Deepfake Alert: Sachin Tendulkar's Warning Against Technology Misuse

Executive Summary:

A new threat being uncovered in today’s threat landscape is that while threat actors took an average of one hour and seven minutes to leverage Proof-of-Concept(PoC) exploits after they went public, now the time is at a record low of 22 minutes. This incredibly fast exploitation means that there is very limited time for organizations’ IT departments to address these issues and close the leaks before they are exploited. Cloudflare released the Application Security report which shows that the attack percentage is more often higher than the rate at which individuals invent and develop security countermeasures like the WAF rules and software patches. In one case, Cloudflare noted an attacker using a PoC-based attack within a mere 22 minutes from the moment it was released, leaving almost no time for a remediation window. 

Despite the constant growth of vulnerabilities in various applications and systems, the share of exploited vulnerabilities, which are accompanied by some level of public exploit or PoC code, has remained relatively stable over the past several years and fluctuates around 50%. These vulnerabilities with publicly known exploit code, 41% was initially attacked in the zero-day mode while of those with no known code, 84% was first attacked in the same mode. 

Modus Operandi:

The modus operandi of the attack involving the rapid weaponization of proof-of-concept (PoC) exploits is characterized by the following steps:

• Vulnerability Identification: Threat actors bring together the exploitation of a system vulnerability that may be in the software or hardware of the system; this may be a code error, design failure, or a configuration error. This is normally achieved using vulnerability scanners and test procedures that have to be performed manually. 

• Vulnerability Analysis: After the vulnerability is identified, the attackers study how it operates to determine when and how it can be triggered and what consequences that action will have. This means that one needs to analyze the details of the PoC code or system to find out the connection sequence that leads to vulnerability exploitation. 

• Exploit Code Development: Being aware of the weakness, the attackers develop a small program or script denoted as the PoC that addresses exclusively the identified vulnerability and manipulates it in a moderated manner. This particular code is meant to be utilized in showing a particular penalty, which could be unauthorized access or alteration of data. 

• Public Disclosure and Weaponization: The PoC exploit is released which is frequently done shortly after the vulnerability has been announced to the public. This makes it easier for the attackers to exploit it while waiting for the software developer to release the patch. To illustrate, Cloudflare has spotted an attacker using the PoC-based exploit 22 minutes after the publication only. 

• Attack Execution: The attackers then use the weaponized PoC exploit to attack systems which are known to be vulnerable to it. Some of the actions that are tried in this context are attempts at running remote code, unauthorized access and so on. The pace at which it happens is often much faster than the pace at which humans put in place proper security defense mechanisms, such as the WAF rules or software application fixes. 

• Targeted Operations: Sometimes, they act as if it’s a planned operation, where the attackers are selective in the system or organization to attack. For example, exploitation of CVE-2022-47966 in ManageEngine software was used during the espionage subprocess, where to perform such activity, the attackers used the mentioned vulnerability to install tools and malware connected with espionage. 

Precautions: Mitigation

Following are the mitigating measures against the PoC Exploits: 

1. Fast Patching and New Vulnerability Handling 

• Introduce proper patching procedures to address quickly the security released updates and disclosed vulnerabilities. 

• Focus should be made on the patching of those vulnerabilities that are observed to be having available PoC exploits, which often risks being exploited almost immediately.

• It is necessary to frequently check for the new vulnerability disclosures and PoC releases and have a prepared incident response plan for this purpose. 

2. Leverage AI-Powered Security Tools 

•  Employ intelligent security applications which can easily generate desirable protection rules and signatures as attackers ramp up the weaponization of PoC exploits. 

• Step up use of artificial intelligence (AI) - fueled endpoint detection and response (EDR) applications to quickly detect and mitigate the attempts. 

• Integrate Artificial Intelligence based SIEM tools to Detect & analyze Indicators of compromise to form faster reaction. 

 3. Network Segmentation and Hardening 

• Use strong networking segregation to prevent the attacker’s movement across the network and also restrict the effects of successful attacks. 

• Secure any that are accessible from the internet, and service or protocols such as RDP, CIFS, or Active directory. 

• Limit the usage of native scripting applications as much as possible because cyber attackers may exploit them. 

4. Vulnerability Disclosure and PoC Management 

• Inform the vendors of the bugs and PoC exploits and make sure there is a common understanding of when they are reported, to ensure fast response and mitigation. 

• It is suggested to incorporate mechanisms like digital signing and encryption for managing and distributing PoC exploits to prevent them from being accessed by unauthorized persons. 

• Exploits used in PoC should be simple and independent with clear and meaningful variable and function names that help reduce time spent on triage and remediation. 

5. Risk Assessment and Response to Incidents 

• Maintain constant supervision of the environment with an intention of identifying signs of a compromise, as well as, attempts of exploitation. 

• Support a frequent detection, analysis and fighting of threats, which use PoC exploits into the system and its components. 

• Regularly communicate with security researchers and vendors to understand the existing threats and how to prevent them.

Conclusion:

The rapid process of monetization of Proof of Concept (POC) exploits is one of the most innovative and constantly expanding global threats to cybersecurity at the present moment. Cyber security experts must react quickly while applying a patch, incorporate AI to their security tools, efficiently subdivide their networks and always heed their vulnerability announcements. Stronger incident response plan would aid in handling these kinds of menaces. Hence, applying measures mentioned above, the organizations will be able to prevent the acceleration of turning PoC exploits into weapons and the probability of neutral affecting cyber attacks. 

Reference:

https://www.mayrhofer.eu.org/post/vulnerability-disclosure-is-positive/

https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware

https://www.balbix.com/insights/attack-vectors-and-breach-methods/

https://blog.cloudflare.com/application-security-report-2024-update

‍

Introduction

As the sun rises on a new chapter in the Indian telecommunications narrative, the corridors of power in New Delhi are abuzz with palpable excitement and a hint of solemnity. Here, a groundbreaking proposal stands before the lawmakers of the Lok Sabha, not simply a proposed amendment or update to an existing statute, but the cornerstone of a reimagined communications epoch—the Telecommunications Bill of 2023. In every sense, this legislative masterpiece embodies a country at the intersection of tradition and innovation, eager to part ways with vestiges of colonial infrastructure that have shaped its modern landscape.

The Origins

Steeped in history, India's telecommunications system has persevered through a patchwork of regulations and ad hoc policies, growing somewhat unwieldy under the shadow of the Indian Telegraph Act (1885), the Wireless Telegraphy Act (1933), and the Telegraph Wires (Unlawful Possession) Act (1950). Yet, it is within this context of the old guard, a relic of British administration, that the new Telecommunications Bill seeks to transcend the limitations of the past. It aims to dismantle barriers and create an ecosystem that is fluid, adaptable, and resonant with the rapid cadence of technological advancements and the demands of a population increasingly reliant on digital connectivity.

In crafting this bill, the creators have meticulously knitted together an intricate fabric of vibrant threads, each signifying a pillar of progress. To herald an era of unparalleled growth and dynamism, the bill looks beyond the scope of traditional telecommunication services, boldly embracing the convergence of digital mediums such as wire, radio, and optical fibers, aligning with the modalities of 21st-century communication. The bill’s very essence is innovation, etching a new paradigm through its provisions and signalling India's readiness to interface with the ever-expanding digital frontier.

The Defining Features 

A novel and defining feature of this bill is its departure from a rigid licensing regime. It forges ahead with 'authorizations'—a signifier that resonates with flexibility, adaptability, and a regulatory approach that isn't mired in bureaucratic inertia but is rather an enabler of swift technological adoption and market responsiveness. This transformative philosophy signifies a departure from the byzantine processes of yore, orbiting instead toward an agile governance model that is both responsive to current needs and anticipative of future trends.

The introduction of mandatory biometric authentication for telecom customers articulates an unyielding stance against the rampant misuse of communication networks. Indeed, this measure draws a fine line between the right to privacy and the exigencies of data protection, posing ethical questions that animate public discourse. This balance seeks to thwart unsolicited commercial communication, exemplifying the state's vigil on the sanctuaries of personal space and tranquility.

In addition, the forward-looking bill tactically addresses the strategic use of spectrum resources with an undercurrent of prescience. By granting ‘spectrum assets’ legislative stature through the National Frequency Allocation Plan and enabling operators to adapt through 'refarming', the bill forms a visionary blueprint for resource optimization. It inherently recognizes that bandwidth is not simply a commercial commodity but one that serves the wider canvas of national imperatives, connectivity goals, and developmental aspirations.

Further embodying the dual themes of openness and vigilance, the bill incorporates provisions for interception and the implementation of a 'trusted sources' regime, a tacit acknowledgement of the cybersecurity challenges that loom on the horizon amidst increasing geopolitical strains. These measures exemplify the act of walking a tightrope between the democratic ideals of transparency and the unyielding requirements of state security.

Looking to the skies, the bill embraces satellite technologies, foreseeing their potential in unshackling the remote and marginalized areas from the constraints of terrestrial infrastructure and thus forging a digitally inclusive society. Acknowledging the expanse of the Indian subcontinent, the bill paves the way for an interconnected, digital hinterland via thoughtful satellite spectrum allocations.

Emphasizing the human thread in the digital weave, the reformulation of the Universal Service Obligation Fund into 'Digital Bharat Nidhi' underscores an unwavering commitment to reaching the unreached. It's the crystallization of a promise that every Indian, regardless of geographical and socio-economic divides, will be privy to the lenses of opportunity presented by the digital revolution.

The Watershed Moment 

The introduction of the Telecommunications Bill of 2023 is a watershed moment, a convergence where history and opportunity coalesce, propelling a nation forward with the ambitions of a burgeoning superpower replacing the Indian Telegraph Act (1885), the Wireless Telegraphy Act (1933), and the Telegraph Wires (Unlawful Possession) Act (1950). It carries within its articles and clauses the anticipation of a billion dreams, the catalyst to a regulatory environment that nurtures innovation, equality, and a forward leap into the future. 

Conclusion

Through its comprehensive scope and visionary approach, the bill writes a fresh chapter in India's digital saga. It is an unfolding story, pregnant with the possibilities of a nascent digital age, charting a trajectory for an India poised to define its own digital dome of the sky, under which its citizens will thrive for generations to come. With every legislative step, India crafts its legacy, a narrative of evolution, a tableau that reflects the aspirations of its people and their resolve to embrace the force of technology for the collective good. As this bill advances through the legislative labyrinth, it carries the spirit of a digital renaissance nestled in the heart of the world's largest democracy.

References 

• https://www.livemint.com/industry/telecom/new-telecom-bill-set-to-approve-administrative-allocation-for-satellite-broadband-services-11702876066350.html
• https://prsindia.org/billtrack/the-telecommunication-bill-2023

Introduction:

Welcome to the third edition of our blog on digital forensics series. In our previous blog we discussed the difference between copying, cloning, and imaging in the context of Digital Forensics, and found out why imaging is a better process. Today we will discuss the process of evidence collection in Digital Forensics. The whole process starts with making sure the evidence collection team has all necessary tools required for the task.

Investigating Tools and Equipment:

Below are some mentioned tools that the team should carry with them for a successful evidence collection:

• Anti-static bags
• Faraday bags
• Toolkit having screwdrivers(nonmagnetic), scissors, pins, cutters, forceps, clips etc.
• Rubber gloves
• Incident response toolkit (Software)
• Converter/Adapter: USB, SATA, IDE, SCSI
• Imaging software
• Volatile data collection tools (FTK Imager, Magnet Forensics RAM Capture)
• Pens, permanent markers
• Storage containers
• Batteries
• Video cameras
• Note/sketch pads
• Blank storage media
• Write-Blocker device
• Labels
• Crime scene security tapes
• Camera

What sources of Data are necessary for Digital Evidence?

• Hard-Drive (Desktop, Laptop, External, Server)
• Flash Drive
• SD Cards
• Floppy Disks
• Optical Media (CD, DVD)
• CCTV/DVR
• Internal Storage of Mobile Device
• GPS (Mobile/Car)
• Call Site Track (Towers)
• RAM

‍

‍

Evidence Collection

The investigators encounter two primary types of evidence during the course of gathering evidence: non-electronic and electronic evidence.

The following approaches could be used to gather non-electronic evidence:

• In the course of looking into electronic crimes, recovering non-electronic evidence can be extremely important.  Be cautious to make sure that this kind of evidence is retrieved and kept safe. Items that may be relevant to a later review of electronic evidence include passwords, papers or printouts, calendars, literature, hardware and software manuals, text or graphical computer printouts, and photos.  These items should be secured and kept for further examination.
• They are frequently found close to the computer or other related hardware.  Locating, securing, and preserving all evidence is required by departmental procedures.

Three scenarios arise for the collection of digital evidence from computers: 

Situation 1: The desktop is visible, and the monitor is on.

• Take a picture of the screen and note the data that is visible. 
• Utilize tools for memory capturing to gather volatile data.
• Look for virtual disks. If so, gather mounted data's logical copies.
• Give each port and connection a label.
• Take a picture of them.
• Turn off network access to stop remote access.
• Cut off the power or turn it off.
• Locate and disconnect the hard drive by opening the CPU chassis.
• Take all evidence and place it in anti-magnetic (Faraday) bags.
• Deliver the evidence to the forensic lab.
• Keep the chain of custody intact.

Situation 2: The monitor is turned on, but it either has a blank screen (sleep mode) or an image for the screensaver.

• Make a small mouse movement (without pressing buttons). The work product should appear on the screen, or it should ask for a password.
• If moving the mouse does not result in a change to the screen, stop using the mouse and stop all keystrokes.
• Take a picture of the screen and note the data that is visible.
• Use memory capturing tools to gather volatile data (always use a write blocker to prevent manipulation during data collection).
• Proceed further in accordance with Situation 1.

Situation 3: The Monitor Is Off

• Write down the "off" status.
• After turning on the monitor, check to see if its status matches that of situations 1 or 2 above, and then take the appropriate action.
• Using a phone modem, cable, confirm that you are connected to the outside world. Try to find the phone number if there is a connection to the phone.
• To protect evidence, take out the floppy disks that might be there, package each disk separately, and label the evidence.  Put in a blank floppy disk or a seizure disk, if one is available. Avoid touching the CD drive or taking out CDs.
• Cover the power connector and every drive slot with tape.
• Note the serial number, make, and model.
• Take a picture of the computer's connections and make a diagram with the relevant cables.
• To enable precise reassembly at a later date, label all connectors and cable ends, including connections to peripheral devices. Put "unused" on any connection ports that are not in use.  Recognize docking stations for laptop computers in an attempt to locate additional storage media.
• All evidence should be seized and placed in anti-magnetic (Faraday) bags.
• All evidence should be seized and placed in anti-magnetic (Faraday) bags.
• Put a tag or label on every bag.
• Deliver the evidence to the forensic lab.
• Keep the chain of custody intact. 

Following the effective gathering of data, the following steps in the process are crucial: data packaging, data transportation, and data storage.

The following are the steps involved in data packaging, transportation, and storage:

Packaging:

• Label every computer system that is gathered so that it can be put back together exactly as it was found

When gathering evidence at a scene of crime,

• Before packing, make sure that every piece of evidence has been appropriately  labeled and documented.
• Latent or trace evidence requires particular attention, and steps should be taken to preserve it.
• Use paper or antistatic plastic bags for packing magnetic media to prevent static electricity. Do not use materials like regular plastic bags (instead use faraday bags) that can cause static electricity. 
• Be careful not to bend, fold, computer media like tapes, or CD-ROM.
• Make sure that the labels on every container used to store evidence are correct.

Transporting

• Make sure devices are not packed in containers and are safely fastened inside the car to avoid shock and excessive vibrations. Computers could be positioned on the floor of the car,and monitors could be mounted on the seat with the screen down .

When transporting evidence—

• Any electronic evidence should be kept away from magnetic sources.  Radiation transmitters, speaker magnets, and heated seats are a few examples of items that can contaminate electronic evidence.
• Avoid leaving electronic evidence in your car for longer than necessary. Electronic devices can be harmed by extremes in temperature, humidity.
• Maintain the integrity of the chain of custody while transporting any evidence.

Storing

• Evidence should be kept safe and away from extremes in humidity and temperature. Keep it away from dust, moisture, magnetic devices, and other dangerous impurities.  Be advised that extended storage may cause important evidence—like dates, times, and system configurations—to disappear. Because batteries have a finite lifespan, data loss may occur if they malfunction. Whenever the battery operated device needs immediate attention, it should be informed to the relevant authority (eg., the chief of laboratory, the forensic examiner, and the custodian of the evidence). 

CONCLUSION:

Thus, securing the crime scene to packaging, transportation and storage of data are the important steps in the process of collecting digital evidence in forensic investigations. Keeping the authenticity during the process along with their provenance is critical during this phase. It is also important to ensure the admissibility of evidence in legal proceedings. This systematic approach is essential for effectively investigating and prosecuting digital crimes.

‍