#FactCheck - Digitally Altered Video of Olympic Medalist, Arshad Nadeem’s Independence Day Message

The evolution of technology has presented both profound benefits and considerable challenges. It has benefited us with global interconnectivity, optimisation of the workforce, faster and solution-oriented approach, but at the same time increases risks of cybercrimes and the misuse of technology via online theft, fraud, and abuse. As the reliance on technology increases, it makes the users vulnerable to cyberattacks. 

One way to address this nuisance is to set global standards and initiate measures for cooperation by integrating the efforts of international institutions such as UN bodies and others. The United Nations Interregional Crime and Justice Research Institute, which combats cybercrime and promotes the responsible use of technology, is making waves in these issues. 

Understanding the Scope of the Problem 

Crowdstrike had estimated the cybersecurity market at $207.77 billion in 2024 and expected it to reach $376.55 billion by 2029 and continue growing at a CAGR of 12.63% during the forecast period. In October of 2024, Forbes predicted that the cost of cyber attacks on the global economy would be over $10.5 trillion. 

The developments in technology have provided cybercriminals with more sophisticated means to commit cybercrimes. These include cybercrimes like data breaches, which are increasingly common, such as phishing attacks, ransomware, social engineering, and IoT attacks. Their impact is evident across various domains, including economic and social spheres. The victims of cybercrimes can often suffer from stress, anxiety, fear of being victimised again, a lack of trust and social polarisation/stigmatisation.

UNICRI’s Strategic Approach 

UNICRI actively combats cybercrimes and technology misuse, focusing on cybersecurity, organized crime in cyberspace, and terrorists' internet use. Since 2020, it has monitored social media misuse, analysed tools to debunk misinformation and balanced security with human rights. 

The key focus areas of UNICRI’s strategic approach include cybersecurity in robotics, critical infrastructure, and SCADA systems, digital forensics, child online protection and addressing online profiling and discrimination. It further supports LEAs (judges, prosecutors, and investigators) by providing them with specialised training. Its strategies to counter cybercrime and tech misuse include capacity-building exercises for law enforcement, developing international legal frameworks, and fostering public-private collaborations.

Key Initiatives under UNICRI Strategic Programme Framework of 2023-2026

The key initiatives under UNICRI set out the strategic priority areas that will guide its work. It  includes:

1. Prevent and Counter Violent Extremism: By addressing the drivers of radicalisation, gender-based discrimination, and leveraging sports for prevention.
2. Combat Organised Crime: Via tackling illicit financial flows, counterfeiting, and supply chain crimes while promoting asset recovery.
3. Promotion of Emerging Technology Governance: Encouraging responsible AI use, mitigating cybercrime risks, and fostering digital inclusivity.
4. Rule of Law and Justice Access: Enhancing justice systems for women and vulnerable populations while advancing criminal law education.
5. CBRN Risk Mitigation: Leveraging expert networks and whole-of-society strategies to address chemical, biological, radiological, and nuclear risks.

The Challenges and Opportunities: CyberPeace Takeaways

The challenges that affect the regulation of cybercrimes are most often caused due to jurisdictional barriers, the lack of resources, and the rapid pace of technological change. This is due to the cross-border nature of cybercrimes and as many nations lack the expertise or infrastructure to address sophisticated cyber threats. The regulatory or legislative frameworks often get outpaced by technology developments, including quantum computing, deepfakes, or blockchain misuse. Due to this, these crimes are often unpunished.  

The opportunities that have been developing for innovation in cybercrime prevention, include AI and machine learning tools to detect cybercrimes, enhanced international cooperation that can strengthen the collective defence mechanisms, like multi-stakeholder approaches.  Capacity Building initiatives for continuous training and education help LEAs and judicial systems adapt to emerging threats, is a continuous effort that requires participation from all sectors, be it public or private. 

Conclusion 

Due to cybercrimes and the threats they induce on individuals, communities, and global security, the proactive approach by UNICRI of combining international cooperation, capacity-building and innovative strategies is pivotal in combating these challenges. By addressing the challenges of organised crime in cyberspace, child online protection, and emerging technology governance, UNICRI exemplifies the power of strategic engagement. While jurisdictional barriers and resource limitations persist, the opportunities in AI, global collaboration, and education offer a path forward. With the evolution of technology, our defences must also be dynamic and ever evolving, and UNICRI’s efforts are essential to building a safer, more inclusive digital future for all.

References

• https://unicri.it/special_topics/securing_cyberspace
• https://www.forbes.com/sites/bernardmarr/2023/10/11/the-10-biggest-cyber-security-trends-in-2024-everyone-must-be-ready-for-now/

‍

Executive Summary:

Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This  vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This  has been exploited actively by threat actors,  leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

‍

‍

Understanding The CVE-2024-3400 Vulnerability:

CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges.  This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.

The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE  highly severe:

1. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 
2. CWE-20: Improper Input Validation.

‍

Impacted Products:

The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.

Detecting Potential Exploitation: 

Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability.  There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.

The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device: 

grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*

This command looks through device logs for specific entries related to vulnerability. 

These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.

Presence of such entries in your logs, could be a sign of a potential attack to hack  your device which may look like:

• failed to unmarshal session(../../some/path)

A normal, harmless log entry would look like this:

• failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)

Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.

Mitigation and Recommendations:

Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:

• Immediately update Software:   This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
• Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
• Enable Threat Prevention:  Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
• Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions. 
• Monitor Advisory Updates: Regularly checking for  the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
• Disable Device Telemetry – Optional:  It is suggested to disable the device telemetry as an additional  precautionary measure.
• Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks. 

Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.

Conclusion: 

The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks.  Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

‍

Introduction

The government has announced that the new criminal laws will come into force on 1st July 2024. The Union Government notified that three recently enacted criminal laws, viz. Bhartiya Nyaya Sanhita 2023, Bharatiya Nagarik Suraksha Sanhita 2023, and Bharatiya Sakshya Adhiniyam 2023 will be effective from 1st July 2024.  The Indian Penal Code 1860, Code of Criminal Procedure 1973, and Indian Evidence Act 1872 have been replaced by these new criminal laws.

On 23 February 2024, the Ministry of Home Affairs Announced the Effective Date of new criminal laws as follows:

1. Bharatiya Nyaya Sanhita, 2023 Effective from 1-7-2024, except Section 106(2).
2. Bharatiya Sakshya Adhiniyam, 2023 Effective from 1-7-2024.
3. Bharatiya Nagarik Suraksha Sanhita, 2023 The provisions will come into force on 1-7-2024 except the provisions of the entry relating to section 106(2) of the Bharatiya Nyaya Sanhita, 2023, in the First Schedule.

Section 106(2) Will Not Be Enforced

Truckers protested against this provision, which provides 10 years imprisonment and fines for those who cause death by rash and negligent driving of a vehicle not amounting to culpable homicide, and escape without reporting it to a police officer. As of now, the government has promised truckers and transporters that subsection 2 of Section 106 of Bharatiya Nyay Sanhita (BNS) will not come into force. This subsection deals with fatal hit-and-run cases and prescribes higher penalties for not informing authorities immediately after an accident. 

Section 106(2) of Bharatiya Nyaya Sanhita, 2023 read as follows;

106. Causing death by negligence.—

(2) Whoever causes death of any person by rash and negligent driving of vehicle not amounting to culpable homicide, and escapes without reporting it to a police officer or a Magistrate soon after the incident, shall be punished with imprisonment of either description of aterm which may extend to ten years, and shall also be liable to fine.

BHARATIYA SAKSHYA ADHINIYAM, 2023

The Bhartiya Sakshya Adhiniyam 2023 will replace the Indian Evidence Act 1872. The Act has undergone significant modification to maintain its fundamental principles for fair legal proceedings and adapt to technological advancements and changes in societal norms. This Act recognises electronic records as primary evidence under Section 57. It also allows the electronic presentation of oral evidence, enabling remote testimony and ensuring that electronic records will have the same legal effect as paper records.

Bharatiya Nagarik Suraksha Sanhita, 2023

The Bharatiya Nagarik Suraksha Sanhita, 2023 replaces the 1973 Code of Criminal Procedure, introducing certain modifications. This Act, under section 176, requires forensic investigation for crimes punished with seven years' imprisonment or more.  Section 530 of BNSS, 2023 is a newly inserted provision which envisages the use of electronic communication audio-video electronic means for trials, inquiries, proceedings, service and issuance of summons. Electronic mode is permitted for all trials, inquiries, and proceedings under section 173 of this Act. The concept of Zero FIR is also introduced under section 173(1) and mandates police stations to register the FIR, irrespective of jurisdiction.

Conclusion

India's new criminal laws are set to take effect on 1st July 2024. These laws modernise the country's legal framework, replacing outdated statutes and incorporating technological advancements. The concerns from stakeholders led to the withholding of enforcement of Section 106(2) of Bharatiya Nyaya Sanhita 2023. The new criminal laws aim to address contemporary society's complexities while upholding justice and fairness.

References

• https://www.indiatoday.in/india/video/new-criminal-laws-to-come-into-effect-from-july-1-2506664-2024-02-24
• https://www.lawrbit.com/article/ipc-crpc-evidence-act-replaced-by-new-criminal-laws/

‍