How to protect yourself from crime in the metaverse

The metaverse has the potential to change the way we interact and relate to each other and technology. That being said, there are also potential pitfalls and risks, as with any new technology. Potential problems with privacy, security and legislation are part of the downside of the metaverse. This is explained in a recently published report by the website Cointelegraph.

When it comes to metaverse platforms, one of the main problems is privacy. Individuals may share sensitive data and personal information in the metaverse, increasing the risk of hacking and data breaches. In addition, there may be less oversight and regulation of how companies collect and use this data, which could lead to the misuse of their personal data.

Since it is a virtual environment, the metaverse is open to several security risks, such as hacking, intellectual property theft and misuse of user data, which can lead to loss of personal data, financial damage and harm to the reputation and stability of virtual communities. For example, criminals can use the metaverse to commit additional crimes, spread malware or steal personal data.

Regulation is another problem, because the metaverse is a young and rapidly evolving environment. Governments and other institutions may struggle to keep up with technology and lack the resources or tools needed to govern it successfully. This lack of supervision may lead to problems such as illegal activities or dangerous content.

In addition, it is also unclear how the metaverse will affect society, because it is a totally new area that is developing and transforming very quickly. While some experts claim that technology will create more options for community and connection, others respond that it will simply increase social alienation and isolation.

By exploiting flaws in virtual systems and user behaviour, such as malware infections, phishing, and illegal access to personal and financial information, cybercriminals take advantage of the metaverse in a number of ways:

  • Phishing: thieves may use phishing techniques to trick victims into revealing personal information or login credentials, which can then be used for identity or data theft or other illegal acts.
  • Hacking: to steal money or personal information, criminals may attempt to hack into user accounts or metaverse platforms.
  • Malware: to access sensitive data or perform illicit operations, criminals can use malware to infect virtual environments or metaverse-compatible devices.
  • Frauds: criminals may take advantage of the anonymity and lax regulation of the metaverse to carry out scams or pyramid schemes.
  • Ransomware: thieves may use ransomware to encrypt a user’s digital possessions or personal data before requesting payment in exchange for the decryption key.
  • Exploitation of virtual goods and assets: cybercriminals may use bots or other tools to buy virtual goods and assets, which they then sell to the black market for real money.
  • Creation of fake digital assets: criminals may create fake virtual assets and sell them to unsuspecting buyers, causing victims to lose money.
  • Social engineering: thieves may take advantage of the social elements of the metaverse to gain people’s trust before scamming them.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Hackers are already using ChatGPT to introduce new malware

According to a recent report by CheckPointResearch, hackers are already using the new artificial intelligence chatbot ChatGPT to create new low-level cyber tools, such as malware and encryption scripts. As Sam Sabin reports from the Axios website, security experts have warned that OpenAI’s ChatGPT tool could help cybercriminals accelerate their attacks, and all in a short period of time.

The report lists three cases in which hackers figured out various ways to use ChatGPT to write malicious software, create data encryption tools and write code creating new dark web marketplaces.

Hackers are always looking for ways to save time and speed up their attacks, and ChatGPT’s artificial intelligence-based responses often provide a good starting point for most hackers writing malware and phishing emails.

CheckPoint noted that the data encryption tool created could easily become hijacking software once some minor issues are fixed.

OpenAI has warned on several occasions that ChatGPT is a research preview and that the organisation is constantly looking for ways to improve the product to prevent potential abuse.

The AI-enabled chatbot that has stunned the tech community can also be manipulated to help cybercriminals hone their attack strategies.

The arrival of OpenAI’s ChatGPT tool could allow the fraudsters behind email- and text-based phishing attacks, as well as malware groups, to speed up the development of their schemes.

Several cybersecurity researchers have been able to get the AI-enabled text generator to write phishing emails or even malware for them over the past few weeks.

But it should be clear that hackers were already becoming very adept at incorporating more humane and harder-to-detect tactics into their attacks before ChatGPT came on the scene.

And, often, hackers can gain access through simple computer errors, such as hacking into the corporate account of a former employee still active.

ChatGPT arguably speeds up the hackers’ process by giving them a launching pad, although the responses are not always perfect.

Although OpenAI has implemented some content moderation warnings in the chatbot, it is easy for researchers to circumvent the current system and avoid penalties.

Users still need to have some basic knowledge of coding and attack launching to understand what works correctly in ChatGPT and what needs to be adjusted.

Organisations were already struggling to defend against the most basic attacks, including those in which hackers use a stolen password leaked online to log into accounts. AI-enabled tools such as ChatGPT could only exacerbate the problem.

Therefore, network defenders and IT teams must intensify efforts to detect phishing emails and text messages to stop these types of attacks.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Irregular border crossings in the European Union reach their highest level since 2016

Nearly half of irregular border crossings during 2022 were overland through the Western Balkans region, according to a report by the EU border agency Frontex. Preliminary figures do not include Ukrainian refugees.

The number of irregular border crossings in the European Union increased by 64% last year compared to 2021. According to agency estimates, some 330,000 entries were detected, of which 45% were carried through the Western Balkans region.

The Central Mediterranean route had the second highest number of crossings, increasing by more than half to over 100,000.

Most of the people who attempted the dangerous sea route last year were nationals of Egypt, Tunisia and Bangladesh. Frontex also reports that 2022 reached the highest number of people in five years from Libya, the main departure point from North Africa.

Regardless of the entry route, Syrians, Afghans and Tunisians accounted for approximately 47% of border crossing attempts. The number of Syrians approximately doubled to 94,000.

Males accounted for more than 80% of attempts to enter the Union. The proportion of reported minors decreased by about 9% of all irregular entries.

The latest Frontex figures did not include millions of Ukrainian refugees who entered the EU between February, when Russia invaded Ukraine, and December.

In this vein, during this January, Europol supported Bulgarian authorities during a large-scale day of action against organised crime groups involved in migrant smuggling. The activities, coordinated by the Bulgarian prosecutor and with the participation of the General Directorate for Combating Organised Crime, the National Police and the Border Police, have targeted criminal networks active along the Balkan route. Bulgarian investigations were also coordinated with Turkish and Serbian authorities and other cooperating agencies.

The joint actions took place in Bulgaria and focused on a number of migrant smuggling networks from Turkey through Bulgaria to Serbia and then Western Europe. The main organisers of the networks active along this route are based in Bulgaria, Serbia and Turkey. They have created their own national networks of members responsible for transportation and accommodation in their respective countries.

The main means of transportation used by smugglers were vans, caravans and buses.

Bulgarian authorities have reported an increase in migrant smuggling activities at its southern border. In August 2022, an incident involving a bus carrying irregular migrants resulted in the death of two police officers on duty. Months later the same year, a Bulgarian border police officer was shot dead during a regular patrol on the green border with Turkey. These facts suggest an increase in both smuggling activities and the violence of the criminal networks involved.

_____

Aquest apunt en català / Esta entrada en español / Post en français

New Texas law allows firearms to be carried without a licence

The new U.S. law being enforced in the state of Texas that allows most adults over the age of 21 to carry a firearm without a licence has caused sharp divisions between supporters and opponents of the measure. Some sheriffs, police leaders and district attorneys in urban areas of Texas are alarmed by the increase in people carrying guns and the improvised risks this has posed.

Likewise, especially in rural areas, other sheriffs believe that there have been no profound changes since the implementation of the new law. Gun-rights advocates believe the fact that more people are armed could be the explanation for why shootings have declined in some parts of the state.

Far from being an outlier, the new Texas law is yet another step towards expanding the elimination of nearly all restrictions on carrying handguns. When Alabama’s unlicensed carry law is in effect in January 2023, half of the U.S. states, from Maine to Arizona, will not require a licence to carry a handgun.

Legislative momentum in several states has coincided with a federal judiciary that is increasingly leaning in favour of carrying guns, and against state efforts to regulate them. The problem is that Texas is the most populous state yet to remove restrictions on carrying firearms. Five of the 15 largest U.S. cities are in Texas, and so this permissive approach to guns is a new phenomenon in urban areas to an extent not seen in other states.

To date, no statistics have been released on shootings in the state of Texas since the law went into effect in September 2021. The law’s detractors are pessimistic after homicides and suicides involving firearms soared in 2020, the first year of the pandemic, and continued rising in 2021, reaching the highest rates in three decades.

Big-city police departments and major law enforcement groups opposed the new firearms law when it came before the state legislature in the spring of 2021, concerned about the loss of training requirements needed for a licence and greater danger to officers.

Police officers report that, nowadays, arguments between drunk people in the border town of Eagle Pass, people out binge-drinking at night, fights over a parking spot or bad driving, or marital infidelities end in shootings. And they ratify it in light of the increasing number of complaints received by Houston prosecutors of armed incidents everywhere.

The law still prohibits carrying a pistol to those convicted of a felony, who are under the influence of alcohol, or who commit other crimes. Along these lines, advocates of the law stress that in Harris County, criminal cases related to illegal gun possession have increased considerably since the new law came into effect: 3,500 in 2022, compared to 2,300 for all of 2021.

In Dallas, the number of homicides considered “justifiable”, such as those committed in self-defence, has increased since the law was passed. In relation to this, the author of the book More guns, less crime, John Lott, stresses that his research already predicted this scenario: a greater reduction in crime if people who are more likely to be victims of violent crime are armed.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Challenges the Future Holds for the Metaverse and Cybersecurity

The metaverse is increasingly likely to be the target of cyberattacks that pose a real risk, both to the companies that choose to be active in it and to the users who access it. The growth of the metaverse emphasises the need to address the cybersecurity challenges posed by this new multimedia environment.

The metaverse is estimated to account for a 1 % share of the global economy, reaching $8-13 trillion by 2030, according to investment bank Citi. Precisely because of this growth, the metaverse is increasingly likely to be targeted by cybercriminals.

As explained by the websites Ooda and Lexology, the metaverse refers to a digital universe resulting from multiple technological elements that include virtual reality and augmented reality. The idea is that users can access the metaverse through 3D viewers and have virtual experiences. In fact, it is possible to create realistic avatars, meet other users or perform all those actions that we carry out on the Internet on a single platform, even including things like building real estate or a marketplace.

Therefore, the metaverse requires the concurrent use of many technologies, where augmented reality, cloud technologies and artificial intelligence are combined to become functional. In this universe, there is also the possibility of creating a new economy through cryptocurrencies.

Given the technologies involved, the risk of becoming a victim of cyberattacks in the metaverse is very high. In addition, the simultaneous use of such different technologies, as well as the collection and storage of infinite amounts of both personal and non-personal data, and the use of blockchain, make traditional monitoring and preventing of cyberattacks a complex and demanding task. For instance, there are dozens of cases of counterfeit works or products being sold in the decentralised world.

Although it is assumed that phishing activities may increase significantly with the metaverse, the following are also possible:

  • Identity theft: cybercriminals, through information found online and in the metaverse, could partake in user identity theft, for example by stealing avatars.
  • Cryptocurrency theft: cybercriminals could take possession of users’ wallets and passwords in the metaverse and carry out criminal actions.

However, the main cybersecurity concern in the metaverse should focus on personal data (as in the real world), which will be cybercriminals’ main target of attack.

Biometric data released by users can be used to take control of devices that enable the transition from virtual reality to augmented reality, as these use the user’s biometric data to enable access within the metaverse.

Companies will need to take precautions to prevent this type of attack, and ensure that their security systems are safe and do not include any vulnerable aspects that can cause serious damage not only to the economy and their reputation, but also to users. However, in this regard, there is still a lack of regulatory regimes that should be put in place as soon as possible to ensure the protection of the metaverse and its users.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Remote control of touch screens – the new cyberattack

As explained in an article published on the website thehackernews.com, researchers have demonstrated what they call the first active contactless attack against all types of touch screens.

According to research by a group of academics from Zhejiang University and the Technical University of Darmstadt in a new research paper, GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it.

The basic idea is to harness electromagnetic signals to execute basic touch events, such as taps and swipes to specific locations on the touch screen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40 mm, is based on the fact that touch screens are sensitive to EMI, which is exploited to inject electromagnetic signals into transparent electrodes that are incorporated into the touch screen to register them as touch events.

The experimental setup involves an electrostatic gun to generate a pulse signal that is then sent to an antenna to transmit an electromagnetic field on the phone’s touch screen, which causes electrodes, acting as antennas, to pick up the EMI.

This can be further adjusted by selecting the signal and antenna to induce a variety of touch behaviours, such as press and hold and swipe to select, depending on the device model.

In a real-world scenario, this could occur in a variety of ways, such as swiping up to unlock a phone, connecting to a Wi-Fi network, stealthily clicking on a malicious link containing malware, and even answering a phone call on the victim’s mobile phone.

In places such as a cafe, library, meeting room or conference lobbies, people should put the smartphone face down on the table, the researchers explained. However, an attacker can embed the attack equipment under the table and launch attacks remotely.

Up to nine different smartphone models have been found vulnerable to GhostTouch: Galaxy A10s, Huawei P30 Lite, Honor View 10, Galaxy S20 FE 5G, Nexus 5X, Redmi Note 9S, Nokia 7.2, Redmi 8 and an iPhone SE (2020), the last of which was used to establish a malicious Bluetooth connection.

To counter the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the touchscreen detection algorithm, and asking users to enter the phone’s PIN or verify their faces or fingerprints before carrying out high-risk actions.

GhostTouch controls and shapes the near-field electromagnetic signal and injects touch events into the targeted area of the touchscreen without the need to physically touch or access the victim’s device, researchers explain.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Addressing the Threat of 3D Printed Firearms

Law enforcement professionals, ballistic experts, forensic scientists, policymakers and academia came together a few weeks ago in The Hague, the Netherlands, for one of the world’s largest meetings on the threat of 3D printed weapons.

 Some 120 participants from 20 countries gathered for the International Conference on 3D Printed Firearms, organised by Europol and the Dutch National Police (Politie) as part of EMPACT Firearms, to address the latest challenges that law enforcement face in their efforts to address this threat.

Fundamental processes for developing joint intervention strategies in this field were explored, including tactical and forensic research, software, scientific developments and legislation.

When opening the conference, Police Chief Gerda van Leeuwen of the Dutch National Police described the development of 3D printed firearms as a current and future threat. International cooperation is therefore considered crucial in order to retaliate.

Nowadays, 3D printed weapons are no longer reserved for works of fiction:

In 2019, two people were shot dead in Halle, Germany, by a perpetrator using a homemade gun partially manufactured with a 3D printer using a blueprint downloaded from the Internet.

In April 2021, the Spanish National Police raided and shut down an illegal workshop producing 3D printed weapons in the Canary Islands. The police seized two 3D printers, weapon components, a replica assault rifle and several manuals on urban guerrilla warfare and white supremacist literature. The owner of the workshop was arrested and charged with illegal possession of weapons.

A month later, two men and a woman were arrested in Keighley, UK, as part of a terrorism investigation. All three were charged with possessing 3D printed weapon parts.

Conclusions of the conference worth mentioning include:

  • Law enforcement and the industry/private sector must unite forces and collaborate in order to identify and control developments around 3D printed firearms.
  • An international network of 3D printed firearms experts will be created and assigned the task of keeping law enforcement up to date on the developments in the production of these homemade weapons.
  • A fact sheet will be drawn up from the participants’ key recommendations and other developments around 3D printed firearms, and distributed to partners and policymakers around the world.

Firearm trafficking is a priority for EU law enforcement. The European Multidisciplinary Platform Against Criminal Threats (EMPACT) has developed strategic and operational plans to address the threat as part of its Firearms Project. Within this sphere, Europol’s “Weapons and Explosives” analysis project leads 16 countries in their battle against the threat of 3D printed weapons.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Could a cybersecurity incident be predicted?

As published by Ooda Loop, if you think of three big companies such as, for example, Amazon, Google or Tesla, the first two words that would come to your mind are innovation and disruption. They broke into their respective industries by predicting the future correctly. Similarly, there has always been the question of whether the type of security incidents you can expect to find in your company could be predicted. If the answer is yes, you could save a lot of time and resources in building a threat detection framework. But, as is known, in real-world monitoring, detecting a real incident is like finding a needle in a haystack.

Usually, hackers perform reconnaissance work on a company to detect the strengths and weaknesses of this infrastructure. Based on the outcome of this activity, they design their payload to have a higher probability of success. In this scenario, if defenders can predict a hacker’s technique and create a detection model, then the chances of detecting and responding to such incidents quickly would be much greater.

To build this prediction framework, two essential data sets are needed to begin with. The first is the list of techniques that hackers use to jeopardise a company. Fortunately, the framework Mitre Att&ck already provides these techniques. The second is to map the use cases of the Security Information and Event Management (SIEM) with Mitre Att&ck techniques. This will help defenders understand the blind spot in their detections against the different methods used by hackers. For example, one of the techniques could be configuring a task as a defender: you would have to look for relevant use cases and appropriate logs available in your SIEM. In this scenario, the Windows event logs should be available in the SIEM platform, and the detection use case should look for the Windows event ID 4698.

After the previous activity, it will be possible to learn about techniques where there is no coverage from the point of view of use. These techniques can be mapped using the Mitre mapping matrix to determine which antagonists will have a higher success rate against any given company. Once this activity is carried out, defenders can take a focused approach to building multiple threat search models to detect these antagonists. This approach also helps to improve an organisation’s log coverage across all its devices.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Alarming increase in ‘ghost guns’ interventions in the United States

The term ghost guns — derived from the fact that these firearms are not serialized, are difficult to trace, and are often invisible to the monitoring and regulation of traditionally manufactured firearms — refers to a wide range of home-made or improvised firearms.

Assembled from parts, including those developed using 3D printing technology, or from kits that include unfinished parts (usually assembled by the recipient), ghost guns require the buyer to be competent only in basic machining in order for the gun to work.

In the United States, current federal firearms regulations do not require manufacturers of such parts or unfinished parts or those who assemble them to include serial numbers, because unassembled parts are not considered firearms. Therefore, ghost gun parts and kits can be purchased online, without being subject to most firearms regulations. Ghost guns present unique challenges to law enforcement agencies and make traditional investigative techniques less effective.

Concerns about the public safety risks posed by ghost guns are on the rise. The ease of transforming parts and kits into functional firearms without having to go through background checks has made these weapons more accessible and probably more common. In addition, because these kits are not currently regulated by federal law, buyers are not required to undergo a check of the finished parts or firearm.Among other features, it is worth noting:

  • While ghost guns can be produced through a variety of methods, the most relevant to public safety are those produced using 3D printing.
  • Ghost guns can be assembled quickly and in large numbers, creating new avenues for networks and weapons trafficking schemes.
  • Ghost guns make it difficult or ineffective to investigate leads or track down firearms.
  • Ghost guns do not have serial numbers or other identifiers that are commonly used during the investigation process.
  • The number of ghost guns used in crimes increased substantially in 2020 for many U.S. law enforcement agencies. For example, between 2019 and 2020, ghost guns recovered by the Philadelphia and San Diego police departments increased by 163% and 172%, respectively. Likewise, the Prince George’s County Police Department saw a 252% increase in ghost guns recovered between 2019 and 2020.
  • Recovered ghost guns should be identified as such and should be processed as much as possible.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Council approves conclusions on the impact of the pandemic on internal security and terrorist threat

With regard to internal security, the conclusions acknowledge the unpredictable threats and challenges that the crisis posed to the internal security landscape.  Focusing on making better use of existing means of cooperation and building upon established structures, the Council:

– encourages member states to identify practical solutions to prevent difficulties in strategic operational and tactical cross-border law enforcement cooperation.

– underlines the need to prevent the infiltration of criminal networks in the implementation of the Next Generation EU.

– encourages CEPOL and the member states to develop scenario-based training and practical exercises to ensure preparedness and resilience for future pandemics and other crises.

– stresses the need for the Commission to support Europol and the innovation laboratory to set up a common, resilient and secure instrument for communications in the EU law enforcement cooperation framework.

– recommends to member states that they develop and promote awareness campaigns for their citizens to prevent the impact of cybercrime activities, as well as misinformation and hate speech.

– encourages member states to share best practices on strategies that improve reporting channels for victims of crimes, such as domestic violence and sexual abuse, during lockdown and crisis situations.

So far, the impact of the COVID-19 pandemic on the terrorist threat seems to have been limited. However, the protracted pandemic may increase member states’ vulnerabilities and the risks of radicalisation. The online presence of extremist groups is on the rise since the outbreak of the COVID-19 pandemic. Due to COVID-19, counter-terrorism authorities have had to increasingly rely on online capabilities, making their work more difficult.

In the medium to long term, the pandemic and its socio-economic consequences may prove to be a favourable breeding ground for extremist narratives. Some (violent) far-left, far-right and Islamist extremist groups have already incorporated COVID-19 into their narratives, and this might pose security challenges in the medium and long term. The conclusions, therefore:

– Call on member states to continuously contribute to the assessment of the online dimension of the terrorist threat by providing information to the relevant EU bodies. INTCEN (EU Intelligence and Situation Centre) and Europol should continue to deepen their assessment of the impact of the pandemic on terrorist operations.

– Invite member states to swiftly give effect to the regulation on terrorist content online, and the Commission and EU internet referral unit to provide support with their technical and operational expertise.

– Underline the influence of algorithms and their role in fostering radicalisation as another key point that deserves attention.

– Note the need to pay increased attention to emerging security risks, as well as opportunities, stemming from new technologies and underline the role of the EU innovation hub.

– Underline the utmost importance of continuing to develop secure VTC systems and channels for the exchange of classified information.

_____

Aquest apunt en català / Esta entrada en español / Post en français