EU’s Cybersecurity Blueprint 2025: Encouraging Collaborative Resilience

In the rich history of humanity, the advent of artificial intelligence (AI) has added a new, delicate aspect. The aspect of promising technological advancement has the potential to either enrich the nest of our society or destroy it entirely. The latest straw in this complex nest is generative AI, a frontier teeming with both potential and perils. It is a realm where the ethereal concepts of cyber peace and resilience are not just theoretical constructs but tangible necessities.

The spectre of generative AI looms large over the digital landscape, casting a long shadow on the sanctity of data privacy and the integrity of political processes. The seeds of this threat were sown in the fertile soil of the Cambridge Analytica scandal of 2018, a watershed moment that unveiled the extent to which personal data could be harvested and utilized to influence electoral outcomes. However despite the indignation, the scandal resulted in meagre alterations to modus operandi of digital platforms.

Fast forward to the present day, and the spectre has only grown more ominous. A recent report by Human Rights Watch has shed light on the continued exploitation of data-driven campaigning in Hungary's re-election of Viktor Orbán. The report paints a chilling picture of political parties leveraging voter databases for targeted social media advertising, with the ruling Fidesz party even resorting to the unethical use of public service data to bolster its voter database.

The Looming Threat of Disinformation

As we stand on the precipice of 2024, a year that will witness over 50 countries holding elections, the advancements in generative AI could exponentially amplify the ability of political campaigns to manipulate electoral outcomes. This is particularly concerning in countries where information disparities are stark, providing fertile ground for the seeds of disinformation to take root and flourish.

The media, the traditional watchdog of democracy, has already begun to sound the alarm about the potential threats posed by deepfakes and manipulative content in the upcoming elections. The limited use of generative AI in disinformation campaigns has raised concerns about the enforcement of policies against generating targeted political materials, such as those designed to sway specific demographic groups towards a particular candidate.

Yet, while the threat of bad actors using AI to generate and disseminate disinformation is real and present, there is another dimension that has largely remained unexplored: the intimate interactions with chatbots. These digital interlocutors, when armed with advanced generative AI, have the potential to manipulate individuals without any intermediaries. The more data they have about a person, the better they can tailor their manipulations.

Root of the Cause 

To fully grasp the potential risks, we must journey back 30 years to the birth of online banner ads. The success of the first-ever banner ad for AT&T, which boasted an astounding 44% click rate, birthed a new era of digital advertising. This was followed by the advent of mobile advertising in the early 2000s. Since then, companies have been engaged in a perpetual quest to harness technology for manipulation, blurring the lines between commercial and political advertising in cyberspace.

Regrettably, the safeguards currently in place are woefully inadequate to prevent the rise of manipulative chatbots. Consider the case of Snapchat's My AI generative chatbot, which ostensibly assists users with trivia questions and gift suggestions. Unbeknownst to most users, their interactions with the chatbot are algorithmically harvested for targeted advertising. While this may not seem harmful in its current form, the profit motive could drive it towards more manipulative purposes.

If companies deploying chatbots like My AI face pressure to increase profitability, they may be tempted to subtly steer conversations to extract more user information, providing more fuel for advertising and higher earnings. This kind of nudging is not clearly illegal in the U.S. or the EU, even after the AI Act comes into effect. The market size of AI in India is projected to touch US$4.11bn in 2023. 

Taking this further, chatbots may be inclined to guide users towards purchasing specific products or even influencing significant life decisions, such as religious conversions or voting choices. The legal boundaries here remain unclear, especially when manipulation is not detectable by the user. 

The Crucial Dos/Dont's 

It is crucial to set rules and safeguards in order to manage the possible threats related to manipulative chatbots in the context of the general election in 2024.

First and foremost, candor and transparency are essential. Chatbots, particularly when employed for political or electoral matters, ought to make it clear to users what they are for and why they are automated. By being transparent, people are guaranteed to be aware that they are interacting with automated processes.

Second, getting user consent is crucial. Before collecting user data for any reason, including advertising or political profiling, users should be asked for their informed consent. Giving consumers easy ways to opt-in and opt-out gives them control over their data.

Furthermore, moral use is essential. It's crucial to create an ethics code for chatbot interactions that forbids manipulation, disseminating false information, and trying to sway users' political opinions. This guarantees that chatbots follow moral guidelines.

In order to preserve transparency and accountability, independent audits need to be carried out. Users might feel more confident knowing that chatbot behavior and data collecting procedures are regularly audited by impartial third parties to ensure compliance with legal and ethical norms.

Important "don'ts" to take into account. Coercion and manipulation ought to be outlawed completely. Chatbots should refrain from using misleading or manipulative approaches to sway users' political opinions or religious convictions.

Another hazard to watch out for is unlawful data collecting. Businesses must obtain consumers' express agreement before collecting personal information, and they must not sell or share this information for political reasons.

At all costs, one should steer clear of fake identities. Impersonating people or political figures is not something chatbots should do because it can result in manipulation and false information.

It is essential to be impartial. Bots shouldn't advocate for or take part in political activities that give preference to one political party over another. In encounters, impartiality and equity are crucial.

Finally, one should refrain from using invasive advertising techniques. Chatbots should ensure that advertising tactics comply with legal norms by refraining from displaying political advertisements or messaging without explicit user agreement.

Present Scenario

As we approach the critical 2024 elections and generative AI tools proliferate faster than regulatory measures can keep pace, companies must take an active role in building user trust, transparency, and accountability. This includes comprehensive disclosure about a chatbot's programmed business goals in conversations, ensuring users are fully aware of the chatbot's intended purposes.

To address the regulatory gap, stronger laws are needed. Both the EU AI Act and analogous laws across jurisdictions should be expanded to address the potential for manipulation in various forms. This effort should be driven by public demand, as the interests of lawmakers have been influenced by intensive Big Tech lobbying campaigns.

At present, India doesn’t have any specific laws pertaining to AI regulation. Ministry of Electronics and Information Technology (MEITY), is the executive body responsible for AI strategies and is constantly working towards a policy framework for AI. The Niti Ayog has presented seven principles for responsible AI which includes equality , inclusivity, safety, privacy, transparency, accountability, dependability and protection of positive human values.

Conclusion 

We are at a pivotal juncture in history. As generative AI gains more power, we must proactively establish effective strategies to protect our privacy, rights and democracy. The public's waning confidence in Big Tech and the lessons learned from the techlash underscore the need for stronger regulations that hold tech companies accountable. Let's ensure that the power of generative AI is harnessed for the betterment of society and not exploited for manipulation.

Reference

McCallum, B. S. (2022, December 23). Meta settles Cambridge Analytica scandal case for $725m. BBC News. https://www.bbc.com/news/technology-64075067

Hungary: Data misused for political campaigns. (2022, December 1). Human Rights Watch. https://www.hrw.org/news/2022/12/01/hungary-data-misused-political-campaigns

Statista. (n.d.). Artificial Intelligence - India | Statista Market forecast. https://www.statista.com/outlook/tmo/artificial-intelligence/india

Introduction

Digitalisation presents both opportunities and challenges for micro, small, and medium enterprises (MSMEs) in emerging markets. Digital tools can increase business efficiency and reach but also increase exposure to misinformation, fraud, and cyber attacks. Such cyber threats can lead to financial losses, reputational damage, loss of customer trust, and other challenges hindering MSMEs' ability and desire to participate in the digital economy.

The current information dump is a major component of misinformation. Misinformation spreads or emerges from online sources, causing controversy and confusion in various fields including politics, science, medicine, and business. One obvious adverse effect of misinformation is that MSMEs might lose trust in the digital market. Misinformation can even result in the devaluation of a product, sow mistrust among customers, and negatively impact the companies’ revenue. The reach of and speed with which misinformation can spread and ruin companies’ brands, as well as the overall difficulty businesses face in seeking recourse, may discourage MSMEs from fully embracing the digital ecosystem. 

MSMEs are essential for innovation, job development, and economic growth. They contribute considerably to the GDP and account for a sizable share of enterprises. They serve as engines of economic resilience in many nations, including India. Hence, a developing economy’s prosperity and sustainability depend on the MSMEs' growth and such digital threats might hinder this process of growth. 

There are widespread incidents of misinformation on social media, and these affect brand and product promotion. MSMEs also rely on online platforms for business activities, and threats such as misinformation and other digital risks can result in reputational damage and financial losses. A company's reputation being tarnished due to inaccurate information or a product or service being incorrectly represented are just some examples and these incidents can cause MSMSs to lose clients and revenue.

In the digital era, MSMEs need to be vigilant against false information in order to preserve their brand name, clientele, and financial standing. In the interconnected world of today, these organisations must develop digital literacy and resistance against misinformation in order to succeed in the long run. Information resilience is crucial for protecting and preserving their reputation in the online market.

The Impact of Misinformation on MSMEs

Misinformation can have serious financial repercussions, such as lost sales, higher expenses, legal fees, harm to the company's reputation, diminished consumer trust, bad press, and a long-lasting unfavourable impact on image. A company's products may lose value as a result of rumours, which might affect both sales and client loyalty. 

Inaccurate information can also result in operational mistakes, which can interrupt regular corporate operations and cost the enterprise a lot of money. When inaccurate information on a product's safety causes demand to decline and stockpiling problems to rise, supply chain disruptions may occur. Misinformation can also lead to operational and reputational issues, which can cause psychological stress and anxiety at work. The peace of the workplace and general productivity may suffer as a result. For MSMEs, false information has serious repercussions that impact their capacity to operate profitably, retain employees, and maintain a sustainable business. Companies need to make investments in cybersecurity defence, legal costs, and restoring consumer confidence and brand image in order to lessen the effects of false information and ensure smooth operations.

When we refer to the financial implications caused by misinformation spread in the market, be it about the product or the enterprise, the cost is two-fold in all scenarios: there is loss of revenue and then the organisation has to contend with the costs of countering the impact of the misinformation. Stock Price Volatility is one financial consequence for publicly-traded MSMEs, as misinformation can cause stock price fluctuations. Potential investors might be discouraged due to false negative information.

Further, the reputational damage consequences of misinformation on MSMEs is also a serious concern as a loss of their reputation can have long-term damages for a carefully-cultivated brand image. 

There are also operational disruptions caused by misinformation: for instance, false product recalls can take place and supplier mistrust or false claims about supplier reliability can disrupt procurement leading to disruptions in the operations of MSMEs. 

Misinformation can negatively impact employee morale and productivity due to its physiological effects. This leads to psychological stress and workplace tensions. Staff confidence is also affected due to the misinformation about the brand. Internal operational stability is a core component of any organisation’s success. 

Misinformation: Key Risk Areas for MSMEs

1. Product and Service Misinformation

For MSMEs, misinformation about products and services poses a serious danger since it undermines their credibility and the confidence clients place in the enterprise and its products or services. Because this misleading material might mix in with everyday activities and newsfeeds, viewers may find it challenging to identify fraudulent content. For example, falsehoods and rumours about a company or its goods may travel quickly through social media, impacting the confidence and attitude of customers. Algorithms that favour sensational material have the potential to magnify disinformation, resulting in the broad distribution of erroneous information that can harm a company's brand.

2. False Customer Reviews and Testimonials

False testimonies and evaluations pose a serious risk to MSMEs. These might be abused to damage a company's brand or lead to unfair competition. False testimonials, for instance, might mislead prospective customers about the calibre or quality of a company’s offerings, while phony reviews can cause consumers to mistrust a company's goods or services. These actions frequently form a part of larger plans by rival companies or bad individuals to weaken a company's position in the market.

3. Misleading Information about Business Practices

False statements or distortions regarding a company's operations constitute misleading information about business practices. This might involve dishonest marketing, fabrications regarding the efficacy or legitimacy of goods, and inaccurate claims on a company's compliance with laws or moral principles. Such incorrect information can result in a decline in consumer confidence, harm to one's reputation, and even legal issues if consumers or rival businesses act upon it. Even before the truth is confirmed, for example, allegations of wrongdoing or criminal activity pertaining can inflict a great deal of harm, even if they are disproven later.

4. Fake News Related to Industry and Market Conditions

By skewing consumer views and company actions, fake news about market and industry circumstances can have a significant effect on MSMEs. For instance, false information about market trends, regulations, or economic situations might make consumers lose faith in particular industries or force corporations to make poor strategic decisions. The rapid dissemination of misinformation on online platforms intensifies its effects on enterprises that significantly depend on digital engagement for their operations.

Factors Contributing to the Vulnerability of MSMEs

1. Limited Resources for Verification

MSMEs have a small resource pool. Information verification is typically not a top priority for most. MSMEs usually lack the resources needed to verify the information and given their limited resources, they usually tend to deploy the same towards other, more seemingly-critical functions. They are more susceptible to misleading information because they lack the capacity to do thorough fact-checking or validate the authenticity of digital content. Technology tools, human capital, and financial resources are all in low supply but they are essential requirements for effective verification processes.

2. Inadequate Digital Literacy

Digital literacy is required for effective day-to-day operations. Fake reviews, rumours, or fake images commonly used by malicious actors can result in increased scrutiny or backlash against the targeted business. The lack of awareness combined with limited resources usually spells out a pale redressal plan on part of the affected MSME. Due to their low digital literacy in this domain, a large number of MSMEs are more susceptible to false information and other online threats. Inadequate knowledge and abilities to use digital platforms securely and effectively can result in making bad decisions and raising one's vulnerability to fraud, deception, and online scams.

3. Lack of Crisis Management Plans

MSMEs frequently function without clear-cut procedures for handling crises. They lack the strategic preparation necessary to deal with the fallout from disinformation and cyberattacks. Proactive crisis management plans usually incorporate procedures for detecting, addressing, and lessening the impact of digital harms, which are frequently absent from MSMEs.

4. High Dependence on Social Media and Online Platforms

The marketing strategy for most MSMEs is heavily reliant on social media and online platforms. While the digital-first nature of operations reduces the need for a large capital to set up in the form of stores or outlets, it also gives them a higher need to stay relevant to the trends of the online community and make their products attractive to the customer base. However, MSMEs are depending more and more on social media and other online channels for marketing, customer interaction, and company operations. These platforms are really beneficial, but they also put organisations at a higher risk of false information and online fraud. Heavy reliance on these platforms coupled with the absence of proper security measures and awareness can result in serious interruptions to operations and monetary losses.

CyberPeace Policy Recommendations to Enhance Information Resilience for MSMEs

CyberPeace advocates for establishing stronger legal frameworks to protect MSMEs from misinformation. Governments should establish regulations to build trust in online business activities and mitigate fraud and misinformation risks. Mandatory training programs should be implemented to cover online safety and misinformation awareness for MSME businesses. Enhanced reporting mechanisms should be developed to address digital harm incidents promptly. Governments should establish strict penalties for deliberate inaccurate misinformation spreaders, similar to those for copyright or intellectual property violations. Community-based approaches should be encouraged to help MSMEs navigate digital challenges effectively. Donor communities and development agencies should invest in digital literacy and cybersecurity training for MSMEs, focusing on misinformation mitigation and safe online practices. Platform accountability should be increased, with social media and online platforms playing a more active role in removing content from known scam networks and responding to fraudulent activity reports. There should be investment in comprehensive digital literacy solutions for MSMEs that incorporate cyber hygiene and discernment skills to combat misinformation.

‍Conclusion

Misinformation poses a serious risk to MSME’s digital resilience, operational effectiveness, and financial stability. MSMEs are susceptible to false information because of limited technical resources, lack of crisis management strategies, and insufficient digital literacy. They are also more vulnerable to false information and online fraud because of their heavy reliance on social media and other online platforms. To address these challenges it is significant to strengthen their cyber hygiene and information resilience. Robust policy and regulatory frameworks are encouraged, promoting and mandating online safety training programmes, and improved reporting procedures, are required to overall enhance the information landscape. 

References:

1. https://www.dai.com/uploads/digital-downsides.pdf
2. https://www.indiacode.nic.in/bitstream/123456789/2013/3/A2006-27.pdf
3. https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1946375
4. https://dai-global-digital.com/digital-downsides-the-economic-impact-of-misinformation-and-other-digital-harms-on-msmes-in-kenya-india-and-cambodia.html
5. https://www.dai.com/uploads/digital-downsides.pdf

‍

Executive Summary:

New Linux malware has been discovered by a cybersecurity firm Volexity, and this new strain of malware is being referred to as DISGOMOJI. A Pakistan-based threat actor alias ‘UTA0137’ has been identified as having espionage aims, with its primary focus on Indian government entities.  Like other common forms of backdoors and botnets involved in different types of cyberattacks, DISGOMOJI, the malware  allows the use of commands to capture screenshots, search for files to steal, spread additional payloads, and transfer files. DISGOMOJI  uses Discord (messaging service)  for Command & Control (C2)  and uses emojis  for C2 communication. This malware targets Linux operating systems.

The DISCOMOJI Malware:  

• The DISGOMOJI malware opens a specific channel in a Discord server and every new channel corresponds to a new victim. This means that the attacker can communicate with the victim one at a time.

• This particular malware connects with the attacker-controlled Discord server using Emoji, a form of relay protocol. The attacker provides unique emojis as instructions, and the malware uses emojis as a feedback to the subsequent command status.

• For instance, the ‘camera with flash’ emoji is used to screenshots the device of the victim or to steal, the ‘fox’ emoji cracks all Firefox profiles, and the ‘skull’ emoji kills the malware process.

• This C2 communication is done using emojis to ensure messaging between infected contacts, and it is almost impossible for Discord to shut down the malware as it can always change the account details of Discord it is using once the maliciou server is blocked.

• The malware also has capabilities aside from the emoji-based C2 such as network probing, tunneling, and data theft that are needed to help the UTA0137 threat actor in achieving its espionage goals.

Specific emojis used for different commands by UTA0137:

• Camera with Flash (📸): Captures a picture of the target device’s screen as per the victim’s directions.

• Backhand Index Pointing Down (👇): Extracts files from the targeted device and sends them to the command channel in the form of attachments.

• Backhand Index Pointing Right (👉): This process involves sending a file found on the victim’s device to another web-hosted file storage service known as Oshi or oshi[. ]at.

• Backhand Index Pointing Left (👈): Sends a file from the victim’s device to transfer[. ]sh, which is an online service for sharing files on the Internet.

• Fire (🔥): Finds and transmits all files with certain extensions that exist on the victim’s device, such as *. txt, *. doc, *. xls, *. pdf, *. ppt, *. rtf, *. log, *. cfg, *. dat, *. db, *. mdb, *. odb, *. sql, *. json, *. xml, *. php, *. asp, *. pl, *. sh, *. py, *. ino, *. cpp, *. java,

• Fox (🦊): This works by compressing all Firefox related profiles in the affected device. 

• Skull (💀): Kills the malware process in windows using ‘os. Exit()’

• Man Running (🏃‍♂️):  Execute a command on a victim’s device. This command receives an argument, which is the command to execute.

• Index Pointing up (👆) : Upload a file to the victim's device. The file to upload is attached along with this emoji

Analysis:   

The analysis was carried out for one of the indicator of compromised SHA-256 hash file-  C981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf002.

It is found that most of the vendors have marked the file as trojan in virustotal and the graph explains the malicious nature of the contacted domains and IPs.

‍

Discord & C2 Communication  for UTA0137:

• Stealthiness: Discord is a well-known messaging platform used for different purposes, which means that sending any messages or files on the server should not attract suspicion. Such stealthiness makes it possible for UTA0137 to remain dormant for greater periods before launching an attack.

• Customization: UTA0137 connected to Discord is able to create specific channels for distinct victims on the server. Such a framework allows the attackers to communicate with each of the victims individually to make a process more accurate and efficient.

• Emoji-based protocol: For C2 communication, emojis really complicates the attempt that Discord might make to interfere with the operations of the malware. In case the malicious server gets banned, malware could easily be recovered, especially by using the Discord credentials from the C2 server.

• Persistence: The malware, as stated above, has the ability to perpetually exist to hack the system and withstand rebooting of systems so that the virus can continue to operate without being detected by the owner of the hacked system.

• Advanced capabilities: Other features of DISGOMOJI are the Network Map using Nmap scanner, network tunneling through Chisel and Ligolo and Data Exfiltration by File Sharing services. These capabilities thus help in aiding the espionage goals of UTA0137.

• Social engineering: The virus and the trojan can show the pop-up windows and prompt messages, for example the fake update for firefox and similar applications, where the user can be tricked into inputting the password.

• Dynamic credential fetching: The malware does not write the hardcoded values of the credentials in order to connect it to the discord server. This also inconveniences analysts as they are unable to easily locate the position of the C2 server.

• Bogus informational and error messages: They never show any real information or errors because they do not want one to decipher the malicious behavior easily.

Recommendations to mitigate the risk of UTA0137:

• Regularly Update Software and Firmware: It is essential to regularly update all the application software and firmware of different devices, particularly, routers, to prevent hackers from exploiting the discovered and disclosed flaws. This includes fixing bugs such as CVE-2024-3080 and CVE-2024-3912 on ASUS routers, which basically entails solving a set of problems.

• Implement Multi-Factor Authentication: There are statistics that show how often user accounts are attacked, it is important to incorporate multi-factor authentication to further secure the accounts.

• Deploy Advanced Malware Protection: Provide robust guard that will help the user recognize and prevent the execution of the DISGOMOJI malware and similar threats.

• Enhance Network Segmentation: Utilize stringent network isolation mechanisms that seek to compartmentalize the key systems and data from the rest of the network in order to minimize the attack exposure.

• Monitor Network Activity: Scanning Network hour to hour for identifying and handling the security breach and the tools such as Nmap, Chisel, Ligolo etc can be used.

• Utilize Threat Intelligence: To leverage advanced threats intelligence which will help you acquire knowledge on previous threats and vulnerabilities and take informed actions.

• Secure Communication Channels: Mitigate the problem of the leakage of developers’ credentials and ways of engaging with the discord through loss of contact to prevent abusing attacks or gaining control over Discord as an attack vector.

• Enforce Access Control: Regularly review and update the user authentication processes by adopting stricter access control measures that will allow only the right personnel to access the right systems and information.

• Conduct Regular Security Audits: It is important to engage in security audits periodically in an effort to check some of the weaknesses present within the network or systems.

• Implement Incident Response Plan: Conduct a risk assessment, based on that design and establish an efficient incident response kit that helps in the early identification, isolation, and management of security breaches.

• Educate Users: Educate users on cybersecurity hygiene, opportunities to strengthen affinity with the University, and conduct retraining on threats like phishing and social engineering.

Conclusion:

The new threat actor named UTA0137 from Pakistan who was utilizing DISGOMOJI malware to attack Indian government institutions using embedded emojis with a command line through the Discord app was discovered by Volexity. It has the capability to exfiltrate and aims to steal the data of government entities. The UTA0137 was continuously improved over time to permanently communicate with victims. It underlines the necessity of having strong protection from viruses and hacker attacks, using secure passwords and unique codes every time, updating the software more often and having high-level anti-malware tools. Organizations can minimize advanced threats, the likes of DISGOMOJI and protect sensitive data by improving network segmentation, continuous monitoring of activities, and users’ awareness.

References:

https://otx.alienvault.com/pulse/66712446e23b1d14e4f293eb

https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html?m=1

https://cybernews.com/news/hackers-using-emojis-to-command-malware/

https://www.blackhatethicalhacking.com/news/disgomoji-new-linux-malware-uses-emojis-for-command-execution/

https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/

‍