#FactCheck - Viral Videos of Mutated Animals Debunked as AI-Generated

Starting in mid-December, 2024, a series of attacks have targeted Chrome browser extensions. A data protection company called Cyberhaven, California, fell victim to one of these attacks. Though identified in the U.S., the geographical extent and potential of the attack are yet to be determined. Assessment of these cases can help us to be better prepared for such instances if they occur in the near future. 

The Attack

Browser extensions are small software applications that add and enable functionality or a capacity (feature) to a web browser. These are written in CSS, HTML, or JavaScript and like other software, can be coded to deliver malware. Also known as plug-ins, they have access to their own set of Application Programming Interface (APIs). They can also be used to remove unwanted elements as per customisation, such as pop-up advertisements and auto-play videos, when one lands on a website. Some examples of browser extensions include Ad-blockers (for blocking ads and content filtering) and StayFocusd (which limits the time of the users on a particular website).

In the aforementioned attack, the publisher of the browser at Cyberhaven received a phishing mail from an attacker posing to be from the Google Chrome Web Store Developer Support. It mentioned that their browser policies were not compatible and encouraged the user to click on the “Go to Policy”action item,  which led the user to a page that enabled permissions for a malicious OAuth called Privacy Policy Extension (Open Authorisation is an adopted standard that is used to authorise secure access for temporary tokens). Once the permission was granted, the attacker was able to inject malicious code into the target’s Chrome browser extension and steal user access tokens and session cookies. Further investigation revealed that logins of certain AI and social media platforms were targeted.

CyberPeace Recommendations

As attacks of such range continue to occur, it is encouraged that companies and developers take active measures that would make their browser extensions less susceptible to such attacks. Google also has a few guidelines on how developers can safeguard their extensions from their end. These include:

1. Minimal Permissions For Extensions- It is encouraged that minimal permissions for extensions barring the required APIs and websites that it depends on are acquired as limiting extension privileges limits the surface area an attacker can exploit.
2. Prioritising Protection Of Developer Accounts- A security breach on this end could lead to compromising all users' data as this would allow attackers to mess with extensions via their malicious codes. A 2FA (2-factor authentication) by setting a security key is endorsed.
3. HTTPS over HTTP- HTTPS should be preferred over HTTP as it requires a Secure Sockets Layer (SSL)/ transport layer security(TLS) certificate from an independent certificate authority (CA). This creates an encrypted connection between the server and the web browser.

Lastly, as was done in the case of the attack at Cyberhaven, it is encouraged to promote the practice of transparency when such incidents take place to better deal with them.

References

1. https://indianexpress.com/article/technology/tech-news-technology/hackers-hijack-companies-chrome-extensions-cyberhaven-9748454/
2. https://indianexpress.com/article/technology/tech-news-technology/google-chrome-extensions-hack-safety-tips-9751656/
3. https://www.techtarget.com/whatis/definition/browser-extension
4. https://www.forbes.com/sites/daveywinder/2024/12/31/google-chrome-2fa-bypass-attack-confirmed-what-you-need-to-know/
5. https://www.cloudflare.com/learning/ssl/why-use-https/

Introduction:

Welcome to the third edition of our blog on digital forensics series. In our previous blog we discussed the difference between copying, cloning, and imaging in the context of Digital Forensics, and found out why imaging is a better process. Today we will discuss the process of evidence collection in Digital Forensics. The whole process starts with making sure the evidence collection team has all necessary tools required for the task.

Investigating Tools and Equipment:

Below are some mentioned tools that the team should carry with them for a successful evidence collection:

• Anti-static bags
• Faraday bags
• Toolkit having screwdrivers(nonmagnetic), scissors, pins, cutters, forceps, clips etc.
• Rubber gloves
• Incident response toolkit (Software)
• Converter/Adapter: USB, SATA, IDE, SCSI
• Imaging software
• Volatile data collection tools (FTK Imager, Magnet Forensics RAM Capture)
• Pens, permanent markers
• Storage containers
• Batteries
• Video cameras
• Note/sketch pads
• Blank storage media
• Write-Blocker device
• Labels
• Crime scene security tapes
• Camera

What sources of Data are necessary for Digital Evidence?

• Hard-Drive (Desktop, Laptop, External, Server)
• Flash Drive
• SD Cards
• Floppy Disks
• Optical Media (CD, DVD)
• CCTV/DVR
• Internal Storage of Mobile Device
• GPS (Mobile/Car)
• Call Site Track (Towers)
• RAM

‍

‍

Evidence Collection

The investigators encounter two primary types of evidence during the course of gathering evidence: non-electronic and electronic evidence.

The following approaches could be used to gather non-electronic evidence:

• In the course of looking into electronic crimes, recovering non-electronic evidence can be extremely important.  Be cautious to make sure that this kind of evidence is retrieved and kept safe. Items that may be relevant to a later review of electronic evidence include passwords, papers or printouts, calendars, literature, hardware and software manuals, text or graphical computer printouts, and photos.  These items should be secured and kept for further examination.
• They are frequently found close to the computer or other related hardware.  Locating, securing, and preserving all evidence is required by departmental procedures.

Three scenarios arise for the collection of digital evidence from computers: 

Situation 1: The desktop is visible, and the monitor is on.

• Take a picture of the screen and note the data that is visible. 
• Utilize tools for memory capturing to gather volatile data.
• Look for virtual disks. If so, gather mounted data's logical copies.
• Give each port and connection a label.
• Take a picture of them.
• Turn off network access to stop remote access.
• Cut off the power or turn it off.
• Locate and disconnect the hard drive by opening the CPU chassis.
• Take all evidence and place it in anti-magnetic (Faraday) bags.
• Deliver the evidence to the forensic lab.
• Keep the chain of custody intact.

Situation 2: The monitor is turned on, but it either has a blank screen (sleep mode) or an image for the screensaver.

• Make a small mouse movement (without pressing buttons). The work product should appear on the screen, or it should ask for a password.
• If moving the mouse does not result in a change to the screen, stop using the mouse and stop all keystrokes.
• Take a picture of the screen and note the data that is visible.
• Use memory capturing tools to gather volatile data (always use a write blocker to prevent manipulation during data collection).
• Proceed further in accordance with Situation 1.

Situation 3: The Monitor Is Off

• Write down the "off" status.
• After turning on the monitor, check to see if its status matches that of situations 1 or 2 above, and then take the appropriate action.
• Using a phone modem, cable, confirm that you are connected to the outside world. Try to find the phone number if there is a connection to the phone.
• To protect evidence, take out the floppy disks that might be there, package each disk separately, and label the evidence.  Put in a blank floppy disk or a seizure disk, if one is available. Avoid touching the CD drive or taking out CDs.
• Cover the power connector and every drive slot with tape.
• Note the serial number, make, and model.
• Take a picture of the computer's connections and make a diagram with the relevant cables.
• To enable precise reassembly at a later date, label all connectors and cable ends, including connections to peripheral devices. Put "unused" on any connection ports that are not in use.  Recognize docking stations for laptop computers in an attempt to locate additional storage media.
• All evidence should be seized and placed in anti-magnetic (Faraday) bags.
• All evidence should be seized and placed in anti-magnetic (Faraday) bags.
• Put a tag or label on every bag.
• Deliver the evidence to the forensic lab.
• Keep the chain of custody intact. 

Following the effective gathering of data, the following steps in the process are crucial: data packaging, data transportation, and data storage.

The following are the steps involved in data packaging, transportation, and storage:

Packaging:

• Label every computer system that is gathered so that it can be put back together exactly as it was found

When gathering evidence at a scene of crime,

• Before packing, make sure that every piece of evidence has been appropriately  labeled and documented.
• Latent or trace evidence requires particular attention, and steps should be taken to preserve it.
• Use paper or antistatic plastic bags for packing magnetic media to prevent static electricity. Do not use materials like regular plastic bags (instead use faraday bags) that can cause static electricity. 
• Be careful not to bend, fold, computer media like tapes, or CD-ROM.
• Make sure that the labels on every container used to store evidence are correct.

Transporting

• Make sure devices are not packed in containers and are safely fastened inside the car to avoid shock and excessive vibrations. Computers could be positioned on the floor of the car,and monitors could be mounted on the seat with the screen down .

When transporting evidence—

• Any electronic evidence should be kept away from magnetic sources.  Radiation transmitters, speaker magnets, and heated seats are a few examples of items that can contaminate electronic evidence.
• Avoid leaving electronic evidence in your car for longer than necessary. Electronic devices can be harmed by extremes in temperature, humidity.
• Maintain the integrity of the chain of custody while transporting any evidence.

Storing

• Evidence should be kept safe and away from extremes in humidity and temperature. Keep it away from dust, moisture, magnetic devices, and other dangerous impurities.  Be advised that extended storage may cause important evidence—like dates, times, and system configurations—to disappear. Because batteries have a finite lifespan, data loss may occur if they malfunction. Whenever the battery operated device needs immediate attention, it should be informed to the relevant authority (eg., the chief of laboratory, the forensic examiner, and the custodian of the evidence). 

CONCLUSION:

Thus, securing the crime scene to packaging, transportation and storage of data are the important steps in the process of collecting digital evidence in forensic investigations. Keeping the authenticity during the process along with their provenance is critical during this phase. It is also important to ensure the admissibility of evidence in legal proceedings. This systematic approach is essential for effectively investigating and prosecuting digital crimes.

‍

Introduction

The insurance industry is a target for cybercriminals due to the sensitive nature of the information it holds. This makes it essential for insurance companies to have robust cybersecurity measures to protect their data and customers’ personal information.

Cyber fraud in India’s insurance industry is increasing. It is reported that the Indian insurance sector has witnessed a surge in cyber-attacks, with several instances of data breaches, identity thefts, and financial fraud being reported. These cybercrimes not only pose a significant threat to the financial stability of the insurance industry but also to the privacy and security of policyholders.

Cyber Frauds in the Insurance Industry

The insurance industry in India has been the target of increasing cyber fraud in recent years. With the growing digital transformation trend, insurance companies have become increasingly vulnerable to cyber-attacks. Cyber frauds in the insurance industry are initiated by hackers who use various techniques such as phishing, malware, ransomware, and social engineering to gain unauthorised access to policyholders’ personal data and sensitive information

Kinds of cyber frauds in the insurance industry

It is essential for insurers and policyholders alike to be aware of these kinds of cyber-attacks on insurance companies in today’s digital age. Staying educated about these threats can help prevent them from happening in the future.

Identity theft– One common type of cyber fraud that occurs in the insurance industry is identity theft. In this type of fraud, criminals steal personal information such as name, address, date of birth and social security numbers through phishing emails or fraudulent websites. They then use this information to open fraudulent policies or access existing ones.

Payment fraud- Another type of cyber fraud that is on the rise is payment fraud. In this type of fraud, hackers intercept electronic payments made by policyholders or agents using fake bank accounts or compromised payment gateways. The money is then siphoned into untraceable accounts, making it difficult for law enforcement agencies to identify and arrest the perpetrators.

Phishing attacks- Where the fraudsters posed as company officials and sent emails to policyholders requesting their account details. The unsuspecting customers fell for this scam and shared their sensitive information, which was then used to access their accounts and steal funds.

Hacking- Where hackers breach the company’s system to gain access to policyholder data. The hackers’ stoles personal records, including names, addresses, phone numbers, social security numbers, and financial information, which they later sell on the dark web.

Fake policies scam- Fraudsters create fake policies using stolen identities and collect premiums from innocent customers. The insurer then voided these policies due to fraudulent activity leaving those people without valid coverage when they needed it most. The victims suffer significant financial losses due to this scam.

Fake Insurance Websites- Discuss the creation of deceptive websites that imitate well-known insurance companies, where unsuspecting individuals provide their personal details, leading to identity theft or financial losses.

Prevention of Cyber Frauds in the Insurance Industry- Best practices to follow

Prevention is better than cure, which also holds true in the case of cyber fraud in the insurance industry. The industry must take proactive steps to prevent such frauds from occurring in the first place. One of the most effective ways to do so is by investing in cybersecurity measures that are specifically designed for the insurance sector.

Insurance companies must conduct regular employee training programs on cybersecurity best practices. This includes educating employees on how to identify and avoid phishing emails, create strong passwords, and recognise potential cyber threats. Companies should also establish a reporting mechanism for employees to report suspicious activity or incidents immediately.

Having proper access controls in place is also necessary. This means limiting access to sensitive data only to those employees who need it, implementing two-factor authentication, and regularly monitoring user activity logs. Regular audits can also provide an extra layer of protection against potential threats by identifying vulnerabilities that may have been overlooked during routine security checks.

Another essential step is encrypting all data transmitted between different systems and devices. Encryption scrambles data into unreadable codes that can only be deciphered using a decryption key, making it difficult for hackers to intercept or steal information in transit.

Legal Framework for Cyber Frauds in the Insurance Industry

The legal framework for cyber fraud in the insurance industry is critical to preventing such crimes. The Insurance Regulatory and Development Authority of India (IRDAI) has issued guidelines for insurers to establish a cybersecurity framework. The guidelines require insurers to conduct regular risk assessments, implement security measures, and ensure compliance with data privacy laws.

The Information Technology Act 2000, is another significant piece of legislation dealing with cyber fraud in India. The act defines offences such as unauthorised access to a computer system, hacking, and tampering with data. It also provides for stringent penalties and imprisonment for those found guilty of such offences.

The IRDAI’s guidelines provide insurers with a roadmap to establish robust cybersecurity measures to help prevent cyber fraud in the insurance industry. Stringent implementation of these guidelines will go a long way in safeguarding sensitive customer information from falling into the wrong hands.

Best Practices for Insurers and Policyholders

Insurers:

Implementing Strong Authentication: Encouraging the use of multi-factor authentication and secure login processes to safeguard customer accounts and prevent unauthorised access.

Regular Employee Training: Conduct cybersecurity awareness programs to educate employees about the latest threats and preventive measures.

Investing in Advanced Technologies: Utilizing robust cybersecurity tools and systems to promptly detect and mitigate potential cyber threats.

Policyholders:

Vigilance and Awareness: Policyholders must stay vigilant while sharing personal information online and verify the authenticity of insurance websites and communication channels.

Regular Updates and Patches: Advising individuals to keep their devices and software up to date to minimise vulnerabilities that cybercriminals can exploit.

Secure Online Practices: Encouraging the use of strong and unique passwords, avoiding sharing sensitive information on unsecured networks, and exercising caution when clicking on suspicious links or attachments.

Conclusion

As the Indian insurance industry embraces digitisation, the risk of cyber scams and data breaches becomes a significant concern. Insurers and policyholders must collaborate to ensure robust cybersecurity measures are in place to protect sensitive information and financial interests.

It is essential for insurance companies to invest in robust cybersecurity measures that can detect and prevent fraud attempts. Additionally, educating employees on the dangers of cyber fraud and implementing strict compliance measures can go a long way in mitigating risks. With these efforts, the insurance industry can continue to provide trustworthy and reliable services to its customers while protecting against cyber threats. As technology continues to evolve, it is imperative that the insurance industry adapts accordingly and remains vigilant against emerging threats.