DIGITLA THREAT REPORT
NEWS: The Digital Threat Report 2024 has flagged cryptocurrency as a new frontier for cyber threats.
WHAT’S IN THE NEWS?
Cybersecurity Threats in Cryptocurrency
• Cryptocurrency exchanges have become prime targets for cyber criminals. Notably, WazirX, a major Indian crypto exchange, suffered a significant cyberattack resulting in the loss of a large portion of its reserves.
• Another major breach involved the Dubai-based crypto exchange Bybit, which experienced the largest crypto heist to date in terms of value stolen.
• A new malware variant has been flagged that scans compromised environments for crypto wallets or their private keys. Once accessed, these keys are misused to siphon off digital assets.
Deepfakes and AI-driven Social Engineering
• The report highlights the growing use of deepfake voice and video technologies in social engineering attacks.
• Threat actors exploit these tools to impersonate executives, employees, or partners, tricking individuals into disclosing sensitive data or authorizing fraudulent actions.
Vulnerabilities in Large Language Models
• Locally hosted AI systems are more susceptible to prompt-based hacking compared to APIs provided by established developers like OpenAI and DeepSeek.
• Jailbreaking attempts on ChatGPT have demonstrated how safeguards can be bypassed using creative prompts, such as the well-known “grandma exploit”.
• Malicious LLMs like WormGPT and FraudGPT are capable of generating realistic phishing emails, writing malware, and automating software exploits.
The Role of FraudGPT in Cybercrime
• FraudGPT is circulating on dark web forums and Telegram channels.
• It assists in the creation of cracking tools, phishing kits, undetectable malware, and locating system vulnerabilities, making it a powerful tool for cyber criminals.
Policy Recommendations for AI Security
• The report urges the need for clear and enforceable regulations to govern the responsible deployment of AI and machine learning in the BFSI sector.
• It also recommends mandatory security testing of APIs used in AI-native applications to identify and address hidden vulnerabilities.
India’s Cybersecurity Developments
• Defence officials have acknowledged that cyberattacks and disinformation are integral to modern “grey zone” and hybrid warfare tactics.
• According to a recent Kaspersky report, a significant portion of India’s internet users were affected by web-based threats during the previous year, with over 44 crore incidents detected.
• In response to these rising threats, initiatives such as the National Cyber Coordination Centre, Cyber Surakshit Bharat, and the National Critical Information Infrastructure Protection Centre have been established.
• The Indian Cyber Crime Coordination Centre (I4C), set up in 2018, has expanded its platforms with new tools such as the Cyber Fraud Mitigation Centre, Samanvaya, Cyber Commandos, and a Suspect Registry. These have helped prevent large-scale fraud and financial losses.
Challenges and the Way Forward
• Though budgetary support for cybersecurity has been enhanced, challenges persist in ensuring efficient fund utilization and transparency.
• Strengthening the cybersecurity framework will require strategic collaboration between government agencies, private companies, and academic institutions.
Source: https://indianexpress.com/article/upsc-current-affairs/upsc-essentials/knowledge-nugget-digital-threat-report-2024-cybersecurity-upsc-9936519/