software platforms, has compromised numerous devices to execute distributed denial-of-service (DDoS) attacks. Researchers report that the botnet has targeted over 300 devices per day at its peak. The vulnerabilities exploited by CatDDoS impact a wide range of devices, including routers and networking equipment.

Recommended Actions

Regularly Update Software: Ensure all software, including routers and networking equipment, is regularly updated to patch known vulnerabilities.
Implement Robust DDoS Mitigation Solutions: Deploy advanced DDoS protection services to detect and mitigate attacks in real-time.
Enhance Network Monitoring: Utilize continuous network monitoring to detect unusual traffic patterns indicative of a botnet or PDoS attack.
Adopt Strong Authentication Methods: Use multi-factor authentication and strong, unique passwords.
Conduct Security Audits and Penetration Testing: Regularly perform security assessments to identify and address potential weaknesses.

https://stratus.campaign-image.in/images/133670000001017006_zc_v1_1688363431459_cp_chatur_chitra_june_2023.jpg

https://stratus.campaign-image.in/images/133670000001017006_2_1686724460516_zc-noimage.png

https://stratus.campaign-image.in/images/133670000001017006_5_1686724464505_zc-noimage.png

https://stratus.campaign-image.in/images/133670000001017006_4_1686724463125_zc-noimage.png

ReBIT is an ambitious, employee-first organisation that believes in empowering our teams to grow alongside the organisation's goals and perform to their full potential. We are fascinated by technology, and house exceptional talent that contributes to ReBIT's mission.

Current Job Openings

Lead Cyber Security - BCMS

Senior Engineer - CSRA (NGCB)

SOC - SIEM Admin Specialist

Incident Response and Governance - Specialist

and more...

We’re looking for candidates who have a zeal for technology and innovation. Check out our careers page for opportunities to work with us!

We'd love to hear from you!

Share your thoughts with us at communications@rebit.org.in

Share Feedback

https://stratus.campaign-image.in/images/133670000001017006_3_1686724461980_zc-noimage.png

502, Building No 1, Mindspace Juinagar, Nerul,Navi Mumbai – 400706

You are receiving this email as you signed up for our newsletter.

Want to change how you receive these emails?

You can Unsubscribe here.