#FactCheck-Mosque fire in India? False, it's from Indonesia

Introduction

Apple launched Passkeys with iOS 16 as a more authentic and secure mechanism. It is safer than passwords, and it is more efficient in comparison to passwords. Apple users using iOS 16 passkeys features should enable two-factor authentication.  The passkeys are an unchallenging mechanism than the passwords for the passkeys. The user just has to open the apps and websites, and then the biometric sensor automatically recognises the face and fingerprints. There can be a PIN and pattern used to log instead of passwords. The passkeys add an extra coating of protection to the user’s systems against cyber threats like phishing attacks by SMS and one-time password-based. In a report 9 to 5mac, there is confirmation that 95% of users are using passkeys. Also, with the passkeys, users’ experience will be better, and it is a more security-proof mechanism. The passwords were weak, reused credentials and credentials leaked, and the chances of phishing attacks were real.

What are passkeys?

Passkey is a digital key linked to users’ accounts and websites or applications. Passkeys allow the user to log into any application and website without entering passwords, usernames, or other details. The aim of this new feature is to replace the old long pattern of entering passwords for going through any websites and applications.

The passkeys are developed by Microsoft, Apple, and Google together, and it is also called FIDO Authentication (Fast identity online). It eliminates the need to remember passwords and the need for typing. So, the passkeys work as they replace the password with a unique digital key, which is tied to the account then, the key is stored in the device itself, and it is end-to-end encrypted. The passkeys will always be on the sites on which users specifically created them. the passkeys use the technology of cryptography for more security purposes.  And the passkeys guarantee against the phish.

And since the passkeys follow FIDO standards so, this also can be used for third-party nonapple devices as the third-party device generate a QR code that enables the iOS user to scan that to log in. It will recognise the face of the person for authentication and then asks for permission on another device to deny or allow.

How are passkeys more secure than passwords?

The passkeys follow the public key cryptographic protocols that support the security keys, and they work against phishing and other cyber threats. It is more secure than SMS and apps based on one-time passwords. And another type of multi-factor authentication.

Why are passwords insecure?

The users create passwords easily, and it is wondering if they are secure. The very important passwords are short and easy to crack as they generally relate to the user’s personal information or popular words. One password is reused by the user to the different accounts, and then, in this case, hacking one account gives access to all accounts to the hackers. The problem is that passwords have inherent flaws, like they could be easily stolen.

Are passkeys about to become obligatory?

Many websites restrict the type of passwords, as some websites ask for mixtures of numbers and symbols, and many websites ask for two-factor authentication. There is no surety about the obligation of passkeys widespread as it is still a new concept and it will take time, so it is going to be optional for a while.

• There was a case of a Heartland payment system data breach, and Heartland was handling over 100 million monthly credit card transactions for 175,000 retailers at the time of the incident. Visa and MasterCard detected the hack in January 2009 when they notified Heartland of suspicious transactions. And this happened due to a password breach. The corporation paid an estimated $145 million in settlement for illegal payments. Today, data-driven breaches affect millions of people’s personal information.
• GoDaddy reported a security attack in November that affected the accounts of over a million of its WordPress customers. The attacker acquired unauthorised access to GoDaddy’s Managed WordPress hosting environment by hacking into the provisioning system in the company’s legacy Managed WordPress code.

Conclusion

The use of strong and unique passwords is an essential requirement to safeguard information and data from cyberattacks, but still, passwords have its own disadvantages. And by the replacement of passwords, a passkey, a digital key that ensures proper safety and there is security against cyberattacks and cybercrimes through passkey. There are cases above-mentioned that happened due to the password’s weaker security. And in this technology world, there is a need for something for protection and prevention from cybercrimes, and the world dumps passwords and adopts passkeys.

References

• https://www.cnet.com/tech/mobile/switch-to-passkeys-more-secure-than-passwords-on-ios-16-iphone-14/
• https://economictimes.indiatimes.com/magazines/panache/google-is-ending-passwords-rolls-out-passkeys-for-easy-log-in-how-to-set-it/articleshow/99988444.cms?from=mdr
• https://security.googleblog.com/2023/05/making-authentication-faster-than-ever.html#:~:text=Because%20they%20are%20based%20on,%2Dfactor%20authentication%20(MFA).

Executive Summary

This report analyses a recently launched social engineering attack that took advantage of Microsoft Teams and AnyDesk to deliver DarkGate malware, a MaaS tool. This way, through Microsoft Teams and by tricking users into installing AnyDesk, attackers received unauthorized remote access to deploy DarkGate that offers such features as credential theft, keylogging, and fileless persistence. The attack was executed using obfuscated AutoIt scripts for the delivery of malware which shows how threat actors are changing their modus operandi. The case brings into focus the need to put into practice preventive security measures for instance endpoint protection, staff awareness, limited utilization of off-ice-connection tools, and compartmentalization to safely work with the new and increased risks that contemporary cyber threats present.

Introduction

Hackers find new technologies and application that are reputable for spreading campaigns. The latest use of Microsoft Teams and AnyDesk platforms for launching the DarkGate malware is a perfect example of how hackers continue to use social engineering and technical vulnerabilities to penetrate the defenses of organizations. This paper focuses on the details of the technical aspect of the attack, the consequences of the attack together with preventive measures to counter the threat.

Technical Findings

1. Attack Initiation: Exploiting Microsoft Teams

The attackers leveraged Microsoft Teams as a trusted communication platform to deceive victims, exploiting its legitimacy and widespread adoption. Key technical details include:

• Spoofed Caller Identity: The attackers used impersonation techniques to masquerade as representatives of trusted external suppliers.
• Session Hijacking Risks: Exploiting Microsoft Teams session vulnerabilities, attackers aimed to escalate their privileges and deploy malicious payloads.
• Bypassing Email Filters: The initial email bombardment was designed to overwhelm spam filters and ensure that malicious communication reached the victim’s inbox.

2. Remote Access Exploitation: AnyDesk

After convincing victims to install AnyDesk, the attackers exploited the software’s functionality to achieve unauthorized remote access. Technical observations include:

• Command and Control (C2) Integration: Once installed, AnyDesk was configured to establish persistent communication with the attacker’s C2 servers, enabling remote control.
• Privilege Escalation: Attackers exploited misconfigurations in AnyDesk to gain administrative privileges, allowing them to disable antivirus software and deploy payloads.
• Data Exfiltration Potential: With full remote access, attackers could silently exfiltrate data or install additional malware without detection.

3. Malware Deployment: DarkGate Delivery via AutoIt Script

The deployment of DarkGate malware utilized AutoIt scripting, a programming language commonly used for automating Windows-based tasks. Technical details include:

• Payload Obfuscation: The AutoIt script was heavily obfuscated to evade signature-based antivirus detection.
• Process Injection: The script employed process injection techniques to embed DarkGate into legitimate processes, such as explorer.exe or svchost.exe, to avoid detection.
• Dynamic Command Loading: The malware dynamically fetched additional commands from its C2 server, allowing real-time adaptation to the victim’s environment.

4. DarkGate Malware Capabilities

DarkGate, now available as a Malware-as-a-Service (MaaS) offering, provides attackers with advanced features. Technical insights include:

• Credential Dumping: DarkGate used the Mimikatz module to extract credentials from memory and secure storage locations.
• Keylogging Mechanism: Keystrokes were logged and transmitted in real-time to the attacker’s server, enabling credential theft and activity monitoring.
• Fileless Persistence: Utilizing Windows Management Instrumentation (WMI) and registry modifications, the malware ensured persistence without leaving traditional file traces.
• Network Surveillance: The malware monitored network activity to identify high-value targets for lateral movement within the compromised environment.

5. Attack Indicators

Trend Micro researchers identified several indicators of compromise (IoCs) associated with the DarkGate campaign:

• Suspicious Domains: example-remotesupport[.]com and similar domains used for C2 communication.

• Malicious File Hashes:some text
  • AutoIt Script: 5a3f8d0bd6c91234a9cd8321a1b4892d
  • DarkGate Payload: 6f72cde4b7f3e9c1ac81e56c3f9f1d7a
• Behavioral Anomalies:some text
  • Unusual outbound traffic to non-standard ports.
  • Unauthorized registry modifications under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

Broader Cyber Threat Landscape

In parallel with this campaign, other phishing and malware delivery tactics have been observed, including:

1. Cloud Exploitation: Abuse of platforms like Cloudflare Pages to host phishing sites mimicking Microsoft 365 login pages.
2. Quishing Campaigns: Phishing emails with QR codes that redirect users to fake login pages.
3. File Attachment Exploits: Malicious HTML attachments embedding JavaScript to steal credentials.
4. Mobile Malware: Distribution of malicious Android apps capable of financial data theft.

Implications of the DarkGate Campaign

This attack highlights the sophistication of threat actors in leveraging legitimate tools for malicious purposes. Key risks include:

• Advanced Threat Evasion: The use of obfuscation and process injection complicates detection by traditional antivirus solutions.
• Cross-Platform Risk: DarkGate’s modular design enables its functionality across diverse environments, posing risks to Windows, macOS, and Linux systems.
• Organizational Exposure: The compromise of a single endpoint can serve as a gateway for further network exploitation, endangering sensitive organizational data.

Recommendations for Mitigation

1. Enable Advanced Threat Detection: Deploy endpoint detection and response (EDR) solutions to identify anomalous behavior like process injection and dynamic command loading.
2. Restrict Remote Access Tools: Limit the use of tools like AnyDesk to approved use cases and enforce strict monitoring.
3. Use Email Filtering and Monitoring: Implement AI-driven email filtering systems to detect and block email bombardment campaigns.
4. Enhance Endpoint Security: Regularly update and patch operating systems and applications to mitigate vulnerabilities.
5. Educate Employees: Conduct training sessions to help employees recognize and avoid phishing and social engineering tactics.
6. Implement Network Segmentation: Limit the spread of malware within an organization by segmenting high-value assets.

Conclusion

Using Microsoft Teams and AnyDesk to spread DarkGate malware shows the continuous growth of the hackers’ level. The campaign highlights how organizations have to start implementing adequate levels of security preparedness to threats, including, Threat Identification, Training employees, and Rights to Access.

The DarkGate malware is a perfect example of how these attacks have developed into MaaS offerings, meaning that the barrier to launch highly complex attacks is only decreasing, which proves once again why a layered defense approach is crucial. Both awareness and flexibility are still the key issues in addressing the constantly evolving threat in cyberspace.

Reference:

• https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
• https://socprime.com/blog/darkgate-malware-detection/

Introduction

As the world seemingly shrinks under the vast, ever-stretching canopy of the internet, the channels through which information flows are becoming increasingly enigmatic and tangled. In the digital world, the gulf between fact and fabrication narrows dramatically, with the veracity of information too often lost in the flood. Amidst the torrents of data, platforms like YouTube, a veritable Goliath in the video streaming sphere, are finding themselves at the forefront of a critical battle against the dark forces of fake news and disinformation—a war that is waged with the intensity of any historical conflict over truth and influence. 

It is in this volatile theatre that Google's video behemoth, YouTube, under the scrutiny of the global eye, announces its strategic campaign to shield against the onslaught of misinformation. With India, the world's most populous democracy, on the cusp of its monumental general elections, the stakes could hardly be higher. YouTube's involvement thus evolves beyond corporate social responsibility—it becomes a crusade for the integrity of information, a paladin for the democratic process, and a protector of the public’s right to factual reporting.

The Campaign 

The campaign envisioned by YouTube India's vanguard is multifaceted and robust, aimed at rooting out the insidious tendrils of fake news where they lie. At the heart of this mission are two pivotal strategies that form the backbone of YouTube's defense. Firstly, a rigorous misinformation policy, which heralds as a bastion against content designed with duplicitous intent. YouTube Indian Head Ishan Chatterjee elucidates, 'Our misinformation policies clearly state that if the content has been technically manipulated with the intent to deceive a user and there's a danger of real-world harm...we will act against that content.' It is an exhortation of YouTube's commitment to a culture of truth and an acknowledgement of the platform's influence and responsibility. This process, however, is more complex than it appears; it is tangled in socio-political nuances and demands an uncompromising vigilance to identify and dispel falsehoods.

Yet, this is merely the foundation upon which YouTube’s strategy rests. The second prong of their stratagem is even more ambitious—intending not only to eradicate the chaff of misinformation but also to till the soil with the seeds of verifiable, authoritative news content. This is an initiative to resuscitate the public's faith in digital information sources. By allying with credible news publishers and fostering a symbiosis with independent journalists, YouTube has taken up the mantle of an institution that not just police content, but cultivates it, transforming the barren desert of online falsehoods into an oasis of enlightenment.

News on YouTube is symbiotic with the larger consciousness of its users, driving content consumption and engaging millions who seek out current affairs, investigative reports, and in-depth analysis on the platform. The democratisation of news, once the hallowed ground of traditional broadcast and print media, now finds its theatre online. Chatterjee insightfully notes the ascending trend of news story engagement on YouTube Shorts and Connected TV (CTV)—two emergent platforms that have revolutionised content delivery and consumption. CTV, in particular, has skyrocketed in popularity within the past five years, boasting over 58 million viewers in India consuming YouTube content from the comfort of their living rooms as of June 2023, per analytics.

This phenomenon is acutely observed by YouTube's Director and Global Head of Responsibility, Tim Katz, who delineates a portrait of the Indian market's distinctive hunger for live content, particularly news, on CTV. Katz's observations carry an air of fascination, 'The other two things that have been exciting to see are that we've seen a lot of growth, particularly during sensitive moments, with large news stories occurring certainly during an election cycle, and we just see very large growth from many of our authoritative partners.'

The Implications of the Campaign 

The tapestry of YouTube's news ecosystem is a rich mosaic of diversity, including independent journalists, broadcasters, legacy print publications, and digital-first media organisations. Katz underscores the gravity of nurturing such a broad and dynamic news environment on the platform, a gesture of YouTube's commitment to a holistic information landscape.

An illuminating report from the Google News Initiative, forged in cooperation with Kantar, reiterates the dominance of video as the consummate medium for news consumption across a spectrum of languages and formats in India. It paints a picture of a nation of insatiable news consumers, with nearly every second Indian language internet user engaging with news content, a substantial proportion hailing from urban locales. Of particular resonance is hyperlocal news, which plucks the chords of local interests and concerns, touching the lives of seven out of ten citizens.

Moreover, the economic impetus behind YouTube’s role in the media firmament is brought to light in the Oxford Economics Impact Report, revealing a staggering 70% of Indian media and music companies with a YouTube presence acknowledge the platform as a crucial revenue stream.

Conclusion 

Poised upon the sharp edge of an electric election season—a season that will no doubt be drenched in a spectrum of information, both fact and fable—YouTube's convictions stand as a beacon of reliability. Their initiative is more than a method—it's a philosophy, a dedication to purifying the information sphere. In the digital epoch, where the battle lines for truth are drawn in bytes and bandwidth, YouTube’s rallying cry for responsibility, its vow to safeguard democratic ideals, and its unyielding commitment to illuminating the corridors of knowledge are more than strategies; they are pillars on which a well-informed, engaged, and enlightened citizenry can lean.

Reference 

• https://economictimes.indiatimes.com/tech/technology/youtube-india-adopts-two-pronged-strategy-to-fight-fake-news-ahead-of-general-elections/articleshow/105634109.cms