In India, a breach of the Tamil Nadu Police Facial Recognition Portal by the hacker group ‘Valerie’ exposed data on over 50,000 people, including police officers and First Information Reports (FIRs). The stolen information is now being sold on the dark web and could be exploited for scams, as reported by The New Indian Express.
Deployed in 2021, the Tamil Nadu police’s facial recognition system uses software from the Centre for Development of Advanced Computing (CDAC) Kolkata. It was intended for officers to verify suspects on patrol but has been criticised for its broad criteria in identifying potential suspects.
Despite the risks, India continues to expand its use of facial recognition since Meghalaya is deploying 300 cameras in Shillong, Jammu, and Kashmir using AI facial recognition on highways. Telangana police are upgrading to a more comprehensive biometric system under the new Criminal Procedure (Identification) Act, 2022.
Why does it matter?
As India advances its digital transformation with major projects like Aadhaar and Digi Yatra, biometric monitoring has become common, and much of the technology powering these initiatives comes from Japan. According to a report from The Wire, Japanese tech firms, particularly NEC, supply many of India’s police forces with biometric tools. Although NEC has a human rights policy, domestic misuse remains a concern.
According to reports, a significant cyberattack targeted the UK Ministry of Defence, exposing the sensitive details of tens of thousands of armed forces personnel. The breach, believed to have occurred multiple times on a third-party payroll system, prompted the MoD to assess the extent of the hack over three days. While the Ministry has not confirmed any data theft, it reassured service members about their safety amid the incident.
The attack follows earlier attributions of cyberattacks to Chinese ‘state-affiliated actors’ in the UK between 2021 and 2022. In March, Deputy Prime Minister Oliver Dowden disclosed sanctions against individuals and a company linked to the Chinese state for alleged malicious cyber activities, including attacks on the Electoral Commission. These actions underscore a growing concern over cyber threats originating from China.
While Chinese President Xi Jinping embarked on a European tour, the cyberattack allegations persisted, with French lawmakers targeted by similar incidents urging an official investigation. Despite mounting accusations, French authorities refrained from directly attributing the attacks to China, contrasting with formal accusations made by the US, UK, and New Zealand. As President Xi continues his diplomatic engagements in Europe, with planned visits to Serbia and Hungary, the cybersecurity landscape remains a pressing issue, with nations navigating the complexities of state-sponsored cyber activities.
Manufacturers must eliminate weak default passwords like ‘admin’ or ‘12345’ and prompt users to change them upon device setup. The legal move aims to enhance the UK’s cyber-resilience, reflecting that 99% of UK adults now own at least one smart device, with the average household possessing nine.
Other key elements of the new legislation include banning common weak passwords, requiring manufacturers to provide clear contact information for reporting security issues and ensuring transparency about the duration of product security updates. By implementing these standards, the UK seeks to enhance consumer confidence, stimulate economic growth, and position itself as a leader in online safety.
Why does it matter?
The legislation responds to vulnerabilities exposed by significant cyber incidents, such as the 2016 Mirai attack, which compromised 300,000 smart products and disrupted internet services across the US East Coast. Similar incidents have since affected major UK banks such as Lloyds and RBS, which prompted the government to work on robust cybersecurity measures.
Spain’s High Court has reignited an investigation into the use of NSO Group’s Pegasus software to spy on Prime Minister Pedro Sanchez and other Spanish politicians. The legal move comes after a previous probe was shelved due to a lack of cooperation from Israeli authorities. Investigators plan to collaborate with France, where similar surveillance targeted politicians and public figures.
The investigation aims to uncover the perpetrators behind the spying activities, which triggered a political crisis in Spain in 2022 and resulted in the resignation of the country’s spy chief. However, no individuals or groups have been formally accused yet. The Spanish government has not disclosed whether foreign or domestic entities are suspected of orchestrating the espionage.
Judge Jose Luis Calama decided to reopen the case following revelations from France regarding the use of Pegasus software to surveil journalists, lawyers, and government officials. French President Emmanuel Macron even changed his mobile phone and number due to security concerns arising from the Pegasus spyware case. Calama emphasised the importance of analysing technical data from both countries’ investigations to identify the culprits behind the cyber attacks.
The judge has ordered expert analysis to compare technical elements gathered by Spanish and French authorities, expecting closer collaboration once this analysis is complete. Calama envisions joint efforts between French and Spanish judicial authorities to determine the origin of the Pegasus spy program’s infiltration in both countries. This renewed investigation signals a concerted effort to address concerns surrounding digital surveillance and protect the privacy of politicians and citizens alike.
South Korean police disclosed that major North Korean hacking groups have been relentlessly conducting cyber assaults on South Korean defence firms for over a year. These attacks have resulted in breaches of internal networks and the theft of crucial technical data. Identified groups include Lazarus, Kimsuky, and Andariel, all linked to North Korea’s intelligence apparatus.
Hackers successfully infiltrated networks using various methods, such as planting malicious codes directly into defence companies’ systems or through their contractors. Police, collaborating with national spy agencies and private sector experts, tracked these attacks. They used indicators such as source IP addresses, signal rerouting architecture, and malware signatures to identify the perpetrators.
One notable case, dating back to November 2022, saw hackers inserting a code into a company’s public network. This code later infected the intranet during a temporary disengagement of the internal security system for a network test. Exploiting security oversights, hackers gained entry through subcontractors’ accounts, who used identical passcodes for personal and official email accounts, extracting confidential technical data.
Although the police did not disclose the affected companies or the specifics of the data breaches, South Korea has become a significant global defence exporter. In recent years, lucrative contracts for items such as mechanised howitzers, tanks, and fighter jets have been valued at billions of dollars. This latest revelation underscores the persistent threat posed by North Korean cyber operations, which extend beyond national borders and target critical industries worldwide.
A military court in Moscow has reportedly sentenced Meta Platforms spokesperson Andy Stone to six years in prison in absentia for ‘publicly defending terrorism.’ This ruling comes amid Russia’s crackdown on Meta, which was designated as an extremist organisation in the country, resulting in the banning of Facebook and Instagram in 2022 due to Russia’s conflict with Ukraine.
Meta has yet to comment on the reported sentencing of Stone, who serves as the company’s communications director. Stone himself was unavailable for immediate response following the court’s decision. Stone’s lawyer, Valentina Filippenkova, indicated they intend to appeal the verdict, expressing a request for acquittal.
The Russian interior ministry initiated a criminal investigation against Stone late last year, although the specific charges were not disclosed then. According to state investigators, Stone’s online comments allegedly defended ‘aggressive, hostile, and violent actions’ against Russian soldiers involved in what Russia terms its ‘special military operation’ in Ukraine.
Why does it matter?
Stone’s sentencing underscores Russia’s stringent stance on online content related to its military activities in Ukraine, extending repercussions to individuals associated with Meta Platforms. The circumstances also reflect the broader context of heightened scrutiny and legal actions against perceived dissent and criticism within Russia’s digital landscape.
China has taken a significant step in modernising its military by establishing the Information Support Force (ISF) to bolster its ability to wage networked warfare. President Xi Jinping formally inaugurated the ISF, emphasising its crucial role in ensuring the People’s Liberation Army (PLA) can succeed in modern conflicts. The ISF aims to develop a network information system tailored to the demands of contemporary warfare, enhancing the PLA’s combat capabilities.
The creation of the ISF consolidates China’s cyberspace and aerospace capabilities under a unified command within the Strategic Support Force. President Xi’s leadership underscores the strategic importance of this new force in advancing China’s military strength across all domains. While specific details of the ISF’s operations remain undisclosed, its establishment aligns with Xi’s broader vision for China’s military modernisation, particularly in light of the PLA’s upcoming centennial anniversary in 2027.
China’s emphasis on information warfare reflects a global recognition of the critical role of communication in modern conflict. However, concerns persist regarding China’s aggressive cyber activities, with FBI Director Christopher Wray characterising China as a persistent threat to US infrastructure. Wray highlighted China’s extensive hacking capabilities, fueled by the theft of intellectual property and data, and emphasised the importance of collaborative efforts to counter these threats.
The FBI’s response to Chinese cyber operations involves close coordination with various entities, including the US Cyber Command, foreign law enforcement agencies, and private sector partners. Wray emphasised the role of partnerships in confronting Beijing’s cyber aggression, stressing the need for proactive engagement from potential victims to mitigate the impact of cyber intrusions. By leveraging collaboration and information sharing, efforts to combat Chinese cyber threats aim to protect critical infrastructure and safeguard against future attacks.
FBI Director Christopher Wray issued a stark warning about Chinese government-linked hackers infiltrating critical US infrastructure, awaiting a strategic moment for devastating action. Speaking at Vanderbilt University, Wray outlined the ongoing Volt Typhoon hacking campaign, which has breached American companies in vital sectors like telecommunications, energy, and water, with 23 pipeline operators among the targets.
FBI Director Christopher Wray issued a warning that Chinese hackers are preparing to attack critical US infrastructure:
“China is positioning its enormous hacking enterprise…The PRC has made it clear that it considers every sector that makes our society run fair game in its… pic.twitter.com/Fwsoj4jWXF
At the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats, Wray emphasised China’s evolving capability to inflict physical damage on crucial infrastructure at its discretion. The campaign’s intent remains elusive, though it aligns with China’s broader strategy to dissuade US intervention in Taiwan, a democratic territory claimed by Beijing.
China, which has never disavowed the use of force to assert control over Taiwan, denies any government involvement in Volt Typhoon, dismissing it as the work of criminal ransomware groups. The Chinese Embassy in Washington echoed this stance, accusing the US of politicising cybersecurity by attributing attacks to China and portraying itself as the victim.
Wray disclosed that Chinese hackers employ a network of compromised devices globally to obfuscate their activities, a tactic previously identified by private cybersecurity firms like Microsoft and Google. As tensions persist between the US and China over Taiwan and cybersecurity, the spectre of cyberwarfare looms large, underscoring the imperative for robust defences against digital incursions.
The National Security Agency’s Artificial Intelligence Security Center (NSA AISC) has introduced new guidelines to bolster cybersecurity in the era of AI integration into daily operations. The initiative, developed with key agencies like CISA, FBI, and others, focuses on safeguarding AI systems against potential threats.
The recently released Cybersecurity Information Sheet, ‘Deploying AI Systems Securely,’ outlines essential best practices for organisations deploying externally developed AI systems. The guidelines emphasise three primary objectives: confidentiality, integrity, and availability. Confidentiality ensures sensitive information remains protected; integrity maintains accuracy and reliability, and availability guarantees authorised access as needed.
The guidance stresses the importance of mitigating known vulnerabilities in AI systems to preemptively address security risks. Agencies advocate for implementing methodologies and controls to detect and respond to malicious activities targeting AI systems, their data, and associated services.
The recommendations include ongoing compromise assessments, IT deployment environment hardening, and thorough validation of AI systems before deployment. Strict access controls and robust monitoring tools, such as user behaviour analytics, are advised to identify and mitigate insider threats and other malicious activities.
Organisations deploying AI systems are urged to review and implement the prescribed practices to enhance the security posture of their AI deployments. This proactive approach ensures that AI systems remain resilient against evolving cybersecurity threats in the rapidly advancing AI landscape.
National cybersecurity experts have postponed a vote on a proposed EU cybersecurity label until May, according to sources familiar with the matter. The EU aims to implement a cybersecurity certification scheme (EUCS) to ensure the security of cloud services, aiding governments and businesses in selecting trustworthy vendors. This delay allows tech giants like Amazon, Google, and Microsoft to continue bidding for sensitive EU cloud computing contracts.
Disagreements have arisen over whether strict requirements should be imposed on major tech companies to qualify for the highest level of the EU cybersecurity label. These disagreements have stalled progress despite recent discussions among experts in Brussels. Holding the rotating EU presidency, Belgium has made adjustments to the draft, reflecting ongoing deliberations.
The most recent version of the draft has eliminated sovereignty requirements that previously mandated US tech giants to collaborate with EU-based companies to handle customer data in the bloc. While major tech firms have welcomed this change, it has drawn criticism from EU-based cloud vendors and businesses like Deutsche Telekom, Orange, and Airbus. They argue that removing these requirements poses a risk of unauthorised data access by non-EU governments under their respective laws.
Following the experts’ postponed vote, the next phase involves the EU countries providing input, with the European Commission making the final decision. The outcome of these discussions will significantly impact the landscape of cybersecurity regulations and the involvement of major tech players in the EU’s cloud computing sector.
