#FactCheck - Stunning 'Mount Kailash' Video Exposed as AI-Generated Illusion!

Introduction

Cyber attacks are becoming increasingly common and most sophisticated around the world. India's Telecom operator BSNL has allegedly suffered a data breach. Reportedly, Hackers managed to steal sensitive information of BSNL customers and the same is now available for sale on the dark web. The leaked information includes names email addresses billing details contact numbers and outgoing call records of BSNL customers victims include both BSNL fibre and landline users. The threat actor using Querel has released a sample data set on a dark web forum and the data set contains 32,000 lines of leaked information the threat actor has claimed that the total number of lines across all databases amounts to approximately 2.9 Million. 

The Persistent Threat to Digital Fortresses

As we plunge into the abyssal planes of the internet, where the shadowy tendrils of cyberspace stretch out like the countless arms of some digital leviathan, we find ourselves facing a stark and chilling revelation. At its murky depths lurks the dark web, a term that brings forth images of a clandestine digital netherworld where anonymity reigns supreme and the conventional rules of law struggle to cast their net. It is here, in this murky digital landscape, where the latest trophy of cyber larceny has been flagrantly displayed — the plundered data of Bharat Sanchar Nigam Ltd (BSNL), India's state-owned telecommunications colossus.

This latest breach serves not simply as a singular incident in the tapestry of cyber incursions but as a profound reminder of the enduring fragility of our digital bastions against the onslaught wielded by the ever-belligerent adversaries in cyberspace.

The Breach 

Tracing the genesis of this worrisome event, we find a disconcerting story unfold. It began to surface when a threat actor, shrouded in the mystique of the digital shadows and brandishing the enigmatic alias 'Perell,' announced their triumph on the dark web. This self-styled cyber gladiator took to the encrypted recesses of this hidden domain with bravado, professing to have extracted 'critical information' from the inner sanctum of BSNL's voluminous databases. It is from these very vaults that the most sensitive details of the company's fibre network and landline customers originate.

A portion of the looted data, a mere fragment of a more extensive and damning corpus, was brandished like a nefariously obtained banner for all to see on the dark web. It was an ostentatious display, a teaser intended to tantalize and terrify — approximately 32,000 lines of data, a hint of the reportedly vast 2.9 million lines of data that 'Perell' claimed to have sequestered in their digital domain. The significance of this compromised information cannot be overstated; it is not mere bytes and bits strewn about in the cyber-wind. It constitutes the very essence of countless individuals, an amalgamation of email addresses, billing histories, contact numbers, and a myriad of other intimate details that, if weaponized, could set the stage for heinous acts of identity theft, insidious financial fraud, and precisely sculpted phishing schemes.

Ramifications 

The ramifications of such a breach extend far beyond individual concerns of privacy invasion. This event signifies an alarming clarion call highlighting the susceptibility of our digital identities. In an era where the strands of our daily lives are ever more entwined with the World Wide Web, such penetrations are not merely an affront to corporate entities; they are a direct assault on the individual's inherent right to security and the implicit trust placed in the institutions that profess to shield their most private information.

Ripples of concern have emanated throughout the cybersecurity community, prompting urgent action from Cert-In, India's cyber security sentinel. Upon notification of this digital transgression, alarms were sounded, and yet, in a disconcerting turn, BSNL has remained enigmatic, adopting a silence that seems to belie the gravity of the situation. This reticence stands in contrast to the urgency for open dialogue and transparency — it is within the anvil of these principles that the foundations of trust are laid and sustained.

Conclusion

The narrative of the BSNL data breach transcends a singular tale of digital larceny or vulnerability; it unfolds as an insistent call to action, demanding a unified and proactive response to the perpetually morphing threat landscape that haunts our technologically dependent world. It is an uncomfortable reminder that in the intricately woven web of our online existence, we each stand as potential targets with our personal data held precariously as the coveted prize for those shadow-walkers and data marauders who dwell in the secretive realms of the internet's darkest corners.

References 

• https://economictimes.indiatimes.com/tech/technology/sensitive-user-info-hawked-on-dark-web-post-bsnl-data-breach/articleshow/106190922.cms
• https://www.business-standard.com/companies/news/threat-actor-breaches-bsnl-server-database-puts-up-dataset-on-dark-web-123122200310_1.html

Introduction

Devices and interconnectivity are the pipelines which drive the data into cyberspace, and in turn, the users consume this data to perform different tasks in the digital age. The security of devices and networks is essential as they are the first defenders of cyberspace. Bad actors often target systems and networks with malware and ransomware, these attacks are differently motivated, but all wreak havoc upon the system and can impact individuals and organisations alike. Mobile users worldwide prefer iOS or Android, but both operating systems are vulnerable to cyberattacks these days. Some of these attacks go undetected for a long time.

Op Triangulation

As reported by Kaspersky, While monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), Kaspersky noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, they created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. This is known as Operation Triangulation and has been in action since 2019 and got detected in 2023.

The Malware

A portion of the filesystem, including some of the user data and service databases, is included in mobile device backups. The files, directories, and database entries’ timestamps make it possible to reconstruct the events that happened to the device roughly. The “timeline.csv” file created by the mvt-ios software contains a sorted timeline of events that is comparable to the super-timeline utilised by traditional digital forensic tools. Pinpointing particular artefacts that show the compromise using this timeframe. This made it possible to advance the research and reassemble the broad infection sequence:

Through the iMessage service, a message with an attachment containing an exploit is delivered to the target iOS device.

The message initiates a vulnerability that results in code execution without any user input.

The exploit’s code downloads multiple additional stages, including additional exploits for privilege escalation, from the C&C server.

After successful exploitation, a fully functional APT platform is downloaded as the final payload from the C&C server.

The first message and the attachment’s exploit are removed

The lack of persistence support in the harmful toolset is most likely a result of OS restrictions. Multiple devices’ timeframes suggest that after rebooting, they might get infected again. The earliest signs of infection that we found date to 2019. The most recent version of the devices that have been successfully attacked as of the time of writing in June 2023 is iOS 15.7.

The final payload analysis is still ongoing. The programme executes with root rights, implements a set of commands for gathering user and system data, and can run any code downloaded as plugin modules from the C&C server.

Malicious Domains

Using the forensic artefacts, it was possible to identify the domain name set used by the exploits and further malicious stages. They can be used to check the DNS logs for historical information and to identify the devices currently running the malware:

addatamarket[.]net

backuprabbit[.]com

businessvideonews[.]com

cloudsponcer[.]com

datamarketplace[.]net

mobilegamerstats[.]com

snoweeanalytics[.]com

tagclick-cdn[.]com

topographyupdates[.]com

unlimitedteacup[.]com

virtuallaughing[.]com

web-trackers[.]com

growthtransport[.]com

anstv[.]netAns7tv[.]net

Safeguards for iOS users

Despite its world-class safety and privacy architecture, iOS is vulnerable to a few attacks; the following steps can be undertaken to safeguard iOS users –

Keeping Device updated

Security patches

Disabling iMessage would prevent Zero clicks exploits or the Triangulation attacks

Paying zero attention to unwanted, unsolicited messages

The user should make sure that any application they are downloading or installing; it should be from a trusted source ( This Zero click attack does not occur by any other means, It exploits / it targets software vulnerabilities in operating systems networks and applications)

Being cautious with the messaging app and emails

Implement device restrictions (management features like parental control and restrictions over using necessary applications)

Conclusion

Operation Triangulation is one of the recent operations combating cyber attacks, but such operations are launched nearly daily. This is also due to a rapid rise in internet and technology penetration across the world. Cyberattacks have taken a new face as they have evolved with the new and emerging technology. The influence of the Darknet has allowed many hackers to remain on the black hat side due to easy accessibility to illegal tools and material over the dark net, which facilitates such crimes.

Introduction

Meta is the leader in social media platforms and has been successful in having a widespread network of users and services across global cyberspace. The corporate house has been responsible for revolutionizing messaging and connectivity since 2004. The platform has brought people closer together in terms of connectivity, however, being one of the most popular platforms is an issue as well. Popular platforms are mostly used by cyber criminals to gain unauthorised data or create chatrooms to maintain anonymity and prevent tracking. These bad actors often operate under fake names or accounts so that they are not caught. The platforms like Facebook and Instagram have been often in the headlines as portals where cybercriminals were operating and committing crimes.

To keep the data of the netizen safe and secure Paytm under first of its kind service is offering customers protection against cyber fraud through an insurance policy available for fraudulent mobile transactions up to Rs 10,000 for a premium of Rs 30. The cover ‘Paytm Payment Protect’ is provided through a group insurance policy issued by HDFC Ergo. The company said that the plan is being offered to increase the trust in digital payments, which will push up adoption.

Meta’s Cybersecurity

Meta has one of the best cyber security in the world but that diest mean that it cannot be breached. The social media giant is the most vulnerable platform in cases of data breaches as various third parties are also involved. As seen the in the case of Cambridge Analytica, a huge chunk of user data was available to influence the users in terms of elections. Meta needs to be ahead of the curve to have a safe and secure platform, for this Meta has deployed various AI and ML driven crawlers and software which work o keeping the platform safe for its users and simultaneously figure out which accounts may be used by bad actors and further removes the criminal accounts. The same is also supported by the keen participation of the user in terms of the reporting mechanism. Meta-Cyber provides visibility of all OT activities, observes continuously the PLC and SCADA for changes and configuration, and checks the authorization and its levels. Meta is also running various penetration and bug bounty programs to reduce vulnerabilities in their systems and applications, these testers are paid heavily depending upon the scope of the vulnerability they found.

‍CyberRoot Risk Investigation

Social media giant Meta has taken down over 40 accounts operated by an Indian firm CyberRoot Risk Analysis, allegedly involved in hack-for-hire services along with this Meta has taken down 900 fraudulently run accounts, these accounts are said to be operated from China by an unknown entity. CyberRoot Risk Analysis was responsible for sharing malware over the platform and used it to impersonate themselves just as their targets, i.e lawyers, doctors, entrepreneurs, and industries like – cosmetic surgery, real estate, investment firms, pharmaceutical, private equity firms, and environmental and anti-corruption activists. They would get in touch with such personalities and then share malware hidden in files which would often lead to data breaches subsequently leading to different types of cybercrimes.

Meta and its team is working tirelessly to eradicate the influence of such bad actors from their platforms, use of AI and Ml based tools have increased exponentially.

‍Paytm CyberFraud Cover

Paytm is offering customers protection against cyber fraud through an insurance policy available for fraudulent mobile transactions up to Rs 10,000 for a premium of Rs 30. The cover ‘Paytm Payment Protect’ is provided through a group insurance policy issued by HDFC Ergo. The company said that the plan is being offered to increase the trust in digital payments, which will push up adoption. The insurance cover protects transactions made through UPI across all apps and wallets. The insurance coverage has been obtained by One97 Communications, which operates under the Paytm brand.

The exponential increase in the use of digital payments during the pandemic has made more people susceptible to cyber fraud. While UPI has all the digital safeguards in place, most UPI-related frauds are undertaken by confidence tricksters who get their victims to authorise a transaction by passing collect requests as payments. There are also many fraudsters collecting payments by pretending to be merchants. These types of frauds have resulted in a loss of more than Rs 63 crores in the previous financial year. The issue of data insurance is new to India but is indeed the need of the hour, majority of netizens are unaware of the value of their data and hence remain ignorant towards data protection, such steps will result in safer data management and protection mechanisms, thus safeguarding the Indian cyberspace.

Conclusion

cyberspace is at a critical juncture in terms of data protection and privacy, with new legislation coming out on the same we can expect new and stronger policies to prevent cybercrimes and cyber-attacks. The efforts by tech giants like Meta need to gain more speed in terms of the efficiency of cyber safety of the platform and the user to make sure that the future of the platforms remains secured strongly. The concept of data insurance needs to be shared with netizens to increase awareness about the subject. The initiative by Paytm will be a monumental initiative as this will encourage more platforms and banks to commit towards coverage for cyber crimes. With the increasing cases of cybercrimes, such financial coverage has come as a light of hope and security for the netizens.