#FactCheck:AI-Created Video Falsely Shows Car Catching Fire During Celebration

Introduction

The hospitality industry is noted to be one of the industries most influenced by technology. Hotels, restaurants, and travel services are increasingly reliant on digital technologies to automate core operations and customer interactions. The shift to electronic modes of conducting business has made the industry a popular target for cyber threats. In light of increasing cyber threats, safeguarding personal and sensitive personal data on the part of the hospitality industry becomes significant not only from a customer standpoint but also from an organisational and legal perspective.

Role of cybersecurity in the hospitality industry

A hospitality industry-based entity (“HI entity”) deploys several technologies not only to automate operations but to also deliver excellent customer experiences. Technologies such as IoTs that enable smart controls in rooms, Point-of-Sale systems that manage reservations, Call Accounting Systems that track and record customer calls, keyless entry systems, and mobile apps that facilitate easy booking and service requests are popularly used in addition to operative technologies such as Property Management Systems, Hotel Accounting Systems, Local Area Networks (LAN).{1} These technologies collect vast volumes of data daily due to the nature of operations. Such data necessarily includes personal information such as names, addresses, phone numbers, email IDs etc. and sensitive information such as gender, bank account and payment details, health information pertaining to food allergens etc. Resultantly, the breach and loss of such critical data impacts customer trust and loyalty and in turn, their retention within the business. Lack of adequate cybersecurity measures also impacts the reputation and goodwill of an HI entity since customers are more likely to opt for establishments that prioritise the protection of their data. In 2022, cybercriminals syphoned 20GB of internal documents and customer data from Marriott Hotels, which included credit card information and staff information such as wage data, corporate card number and even a personnel assessment file. A much larger breach was seen in 2018, where 383 million booking records and 5.3 million unencrypted passport numbers were stolen from Marriott’s servers.{2}

Cybersecurity is also central to safeguarding trade secrets and key confidential trade information. An estimate of US $6 trillion per year on average amounts to losses generated from cybercrimes.{3} The figure, however, does not include the cost of breach, expenses related to incident response, legal fees, regulatory fines etc which may be significantly higher for a HI entity when loss of potential profits is factored in.

Cybersecurity is also central from a legal standpoint. Legal provisions in various jurisdictions mandate the protection of guest data. In India, the Digital Personal Data Protection Act 2023, imposes a penalty of up to Rs. 50 Crores on a breach in observing obligations to take reasonable security safeguards to prevent personal data breach.{4} Similarly, the General Data Protection Regulation (GDPR) of the European Union also has guidelines for protecting personal data. Several other industry-specific rules, such as those pertaining to consumer protection,  may also be applicable.

Breaches and Mitigation

There are several kinds of cyber security threats faced by an HI entity. “Fake Booking” is a popular method of cyber attack, whereby attackers build and design a website that is modelled exactly after the hotel’s legitimate website. Many customers end up using such malicious phishing websites thereby exposing their personal and sensitive personal data to threats. Additionally, the provision of free wifi within hotel premises, usually accessible freely to the public, implies that a malicious actor may introduce viruses and updates bearing malware. Other common cyber threats include denial of service (DoS) attacks, supply chain attacks, ransomware threats, SQL injection attacks (a type of attack where malicious code is inserted into a database to manipulate data and gain access to information), buffer overflow or buffer overrun (when the amount of data exceeds its storage capacity, implying that the excess data overflows into other memory locations and corrupt or overwrites data in those locations). 

One of the best ways to manage data breaches is to leverage newer technologies that operate on a “privacy by design” model. An HI entity must deploy web application firewalls (WAF) that differ from regular firewalls since they can filter the content of specific web applications and prevent cyber attacks. Another method to safeguard data is by deploying a digital certificate which binds a message/instruction to the owner/generator of the message. This is useful in preventing any false claims fraud by customers. Digital certificates may be deployed on distributed ledger technologies such as blockchain, that are noted for their immutability, transparency and security. Self-sovereign identities or Identifiers (SSI) are also a security use-concept of blockchain whereby individuals own and control their personal data, thereby eliminating reliance on central authorities.{5} In the hospitality industry, SSIs enhance cybersecurity by securely storing identity-related information on a decentralised network, thereby reducing the risk of data breaches. Users can selectively share their information, ensuring privacy and minimising data exposure. This approach not only protects guests' personal details but also streamlines authentication processes, making interactions safer and more efficient.

From a less technical standpoint, cybersecurity insurance may be opted for by a hotel to secure themselves and customer information against breach. Through such insurance, a hotel may cover the liability that arises from breaches caused by both first- and third-party actions.{6} Additionally, Payment Cards Industry Data Security Standards should be adhered to, since these standards ensure that businesses should apply best practices when processing credit card data through optimised security. Employee training and upskilling in basic, practical cybersecurity measures and good practices is also a critical component of a comprehensive cybersecurity strategy.

References:

• [1]  The Growing Importance of Cybersecurity in the Hospitality Industry”, Alfatec, 11 September 2023 https://www.alfatec.ai/academy/resource-library/the-growing-importance-of-cybersecurity-in-the-hospitality-industry
• [2]  Vigliarolo, Brandon, “Marriott Hotels admit to third data breach in 4 years”, 6 July 2022 https://www.theregister.com/2022/07/06/marriott_hotels_suffer_yet_another/#:~:text=In%20the%20case%20of%20the,of%20an%20individual%20organization%20ever. 

• [3] Shabani, Neda & Munir, Arslan. (2020). A Review of Cyber Security Issues in the Hospitality Industry. 10.1007/978-3-030-52243-8_35. https://www.researchgate.net/publication/342683038_A_Review_of_Cyber_Security_Issues_in_Hospitality_Industry/citation/download    
• [4] The Digital Personal Data Protection Act 2023 https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• [5]  “What is self-sovereign identity?”, Sovrin, 6 December 2018 https://sovrin.org/faq/what-is-self-sovereign-identity/ 
• [6] Yasar, Kinza, “Cyber Insurance”, Tech Target https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance 

Introduction

‍

AI is transforming the way work is done and redefining the nature of jobs over the next decade. In the case of India, it is not just what duties will be taken over by machines, but how millions of employees will move to other sectors, which skills will become more sought-after, and how policy will have to change in response. This article relies on recent labour data of India's Periodic Labour Force Survey (PLFS, 2023-24) and discusses the vulnerabilities to disruption by location and social groups. It recommends viable actions that can be taken to ensure that risks are minimised and economic benefits maximised.

‍

India’s Labour Market and Its Automation Readiness

‍

According to India’s Periodic Labour Force Survey (PLFS), the labour market is changing and growing. Participation in the labour force improved to 60.1 per percent in 2023-24 versus 57.9 per cent the year before, and the ratio of the worker population also improved, signifying the increased employment uptake both in the rural and urban geographies (PLFS, 2023-24). There has also been an upsurge of female involvement. However,  a big portion of the job market has been low-wage and informal, with most of the jobs being routine and thus most vulnerable to automation. The statistics indicate a two-tiered reality of the Indian labour market: an increased number of working individuals and a structural weakness.

‍

AI-Driven Automation’s Impact on Tasks and Emerging Opportunities 

‍

AI-driven automation, for the most part,  affects the task components of jobs rather than wiping out whole jobs. The most automatable tasks are routine and manual, and more recent developments in AI have extended to non-routine cognitive tasks like document review, customer query handling, basic coding and first-level decision-making. There are two concurrent findings of global studies. To start with, part of the ongoing tasks will be automated or expedited. Second, there will be completely new tasks and work positions around data annotation, the operation of AI systems, prompt engineering, algorithmic supervision and AI adherence (World Bank, 2025; McKinsey, 2017).

In the case of India, this change will be skewed by sector. The manufacturing, back-office IT services, retail and parts of financial services will see the highest rate of disruption due to the concentration of routine processes with the ease of technology adoption. In comparison, healthcare, education, high-tech manufacturing and AI safety auditing are placed to create new skilled jobs. NITI Aayog estimates huge returns in GDP with the adoption of AI but emphasises that India has to invest simultaneously in job creation and reskilling to achieve the returns (NITI Aayog, 2025).

‍

Groups with Highest Vulnerability in the Transition to Automation

‍

The PLFS emphasises that a large portion of the Indian population does not have any formal employment and that the social protection is minimal and formal training is not available to them. The risk of displacement is likely to be the greatest for informal employees, making up almost 90% of India’s labour force, who carry out low-skilled, repetitive jobs in the manufacturing and retail industry (PLFS, 2023-24). Women and young people in low-level service jobs also face a greater challenge of transition pressure unless the reskilling and placement efforts can be tailored to them. Meanwhile, major cities and urban centres are likely to have openings for most of the new skilled opportunities at the expense of an increasing geographic and social divide. 

‍

The Skills and Supply Challenge

‍

While India’s education and research ecosystem is expanding, there remain significant gaps in preparing the workforce for AI-driven change. Given the vulnerabilities highlighted earlier, AI-focused reskilling must be a priority to equip workers with practical skills that meet industry needs. Short modular programs in areas such as cloud technologies, AI operations, data annotation, human-AI interaction, and cybersecurity can provide workers with employable skills. Particular attention should be given to routine-intensive sectors like manufacturing, retail, and back-office services, as well as to regions with high informal employment or lower access to formal training. Public-private partnerships and localised training initiatives can help ensure that reskilling translates into concrete job opportunities rather than purely theoretical knowledge (NITI Aayog, 2025)

‍

The Way Forward

‍

To facilitate the change process, the policy should focus on three interconnected goals: safeguarding the vulnerable, developing competencies on a large-scale level, and directing innovation towards the widespread ability to benefit.

1. Protect the vulnerable through social buffers. Provide informal workers with social protection in the form of portable benefits, temporary income insurance based on reskilling, and earned training leave. While the new labour codes provide essential protections such as unemployment allowances and minimum wage standards, they could be strengthened by incorporating explicit provisions for reskilling. This would better support informal workers during job transitions and enhance workforce adaptability.
2. Short modular courses on cloud computing, cybersecurity, data annotation, AI operations, and human-AI interaction should be planned through collaboration between public and private training providers. Special preference should be given to industry-certified certifications and apprenticeship-based placements. These apprenticeships should be made accessible in multiple languages to ensure inclusivity. Existing government initiatives, such as NASSCOM’s Future Skills Prime, need better outreach and marketing to reach the workforce effectively.
3. Enhance local labour market mediators. Close the disparity between local demand and the supply of labour in the industry by enhancing placement services and government-subsidised internship programmes for displaced employees and encouraging firms to hire and train locally.
4. Invest in AI literacy, AI ethics, and basic education. Democratise access to research and learning by introducing AI literacy in schools, increasing STEM seats in universities, and creating AI labs in the region (NITI Aayog, 2025).
5. Encourage AI adoption that creates jobs rather than replaces them. Fiscal and regulatory incentives should prioritise AI tools that augment worker productivity in routine roles instead of eliminating positions. Public procurement can support firms that demonstrate responsible and inclusive deployment of AI, ensuring technology benefits both business and workforce.
6. Supervise and oversee the transition. Use PLFS and real-time administrative data to monitor shrinking and expanding occupations. High-frequency labour market dashboards will allow making specific interventions in those regions in which the acceleration of displacement occurs.

‍

Conclusion

‍

The integration of AI will significantly impact the future of the Indian workforce, but policy will determine its effect on the labour market.  The PLFS indicates increased employment but a structural weakness of informal and routine employment. Evidence from the Indian market and international research points to the fact that the appropriate combination of social protection, skills building and responsible technology implementation can change disruption into a path of upward mobility. There is a very limited window of action. The extent to which India will realise the productivity and GDP benefits predicted by national research, alongside the investments made in labour market infrastructure, remains uncertain. It is crucial that these efforts lead to the capture of gains and facilitate a fair and inclusive transition for workers.

‍

References

• Annual Report Periodic Labour Force Survey (PLFS) JULY 2022 - JUNE 2023. 
• Future Jobs: Robots, Artificial Intelligence, and Digital Platforms in East Asia and Pacific, World Bank. 
• Jobs Lost, Jobs Gained: What the Future of Work Will Mean for Jobs, Skills, and Wages, McKinsey Global Institute 
• Roadmap for Job Creation in the AI Economy, NITI Aayog
• India central bank chief warns of financial stability risks from growing use of AI, Reuters 
• AI Cyber Attacks Statistics 2025, SQ Magazine. 

‍

Introduction

In the labyrinthine world of cybersecurity, a new spectre has emerged from the digital ether, casting a long shadow over the seemingly impregnable orchards of Apple's macOS. This phantom, known as SpectralBlur, is a backdoor so cunningly crafted that it remained shrouded in the obscurity of cyberspace, undetected by the vigilant eyes of antivirus software until its recent unmasking. The discovery of SpectralBlur is not just a tale of technological intrigue but a narrative that weaves together the threads of geopolitical manoeuvring, the relentless pursuit of digital supremacy, and the ever-evolving landscape of cyber warfare.

SpectralBlur, a term that conjures images of ghostly interference and elusive threats, is indeed a fitting moniker for this new macOS backdoor threat. Cybersecurity researchers have peeled back the layers of the digital onion to reveal a moderately capable backdoor that can upload and download files, execute shell commands, update its configuration, delete files, and enter states of hibernation or sleep, all at the behest of a remote command-and-control server. Greg Lesnewich, a security researcher whose name has become synonymous with the relentless pursuit of digital malefactors, has shed light on this new threat that overlaps with a known malware family attributed to the enigmatic North Korean threat actors.

SpectralBlur similar to Lazarus Group’s KANDYKORN

The malware shares its DNA with KANDYKORN, also known as SockRacket, an advanced implant that functions as a remote access trojan capable of taking control of a compromised host. It is a digital puppeteer, pulling the strings of infected systems with a malevolent grace. The KANDYKORN activity also intersects with another campaign orchestrated by the Lazarus sub-group known as BlueNoroff, or TA444, which culminates in the deployment of a backdoor referred to as RustBucket and a late-stage payload dubbed ObjCShellz.

Recently, the threat actor has been observed combining disparate pieces of these two infection chains, leveraging RustBucket droppers to deliver KANDYKORN. This latest finding is another sign that North Korean threat actors are increasingly setting their sights on macOS to infiltrate high-value targets, particularly those within the cryptocurrency and blockchain industries. 'TA444 keeps running fast and furious with these new macOS malware families,' Lesnewich remarked, painting a picture of a relentless adversary in the digital realm.

Patrick Wardle, a security researcher whose insights into the inner workings of SpectralBlur have further illuminated the threat landscape, noted that the Mach-O binary was uploaded to the VirusTotal malware scanning service in August 2023 from Colombia. The functional similarities between KANDYKORN and SpectralBlur have raised the possibility that they may have been built by different developers with the same requirements. What makes the malware stand out are its attempts to hinder analysis and evade detection while using grant to set up a pseudo-terminal and execute shell commands received from the C2 server.

The disclosure comes as 21 new malware families designed to target macOS systems, including ransomware, information stealers, remote access trojans, and nation-state-backed malware, were discovered in 2023, up from 13 identified in 2022. 'With the continued growth and popularity of macOS (especially in the enterprise!), 2024 will surely bring a bevvy of new macOS malware,' Wardle noted, his words a harbinger of the digital storms on the horizon.

Hackers are beefing up their efforts to go after the best MacBooks as security researchers have discovered a brand new macOS backdoor which appears to have ties to another recently identified Mac malware strain. As reported by Security Week, this new Mac malware has been dubbed SpectralBlur and although it was uploaded to VirusTotal back in August of last year, it remained undetected by the best antivirus software until it recently caught the attention of Proofpoint’s Greg Lesnewich.

Lesnewich explained that SpectralBlur has similar capabilities to other backdoors as it can upload and download files, delete files and hibernate or sleep when given commands from a hacker-controlled command-and-control (C2) server. What is surprising about this new Mac malware strain though is that it shares similarities to the KandyKorn macOS backdoor which was created by the infamous North Korean hacking group Lazarus.

Just like SpectralBlur, KandyKorn is designed to evade detection while providing the hackers behind it with the ability to monitor and control infected Macs. Although different, these two Mac malware strains appear to be built based on the same requirements. Once installed on a vulnerable Mac, SpectralBlur executes a function that allows it to decrypt and encrypt network traffic to help it avoid being detected. However, it can also erase files after opening them and then overwrite the data they contain with zeros..

How to keep your Apple computers safe from hackers

As with the best iPhones, keeping your Mac up to date is the easiest and most important way to keep it safe from hackers. Hackers often prey on users who haven’t updated their devices to the latest software as they can exploit unpatched vulnerabilities and security flaws.

Checking to see if you're running the latest macOS version is quite easy. Just click on the Apple Logo in the top right corner of your computer, head to System Preferences and then click on Software Update. If you need a bit more help, check out our guide on how to update a Mac for more detailed instructions with pictures.

Even though your Mac has its own built-in malware scanner from Apple called xProtect, you should consider using one of the best Mac antivirus software solutions for additional protection. Paid antivirus software is often updated more frequently and you often also get access to other extras to help keep you safe online like a password manager or a VPN.

Besides updating your Mac frequently and using antivirus software, you must be careful online. This means sticking to trusted online retailers, carefully checking the URLs of the websites you visit and avoiding opening links and attachments sent to you via email or social media from people you don’t know. Likewise, you should also learn how to spot a phishing scam to know which emails you want to delete right away.

Conclusion 

The thing about hackers and other cybercriminals is that they are constantly evolving their tactics and attack methods. This helps them avoid detection and allows them to devise brand-new ways to trick ordinary people. With the surge we saw in Mac malware last year, though, Apple will likely be working on beefing up xProtect and macOS to better defend against these new threats.

References 

• https://www.scmagazine.com/news/new-macos-malware-spectralblur-idd-as-north-korean-backdoor
• https://www.tomsguide.com/news/this-new-macos-backdoor-lets-hackers-take-over-your-mac-remotely-how-to-stay-safe
• https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html