DPDP Bill 2023 A Comparative Analysis

Introduction

Ransomware is one of the serious cyber threats as it causes consequences such as financial losses, data loss, and reputation damage. Recently in 2023, a new ransomware called Akira ransomware emerged or surfaced. It has targeted and affected various enterprises or industries, such as BSFI, Construction, Education, Healthcare, Manufacturing, real estate and consulting, primarily based in the United States. Akira ransomware has targeted industries by exploiting the double-extortion technique by exfiltrating and encrypting sensitive data and imposing the threat on victims to leak or sell the data on the dark web if the ransom is not paid. The Akira ransomware gang has extorted a ransom ranging from $200,000 to millions of dollars.

Uncovering the Akira Ransomware operations and their targets

Akira ransomware gang has gained unauthorised access to computer systems by using sophisticated encryption algorithms to encrypt the Data. When such an encryption process is completed, the affected device or network will not be able to access its files or use its data.

The affected files by Akira ransomware showed the extension named “.akira”, and the file’s icon shows blank white pages. The Akira ransomware has developed a data leak site so as to extort victims.  And it has also used the ransom note named “akira_readme.txt”.

Akira ransomware steeled the corporate data of various organisations, which the Akira ransomware gang used as leverage while threatening the affected organisation with high ransom demands. Akira Ransomware gang threaten the victims to leak their sensitive data or corporate data in the public domain if the demanded ransom amount is not paid. Akira ransomware gang has leaked the data of four organisations and the size ranges from 5.9GB to 259 GB of data leakage.

Akira Ransomware gang communicating with Victims

The Akira ransomware has provided a unique negotiation password to each victim to initiate communication. Where the ransomware gang deployed a chat system for the purpose of negotiation and demanding ransom from the affected organisations. They have deployed a ransom note as akira_readme.txt so as to provide information as to how they have affected the victim’s files or data along with links to the Akira data leak site and negotiation site.

How Akira Ransomware is different from Pegasus Spyware

Pegasus, developed in the year 2011, belongs to one of the most powerful family of spyware. Once it has infected, it can spear your phone and your text messages or emails. It has the ability to turn your phone into a surveillance device, from copying your messages to harvesting your photos and recording calls. In fact, it has the ability to record you through your phone camera or record your conversation by using your microphone, it also has the ability to track your pinpoint location. In contrast, newly Akira ransomware affects encrypting your files and preventing access to your Data and then asking for ransom n the pretext of leaking your data or for decryption.

How to recover from malware attacks

If affected by such type of malware attack, you can use anti-malware tools such as SpyHunter 5 or Malwarebytes to scan your system. These are the security software which can scan your system and remove suspicious malware files and entries. If you are unable to perform the scan or antivirus in normal mode due to malware in your system, you can use it in Safe Mode. And try to find a relevant decryptor which can help you to recover your files. Do not fall into a ransomware gang’s trap because there is no guarantee that they will help you to recover or will not leak your data after paying the ransom amount.

Best practices to be safe from such ransomware attacks

Conclusion

The Akira ransomware operation poses serious threats to various organisations worldwide. There is a high need to employ robust cybersecurity measures to safeguard networks and sensitive data. Organisations must ensure to keep their software system updated and backed up to a secure network on a regular basis. Paying the ransom is illegal mean instead you should report the incident to law enforcement agencies and can consult with cybersecurity professionals for the recovery method.

Executive Summary:

Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This  vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This  has been exploited actively by threat actors,  leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

‍

‍

Understanding The CVE-2024-3400 Vulnerability:

CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges.  This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.

The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE  highly severe:

1. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 
2. CWE-20: Improper Input Validation.

‍

Impacted Products:

The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.

Detecting Potential Exploitation: 

Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability.  There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.

The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device: 

grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*

This command looks through device logs for specific entries related to vulnerability. 

These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.

Presence of such entries in your logs, could be a sign of a potential attack to hack  your device which may look like:

• failed to unmarshal session(../../some/path)

A normal, harmless log entry would look like this:

• failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)

Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.

Mitigation and Recommendations:

Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:

• Immediately update Software:   This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
• Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
• Enable Threat Prevention:  Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
• Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions. 
• Monitor Advisory Updates: Regularly checking for  the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
• Disable Device Telemetry – Optional:  It is suggested to disable the device telemetry as an additional  precautionary measure.
• Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks. 

Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.

Conclusion: 

The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks.  Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

‍

Introduction

As the sun rises on a new chapter in the Indian telecommunications narrative, the corridors of power in New Delhi are abuzz with palpable excitement and a hint of solemnity. Here, a groundbreaking proposal stands before the lawmakers of the Lok Sabha, not simply a proposed amendment or update to an existing statute, but the cornerstone of a reimagined communications epoch—the Telecommunications Bill of 2023. In every sense, this legislative masterpiece embodies a country at the intersection of tradition and innovation, eager to part ways with vestiges of colonial infrastructure that have shaped its modern landscape.

The Origins

Steeped in history, India's telecommunications system has persevered through a patchwork of regulations and ad hoc policies, growing somewhat unwieldy under the shadow of the Indian Telegraph Act (1885), the Wireless Telegraphy Act (1933), and the Telegraph Wires (Unlawful Possession) Act (1950). Yet, it is within this context of the old guard, a relic of British administration, that the new Telecommunications Bill seeks to transcend the limitations of the past. It aims to dismantle barriers and create an ecosystem that is fluid, adaptable, and resonant with the rapid cadence of technological advancements and the demands of a population increasingly reliant on digital connectivity.

In crafting this bill, the creators have meticulously knitted together an intricate fabric of vibrant threads, each signifying a pillar of progress. To herald an era of unparalleled growth and dynamism, the bill looks beyond the scope of traditional telecommunication services, boldly embracing the convergence of digital mediums such as wire, radio, and optical fibers, aligning with the modalities of 21st-century communication. The bill’s very essence is innovation, etching a new paradigm through its provisions and signalling India's readiness to interface with the ever-expanding digital frontier.

The Defining Features 

A novel and defining feature of this bill is its departure from a rigid licensing regime. It forges ahead with 'authorizations'—a signifier that resonates with flexibility, adaptability, and a regulatory approach that isn't mired in bureaucratic inertia but is rather an enabler of swift technological adoption and market responsiveness. This transformative philosophy signifies a departure from the byzantine processes of yore, orbiting instead toward an agile governance model that is both responsive to current needs and anticipative of future trends.

The introduction of mandatory biometric authentication for telecom customers articulates an unyielding stance against the rampant misuse of communication networks. Indeed, this measure draws a fine line between the right to privacy and the exigencies of data protection, posing ethical questions that animate public discourse. This balance seeks to thwart unsolicited commercial communication, exemplifying the state's vigil on the sanctuaries of personal space and tranquility.

In addition, the forward-looking bill tactically addresses the strategic use of spectrum resources with an undercurrent of prescience. By granting ‘spectrum assets’ legislative stature through the National Frequency Allocation Plan and enabling operators to adapt through 'refarming', the bill forms a visionary blueprint for resource optimization. It inherently recognizes that bandwidth is not simply a commercial commodity but one that serves the wider canvas of national imperatives, connectivity goals, and developmental aspirations.

Further embodying the dual themes of openness and vigilance, the bill incorporates provisions for interception and the implementation of a 'trusted sources' regime, a tacit acknowledgement of the cybersecurity challenges that loom on the horizon amidst increasing geopolitical strains. These measures exemplify the act of walking a tightrope between the democratic ideals of transparency and the unyielding requirements of state security.

Looking to the skies, the bill embraces satellite technologies, foreseeing their potential in unshackling the remote and marginalized areas from the constraints of terrestrial infrastructure and thus forging a digitally inclusive society. Acknowledging the expanse of the Indian subcontinent, the bill paves the way for an interconnected, digital hinterland via thoughtful satellite spectrum allocations.

Emphasizing the human thread in the digital weave, the reformulation of the Universal Service Obligation Fund into 'Digital Bharat Nidhi' underscores an unwavering commitment to reaching the unreached. It's the crystallization of a promise that every Indian, regardless of geographical and socio-economic divides, will be privy to the lenses of opportunity presented by the digital revolution.

The Watershed Moment 

The introduction of the Telecommunications Bill of 2023 is a watershed moment, a convergence where history and opportunity coalesce, propelling a nation forward with the ambitions of a burgeoning superpower replacing the Indian Telegraph Act (1885), the Wireless Telegraphy Act (1933), and the Telegraph Wires (Unlawful Possession) Act (1950). It carries within its articles and clauses the anticipation of a billion dreams, the catalyst to a regulatory environment that nurtures innovation, equality, and a forward leap into the future. 

Conclusion

Through its comprehensive scope and visionary approach, the bill writes a fresh chapter in India's digital saga. It is an unfolding story, pregnant with the possibilities of a nascent digital age, charting a trajectory for an India poised to define its own digital dome of the sky, under which its citizens will thrive for generations to come. With every legislative step, India crafts its legacy, a narrative of evolution, a tableau that reflects the aspirations of its people and their resolve to embrace the force of technology for the collective good. As this bill advances through the legislative labyrinth, it carries the spirit of a digital renaissance nestled in the heart of the world's largest democracy.

References 

• https://www.livemint.com/industry/telecom/new-telecom-bill-set-to-approve-administrative-allocation-for-satellite-broadband-services-11702876066350.html
• https://prsindia.org/billtrack/the-telecommunication-bill-2023