Launch of Central Suspect Registry to Combat Cyber Crimes

The evolution of technology has presented both profound benefits and considerable challenges. It has benefited us with global interconnectivity, optimisation of the workforce, faster and solution-oriented approach, but at the same time increases risks of cybercrimes and the misuse of technology via online theft, fraud, and abuse. As the reliance on technology increases, it makes the users vulnerable to cyberattacks. 

One way to address this nuisance is to set global standards and initiate measures for cooperation by integrating the efforts of international institutions such as UN bodies and others. The United Nations Interregional Crime and Justice Research Institute, which combats cybercrime and promotes the responsible use of technology, is making waves in these issues. 

Understanding the Scope of the Problem 

Crowdstrike had estimated the cybersecurity market at $207.77 billion in 2024 and expected it to reach $376.55 billion by 2029 and continue growing at a CAGR of 12.63% during the forecast period. In October of 2024, Forbes predicted that the cost of cyber attacks on the global economy would be over $10.5 trillion. 

The developments in technology have provided cybercriminals with more sophisticated means to commit cybercrimes. These include cybercrimes like data breaches, which are increasingly common, such as phishing attacks, ransomware, social engineering, and IoT attacks. Their impact is evident across various domains, including economic and social spheres. The victims of cybercrimes can often suffer from stress, anxiety, fear of being victimised again, a lack of trust and social polarisation/stigmatisation.

UNICRI’s Strategic Approach 

UNICRI actively combats cybercrimes and technology misuse, focusing on cybersecurity, organized crime in cyberspace, and terrorists' internet use. Since 2020, it has monitored social media misuse, analysed tools to debunk misinformation and balanced security with human rights. 

The key focus areas of UNICRI’s strategic approach include cybersecurity in robotics, critical infrastructure, and SCADA systems, digital forensics, child online protection and addressing online profiling and discrimination. It further supports LEAs (judges, prosecutors, and investigators) by providing them with specialised training. Its strategies to counter cybercrime and tech misuse include capacity-building exercises for law enforcement, developing international legal frameworks, and fostering public-private collaborations.

Key Initiatives under UNICRI Strategic Programme Framework of 2023-2026

The key initiatives under UNICRI set out the strategic priority areas that will guide its work. It  includes:

1. Prevent and Counter Violent Extremism: By addressing the drivers of radicalisation, gender-based discrimination, and leveraging sports for prevention.
2. Combat Organised Crime: Via tackling illicit financial flows, counterfeiting, and supply chain crimes while promoting asset recovery.
3. Promotion of Emerging Technology Governance: Encouraging responsible AI use, mitigating cybercrime risks, and fostering digital inclusivity.
4. Rule of Law and Justice Access: Enhancing justice systems for women and vulnerable populations while advancing criminal law education.
5. CBRN Risk Mitigation: Leveraging expert networks and whole-of-society strategies to address chemical, biological, radiological, and nuclear risks.

The Challenges and Opportunities: CyberPeace Takeaways

The challenges that affect the regulation of cybercrimes are most often caused due to jurisdictional barriers, the lack of resources, and the rapid pace of technological change. This is due to the cross-border nature of cybercrimes and as many nations lack the expertise or infrastructure to address sophisticated cyber threats. The regulatory or legislative frameworks often get outpaced by technology developments, including quantum computing, deepfakes, or blockchain misuse. Due to this, these crimes are often unpunished.  

The opportunities that have been developing for innovation in cybercrime prevention, include AI and machine learning tools to detect cybercrimes, enhanced international cooperation that can strengthen the collective defence mechanisms, like multi-stakeholder approaches.  Capacity Building initiatives for continuous training and education help LEAs and judicial systems adapt to emerging threats, is a continuous effort that requires participation from all sectors, be it public or private. 

Conclusion 

Due to cybercrimes and the threats they induce on individuals, communities, and global security, the proactive approach by UNICRI of combining international cooperation, capacity-building and innovative strategies is pivotal in combating these challenges. By addressing the challenges of organised crime in cyberspace, child online protection, and emerging technology governance, UNICRI exemplifies the power of strategic engagement. While jurisdictional barriers and resource limitations persist, the opportunities in AI, global collaboration, and education offer a path forward. With the evolution of technology, our defences must also be dynamic and ever evolving, and UNICRI’s efforts are essential to building a safer, more inclusive digital future for all.

References

• https://unicri.it/special_topics/securing_cyberspace
• https://www.forbes.com/sites/bernardmarr/2023/10/11/the-10-biggest-cyber-security-trends-in-2024-everyone-must-be-ready-for-now/

‍

Introduction 

The Data Protection Data Privacy Act 2023 is the most essential step towards protecting, prioritising, and promoting the users’ privacy and data protection. The Act is designed to prioritize user consent in data processing while assuring uninterrupted services like online shopping, intermediaries, etc. The Act specifies that once a user provides consent to the following intermediary platforms, the platforms can process the data until the user withdraws the rights of it. This policy assures that the user has the entire control over their data and is accountable for its usage.

‍

A keen Outlook 

The Following Act also provides highlights for user-specific purpose, which is limited to data processing. This step prevents the misuse of data and also ensures that the processed data is being for the purpose for which it was obtained at the initial stage from the user.

1. Data Fudiary and Processing of Online Shopping Platforms: The Act Emphasises More on Users’ Consent. Once provided, the Data Fudiary can constantly process the data until it is specifically withdrawn by the Data Principal.

• Detailed Analysis

• Consent as a Foundation: The Act places the user's consent as a backbone to the data processing. It sets clear boundaries for data processing. It can be Collecting, Processing, and Storing, and must comply with users’ consent before being used.
• Uninterrupted Data processing: With the given user consent, the intermediaries are not time-restrained. As long as the user does not obligate their consent, the process will be ongoing.

2. Consent and Order Fulfillment: Consent, once provided, encloses all the activities related to the specific purpose for which it was meant to the data it was given for subsequent actions such as order fulfilment. 

• Detailed Analysis

• Purpose-Limited Consent: The consent given is purpose-limited. The platform cannot misuse the obtained data for its personal use.
• Seamless User Experience: By ensuring that the user consent covers the full transactions, spared from the unwanted annoyance of repeated consent requests from the actual ongoing activities. 

3. Data Retention and Rub Out on Online Platforms: Platforms must ensure data minimisation post its utilisation period. This extends to any kind of third-party processors they might take on.

• Detailed Analysis

• Minimization and Security Assurance: By compulsory data removal on post ultization,This step helps to reduce the volume of data platforms hold, which leads to minimizing the risk to data.
• Third-Party Accountability, User Privacy Protection. 

‍

Influence from Global frameworks

The impactful changes based on global trends and similar legislation( European Union’s GDPR) here are some fruitful changes in intermediaries and social media platforms experienced after the implementation of the DPDP Act 2023.

1. Solidified Consent Mechanism: Platforms and intermediatries need to ensure the users’ consent is categorically given, and informed, and should be specific to which the data is obtained. This step may lead to user-friendly consent forms activities and prompts. 
2. Data Minimizations: Platforms that tend to need to collect the only data necessary for the specific purpose mentioned and not retain information beyond its utility.
3. Transparency and Accountability: Data collecting Platforms need to ensure transparency in data collecting, data processing, and sharing practices. This involves more detailed policy and regular audits.
4. Data Portability: Users have the right to request for a copy of their own data used in format, allowing them to switch platforms effectively.
5. Right to Obligation: Users can have the request right to deletion of their data, also referred to as the “Right to be forgotten”.
6. Prescribed Reporting: Under circumstances of data breaches, intermediary platforms are required to report the issues and instability to the regulatory authorities within a specific timeline.
7. Data Protection Authorities: Due to the increase in data breaches, Large platforms indeed appoint data protection officers, which are responsible for the right compliance with data protection guidelines.
8. Disciplined Policies: Non-compliance might lead to a huge amount of fines, making it indispensable to invest in data protection measures.
9. Third-Party Audits: Intermediaries have to undergo security audits by external auditors to ensure they are meeting the expeditions of the following compliances.
10. Third-Party Information Sharing Restrictions: Sharing personal information and users’ data with third parties (such as advertisers) come with more detailed and disciplined guideline and user consent.

‍

Conclusion 

The Data Protection Data Privacy Act 2023 prioritises user consent, ensuring uninterrupted services and purpose-limited data processing. It aims to prevent data misuse, emphasising seamless user experiences and data minimisation. Drawing inspiration from global frameworks like the EU's GDPR, it introduces solidified consent mechanisms, transparency, and accountability. Users gain rights such as data portability and data deletion requests. Non-compliance results in significant fines. This legislation sets a new standard for user privacy and data protection, empowering users and holding platforms accountable. In an evolving digital landscape, it plays a crucial role in ensuring data security and responsible data handling.

‍

References:

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
• https://www.mondaq.com/india/privacy-protection/1355068/data-protection-law-in-india-analysis-of-dpdp-act-2023-for-businesses--part-i
• https://www.hindustantimes.com/technology/explained-indias-new-digital-personal-data-protection-framework-101691912775654.html

‍

Introduction:

With improved capabilities and evasion strategies, the Vultur banking Trojan has reappeared and is a serious danger to Android users. The virus now employs numerous encrypted payloads, encrypted communication, and poses as legitimate apps. It is transmitted by trojanized dropper programs on the Google Play Store. Vultur targets victims via phone calls and SMS messages. With the help of this updated version of Vultur, attackers may take total control of compromised devices. They can perform a variety of remote control operations like install, remove, upload, and download files, halt the execution of programs, and circumvent the lock screen. The virus is now far more hazardous than it was previously because of its improved capacity to remotely access and manipulate machines.

Overview: 

The Android banking malware Vultur is well-known for its ability to record screens. It was first identified by ThreatFabric in March 2021 and targets banking apps for remote control and keylogging.

The malicious apps were hosted on the Google Play Store by the Brunhilda dropper-framework, which was used for its distribution. Initial versions of the program used reputable remote access tools such as ngrok and AlphaVNC.

Hybrid attacks have been used in recent operations to disseminate the Brunhilda dropper via phone calls and SMS. The dropper uses a number of payloads to distribute an upgraded version of Vultur.

41 new Firebase Cloud Messaging (FCM) commands and seven new Command-and-Control (C2) methods are included in the most recent version of Vultur. 

With the help of Android's Accessibility Services, these enhancements concentrate on remote access functionality that improves the malware's capacity to communicate with the victim's screen.

Modus operandi of Attack:

Hybrid Attack Method:

• Utilizes a phone call, two SMS messages, and trick users into installing malware.

• First SMS tricks victims into calling a certain number by claiming to have made significant, unlawful transactions, which gives the impression of urgency.

• Although there was no transaction in reality, the urgency motivates victims to act quickly.

Trozonized MacAfee App:

• The victims are told to install a trojanized version of the McAfee Security program from a given link during the phone call.

• This app looks harmless and has features similar to the original McAfee Security app, but it's actually the Brunhilda dropper.

• The victims are misled into assuming that the security software they are installing is authentic.

Execution of Vultur Payloads:

• Three payloads connected to Vultur are decrypted and executed via the Brunhilda dropper.

• Threat actors can carry out a variety of malicious operations, including keylogging and screen recording, on the victim's mobile device thanks to these payloads, which grant them total access over it.

• The infected device of the victim allows the threat actors to launch additional assaults or obtain private data.

Indication of the attack:

The symptoms of a Vultur banking Trojan infection include:

• Remote Access: This malware gives the hacker the ability to remotely use the infected device via clicking, scrolling, and swiping through Android's accessibility services.

• File Management: Through this, the malware is able to copy, share, remove, create, and locate files from devices it has infected.

• App Blocking: For instance; the malicious software can be programmed to stop the victims from opening a certain bunch of apps.

• Custom Notifications: Attackers can embed the malware with the functionality of displaying the customized notifications in the taskbar.

• Keyguard Disabling: The malware may be designed to turn off Screen Lock Guard feature so the lock screen security measure can be easily bypassed.

• Encrypted C2 Communication: The malware chooses AES data encryption, with Base64 text encoding to provide hidden traces for C2 communication.

• Payload Decryption: The malware uses native code, mostly written in C as well as C++, to decode the goods, thus, making a process of reversing more complicated.

• Spying on Financial Apps: The malware uses screen-streaming and keylogging as ways of acquiring facts about the victim’s mobile banking applications.

Indicator of Compromise:

File hash (SHA-256)

• edef007f1ca60fdf75a7d5c5ffe09f1fc3fb560153633ec18c5ddb46cc75ea21
• 89625cf2caed9028b41121c4589d9e35fa7981a2381aa293d4979b36cf5c8ff2
• 1fc81b03703d64339d1417a079720bf0480fece3d017c303d88d18c70c7aabc3
• 4fed4a42aadea8b3e937856318f9fbd056e2f46c19a6316df0660921dd5ba6c5
• 001fd4af41df8883957c515703e9b6b08e36fde3fd1d127b283ee75a32d575fc
• fc8c69bddd40a24d6d28fbf0c0d43a1a57067b19e6c3cc07e2664ef4879c221b
• 7337a79d832a57531b20b09c2fc17b4257a6d4e93fcaeb961eb7c6a95b071a06
• 7f1a344d8141e75c69a3c5cf61197f1d4b5038053fd777a68589ecdb29168e0c
• 26f9e19c2a82d2ed4d940c2ec535ff2aba8583ae3867502899a7790fe3628400
• 2a97ed20f1ae2ea5ef2b162d61279b2f9b68eba7cf27920e2a82a115fd68e31f
• c0f3cb3d837d39aa3abccada0b4ecdb840621a8539519c104b27e2a646d7d50d
• 92af567452ecd02e48a2ebc762a318ce526ab28e192e89407cac9df3c317e78d
• fa6111216966a98561a2af9e4ac97db036bcd551635be5b230995faad40b7607
• dc4f24f07d99e4e34d1f50de0535f88ea52cc62bfb520452bdd730b94d6d8c0e
• 627529bb010b98511cfa1ad1aaa08760b158f4733e2bbccfd54050838c7b7fa3
• f5ce27a49eaf59292f11af07851383e7d721a4d60019f3aceb8ca914259056af
• 5d86c9afd1d33e4affa9ba61225aded26ecaeb01755eeb861bb4db9bbb39191c
• 5724589c46f3e469dc9f048e1e2601b8d7d1bafcc54e3d9460bc0adeeada022d
• 7f1a344d8141e75c69a3c5cf61197f1d4b5038053fd777a68589ecdb29168e0c
• fd3b36455e58ba3531e8cce0326cce782723cc5d1cc0998b775e07e6c2622160
• 819044d01e8726a47fc5970efc80ceddea0ac9bf7c1c5d08b293f0ae571369a9
• 0f2f8adce0f1e1971cba5851e383846b68e5504679d916d7dad10133cc965851
• fb1e68ee3509993d0fe767b0372752d2fec8f5b0bf03d5c10a30b042a830ae1a
• d3dc4e22611ed20d700b6dd292ffddbc595c42453f18879f2ae4693a4d4d925a
• f4d7e9ec4eda034c29b8d73d479084658858f56e67909c2ffedf9223d7ca9bd2
• 7ca6989ccfb0ad0571aef7b263125410a5037976f41e17ee7c022097f827bd74
• c646c8e6a632e23a9c2e60590f012c7b5cb40340194cb0a597161676961b4de0

Command and Control Servers

• safetyfactor[.]online
• cloudmiracle[.]store
• flandria171[.]appspot[.]com (FCM)
• newyan-1e09d[.]appspot[.]com (FCM)

Droppers distribution URL’s

• mcafee[.]960232[.]com
• mcafee[.]353934[.]com
• mcafee[.]908713[.]com
• mcafee[.]784503[.]com
• mcafee[.]053105[.]com
• mcafee[.]092877[.]com
• mcafee[.]582630[.]com
• mcafee[.]581574[.]com
• mcafee[.]582342[.]com
• mcafee[.]593942[.]com
• mcafee[.]930204[.]com

Steps to be taken when your device is compromised?.

• Change the password: Vultur revealed multiple cases where threat actors can gain access to your financial and private information. To safeguard your account, reset passwords on other devices and create secure, unique passwords during the time. Instead of simply storing your password, a reputed password manager is the most secure way of storing information.

• Keep an eye on your transactions and accounts: It is advised that you regularly monitor your online accounts for any unusual or illegal activity. Keep a watch out for any irregularities, and report anything suspicious to the provider or authorities straight immediately.. Also check your credit reports and scores attentively to make sure that your identity or cards are not compromised.

• Make sure you are using identity theft protection: Many pieces of information about your identity are stored in an Android device. Cyber criminals can easily get hold of this data and make major damage to you, including stealing your money and identity. For your own protection, some of the identity theft protection services that monitor all your personal information and notify you on any unusual activity and, as well, helps you to freeze your accounts would be beneficial.

• Immediately get in touch with your banks and credit card companies: Your personal information such as credit card or bank details is of high risk to be exposed to hackers who could use them to make transactions without you knowing. You should inform your credit card and the lending bank about the situation as soon as possible. They would help you if your cards were used for fraudulent charges and your card be either frozen or canceled. Besides, they can get new cards issued.

• Make your contacts alert regarding the fraud you faced: Threat actors may access your social media or email accounts to send phishing messages or spam to people in your contact list, if they gain access to them. Moreover, they may masquerade as you and try to extort cash from you or disclose your personal information. Distributing a message to your contacts stating that they shouldn’t open or reply to any messages that look like they are not from you and look very strange or suspicious, will be a great idea.

• Make a backup and wipe all your device content in factory settings: You can always factory reset your device to ensure it is free of viruses and spyware. In other words, it will refresh Android and leave behind all your data and settings. Back up all the critical data prior to processing it and assure that everything is restored from a trustworthy source only.

Preventive measures to be taken:

• Avoid calling back to the hacker: If a hacker texts you claiming to have approved a sizable bank transaction, refrain from picking up the phone. You can always check by making a call to your own financial intuition. However, never pick up on an unknown number that someone else sends you.

• Avoid sideloading apps and shortened URLs: Try to avoid sideloading apps. That's the moment when you install apps from unofficial sources. Users may be tricked into downloading malware using short URLs.

• Be careful granting permissions: Be cautious when allowing permissions for apps. Think about whether an app really needs access to specific data or device functions.

• Limit the apps you have on your phone: On your phone, having plenty of apps might sometimes make it easier to become infected with malware. Over time, these apps may allow harmful code to enter your system, and the more programs you have to update and monitor, the greater the risk to your Android device. This is how to remove pointless apps from your Android device.

• Download apps from reputable sources: Additionally, make sure the programs you download are from reputable and authorized developers. Do your homework and read reviews before you install.

• Keep your Android device updated: With the help of software and security upgrades, your phone can automatically maintain security. Remember to install them.

• Have good antivirus software on all your devices: The best defense against malware on all of your devices is to install antivirus software. By blocking you from clicking on potentially dangerous links, antivirus software can keep malware off your devices and keep hackers from accessing your personal data.

Conclusion:

Vultur is a terrifying banking Trojan with a great deal of sophistication. It's unsettling that hackers can take complete control of your Android device, which emphasizes how crucial it is that you take precautions. It all starts with a text message in these attacks. You must take the time to independently contact your banking institution to check whether there are any issues. You may prevent having your entire device compromised and your personal information exposed by simply investing an additional few minutes.

Reference:

• https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
• https://www.threatfabric.com/blogs/vultur-v-for-vnc\
• https://www.tomsguide.com/computing/malware-adware/this-nasty-android-banking-trojan-lets-hackers-completely-hijack-your-phone-how-to-stay-safe
• https://thehackernews.com/2024/04/vultur-android-banking-trojan-returns.html?m=1
• https://www.smallbiztechnology.com/archive/2024/04/vultur-trojan-heightens-android-app-security-risks.html/
• https://securityaffairs.com/161320/malware/vultur-banking-trojan-android.html
• https://www.malwarebytes.com/blog/detections/android-trojan-spy-vultur
• https://www.scmagazine.com/brief/updated-vultur-android-banking-trojan-emerges
• https://innovatecybersecurity.com/security-threat-advisory/windows-server-updates-blamed-for-domain-controller-crashes-kb5035855-and-kb5035857/

‍