Saturday, February 25, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Undersea Internet Cables Connecting Taiwan To Its Islands Cut Twice! Coincidence Or Chinese Handiwork
Analyst Comments: The reasons behind China's alleged sabotage of Taiwan's undersea cables are not entirely clear, but it is believed to be part of a larger effort to undermine Taiwan's infrastructure and disrupt its communication channels. Some experts believe that China is attempting to disconnect Taiwan's civilian-military decision-making infrastructure before a possible invasion, while others speculate that it is an attempt to pressure the Taiwanese government into accepting Chinese rule. There are also concerns that the cable damage could be part of China's "grey zone" tactics, which involve non-kinetic means of attack to confuse and undermine enemy forces. Additionally, it has been suggested that the damage to the cables could be a way for China to test the waters and gauge Taiwan's response to such attacks.
FROM THE MEDIA: The recurring damage to underwater internet cables that connect Matsu Island to Taiwan has been attributed to China's civilian maritime militia. This damage to the cables is seen as part of a larger cyber and electronic attack on Taiwan, with the aim of disconnecting its civilian-military decision-making infrastructure before an invasion. Repairing the cables every time they are damaged or severed causes administrative and logistical strain on the Taiwanese administration, and the repairs themselves are costly. This could force companies like Chungwha Telecom to back out of providing services, adding pressure on the citizens and the government. Strategists have speculated that China could take the small, poorly defended pieces of land just off China's coast and use them as staging bases for a strike on Taiwan. The article notes that any attack on Taiwan would likely be sudden, fluid, and simultaneous. The Chinese military has also been suspected of cutting undersea cables in Vietnam and other countries, indicating the strategic significance of submarine cables in conflicts.
READ THE STORY: The EurAsian Times
Watch Out, Elon: China Could Launch 13,000 Satellites to Disrupt Starlink
Analyst Comments: China's proposed "GW" satellite constellation, which aims to conduct surveillance on SpaceX's Starlink and potentially disable individual Starlink satellites, is still in the proposal stage, with the details of how it will be deployed and operated yet to be determined. While China has made progress in its space program, it currently lacks a reusable rocket like SpaceX's Falcon 9, which is crucial to Starlink's deployment. The development of a satellite constellation is complex and expensive, and it's unclear how China would fund such a project. Attempting to disable or interfere with Starlink satellites could be seen as a provocative move and potentially escalate tensions in space. Additionally, regulatory and technical challenges, as well as concerns about space debris, must be addressed in launching and operating such a large number of satellites.
FROM THE MEDIA: China is planning to launch a satellite constellation called “GW” to compete with Elon Musk’s Starlink, with no set launch date but an expected 12,992 satellites. The Chinese constellation is aimed to prevent SpaceX from “hogging” Earth orbit and to avoid the possibility that SpaceX might weaponize its satellite constellation. China's constellation will not only provide internet services but also has the capability to spy on Starlink and disable individual satellites. The researchers behind the project have raised concerns about Starlink satellites potentially using their orbital maneuverability to actively hit and destroy nearby targets in space. Despite the proposal being outlined in a research paper, it remains to be seen whether China can launch the proposed constellation on this scale, especially as it does not have a reusable rocket like SpaceX’s Falcon 9.
READ THE STORY: GIZMODO
The China snooping menace
Analyst Comments: The unchecked proliferation of these devices across India has led to concerns about data leaks and uninterrupted data transfers to Chinese intelligence. The banning of Chinese-made CCTV cameras in the US, the UK, and Australia is a sign of international concern about Chinese espionage. China's cyber espionage and influence over the supply chain of surveillance technology have major national security implications for countries around the world.
FROM THE MEDIA: In 2020-21, while Indian and Chinese generals engaged in talks to end a military stand-off in Ladakh, China was suspected of playing a double game with India. In August 2021, cyber groups linked to the Chinese government reportedly launched a massive cyber-espionage operation to target Indian electricity load dispatch centers near the Line of Actual Control in Ladakh. The aim was to disrupt the power supply to the region. These attacks, which included a cyber-strike to disable India's national emergency response systems, were successfully thwarted by the Indian government. The US-based cybersecurity firm Recorded Future later confirmed that the attacks were launched using Internet Protocol cameras and Digital Video Recording devices that were compromised in the operation by the Chinese. Indian intelligence officials fear that these Chinese-origin closed-circuit television cameras (CCTVs) can be used for espionage and can potentially compromise security. They suspect that some Chinese firms, working with Indian partners, are sending back data to Beijing through backdoor access to CCTVs. India ranks seventh in the list of countries with the most Hikvision and Dahua surveillance camera networks, and the internal note by the Ministry of Defence identified Hikvision as having 41% Chinese government holding.
READ THE STORY: MSN
CISA Sounds Alarmed on Cybersecurity Threats Amid Russia's Invasion Anniversary
Analyst Comments: This advisory comes as two threat intelligence firms have also warned that Russia is set to escalate its cyberattacks in Ukraine. Google's Threat Analysis Group and Cyber threat intelligence firm Recorded Future predicts that Russian cybercriminals will almost certainly support Russia's next big military push against Ukraine. The situation is concerning as cyberattacks could be used to cause chaos, disrupt essential services, and sow societal discord. The advisory emphasizes the importance of increasing cyber vigilance, implementing cybersecurity best practices, and taking proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.
FROM THE MEDIA: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of potential cyberattacks against the United States and European nations on February 24, 2023, the anniversary of Russia's 2022 invasion of Ukraine. CISA advises organizations to implement cybersecurity best practices, increase preparedness, and take proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The Computer Emergency Response Team of Ukraine (CERT-UA) has attributed a series of attacks on government websites to a Russian state-sponsored group, UAC-0056, which has breached the sites and planted backdoors. Russian hackers are likely to escalate cyberattacks in Ukraine, and Kyiv may find it more challenging to fend off the attacks in the year ahead. Russia could compensate for its previous shortcomings with short bursts of intense cyberattacks. With more time to prepare, Russia could also plan more sophisticated attacks. Ukraine's cyber defenses have held strong against Russia, but officials in both the U.S. and Ukraine warn that the threat is not handled, and the unpredictability of cyberspace could have a game-changing impact in future conflicts.
READ THE STORY: THN // Politico
Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors
Analyst Comments: Security concerns arise as the firmware running on these secondary processors (i.e., processors other than the application processor) in a system-on-chip (SoC) can be a critical part of the attack surface of a device. Attackers can exploit vulnerabilities over the air to achieve remote code execution within the Wi-Fi SoC or the cellular baseband. To mitigate these risks, Google is working to bolster the security of software running on these secondary processors and make it harder to exploit vulnerabilities by exploring and enabling compiler-based sanitizers, turning on memory safety features, and using memory-safe programming languages like Rust for writing firmware code. The aim is to "harden the most exposed attack surface – while minimizing any performance/stability impact" on the system.
FROM THE MEDIA: Google is partnering with other companies in an effort to improve the security of the firmware that interacts with Android. While the Android operating system runs on the application processor (AP), it is just one of many processors in a system-on-chip (SoC) that cater to various tasks, such as cellular communications and multimedia processing. The company is working to bolster the security of software running on these secondary processors, including the firmware, to make it harder to exploit vulnerabilities remotely. The company is exploring and enabling compiler-based sanitizers and turning on memory safety features in firmware as exploit mitigation measures and is also using memory-safe programming languages like Rust to write firmware code. The goal is to harden the most exposed attack surface while minimizing any performance or stability impact.
READ THE STORY: THN
How One Guy’s AI Tracked the Chinese Spy Balloon Across the US
Analyst Comments: The potential of merging artificial intelligence with satellite imagery to improve surveillance and tracking abilities, especially for national security purposes. The case study of using the technology to locate a surveillance balloon traversing the US illustrates its efficacy in identifying and tracking objects of interest.
FROM THE MEDIA: Entrepreneur Corey Jaskolski used his company Synthetatic's algorithms to locate a surveillance balloon that was shot down by a US jet off the coast of South Carolina. Jaskolski drew an initial image of what he thought the balloon would look like from space and fed this into the software, which searched large image collections to find it. The software found the balloon, and Jaskolski then trained it with real images to guide its search. Jaskolski's company compiled six sightings of the balloon on its satellite imagery and used wind data to estimate how it moved between those points. While Jaskolski believes that the combination of AI and satellite imagery is a powerful technology for surveillance, it also has its limitations, including false positives, and the need for human expertise and grunt work. The tool is currently used for humanitarian purposes, including by the UN World Food Program to find flood victims.
READ THE STORY: Wired
Evaluating the Cyberwar Set Off by the Russian Invasion of Ukraine
Analyst Comments: In the fall, Russian military units targeted Ukrainian critical infrastructure, causing widespread power outages and internet blackouts. Security leaders in East Asia are carefully watching how the war between Russia and Ukraine unfolds as a lot of the geopolitical tensions and rhetoric are similar to the long-simmering situation between China and Taiwan.
FROM THE MEDIA: The impact of the Russian invasion on Ukraine's internet infrastructure has been analyzed by Cloudflare, with their report stating that an average of 10% of online traffic to Ukraine between February 2022 and February 2023 was potential attack mitigation. Cloudflare's web application firewall (WAF) mitigated 14% of total traffic from Ukraine and 10% of total traffic to Ukraine as potential attacks in the past year. Cisco Talos has been monitoring critical infrastructure to identify threats and found that the attacks were less sophisticated and destructive than expected. While threat intelligence sharing helped, attackers, were seen to be using mundane and recognizable methods like credentials harvesting. Cloudflare's analysis of Ukraine's internet traffic shows the effect of the war on critical infrastructure and its residual effect on traffic. Additionally, the political nature of the war has caused cybercriminals to express their political allegiances through their attacks.
READ THE STORY: DARKReading
DNA Diagnostics Center to pay $400,000 fine for 2021 data breach
Analyst Comments: If this information falls into the wrong hands, it could be used for nefarious purposes such as identity theft, insurance fraud, or discrimination. It could also be used to create targeted attacks on individuals, such as using their genetic information to create customized phishing emails or to gain unauthorized access to their accounts.
FROM THE MEDIA: DNA Diagnostics Center (DDC) has agreed to pay a $400,000 fine to Ohio and Pennsylvania following a 2021 data breach that compromised the data of over 2 million individuals. Prosecutors accused DDC of violating several laws including the Consumer Protection Law, misrepresenting their efforts to protect consumer data, and waiting three months to acknowledge the breach. The leaked information included social security numbers and healthcare data. The breach began with DDC’s 2012 acquisition of Orchid Cellmark, after which they only conducted a penetration test on databases with “active customer data”. DDC paid the hacker an undisclosed amount to delete the stolen data. As part of the settlement, DDC will develop an information security program with safeguards on medical data and hire an employee or company to oversee it. Security awareness training is also mandated in the order and the fines must be paid to both states within 30 days.
READ THE STORY: The Record
'Ethical hacker' among ransomware suspects cuffed by Dutch cops
FROM THE MEDIA: Dutch police have arrested three individuals on suspicion of being part of a ransomware gang responsible for stealing sensitive data and extorting hundreds of thousands of euros from thousands of companies. The trio, including a prime suspect from Zandvoort, an ethical hacker who works for the Dutch Institute for Vulnerability Disclosure, and an 18-year-old without a permanent residence, are said to have stolen tens of millions of privacy-sensitive personal data. Many of the affected companies paid ransoms of over €100,000 in Bitcoin, and in some cases, extortion demands exceeded €700,000. The arrests come amid concerns about the rising threat of ransomware attacks and a growing need for enhanced cybersecurity measures.
READ THE STORY: The Register
Inside Dole’s ransomware attack
FROM THE MEDIA: Dole plc, a major producer of fruits and vegetables, recently experienced a ransomware attack that disrupted some of its operations and led to a shortage of some salad kits in certain markets. The attack reportedly exploited a bug in the Fortinet system, which is responsible for handling Dole's cybersecurity. Prior to the attack, Dole had implemented FortiMail Cloud and FortiSIEM as additional layers of security to address global security threats and provide more visibility into their security infrastructure. The impact of the incident on Dole's operations has been limited, and the company is working with third-party cybersecurity experts to remediate the issue and secure systems. It is unclear whether a ransom was paid. The incident underscores the ongoing threat of ransomware attacks targeting the food supply chain, which can have serious consequences for consumers and the economy.
READ THE STORY: Blue Book
How to Use AI in Cybersecurity and Avoid Being Trapped
FROM THE MEDIA: Artificial intelligence (AI) is being increasingly used in cybersecurity to detect and respond to security threats more efficiently and effectively, as it can analyze vast amounts of data and identify patterns or anomalies much faster and with greater accuracy than humans. AI can also automate many of the repetitive and time-consuming tasks associated with cybersecurity, proactively identify vulnerabilities and potential security threats, and learn and adapt to new threats over time. However, deploying AI in business cybersecurity can be complex, and it is crucial to understand its limitations, invest in training and education for cybersecurity teams, define clear goals and objectives, and thoroughly test and validate AI solutions before deploying them.
READ THE STORY: THN
Smuggler provided sensitive US tech to Russian, N. Korean governments, prosecutors say
FROM THE MEDIA: A Russian national, Ilya Balakaev, has been charged by the US Department of Justice with smuggling equipment used in counterintelligence operations from the US to Russia, violating US sanctions against Russia and North Korea. The indictment alleges that Balakaev’s company, Radiotester, purchased devices for the Russian Federal Security Service (FSB), and that Balakaev hired people in the US to help him purchase equipment that was not readily available in Russia. Balakaev also allegedly made a deal with the North Korean Embassy in Moscow to buy dangerous gas detectors and software in the US and provide those goods to the North Korean government. If captured and convicted, Balakaev faces up to 75 years in prison.
READ THE STORY: The Record
Treasury Department hits Russian disinformation operators with sanctions
FROM THE MEDIA: The US Treasury Department has imposed sanctions on a number of Russian technology firms and executives with links to Russian intelligence services. The move targets Russia’s mining and minerals sector and technology companies involved in disinformation operations against the US and US elections. The entities include 0Day Technologies, Lavina Puls, and Inforus, which have provided technical support to malign influence operations conducted by the Main Intelligence Directorate, OFAC said. The sanctions forbid US companies and individuals from doing business with the listed entities and block their access to the property on US soil.
READ THE STORY: The Record
‘Something Was Badly Wrong’: When Washington Realized Russia Was Actually Invading Ukraine
FROM THE MEDIA: In 2021, there was a concerning buildup of Russian forces on the border with Ukraine, which raised real concerns about their intentions. Over the summer, Putin published an article about Ukraine, and his rhetoric began to change quite markedly in public. By the fall, the preponderance of intelligence showed that Russia was planning to invade Ukraine. This led to a serious and somber briefing in the Oval Office, where the President was informed about the size, capability, and composition of the Russian forces, and the most dangerous courses of action that they would likely take. The U.S. engaged the world, as well as engaged with the Russians to try to prevent the invasion, and mobilized to provide a range of assistance to the Ukrainians. The White House had three major lines of effort, including mobilizing with the international community and the U.S. government, and the private sector. There was a clear, unmistakable, and advanced warning of a major geopolitical event, and it was obvious that the invasion was planned before the fall of Afghanistan. Putin did not wake up one day and decide to invade Ukraine; he was toying with the idea throughout 2021 and getting more agitated about the future course of Ukraine.
READ THE STORY: Politico
How legal actions against Russian aggression in Ukraine can serve as a model for other conflicts
FROM THE MEDIA: The global response to Russia's invasion of Ukraine in 2022 and the progress made towards ensuring accountability for international crimes. The efforts include criminal prosecutions, investigations by states under universal jurisdiction provisions, an investigation by the International Criminal Court (ICC), civil cases before the International Court of Justice (ICJ), the use of targeted human-rights sanctions, and the litigating of novel legal issues such as cyber operations. The article notes that while progress toward justice should be commended, it highlights the unequal access to justice for victims of international crimes and the need for continued efforts toward accountability for all atrocities.
READ THE STORY: Atlantic Council
Russian Malware Developer Arrested And Extradited To The United States
FROM THE MEDIA: Dariy Pankov, a Russian citizen and resident, has been arrested and extradited to the US from Georgia on charges of conspiracy, access device fraud, and computer fraud. Pankov is accused of creating a malware program called "NLBrute," which he used to obtain login credentials of tens of thousands of computers worldwide. He allegedly sold these stolen credentials to other cybercriminals, who used them for a variety of illegal activities, including ransomware attacks and tax fraud. The US government intends to forfeit $358,437 that is alleged to be traceable to the proceeds of these offenses. If convicted on all counts, Pankov faces a maximum of 47 years in federal prison.
READ THE STORY: Security Boulevard
Dish Network goes down in a mysterious outage, employees are cut off
FROM THE MEDIA: Dish Network, an American TV giant and satellite broadcast provider is experiencing a widespread outage affecting its websites, apps, and networks owned by the company. Customers also report authentication issues and problems with customer service operations. Dish's remote employees are also cut off from accessing their work systems. The company's Twitter support account states that "an internal systems issue is impacting some of our customer service operations," and an internal email sent to Dish Network's employees shows that management is notifying them of an ongoing "VPN issue." Although Dish has not yet confirmed whether it is a cyber attack, multiple signs indicate that it is one. A source in touch with a Dish Network employee reported that the network "has been hit" by a cyber attack. Another Dish Network employee has since confirmed that the incident "was caused by an outside bad actor, a known threat." The investigation is ongoing, and more information will be provided as it becomes available.
READ THE STORY: BleepingComputer
FBI Efforts Since the Russian Invasion of Ukraine
FROM THE MEDIA: The FBI has devoted significant resources to protecting Ukrainian infrastructure, U.S. assets, and others threatened by the Russian government. With support from partners in the private sector, the KleptoCapture Task Force, and international law enforcement, the FBI has identified assets belonging to Russian oligarchs and other supporters of the regime, leading to warrants for their seizure. The FBI has also investigated individuals and corporate entities accused of sanctions evasion, export control violations, money laundering, and other crimes. The FBI has used intelligence and data analytics to prevent a broad range of national security threats stemming from Russia's activities in Ukraine, including illegal transfers of weapons and civil-military, dual-use technologies. The FBI has also mobilized agents to investigate war crimes and other atrocities in Ukraine. The FBI is committed to using its expertise and authorities to protect U.S. national security, strengthen the resilience of Ukraine, and hold Russia accountable for its actions.
READ THE STORY: FBI
Namecheap Email System Hacked to Send DHL and Metamask Phishing Emails
FROM THE MEDIA: Hackers have breached Namecheap's email system and sent phishing emails to its customers impersonating DHL and self-hosted wallet provider MetaMask. The DHL phishing email requested customers to pay delivery fees to prevent their parcels from being returned, while the MetaMask email included a link to a phishing page requesting the victim's "Secret Recovery Phrase" or "Private key." According to Namecheap, the hackers accessed its newsletter list containing customers' names and email addresses to send these phishing emails. Initially, the domain registrar blamed a third-party marketing email provider for the breach, but later took full responsibility for the incident. The Namecheap email hack highlights the need for account takeover controls to prevent more deceptive phishing attacks.
READ THE STORY: CPO
Bullitt unveils satellite-enabled Android smartphones
FROM THE MEDIA: British handset maker Bullitt has launched two satellite-enabled smartphones, the Caterpillar-branded Cat S75 and the Motorola Defy 2, at prices starting at $634 and $599 respectively. The Android devices connect to geostationary orbit satellites in addition to terrestrial 5G networks, with recipients of texts sent via satellite needing to have Bullitt’s proprietary app to reply. The company has partnered with Silicon Valley start-up Skylo and GEO operators, including Inmarsat, for the service, which will be available in Europe and North America from March, with plans to expand into other regions by mid-2023.
READ THE STORY: SN
Canadian Telecom Firm Telus Reportedly Investigating Breach
FROM THE MEDIA: Telus, one of Canada's largest telecommunications providers, is investigating a potentially major data breach of its systems after a threat actor posted samples of sensitive data from the company. The leaked data included a sample of employee payroll records, source code from the telecom firm's private GitHub repositories, and other information. The threat actor offered for sale an email database purporting to contain the email addresses of every employee at Telus, a payroll information database of the telco's top executives, and over 1,000 private GitHub repositories belonging to Telus. If the breach happened as claimed, it would be the latest in a string of attacks that have targeted telecom firms recently. Analysts believe the widespread use of mobile devices for multifactor authentication and the opportunity for adversaries to surveil people of interest have made telecom companies a big target.
READ THE STORY: DARKReading
Florida, forgoing DHS program, launches cyber grant fund for locals
FROM THE MEDIA: The Florida Digital Service has launched a program to distribute cybersecurity improvement grants worth $30m to local governments across the state. The grants are to be awarded competitively, and those that are approved will be able to benefit from the state government's cyber assets, which include email security services, endpoint detection software, a security operations platform, vulnerability assessments, and other access management tools. The Florida program is not without requirements of its own: local governments that are approved will be required to sign incident-response riders and data-sharing agreements with the state, according to the program's documentation. The state's proposed budget for the 2022-23 fiscal year includes funding for major increases in state-government network resiliency, upgrades at the state’s public universities, and the hiring of an additional 36 full-time employees at the Florida Digital Service.
READ THE STORY: Statescoop
Items of interest
What a Sixty-Five-Year-Old Book Teaches Us About A.I.
FROM THE MEDIA: The rise of artificial intelligence and its impact on writing is discussed, particularly the potential for chatbots to generate natural-sounding text, which could revolutionize the quality of student essays. However, an interesting historical perspective on this topic is introduced through a review of a book series from the late 1950s called "Danny Dunn." The third book in the series, titled "Danny Dunn and the Homework Machine," focuses on the idea of using computers to help with homework, an idea that was ahead of its time. The book makes an argument about homework, with the authors suggesting that homework doesn't have much to do with how a kid learns things at school. Modern research supports this argument, suggesting that there is little evidence of any academic benefit from assigning homework in elementary or middle school, and only a weak correlation in high school. Overall, the article offers an interesting perspective on the potential impact of AI on writing and education, as well as historical insights that continue to be relevant today.
READ THE STORY: The New Yorker
ChatGPT Prompt Hack: Master Productivity with The “Sequence Prompt” (Video)
FROM THE MEDIA: A sequence prompt is a tool that provides options for improving or changing text. The options are presented in a table format for the user to choose from. The tool also keeps a log of the changes made to the text, making it easier to track modifications. This prompt can be useful for writers looking to enhance their writing and explore different options for phrasing, vocabulary, and structure.
ChatGPT - Malware Analysis using Artificial Intelligence (Video)
FROM THE MEDIA: Open ai's new chat GPT tool can be used to aidos in our malware reversing we're going to look at if it can comprehend either output and if it's able to make useful sense of disassembly. We'll see if we can get it to explain to us how this registry key may be used in malware. We can always try again and get a different output for our question.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected to cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.