#FactCheck: Beware of Fake Emails Distributing Fraudulent e-PAN Cards

Introduction

Your iPhone isn’t just a device: it’s a central hub for almost everything in your life. From personal photos and videos to sensitive data, it holds it all. You rely on it for essential services, from personal to official communications, sharing of information, banking and financial transactions, and more. With so much critical information stored on your device, protecting it from cyber threats becomes essential. This is where the iOS Lockdown Mode feature comes in as a digital bouncer to keep cyber crooks at bay.

Apple introduced the ‘lockdown’ mode in 2022. It is a new optional security feature and is available on iPhones, iPads, and Mac devices. It works as an extreme and optional protection mechanism for a certain segment of users who might be at a higher risk of being targeted by serious cyber threats and intrusions into their digital security.  So people like journalists, activists, government officials, celebrities, cyber security professionals, law enforcement professionals, and lawyers etc are some of the intended beneficiaries of the feature. Sometimes the data on their devices can be highly confidential and it can cause a lot of disruption if leaked or compromised by cyber threats. Given how prevalent cyber attacks are in this day and age, the need for such a feature cannot be overstated. This feature aims at providing an additional firewall by limiting certain functions of the device and hence reducing the chances of the user being targeted in any digital attack. 

How to Enable Lockdown Mode in Your iPhone

On your iPhone running on iOS 16 Developer Beta 3, you just need to go to Settings - Privacy and Security - Lockdown Mode. Tap on Turn on Lockdown Mode, and read all the information regarding the features that will be unavailable on your device if you go forward, and if you’re satisfied with the same all you have to do is scroll down and tap on Turn on Lockdown Mode. Your iPhone will get restarted with Lockdown Mode enabled. 

Easy steps to enable lockdown mode are as follows:

1. Open the Settings app.
2. Tap Privacy & Security.
3. Scroll down, tap Lockdown Mode, then tap Turn On Lockdown Mode.

‍

How Lockdown Mode Protects You

Lockdown Mode is a security feature that prevents certain apps and features from functioning properly when enabled. For example, your device will not automatically connect to Wi-Fi networks without security and will disconnect from a non-secure network when Lockdown Mode is activated. Many other features may be affected because the system will prioritise security standards above the typical operational functions. Since lockdown mode restricts certain features and activities, one can exclude a particular app or website in Safari from being impacted and limited by restrictions. Only exclude trusted apps or websites if necessary.

References:

1. https://support.apple.com/en-in/105120#:~:text=Tap%20Privacy%20%26%20Security.,then%20enter%20your%20device%20passcode
2. https://www.business-standard.com/technology/tech-news/apple-lockdown-mode-what-is-it-and-how-it-prevents-spyware-attacks-124041200667_1.html

‍

Introduction  

The emergence of deepfake technology has become a significant problem in an era driven by technological growth and power. The government has reacted proactively as a result of concerns about the exploitation of this technology due to its extraordinary realism in manipulating information. The national government is in the vanguard of defending national interests, public trust, and security as the digital world changes. On the 26th of December 2023, the central government issued an advisory to businesses, highlighting how urgent it is to confront this growing threat.

The directive aims to directly address the growing concerns around Deepfakes, or misinformation driven by AI. This advice represents the result of talks that Union Minister Shri Rajeev Chandrasekhar, had with intermediaries during the course of a month-long Digital India dialogue. The main aim of the advisory is to accurately and clearly inform users about information that is forbidden, especially those listed under Rule 3(1)(b) of the IT Rules. 

Advisory

The Ministry of Electronics and Information Technology (MeitY) has sent a formal recommendation to all intermediaries, requesting adherence to current IT regulations and emphasizing the need to address issues with misinformation, specifically those driven by artificial intelligence (AI), such as Deepfakes. Union Minister Rajeev Chandrasekhar released the recommendation, which highlights the necessity of communicating forbidden information in a clear and understandable manner, particularly in light of Rule 3(1)(b) of the IT Rules.

Advise on Prohibited Content Communication

According to MeitY's advice, intermediaries must transmit content that is prohibited by Rule 3(1)(b) of the IT Rules in a clear and accurate manner. This involves giving users precise details during enrollment, login, and content sharing/uploading on the website, as well as including such information in customer contracts and terms of service.

Ensuring Users Are Aware of the Rules

Digital platform suppliers are required to inform their users of the laws that are relevant to them. This covers provisions found in the IT Act of 2000 and the Indian Penal Code (IPC). Corporations should inform users of the potential consequences of breaking the restrictions outlined in Rule 3(1)(b) and should also urge users to notify any illegal activity to law enforcement.

Talks Concerning Deepfakes

For more than a month, Union Minister Rajeev Chandrasekhar had a significant talk with various platforms where they addressed the issue of "deepfakes," or computer-generated fake videos. The meeting emphasized how crucial it is that everyone abides by the laws and regulations in effect, particularly the IT Rules to prevent deepfakes from spreading.  

Addressing the Danger of Disinformation

Minister Chandrasekhar underlined the grave issue of disinformation, particularly in the context of deepfakes, which are false pieces of content produced using the latest developments such as artificial intelligence. He emphasized the dangers this deceptive data posed to internet users' security and confidence. The Minister emphasized the efficiency of the IT regulations in addressing this issue and cited the Prime Minister's caution about the risks of deepfakes.

Rule Against Spreading False Information

The Minister referred particularly to Rule 3(1)(b)(v), which states unequivocally that it is forbidden to disseminate false information, even when doing so involves cutting-edge technology like deepfakes. He called on intermediaries—the businesses that offer digital platforms—to take prompt action to take such content down from their systems. Additionally, he ensured that everyone is aware that breaking such rules has legal implications.

Analysis 

The Central Government's latest advisory on deepfake technology demonstrates a proactive strategy to deal with new issues. It also highlights the necessity of comprehensive legislation to directly regulate AI material, particularly with regard to user interests.

There is a wider regulatory vacuum for content produced by artificial intelligence, even though the current guideline concentrates on the precision and lucidity of information distribution. While some limitations are mentioned in the existing laws, there are no clear guidelines for controlling or differentiating AI-generated content.

Positively, it is laudable that the government has recognized the dangers posed by deepfakes and is making appropriate efforts to counter them. As AI technology develops, there is a chance to create thorough laws that not only solve problems but also create a supportive environment for the creation of ethical AI content. User protection, accountability, openness, and moral AI use would all benefit from such laws. This offers an opportunity for regulatory development to guarantee the successful and advantageous incorporation of AI into our digital environment.

Conclusion 

The Central Government's preemptive advice on deepfake technology shows a great dedication to tackling new risks in the digital sphere. The advice highlights the urgent need to combat deepfakes, but it also highlights the necessity for extensive legislation on content produced by artificial intelligence. The lack of clear norms offers a chance for constructive regulatory development to protect the interests of users. The advancement of AI technology necessitates the adoption of rules that promote the creation of ethical AI content, guaranteeing user protection, accountability, and transparency. This is a turning point in the evolution of regulations, making it easier to responsibly incorporate AI into our changing digital landscape.

References

• https://economictimes.indiatimes.com/tech/technology/deepfake-menace-govt-issues-advisory-to-intermediaries-to-comply-with-existing-it-rules/articleshow/106297813.cms
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1990542#:~:text=Ministry%20of%20Electronics%20and%20Information,misinformation%20powered%20by%20AI%20%E2%80%93%20Deepfakes.
• https://www.timesnownews.com/india/centres-deepfake-warning-to-it-firms-ensure-users-dont-violate-content-rules-article-106298282#:~:text=The%20Union%20government%20on%20Tuesday,actors%2C%20businesspersons%20and%20other%20celebrities

Recent Incidents:

Recent reports are revealing a significant security threat linked to a new infostealer based malware campaign known to solely target gaming accounts. This attack has affected users of Activision and other gaming websites. The sophisticated software has captured millions of login credentials, notably from the cheats and players. The officials at Activision Blizzard, an American video game holding company, are still investigating the matter and collaborating with cheated developers to minimize the impact and inform the accounts’ residents of appropriate safety measures.

Overview:

Infostealer, also known as information stealer, is a type of malware designed in the form of a Trojan virus for stealing private data from the infected system. It can have a variety of incarnations and collect user data of various types such as browser history, passwords, credit card numbers, and login details and credentials to social media, gaming platforms, bank accounts, and other websites. Bad actors use the log obtained as a result of the collection of personal records to access the victim’s financial accounts, appropriate the victim’s online identity, and perform fraudulent actions on behalf of the victim.

Modus Operandi:

• Infosteale­r is a malicious program created to illegally obtain pe­ople's login details, like use­rnames and passwords. Its goal is to enable cybe­rattacks, sell on dark web markets, or pursue­ malicious aims.

• This malware targets both personal de­vices and corporate systems. It spre­ads through methods like phishing emails, harmful we­bsites, and infected public site­s.

• Once inside a device­, Infostealer secre­tly gathers sensitive data like­ passwords, account details, and personal information. It's designe­d to infiltrate systems being undete­cted. The stolen cre­dentials are compiled into datalogs. The­se logs are then sold ille­gally on dark web marketplaces for profit.

Analysis: 

‍

‍

Basic properties:

• MD5: 06f53d457c530635b34aef0f04c59c7d
• SHA-1: 7e30c3aee2e4398ddd860d962e787e1261be38fb
• SHA-256: aeecc65ac8f0f6e10e95a898b60b43bf6ba9e2c0f92161956b1725d68482721d
• Vhash: 145076655d155515755az4e?z4
• Authentihash: 65b5ecd5bca01a9a4bf60ea4b88727e9e0c16b502221d5565ae8113f9ad2f878
• Imphash: f4a69846ab44cc1bedeea23e3b680256
• Rich PE header hash: ba3da6e3c461234831bf6d4a6d8c8bff 
• SSDEEP: 6144:YcdXHqXTdlR/YXA6eV3E9MsnhMuO7ZStApGJiZcX8aVEKn3js7/FQAMyzSzdyBk8:YIKXd/UgGXS5U+SzdjTnE3V
• TLSH:T1E1B4CF8E679653EAC472823DCC232595E364FB009267875AC25702D3EFBB3D56C29F90
• File type: Win32 DLL executable windows win32 pepe dll
• Magic: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
• File size: 483.50 KB (495104 bytes)

Additional Hash Files:

• 160389696ed7f37f164f1947eda00830
• 229a758e232aeb49196c862655797e12
• 23e4ac5e7db3d5a898ea32d27e8b7661
• 3440cced6ec7ab38c6892a17fd368cf8
• 36d7da7306241979b17ca14a6c060b92
• 38d2264ff74123f3113f8617fabc49f6
• 3c5c693ba9b161fa1c1c67390ff22c96
• 3e0fe537124e6154233aec156652a675
• 4571090142554923f9a248cb9716a1ae
• 4e63f63074eb85e722b7795ec78aeaa3
• 63dd2d927adce034879b114d209b23de
• 642aa70b188eb7e76273130246419f1d
• 6ab9c636fb721e00b00098b476c49d19
• 71b4de8b5a1c5a973d8c23a20469d4ec
• 736ce04f4c8f92bda327c69bb55ed2fc
• 7acfddc5dfd745cc310e6919513a4158
• 7d96d4b8548693077f79bc18b0f9ef21
• 8737c4dc92bd72805b8eaf9f0ddcc696
• 9b9ff0d65523923a70acc5b24de1921f
• 9f7c1fffd565cb475bbe963aafab77ff

Indicators of Compromise:

• Unusual Outbound Network Traffic: An increase in odd or questionable outbound network traffic may be a sign that infostealer malware has accessed more data.

• Anomalies in Privileged User Account Activity: Unusual behavior or illegal access are two examples of irregular actions that might indicate a breach in privileged user accounts.

• Suspicious Registry or System File Changes: Infostealer malware may be trying to alter system settings if there are any unexpected changes to system files, registry settings, or configurations.

• Unusual  DNS queries: When communicating with command and control servers or rerouting traffic, infostealer malware may produce strange DNS queries.

• Unexpected System Patching: Unexpected or unauthorized system patching by unidentified parties may indicate that infostealer malware has compromised the system and is trying to hide its footprint or become persistent. 

• Phishing emails and social engineering attempts:  It is a  popular strategy employed by cybercriminals to get confidential data or implant malicious software. To avoid compromise, it is crucial to be wary of dubious communications and attempts of social engineering.

Recommendations:

• Be Vigilant: In today's digital world, many cybercrime­s threaten online safe­ty, Phishing tricks, fake web pages, and bad links pose­ real dangers. Carefully che­ck email sources. Examine we­bsites closely. Use top se­curity programs. Follow safe browsing rules. Update software­ often. Share safety tips. The­se steps reduce­ risks. They help kee­p your online presence­ secure.

• Regular use of Anti-Virus Software to detect the threats: Antivirus tools are vital for finding and stopping cybe­r threats. These programs use­ signature detection and be­havior analysis to identify known malicious code and suspicious activities. Updating virus de­finitions and software-patches regularly, improve­s their ability to detect ne­w threats. This helps maintain system se­curity and data integrity.

• Provide security related training to the employees and common employees: One should learn Cybe­rsecurity and the best practice­s in order to keep the­ office safe. Common workers will ge­t lessons on spotting risks and responding well, cre­ating an environment of caution.

• Keep changing passwords: Passwords should be changed fre­quently for better se­curity. Rotating passwords often makes it harder for cybe­r criminals to compromise and make it happen or confidential data to be­ stolen. This practice keeps intruders out and shie­lds sensitive intel.

Conclusion:

To conclude, to reduce the impact and including the safety measures, further investigations and collaboration are already in the pipeline regarding the recent malicious software that takes advantage of gamers and has stated that about millions of credentials users have been compromised. To protect sensitive data, continued usage of antivirus software, use of trusted materials  and password changes are the key elements. The ways to decrease risks and safely protect sensitive information are to develop improved Cybersecurity methods such as multi-factor authentication and the conduct of security audits frequently. Be safe and be vigilant.

Reference:

• https://techcrunch.com/2024/03/28/activision-says-its-investigating-password-stealing-malware-targeting-game-players/
• https://www.bleepingcomputer.com/news/security/activision-enable-2fa-to-secure-accounts-recently-stolen-by-malware/
• https://cyber.vumetric.com/security-news/2024/03/29/activision-enable-2fa-to-secure-accounts-recently-stolen-by-malware/
• https://www.virustotal.com/
• https://otx.alienvault.com/

‍