#FactCheck - AI Manipulated image showing Anant Ambani and Radhika Merchant dressed in golden outfits.

Introduction:

A new Android malware called NGate is capable of stealing money from payment cards through relaying the data read by the Near Field Communication (“NFС”) chip to the attacker’s device. NFC  is a device which allows  devices such as smartphones to communicate over a short distance wirelessly.  In particular, NGate allows forging the victims’ cards and, therefore, performing fraudulent purchases or withdrawing money from ATMs. . 

 About NGate Malware: 

The whole purpose of NGate malware is to target victims’ payment cards by relaying the NFC data to the attacker’s device. The malware is designed to take advantage of phishing tactics and functionality of the NFC on android based devices. 

Modus Operandi: 

• Phishing Campaigns: The first step is spoofed emails or SMS used to lure the users into installing the  Progressive Web Apps (“PWAs”) or the WebAPKs presented as genuine banking applications. These apps usually have a layout and logo that makes them look like an authentic app of a Targeted Bank which makes them believable. 

• Installation of NGate: When the victim downloads the specific app, he or she is required to input personal details including account numbers and PIN numbers. Users are also advised to turn on or install  NFC on their gadgets and place the payment cards to the back part of the phone to scan the cards. 

• NFCGate Component: One of the main working features of the NGate is the NFCGate, an application created and designed by some students of Technical University of Darmstadt. This tool allows the malware to:
  • • Collect NFC traffic from payment cards in the vicinity. 
    • Transmit, or relay this data to the attacker’s device through a server. 
    • Repeat data that has been previously intercepted or otherwise copied.

It is important to note that some aspects of NFCGate mandate a rooted device; however, forwarding NFC traffic can occur with devices that are not rooted, and therefore can potentially ensnare more victims. ‍

Technical Mechanism of Data Theft:

• Data Capture: The malware exploits the NFC communication feature on android devices and reads the information from the payment card, if the card is near the infected device. It is able to intercept and capture the sensive card details.  

• Data Relay: The stolen information  is transmitted through a server to the attacker’s device so that he/she is in a position to mimic the victim’s card. 

• Unauthorized Transactions: Attackers get access to spend money on the merchants or withdraw money from the ATM that has NFC enabled. This capability marks a new level of Android malware in that the hackers are able to directly steal money without having to get hold of the card. 

Social Engineering Tactics: 

In most cases, attackers use social engineering techniques to obtain more information from the target before implementing the attack. In the second phase, attackers may pretend to be representatives of a bank that there is a problem with the account and offer to download a program called NGate, which in fact is a Trojan under the guise of an application for confirming the security of the account. This method makes it possible for the attackers to get ITPIN code from the sides of the victim, which enables them to withdraw money from the targeted person’s account without authorization. 

 Technical Analysis:

The analysis of malicious file hashes and phishing links are below:

Malicious File Hashes:

csob_smart_klic.apk:

• MD5: 7225ED2CBA9CB6C038D8
• Classification: Android/Spy.NGate.B

csob_smart_klic.apk:

• MD5: 66DE1E0A2E9A421DD16B
• Classification: Android/Spy.NGate.C

george_klic.apk:

• MD5: DA84BC78FF2117DDBFDC
• Classification: Android/Spy.NGate.C

george_klic-0304.apk:

• MD5: E7AE59CD44204461EDBD
• Classification: Android/Spy.NGate.C

rb_klic.apk:

• MD5: 103D78A180EB973B9FFC
• Classification: Android/Spy.NGate.A

rb_klic.apk:

• MD5: 11BE9715BE9B41B1C852
• Classification: Android/Spy.NGate.C.

Phishing URLs:

Phishing URL: 

• https://client.nfcpay.workers[.]dev/?key=8e9a1c7b0d4e8f2c5d3f6b2

Additionally, several distinct phishing websites have been identified, including:

• rb.2f1c0b7d.tbc-app[.]life
• geo-4bfa49b2.tbc-app[.]life
• rb-62d3a.tbc-app[.]life
• csob-93ef49e7a.tbc-app[.]life
• george.tbc-app[.]life.

Analysis:

‍

‍

Broader Implications of NGate: 

The ultramodern features of NGate mean that its manifestation is not limited to financial swindling. An attacker can also generate a copy of NFC access cards and get  full access when hacking into restricted areas, for example, the corporate offices or restricted facility. Moreover, it is also safe to use the capacity to capture and analyze NFC traffic as threats to identity theft and other forms of cyber-criminality. 

Precautionary measures to be taken:

To protect against NGate and similar threats, users should consider the following strategies:

• Disable NFC: As mentioned above, NFC should be not often used, it is safe to turn NFC on Android devices off. This perhaps can be done from the general control of the device in which the bursting modes are being set. 

• Scrutinize App Permissions: Be careful concerning the permission that applies to the apps that are installed particularly the ones allowed to access the device. Hence, it is very important that applications should be downloaded only from genuine stores like Google Play Store only. 

• Use Security Software: The malware threat can be prevented by installing relevant security applications that are available in the market. 

• Stay Informed: As it has been highlighted, it is crucial for a person to know risks that are associated with the use of NFC while attempting to safeguard an individual’s identity. 

Conclusion: 

The presence of malware such as NGate is proof of the dynamism of threats in the context of mobile payments. Through the utilization of NFC function, NGate is a marked step up of Android malware implying that the attackers can directly manipulate the cash related data of the victims regardless of the physical aspect of the payment card. This underscores the need to be careful when downloading applications and to be keen on the permission one grants on the application. Turn NFC when not in use, use good security software and be aware of  the latest scams are some of the measures that help to fight this high level of financial fraud. The  attackers are now improving their methods. It is only right for the people and companies to take the right steps in avoiding the breach of privacy and identity theft.

Reference:

• https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
• https://therecord.media/android-malware-atm-stealing-czech-banks
• https://www.darkreading.com/mobile-security/nfc-traffic-stealer-targets-android-users-and-their-banking-info
• https://cybersecuritynews.com/new-ngate-android-malware/

‍

Introduction

Cyber slavery is a form of modern exploitation that begins with online deception and evolves into physical human trafficking. In recent times, cyber slavery has emerged as a serious threat that involves exploiting individuals through digital means under coercive or deceptive conditions. Offenders target innocent individuals and lure them by giving fake promises to offer them employment or alike. Cyber slavery can occur on a global scale, targeting vulnerable individuals worldwide through the internet and is a disturbing continuum of online manipulation that leads to real-world abuse and exploitation, where individuals are entrapped by false promises and subjected to severe human rights violations. It can take many different forms, such as coercive involvement in cybercrime, forced employment in online frauds, exploitation in the gig economy, or involuntary slavery. This issue has escalated to the highest level where Indians are being trafficked for jobs in countries like Laos and Cambodia. Recently over 5,000 Indians were reported to be trapped in Southeast Asia, where they are allegedly being coerced into carrying out cyber fraud. It was reported that particularly Indian techies were lured to Cambodia for high-paying jobs and later they found themselves trapped in cyber fraud schemes, forced to work 16 hours a day under severe conditions. This is the harsh reality for thousands of Indian tech professionals who are lured under false pretences to employment in Southeast Asia, where they are forced into committing cyber crimes.

Over 5,000 Indians Held in Cyber Slavery and Human Trafficking Rings

India has rescued 250 citizens in Cambodia who were forced to run online scams, with more than 5,000 Indians stuck in Southeast Asia. The victims, mostly young and tech-savvy, are lured into illegal online work ranging from money laundering and crypto fraud to love scams, where they pose as lovers online. It was reported that Indians are being trafficked for jobs in countries like Laos and Cambodia, where they are forced to conduct cybercrime activities. Victims are often deceived about where they would be working, thinking it will be in Thailand or the Philippines. Instead, they are sent to Cambodia, where their travel documents are confiscated and they are forced to carry out a variety of cybercrimes, from stealing life savings to attacking international governmental or non-governmental organizations. The Indian embassy in Phnom Penh has also released an advisory warning Indian nationals of advertisements for fake jobs in the country through which victims are coerced to undertake online financial scams and other illegal activities.

Regulatory Landscape

Trafficking in Human Beings (THB) is prohibited under the Constitution of India under Article

23 (1). The Immoral Traffic (Prevention) Act, of 1956 (ITPA) is the premier legislation for the prevention of trafficking for commercial sexual exploitation. Section 111 of the Bharatiya Nyaya Sanhita (BNS), 2023, is a comprehensive legal provision aimed at combating organized crime and will be useful in persecuting people involved in such large-scale scams. India has also ratified certain bilateral agreements with several countries to facilitate intelligence sharing and coordinated efforts to combat transnational organized crime and human trafficking.

CyberPeace Policy Recommendations

● Misuse of Technology has exploited the new genre of cybercrimes whereby cybercriminals utilise social media platforms as a tool for targeting innocent individuals. It requires collective efforts from social media companies and regulatory authorities to time to time address the new emerging cybercrimes and develop robust preventive measures to counter them.

● Despite the regulatory mechanism in place, there are certain challenges such as jurisdictional challenges, challenges in detection due to anonymity, and investigations challenges which significantly make the issue of cyber human trafficking a serious evolving threat. Hence International collaboration between the countries is encouraged to address the issue considering the present situation in a technologically driven world. Robust legislation that addresses both national and international cases of human trafficking and contains strict penalties for offenders must be enforced.

● Cybercriminals target innocent people by offering fake high-pay job opportunities, building trust and luring them. It is high time that all netizens should be aware of such tactics deployed by bad actors and recognise the early signs of them. By staying vigilant and cross-verifying the details from authentic sources, netizens can safeguard themselves from such serious threats which even endanger their life by putting them under restrictions once they are being trafficked. It is a notable fact that the Indian government and its agencies are continuously making efforts to rescue the victims of cyber human trafficking or cyber slavery, they must further develop robust mechanisms in place to conduct specialised operations by specialised government agencies to rescue the victims in a timely manner.

● Capacity building and support mechanisms must be encouraged by government entities, cyber security experts and Non-Governmental Organisations (NGOs) to empower the netizens to follow best practices while navigating the online landscape, providing them with helpline or help centres to report any suspicious activity or behaviour they encounter, and making them empowered to feel safe on the Internet while simultaneously building defenses to stay protected from cyber threats.

References:

1. https://www.news18.com/india/shock-treatment-physical-abuse-indians-getting-trafficked-for-cyber-slavery-to-dupe-other-indians-8954038.html

2. https://www.bbc.com/news/world-asia-india-68705913

3. https://therecord.media/india-rescued-cambodia-scam-centers-citizens

4. https://www.the420.in/rescue-indian-tech-workers-cambodia-cyber-fraud-awareness/

5. https://www.hindustantimes.com/india-news/360-indian-citizens-working-as-cyber-slaves-in-cambodia-return-home-101716431762282.html

6. https://www.ndtv.com/india-news/14-indians-rescued-from-cyber-slavery-in-cambodia-wait-to-return-home-6147228

7. https://www.dyami.services/post/intel-brief-250-indian-citizens-rescued-from-cyber-slavery

8. https://www.mea.gov.in/human-trafficking.htm

9. https://www.drishtiias.com/blog/the-vicious-cycle-of-human-trafficking-and-cybercrime

‍

Introduction

MSMEs, being the cornerstone of the Indian economy, are one of the most vulnerable targets in cyberspace and no enterprise is too small to be a target for malicious actors. MSMEs hardly ever perform a cyber-risk assessment, but when they do, they may run into a number of internal problems, such as cyberattacks brought on by inadequate networking security, online fraud, ransomware assaults, etc.  Tackling cyber threats in MSMEs is critical mainly because of their high level of dependance on digital technologies and the growing sophistication of cyber attacks. Protecting them from cyber threats is essential, as a security breach can have devastating consequences, including financial loss, reputational damage, and operational disruptions.

Key Cyber Threats that MSMEs are facing

MSMEs are most vulnerable to are phishing attacks, ransomware, malware and viruses, insider threats, social engineering attacks, supply chain attacks, credential stuffing and brute force attacks and Distributed Denial of Service (DDoS) Attacks. Some of these attacks are described as under-

• Insider threats arise from employees or contractors who intentionally or unintentionally compromise security. It involves data theft, misuse of access privileges, or accidental data exposure. 
• Social engineering attacks involve manipulating individuals into divulging confidential information or performing actions that compromise security by pretexting, baiting, and impersonation. 
• Supply chain attacks exploit the trust in relationships between businesses and their suppliers and introduce malware, compromise data integrity, and disrupt operations.
• Credential stuffing and brute force attacks give unauthorized access to accounts and systems, leading to data breaches and financial losses.

Challenges Faced by MSMEs in Cybersecurity

The challenges faced  by MSMEs in cyber security are mainly due to limited resources and budget constraints which leads to other issues such as a lack of specialized expertise as MSMEs often lack the IT support of cyber security experts. Awareness and training are needed to mitigate poor understanding of cyber threats and their complexity in nature. Vulnerabilities in the supply chain are present as they rely on third-party vendors and partners often, introducing potential supply chain vulnerabilities. Regulatory compliance is often complex and is taken seriously only when an issue crops up but it needs special attention especially with the DPDP Act coming in. The lack of an incident response plan leads to delayed and inadequate responses to cyber incidents, increasing the impact of breaches.

Best Practices for Tackling Cyber Threats for MSMEs

To effectively tackle cyber threats, MSMEs should adopt a comprehensive approach such as:

• Implementing and enforcing strong access controls by using MFA or 2FA and password policies. Limiting employee access as role based and updating the same as and when needed.
• Regularly apply security patches and use automated patch management solutions to prevent exploitation of known vulnerabilities.
• Conduct employee training and awareness programs and promote a security-first approach for the employees and assessing employee readiness to identify improvement areas.
• Implement network security measures by using firewalls and intrusion detection systems. Using secure Wi-Fi networks via strong encryptions and changing default credentials for the router are recommended, as is segmenting networks to limit lateral movement within the network in case of a breach.
• Regular data backup ensures that in case of an attack, data loss can be recovered and made available in secure offsite locations to protect it from unauthorized access. 
• Developing an incident response plan that outlines the roles, responsibilities and procedure for responding to cyber incidents with regular drills to ensure readiness and clear communication protocols for incident reporting to regulators, stakeholders and customers.
• Implement endpoint security solutions using antivirus and anti-malware softwares. Devices should be against unauthorized access and implement mobile device management solutions enforcing security policies on employee-owned devices used for work purposes.
• Cyber insurance coverage will help in transferring financial risks in case of cyber incidents. It should have comprehensive coverage including business interruptions, data restoration, legal liabilities and incident response costs.

Recommended Cybersecurity Solutions Tailored for MSMEs

1. A Managed Security Service Provider offers outsourced cybersecurity services, including threat monitoring, incident response, and vulnerability management that may be lacking in-house.
2. Cloud-Based Security Solutions such as firewall as a service and Security Information and Event Management , provide scalable and cost-effective protection for MSMEs.
3. Endpoint Detection and Response (EDR) Tools detect and respond to threats on endpoints, providing real-time visibility into potential threats and automating incident response actions.
4. Security Awareness Training Platforms deliver interactive training sessions and simulations to educate employees about cybersecurity threats and best practices.

Conclusion

Addressing cyber threats in MSMEs requires a proactive and multi-layered approach that encompasses technical solutions, employee training, and strategic planning. By implementing best practices and leveraging cybersecurity solutions tailored to their specific needs, MSMEs can significantly enhance their resilience against cyber threats. As cyber threats continue to evolve, staying informed about the latest trends and adopting a culture of security awareness will be essential for MSMEs to protect their assets, reputation, and bottom line.

References:

• https://economictimes.indiatimes.com/small-biz/security-tech/security/cyber-security-pitfalls-and-how-negligence-can-be-expensive-for-msmes/articleshow/99508822.cms?from=mdr
• https://www.investopedia.com/financial-edge/0112/3-ways-cyber-crime-impacts-business.aspx 
• https://www.financialexpress.com/business/sme-msme-tech-cisco-launches-new-tool-for-smbs-to-assess-their-cybersecurity-readiness-2538348/ 
• https://www.cloverinfotech.com/blog/small-businesses-big-problems-are-cyber-attacks-crushing-indias-msmes/ 

‍