Digitally Altered Photo of Rowan Atkinson Circulates on Social Media

Introduction

Cybersecurity remains a crucial component in the modern digital era, considering the growing threat landscape caused by our increased reliance on technology and the internet. The Karnataka Government introduced a new ‘Cyber Security Policy 2024’ to address increasing cybercrimes and enhance protection measures for the State's digital infrastructure through awareness, skill development, public-private collaborations, and technology integration. Officials stated that the policy highlights various important aspects including raising awareness and providing education, developing skills, supporting the industry and start-ups, as well as forming partnerships and collaborations for enhancing capacity.

Key Highlights

• The policy consists of two components. The initial segment emphasizes creating a robust cyber security environment involving various sectors such as the public, academia, industry, start-ups, and government. The second aspect of the policy aims to enhance the cybersecurity status of the State's IT resources. Although the initial section will be accessible to the public, the second portion will be restricted to the state's IT teams and departments for their IT implementation.
• The Department of Electronics, IT, BT and S&T, the Department of Personnel and Administrative Reforms (e-Governance),and the Home Department, in collaboration with stakeholders from government and private sectors, have collectively formulated this policy. The Indian Institute of Science, the main institute for the state's K-tech Centre of Excellence for Cyber Security (CySecK), also examined the policy.
• The Department of Electronics, IT, BT and S&T, the Department of Personnel and Administrative Reforms (e-Governance),and the Home Department, in collaboration with stakeholders from government and private sectors, have collectively formulated this policy. The Indian Institute of Science, the main institute for the state's K-tech Centre of Excellence for Cyber Security (CySecK), also examined the policy.
• Approximately ₹103.87 crore will be spent over five years to implement the policy, which would be fulfilled from the budget allocated to the Department of Information Technology and Biotechnology and Science & Technology. A total of ₹23.74 crore would be allocated for offering incentives and concessions.
• The policy focuses on key pillars of building awareness and skills, promoting research and innovation, promoting industry and start-ups, partnerships and collaborations for capacity building.
• Karnataka-based undergraduate and postgraduate interns will receive a monthly stipend of INR 10,000- Rs15,000 fora maximum duration of three months under the internship program. The goal is to support 600 interns at the undergraduate level and 120 interns at the post-graduate level within the policy timeframe.
• Karnataka-based start-ups collaborating with academic institutes can receive matching grants of up to 50% of the total R&D cost for cybersecurity projects, or a maximum of ₹50 lakh.
• Reimbursement will be provided for expenses up to a maximum of INR 1 Lakh for start-ups registered with Karnataka Start-up Cell who engage CERT-In empanelled service providers from Karnataka for cyber security audit.
• The Karnataka government has partnered with Meta to raise awareness on cyber security. By reaching out to educational institutions, schools and colleges, it is piloted to provide training to 1 lakh teachers and educate 1 million children on online safety.

CyberPeace Policy Wing Outlook

The Cyber Security Policy, 2024 launched by the Karnataka government is a testament to the state government's commitment to strengthening the cyber security posture and establishing cyber resilience. By promoting and supporting research and development projects, supporting startups, and providing skill training internships, and capacity building at a larger scale, the policy will serve asa positive step in countering the growing cyber threats and establishing a peaceful digital environment for all. The partnership and collaboration with tech companies will be instrumental in implementing the capacity-building initiatives aimed at building cognitive and skill defenses while navigating the digital world. The policy will inspire other state governments in their policy initiatives for building safe and secure cyber-infrastructure in the states by implementing strategies tailored to the specific needs and demands of each state in building safe digital infrastructure and environment.

References:

• https://www.hindustantimes.com/cities/bengaluru-news/karnataka-govt-launches-new-cyber-security-policy-amid-frequent-scams-101722598078117.html
• https://ciso.economictimes.indiatimes.com/amp/news/grc/karnataka-govt-launches-new-cyber-security-policy/112214121
• https://cybermithra.in/2024/08/09/karnataka-cyber-security-policy/

• https://itbtst.karnataka.gov.in/storage/pdf-files/ITBT48ADM2021EngCABINET-GO.pdf

Introduction

DDoS – Distributed Denial of Service Attack is one of the cyber-attacks which has been evolving at the fastest pace,  the new technologies have created a blanket of vulnerability for the victim which allows the cyber criminals to stay under the radar and keep launching small scale high intensity cyber attacks. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.

Op Power Off

In a recent Operation by Law enforcement agencies known as Op Power Off, LEAs from United Kingdom, United States of America, Netherlands, Poland, and Germany joined hands to target the cybergroups committing such large-scale attacks which can paralyse the Internet become inaccessible for a large faction of netizens. The services collectively seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken down had been used to carry out over 30 million attacks. As part of this action, seven administrators have been arrested so far in the United States and the United Kingdom, with further actions planned against the users of these illegal services.  International police cooperation was central to the success of this operation as the administrators, users, critical infrastructure, and victims were scattered across the world. Europol’s European Cybercrime Centre coordinated the activities in Europe through its Joint Cybercrime Action Taskforce (J-CAT).

Participating Authorities

• United States: US Department of Justice (US DOJ), Federal Bureau of Investigation (FBI)
• United Kingdom: National Crime Agency (NCA)
• The Netherlands: National High Tech Crime Unit Landelijke Eenheid, Cybercrime team Midden-Nederland, Cybercrime team Noord-Holland and Cybercrime team Den Haag
• Germany: Federal Criminal Police Office (Bundeskriminalamt), Hanover Police Department (Polizeidirektion Hannover), Public Prosecutor’s Office Verden (Staatsanwaltschaft Verden)
• Poland: National Police Cybercrime Bureau (Biuro do Walki z Cyber-przestępczością)

Issue related to DDoS Attacks

DDoS booter services have effectively lowered the entry barrier into cybercrime: for a fee as low as EUR 10, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic.  The damage they can do to victims can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions, and police forces. Emboldened by perceived anonymity, many young IT enthusiasts get involved in this seemingly low-level crime, unaware of the consequences that such online activities can carry. The influence of toolkits available on the dark net has made it easier for criminals to commit such crimes and at times even get away with it as well.

‍Recent examples of DDoS Attacks

• In February 2020, Amazon Web Services (AWS) suffered a DDoS attack sophisticated enough to keep its incident response teams occupied for several days also affecting customers worldwide.
• In February 2021, the EXMO Cryptocurrency exchange fell victim to a DDoS attack that rendered the organization inoperable for almost five hours.
• Recently, Australia experienced a significant, sustained, state-sponsored DDoS attack.
• Belgium also became a victim of a DDoS attack that targeted the country’s parliament, police services, and universities.

DDoS vs. DoS Attacks: What’s the Difference?

It’s important to avoid confusing a DDoS (distributed denial of service) attack with a DoS (denial of service) attack. Although only one word separates the two, these attacks vary significantly in nature.

• Strictly defined, a typical DDoS attack manipulates many distributed network devices between the attacker and the victim into waging an unwitting attack, exploiting legitimate behavior.
• A traditional DoS attack doesn’t use multiple, distributed devices, nor does it focus on devices between the attacker and the organization. These attacks also tend not to use multiple internet devices.

Conclusion

In this era of cyberspace, it is of paramount importance to maintain digital safety and security equivalent to physical safety, the cybercriminals will not stop at anything and can stoop to any level to target netizens and critical infrastructures in order to commit ransomware and malware attacks. As we can see DDoS-ing is taken seriously by law enforcement, at all levels of users, and are on the radar of law enforcement, be it a gamer booting out the competition out of a video game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.

Executive Summary:

Traditional Business Email Compromise(BEC) attacks have become smarter, using advanced technologies to enhance their capability. Another such technology which is on the rise is WormGPT, which is a generative AI tool that is being leveraged by the cybercriminals for the purpose of BEC. This research aims at discussing WormGPT and its features as well as the risks associated with the application of the WormGPT in criminal activities. The purpose is to give a general overview of how WormGPT is involved in BEC attacks and give some advice on how to prevent it.

 Introduction

BEC(Business Email Compromise) in simple terms can be defined as a kind of cybercrime whereby the attackers target the business in an effort to defraud through the use of emails. Earlier on, BEC attacks were executed through simple email scams and phishing. However, in recent days due to the advancement of AI tools like WormGPT such malicious activities have become sophisticated and difficult to identify. This paper seeks to discuss WormGPT, a generative artificial intelligence, and how it is used in the BEC attacks to make the attacks more effective.

What is WormGPT?

Definition and Overview

WormGPT is a generative AI model designed to create human-like text. It is built on advanced machine learning algorithms, specifically leveraging large language models (LLMs). These models are trained on vast amounts of text data to generate coherent and contextually relevant content. WormGPT is notable for its ability to produce highly convincing and personalised email content, making it a potent tool in the hands of cybercriminals.

How WormGPT Works

1. Training Data: Here the WormGPT is trained with the arrays of data sets, like emails, articles, and other writing material. This extensive training enables it to understand and to mimic different writing styles and recognizable textual content.

 2. Generative Capabilities: Upon training, WormGPT can then generate text based on specific prompts, as in the following examples in response to prompts. For example, if a cybercriminal comes up with a prompt concerning the company’s financial information, WormGPT is capable of releasing an appearance of a genuine email asking for more details.

 3. Customization: WormGPT can be retrained any time with an industry or an organisation of interest in mind. This customization enables the attackers to make their emails resemble the business activities of the target thus enhancing the chances for an attack to succeed.

Enhanced Phishing Techniques

Traditional phishing emails are often identifiable by their generic and unconvincing content. WormGPT improves upon this by generating highly personalised and contextually accurate emails. This personalization makes it harder for recipients to identify malicious intent.

Automation of Email Crafting

Previously, creating convincing phishing emails required significant manual effort. WormGPT automates this process, allowing attackers to generate large volumes of realistic emails quickly. This automation increases the scale and frequency of BEC attacks.

Exploitation of Contextual Information

WormGPT can be fed with contextual information about the target, such as recent company news or employee details. This capability enables the generation of emails that appear highly relevant and urgent, further deceiving recipients into taking harmful actions.

Implications for Cybersecurity

Challenges in Detection

The use of WormGPT complicates the detection of BEC attacks. Traditional email security solutions may struggle to identify malicious emails generated by advanced AI, as they can closely mimic legitimate correspondence. This necessitates the development of more sophisticated detection mechanisms.

Need for Enhanced Training

Organisations must invest in training their employees to recognize signs of BEC attacks. Awareness programs should emphasise the importance of verifying email requests for sensitive information, especially when such requests come from unfamiliar or unexpected sources.

Implementation of Robust Security Measures

1. Multi-Factor Authentication (MFA): MFA can add an additional layer of security, making it harder for attackers to gain unauthorised access even if they successfully deceive an employee.
2. Email Filtering Solutions: Advanced email filtering solutions that use AI and machine learning to detect anomalies and suspicious patterns can help identify and block malicious emails.
3. Regular Security Audits: Conducting regular security audits can help identify vulnerabilities and ensure that security measures are up to date.

Case Studies

Case Study 1: Financial Institution

A financial institution fell victim to a BEC attack orchestrated using WormGPT. The attacker used the tool to craft a convincing email that appeared to come from the institution’s CEO, requesting a large wire transfer. The email’s convincing nature led to the transfer of funds before the scam was discovered.

Case Study 2: Manufacturing Company

In another instance, a manufacturing company was targeted by a BEC attack using WormGPT. The attacker generated emails that appeared to come from a key supplier, requesting sensitive business information. The attack exploited the company’s lack of awareness about BEC threats, resulting in a significant data breach.

Recommendations for Mitigation

1. Strengthen Email Security Protocols: Implement advanced email security solutions that incorporate AI-driven threat detection.
2. Promote Cyber Hygiene: Educate employees on recognizing phishing attempts and practising safe email habits.
3. Invest in AI for Defense: Explore the use of AI and machine learning in developing defences against generative AI-driven attacks.
4. Implement Verification Procedures: Establish procedures for verifying the authenticity of sensitive requests, especially those received via email.

Conclusion

WormGPT is a new tool in the arsenal of cybercriminals which improved their options to perform Business Email Compromise attacks more effectively and effectively. Therefore, it is critical to provide the defence community with information regarding the potential of WormGPT and its implications for enhancing the threat landscape and strengthening the protection systems against advanced and constantly evolving threats. 

This means the development of rigorous security protocols, general awareness of security solutions, and incorporating technologies such as artificial intelligence to mitigate the risk factors that arise from generative AI tools to the best extent possible.