#FactCheck -AI-Generated Image Falsely Claims Mukesh and Nita Ambani Gifted Luxury Car to Suryakumar Yadav

Executive Summary:

One of the most complex threats that have appeared in the space of network security is focused on the packet rate attacks that tend to challenge traditional approaches to DDoS threats’ involvement. In this year, the British based biggest Internet cloud provider of Europe, OVHcloud was attacked by a record and unprecedented DDoS attack reaching the rate of 840 million packets per second. Targets over 1 Tbps have been observed more regularly starting from 2023, and becoming nearly a daily occurrence in 2024. The maximum attack on May 25, 2024, got to 2.5 Tbps, this points to a direction to even larger and more complex attacks of up to 5 Tbps. Many of these attacks target critical equipment such as Mikrotik models within the core network environment; detection and subsequent containment of these threats prove a test for cloud security measures.

Modus Operandi of a Packet Rate Attack:

A type of cyberattack where an attacker sends with a large volume of packets in a short period of time aimed at a network device is known as packet rate attack, or packet flood attack or network flood attack under volumetric DDoS attack. As opposed to the deliberately narrow bandwidth attacks, these raids target the computation time linked with package processing. 

Key technical characteristics include: 

• Packet Size: Usually compact, and in many cases is less than 100 bytes 
• Protocol: Named UDP, although it can also involve TCP SYN or other protocol flood attacks 
•  Rate: Exceeding 100 million packets per second (Mpps), with recent attacks exceeding 840 Mpps 
• Source IP Diversity: Usually originating from a small number of sources and with a large number of requests per IP, which testifies about the usage of amplification principles 
• Attack on the Network Stack : To understand the impact, let's examine how these attacks affect different layers of the network stack:

1. Layer 3 (Network Layer):

• Each packet requires routing table lookups and hence routers and L3 switches have the problem of high CPU usage. 
• These mechanisms can often be saturated so that network communication will be negatively impacted by the attacker.

2. Layer 4 (Transport Layer):

• Other stateful devices (e.g. firewalls, load balancers) have problems with tables of connections 
• TCP SYN floods can also utilize all connection slots so that no incoming genuine connection can be made.

3. Layer 7 (Application Layer): 

• Web servers and application firewalls may be triggered to deliver a better response in a large number of requests 
• Session management systems can become saturated, and hence, the performance of future iterations will be a little lower than expected in terms of their perceived quality by the end-user. 

Technical Analysis of Attack Vectors

Recent studies have identified several key vectors exploited in high-volume packet rate attacks:

1.MikroTik RouterOS Exploitation:

• Vulnerability: CVE-2023-4967
• Impact: Allows remote attackers to generate massive packet floods
• Technical detail: Exploits a flaw in the FastTrack implementation

2.DNS Amplification:

• Amplification factor: Up to 54x
• Technique: Exploits open DNS resolvers to generate large responses to small queries
• Challenge: Difficult to distinguish from legitimate DNS traffic

3.NTP Reflection:

• Command: monlist
• Amplification factor: Up to 556.9x
• Mitigation: Requires NTP server updates and network-level filtering

Mitigation Strategies: A Technical Perspective

1. Combating packet rate attacks requires a multi-layered approach:

• Hardware-based Mitigation:
• Implementation: FPGA-based packet processing
• Advantage: Can handle millions of packets per second with minimal latency
• Challenge: High cost and specialized programming requirements

2.Anycast Network Distribution:

• Technique: Distributing traffic across multiple global nodes
• Benefit: Dilutes attack traffic, preventing single-point failures
• Consideration: Requires careful BGP routing configuration

3.Stateless Packet Filtering:

• Method: Applying filtering rules without maintaining connection state
• Advantage: Lower computational overhead compared to stateful inspection
• Trade-off: Less granular control over traffic

4.Machine Learning-based Detection:

• Approach: Using ML models to identify attack patterns in real-time
• Key metrics: Packet size distribution, inter-arrival times, protocol anomalies
• Challenge: Requires continuous model training to adapt to new attack patterns

Performance Metrics and Benchmarking

When evaluating DDoS mitigation solutions for packet rate attacks, consider these key performance indicators:

• Flows per second (fps) or packet per second (pps) capability
• Dispersion and the latency that comes with it is inherent to mitigation systems.
• The false positive rate in the case of the attack detection
• Exposure time before beginning of mitigation from the moment of attack

Way Forward

The packet rate attacks are constantly evolving where the credible defenses have not stayed the same. The next step entails extension to edge computing and 5G networks for distributing mitigation closer to the attack origins. Further, AI-based proactive tools of analysis for prediction of such threats will help to strengthen the protection of critical infrastructure against them in advance.

In order to stay one step ahead in this, it is necessary to constantly conduct research, advance new technologies, and work together with other cybersecurity professionals. There is always a need to develop secure defenses that safeguard these networks.

Reference:

https://blog.ovhcloud.com/the-rise-of-packet-rate-attacks-when-core-routers-turn-evil/

https://cybersecuritynews.com/record-breaking-ddos-attack-840-mpps/

https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/

‍

The United Nations in December 2019 passed a resolution that established an open-ended ad hoc committee. This committee was tasked to develop a ‘comprehensive international convention on countering the use of ICTs for criminal purposes’. The UN Convention on Cybercrime is an initiative of the UN member states to foster the principles of international cooperation and establish legal frameworks to provide mechanisms for combating cybercrime. The negotiations for the convention had started in early 2022. It became the first binding international criminal justice treaty to have been negotiated in over 20 years upon its adoption by the UN General Assembly.  

This convention addresses the limitations of the Budapest Convention on Cybercrime by encircling a broader range of issues and perspectives from the member states. The UN Convention against Cybercrime will open for signature at a formal ceremony hosted in Hanoi, Viet Nam, in 2025. The convention will finally enter into force 90 days after being ratified by the 40th signatory.

Objectives and Features of the Convention

• The UN Convention against Cybercrime addresses various aspects of cybercrime. These include prevention, investigation, prosecution and international cooperation. 
• The convention aims to establish common standards for criminalising cyber offences. These include offences like hacking, identity theft, online fraud, distribution of illegal content, etc. It outlines procedural and technical measures for law enforcement agencies for effective investigation and prosecution while ensuring due process and privacy protection. 
• Emphasising the importance of cross-border collaboration among member states, the convention provides mechanisms for mutual legal assistance, extradition and sharing of information and expertise. The convention aims to enhance the capacity of developing countries to combat cybercrime through technical assistance, training, and resources. 
• It seeks to balance security measures with the protection of fundamental rights. The convention highlights the importance of safeguarding human rights and privacy in cybercrime investigations and enforcement.
• The Convention emphasises the importance of prevention through awareness campaigns, education, and the promotion of a culture of cybersecurity. It encourages collaborations through public-private partnerships to enhance cybersecurity measures and raise awareness, such as protecting vulnerable groups like children, from cyber threats and exploitation.

Key Provisions of the UN Cybercrime Convention

Some key provisions of the Convention are as follows:

• The convention differentiates cyber-dependent crimes like hacking from cyber-enabled crimes like online fraud. It defines digital evidence and establishes standards for its collection, preservation, and admissibility in legal proceedings.
• It defines offences against confidentiality, integrity, and availability of computer data and includes unauthorised access, interference with data, and system sabotage. Further, content-related offences include provisions against distributing illegal content, such as CSAM and hate speech. It criminalises offences like identity theft, online fraud and intellectual property violations.
• LEAs are provided with tools for electronic surveillance, data interception, and access to stored data, subject to judicial oversight. It outlines the mechanisms for cross-border investigations, extradition, and mutual legal assistance.
• The establishment of a central body to coordinate international efforts, share intelligence, and provide technical assistance includes the involvement of experts from various fields to advise on emerging threats, legal developments, and best practices.

Comparisons with the Budapest Convention

The Budapest Convention was adopted by the Committee of Ministers of the Council of Europe at the 109th Session on 8 November 2001. This Convention was the first international treaty that addressed internet and computer crimes. A comparison between the two Conventions is as follows:

• The global participation in the UNCC is inclusive of all UN member states whereas the latter had primarily European with some non-European signatories. 
• The scope of the UNCC is broader and covers a wide range of cyber threats and cybercrimes, whereas the Budapest convention is focused on specific offences like hacking and fraud. 
• UNCC strongly focuses on privacy and human rights protections and the Budapest Convention had limited focus on human rights.
• UNCC has extensive provisions for assistance to developing countries and this is in contrast to the Budapest Convention which did not focus much on capacity building.

Future Outlook

The development of the UNCC was a complex process. The diverse views on key issues have been noted and balancing different legal systems, cultural perspectives and policy priorities has been a challenge. The rapid technology evolution that is taking place requires the Convention to be adaptable to effectively address emerging cyber threats. Striking a balance remains a critical concern. The Convention aims to provide a blended approach to tackling cybercrime by addressing the needs of countries, both developed and developing.

Conclusion

The resolution containing the UN Convention against Cybercrime is a step in global cooperation to combat cybercrime. It was adopted without a vote by the 193-member General Assembly and is expected to enter into force 90 days after ratification by the 40th signatory. The negotiations and consultations are finalised for the Convention and it is open for adoption and ratification by member states. It seeks to provide a comprehensive legal framework that addresses the challenges posed by cyber threats while respecting human rights and promoting international collaboration. 

References

• https://consultation.dpmc.govt.nz/un-cybercrime-convention/principlesandobjectives/supporting_documents/Background.pdf 
• https://news.un.org/en/story/2024/12/1158521 
• https://www.interpol.int/en/News-and-Events/News/2024/INTERPOL-welcomes-adoption-of-UN-convention-against-cybercrime#:~:text=The%20UN%20convention%20establishes%20a,and%20grooming%3B%20and%20money%20laundering 
• https://www.cnbctv18.com/technology/united-nations-adopts-landmark-global-treaty-to-combat-cybercrime-19529854.htm 

Introduction

The Government of India has initiated a cybercrime crackdown that has resulted in the blocking of 781,000 SIM cards and 208,469 IMEI (International Mobile Equipment Identity) numbers that are associated with digital fraud as of February 2025. This data was released as a written response by the Union Minister of State for Home Affairs, Bandi Sanjay Kumar, with respect to a query presented in the Lok Sabha. A significant jump from the 669,000 SIM cards blocked in the past year, efforts aimed at combating digital fraud are in full swing, considering the increasing cases. The Indian Cyber Crime Coordination Centre (I4C) is proactively blocking other platform accounts found suspicious, such as WhatsApp Accounts (83,668) and Skype IDs (3,962) on its part, aiding in eliminating identified threat actors.

Increasing Digital Fraud And The Current Combative Measures

According to the data tabled by the Ministry of Finance in the Rajya Sabha, the first 10 months of the Financial year 2024-2025 have recorded around 2.4 million incidents covering an amount of Rs. 4,245 crore involving cases of digital Financial Fraud cases. Apart from the evident financial loss, such incidents also take an emotional toll as people are targeted regardless of their background and age, leaving everyone equally vulnerable. To address this growing problem, various government departments have dedicated measures to combat and reduce such incidents. Some of the notable initiatives/steps are as follows:

• The Citizen Financial Cyber Fraud Reporting and Management System- This includes reporting Cybercrimes through the nationwide toll-free (1930) number and registration on the National Cyber Crime Reporting Portal. On being a victim of digital fraud, one can call the toll-free number, describing details of the incident, which would further help in the investigation. After reporting the incident, the complainant receives a generated login ID/acknowledgement number that they can use for further reference.
• International Incoming Spoofed Calls Prevention System- This is a mechanism developed to counter fraudulent calls that appear to originate from within India but are actually made from international locations. This system prevents the misuse of the Calling Line Identity (CLI), which is manipulated to deceive recipients in order to carry out financial crimes like digital arrests, among other things. Coordinating with the Department of Telecommunication (DoT), private telecommunication service providers (TSPs) are being encouraged to check with their ILD (International Long-Distance) network as a measure. Airtel has recently started categorising such numbers as International numbers on their part.
• Chakshu Facility at Sanchar Saathi platform- A citizen-centric initiative, created by the Department of Telecommunications, to empower mobile subscribers. It focuses on reporting unsolicited commercial communication (spam messages) and reporting suspected fraudulent communication. (https://sancharsaathi.gov.in/). 
• Aadhaar-based verification of SIM cards- A directive issued by the Prime Minister's Office to the Department of Telecommunications mandates an Aadhaar-based biometric verification for the issuance of new SIM cards. This has been done so in an effort to prevent fraud and cybercrime through mobile connections obtained using fake documents. Legal action against non-compliant retailers in the form of FIRs is also being taken.

On the part of the public, awareness of the following steps could encourage them on how to deal with such situations:

• Awareness regarding types of crimes and the tell-tale signs of the modus operandi of a criminal: A general awareness and a cautionary approach to how such crimes take place could help better prepare and respond to such malicious scams. Some important signs on the part of the offender include pressuring the victim into immediate action, insistence on video calls, and the threat of arrest in case of non-compliance. It is also important to note that no official authority, in any legal capacity, allows for enabling a digital/online arrest.
• Knowing the support channels: Awareness regarding reporting mechanisms and cyber safety hygiene tips can help in building cyber resilience amongst netizens. 

Conclusion

As cybercrooks continue to find new ways of duping people of their hard-earned money, both government and netizens must make efforts to combat such crimes and increase awareness on both ends (systematic and public). Increasing developments in AI, deepfakes, and other technology often render the public inept at assessing the veracity of the source, making them susceptible to such crime. A cautionary yet proactive approach is need of the hour. 

References

• https://mobileidworld.com/india-blocks-781000-sim-cards-in-major-cybercrime-crackdown/
• https://www.storyboard18.com/how-it-works/over-83k-whatsapp-accounts-used-for-digital-arrest-blocked-home-ministry-60292.htm
• https://www.business-standard.com/finance/news/digital-financial-frauds-touch-rs-4-245-crore-in-the-apr-jan-period-of-fy25-125032001214_1.html
• https://www.business-standard.com/india-news/govt-blocked-781k-sims-3k-skype-ids-83k-whatsapp-accounts-till-feb-125032500965_1.html
• https://pib.gov.in/PressReleasePage.aspx?PRID=2042130
• https://mobileidworld.com/india-mandates-aadhaar-biometric-verification-for-new-sim-cards-to-combat-fraud/ 
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2067113 

‍