Monday, February 27, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Ukraine netted $70M in crypto donations since the start of the Russia conflict
Analyst Comments: The use of cryptocurrency to support a country's war effort is important because it highlights the potential for cryptocurrency to play a role in traditional financial systems. In the case of Ukraine, the ability to receive and use cryptocurrency donations quickly and easily allowed the country to respond to the Russian invasion in a timely and effective manner. This use case demonstrates the potential of cryptocurrency to provide a faster, more efficient means of funding in emergency situations, which could be critical in other conflicts or humanitarian crises. However, it is also important to note that the use of cryptocurrency to fund war efforts can raise ethical questions and may have regulatory implications, as it can be difficult to monitor and regulate transactions made with cryptocurrency.
FROM THE MEDIA: Ukraine has received over $70 million in cryptocurrencies since the start of the Russian-Ukrainian conflict, with the majority of funds coming in the form of Ether, Bitcoin, and Tether. Cryptocurrency donations have provided funds for military equipment and humanitarian assistance, with 80% of the total donations coming in the first few months of the conflict. The speed of cryptocurrency payments has fast-tracked the country's ability to respond to the Russian invasion. The increased reliance on cryptocurrencies in Ukraine has also increased adoption in the country, with Ukrainians being the third-highest adopters behind Vietnam and the Philippines. However, pro-Russian military groups have also used cryptocurrency to crowdfund their war efforts, including funding military purchases, spreading disinformation, and creating pro-invasion propaganda.
READ THE STORY: Coin Telegraph
Education can mitigate US cyber security concern
Analyst Comments: The financial sector's high dependence on third-party tech vendors, both big and small, has created a major source of risk, as seen in a recent ransomware attack on Ion Markets. This "border-hopping" nature of tech vendors makes it difficult for national regulators to supervise them, leaving financial groups with patchy visibility of their operations. Financial companies are now heavily reliant on a few Big Tech entities, such as Microsoft and Amazon, for cloud computing, creating "single points of failure" risks similar to those experienced during the Covid-19 pandemic.
FROM THE MEDIA: The recent ransomware attack on Ion Markets, a small tech vendor in Dublin that provides data to derivatives traders, has highlighted the high dependence of the financial sector on third-party tech vendors. This has created new risks, given the lightly supervised nature of these entities and the patchy visibility of their operations. A recent survey of 130 global financial institutions found that 74% of them experienced at least one ransomware attack over the past year. The increasing sophistication of these attacks and the emergence of Ransomware as a Service (RaaS) are concerns for financial and business infrastructure. Despite regulatory reforms, such as creating a "cyber-resilience framework for brokers and dealers", the problem remains unresolved. Some radical ideas such as restricting companies' choices around vendors to a pre-approved list and expanding the regulatory perimeter to scrutinize tech vendors and other digital companies are being considered.
READ THE STORY: FT
A ‘Limited number’ of News Corp employees sent breach notification letters after the January cyberattack
Analyst Comments: Foreign governments may target media outlets for various reasons, including espionage, intelligence gathering, influence operations, or to disrupt the target's operations. For example, a foreign government may want to gain access to the media outlet's sensitive information or email correspondence to gain insights into the target's reporting on certain issues or to identify sources. They may also seek to manipulate or influence the media outlet's reporting or use it to disseminate false or misleading information. Additionally, a successful cyber attack against a foreign media outlet can undermine its reputation and credibility, creating an information vacuum that can be exploited for various purposes.
FROM THE MEDIA: News Corp has notified employees of a breach that occurred in January 2022, which it believes was orchestrated by the Chinese government. The company has confirmed that a “limited number” of employees were affected and that the majority of its workforce was not targeted. News Corp owns The Wall Street Journal, Dow Jones, and other major media properties. The company discovered the cyber attack in January 2022, when a business email and document storage system used by several News Corp businesses was accessed. Mandiant was hired to investigate the incident, and the cyber security firm believes that the attack was carried out by a threat actor operating in the interests of the Chinese government. News Corp is offering two years of free identity protection and credit monitoring through Experian to affected employees.
READ THE STORY: CyberSecurity Connect // The Record // Bleeping Computer
TikTok is dangerous – a drug, subversive, and spyware
Analyst Comments: The "so what" of the article is that there are growing concerns among Western governments about the potential security risks posed by the popular social media app TikTok, which is owned by the Chinese company ByteDance. The article cites a number of examples of how Chinese intelligence agencies, including the Ministry of State Security (MSS), have been using various means to acquire sensitive information and tilt decision-making in their favor. The article also highlights the MSS's growing use of influence operations to befriend and influence foreign targets, without necessarily recruiting them as spies, and the potential threat posed by TikTok's data collection and psychological profiling capabilities.
FROM THE MEDIA: The passage discusses security concerns regarding the popular social media app TikTok, which has been banned on government devices in the United States, European Union, and Australia due to fears that user data could be accessible to the Chinese government. The UK government is under pressure to follow suit. The author argues that concerns about TikTok's data privacy and potential influence on politics and society are not unfounded and that foreign governments may view media outlets as valuable targets for espionage, propaganda, or to influence public opinion in their own favor or against their adversaries. The passage also highlights the growing international presence and influence of China's civilian intelligence agency, the Ministry of State Security, which has been involved in various espionage and influence operations around the world. The author, a risk analyst and expert on Chinese intelligence operations suggest that foreign interference is a common problem facing many countries and that intelligence agencies need to be more proactive and transparent in their efforts to combat it.
READ THE STORY: Cyber Shack
In Crypto: US regulator takes aim at every crypto except Bitcoin
FROM THE MEDIA: According to a recent interview with the chair of the United States Securities and Exchange Commission, Gary Gensler, all cryptocurrencies except for Bitcoin should be considered securities. He argued that projects with a group in the middle and public anticipation of profits should be brought under its regulation. However, lawyers and crypto advocates have pointed out that Gensler's opinion is not legally binding, and the SEC would need to prove its case in court for each token, which would be impractical and expensive. Some have criticized Gensler's comments, suggesting that they should be feared rather than celebrated, and expressed concern about the lack of a clear plan for regulating crypto. In other news, Ukraine has received $70m in crypto donations since Russia's invasion, India has won backing from the IMF and the US for its plan to coordinate global crypto regulation, and the European Commission has launched a blockchain regulatory sandbox to facilitate the dialogue between regulators and innovators.
READ THE STORY: Business Cloud // Coin Telegraph
Spotify’s AI DJ Has No Soul
FROM THE MEDIA: Spotify's new AI DJ service is a feature available as a beta option on the Spotify mobile app, exclusively for people who pay for Spotify Premium. The AI DJ, modeled after the voice of Xavier "X" Jernigan, Spotify's head of cultural partnerships, breaks into the stream between songs to tell listeners what they're listening to and share quips or tidbits about the artists or songs. The AI DJ is also able to guess the emotions specific songs evoke from the listener and can change the mood with the tap of a button. However, the changes may feel random and it can take several taps to land on something the listener vibes with. One potential downside to the service is that it constantly reminds the listener of what it is not, which can feel eerily lonely. Additionally, the AI DJ's access to personal data runs deep, similar to Spotify Wrapped, and it is able to learn about the listener's headspace at certain times of the day or based on their location.
READ THE STORY: Wired
Arming Ukraine: how war forced the EU to rewrite defense policy
FROM THE MEDIA: The European Union's decision to use its shared cash to buy weapons for Ukraine, with a budget of over €3bn, has marked a significant shift in European defense policy. The decision to purchase arms was previously prohibited under the EU's founding treaties, and providing lethal arms was a red line for Brussels in foreign policy. But as Russia's invasion of Ukraine exposed the continent's vulnerability, the EU started to allocate more funds for the European Peace Facility to purchase arms and training for the Ukrainian army. The EU's shift in policy has been met with criticism and support, but EU officials view it as a strategic leadership move that has emboldened other actors to provide military assistance to Ukraine.
READ THE STORY: FT
German minister warns of ‘massive’ danger from Russian hackers
FROM THE MEDIA: German Interior Minister Nancy Faeser has warned of a significant threat to the country from Russian spying, disinformation, and sabotage attacks. Cybersecurity concerns have been heightened by the war in Ukraine, with the attacks of pro-Russian hackers increasing, particularly against energy providers and military organizations. Faeser has called on regional and federal governments to work together to prevent cyber-attacks and continually improve their ability to do so. Russia has been accused of orchestrating cyber-attacks on Germany, with the Bundestag and Chancellor Angela Merkel’s office being previous targets. The attacks are often well disguised but are frequently attributed to Russian hackers.
READ THE STORY: The Guardian
How China snoops on India
FROM THE MEDIA: The widespread use of closed-circuit television cameras (CCTVs) in India, particularly in government establishments, poses a serious security risk as they are predominantly made by Chinese companies with alleged links to the Chinese government, according to security experts. The unchecked proliferation of such devices across the country is a serious security risk, as they can be potentially used as snooping devices and can be tapped by Chinese intelligence agencies to acquire sensitive information. India’s National Cyber Security Coordinator for the National Security Council at the Prime Minister's office, Dr. Rajesh Pant, warns that these CCTVs have become the eyes of any country wanting to do mischief and are the best tools for technical intelligence. Experts call for preventive and remedial measures to be taken to counter this threat.
READ THE STORY: India Today
Infosys founder slams working from home, side hustles, as slowing India's growth
FROM THE MEDIA: Australia is set to establish a National Office for Cyber Security and appoint a Coordinator for Cyber Security to lead a team within the Home Affairs department that will provide central management and triage when major cyber incidents occur. The new initiative aims to provide the country with the capacity to coordinate a response that will assist consumers and industry alike. Meanwhile, FTX Japan resumed operations after its collapse. Over 7,000 users moved a total of around $50m from FTX Japan to an associated entity named Liquid. Elsewhere, an audit in Victoria, Australia, revealed that more than 900 Hikvision and Dahua CCTV cameras were installed in government facilities.
READ THE STORY: The Register
A War With China Would Reach Deep Into American Society
FROM THE MEDIA: The possibility of a major war in the Indo-Pacific region, initiated by a Chinese invasion of Taiwan, has become more likely due to China's increasing military, economic, and industrial strength. The United States has stated that it would defend Taiwan, but the challenges are serious as China has built formidable cyberwarfare capabilities to disrupt and manipulate the United States and allied governments, media organizations, businesses, and civil society. China's military is prepared to conduct a much broader type of warfare that would reach deep into American society, including using disinformation and weaponizing their dominance of supply chains and shipping. The impact on Americans would be profound as their economy is heavily dependent on Chinese resources and manufactured goods. The United States must find ways to better protect against Chinese disinformation, reconfigure critical supply chains, and pursue a longer-term strategic drive to restore its dominance in global manufacturing.
READ THE STORY: The New York Times
Fake Android, iOS 2FA apps might be leaking your secrets
FROM THE MEDIA: Security researchers have found several fake authentication apps on both the Apple and Android app stores that scam users with low security for subscriptions as high as $40 per year. These suspicious apps often operate under the names of well-known Chinese smartphone manufacturers using Typosquatting. One fake app, called "Authenticator App: 2FA & MFA," was downloaded over 500,000 times on Android, and while Apple's App Store doesn't show download counts, it displays the app with a five-star rating and 121 ratings. The apps leak users' password generation seed and can be used by threat actors to bypass multi-factor authentication. Users are advised to use authenticator apps from reputable sources.
READ THE STORY: Candid Technology
When Low-Tech Hacks Cause High-Impact Breaches
FROM THE MEDIA: GoDaddy has disclosed that it was breached three times by the same sophisticated hacking group, resulting in stolen source code, customer and employee login credentials, and the installation of malware on customer websites. The attackers relied on vishing, or voice phishing, to trick employees into entering their login credentials at a phishing website. The March 2020 attack, which resulted in the loss of 28,000 customers' login credentials, was precipitated by a vishing attack on a GoDaddy employee. GoDaddy has not disclosed the source of the December 2022 breach that led to malware being installed on customer websites. While SMS and app-based codes can be undermined by phishing attacks, physical security keys are immune to these advanced scams.
READ THE STORY: Security Boulevard
Global finance wonks worry financial services are too invested in outsourcers, Big Tech
FROM THE MEDIA: The G20 bloc has expressed concern about the increasing reliance of financial institutions on Big Tech firms in a document following the First G20 Finance Ministers and Central Bank Governors Meeting. The Financial Stability Board has identified the complexity, opacity, and negative financial stability implications of dependence on a limited number of Big Tech and fintech providers, while the misuse of personal data is also a possible downside. The G20 awaits reports from the FSB, IMF, and OECD on how best to regulate crypto-assets, and is aiming for greater convergence in cyber incident reporting and coordination of relevant definitions and terminologies.
READ THE STORY: The Register
ChromeLoader campaign lures with malicious VHDs for popular games
FROM THE MEDIA: Security researchers have discovered that the ChromeLoader browser hijacking and adware campaign has switched to using VHD files named after popular games to distribute the malware. The malicious files were discovered by Ahnlab Security Emergency Response Center through Google search results to queries for popular games. The VHD files can be easily mounted on a Windows system and are supported by multiple virtualization software. The campaign appears to have switched to VHD packaging, with previous campaigns using ISO files. The ChromeLoader malware modifies browser settings, collects credentials and browser data, and generates revenue for its operators by redirecting users to advertisement sites. Users are advised to avoid downloading games from unofficial sources and keep away from cracks for popular products.
READ THE STORY: Bleeping Computer
China-Russia Alliance in Space Stumbles in Bid to Surpass the US
FROM THE MEDIA: China has downplayed the role of Russia, its closest partner in space, even as the two nations announced plans for a joint lunar project in 2021. Before Russia’s war in Ukraine, there were doubts about what Moscow could offer Beijing, and the war has further highlighted the decline in Russia’s space program. Since then, China has de-emphasized Russia's role in its space programs, and the two nations' planned International Lunar Research Station is yet to attract any other country. In the meantime, China has been trying to use its space program to compete with the US, attracting some partners from other nations. However, its space ally in Russia may be insufficient to resist US efforts to set the rules for the emerging space economy. Even with Chinese help, Russia's ability to support its space program remains in doubt, and the country is increasingly becoming a junior partner in the partnership.
READ THE STORY: BNN Bloomberg
Satellite shows destruction of elite Russian unit in Ukraine
FROM THE MEDIA: The latest UK Defence Intelligence update on the situation in Ukraine has revealed that recent satellite imagery shows a concentration of Russian vehicle losses in the Vuhledar sector of Donetsk Oblast. These losses are believed to be from Russia's elite 155th Naval Infantry Brigade, which has been at the forefront of recent costly offensives. The NI is seen as an elite infantry force within the Russian military, and it has been tasked with some of the toughest tactical missions in the war, suffering extremely high casualties. However, the update suggests that the supposed enhanced capability of the NI brigades has now almost certainly been significantly degraded due to backfilling with inexperienced mobilized personnel. This lack of experience is exacerbating Russian officers' tendency to micromanage, which in turn reduces operational agility. The update warns that there is a real possibility that degraded NI units will again be committed to new assaults near Vuhledar.
READ THE STORY: UK Defense Journal
Items of interest
How ChatGPT’s AI Will Become Useful
FROM THE MEDIA: When new technologies are introduced, people often try to test their limits or find their flaws. This is certainly the case with the latest generative AI chatbots, which are being put through their paces by users trying to break them. While this can be helpful in uncovering bugs and limitations, it can also lead to negative consequences, as demonstrated by Microsoft's experience with its Tay chatbot, which was turned into a "neo-Nazi sexbot" by users. To improve their performance, machine-learning systems now rely on a process called RLHF or reinforced learning from human feedback. However, some users can be rude or abusive, which can compromise the training process. As a result, some chatbots currently limit their human feedback training to paid contractors, though this will likely change in the future.
It's important to remember that every new technology is subject to breakage, as demonstrated by the many cyberattacks and glitches that have occurred over the years. However, despite the early glitches with generative AI, useful applications are beginning to emerge, such as conversational search, companions for the lonely, and potentially even custom-tailored education. Rather than focusing on the downsides, such as the potential for abuse or errors, we should embrace the process of uncovering flaws and improving these technologies as we move forward.
READ THE STORY: WSJ
Did China Use a Tiny Chip to Infiltrate U.S. Companies as Bloomberg Suggested? (Video)
FROM THE MEDIA: The Bloomberg article is thought-provoking and raises concerns about the manufacturing and validation of the hardware we use, as well as the potential for hidden elements. While Bloomberg is not a technical reporting agency, their reputation lends credibility to the report. It's possible that they had access to information and decided to release it in a way that would generate discussion and awareness.
Hacking the Arlo Q Security Camera: Bootloader Reverse Engineering (Video)
FROM THE MEDIA: In this video, the speaker is discussing their analysis of the Arlo Q security camera by Netgear. They are attempting to reverse engineer the firmware to understand how the bootloader security mechanism is implemented and potentially bypass it. They have found the password hash and plan to modify the firmware in a future video.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected to cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.
You skipped 416