Cyber Review - October 2024

National

“Bharat require stronger cyber security measures to counter breaches”: PRAHAR

In a report titled The Invisible hand by PRAHAR, an NGO, projected that by 2033, Bharat will face approximately one trillion cyber-attacks annually; and by 2047, the counts will rise to 17 trillion cyber-attacks. According to the report, two types of cyber-attacks are affecting Bharat’s cyber security— first, an attack in which traditional hackers exploit vulnerabilities in systems for financial gains o disruptions, whereas in other form of attack, cybercriminals targets citizens, recruiting them to engage in anti-national activities through manipulation, coercion or threats. Such tactics are most likely to be used on illegal betting apps.

In 2023, Bharat experienced over 79 million cyber-attacks, which is 15 per cent increase from 2022. “A situation has arisen where not only individual hackers or disgruntled people but also state-sponsored actors and states themselves are engaging in activities that sabotage important parameters of the economy,” said former IPS officer and cybercrime investigation specialist, Dr Muktesh Chander.^[1]

“Financial fraud losses from January to June 2024 amount to ₹11,269 crore”: I4C

According to a projection made by the Indian Cyber Crime Coordination Centre (I4C), Bharatiyas are likely to lose over ₹1.2 lakh crore over 2025 due to cyber frauds. “Most of the defrauded money is being taken out of the country and most scams have origins in China or Chinese-linked entities. There are domestically run scams too, where money is withdrawn from ATMs after jumping through several accounts,” said a senior government official based on anonymity.

During the first half of 2024, until June 30, the total losses from financial fraud reported via the MHA’s cybercrime portal, I4C, and 1930 helpline stood at ₹11,269 crore. The helpline and portal are linked to State police apparatus in addition to over 200 financial intermediaries, banks, and wallets. There are cases which are registered separately by the police and there are also instances when people do not report the crime.^[2]

“Bharat should actively contribute to global standards development”: ITU

In an interview with Economic Times, Bilel Jamoussi, Deputy Director of the Telecommunication Standardisation Bureau (TSB), International Telecommunication Union (ITU) said that “Bharat should (actively) participate in study groups of the ITU and contribute to the development of standards for next-generation technologies.” Bharat is already playing an essential role in telecom industry by contributing to the development of next generation network standards, Artificial Intelligence (AI), and Digital Public Infrastructure (DPI). According to a statement of Ministry of Communications (MoC), “Bharat contributed to the assembly with two new resolutions, including enhancing the standardisation activities on DPI, and standardisation activities of the ITU-T on AI technologies to support telecom/Information and Communication Technology (ICT).”^[3] Scientists from Korea, the U.S., Canada and France plan to conduct joint AI research projects focused at the lab, including studies on neural scaling law and a robot foundational model.^[4]

International

Russia targeted Ukrainian conscripts with Windows and Android malware.

In a hybrid espionage campaign against Ukraine, Russia’s APT— UNC5812 targeted Ukrainian military recruits with Windows and Android malware. As per Google’s Threat Intelligence report, the campaign used a "Civil Defence" identity, a website, and a specialised Telegram channel to distribute malware via a bogus recruitment avoidance software called "Sun-spinner" by the researchers. The campaign targets Windows and Android devices, with separate malware for each platform, allowing the attackers to steal data and snoop in real-time.

Users tricked into visiting Civil Defence's website are taken to a download page for a malicious application promoted as a crowd-sourced mapping tool that can help users track the locations of recruiters, and avoid them. Google calls this app "Sunspinner”, and although the app features a map with markers, Google says the data is fabricated. The app’s only purpose is to hide the installation of malware that takes place in the background. ^[5]

“63 per cent of Australians experienced a cyber-attack during the last 12 months”: National Australia Bank.

According to a survey— “Consumer Cyber Security Survey” released by Australia’s National Australia Bank (NAB), almost 63 per cent of its citizens faced a cyber-attack or data breach during last one year. A survey based on 1,038 interviews between August and September 2024, highlighted that 62 per cent of respondents are either “concerned” or “very concerned” about their persona cyber security. However, 85 per cent of respondents claimed to be “quite familiar” or “very familiar” with basic cyber security practices.

“Our research found the most common ways Australians had personal information compromised were through cyber-attacks on major companies (38 per cent of Australians) and falling victim to phishing scams (34 per cent),” said Sandro Bucchianeri, NAB’s Chief Security Officer.^[6]

South Korea established its National Artificial Intelligence Research Lab to strengthen AI competitiveness.

On 28 October, South Korea opened its National Artificial Intelligence Research (NAIR) lab as a part of efforts to strengthen the Artificial Intelligence (AI) competitiveness. According to the Ministry of Science and Technology, the government plans to invest a combined 94.6 billion won (USD68.2 million) in the National AI Research Lab by 2028 to help the organisation lead the country’s joint AI research projects with global partners, foster AI talents and create an ecosystem connecting the AI industry.^[7]

Endnotes

^[1]PTI. “India needs stronger cyber security measures to tackle breaches: Experts”, Business Standard, 29 October 2024, available from: https://www.business-standard.com/technology/tech-news/india-needs-stronger-cyber-security-measures-to-tackle-breaches-experts-124102901306_1.html [2]
^[2]Singh, Vijaita. “Cyberfraud losses could amount to 0.7% of GDP, projects Ministry’s study”, The Hindu, 24 October 2024, available from: https://www.thehindu.com/sci-tech/technology/cyber-fraud-losses-could-amount-to-07-of-gdp-mha-study-projects/article68788093.ece [3]
^[3]Kumar, Ashutosh. “India should actively contribute to global standards development: ITU’s Bilel Jamoussi”, Economic Times Telecom, 29 October 2024, available from: https://telecom.economictimes.indiatimes.com/news/policy/india-should-actively-contribute-to-global-standards-development-itus-bilel-jamoussi/114720490?utm_source=Mailer&utm_medium=newsletter&utm_campaign=ettelecom_news_2024-10-30&dt=2024-10-30&em=YW51cmFnQHZpZmluZGlhLm9yZw== [4]
^[4]“Korea opens nat’l AI research lab to boost AI capabilities”, the Korea Times, 28 October 2024, available from: https://www.koreatimes.co.kr/www/tech/2024/10/129_385121.html [5]
^[5]Toulas, Bill. “Russia targets Ukrainian conscripts with Windows and Android malware”, Bleeping Computer, 28 October 2024, available from: https://www.bleepingcomputer.com/news/security/russia-targets-ukrainian-conscripts-with-windows-android-malware/ [6]
^[6]Squires, Ben. “Most Australians have experienced a cyber-attack: NAB”, Cyber Daily Australia, 29 October 2024, available from: https://www.cyberdaily.au/culture/11290-most-australians-have-experienced-a-cyber-attack-nab [7]
^[7]“Korea opens Nat’l AI research lab to boost AI competitiveness”, The Korea Times, 28 October 2024, available from: https://www.koreatimes.co.kr/www/tech/2024/10/129_385121.html [5]