Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label South Asia. Show all posts
Threat Landscape
Cyber Crime Report Cyber Fraud Cyber Scam South Asia Threat Landscape

Rise of Cybercrime in India: Reasons, Impacts & Safety Measures

 

The reel is frequently influenced by the real. Jamtara, an OTT series, was inspired by cyber fraud activities carried out in a remote part of Jharkhand. However, the script appears to need some tuning in the future. This is because cybercrime hotspots in India, such as Jamtara and Mewat, have spread outside the country's borders. 

According to a recent study conducted by the Indian Cyber Crime Coordination Centre, a part of the Union Home Ministry, approximately 45% of cybercrime cases targeting Indians originate in other South Asian nations, primarily Myanmar, Cambodia, and Laos. This is not to imply that the threat is minimal in India. 

The number of complaints about grey activities such as trading scams, phishing, and fake romance has risen dramatically, from 26,049 in 2019 to 7.4 lakh by April 2024. This year, the national cybercrime reporting system received over six lakh complaints, totaling almost Rs 1,800 crore in fraudulent money. 

Based on a study undertaken by an IIT Kanpur-incubated non-profit, financial fraud accounts for approximately 77% of cybercrimes between 2020 and 2023. There are additional risks: identity and data theft caused by cyber fraud can have long-term consequences such as a permanent debt footprint, as well as legal and security issues. Notably, the cybercrime network based in these South Asian nations has been deceiving Indians by using Indian SIM cards and fraudulent recruitment possibilities via messaging apps.

For example, the Indian embassy in Cambodia sponsored the extradition of 360 Indians. However, 5,000 citizens are accused of being trapped there and forced to commit cybercrime against their fellow Indians. Last year, India was the 80th most targeted country for cybercrime. New Delhi must use diplomatic channels to interact its concerns to these countries.

India has the second largest population of active internet users. However, the vast majority of them are unaware of internet fraud, making them easy targets for scammers. Other rising threats include privacy violations and sextortion. The expanding digital ecosystem needs a thorough understanding and mitigation of cyber threats. 

To prevent such mischief, legal loopholes must be fixed. However, there should be a balance between cybercrime prevention and overregulation so that access to the internet is not hampered while also protecting the privacy of users. Treading this fine line under an authoritarian rule can be difficult.
Read more »
Zero-day Flaw
Chinese Actors Firewall South Asia Vulnerabilities and Exploits Zero-day Flaw

Chinese Attackers Abused Sophos Firewall Zero-Day Bug to Target South Asian Organizations

 

Chinese hackers exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate multiple organizations in the South Asia region. 

The security bug has been patched in the meantime but multiple hackers continued to exploit it to bypass authentication and run arbitrary code remotely on several organizations. 

On March 25, Sophos issued a security patch about CVE-2022-1040, an authentication bypass flaw that affects the User Portal and Webadmin of Sophos Firewall and could be weaponized to implement arbitrary code remotely. 

Earlier this week, Volexity researchers detailed an assault from a Chinese APT group they track as DriftingCloud, which exploited CVE-2022-1040 since early March, a little over three weeks before Sophos issued a patch. The hackers employed a zero-day exploit to drop a webshell backdoor and target the customer’s staff. 

“This particular attack leveraged a zero-day exploit to compromise the customer’s firewall. Volexity observed the attacker implement an interesting webshell backdoor, create a secondary form of persistence, and ultimately launch attacks against the customer’s staff. These attacks aimed to further breach cloud-hosted web servers hosting the organization’s public-facing websites.” reads a blog post published by Volexity researchers. “This type of attack is rare and difficult to detect. This blog post serves to share what highly targeted organizations are up against and ways to defend against attacks of this nature.” 

The adversary used the zero-day exploit to compromise the firewall to install webshell backdoors and malware that would enable compromising external systems outside the network protected by Sophos Firewall. Volexity spotted the breach while investigating suspicious traffic generated from the Sophos Firewall to key systems in its customer’s networks. The examination of the logs revealed significant and repeated suspicious access aimed at a valid JSP file (login.jsp). 

Further investigation disclosed that the hackers were using the Behinder framework, which was employed by other Chinese APT groups in assaults abusing the recently disclosed CVE-2022-26134 vulnerability in Confluence servers. 

The exploitation of the Sophos Firewall was the first stage of the attack chain, APT group later launched man-in-the-middle (MitM) assaults to steal data and use them to exploit additional systems outside of the network where the firewall resided. Once secured access to the target webservers, the hackers installed multiple open-source malware, including PupyRAT, Pantegana, and Sliver.
Read more »
South Asia
APT Group Black hat Cyber Attacks Sophisticated Assaults South Asia

SideWinder Launched Nearly 1000 Assaults in Two Years

 

The South Asian APT organization SideWinder has been on a tear for the past two years gone, launching nearly 1,000 raids and deploying increasingly sophisticated assault techniques. 

Earlier this week, Noushin Shaba, a senior security researcher at Kaspersky shared her findings at the Black Hat Asia conference regarding SideWinders’ attacking methodologies. The APT group primarily targets military and law enforcement agencies in Pakistan, Bangladesh, and other South Asian countries.

SideWinder has been active since at least 2012 and primarily targets military and law enforcement agencies in Pakistan, Bangladesh, and other South Asian countries. In recent years, they have also targeted departments of Foreign Affairs, Scientific and Defence organizations, Aviation, IT industry, and Legal firms. Some of their newly registered domains and spear-phishing documents indicate this threat actor is expanding the geography of its targets to other countries and regions. 

SideWinder has become one of the planet's most prolific hacking groups by expanding the geography of its targets to other countries and regions. However, the reason behind its expansion remains unknown. 

Last year, the group deployed new obfuscation techniques for the JavaScript it drops into .RTF files, .LNK files, and Open Office documents. Kaspersky has observed unique encryption keys deployed across over 1,000 malware samples sourced from the group.

Threat actors even ran two versions of its obfuscation techniques over several months, and appear to have shifted from an older and less stealthy version to its current malware. SideWinder also exchanges domains regularly for its command-and-control servers as well as for its download servers. That's mostly to ensure that if a domain gets detected, it still has a way to get to its targets, Shabab explains. Spreading activity across different domains in the attacks is less likely to raise suspicion as well. 

In January 2020, Trend Micro researchers revealed that they had unearthed SideWinder exploiting a zero-day local privilege-escalation vulnerability (CVE-2019-2215) that affected hundreds of millions of Android users when it was first published. 

“I think what really makes them stand out among other APTs [advanced persistent threat] actors are the big toolkit they have with many different malware families, lots of new spear-phishing documents, and a very large infrastructure. I have not seen 1,000 attacks from a single APT from another group until further,” Shaba stated.
Read more »
Subscribe to: Posts (Atom)