#FactCheck - Viral Clip and Newspaper Article Claiming 18% GST on 'Good Morning' Messages Debunked

A report by MarketsandMarkets in 2024 showed that the global AI market size is estimated to grow from USD 214.6 billion in 2024 to USD 1,339.1 billion in 2030, at a CAGR of 35.7%. AI has become an enabler of productivity and innovation. A Forbes Advisor survey conducted in 2023 reported that 56% of businesses use AI to optimise their operations and drive efficiency. Further, 51% use AI for cybersecurity and fraud management, 47% employ AI-powered digital assistants to enhance productivity and 46% use AI to manage customer relationships.

AI has revolutionised business functions. According to a Forbes survey, 40% of businesses rely on AI for inventory management, 35% harness AI for content production and optimisation and 33% deploy AI-driven product recommendation systems for enhanced customer engagement.  This blog addresses the opportunities and challenges posed by integrating AI into operational efficiency.

Artificial Intelligence and its resultant Operational Efficiency

AI has exemplary optimisation or efficiency capabilities and is widely used to do repetitive tasks. These tasks include payroll processing, data entry, inventory management, patient registration, invoicing, claims processing, and others. AI use has been incorporated into such tasks as it can uncover complex patterns using NLP, machine learning, and deep learning beyond human capabilities. It has also shown promise in improving the decision-making process for businesses in time-critical, high-pressure situations. 

AI-driven efficiency is visible in industries such as the manufacturing industry for predictive maintenance, in the healthcare industry for streamlining diagnostics and in logistics for route optimisation. Some of the most common real-world examples of AI increasing operational efficiency are self-driving cars (Tesla), facial recognition (Apple Face ID), language translation (Google Translate), and medical diagnosis (IBM Watson Health)

Harnessing AI has advantages as it helps optimise the supply chain, extend product life cycles, and ultimately conserve resources and cut operational costs. 

Policy Implications for AI Deployment 

Some of the policy implications for development for AI deployment are as follows:

1. Develop clear and adaptable regulatory frameworks for the ongoing and future developments in AI. The frameworks need to ensure that innovation is not hindered while managing the potential risks. 
2. As AI systems rely on high-quality data that is accessible and interoperable to function effectively and without proper data governance, these systems may produce results that are biased, inaccurate and unreliable. Therefore, it is necessary to ensure data privacy as it is essential to maintain trust and prevent harm to individuals and organisations.
3. Policy developers need to focus on creating policies that upskill the workforce which complements AI development and therefore job displacement. 
4. To ensure cross-border applicability and efficiency of standardising AI policies, the policy-makers need to ensure that international cooperation is achieved when developing the policies.

Addressing Challenges and Risks 

Some of the main challenges that emerge with the development of AI are algorithmic bias, cybersecurity threats and the dependence on exclusive AI solutions or where the company retains exclusive control over the source codes. Some policy approaches that can be taken to mitigate these challenges are:

1. Having a robust accountability mechanism. 
2. Establishing identity and access management policies that have technical controls like authentication and authorisation mechanisms. 
3. Ensure that the learning data that AI systems use follows ethical considerations such as data privacy, fairness in decision-making, transparency, and the interpretability of AI models.

Conclusion 

AI can contribute and provide opportunities to drive operational efficiency in businesses. It can be an optimiser for productivity and costs and foster innovation for different industries. But this power of AI comes with its own considerations and therefore, it must be balanced with proactive policies that address the challenges that emerge such as the need for data governance, algorithmic bias and risks associated with cybersecurity. A solution to overcome these challenges is establishing an adaptable regulatory framework, fostering workforce upskilling and promoting international collaborations. As businesses integrate AI into core functions, it becomes necessary to leverage its potential while safeguarding fairness, transparency, and trust. AI is not just an efficiency tool, it has become a stimulant for organisations operating in a rapidly evolving digital world.

References

• https://indianexpress.com/article/technology/artificial-intelligence/ai-indian-businesses-long-term-gain-operational-efficiency-9717072/ 
• https://www.marketsandmarkets.com/Market-Reports/artificial-intelligence-market-74851580.html
• https://www.forbes.com/councils/forbestechcouncil/2024/08/06/smart-automation-ais-impact-on-operational-efficiency/ 
• https://www.processexcellencenetwork.com/ai/articles/ai-operational-excellence 
• https://www.leewayhertz.com/ai-for-operational-efficiency/ 
• https://www.forbes.com/councils/forbestechcouncil/2024/11/04/bringing-ai-to-the-enterprise-challenges-and-considerations/  

‍

Executive Summary

This report analyses a recently launched social engineering attack that took advantage of Microsoft Teams and AnyDesk to deliver DarkGate malware, a MaaS tool. This way, through Microsoft Teams and by tricking users into installing AnyDesk, attackers received unauthorized remote access to deploy DarkGate that offers such features as credential theft, keylogging, and fileless persistence. The attack was executed using obfuscated AutoIt scripts for the delivery of malware which shows how threat actors are changing their modus operandi. The case brings into focus the need to put into practice preventive security measures for instance endpoint protection, staff awareness, limited utilization of off-ice-connection tools, and compartmentalization to safely work with the new and increased risks that contemporary cyber threats present.

Introduction

Hackers find new technologies and application that are reputable for spreading campaigns. The latest use of Microsoft Teams and AnyDesk platforms for launching the DarkGate malware is a perfect example of how hackers continue to use social engineering and technical vulnerabilities to penetrate the defenses of organizations. This paper focuses on the details of the technical aspect of the attack, the consequences of the attack together with preventive measures to counter the threat.

Technical Findings

1. Attack Initiation: Exploiting Microsoft Teams

The attackers leveraged Microsoft Teams as a trusted communication platform to deceive victims, exploiting its legitimacy and widespread adoption. Key technical details include:

• Spoofed Caller Identity: The attackers used impersonation techniques to masquerade as representatives of trusted external suppliers.
• Session Hijacking Risks: Exploiting Microsoft Teams session vulnerabilities, attackers aimed to escalate their privileges and deploy malicious payloads.
• Bypassing Email Filters: The initial email bombardment was designed to overwhelm spam filters and ensure that malicious communication reached the victim’s inbox.

2. Remote Access Exploitation: AnyDesk

After convincing victims to install AnyDesk, the attackers exploited the software’s functionality to achieve unauthorized remote access. Technical observations include:

• Command and Control (C2) Integration: Once installed, AnyDesk was configured to establish persistent communication with the attacker’s C2 servers, enabling remote control.
• Privilege Escalation: Attackers exploited misconfigurations in AnyDesk to gain administrative privileges, allowing them to disable antivirus software and deploy payloads.
• Data Exfiltration Potential: With full remote access, attackers could silently exfiltrate data or install additional malware without detection.

3. Malware Deployment: DarkGate Delivery via AutoIt Script

The deployment of DarkGate malware utilized AutoIt scripting, a programming language commonly used for automating Windows-based tasks. Technical details include:

• Payload Obfuscation: The AutoIt script was heavily obfuscated to evade signature-based antivirus detection.
• Process Injection: The script employed process injection techniques to embed DarkGate into legitimate processes, such as explorer.exe or svchost.exe, to avoid detection.
• Dynamic Command Loading: The malware dynamically fetched additional commands from its C2 server, allowing real-time adaptation to the victim’s environment.

4. DarkGate Malware Capabilities

DarkGate, now available as a Malware-as-a-Service (MaaS) offering, provides attackers with advanced features. Technical insights include:

• Credential Dumping: DarkGate used the Mimikatz module to extract credentials from memory and secure storage locations.
• Keylogging Mechanism: Keystrokes were logged and transmitted in real-time to the attacker’s server, enabling credential theft and activity monitoring.
• Fileless Persistence: Utilizing Windows Management Instrumentation (WMI) and registry modifications, the malware ensured persistence without leaving traditional file traces.
• Network Surveillance: The malware monitored network activity to identify high-value targets for lateral movement within the compromised environment.

5. Attack Indicators

Trend Micro researchers identified several indicators of compromise (IoCs) associated with the DarkGate campaign:

• Suspicious Domains: example-remotesupport[.]com and similar domains used for C2 communication.

• Malicious File Hashes:some text
  • AutoIt Script: 5a3f8d0bd6c91234a9cd8321a1b4892d
  • DarkGate Payload: 6f72cde4b7f3e9c1ac81e56c3f9f1d7a
• Behavioral Anomalies:some text
  • Unusual outbound traffic to non-standard ports.
  • Unauthorized registry modifications under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

Broader Cyber Threat Landscape

In parallel with this campaign, other phishing and malware delivery tactics have been observed, including:

1. Cloud Exploitation: Abuse of platforms like Cloudflare Pages to host phishing sites mimicking Microsoft 365 login pages.
2. Quishing Campaigns: Phishing emails with QR codes that redirect users to fake login pages.
3. File Attachment Exploits: Malicious HTML attachments embedding JavaScript to steal credentials.
4. Mobile Malware: Distribution of malicious Android apps capable of financial data theft.

Implications of the DarkGate Campaign

This attack highlights the sophistication of threat actors in leveraging legitimate tools for malicious purposes. Key risks include:

• Advanced Threat Evasion: The use of obfuscation and process injection complicates detection by traditional antivirus solutions.
• Cross-Platform Risk: DarkGate’s modular design enables its functionality across diverse environments, posing risks to Windows, macOS, and Linux systems.
• Organizational Exposure: The compromise of a single endpoint can serve as a gateway for further network exploitation, endangering sensitive organizational data.

Recommendations for Mitigation

1. Enable Advanced Threat Detection: Deploy endpoint detection and response (EDR) solutions to identify anomalous behavior like process injection and dynamic command loading.
2. Restrict Remote Access Tools: Limit the use of tools like AnyDesk to approved use cases and enforce strict monitoring.
3. Use Email Filtering and Monitoring: Implement AI-driven email filtering systems to detect and block email bombardment campaigns.
4. Enhance Endpoint Security: Regularly update and patch operating systems and applications to mitigate vulnerabilities.
5. Educate Employees: Conduct training sessions to help employees recognize and avoid phishing and social engineering tactics.
6. Implement Network Segmentation: Limit the spread of malware within an organization by segmenting high-value assets.

Conclusion

Using Microsoft Teams and AnyDesk to spread DarkGate malware shows the continuous growth of the hackers’ level. The campaign highlights how organizations have to start implementing adequate levels of security preparedness to threats, including, Threat Identification, Training employees, and Rights to Access.

The DarkGate malware is a perfect example of how these attacks have developed into MaaS offerings, meaning that the barrier to launch highly complex attacks is only decreasing, which proves once again why a layered defense approach is crucial. Both awareness and flexibility are still the key issues in addressing the constantly evolving threat in cyberspace.

Reference:

• https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
• https://socprime.com/blog/darkgate-malware-detection/

Introduction

Deepfake have become a source of worry in an age of advanced technology, particularly when they include the manipulation of public personalities for deceitful reasons. A deepfake video of cricket star Sachin Tendulkar advertising a gaming app recently went popular on social media, causing the sports figure to deliver a warning against the widespread misuse of technology.

Scenario of Deepfake

Sachin Tendulkar appeared in the deepfake video supporting a game app called Skyward Aviator Quest. The app's startling quality has caused some viewers to assume that the cricket legend is truly supporting it. Tendulkar, on the other hand, has resorted to social media to emphasise that these videos are phony, highlighting the troubling trend of technology being abused for deceitful ends.

Tendulkar's Reaction

Sachin Tendulkar expressed his worry about the exploitation of technology and advised people to report such videos, advertising, and applications that spread disinformation. This event emphasises the importance of raising knowledge and vigilance about the legitimacy of material circulated on social media platforms.

The Warning Signs

The deepfake video raises questions not just for its lifelike representation of Tendulkar, but also for the material it advocates. Endorsing gaming software that purports to help individuals make money is a significant red flag, especially when such endorsements come from well-known figures. This underscores the possibility of deepfakes being utilised for financial benefit, as well as the significance of examining information that appears to be too good to be true.

How to Protect Yourself Against Deepfakes

As deepfake technology advances, it is critical to be aware of potential signals of manipulation. Here are some pointers to help you spot deepfake videos:

• Look for artificial facial movements and expressions, as well as lip sync difficulties.
• Body motions and Posture: Take note of any uncomfortable body motions or discrepancies in the individual's posture.
• Lip Sync and Audio Quality: Look for mismatches between the audio and lip motions.
• background and Content: Consider the video's background, especially if it has a popular figure supporting something in an unexpected way.
• Verify the legitimacy of the video by verifying the official channels or accounts of the prominent person.

Conclusion 

The popularity of deepfake videos endangers the legitimacy of social media material. Sachin Tendulkar's response to the deepfake in which he appears serves as a warning to consumers to remain careful and report questionable material. As technology advances, it is critical that individuals and authorities collaborate to counteract the exploitation of AI-generated material and safeguard the integrity of online information.

Reference 

• https://www.news18.com/tech/sachin-tendulkar-disturbed-by-his-new-deepfake-video-wants-swift-action-8740846.html 
• https://www.livemint.com/news/india/sachin-tendulkar-becomes-latest-victim-of-deepfake-video-disturbing-to-see-11705308366864.html 

‍