#FactCheck - Viral Video Misleadingly Tied to Recent Taiwan Earthquake

Introduction 

Over the past few years, the virtual space has been an irreplaceable livelihood platform for content creators and influencers, particularly on major social media platforms like YouTube and Instagram. Yet, if this growth in digital entrepreneurship is accompanied by anything, it is a worrying trend, a steep surge in account takeover (ATO) attacks against these actors. In recent years, cybercriminals have stepped up the quantity and level of sophistication of such attacks, hacking into accounts, jeopardising the follower base, and incurring economic and reputational damage. They don’t just take over accounts to cause disruption. Instead, they use these hijacked accounts to run scams like fake livestreams and cryptocurrency fraud, spreading them by pretending to be the original account owner. This type of cybercrime is no longer a nuisance; it now poses a serious threat to the creator economy, digital trust, and the wider social media ecosystem.

Why Are Content Creators Prime Targets? 

Content creators hold a special place on the web. They are prominent users who live for visibility, public confidence, and ongoing interaction with their followers. Their social media footprint tends to extend across several interrelated platforms, e.g., YouTube, Instagram, X (formerly Twitter), with many of these accounts having similar login credentials or being managed from the same email accounts. This interconnectivity of their online presence crosses multiple platforms and benefits workflow, but makes them appealing targets for hackers. One entry point can give access to a whole chain of vulnerabilities. Attackers, once they control an account, can wield its influence and reach to share scams, lead followers to phishing sites, or spread malware, all from the cover of a trusted name.

Popular Tactics Used by Attackers

• Malicious Livestream Takeovers and Rebranding - Cybercriminals hijack high-subscriber channels and rebrand them to mimic official channels. Original videos are hidden or deleted, replaced with scammy streams using deep fake personas to promote crypto schemes.
• Fake Sponsorship Offers - Creators receive emails from supposed sponsors that contain malware-infected attachments or malicious download links, leading to credential theft.
• Malvertising Campaigns - These involve fake ads on social platforms promoting exclusive software like AI tools or unreleased games. Victims download malware that searches for stored login credentials.
• Phishing and Social Engineering on Instagram - Hackers impersonate Meta support teams via DMs and emails. They direct creators to login pages that are cloned versions of Instagram's site. Others pose as fans to request phone numbers and trick victims into revealing password reset codes.
• Timely Exploits and Event Hijacking - During major public or official events, attackers often escalate their activity. Hijacked accounts are used to promote fake giveaways or exclusive live streams, luring users to malicious websites designed to steal personal information or financial data.

Real-World Impact and Case Examples

The reach and potency of account takeover attacks upon content creators are far-reaching and profound. In a report presented in 2024 by Bitdefender, over 9,000 malicious live streams were seen on YouTube during a year, with many having been streamed from hijacked creator accounts and reassigned to advertise scams and fake content. Perhaps the most high-profile incident was a channel with more than 28 million subscribers and 12.4 billion total views, which was totally taken over and utilised for a crypto fraud scheme live streaming. Additionally, Bitdefender research indicated that over 350 scam domains were utilised by cybercriminals, directly connected via hijacked social media accounts, to entice followers into phishing scams and bogus investment opportunities. Many of these pieces of content included AI-created deep fakes impersonating recognisable personalities like Elon Musk and other public figures, providing the illusion of authenticity around fake endorsements (CCN, 2024). Further, attackers have exploited popular digital events such as esports events, such as Counter-Strike 2 (CS2), by hijacking YouTube gaming channels and livestreaming false giveaways or referring viewers to imitated betting sites.

Protective Measures for Creators

• Enable Multi-Factor Authentication (MFA) 

Adds an essential layer of defence. Even if a password is compromised, attackers can't log in without the second factor. Prefer app-based or hardware token authentication.

• Scrutinize Sponsorships 

Verify sender domains and avoid opening suspicious attachments. Use sandbox environments to test files. In case of doubt, verify collaboration opportunities through official company sources or verified contacts.

• Monitor Account Activity 

Keep tabs on login history, new uploads, and connected apps. Configure alerts for suspicious login attempts or spikes in activity to detect breaches early. Configure alerts for suspicious login attempts or spikes in activity to detect breaches early.

• Educate Your Team 

If your account is managed by editors or third parties, train them on common phishing and malware tactics.  Employ regular refresher sessions and send mock phishing tests to reinforce awareness.

• Use Purpose-Built Security Tools 

Specialised security solutions offer features like account monitoring, scam detection, guided recovery, and protection for team members. These tools can also help identify suspicious activity early and support a quick response to potential threats.

Conclusion 

Account takeover attacks are no longer random events, they're systemic risks that compromise the financial well-being and personal safety of creators all over the world. As cybercriminals grow increasingly sophisticated and realistic in their scams, the only solution is a security-first approach. This encompasses a mix of technical controls, platform-level collaboration, education, and investment in creator-centric cybersecurity technologies. In today's fast-paced digital landscape, creators not only need to think about content but also about defending their digital identity. As digital platforms continue to grow, so do the threats targeting creators. However, with the right awareness, tools, and safeguards in place, a secure and thriving digital environment for creators is entirely achievable.

References

• https://www.bitdefender.com/en-au/blog/hotforsecurity/account-takeover-attacks-on-social-media-a-rising-threat-for-content-creators-and-influencers
• https://www.arkoselabs.com/account-takeover/social-media-account-takeover/
• https://www.imperva.com/learn/application-security/account-takeover-ato/
• https://www.security.org/digital-safety/account-takeover-annual-report/
• https://www.niceactimize.com/glossary/account-takeover/

‍

Executive Summary:

CVE 2024-3094 is a backdoor vulnerability recently found in Kali Linux installations that happened between March 26th to 29th. This vulnerability was found in XZ package version 5.6.0 to 5.6.1. It could allow the malicious actor to compromise SSHD authentication, and grant unauthorized access to the entire system remotely. The users who have installed or updated Kali Linux during the said time are advised to update their system to safeguard against this vulnerability. 

The Dangerous Backdoor

The use of the malicious implant found in XZ Utils as a remote code execution tool makes it more dangerous, because of its ability to compromise the affected systems. Initially, researchers believed the vulnerability enabled an authentication bypass for the OpenSSH server (SSHD) process. However, further analysis revealed it is better characterized as a remote code execution (RCE) vulnerability.

The backdoor intercepts the RSA_public_decrypt function, verifies the host's signature using a fixed Ed448 key, and if successful, executes malicious code passed by the attacker via the system() function. This leaves no trace in SSHD logs and makes it difficult to detect the vulnerability. 

Impacted Linux Distributions

The compromised versions of XZ Utils have been found in the following Linux distributions released in March 2024:

• Kali Linux (between March 26 and March 29)
• openSUSE Tumbleweed and openSUSE MicroOS (March 7 to March 28)
• Fedora 41, Fedora Rawhide, and Fedora Linux 40 beta
• Debian (testing, unstable, and experimental distributions only)
• Arch Linux container images (February 29 to March 29)
• Meanwhile, distributions such as Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, and Debian Stable are not believed to be affected.

How Did This Happen?

The malicious code appears to have been inserted by taking advantage of a typical control transfer vulnerability. The original maintainer of the XZ Libs project on GitHub handed over control of the repository to an account that had been contributing to various data compression-related projects for several years. It was at this point that the backdoor was implanted in the project code.

Fortunately, the Potential Disaster Was Averted

As per Igor Kuznetsov, head of Kaspersky's Global Research and Analysis Team (GReAT), the vulnerability CVE-2024-3094 is considered as the largest scale attack that has happened in the Linux ecosystem history. Because it targeted the primary remote management tool for Linux servers on the internet which is  SSH servers.  

As this vulnerability was detected in the testing and rolling distributions in the short period of time, where the latest software packages are used. This results to the minimum damage to the linux users and so far no case of CVE-2024-3094 being actively exploited have been detected.

Staying Safe

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises that users who installed or updated the affected operating systems in March immediately roll back to XZ Utils 5.4.6 version and be on alert for any malicious activity. It is recommended to change the passwords in the case of a distribution where a weak version of XZ Utils has been installed. 

The Yara rule has been released to detect any infected systems by CVE-2024-3094 Vulnerability. 

Conclusion

The discovery of the XZ Utils backdoor provides a reminder to be vigilant in the open source software environment. This supply chain attack highlights the importance of strong security measures, elaborate code reviews, and regular distribution of security updates to provide shield against such vulnerabilities. Always staying informed and taking the necessary precautions, Linux users can mitigate the potential impact of this vulnerability to keep their systems safe.

References : 

• https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html 
• https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/ 
• https://www.kali.org/blog/about-the-xz-backdoor/ 
• https://www.kaspersky.com/blog/cve-2024-3094-vulnerability-backdoor/50873/ 
• https://www.rapid7.com/blog/post/2024/04/01/etr-backdoored-xz-utils-cve-2024-3094/ 

‍

Introduction

The nation got its first consolidated data protection regulation in the form of the Digital Personal Data Protection Act, 2023, in the month of August, and the Indian netizens got their independence in terms of data protection and privacy. The act lays heavy penalties for non-compliance with the provisions, and the same is under the jurisdiction of a Data Protection Board set up by the Central Government, which enjoys powers equivalent to a civil court. The act upholds the right to data privacy as the fundamental right under Article 19 (1)(A) and 21 of the Constitution of India. The same has been judicially supported in the form of the landmark judgement,  Jus. K.S Puttawamy vs. Union of India of 2018. Let us take a look at the impact the act will make on the Indian netizens. 

‍

What is Personal Data? 

Personal Data refers to any form of digitised data which can be directly replicated by any person. This includes email IDs, mobile numbers, health data, banking data, photos, etc. A person to whom the personal data belongs is called the Data Principle. A Data principle is anyone who is above the age of 18 years and consents to the data of children/minors. In the case of children/minors, it is mandatory for the parents or guardians to provide their express consent for the processing of personal data for all or any purposes. Any individual who is processing personal data is known as the Data Fiduciry, and individuals registered under the act may act as consent managers to make the consent transparent.  When it comes to the rights of the netizens, it is seen that the act is created with an aspect of  “Safety by Design” to secure the rights and responsibilities of the netizens. 

‍

Rights secured under the DPDP Act 2023

• Right to Grievance Redressal: The Data fiduciary and the consent manager are required to respond to the grievances of the Data Principal within a time period, which is soon to be prescribed, thus creating a blanket of responsibility for the data fiduciary and consent manager. 
• Right to Nominate: Data Principals have the right to nominate any other individual who shall, in the event of death or incapacity of the data principal, exercise his/her rights.  
• Right to access to information: The Data principal has the right to seek confirmation from Data fiduciaries regarding the processing of their personal data and the summary of the processed data as well. 
• Right to Erasure and Correction: Data principals can reach out to the data fiduciaries in order to exercise their right to correct, complete, update and erasure of their personal data.  
• Territorial Rights: The data is to be processed within India, and processing outside India should be in regard to the services provided in India. 
• Material Rights: The rights are applicable to any personal data collected in digitised form and also for the data collected in a non-digital form but subsequently digitised. 

Obligations for Data Fiduciaries 

The data fiduciaries are mandated to oblige with the following provisions in order to maintain compliance with the laws of the land and by securing the Digital rights of the netizens. 

These are the obligations of the data fiduciaries: 

• Implement technical and organisational measures to safeguard Personal Data. 
• Determine the legal grounds for processing and obtaining consent from Data principals where required. 
• Provide a privacy notice while obtaining consent from Data principals. 
• Implement a mechanism for data principals to exercise their rights.
• Implement a grievance redressal mechanism for handling the queries from Data principals. 
• Irrecoverably delete personal data after the purpose for which it was collected has expired or when the consent has been withdrawn. 
• Have a breach management policy to notify the data protection board and the data principals in accordance with prescribed timelines. 
• Sign a valid contract with Data processors to ensure key obligations are abided by them, including timely deletion of data. 

Conclusion 

As the world steps into the digital age, it is pertinent for the governments of the world to come up with efficient and effective legislation to protect cyber rights and responsibilities, but as cyberspace has no boundaries, nations need to work in synergy to protect their cyber interests and netizens. This can only begin once all nations have indigenous Cyber laws and rights to protect netizens, and the same has been addressed by the Indian Government in the form of the Digital Perosnl Data Protection Act, 2023. The future is full of emerging technologies and the evolution of cyber laws; hence, consolidating a basic legal structure now is of utmost importance and the same is expected to be strengthened in India by the soon-to-be-released Draft Digital India Bill.  

‍