#FactCheck - False Claim of Hindu Sadhvi Marrying Muslim Man Debunked

Introduction:

Technology has become a vital part of everyone’s life nowadays, it occupies essential activities of a person’s life whether we are working or playing and studying. I would say from education to corporate, technology makes everything easier and simpler to achieve the goals for a particular thing.  Corporate companies are using technology for their day-to-day work and there are many law-based foundations that are publishing blogs and papers for legal awareness, many lawyers use internet technology for promoting themselves which amounts to growth in their work. Some legal work can now be done by machines, which was previously unthinkable. Large disputes frequently have many documents to review. Armies of young lawyers and paralegals are typically assigned to review these documents. This work can be done by a properly trained machine. Machine drafting of documents is also gaining popularity. We’ve also seen systems that can forecast the outcome of a dispute. We are starting to see machines take on many tasks that we once thought was solely the domain of lawyers.

How to expand law firms and the corporate world with the help of technology?

If we talk about how lawyers’ lives will be impacted by technology then I would explain about law students first. Students are the one who is utilizing the technology at its best for their work, tech could be helpful in students’ lives. as law students use SCC online and manupatra, which are used for case laws. And during their law internships, they use it to help their seniors to find appropriate cases for them. and use it as well for their college research work. SCC and manupatra are very big platforms by which we can say if students use technology for their careers, it will impact their law career in the best ways.

A lawyer running a law firm is not a small task, and there are plenty of obstacles to that, such as a lack of tech solutions, failure to fulfil demands, and inability to innovate, these obstacles prevent the growth of some firms. The right legal tech can grow an organization or a law firm and there will be fewer obstacles.

Technology can be proven as a good mechanism to grow the law firm, as everything depends on tech, from court work to corporate. If we talk about covid during 2020, everything shifted towards the virtual world, court hearings switched to online mode due to covid which proved as a bone to the legal system as the case hearings were speedy and there was no physical contact due to that.

Legal automation is also helping law firms to grow in a competitive world. And it has other benefits also like shifting tedious tasks from humans to machines, allowing the lawyer to work on more valuable work. I would say that small firms should also need to embrace automation for competition in the corporate sector. Today, artificial intelligence offers a solution to solve or at least make the access-to-justice issue better and completely transform our traditional legal system.

There was a world-cited author, Richard Susskind, OBE, who talked about the future of law and lawyers and he wrote a book, Online Courts and the Future of Justice. Richard argues that technology is going to bring about a fascinating decade of change in the legal sector and transform our court system. Although automating our old ways of working plays a part in this, even more, critical is that artificial intelligence and technology will help give more individuals access to justice.

The rise of big data has also resulted in rapid identification systems, which allow police officers to quickly see an individual’s criminal history through a simple search.The FBI’s Next Generation Identification (NGI) system matches individuals with their criminal history information using biometrics such as fingerprints, palm prints, iris recognition, and facial recognition. The NGI’s current technologies are constantly being updated, and new ones are being added, to make the NGI the most comprehensive way to gather up-to-date information on the person being examined

During covid, there were e-courts services in courts, and lawyers and judges were taking cases online. After the covid, the use of technology increased in the law field also from litigation to corporate. As technology can also safeguard confidential information between parties and lawyers. There was ODR, (online dispute resolution) happening meetings that were taking place online mode.

File sharing is inevitable in the practice of law. Yet sometimes the most common ways of sharing (think email) are not always the most secure. With the remote office, the boom has come an increased need for alternate file-sharing solutions. There is data encryption to protect data as it is a reliable method to protect confidential data and information.

Conclusion-

Technology has been playing a vital role in the legal industry and has increased the efficiency of legal offices and the productivity of clerical workers. With the advent of legal tech, there is greater transparency between legal firms and clients. Clients know how many fees they must pay and can keep track of the day-to-day progress of the lawyer on their case. Also, there is no doubt that technology, if used correctly, is fast and efficient – more than any human individual. This can prove to be of great assistance to any law firm.  Lawyers of the future will be the ones who create the systems that will solve their client’s problems. These legal professionals will include legal knowledge engineers, legal risk managers, system developers, design thinking experts, and others. These people will use technology to create new ways of solving legal problems. In many ways, the legal sector is experiencing the same digitization that other industries have, and because it is so document-intensive, it is actually an industry that stands to benefit greatly from what technology has to offer.

Executive Summary:

New Linux malware has been discovered by a cybersecurity firm Volexity, and this new strain of malware is being referred to as DISGOMOJI. A Pakistan-based threat actor alias ‘UTA0137’ has been identified as having espionage aims, with its primary focus on Indian government entities.  Like other common forms of backdoors and botnets involved in different types of cyberattacks, DISGOMOJI, the malware  allows the use of commands to capture screenshots, search for files to steal, spread additional payloads, and transfer files. DISGOMOJI  uses Discord (messaging service)  for Command & Control (C2)  and uses emojis  for C2 communication. This malware targets Linux operating systems.

The DISCOMOJI Malware:  

• The DISGOMOJI malware opens a specific channel in a Discord server and every new channel corresponds to a new victim. This means that the attacker can communicate with the victim one at a time.

• This particular malware connects with the attacker-controlled Discord server using Emoji, a form of relay protocol. The attacker provides unique emojis as instructions, and the malware uses emojis as a feedback to the subsequent command status.

• For instance, the ‘camera with flash’ emoji is used to screenshots the device of the victim or to steal, the ‘fox’ emoji cracks all Firefox profiles, and the ‘skull’ emoji kills the malware process.

• This C2 communication is done using emojis to ensure messaging between infected contacts, and it is almost impossible for Discord to shut down the malware as it can always change the account details of Discord it is using once the maliciou server is blocked.

• The malware also has capabilities aside from the emoji-based C2 such as network probing, tunneling, and data theft that are needed to help the UTA0137 threat actor in achieving its espionage goals.

Specific emojis used for different commands by UTA0137:

• Camera with Flash (📸): Captures a picture of the target device’s screen as per the victim’s directions.

• Backhand Index Pointing Down (👇): Extracts files from the targeted device and sends them to the command channel in the form of attachments.

• Backhand Index Pointing Right (👉): This process involves sending a file found on the victim’s device to another web-hosted file storage service known as Oshi or oshi[. ]at.

• Backhand Index Pointing Left (👈): Sends a file from the victim’s device to transfer[. ]sh, which is an online service for sharing files on the Internet.

• Fire (🔥): Finds and transmits all files with certain extensions that exist on the victim’s device, such as *. txt, *. doc, *. xls, *. pdf, *. ppt, *. rtf, *. log, *. cfg, *. dat, *. db, *. mdb, *. odb, *. sql, *. json, *. xml, *. php, *. asp, *. pl, *. sh, *. py, *. ino, *. cpp, *. java,

• Fox (🦊): This works by compressing all Firefox related profiles in the affected device. 

• Skull (💀): Kills the malware process in windows using ‘os. Exit()’

• Man Running (🏃‍♂️):  Execute a command on a victim’s device. This command receives an argument, which is the command to execute.

• Index Pointing up (👆) : Upload a file to the victim's device. The file to upload is attached along with this emoji

Analysis:   

The analysis was carried out for one of the indicator of compromised SHA-256 hash file-  C981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf002.

It is found that most of the vendors have marked the file as trojan in virustotal and the graph explains the malicious nature of the contacted domains and IPs.

‍

Discord & C2 Communication  for UTA0137:

• Stealthiness: Discord is a well-known messaging platform used for different purposes, which means that sending any messages or files on the server should not attract suspicion. Such stealthiness makes it possible for UTA0137 to remain dormant for greater periods before launching an attack.

• Customization: UTA0137 connected to Discord is able to create specific channels for distinct victims on the server. Such a framework allows the attackers to communicate with each of the victims individually to make a process more accurate and efficient.

• Emoji-based protocol: For C2 communication, emojis really complicates the attempt that Discord might make to interfere with the operations of the malware. In case the malicious server gets banned, malware could easily be recovered, especially by using the Discord credentials from the C2 server.

• Persistence: The malware, as stated above, has the ability to perpetually exist to hack the system and withstand rebooting of systems so that the virus can continue to operate without being detected by the owner of the hacked system.

• Advanced capabilities: Other features of DISGOMOJI are the Network Map using Nmap scanner, network tunneling through Chisel and Ligolo and Data Exfiltration by File Sharing services. These capabilities thus help in aiding the espionage goals of UTA0137.

• Social engineering: The virus and the trojan can show the pop-up windows and prompt messages, for example the fake update for firefox and similar applications, where the user can be tricked into inputting the password.

• Dynamic credential fetching: The malware does not write the hardcoded values of the credentials in order to connect it to the discord server. This also inconveniences analysts as they are unable to easily locate the position of the C2 server.

• Bogus informational and error messages: They never show any real information or errors because they do not want one to decipher the malicious behavior easily.

Recommendations to mitigate the risk of UTA0137:

• Regularly Update Software and Firmware: It is essential to regularly update all the application software and firmware of different devices, particularly, routers, to prevent hackers from exploiting the discovered and disclosed flaws. This includes fixing bugs such as CVE-2024-3080 and CVE-2024-3912 on ASUS routers, which basically entails solving a set of problems.

• Implement Multi-Factor Authentication: There are statistics that show how often user accounts are attacked, it is important to incorporate multi-factor authentication to further secure the accounts.

• Deploy Advanced Malware Protection: Provide robust guard that will help the user recognize and prevent the execution of the DISGOMOJI malware and similar threats.

• Enhance Network Segmentation: Utilize stringent network isolation mechanisms that seek to compartmentalize the key systems and data from the rest of the network in order to minimize the attack exposure.

• Monitor Network Activity: Scanning Network hour to hour for identifying and handling the security breach and the tools such as Nmap, Chisel, Ligolo etc can be used.

• Utilize Threat Intelligence: To leverage advanced threats intelligence which will help you acquire knowledge on previous threats and vulnerabilities and take informed actions.

• Secure Communication Channels: Mitigate the problem of the leakage of developers’ credentials and ways of engaging with the discord through loss of contact to prevent abusing attacks or gaining control over Discord as an attack vector.

• Enforce Access Control: Regularly review and update the user authentication processes by adopting stricter access control measures that will allow only the right personnel to access the right systems and information.

• Conduct Regular Security Audits: It is important to engage in security audits periodically in an effort to check some of the weaknesses present within the network or systems.

• Implement Incident Response Plan: Conduct a risk assessment, based on that design and establish an efficient incident response kit that helps in the early identification, isolation, and management of security breaches.

• Educate Users: Educate users on cybersecurity hygiene, opportunities to strengthen affinity with the University, and conduct retraining on threats like phishing and social engineering.

Conclusion:

The new threat actor named UTA0137 from Pakistan who was utilizing DISGOMOJI malware to attack Indian government institutions using embedded emojis with a command line through the Discord app was discovered by Volexity. It has the capability to exfiltrate and aims to steal the data of government entities. The UTA0137 was continuously improved over time to permanently communicate with victims. It underlines the necessity of having strong protection from viruses and hacker attacks, using secure passwords and unique codes every time, updating the software more often and having high-level anti-malware tools. Organizations can minimize advanced threats, the likes of DISGOMOJI and protect sensitive data by improving network segmentation, continuous monitoring of activities, and users’ awareness.

References:

https://otx.alienvault.com/pulse/66712446e23b1d14e4f293eb

https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html?m=1

https://cybernews.com/news/hackers-using-emojis-to-command-malware/

https://www.blackhatethicalhacking.com/news/disgomoji-new-linux-malware-uses-emojis-for-command-execution/

https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/

‍

Introduction

Cybercrime is one of the most pressing concerns in today’s era. As the digital world is evolving rapidly, so do the threats and challenges to curb these cybercrimes. The complexities associated with the evolving cybercrimes make it difficult to detect and investigate by the law enforcement across the world. India is one of those countries that is actively engaged in creating awareness about the cybercrimes and security concerns across the State. At the national level, initiatives like National Cybercrime Reporting Portal, CERT-In and I4C have been established to assist the law enforcement in dealing with cybercrimes in India. According to the press release by the Ministry of Home Affairs, 12,5153 cases of Financial Cyber Frauds were reported in the year 2023, which is the second highest in State-wise Reporting after UP. Maharashtra has been highlighted as one of the States with the highest cybercrime cases for the past few years. 

In response to curbing the increasing number of cases, the state of Maharashtra has launched the initiative ‘the Maharashtra Cyber Security Project’. The purpose of this project is to strengthen the system’s defense mechanism by establishing cybersecurity infrastructure, exploiting technological advancements and enhancing the skills of law enforcement agencies. 

Maharashtra Cyber Department and the Cyber Security Project

The Maharashtra Cyber Department, also referred as MahaCyber was established in the year 2016 and employs a multi-faceted approach to address cyberthreats. The objective is to provide a user-friendly space to report Cybercrimes, safeguarding Critical Information Infrastructure from cyber threats, empowering the investigation law agencies ultimately improving its efficiency and creating awareness among common people.  

The Maharashtra Cyber Security Project aims to strengthen the department, bringing all the aspects of the cyber security system under one facility. The key components of the Maharashtra Cyber Security Project are as follows: 

• Command & Control Centre:

The Command & Control Centre will function as a 24/ complaint registration hub and grievance handling mechanism which can be accessed by calling the helpline number, mobile app or on the online portal. The Centre continuously monitors cyber threats, reduce the impact of cyber attacks and ensures that issues are resolved as soon as possible. 

• Technology Assisted Investigation (TAI):

Complaints that are registered are analysed and investigated by experts using cutting edge technologies such as Computer Forensic or Mobile Forensic, Voice Analysis System, Image Enhancement Tool, Deepfake Detection Solution to name a few which helps the Maharashtra Cyber Department to collect evidence, identify weak spots and mitigate the cyber threats effectively.   

• Computer Emergency Response Team – Maharashtra (CERT-MH):

The CRET-MH works on curbing cybercrimes which are especially targeted to affect the Critical Infrastructure like banks, railway services, electricity of the State and threats related to national security using technologies such as Deep web and Dark web analysis, Darknet & Threat Intelligence Feeds, Vulnerability Management, Cyber Threat Intelligence Platform, Malware Analysis and Network Capture Analysis and coordinates with other agencies. 

• Security Operations Centre (SOC):

The SOC looks after the security of the MahaCyber from any cyber threats. It 24/7 monitors the infrastructure for any signs of breach or threats and thus aids in early detection and prevention of any further harm. 

• Centre of Excellence (COE):

The Centre of Excellence focuses on training the police officials to equip them with desired tools and technologies to deal with cyber threats. The Centre also works on creating awareness about various cyber threats among the citizens of the state. 

• Nodal Cyber Police Station:

The Nodal Cyber Police Station works as a focal point for all cybercrime related law enforcement activities. It is responsible for coordinating the investigation procedure and prevention of cybercrimes within the state. Such Cyber Police Stations have been established in each district of Maharashtra. 

Funds of Funds to scale up Startups

The government of Maharashtra through the Fund of Funds for Startups scheme has invested in more than 300 startups that align with the objective of cyber security and digital safety. The government is promoting ideas and cyber defence innovation which will help to push the boundaries of traditional cybersecurity tools and improve the State’s ability to tackle cybercrimes.  Such partnerships can be a cost-effective solution that proactively promotes a culture of cybersecurity across industries. 

Dynamic Cyber Platform

The government of Maharashtra has been working on creating a dynamic cyber platform that would assist them in tackling cybercrimes and save hundreds of crores of rupees in a short span of time. The platform will act as a link between various stakeholders such as banks, Non-Banking Financial Companies (NBFCs) and social media providers to provide a technology-driven solution to the evolving cybercrimes. As a part of this process, the government has invited tenders and has called top IT companies from the world to participate and aid them in setting up this dynamic cyber platform. 

Why Does The Initiative By Maharashtra’s Government Act As A Model For Other States

The components of the Maharashtra Cyber Security Project and the dynamic cyber platform create a comprehensive system which aims at tackling the increasing complexities of cyber threats. The initiative with integration on cutting edge technologies, specialised institutions, expert professionals from various industries and real-time monitoring of cybercrimes sets an example that Maharashtra is well-equipped to prevent, detect and respond to cybercrimes being reported in the State. The project collaborates between government and law enforcement agencies, providing them proper training and addressing grievances of the public. By working on four key areas, i.e. centralised platform for reporting, collaboration between government and private sectors, public awareness and use of advanced technologies, the Cyber Security System in Maharashtra serves as a model for creating secure digital space and tackling cybercrime effectively on a large scale.  

Other States in India could certainly adopt similar models and achieve success in curbing cybercrimes. They need to create a dedicated response team consisting of trained personnel, invest in advanced software as used by Maharashtra, foster partnerships with companies or startups involved in AI and technology to build resilient cybersecurity infrastructures. The government of Maharashtra can extend hands to assist other states to establish a model that addresses the evolving cybercrimes efficiently.  

References

• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2003158 
• https://mhcyber.gov.in/about-us 
• https://www.youtube.com/watch?v=jjPw-8afTTw 
• https://www.ltts.com/press-release/maharashtra-inaugurates-india-first-integrated-cyber-command-control-center-ltts 
• https://theprint.in/india/maharashtra-tackling-evolving-cyber-crimes-through-dynamic-platform-cm/2486772/ ‍
• https://www.freepressjournal.in/mumbai/maharashtra-dynamic-cyber-security-platform-in-the-offing-says-fadnavis