#FactCheck-Mosque fire in India? False, it's from Indonesia

In the tapestry of our modern digital ecosystem, a silent, pervasive conflict simmers beneath the surface, where the quest for cyber resilience seems Sisyphean at times. It is in this interconnected cyber dance that the obscure orchestrator, StripedFly, emerges as the maestro of stealth and disruption, spinning a complex, mostly unseen web of digital discord. StripedFly is not some abstract concept; it represents a continual battle against the invisible forces that threaten the sanctity of our digital domain.

This saga of StripedFly is not a tale of mere coincidence or fleeting concern. It is emblematic of a fundamental struggle that defines the era of interconnected technology—a struggle that is both unyielding and unforgiving in its scope. Over the past half-decade, StripedFly has slithered its way into over a million devices, creating a clandestine symphony of cybersecurity breaches, data theft, and unintentional complicity in its agenda. Let's delve deep into this grand odyssey to unravel the odious intricacies of StripedFly and assess the reverberations felt across our collective pursuit of cyber harmony.

The StripedFly malware represents the epitome of a digital chameleon, a master of cyber camouflage, masquerading as a mundane cryptocurrency miner while quietly plotting the grand symphony of digital bedlam. Its deceptive sophistication has effortlessly skirted around the conventional tripwires laid by our cybersecurity guardians for years. The Russian cybersecurity giant Kaspersky's encounter with StripedFly in 2017 brought this ghostly figure into the spotlight—hitherto, a phantom whistling past the digital graveyard of past threats.

How Does it work 

Distinctive in its composition, StripedFly conceals within its modular framework the potential for vast infiltration—an exploitation toolkit designed to puncture the fortifications of both Linux and Windows systems. In an emboldened maneuver, it utilizes a customized version of the EternalBlue SMBv1 exploit—a technique notoriously linked to the enigmatic Equation Group. Through such nefarious channels, StripedFly not only deploys its malicious code but also tenaciously downloads binary files and executes PowerShell scripts with a sinister adeptness unbeknownst to its victims.

Despite its insidious nature, perhaps its most diabolical trait lies in its array of plugin-like functions. It's capable of exfiltrating sensitive information, erasing its tracks, and uninstalling itself with almost supernatural alacrity, leaving behind a vacuous space where once tangible evidence of its existence resided.

In the intricate chess game of cyber threats, StripedFly plays the long game, prioritizing persistence over temporary havoc. Its tactics are calculated—the meticulous disabling of SMBv1 on compromised hosts, the insidious utilization of pilfered keys to propagate itself across networks via SMB and SSH protocols, and the creation of task scheduler entries on Windows systems or employing various methods to assert its nefarious influence within Linux environments.

The Enigma around the Malware

This dualistic entity couples its espionage with monetary gain, downloading a Monero cryptocurrency miner and utilizing the shadowy veils of DNS over HTTPS (DoH) to camouflage its command and control pool servers. This intricate masquerade serves as a cunning, albeit elaborate, smokescreen, lulling security mechanisms into complacency and blind spots.

StripedFly goes above and beyond in its quest to minimize its digital footprint. Not only does it store its components as encrypted data on code repository platforms, deftly dispersed among the likes of Bitbucket, GitHub, and GitLab, but it also harbors a bespoke, efficient TOR client to communicate with its cloistered C2 server out of sight and reach in the labyrinthine depths of the TOR network.

One might speculate on the genesis of this advanced persistent threat—its nuanced approach to invasion, its parallels to EternalBlue, and the artistic flare that permeates its coding style suggest a sophisticated architect. Indeed, the suggestion of an APT actor at the helm of StripedFly invites a cascade of questions concerning the ultimate objectives of such a refined, enduring campaign.

How to deal with it 

To those who stand guard in our ever-shifting cyber landscape, the narrative of StripedFly is a clarion call. StObjective reminders of the trench warfare we engage in to preserve the oasis of digital peace within a desert of relentless threats. The StripedFly chronicle stands as a persistent, looming testament to the necessity for heeding the sirens of vigilance and precaution in cyber practice.

Reaffirmation is essential in our quest to demystify the shadows cast by StripedFly, as it punctuates the critical mission to nurture a more impregnable digital habitat. Awareness and dedication propel us forward—the acquisition of knowledge regarding emerging threats, the diligent updating and patching of our systems, and the fortification of robust, multilayered defenses are keystones in our architecture of cyber defense. Together, in concert and collaboration, we stand a better chance of shielding our digital frontier from the dim recesses where threats like StripedFly lurk, patiently awaiting their moment to strike.

References:

https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html?m=1

‍

Introduction

According to a new McAfee survey, 88% of American customers believe that cybercriminals will utilize artificial intelligence to "create compelling online scams" over the festive period. In the meanwhile, 31% believe it will be more difficult to determine whether messages from merchants or delivery services are genuine, while 57% believe phishing emails and texts will be more credible. The study, which was conducted in September 2023 in the United States, Australia, India, the United Kingdom, France, Germany, and Japan, yielded 7,100 responses. Some people may decide to cut back on their online shopping as a result of their worries about AI; among those surveyed, 19% stated they would do so this year. 

In 2024, McAfee predicts a rise in AI-driven scams on social media, with cybercriminals using advanced tools to create convincing fake content, exploiting celebrity and influencer identities. Deepfake technology may worsen cyberbullying, enabling the creation of realistic fake content. Charity fraud is expected to rise, leveraging AI to set up fake charity sites. AI's use by cybercriminals will accelerate the development of advanced malware, phishing, and voice/visual cloning scams targeting mobile devices. The 2024 Olympic Games are seen as a breeding ground for scams, with cybercriminals targeting fans for tickets, travel, and exclusive content.

AI Scams' Increase on Social Media

Cybercriminals plan to use strong artificial intelligence capabilities to control social media by 2024. These applications become networking goldmines because they make it possible to create realistic images, videos, and audio. Anticipate the exploitation of influencers and popular identities by cybercriminals. 

AI-powered Deepfakes and the Rise in Cyberbullying

The negative turn that cyberbullying might take in 2024 with the use of counterfeit technology is one trend to be concerned about. This cutting-edge technique is freely accessible to youngsters, who can use it to produce eerily convincing synthetic content that compromises victims' privacy, identities, and wellness.

In addition to sharing false information, cyberbullies have the ability to alter public photographs and re-share edited, detailed versions, which exacerbates the suffering done to children and their families. The study issues a warning, stating that deepfake technology would probably cause online harassment to take a negative turn. With this sophisticated tool, young adults may now generate frighteningly accurate synthetic content in addition to using it for fun. The increasing severity of these deceptive pictures and phrases can cause serious, long-lasting harm to children and their families, impairing their identity, privacy, and overall happiness.

Evolvement of GenAI Fraud in 2023

We simply cannot get enough of these persistent frauds and fake emails. People in general are now rather adept at [recognizing] those that are used extensively. But if they become more precise, such as by utilizing AI-generated audio to seem like a loved one's distress call or information that is highly personal to the person,  users should be much more cautious about them. The rise in popularity of generative AIs brings with it a new wrinkle, as hackers can utilize these systems to refine their attacks:

• Writing communications more skillfully in order to deceive consumers into sending sensitive information, clicking on a link, or uploading a file.
• Recreate emails and business websites as realistically as possible to prevent arousing concern in the minds of the perpetrators.
• People's faces and voices can be cloned, and deepfakes of sounds or images can be created that are undetectable to the target audience. a problem that has the potential to greatly influence schemes like CEO fraud.
• Because generative AIs can now hold conversations, and respond to victims efficiently.
• Conduct psychological manipulation initiatives more quickly, with less money spent, and with greater complexity and difficulty in detecting them. AI generative already in use in the market can write texts, clone voices, or generate images and program websites.

AI Hastens the Development of Malware and Scams

Even while artificial intelligence (AI) has many uses, cybercriminals are becoming more and more dangerous with it. Artificial intelligence facilitates the rapid creation of sophisticated malware, illicit web pages, and plausible phishing and smishing emails. As these risks become more accessible, mobile devices will be attacked more frequently, with a particular emphasis on audio and visual impersonation schemes.

Olympic Games: A Haven for Scammers

The 2024 Olympic Games are seen as a breeding ground for scams, with cybercriminals targeting fans for tickets, travel, and exclusive content. Cybercriminals are skilled at profiting from big occasions, and the buzz that will surround the 2024 Olympic Games around the world will make it an ideal time for scams. Con artists will take advantage of customers' excitement by focusing on followers who are ready to purchase tickets, arrange travel, obtain special content, and take part in giveaways. During this prominent event, vigilance is essential to avoid an invasion of one's personal records and financial data. 

Development of McAfee’s own bot to assist users in screening potential scammers and authenticators for messages they receive

Precisely such kind of technology is under the process of development by McAfee. It's critical to emphasize that solving the issue is a continuous process. AI is being manipulated by bad actors and thus, one of the tricksters can pull off is to exploit the fact that consumers fall for various ruses as parameters to train advanced algorithms. Thus, the con artists may make use of the gadgets, test them on big user bases, and improve with time.

Conclusion

According to the McAfee report, 88% of American customers are consistently concerned about AI-driven internet frauds that target them around the holidays. Social networking poses a growing threat to users' privacy. By 2024, hackers hope to take advantage of AI skills and use deepfake technology to exacerbate harassment. By mimicking voices and faces for intricate schemes, generative AI advances complex fraud. The surge in charitable fraud affects both social and financial aspects, and the 2024 Olympic Games could serve as a haven for scammers. The creation of McAfee's screening bot highlights the ongoing struggle against developing AI threats and highlights the need for continuous modification and increased user comprehension in order to combat increasingly complex cyber deception.

References

• https://www.fonearena.com/blog/412579/deepfake-surge-ai-scams-2024.html
• https://cxotoday.com/press-release/mcafee-reveals-2024-cybersecurity-predictions-advancement-of-ai-shapes-the-future-of-online-scams/#:~:text=McAfee%20Corp.%2C%20a%20global%20leader,and%20increasingly%20sophisticated%20cyber%20scams.
• https://timesofindia.indiatimes.com/gadgets-news/deep-fakes-ai-scams-and-other-tools-cybercriminals-could-use-to-steal-your-money-and-personal-details-in-2024/articleshow/106126288.cms
• https://digiday.com/media-buying/mcafees-cto-on-ai-and-the-cat-and-mouse-game-with-holiday-scams/

Introduction

The .com boom led to a massive surge in the expansion of digitised and automated operations in all industries and organisations, which in turn beagle a wholesome transition to the digital age for all netizens, organisations and industries. All the big techs in today’s time were startups or not even in existence back when this boom began, but just in 3-4 decades, we see that a massive faction of the global population is dependent directly or indirectly on big techs for some or the other services. As the world of tech expands, so does the big tech, and hence, in the previous decades, we have seen some acquisitions by big tech companies. The biggest acquisition by tech was last seen in 2023 when the social media giant Facebook (Now META) acquired the famous messaging platform Whatsapp for $13 Billion, but now, almost after a decade, the world is ready to witness the biggest acquisition as Adobe confirms its plans to acquire Figma the leading web-first collaborative design platform.

Adobe - Figma Acquisition  

The illustrator developer Adobe has been the pioneer in developing designing tools since 1982. The founder of the company made a switch from the paper company Xerox, and hence, the operations and products of the company have been oriented towards paper and design. But as the company is already a pioneer in developing designing and editing tools, the impact of AI cannot be underestimated. Hence, this acquisition comes at a critical juncture in impacting the AI-driven product market.  

Adobe wants to use digital experiences to transform the world. Adobe provides the tools and platforms that power the digital economy today, and over the course of its existence, its innovations have positively impacted billions of people worldwide. Adobe continues to invent and modify categories, having revolutionised photography and creative expression with Photoshop, pioneered electronic documents with PDF, and created the digital marketing category with Adobe Experience Cloud.

The goals of Figma are to facilitate visual teamwork and provide accessibility to design for all. The company, which was founded in 2012 by Dylan Field and Evan Wallace, was a pioneer in online product design. Thanks to multi-player workflows, advanced design systems, and a large, expandable developer environment, it is now enabling collaboration for anybody designing interactive mobile and online applications. Millions of fresh designers and developers, as well as a devoted student base, have been drawn to Figma.

By working together, Adobe and Figma will transform how people create and work, spur innovation on the web, improve product design, and uplift communities of creators, designers, and developers throughout the world. The combined business will have the capacity to create major value for clients, investors, and the industry, in addition to a sizable and rapidly expanding market potential.

Key Features of Acquisition

The most expensive acquisition this century has caught the attention of a lot of companies and regulatory authorities across the world. The key features of the deal are as follows: 

• Reimagining the Future of Creativity and Productivity: The designing giant Adobe and Figma coming together will unlock new potential for creativity and productivity as both of the companies create tools which are widely used; hence, they understand the customer’s requirements and expectations, thus making a path for creativity and productivity in term of new services and applications.    
• Accelerating Creativity on the Web: Adobe's Creative Cloud technologies will be delivered online more quickly thanks to Figma's web-based, multi-player features, which will increase productivity and accessibility to the creative process for more people. The current difficulty facing creators is producing an ever-increasing amount of material while working closely with an ever-increasing number of stakeholders. With its widespread use, the web is now a tool that facilitates collaborative creation in teams.
• Advancing Product Design: All parties involved in the product design process, including designers, product managers, and developers, will gain from the integration of Adobe's robust imaging, photography, illustration, video, 3D, and font technologies into the Figma platform. Because digital applications are integral to both our personal and professional lives, the product design sector is experiencing rapid expansion. 
• Inspiring and empowering the designer and developer community: The company's ongoing innovation has been fueled by the dynamic creative community at Adobe. With its vast and expanding ecosystem, Figma boasts a fervent community that creates and shares everything from templates to plug-ins to lessons. By uniting the communities of Figma and Adobe, designers and developers will be able to harness the potential of collaborative design in the future. By 2025, Figma's addressable market will reach a total of $16.5 billion. With best-in-class net dollar retention of more than 150 percent, the company is predicted to add around $200 million in net new ARR this year, topping $400 million in total ARR by the end of 2022. Figma has established a productive, rapidly expanding company with operating cash flows that are positive and gross margins of over 90%.

Conclusion

The acquisition of the decade is going to be under heavy scrutiny and checks under various laws in different countries and is expected to be given the green light soon, this merger and acquisition case study will act as a precedent for such high-value acquisitions. Nearly 10 years ago, we saw the last biggest acquisition, where Meta acquired WhatsApp for $13 Bn. As the world of tech moves forward, we will be witnessing more of such M&As in the future, but in such moments, we should be cautious about how our data is handled and transferred by the other company, always make sure you keep a check on your digital rights and responsibilities, because ultimately we are the consumers of the cyberspace.

References

• https://news.adobe.com/news/news-details/2022/Adobe-to-Acquire-Figma/default.aspx
• https://www.theregister.com/2023/10/26/regulator_delays_adobes_20bn_buy/
• https://www.reuters.com/markets/deals/adobes-deal-acquire-figma-under-threat-eu-regulators-ft-2023-06-20/'

‍