#FactCheck: Viral video claims Ahmedabad plane crash but actually a Hollywood Movie Clip

Introduction

In an era where organisations are increasingly interdependent through global supply chains, outsourcing and digital ecosystems, third-party risk has become one of the most vital aspects of enterprise risk management. The SolarWinds hack, the MOVEit vulnerabilities and recent software vendor attacks all serve as a reminder of the necessity to enhance Third-Party Risk Management (TPRM). As cyber risks evolve and become more sophisticated and as regulatory oversight sharpens globally, 2025 is a transformative year for the development of TPRM practices. This blog explores the top trends redefining TPRM in 2025, encompassing real-time risk scoring, AI-driven due diligence, harmonisation of regulations, integration of ESG, and a shift towards continuous monitoring. All of these trends signal a larger movement towards resilience, openness and anticipatory defence in an increasingly dependent world.

Real-Time and Continuous Monitoring becomes the Norm

The old TPRM methods entailed point-in-time testing, which typically was an annual or onboarding process. By 2025, organisations are shifting towards continuous, real-time monitoring of their third-party ecosystems. Now, authentic advanced tools are making it possible for companies to take a real-time pulse of the security of their vendors by monitoring threat indicators, patching practices and digital footprint variations. This change has been further spurred by the growth in cyber supply chain attacks, where the attackers target vendors to gain access to bigger organisations. Real-time monitoring software enables the timely detection of malicious activity, equipping organisations with a faster defence response. It also guarantees dynamic risk rating instead of relying on outdated questionnaire-based scoring.

AI and Automation in Risk Assessment and Due Diligence

Manual TPRM processes aren't sustainable anymore. In 2025, AI and machine learning are reshaping the TPRM lifecycle from onboarding and risk classification to contract review and incident handling. AI technology can now analyse massive amounts of vendor documentation and automatically raise red flags on potential issues. Natural language processing (NLP) is becoming more common for automated contract intelligence, which assists in the detection of risky clauses or liability gaps or data protection obligations. In addition, automation is increasing scalability for large organisations that have hundreds or thousands of third-party relationships, eliminating human errors and compliance fatigue. However, all of this must be implemented with a strong focus on security, transparency, and ethical AI use to ensure that sensitive vendor and organisational data remains protected throughout the process.

Risk Quantification and Business Impact Mapping

Risk scoring in isolation is no longer adequate. One of the major trends for 2025 is the merging of third-party risk with business impact analysis (BIA). Organisations are using tools that associate vendors to particular business processes and assets, allowing better knowledge of how a compromise of a vendor would impact operations, customer information or financial position. This movement has resulted in increased use of risk quantification models, such as FAIR (Factor Analysis of Information Risk), which puts dollar values on risks associated with vendors. By using the language of business value, CISOs and risk officers are more effective at prioritising risks and making resource allocations.

Environmental, Social, and Governance (ESG) enters into TPRM

As ESG keeps growing on the corporate agenda, organisations are taking TPRM one step further than cybersecurity and legal risks and expanding it to incorporate ESG-related factors. In 2025, organisations evaluate if their suppliers have ethical labour practices, sustainable supply chains, DEI (Diversity, Equity, Inclusion) metrics and climate impact disclosures. This growth is not only a reputational concern, but also a third-party non-compliance with ESG can now invoke regulatory or shareholder action. ESG risk scoring software and vendor ESG audits are becoming components of onboarding and performance evaluations.

Shared Assessments and Third-Party Exchanges

With the duplication of effort by having multiple vendors respond to the same security questionnaires, the trend is moving toward shared assessments. Systems such as the SIG Questionnaire (Standardised Information Gathering) and the Global Vendor Exchange allow vendors to upload once and share with many clients. This change not only simplifies the due diligence process but also enhances data accuracy, standardisation and vendor experience. In 2025, organisations are relying more and more on industry-wide vendor assurance platforms to minimise duplication, decrease costs and maximise trust.

Incident Response and Resilience Partnerships

Another trend on the rise is bringing vendors into incident response planning. In 2025, proactive organisations address major vendors as more than suppliers but as resilience partners. This encompasses shared tabletop exercises, communication procedures and breach notification SLAs. With the increasing ransomware attacks and cloud reliance, organisations are now calling for vendor-side recovery plans, RTO and RPO metrics. TPRM is transforming into a comprehensive resilience management function where readiness and not mere compliance takes centre stage.

Conclusion

Third-Party Risk Management in 2025 is no longer about checklists and compliance audits; it's a dynamic, intelligence-driven and continuous process. With regulatory alignment, AI automation, real-time monitoring, ESG integration and resilience partnerships leading the way, organisations are transforming their TPRM programs to address contemporary threat landscapes. As digital ecosystems grow increasingly complex and interdependent, managing third-party risk is now essential. Early adopters who invest in tools, talent and governance will be more likely to create secure and resilient businesses for the AI era.

‍

‍

References

‍

‍- https://finance.ec.europa.eu/publications/digital-operational-resilience-act-dora_en

- https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

- https://www.meity.gov.in/data-protection-framework

- https://securityscorecard.com

- https://sharedassessments.org/sig/

- https://www.fairinstitute.org/fair-model 

‍

‍

Executive Summary

This report analyses a recently launched social engineering attack that took advantage of Microsoft Teams and AnyDesk to deliver DarkGate malware, a MaaS tool. This way, through Microsoft Teams and by tricking users into installing AnyDesk, attackers received unauthorized remote access to deploy DarkGate that offers such features as credential theft, keylogging, and fileless persistence. The attack was executed using obfuscated AutoIt scripts for the delivery of malware which shows how threat actors are changing their modus operandi. The case brings into focus the need to put into practice preventive security measures for instance endpoint protection, staff awareness, limited utilization of off-ice-connection tools, and compartmentalization to safely work with the new and increased risks that contemporary cyber threats present.

Introduction

Hackers find new technologies and application that are reputable for spreading campaigns. The latest use of Microsoft Teams and AnyDesk platforms for launching the DarkGate malware is a perfect example of how hackers continue to use social engineering and technical vulnerabilities to penetrate the defenses of organizations. This paper focuses on the details of the technical aspect of the attack, the consequences of the attack together with preventive measures to counter the threat.

Technical Findings

1. Attack Initiation: Exploiting Microsoft Teams

The attackers leveraged Microsoft Teams as a trusted communication platform to deceive victims, exploiting its legitimacy and widespread adoption. Key technical details include:

• Spoofed Caller Identity: The attackers used impersonation techniques to masquerade as representatives of trusted external suppliers.
• Session Hijacking Risks: Exploiting Microsoft Teams session vulnerabilities, attackers aimed to escalate their privileges and deploy malicious payloads.
• Bypassing Email Filters: The initial email bombardment was designed to overwhelm spam filters and ensure that malicious communication reached the victim’s inbox.

2. Remote Access Exploitation: AnyDesk

After convincing victims to install AnyDesk, the attackers exploited the software’s functionality to achieve unauthorized remote access. Technical observations include:

• Command and Control (C2) Integration: Once installed, AnyDesk was configured to establish persistent communication with the attacker’s C2 servers, enabling remote control.
• Privilege Escalation: Attackers exploited misconfigurations in AnyDesk to gain administrative privileges, allowing them to disable antivirus software and deploy payloads.
• Data Exfiltration Potential: With full remote access, attackers could silently exfiltrate data or install additional malware without detection.

3. Malware Deployment: DarkGate Delivery via AutoIt Script

The deployment of DarkGate malware utilized AutoIt scripting, a programming language commonly used for automating Windows-based tasks. Technical details include:

• Payload Obfuscation: The AutoIt script was heavily obfuscated to evade signature-based antivirus detection.
• Process Injection: The script employed process injection techniques to embed DarkGate into legitimate processes, such as explorer.exe or svchost.exe, to avoid detection.
• Dynamic Command Loading: The malware dynamically fetched additional commands from its C2 server, allowing real-time adaptation to the victim’s environment.

4. DarkGate Malware Capabilities

DarkGate, now available as a Malware-as-a-Service (MaaS) offering, provides attackers with advanced features. Technical insights include:

• Credential Dumping: DarkGate used the Mimikatz module to extract credentials from memory and secure storage locations.
• Keylogging Mechanism: Keystrokes were logged and transmitted in real-time to the attacker’s server, enabling credential theft and activity monitoring.
• Fileless Persistence: Utilizing Windows Management Instrumentation (WMI) and registry modifications, the malware ensured persistence without leaving traditional file traces.
• Network Surveillance: The malware monitored network activity to identify high-value targets for lateral movement within the compromised environment.

5. Attack Indicators

Trend Micro researchers identified several indicators of compromise (IoCs) associated with the DarkGate campaign:

• Suspicious Domains: example-remotesupport[.]com and similar domains used for C2 communication.

• Malicious File Hashes:some text
  • AutoIt Script: 5a3f8d0bd6c91234a9cd8321a1b4892d
  • DarkGate Payload: 6f72cde4b7f3e9c1ac81e56c3f9f1d7a
• Behavioral Anomalies:some text
  • Unusual outbound traffic to non-standard ports.
  • Unauthorized registry modifications under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

Broader Cyber Threat Landscape

In parallel with this campaign, other phishing and malware delivery tactics have been observed, including:

1. Cloud Exploitation: Abuse of platforms like Cloudflare Pages to host phishing sites mimicking Microsoft 365 login pages.
2. Quishing Campaigns: Phishing emails with QR codes that redirect users to fake login pages.
3. File Attachment Exploits: Malicious HTML attachments embedding JavaScript to steal credentials.
4. Mobile Malware: Distribution of malicious Android apps capable of financial data theft.

Implications of the DarkGate Campaign

This attack highlights the sophistication of threat actors in leveraging legitimate tools for malicious purposes. Key risks include:

• Advanced Threat Evasion: The use of obfuscation and process injection complicates detection by traditional antivirus solutions.
• Cross-Platform Risk: DarkGate’s modular design enables its functionality across diverse environments, posing risks to Windows, macOS, and Linux systems.
• Organizational Exposure: The compromise of a single endpoint can serve as a gateway for further network exploitation, endangering sensitive organizational data.

Recommendations for Mitigation

1. Enable Advanced Threat Detection: Deploy endpoint detection and response (EDR) solutions to identify anomalous behavior like process injection and dynamic command loading.
2. Restrict Remote Access Tools: Limit the use of tools like AnyDesk to approved use cases and enforce strict monitoring.
3. Use Email Filtering and Monitoring: Implement AI-driven email filtering systems to detect and block email bombardment campaigns.
4. Enhance Endpoint Security: Regularly update and patch operating systems and applications to mitigate vulnerabilities.
5. Educate Employees: Conduct training sessions to help employees recognize and avoid phishing and social engineering tactics.
6. Implement Network Segmentation: Limit the spread of malware within an organization by segmenting high-value assets.

Conclusion

Using Microsoft Teams and AnyDesk to spread DarkGate malware shows the continuous growth of the hackers’ level. The campaign highlights how organizations have to start implementing adequate levels of security preparedness to threats, including, Threat Identification, Training employees, and Rights to Access.

The DarkGate malware is a perfect example of how these attacks have developed into MaaS offerings, meaning that the barrier to launch highly complex attacks is only decreasing, which proves once again why a layered defense approach is crucial. Both awareness and flexibility are still the key issues in addressing the constantly evolving threat in cyberspace.

Reference:

• https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
• https://socprime.com/blog/darkgate-malware-detection/

Introduction

India's Competition Commission of India (CCI) on 18th November 2024 imposed a ₹213 crore penalty on Meta for abusing its dominant position in internet-based messaging through WhatsApp and online display advertising. The CCI order is passed against abuse of dominance by the Meta and relates to WhatsApp’s 2021 Privacy Policy. The CCI considers Meta a dominant player in internet-based messaging through WhatsApp and also in online display advertising. WhatsApp's 2021 privacy policy update undermined users' ability to opt out of getting their data shared with the group's social media platform Facebook. The CCI directed WhatsApp not to share user data collected on its platform with other Meta companies or products for advertising purposes for five years.

CCI Contentions

The regulator contended that for purposes other than advertising, WhatsApp's policy should include a detailed explanation of the user data shared with other Meta group companies or products specifying the purpose. The regulator also stated that sharing user data collected on WhatsApp with other Meta companies or products for purposes other than providing WhatsApp services should not be a condition for users to access WhatsApp services in India. CCI order is significant as it upholds user consent as a key principle in the functioning of social media giants, similar to the measures taken by some other markets.

Meta’s Stance  

WhatsApp parent company Meta has expressed its disagreement with the Competition Commission of India's(CCI) decision to impose a Rs 213 crore penalty on them over users' privacy concerns. Meta clarified that the 2021 update did not change the privacy of people's personal messages and was offered as a choice for users at the time. It also ensured no one would have their accounts deleted or lose functionality of the WhatsApp service because of this update.

Meta clarified that the update was about introducing optional business features on WhatsApp and providing further transparency about how they collect data. The company stated that WhatsApp has been incredibly valuable to people and businesses, enabling organization's and government institutions to deliver citizen services through COVID and beyond and supporting small businesses, all of which further the Indian economy. Meta plans to find a path forward that allows them to continue providing the experiences that "people and businesses have come to expect" from them. The CCI issued cease-and-desist directions and directed Meta and WhatsApp to implement certain behavioral remedies within a defined timeline.

The competition watchdog noted that WhatsApp's 2021 policy update made it mandatory for users to accept the new terms, including data sharing with Meta, and removed the earlier option to opt-out, categorized as an "unfair condition" under the Competition Act.  It was further noted that WhatsApp’s sharing of users’ business transaction information with Meta gave the group entities an unfair advantage over competing platforms.

CyberPeace Outlook

The 2021 policy update by WhatsApp mandated data sharing with Meta's other companies group, removing the opt-out option and compelling users to accept the terms to continue using the platform. This policy undermined user autonomy and was deemed as an abuse of Meta's dominant market position, violating Section 4(2)(a)(i) of the Competition Act, as noted by CCI.

The CCI’s ruling requires WhatsApp to offer all users in India, including those who had accepted the 2021 update, the ability to manage their data-sharing preferences through a clear and prominent opt-out option within the app. This decision underscores the importance of user choice, informed consent, and transparency in digital data policies.

By addressing the coercive nature of the policy, the CCI ruling establishes a significant legal precedent for safeguarding user privacy and promoting fair competition. It highlights the growing acknowledgement of privacy as a fundamental right and reinforces the accountability of tech giants to respect user autonomy and market fairness. The directive mandates that data sharing within the Meta ecosystem must be based on user consent, with the option to decline such sharing without losing access to essential services.

References

●       https://www.thehindu.com/business/Industry/cci-fines-whatsapp-meta-2021-privacy-policy/article68883219.ece/amp/

●       https://www.livemint.com/companies/cci-imposes-penalty-meta-breach-competition-law-whatsapp-privacy-policy-update-advertising-11731947005402.html

●       https://www.outlookbusiness.com/corporate/whatsapp-parent-meta-disagrees-with-cci-says-its-policy-furthers-indian-economy

●       https://www.hindustantimes.com/world-news/disagree-meta-to-challenge-ccis-order-on-whatsapp-data-sharing-policy-101732013196875.html

●       https://lawbeat.in/news-updates/cci-imposes-rs21314-crore-penalty-meta-abuse-dominant-position-whatsapps-2021-privacy

‍