Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Cybeattacks. Show all posts

TRAI Enforces Stricter Regulations to Combat Telemarketing Spam Calls

 


There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)'s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations. These amendments will take effect on February 12, 2025, and prohibit the use of 10-digit mobile numbers for telemarketing purposes, addressing the growing concern that mobile users have with fraudulent and intrusive messages.

To ensure greater transparency in telemarketing practices, the Telecom Regulatory Authority of India (TRAI) has enforced several measures that aim to ensure communication integrity while increasing the intelligence of telemarketers. A comprehensive consultation process was undertaken by the Telecom Regulatory Authority of India (TRAI), which involved a comprehensive stakeholder consultation process for the approval of changes to the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, as a result of which significant changes have been made. This revision is intended to protect consumers against unsolicited commercial communications (UCCs) as well as to enhance compliance requirements for the providers of telecom services. 

Cellular Operators Association of India (COAI,) however, has expressed its concern over the updated regulation, especially about the penalties imposed on service providers as a result of it. The second amendment to the TCCCPR allows consumers to lodge complaints up to seven days after receiving the call or message, allowing them greater flexibility in reporting spam calls and messages for the second amendment. Furthermore, because of the new regulations, individuals are now able to lodge complaints without the need to first register their preferences for communication. 

Additionally, telecom operators are required to respond to complaints within five business days, a substantial reduction from the previous deadline of 30 days. A new set of stricter enforcement measures imposed by the law mandates that senders who receive five complaints within ten days must be held accountable for the complaint. To further safeguard consumer interests, telecom service providers will now be required to provide users with the option of opting out of all promotional emails. 

TRAI has also mandated a standard messaging format, which requires message headers to contain specific codes that indicate that they are promotional, service-related, transactional, or government-related. This structured labelling system aims to enhance transparency and help users distinguish between different types of communication by adding a structured llabellingsystem to their communication systems. 

As a part of the regulatory framework implemented by the Telecom Regulatory Authority of India (TRAI) to improve transparency and curb unsolicited commercial communications (UCCs), 10-digit mobile numbers will no longer be allowed to be used for commercial purposes. A telemarketer is required to use a series of designated numbers for promotional and service calls, ensuring that the two are clearly distinguished.

It is expected that the existing ‘140’ series will remain available for promotional purposes while the newly launched ‘1600’ series will be used for transactional and service-related communications. TRAI has also removed the requirement for the consumer to pre-register their communication preferences in advance of lodging a complaint against spam messages and unwanted phone calls from unregistered senders as part of its anti-spam practices.

In addition to simplifying the complaint process, TRAI has also expanded the reporting period from three days to seven days to improve user convenience in reporting violations, providing consumers with more flexibility in reporting complaints with essential details. To further strengthen consumer protection, TRAI has extended the complaint reporting window from three days to seven days, thus creating an environment of greater flexibility for users. 

There has been a significant reduction in the timeframe for telecom operators to respond to UCC complaints, which was previously 30 days, down to five days now. Further, the threshold for penalizing senders has been lowered as well, with only five complaints within ten days instead of the earlier benchmark of ten complaints within seven days, requiring penalties to be imposed. To improve accessibility and foster consumer engagement, the government is now requiring that mobile applications and official websites of telecom service providers prominently display complaint registration options as a means of promoting consumer engagement. 

Several regulatory initiatives have been taken to improve the accountability, transparency, and consumer-friendly nature of the telecommunications sector while also making sure the anti-spam directives are strictly followed. A stringent series of measures has been introduced by the Telecom Regulatory Authority of India (TRAI) to counter the rising threat of spam calls and to prevent malicious entities from misusing SMS headers and content templates to forward fraudulent or deceptive messages to subscribers. 

Several initiatives are being implemented by the TRAI that will ensure that consumer interests are protected and a safer and more transparent messaging environment is established. To ensure compliance with telemarketing regulations, TRAI has mandated strict penalties for entities making unauthorized promotional calls that violate telemarketing regulations. A violation of these terms can result in severe consequences such as the disconnection of all telecommunications resources for a period of up to two years, a blacklisting for up to two years, and a prohibition on acquiring any new telecommunications resources during the period of blacklisting. 

More than 800 entities and individuals have been blacklisted as a result of these measures, and over 1.8 million SIP DIDs, mobile numbers, and other telecommunications resources have been deactivated as a consequence. As a consequence, fraudulent commercial communications have been eliminated in large part. TRAI's directives call for access providers to list URLs, APKs, and links to OTTs within SMS content, and we have implemented this requirement with effect from October 1, 2024, to further enhance consumers' protection.

In an attempt to ensure consumer safety, a regulation moving forward will limit the use of links in text messages that have been verified and authorized by the user, thereby reducing the risk of consumers being exposed to harmful websites, fraudulent software, and other online risks. The '140xx' numbering series is further enhanced by migrating all telemarketing calls that originate from this series of numbers to the Distributed Ledger Platform (Blockchain) platform. In this way, the surveillance and control of telemarketing activities can be improved. 

There have also been advances in technical solutions being deployed by access providers to improve traceability to ensure that every entity involved in the message transmission, from the initial sender through to the final recipient, is accounted for within the chain of communication. Any traffic containing messages that omit a clearly defined chain of telemarketers and can be vverifiedor deviate from the pre-registered framework will be automatically rejected as of December 1, 2024. Several significant advancements are being made in regulatory oversight in the telecom sector as a result of these measures. Consumer protection is reinforced,d and accountability is enhanced within the industry as a result of these measures. 

To ensure that consumers have an easier and more convenient way to report unsolicited commercial communications violations, telecom service providers are required to prominently display complaint registration options on their official websites and mobile applications, making the complaint system more user-friendly and accessible for them. As part of this initiative, consumers will have the opportunity to easily flag non-compliant telemarketing practices, allowing the complaint process to be streamlined. Furthermore, service providers must provide consumers with a mandatory ‘opt-out’ option within all promotional messages to give them greater control over how they want to communicate. 

The new Consumer Rights Rule establishes a mandatory 90-day waiting period before marketers can re-engage users who have previously opted out of receiving marketing communication from a brand before re-initiating a consent request for them. By implementing this regulatory measure, the telecom industry will be able to protect consumers, eliminate aggressive advertising tactics, and develop a more consumer-centric approach to commercial messaging within its infrastructure.

It was announced yesterday that the Telecom Regulatory Authority of India (TRAI) has introduced stringent compliance requirements for access providers to make sure unsolicited commercial communications (UCC) are curbed more effectively. This new set of guidelines requires telecom companies to comply with stricter reporting standards, with financial penalties imposed on those companies that fail to accurately report UCC violations. 

According to the punishment structure, the initial fine of 2 lakh rupees for a first offence is followed by a fine of 5 lakhs for the second offence and a fine of 10 lakhs for subsequent violations. There has been a move by access providers to further enhance the level of regulatory compliance by mandating that telemarketers place security deposits that will be forfeited if any violation of telemarketing regulations occurs. A telecom operator may also be required by law to enter into legally binding agreements with telemarketers and commercial enterprises, which will explicitly define and specify their compliance obligations, as well as enumerating the repercussions of non-compliance. 

This means that reducing spam levels will be a major benefit for businesses while ensuring that they can communicate through authorized, transparent, and compliant channels, leading to a significant reduction in spam levels. TRAI aims to increase the consumer safety and security of the telecommunications ecosystem by enforcing these stringent requirements while simultaneously balancing regulatory oversight with legitimate business needs to engage with customers by the means approved by TRAI.

Rise of OLVX: A New Haven for Cybercriminals in the Shadows

 


OLVX has emerged as a new cybercrime marketplace, quickly gaining a loyal following of customers seeking through the marketplace tools used to conduct online fraud and cyberattacks on other websites. The launch of the OLVX marketplace follows along with a recent trend in cybercrime marketplaces being increasingly hosted on the clearnet instead of the dark web, which allows for wide distribution of users to access them and for them to be promoted through search engine optimization (SEO). 

Research conducted by Zerofox cybersecurity researchers discovered that there is a new underground market called OLVX (olvx[.]cc) that was advertising a wide variety of hacking tools for illicit purposes and was linked to a large number of hacking tools and websites. 

Researchers at ZeroFox, who detected OLVX at the end of July 2023, have noted a marked increase in activity on the new marketplace in the fall, noticing that both buyers and sellers are increasing their activity on the marketplace. 

There have been several illicit tools and services offered to threat actors by OLVX since its launch on July 1, 2023. As opposed to the other markets that OLVX operates in, it focuses on providing cyber criminals with tools that they can take advantage of during the 2023 holiday peak season in retail. 

ZeroFox found that OLVX marketplace activity spiked significantly in fall 2023 due to more items selling on the marketplace, and buyers rushing to the new store to purchase those items. OLVX is estimated to be the result of leaked OLUX code from 2020/2021, according to an investigation. 

Post-leak stores use improved versions of OLUX code, even though the old OLUX code is outdated. For better accessibility and better web hosting, OLVX hides the contents of its website on Cloudflare. For customer growth, OLVX does not make use of the dark web; instead, it relies on SEO and forums to grow customers.

For customer support, OLVX runs a Telegram channel to provide support. The company's reputation and earnings are boosted by strong relationships with its customers.  Unlike most other markets of this nature, OLVX does not rely on an escrow service to ensure funds are protected.

Instead, it offers a "deposit to direct payment" system which supports Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money as cryptocurrencies. By doing this, users are encouraged to spend more, because funds are always available, so browsing leads to more frequent purchases for the user. 

To maintain privacy and security, customers who are running low on funds are advised to use time-limited anonymous cryptocurrency addresses to "top-off" their accounts, in order to maintain funds. During the holiday season, OLVX and similar marketplaces thrive as cybercriminal hubs, supplying tools for targeting campaigns to cybercriminals during the colder months. 

On the site, OLVX offers hosting via Cloudflare and advertises DDoS protection through Simple Carrier LLC, which is a substandard hosting provider.  Consumers are increasingly putting their security at risk as they shop. 

OLVX is one of the leading tools that criminals use during the holiday season for illicit activities, making this the time of year when criminals run their heists. Due to the unique nature of the platform, an independent verification team can not verify that the above quality and validity claims are accurate, however, users believe that OLVX's rising popularity and established reputation lend credibility to the majority of the claims. 

Interestingly, Zerofox indicates that fraudulent activity on the platform starts to increase as users get closer to the holiday shopping season, which means that buyers should maintain heightened vigilance so as to avoid scams and identify fraud.

Breaching Nature's Firewall: The Convergence of the Climate Change Crisis and Cyberattacks

 



Corporate strategies are being transformed by ESG considerations – which are now becoming a permanent feature of the economic services sector as they transform corporate strategies. A change in ESG practices cannot be brought about by internal or external pressures if stakeholders do not perceive that the changes can be financially beneficial. The evidence for this is unrefutable; the financial performance of companies that introduce sustainable principles is always strong over the long run if they implement sustainable practices. In addition to reducing costs, increasing productivity, and increasing demand, ESG and financial performance have some links. 

Climate change and cybercrime have similarities worth mentioning. Both groups pose increasing threats. These kinds of risks threaten the safety and security of our basic resources, such as water, energy, and infrastructure. 

It is possible that cyber-attacks and weather events, such as hurricanes, could have serious real-world consequences. ESG disclosure is becoming one of the most important factors for companies operating within the financial services industry. As the public's, investors, and the state's concerns grow, this is becoming an increasingly important issue. 

ESG-oriented regulations have increased considerably in the UK and globally as a result of the increasing number of regulations focusing on ESG. 

A company with ample resources and the ability to respond quickly to these unexpected challenges is more likely to be able to overcome them without being exposed to security risks. 

There will be an increase in cyber threats to their users as a result of this. Despite this, many companies need more resources and capacity to react appropriately and effectively to devastating weather events. This leaves weak spots in their defense system that can be exploited by hackers in case of disasters. 

There is an apparent link between these two threats – and cyber-security – that have enveloped our planet for years now. 

As a way of highlighting the connection between climate change and cybersecurity, Chloe Messdaghi, CEO and Founder, of Global Secure Partners, stated that climate change and cybersecurity are related to the same thing, but that connection is complex and multifaceted. Climate change is leading to greater cyber-threat opportunities. 

Societies rely on technology to combat and mitigate climate change. Technology plays a crucial role in improving resource management and sustainability efforts, from renewable energy systems to smart grids to connected devices. Although increasing dependence on technology is a good thing, it also brings new avenues to hack and get access to sensitive information. Cybercriminals have been able to gain entry into new areas through technological advancements, providing them with a wider attack surface from which to attack and exploit targets. If they succeed in their cyberattacks, there can be severe consequences for hackers who fail to penetrate renewable energy systems and smart grids, such as blackouts, disrupted services, and cascading effects on society.

Amongst the strongest indications that the green energy sector is growing, we can point to the occurrence of cyberattacks that are targeting it. Cybercriminals are becoming more and more interested in renewable energy systems as they become the backbone of economic operations in the future. The energy infrastructure is a critical component of society and the collapse of it could result in a blackout that would have catastrophic consequences.

It has become increasingly complex and interconnected for businesses to navigate an increasingly complex world in which they are confronted with two major challenges: cyber threats and global climate change. Breach of security may cause companies to suffer financial losses, damaging their reputations, and compromising customer information. 

There is a significant risk of operational disruption and supply chain issues arising from the effects of climate change, such as extreme weather events and a shortage of resources. For businesses to meet these challenges effectively, understanding the interplay between these challenges becomes imperative. This includes implementing resilience strategies to mitigate climate risks and cybersecurity policies to protect against evolving threats. Business continuity and sustainability can both be severely compromised in the event neither of these issues is addressed and they do not get resolved appropriately. 

There is no doubt that a cyberattack on the Colonial Pipeline in May 2021 represents a convergence between the climate change crisis and cyberattacks. This critical infrastructure was shut down, leading to panic buying, fuel shortages, and an increase in pollution emitted along the US East Coast. This was due to the shutdown of critical infrastructure. There was a severe cyber-attack on critical systems as a result of the incident, with climate change worsening the threat. 

A key point highlighted was that there was potential for data manipulation and the political ramifications that might result from upsetting an infrastructure that is essential to society. This example highlights the urgent need to develop integrated approaches to tackle the challenges posed by climate change as well as cyberattacks. 

Cyber security and climate change are both unaccountable, as is the lack of accountability for them. The problem of climate change is difficult to diagnose because everything plays a role, so it is extremely difficult to pinpoint who is responsible. 

Financial services face several challenges and opportunities related to climate change and cybersecurity. With climate catastrophes and their occurrences becoming more frequent and more severe, financial institutions must be prepared to deal with the associated risks, such as disruptions in their operations, supply chains, and investments, due to climate-related events. They must strengthen their cybersecurity defenses to protect sensitive data and protect themselves against all evolving cyber threats. 

It is possible to enhance resilience and risk assessment by embracing innovative technologies like AI and blockchain. For climate change to be mitigated and financial systems to be protected, collaboration between stakeholders is crucial. This includes incorporating climate risk into financial decision-making processes and fostering information sharing when developing robust strategies.