Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Government. Show all posts

Cyber Threats by Nation-States Surge Beyond Control

 


In recent years, state-sponsored hacker groups have increased their attacks on critical infrastructure, causing great concern across the globe. It has become increasingly evident that these coordinated and sophisticated cyber threats and attacks are posing serious risks to the security and safety of the country as a whole. 

To protect crucial systems such as power grids, healthcare systems, and water treatment plants, strong cybersecurity measures must be implemented to prevent any disruption or manipulation. This underscores the importance of protecting critical infrastructure that needs to be protected. Currently, two-thirds of all cyberattacks that are attributed to a state-backed actor originate in foreign countries. This information lends credence to the warnings from the US Department of Homeland Security that enterprises and public services alike are facing significant threats. 

Netskope, a security firm that conducts research into state-sponsored attacks, has reported a marked increase in attacks in recent years, with the firm alerting this trend does not appear to be waning anytime soon. It has been estimated that the kind of cyberattacks waged by nation-state actors are now constituting one of the largest forms of quiet warfare on the planet, said Netskope's CEO Sanjay Beri. To understand this worldwide escalation, it is necessary to look beneath the surface of the conflict, which shows a lot of different states employing widely disparate cyberattack strategies. 

It seems that due to the current threat landscape, the U.S. administration has made their national unity of effort a priority to keep a critical infrastructure that is secure, accessible, and reliable. For the above threats and attacks to be addressed effectively, international cooperation, strict regulations, and investments in advanced cybersecurity technologies will be needed. 

It is also imperative that we raise public awareness about cyber threats in addition to improving cyber hygiene practices to minimize the risks of state-sponsored cyberattacks on critical infrastructure that pose a significant threat to the public. Additionally, the European Union Agency for Cybersecurity (ENISA), representing the European Union, released an executive summary of 'Foresight Cybersecurity Threats for 2030' which highlights ten of the most dangerous emerging threats for the next decade. 

A review of previously identified threats and trends is provided in this study, which offers insight into the morphing landscape of cybersecurity. The report, it is details that by addressing issues such as supply chain compromises, skill shortages, digital surveillance, and machine learning abuse, it contributes to developing robust cybersecurity frameworks and best practices for combating emerging threats by 2030 by addressing relevant issues such as supply chain compromises, skill shortages, and digital surveillance. 

As a part of its annual cyber security report, the National Cyber Security Centre (NCSC) of the United Kingdom has released a new report which examines the possible impacts of artificial intelligence (AI) on the global ransomware threat which has been on the rise for some time now. A report published by the CERT indicates that in the future, the frequency and severity of cyberattacks might be exacerbated as Artificial Intelligence (AI) continues to gain importance. NCSC advises individuals and organisations to enhance their cybersecurity measures in a proactive manner in order to prevent security threats. 

It is also discussed in the report how artificial intelligence will impact cyber operations in general, as well as social engineering and malware in particular, highlighting the importance of continuing to be vigilant against these evolving threats as they arise. There was an alert raised earlier this summer by the National Cyber Security Centre (NCSC) of the UK, the US, and South Korean authorities regarding a North Korea-linked threat group known as Andariel that allegedly breached organizations all over the world, stealing sensitive and classified technology as well as intellectual property. 

Despite the fact that it predominantly targeted defense, aerospace, nuclear, and engineering companies, it also harmed smaller organizations in the medical, energy, and knowledge sectors on a lesser scale, stealing information such as contract specifications, design drawings, and project details from these organizations. 

In March 2024, the United Kingdom took a firm stance against Chinese state-sponsored cyber activities targeting parliamentarians and the Electoral Commission, making it clear that such intrusions would not be tolerated. This came after a significant breach linked to Chinese state-affiliated hackers, prompting the UK government to summon the Chinese Ambassador and impose sanctions on a front company and two individuals associated with the APT31 hacking group. This decisive response highlighted the nation's commitment to countering state-sponsored cyber threats. 

The previous year saw similar tensions, as Russian-backed cyber threat actors faced increased scrutiny following a National Cyber Security Centre (NCSC) disclosure. The NCSC had exposed a campaign led by Russian intelligence services aimed at interfering with the UK's political landscape and democratic institutions. These incidents underscore a troubling trend: state-affiliated actors increasingly exploit the tools and expertise of cybercriminals to achieve their objectives. 

Over the past year, this collaboration between nation-state actors and cybercriminal entities has become more pronounced. Microsoft's observations reveal a growing pattern where state-sponsored groups not only pursue financial gain but also enlist cybercriminals to support intelligence collection, particularly concerning the Ukrainian military. These actors have adopted the same malware, command and control frameworks, and other tools commonly used by the wider cybercriminal community. Specific examples illustrate this evolution. 

Russian threat actors, for instance, have outsourced some aspects of their cyber espionage operations to criminal groups, especially in Ukraine. In June 2024, a suspected cybercrime group utilized commodity malware to compromise more than 50 Ukrainian military devices, reflecting a strategic shift toward outsourcing to achieve tactical advantages. Similarly, Iranian state-sponsored actors have turned to ransomware as part of their cyber-influence operations. In one notable case, they marketed stolen data from an Israeli dating website, offering to remove individual profiles from their database for a fee—blending ransomware tactics with influence operations. 

Meanwhile, North Korean cyber actors have also expanded into ransomware, developing a custom variant known as "FakePenny." This ransomware targeted organizations in the aerospace and defence sectors, employing a strategy that combined data exfiltration with subsequent ransom demands, thus aiming at both intelligence gathering and financial gain. The sheer scale of the cyber threat landscape is daunting, with Microsoft reporting over 600 million attacks daily on its customers alone. 

Addressing this challenge requires comprehensive countermeasures that reduce the frequency and impact of these intrusions. Effective deterrence involves two key strategies: preventing unauthorized access and imposing meaningful consequences for malicious behaviour. Microsoft's Secure Future Initiative represents a commitment to strengthening defences and safeguarding its customers from cyber threats. 

However, while the private sector plays a crucial role in thwarting attackers through enhanced cybersecurity, government action is also essential. Imposing consequences on malicious actors is vital to curbing the most damaging cyberattacks and deterring future threats. Despite substantial discussions in recent years about establishing international norms for cyberspace conduct, current frameworks lack enforcement mechanisms, and nation-state cyberattacks have continued to escalate in both scale and sophistication. 

To change this dynamic, a united effort from both the public and private sectors is necessary. Only through a combination of robust defence measures and stringent deterrence policies can the balance shift to favour defenders, creating a more secure and resilient digital environment.

Data Breach: Georgia Voter Information Accidentally Displayed Online

 


Despite an effort by the Georgian government to provide a new web portal that allows Georgians to cancel their voter registration, the website has come under fire after a technical problem caused personal data to be displayed on users' screens. It was announced on Monday that Georgia's Secretary of State Brad Raffensperger has launched a new website designed to give Georgians the ability to easily and quickly cancel their voting registrations if they move out of the state, or if they lose a loved one who recently passed away. 

During the registration process, users are asked to enter the first letter of their last name, their county of residence, and their date of birth. It will then ask them to provide a reason for their cancellation, followed by a request to provide their driver's license information. After answering the question, the person is prompted to enter their license number if the answer to the question is yes. 

There is a possibility that the voter will be asked to enter their social security number, if they do not already have one, or they will be asked to complete a form that needs to be mailed or emailed to the registration office for their local county. The problem, which Mike Hassinger, Raffensperger spokesman, said lasted less than an hour and has now been resolved, highlighted Democratic concerns that the site could be used by outsiders to unjustifiably cancel voter registrations without the voter's permission. 

There is another example of how states should be aggressive in purging their registration rolls of invalid names. In Georgia, there has been a long-running dispute between Democrats and Republicans over this issue, but it has recently gained new urgency because of an extensive national effort coordinated by Trump party allies to remove names from voter rolls that have garnered new attention. 

There are activists inflamed by the false allegations that the 2020 election was stolen, and they are arguing that the state's existing efforts to clean it up are inadequate and that the inaccuracies invite fraud to take place. In Georgia, as well as throughout the country, there have been very few cases of voters casting ballots improperly from out of state. To counter efforts by disinformation campaigns that are aimed at making people distrust the democratic process, four prominent former government officials from Georgia have joined an organization that is hoping to counter the efforts of disinformation campaigns. 

Despite the launch of the Democracy Defense Project, which was announced by Georgia Republican lawmakers Nathan Deal and Saxby Chambliss, and once again by two Democrat politicians, Roy Barnes the former governor of Georgia, and Shirley Franklin the former mayor of Atlanta, the project seems to have picked up two Georgia Republicans and two Democrats. The Georgia board members are part of a national initiative that aims to raise money for advertisements so that they can push back against efforts to undermine elections and to get people to move beyond talking about "polarizing rhetoric" to increase their chances of getting news coverage and raising votes. 

A new skirmish has arisen over the issue of how aggressively states should purge incorrectly registered citizens from their registration rolls. Democrat and Republican congressional leaders in Georgia have been engaged in a bitter and protracted battle over this issue, but the debate has now gained new urgency due to a campaign launched by Donald Trump's allies to remove names from the voter rolls on a national level. 

According to activists fueled by Trump's false claims that the 2020 election was rigged, there is no way to clean up the mess in an accurate way, and inaccuracies invite fraud into the process. Neither in Georgia nor nationwide have there been any instances of improper out-of-state voting that can be verified scientifically. There have been relatively few cancellations of registrations to date. Typically, cancelling a voter registration in Georgia requires mailing or emailing a form to the county where the voter previously resided. 

The removal of deceased individuals or those convicted of felonies from the voter rolls can be processed relatively swiftly. However, when individuals relocate and do not request the cancellation of their registration, it may take years for them to be removed from the rolls. The state must send mail to those who appear to have moved, and if there is no response, these individuals are moved to inactive status. Despite this, they retain the ability to vote, and their registration is not removed unless they fail to vote in the next two federal general elections. 

Georgia has over 8 million registered voters, including 900,000 classified as inactive. Similar to other states, Georgia allows citizens to challenge an individual's eligibility to vote, particularly when there is personal knowledge of a neighbour moving out of state. Recently, however, residents have increasingly been using impersonal data, such as the National Change of Address list maintained by the U.S. Postal Service, to challenge large numbers of voters. Additionally, some individuals scrutinize the voter rolls to identify people registered at non-residential addresses. 

For instance, a Texas group called True the Vote challenged 364,000 Georgia voters before the two U.S. Senate runoffs in 2021. Since then, approximately 100,000 more challenges have been filed by various individuals and groups. Voters or relatives of deceased individuals can enter personal information on a website to cancel registrations. County officials receive notifications from the state's computer system to remove these voters, and counties will send verification letters to voters who cancel their registrations.

If personal information is unavailable, the system offers a blank copy of a sworn statement of cancellation. However, for a brief period after the website was unveiled, the system inadvertently preprinted the voter's name, address, birth date, driver's license number, and the last four digits of their Social Security number on the affidavit. This error allowed anyone with access to this information to cancel a registration without sending in the sworn statement. 

Butler expressed her alarm, stating she was "terrified" to discover that such sensitive information could be accessed with just a person's name, date of birth, and county of registration. Hassinger explained in a Tuesday statement that the temporary error was likely due to a scheduled software update, and it was detected and resolved within an hour. 

Although Butler commended the swift action by Raffensperger's office, she, along with other Democrats, argued that this issue highlighted the potential for the site to be exploited by external parties to cancel voter registrations. Democratic Party of Georgia Executive Director Tolulope Kevin Olasanoye emphasized that the portal could be misused by right-wing activists already engaged in mass voter challenges to disenfranchise Georgians. Olasanoye called on Raffensperger to disable the website to prevent further abuse.

Leak of Greek Diaspora Emails Shakes Government: A Closer Look


The recent leak of Greek diaspora emails has sent shockwaves through the conservative government of Prime Minister Kyriakos Mitsotakis. The scandal, which unfolded in March 2024, has raised questions about privacy, data protection, and political accountability. Let’s delve into the details.

The Email Barrage and Its Fallout

What Happened? A New Democracy Member of the European Parliament (MEP) bombarded voters abroad with emails minutes after they were informed about voting by mail.

Resignation: Interior Ministry General Secretary Michalis Stavrianoudakis stepped down.

Dismissal: Nikos Theodoropoulos, New Democracy’s Secretary for Diaspora Affairs, faced dismissal.

Withdrawal: MEP Anna-Michelle Asimakopoulou announced she would not contest in the upcoming June election.

The Investigation

An internal probe revealed that in May 2023, a list of email addresses was allegedly acquired by an associate of Stavrianoudakis and forwarded to Theodoropoulos. The list eventually reached Asimakopoulou.

Asimakopoulou had previously denied any wrongdoing, claiming she collected contact information during her tenure as an MEP and sought consent from Greeks abroad to communicate with them regularly.

Legal Action: Grigoris Dimitriadis, Prime Minister Mitsotakis’ nephew, initiated legal proceedings related to the scandal.

Further Actions: The Athens Prosecutor’s Office and the country’s Data Protection Authority (DPA) are actively involved in addressing the case.

European Parliament Elections: The upcoming European Parliament elections in June serve as a barometer of party strength in various countries.

Privacy, Accountability, and Political Fallout

The leak has ignited a fierce debate on several fronts

Privacy Concerns: The unauthorized use of email addresses underscores the need for robust data protection measures. Citizens rightly expect their personal information to be handled responsibly.

Political Accountability: Asimakopoulou’s withdrawal from the European ballot reflects the gravity of the situation. The scandal has implications beyond party lines, affecting public trust in politicians.

Mitsotakis’ Leadership: The Prime Minister’s handling of the crisis is under scrutiny. How he navigates this scandal will shape his political legacy.

What can we learn from this?

The leak of Greek diaspora emails serves as a stark reminder that even in the digital age, privacy breaches can have far-reaching consequences. As investigations continue, the fallout from this scandal will reverberate through Greek politics, leaving citizens questioning the integrity of their elected representatives.

Blockchain's Role in Reinventing ATM Security: A Game-Changer in Banking

 


Blockchain technology allows for the creation of a structured data structure that is intrinsically secure. A cryptocurrency is based on the principles of cryptography, decentralization, and consensus, which is a mechanism that ensures that transactions can be trusted. 

Data is usually organized into a series of blocks, and within each block, there is a transaction or bundle of transactions, which makes up the most popular blockchain or distributed ledger technologies (DLT). This cryptographic chain is constructed by connecting every new block to all those before it to ensure that no block can be tampered with in the future. 

An agreement mechanism is used to verify and agree upon the validity of all transactions within blocks, and this mechanism ensures that each transaction in the block is valid. A crucial part of keeping our money safe and secure is the use of technology in the world of modern banking. 

There are many breakthrough technologies in the world today, and blockchain is one of them. The Indian market for digital payments is expected to have a market capitalization of an astounding 500 billion by 2020 with its growth on a steady track. 

Several factors, including demonetisation and government efforts to encourage mobile-based transactions across the country, can be attributed to the increase in the use of online payments across the country. The move to a truly digital economy seems to be only a matter of time. With an increasing number of Indians opting for digital cash and more payment methods evolving to support digital transactions, it appears that we are on our way to becoming a fully digital economy. 

It must be said, however, that one of the current challenges with online payments in the country is finding a way to uniform the structure and functionality of the payment system. Blockchains are similar to big ledgers, storing all transactions that occur in an encrypted record in an encrypted database that can be searched in real-time. 

With Blockchain technology, users have the option of sending, receiving, and managing their accounts online with no middleman in the case of online transactions. Blockchain technology represents a very promising method of decentralization that allows members of a distributed network to contribute to the network.

An individual user cannot change the record of transactions in a server-based environment, and there is no single point of failure. Despite this, there are some critical differences in the security aspects of blockchain technologies. The Automated Teller Machine (ATM) is a way for financial institutions wishing to provide their customers with the convenience of conducting small transactions without having to interact directly with bank staff by offering them an electronic outlet through which they can accomplish the task. 

With ATMs, customers can carry out many of their banking transactions easily by performing self-service transactions such as depositing cash into their accounts, withdrawing cash from them, paying their bills, transferring funds between their accounts, and checking their account balance and latest transactions. 

As always, the safety of newly invented technology may be the largest challenge with the most technological advances. Secondly, and perhaps most importantly, since ATMs are primarily used for cash exchange, hackers and robbers are constantly looking for ways to exploit them to gain access to cash. 

Typically ATMs are connected to bank servers via leased lines, which provide high-speed connectivity, so these ATMs are normally linked to the bank's servers. An ATM manufacturer (National Cash Register or NCR) provides the hardware components required for the establishment of an ATM (Automatic Teller Machine) and is typically contracted by the bank to provide the hardware and software. 

The manufacturer usually purchases the ATM from an ATM manufacturer, usually NCR (National Cash Register). It has become very common for banks to outsource ATM maintenance, including cash loading, to third-party service providers to handle their responsibilities. 

To enable the ATM software to connect with the interbank network and dispense cash accordingly, ATMs are equipped with a switch, also known as a payment transfer engine, which is the engine that enables the ATM to transfer money between accounts. ATMs are frequently targeted for physical and logical attacks, which are the two most common types of attacks on them. 

A physical attack nowadays is an outdated practice due to the risks involved, which include financial hazards, as well as hazards to life, property and health that may result from it. Various forms of physical assault are used to attack ATMs, including the use of explosives, the removal of the machine from its post, or any other of many methods that involve forcefully removing the machine from its original location. 

With advancements in scalability, privacy, and regulatory compliance, the future outlook for blockchain-based ATM security looks quite promising. This is expected to lead to a broader adoption of the technology in the future. 

Due to the evolution of quantum-resistant cryptography and the introduction of various interoperability features, blockchain technology is poised to offer unparalleled protection, helping to prove the robustness and safety of the financial industry as a whole. 

Considering these significant innovations, it becomes more and more imperative that the financial industry implements blockchain technology to keep up with these advances. Through the integration of blockchain technology into ATM security, overall financial services, and the user experience, ATMs can be made more secure and enhanced with greater efficiency and transparency. 

Financial institutions can stand out from the competition by integrating blockchain technology to contribute to a more secure and trust-driven future in banking and beyond, which can lead to a more secure, more transparent and more efficient system.

Contemplating Import Restrictions for PCs and Laptops to Secure Digital Infrastructure

 


Although it is common practice for the government to introduce new policies hurriedly, especially when it comes to the recent licensing requirement for all-in-one personal computers (PCs), laptops, tablets, and servers, it was pushed three months back to 1 November due to how new policies were hurriedly introduced in the country. 

It is a compelling proposition for the Indian government to pursue the goal of becoming an Atmanirbhar Bharat or an independent nation in the information technological (IT) hardware space, which is logical and appealing to the Indian people for numerous reasons. 

As a result of the government's decision to curb imports of laptops, tablets, and PCs, along with the government's PLI to purchase IT hardware worth Rs 17,000 crores, local factories will now be able to produce devices priced at more than a billion dollars, which will considerably reduce import dependency over the next 2-3 years. 

The government has enacted an amended law, which makes it mandatory for importers of laptops, tablets, and certain kinds of computers to obtain a valid license. This is within seven days of import. As a matter of security, as well as to encourage goods manufacturing in the country. 

The government decided on Friday to give businesses a "transition period" to adjust to the changes to the licensing regime mandated for laptops, tablets, and personal computers a day after mandating one. There are fears that tighter supply and higher prices could result from the urbs. 

As the government has stated, the purpose behind introducing this policy is to protect the security interests of the country and its citizens Rajeev Chandrasekhar, Minister of State for Information Technology & Electronics, said that a notification would be released regarding the relaxation of norms as soon as possible. 

According to sources, India can manufacture enough IT hardware devices to not restrict the availability of laptops, tablets, all-in-one computers, ultra-small computers, and servers domestically, as the requirement to obtain permission to import these items is likely to not hurt domestic availability. 

A government source told The Indian Express is committed to the establishment of an internet in India that is open, safe, trustworthy, and accountable for all its users so that everyone can access it. There is also a likelihood that citizens will be exposed to user harm and criminality as a result of increasing penetration of the Internet and a subsequent increase in the number of Indians going online. 

Furthermore, the reports state that IT hardware has security loopholes that may expose sensitive personal data to cyber criminals and endanger enterprises and governments. It has been noted that the foundation for securing the network is the provision of secure hardware. 

Under the old production-linked incentive scheme, OEL has been approved to manufacture IT hardware, and it is expected that it will apply PLI 2.0, which expires on August 30. There is a total of 44 companies who have registered for the PLI scheme 2.0 in India, while two global companies have sent in their applications to make IT hardware devices in the country. 

A US-based technology company called HPE signed an agreement last month with VVDN Technologies. Under the agreement, the two companies plan to produce high-end servers worth USD 1 billion over the next 4-5 years under a 10-year agreement. Tarun Pathak, Research Director at Counterpoint Research, stated there is a close to $8 billion market size for laptops and PCs in India every year. 

He said that the majority of units are imported, with about 65 percent being imported from overseas. As a co-founder, Chairman, and Managing Director of Lava International, Mr. Hari Om Rai emphasizes that the government has done a great job restricting imports if they have a valid permit to do so. According to him, all supply chain disruptions have been averted as a result of the government's actions. 

As a result, companies will not have to worry about "ease of doing business" issues, which will ensure they can offer the same products at the same price to their customers in the future. As per current Canalys data, in the third quarter of 2023, there was a 35 percent decline in the Indian PC market (desktops, notebooks, and tablets), with 3.9 million units shipped during the quarter. 

As a result of a muted 2023, Canalys expects that the Indian PC market will rebound strongly in 2024 with 11 percent growth and 13 percent growth in 2025, following a muted 2023. Canalys predicts that device sales will exceed 1 billion units in 2025. As per Vinod Sharma, Chairman of the CII National Committee for Electronics and MD of Deki Electronics, incentives are provided for locally manufactured components under the IT Hardware PLI. 

A boost will be given to the domestic component ecosystem as a result of this decision. In the past, companies were allowed to import laptops without any restrictions before the Directorate General of Foreign Trade issued its notification on August 3. While the notification does not exclude certain categories of items, including laptops, tablets, laptops with all-in-one computers, and ultra-small form factor computers that are included in the luggage allowance as part of the baggage allowance, certain items are excluded. There is also an exemption for up to 20 IT devices per consignment. 

These devices are used for research and development, testing, benchmarking, evaluation, repair, and product development purposes. The re-importing of repaired goods, and devices which are essential parts of a capital good, is also exempt because they are repaired abroad. To create a scale economy for IT hardware devices in India, the government notified in May this year the implementation of the production-linked incentive scheme 2.0, which will ultimately result in further lowering the price of IT hardware devices since India has sufficient capacity to manufacture IT hardware devices. 

The government has notified the scheme to boost domestic manufacturing and create an economy of scale. There were already 44 companies registered with the PLI 2.0 IT Hardware Scheme as of July 31st. Until the end of August 2023, companies will be able to submit their applications. In the long run, IT Hardware OEMs and EMS players may have to recalculate their production plans in four years, since the Non-Trade Barrier will threaten to eliminate imports by 93 percent within four years, which could cause them to recalculate their production targets. 

Based on the information, all big IT hardware companies, except Apple, have participated directly or through their EMS companies in the PLI 2.0 for IT Hardware scheme. These companies include Dell, HP, HPE, Lenovo, ASUS, ACER, Intel, and other local brands. As part of the "Make in India" initiative, the government is encouraging the local manufacture of goods and discouraging imports.

From April to June of this year, India imported $19.7 billion worth of electronics, including laptops, tablets, and personal computers. This is up 6.25% from a year ago. Imports of personal computers, including laptops, were $5.33 billion in 2022-23, creating an increase from $5.10 billion a year previously.

A laptop, a PC, and other similar items are not generally subject to customs charges when they enter India, in general. As a result of signing a 1997 Information Technology Agreement (ITA), India has committed that from that date onwards there will be no duty on computers and many other IT-related products.

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.

Info-stealer Ransomware hit Government Organisations

 


Threat actors have targeted government entities with the PureCrypter malware downloader, which is used to deliver several information stealers and ransomware variants to targeted entities.  

According to a study conducted by researchers at Menlo Security, the initial payload of this attack was hosted on Discord by the threat actor. A non-profit organization was compromised to store more hosts for the campaign. 

Several different types of malware were delivered via the campaign, including Redline Stealer, Agent Tesla, Eternity, Black Moon, and Philadelphia Ransomware, researchers said in a statement. 

Several government organizations in the Asia Pacific (APAC) and North American regions have been targeted by PureCrypter's marketing campaign, according to researchers. 

Steps Involved in an Attack 

Firstly, the attacker sends an email with a Discord app link pointing to a password-protected ZIP archive containing a PureCrypter sample, which is then used to launch the attack. 

As of March 2021, PureCrypter began to become popular in the wild as a .NET malware downloader. Various types of malware are distributed by its operator on behalf of other cybercriminals through the use of the software. 

There is no content within this file, so when it is executed, it will deliver the next-stage payload from the compromised server of a non-profit organization, which in this case is a compromised command and control server.  

Researchers from Menlo Security examined Agent Tesla as the sample in their study. A Pakistan-based FTP server is connected to the Trojan as soon as it is launched, which receives all the stolen information on its server. 

The researchers discovered that when using leaked credentials in a breach, the threat actor took control of a particular FTP server and did not set it up themselves but rather used leaks of credentials to do so. As a result, the risk of identification was reduced and traceability was minimized. 

The Use of Agent Tesla Continues 

Cybercriminals use a malware family called Agent Tesla in their efforts to compromise Windows systems. In October 2020 and January 2021, it reached its peak in terms of usage. 

In a recent report released by Cofense, the company highlights the fact that Agent Tesla remains one of the most cost-effective and highly-capable backdoors in the market, and it has undergone continuous improvements and development during its lifespan.

Defense Intelligence recorded roughly one-third of all keylogger reports recorded by Defense Intelligence in the year 2022, which may be indicative of Tesla's keylogging activities. 

As a result of malware, the following capabilities can be observed: 

  • To gather sensitive information about the victim such as her password, all keystrokes the victim makes are recorded. 
  • A hacker can break into a web browser, email client, or file transfer application to steal passwords. 
  • The most effective way to protect confidential information on your desktop is to take screenshots of it as you use it. 
  • Obtain user names, passwords, and credit card numbers from the clipboard, as well as access clipboard contents. 
  • Send the stolen data to C2 via any of the following methods: FTP, SMTP, etc.
A feature of the attacks examined by Menlo Labs was that the threat actors managed to avoid detection by antivirus tools by injecting the AgentTesla payload into a legitimate process ("cvtres.exe") using process hollowing. 

Agent Tesla's communications with the C2 server, as well as its configuration files, are also encrypted with XOR. This is to protect them from network traffic monitoring tools used to monitor network traffic. 

According to Menlo Security, the threat actor behind PureCrypter is not one of the big players in the threat landscape. Nevertheless, it is worth taking note of its activities to determine whether or not it is targeting government agencies. 

As a result, it would be expected that the attacker would continue to use the compromised infrastructure for as long as possible before seeking out a new one. 

Britain Government With Robust Crypto Regulation

The department of Britain’s finance ministry came with robust regulations for crypto assets, following the collapse of the crypto exchange FTX last year in which millions of people lost billions of dollars. 
However, regulation of crypto-assets could create a one-sized approach that could hinder innovation.

The treasury department published a consultation document today, to bring cryptocurrency-related activities under the ambit of governing traditional financial services. 

The ministers said that the new regulations will "mitigate the most significant risks of crypto assets while harnessing their advantages". As per the data from ministers, up to 10% of UK adults now own some form of crypto. 

The government is planning to use existing rules and regulations for the industry, rather than creating a whole new regime. The Treasury Department reported regarding the regulations that it will allow crypto to benefit from the "confidence, credibility and regulatory clarity" of the existing system for financial services, as set out in the UK's Financial Services and Markets Act 2000 (FSMA). 

Economic Secretary Andrew Griffith reported that the government remained "steadfast in our commitment to grow the economy and enable technological change and innovation - and this includes crypto-asset technology. But we must also protect consumers who are embracing this new technology - ensuring robust, transparent, and fair standards". 

The Treasury Department proposed in its consultation document the following: 

1. It will make laws and regulations on crypto-asset promotions which will be fair, clear, and not misleading. 

2. It will also enhance data-reporting requirements, including with regulators. 

3. Furthermore, it will implement new laws to stop so-called pump and dump, or lie and sell high where an individual artificially inflates the value of a crypto asset before selling it. 

Conservative MP Harriett Baldwin, who chairs the Treasury Committee, said, "truly Wild West behavior, valuable technological innovation happening that could benefit the UK economy". We are paying close attention to these plans and to the regulators' plans because we would not want our constituents to think cryptocurrencies are any less risky if they are regulated".

Government Issues High-risk Warning for iPhone Users

 

Apple iPhones are known for their strength and security features. The Cupertino-based tech behemoth releases security updates for its devices on a regular basis. Although Apple recommends that people install the most recent builds of iOS on their iPhones in order to have a more protected and feature-rich operating system, older iPhone models are incapable to deploy the most recent updates due to hardware limitations. 

Some users prefer to run older versions of iOS for simplicity of use, but it's important to note that older iOS versions are easier to exploit. One such flaw has been discovered in Apple's iOS, and the Indian government has issued a warning to iPhone users.

According to the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology, a vulnerability in iOS has been disclosed that could permit an attacker to implement arbitrary code on the targeted device. Apple iOS versions prior to 12.5.7 are vulnerable for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

This vulnerability exists in Apple IOS due to a type of confusion flaw in the WebKit component, according to CERT-In. An attacker could utilize this vulnerability by luring the victim to a maliciously crafted website. An attacker who successfully exploits this vulnerability may be able to execute arbitrary code on the targeted system. 

The security flaw is actively being exploited against iOS versions prior to iOS 15.1. To avoid being duped, install the new iOS 12.5.7 patch, which Apple released earlier this week.

Trojanized Windows 10 Installer Utilized in Cyberattacks Against Ukrainian Government Entities

 

Ukraine's government has been compromised as part of a new campaign that used trojanized versions of Windows 10 installer files to conduct post-exploitation activities. The malicious ISO files were distributed via Ukrainian and Russian-language Torrent websites, according to Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022. The threat cluster is identified as UNC4166. 

"Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it," the cybersecurity company said in a technical deep dive published Thursday.

Even though the origin of the adversarial collective is unknown, the disruptions are said to have targeted organisations that had previously been victims of disruptive wiper attacks blamed on APT28, a Russian state-sponsored actor. According to the Google-owned threat intelligence firm, the ISO file was designed to disable telemetry data transmission from the infected computer to Microsoft, install PowerShell backdoors, and block automatic updates and licence verification.

The main objective of the operation appears to have been data gathering, with additional implants deployed to the machines only after an initial reconnaissance of the vulnerable environment to determine if it contained valuable intelligence.

Stowaway, an open source proxy tool, Cobalt Strike Beacon, and SPAREPART, a lightweight backdoor written in C that enables the threat actor to execute commands, harvest data, capture keystrokes and screenshots, and export the data to a remote server, were among them.

The malicious actor attempted to download the TOR anonymity browser onto the victim's device in some cases. While the precise reason for this action is unknown, it is suspected that it served as an alternative exfiltration route.

SPAREPART, as the name suggests, is considered to be redundant malware that is used to uphold remote access to the system if the other methods fail. It also has the same functionality as the PowerShell backdoors that were dropped early in the attack chain.

"The use of trojanized ISOs is novel in espionage operations and included anti-detection capabilities indicates that the actors behind this activity are security conscious and patient, as the operation would have required a significant time and resources to develop and wait for the ISO to be installed on a network of interest," Mandiant stated.

The findings come as Check Point and Positive Technologies revealed attacks on the government sector in Russia, Belarus, Azerbaijan, Turkey, and Slovenia by an espionage group known as Cloud Atlas as part of a persistent campaign.

The hacking group, which has been active since 2014, has a history of targeting entities in Eastern Europe and Central Asia. However, the outbreak of the Russo-Ukrainian war earlier this month has shifted its focus to organisations in Russia, Belarus, and Transnistria.

"The actors are also maintaining their focus on the Russian-annexed Crimean Peninsula, Lugansk, and Donetsk regions," Check Point said in an analysis last week.

The adversary's attack chains typically utilise phishing emails with bait attachments as the initial intrusion vector, leading to the delivery of a malicious payload via an intricate multi-stage sequence. The malware then contacts an actor-controlled C2 server to obtain additional backdoors capable of stealing files with specific extensions from the compromised endpoints.

Check Point's observations, on the other hand, culminate in a PowerShell-based backdoor known as PowerShower, which was first discovered by Palo Alto Networks Unit 42 in November 2018. Some of these intrusions in June 2022 were also successful, allowing the threat actor to achieve full network access and use tools such as Chocolatey, AnyDesk, and PuTTY.

"With the escalation of the conflict between Russia and Ukraine, their focus for the past year has been on Russia and Belarus and their diplomatic, government, energy and technology sectors, and on the annexed regions of Ukraine," Check Point added.

Cloud Atlas, also known as Clean Ursa, Inception, Oxygen, and Red October, is still unidentified, joining the ranks of other APTs such as TajMahal, DarkUniverse, and Metador. The group's name derives from its reliance on cloud services such as CloudMe and OpenDrive to host malware.

HomeLand Justice: Government of Albania attacked by Iranian Cyber Threat Actors

 

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Cybersecurity advisory on the recent cyber operations held by the Iranian state cyber actors against the Government of Albania in July and September. 

The advisory provides a detailed timeline pertaining to activities that were detected, from the initial software access to the execution of encryption and wiper attacks. The information also included the files that the actors used for the attacks. 
 
The hackers, referred to as HomeLand Justice, who are state-sponsored Iranian advanced persistent threat (ATP) actors, attempted to paralyse public services, delete and steal governmental data, and disrupted the government’s websites and services, wreaking havoc and panic on the state.  
 
As per the agencies, the threat actors had the access to the Albanian government servers for 14 months before executing the cyber attacks that included the execution of encryption and wiper attacks. 
 
A series of cyberattacks was then launched by the threat actors, on July 17th, 2022, after conducting lateral movements, network reconnaissance, and credential harvesting from the Albanian government network, leaving an anti-Mujahideen E- Khalq (MEK) messages on the desktops.  
 
After the network defenders detected and begin responding to the ransomware activities, HomeLand Justice employed a new family ransomware ROADSWEEP, along with a variant of wiper malware, ZEROCLEAR. 
 
While claiming to have carried out these cyber attacks, on July 23rd, HomeLand Justice took to social media, demonstrating a repeated pattern of advertising the Albanian Government about the leaks, and posting polls asking the viewers to select the information they want to be leaked. It was followed by the release of information in a .zip file or video of a screen recording with the documents. 
 
The cyber actors launched another thread of cyberattacks in September against the Albanian government, using similar TTPs and malware as the attacks made in July. The attacks were possibly done in retaliation for public attribution of the previous attack and severed diplomatic ties between the Albanian and Iranian governments. 
 
Although Albania lacks an efficient cyber defense, it is a member of NATO which can be confirmed by Appathurai's statement, “You can be sure of NATO’s continued political and practical support.” Thus, apparently, NATO will be supporting Albania with the incident to deal with immediate challenges and long-term requirements.

QUAD Nations to Assist Each Other in Taking Action Against Malicious Cyber Activities

 

On Saturday, the leaders of India, the United States, Japan, and Australia, known as the Quad, vowed to work together to ensure the security and resilience of regional cyberinfrastructure.

Following a meeting on the sidelines of the UN General Assembly session in New York, the leaders of the four countries issued a joint statement on the subject. External Affairs Minister S Jaishankar, along with his counterparts Penny Wong of Australia, Hayashi Yoshimasa of Japan, and US Secretary of State Tony Blinken, issued a statement urging states to take reasonable steps to address ransomware operations originating from within their borders.

The Quadrilateral Security Dialogue, comprised of India, the United States, Japan, and Australia, was established in 2017 to counter China's aggressive behaviour in the Indo-Pacific region. According to the statement, the leaders believe that focused initiatives to strengthen Indo-Pacific countries' cyber capabilities will ensure the security and resilience of regional cyberinfrastructure.

"The transnational nature of ransomware can adversely affect our national security, finance sector and business enterprise, critical infrastructure, and the protection of personal data. We appreciate the progress made by the 36 countries supporting the US-led Counter Ransomware Initiative and the regular, practical-oriented consultations against cybercrime in the Indo-Pacific region," they said.

The ministers emphasised that practical cooperation in countering ransomware among Indo-Pacific partners would result in ransomware actors in the region being denied a safe haven.

Recalling the last Quad Foreign Ministers' Meeting on February 11 of this year, the ministers stated their commitment to addressing the global threat of ransomware, which has hampered Indo-Pacific economic development and security.

Cyberspies Drop New Infostealer Malware on Govt Networks in Asia

 

Security researchers have discovered new cyber-espionage activity targeting Asian governments, as well as state-owned aerospace and defence companies, telecom companies, and IT organisations.
The threat group behind this action is a different cluster earlier associated with the "ShadowPad" RAT (remote access trojan) (remote access trojan). In recent campaigns, the threat actor used a much broader set of tools.

As per a report by Symantec's Threat Hunter team that dives into the activity, the intelligence-gathering attacks have been underway since at least early 2021 and are still ongoing. The current campaign appears to be almost entirely focused on Asian governments or public entities, such as:
  • Head of government/Prime Minister's office
  • Government institutions linked to finance
  • Government-owned aerospace and defense companies
  • State-owned telecoms companies
  • State-owned IT organizations
  • State-owned media companies
Symantec uses an example of an April 2022 attack to demonstrate how the espionage group breaches its government targets. The attack starts with the installation of a malicious DLL that is side-loaded by launching the executable of a legitimate application in order to load a.dat file.

The legitimate application abused by the hackers, in this case, was an 11-year-old Bitdefender Crash Handler executable. The initial.dat payload contains encrypted shellcode that can be used to directly execute commands or additional payloads from memory.

The threat actors installed ProcDump three days after gaining backdoor access to steal user credentials from the Local Security Authority Server Service (LSASS). The LadonGo penetration testing framework was side-loaded via DLL hijacking on the same day and used for network reconnaissance.

The attackers returned to the compromised machine two weeks later to install Mimikatz, a popular credential stealing tool.
Furthermore, the hackers attempted to elevate their privileges by exploiting CVE-2020-1472 (Netlogon) against two computers on the same network.

To load payloads on additional computers in the network, the attackers used PsExec to execute Crash Handler and the DLL order hijacking trick. A month after the intrusion, the threat actors gained access to the active directory server and mounted a snapshot to access user credentials and log files.

Finally, Symantec observed the use of Fscan to attempt CVE-2021-26855 (Proxylogon) exploitation against Exchange Servers in the compromised network.

Ukrainian Government Websites Shut Down due to Cyberattack

 

Ukrainian state authorities' websites have stopped working. At the moment, the website of the Ukrainian president, as well as resources on the gov.ua domain are inaccessible. 
According to the source, a large-scale cyberattack by the Russian hacker group RaHDit was the reason. A total of 755 websites of the Ukrainian authorities at the gov.ua domain were taken offline as a result of the attack. 

Hackers posted on government websites an appeal written on behalf of Russian soldiers to soldiers of the Armed Forces of Ukraine and residents of Ukraine. "The events of the last days will be the subject of long discussions of our contemporaries and descendants, but the truth is always the same! It is absolutely obvious that what happened is a clear example of what happens when irresponsible, greedy, and indifferent to the needs of their people come to power," they wrote. 

Another of the hacked websites published an appeal on behalf of Zelensky. In it, the President of Ukraine allegedly stated that he had agreed to sign a peace treaty with Russia. "This is not treason to Ukraine, to the Ukrainian spirit, it is exclusively for the benefit of the Ukrainian people," the banner said. 

The third message called on civilians to "refuse to support national radical formations formed under the guise of territorial defense." It was warned that any attempts to create armed gangs would be severely suppressed. In another announcement, Ukrainian soldiers were asked not to open fire on the Russian army and lay down their weapons: "Return fire will kill you. You are guaranteed life, polite treatment, and a bus home after the war." 

This information could not be confirmed. Currently, when entering government websites, it is reported that access to them cannot be obtained.

Earlier it became known that Russian hackers from the Killnet group hacked the website of the Anonymous group, which had previously declared a cyberwar against Russia. They urged Russians not to panic and not to trust fakes. 

On February 25, hackers from Anonymous announced their decision to declare a cyberwar against Russia due to the start of a special operation in the Donbas. The attackers attacked Russian Internet service providers and government websites. They also hacked the websites of major media outlets: TASS, Kommersant, Izvestia, Forbes, Mela, Fontanka. 

As a reminder, the special operation in Ukraine began in the morning of February 24. This was announced by Russian President Vladimir Putin.

The United States and the West are Afraid of Possible Cyber Attacks by Russian Hackers

 

According to CNN, the FBI has warned American businessmen about the growth of possible cyberattacks using ransomware by Russian hackers against the background of sanctions that US President Joe Biden imposed against Russia in connection with the situation around Ukraine. 

Earlier, Jen Easterly, head of the U.S. Agency for Cybersecurity and Infrastructure Protection, said that Russia might consider taking measures that could affect critical U.S. infrastructure in response to U.S. sanctions. She urged all organizations to familiarize themselves with the steps the agency has developed to mitigate cybersecurity risks. In addition, David Ring, head of cybersecurity at the FBI, said that Russia is allegedly a favorable environment for cybercriminals, which will not become less against the background of the confrontation between Russia and the West over the situation around Ukraine. According to CNN, briefings on such topics have been held by the FBI and the Department of Homeland Security for the past two months. 

It is important to note that Polish Prime Minister Mateusz Morawiecki decided to introduce a special high-level security regime for telecommunications and information technology in the country. 

On February 21, he signed a decree introducing the third level of the Charlie– CRP warning throughout the country. This level is introduced if there is an event confirming the probable purpose of a terrorist attack in cyberspace or if there is reliable information about a planned event. 

The Polish Law on Anti-terrorist actions provides that in the event of a terrorist attack or its threat, the head of government may introduce one of four threat levels: Alfa, Bravo, Charlie, and Delta. The highest level, Delta, can be announced if a terrorist attack occurs or incoming information indicates its high probability in Poland. 

Similar levels marked with CRP relate to threats in cyberspace. They are introduced to strengthen the control of the security level of information systems in order to monitor the possible occurrence of violations in their work. 

The Russian Federation has repeatedly rejected the accusations of Western countries in cyberattacks, calling them unfounded, and also stated that it is ready to cooperate on cybersecurity. 

Earlier, CySecurity News reported that CNN reported citing US administration sources that representatives of the White House, US intelligence, the US Department of Homeland Security (DHS), and other agencies have discussed preparations to repel cyber attacks that could be carried out in the United States and Ukraine.

UK Foreign Office Suffered ‘Serious Cyber Security Incident’

 

A "serious incident" compelled the Foreign Office of the United Kingdom to seek immediate cybersecurity assistance. A recently released public tender document confirmed the incident. According to a document released on February 4, the Foreign, Commonwealth and Development Office (FCDO) sought "urgent business support" from its cybersecurity contractor, BAE Applied Intelligence, 

The FCDO paid the company £467,325.60 — about $630,000 — for its services after issuing a contract for "business analyst and technical architect support to assess an authority cyber security incident" on January 12, 2022, according to the notice. However, the incident's facts, which had not previously been made public, remain unknown. 

The document stated, “The Authority was the target of a serious cyber security incident, details of which cannot be disclosed. In response to this incident, urgent support was required to support remediation and investigation. Due to the urgency and criticality of the work, the Authority was unable to comply with the time limits for the open or restricted procedures or competitive procedures with negotiation.” 

The Stack was the first to report on the BAE contract. According to an FCDO's spokesperson who did not give their name stated that the office does not comment on security but has measures in place to detect and protect against potential cyber events. Further queries about the incident, such as whether classified information was accessed, were declined by the spokesperson. 

TechCrunch also contacted the United Kingdom's data protection authority to see if the event had been reported, but is yet to hear back. The announcement of the apparent incident came only days after the British Council, an institution that specialises in international cultural and educational opportunities, was found to have suffered a severe security breach. Clario researchers discovered 144,000 unencrypted files on an unsecured Microsoft Azure storage server, including the personal and login information of British Council students. 

Following an investigation by the UK's National Cyber Security Center, Wilton Park, a Sussex-based executive agency of the FCDO, was hit by a cyberattack in December 2020, which revealed that hackers had access to the agency's systems for six years, though there was no proof that data had been stolen.

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department & Diplomats

 

An unidentified party used NSO Group's Pegasus spyware to attack the Apple iPhones of at least nine US State Department officials, as per a report published Friday by Reuters. 

After receiving a query about the incident, NSO Group indicated in an email to The Register that it had barred an unnamed customer's access to its system, but it has yet to determine whether its software was engaged. 

An NSO spokesperson told The Register in an email, "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations." 

"To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case." 

The Israel-based firm, which was recently sanctioned by the US for reportedly selling intrusion software to repressive regimes and is being sued by Apple and Meta's (Facebook's) WhatsApp for allegedly assisting the hacking of their customers, says it will work cooperatively with any relevant government authority and share what it learns from its investigation. 

NSO's spokesperson stated, “To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies are blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case." 

According to Reuters, the impacted State Department officials were situated in Uganda or were focused on Ugandan issues, therefore their phone numbers had a foreign nation prefix rather than a US prefix. When Apple launched its complaint against the NSO Group on November 23rd, the iPhone maker also stated that it will tell iPhone customers who have been the target of state-sponsored hacking. On the same day, Norbert Mao, a communist, was assassinated. On the same day, Norbert Mao, a lawyer and the President of Uganda's Democratic Party, tweeted that he'd gotten an Apple threat notification. 

According to the Washington Post, NSO's Pegasus software was involved in the attempted or accomplished hacking of 37 phones linked to journalists and rights activists, including two women connected to Saudi journalist Jamal Khashoggi. The findings contradicted NSO Group's claims that their software was only licenced for battling terrorists and law enforcement, according to the report. 

The NSO Group released its 2021 Transparency and Responsibility Report [PDF] the same month, insisting that its software is only used against groups with few sympathisers, such as terrorists, criminals, and pedophiles. 

Several reports from cybersecurity research and human rights organisations, not to mention UN, EU, and US claims about the firm, have disputed that assertion. The US State Department refused The Register's request for confirmation of the Reuters claim but said the agency takes its obligation to protect its data seriously. They were also told that the Biden-Harris administration is seeking to limit the use of repressive digital tools.

Israel Limits Cyberweapons Export List from 102 to 37 Nations

 

The Israeli government has limited the number of nations to which local security businesses can sell surveillance and offensive hacking equipment by nearly two-thirds, reducing the official cyber export list from 102 to 37. 

Only nations with established democracies are included in the new list, which was obtained by Israeli business publication Calcalist earlier today, such as those from Europe and the Five Eyes coalition: 

Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the UK, and the US. 

Autocratic regimes, to which Israeli corporations have frequently sold surveillance tools, are strikingly absent from the list. Spyware produced by Israeli businesses such as Candiru and the NSO Group has been attributed to human rights violations in tens of nations in recent years, with local governments using the tools to spy on journalists, activists, dissidents, and political opponents. 

The government has not issued a comment on the list's update, according to Calcalist journalists, and it is unclear why it was cut down earlier this month. The timing, on the other hand, shows that the Israeli government might have been driven it to make this choice. 

The list was updated a week after a covert meeting between Israeli and French officials to address suspicions that NSO Group malware was deployed against French President Emmanuel Macron. The announcement coincided with the US sanctioning of four monitoring firms, including Israel's Candiru and NSO Group. 

The penalties are reported to have sent NSO into a death spiral, with the business sliding from a prospective sale to French investors to losing its newly-appointed CEO and perhaps filing for bankruptcy as it has become company-non-grata in the realm of cyberweapons. 

Azimuth Security co-founder Mark Dowd discussed Israeli-based surveillance distributors and their knack for selling to offensive regimes in an episode of the Risky Business podcast last month, blaming it on the fact that these companies don't usually have connections in western governments to compete with western competitors. 

With the Israeli Defense Ministry tightening restrictions on cyber exports to autocratic regimes, the restricted cyber export list is likely to make a significant hole in Israel's estimated $10 billion surveillance sector.

As per a study released earlier this month by the Atlantic Council, there are roughly 224 firms providing surveillance and hacking tools, with 27 of them located in Israel.