Daily Drop: (420)

03-02-23

Thursday, March 02, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob

China holds up Arm’s exit from troubled joint venture

Analyst Comments: The delay in processing the paperwork for Arm to transfer its joint venture in China to SoftBank is significant because it could complicate plans to return Arm to the public markets. SoftBank has been relying on Arm's successful listing to help it recover from a broader tech downturn, but the uncertainty surrounding the status of the transaction may make that difficult. China's determination to keep Arm as the unit's largest shareholder highlights the importance of semiconductor technology in the ongoing chip war between China and the US. Arm's semiconductor blueprints underpin almost all mobile phones and a range of other devices, making it a valuable ally for China's semiconductor industry.

FROM THE MEDIA: Arm, the UK chip designer, is facing delays in its plan to offload its troubled joint venture in China to SoftBank, its owner. Chinese officials are reportedly holding up paperwork to process the share transfer, which was submitted around May 2021. This delay comes as Beijing is keen to keep Arm as the unit's largest shareholder, at a time when the US is attempting to cut off China's access to cutting-edge semiconductor technology. Arm's semiconductor blueprints underpin almost all mobile phones and a range of other devices. While Arm and SoftBank have been operating as if the restructuring has been completed for months, official and current corporate records in China show that Arm Limited UK still retains its 47.33% stake in Arm China. The uncertainty over the transaction's status could complicate plans to return Arm to public markets, and SoftBank has been counting on a successful listing to help the Japanese group recover from a tech downturn.

READ THE STORY:   FT

Is China Providing Russia With Military Support? It’s Hard to Tell, and That’s the Point

Analyst Comments: China's policy of military-civil fusion, which seeks to develop technologies with civil and military applications in concert, makes it difficult to differentiate between civilian and military use of certain technologies. The article suggests that the best way for the US to counter China's military-civil fusion is to invest in emerging technologies and foster an environment where innovation can flourish.

FROM THE MEDIA: The US is concerned about China's support for Russia and its possible supply of dual-use technologies with military applications to Moscow. Secretary of State Antony Blinken warned Beijing against providing weapons to Russia but suggested that China "almost certainly" has already supplied some non-lethal, dual-use type support. China's policy of military-civil fusion complicates the issue of dual-use items, which can include chemicals, software, materials, and computer chips, among others. Chinese firms producing dual-use technology have a global commercial reach, injecting significant complications for stemming the flow of military tech to US adversaries like Russia, as well as maintaining a competitive and military advantage more broadly. The best way to compete against China's military-civil fusion may be to keep investing in emerging technologies while fostering a society where the world's brightest minds are keen to do their best work.

READ THE STORY:   Time

Why the US Supreme Court is struggling with a case about YouTube's algorithms

Analyst Comments: The case arose after the family of an American student killed in an ISIS attack sued Google, claiming that its algorithms violated the US Anti-Terrorism Act by recommending ISIS propaganda to users. Justice Clarence Thomas posed a question about algorithmic neutrality, asking whether YouTube's algorithm recommends pro-ISIS propaganda in the same way it recommends videos about making rice pilaf. The article argues that algorithms are never truly neutral because they are the products of human decision-making, business priorities, and editorial discretion, and the justices' questions about algorithmic neutrality highlight the difficulties of applying the legal doctrine to the internet.

FROM THE MEDIA: The US Supreme Court is currently considering a case, Gonzalez v. Google, which involves the family of an American student killed in an ISIS attack in Paris in 2015 suing Google, claiming that its algorithms violated the US Anti-Terrorism Act by recommending ISIS propaganda to users. The case is testing the limits of Section 230 of the Communications Decency Act, which protects websites from being sued for content posted by third party users. Justice Clarence Thomas recently asked a question about the neutrality of algorithms and whether they can recommend harmful content in the same way they recommend harmless content. The court is grappling with the issue of whether internet companies are still protected under Section 230 if they employ algorithms that recommend harmful content, and whether algorithms can be truly neutral. Critics argue that algorithms are never neutral as they are designed and controlled by humans who have biases.

READ THE STORY:   QZ

Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity

Analyst Comments: The strategy suggests that relying solely on voluntary security frameworks and market forces to protect consumers and the nation from cybersecurity risks is inadequate. The Biden administration is calling for legislation that would prevent software makers from avoiding liability by contract and create higher standards for software in specific high-risk situations. This push for software liability represents a pivot in national cybersecurity policy, as previous administrations have largely relied on voluntary management of cybersecurity by software vendors and businesses.

FROM THE MEDIA: The Biden administration is pursuing legislation to establish liability for software companies that sell technology without cybersecurity protections. The administration has concluded that market forces alone are insufficient to protect consumers and the nation. The national cybersecurity strategy, which advocates creating liability for software vendors and developing a safe harbor framework to shield companies from liability, also recommends developing an expansive framework of cybersecurity regulations to protect the nation’s critical infrastructure. Any legislation should create higher standards for software in high-risk situations and prevent software makers from avoiding liability by contract.

READ THE STORY:   WSJ

Evolution of IT/OT Connectivity in Manufacturing Creates Cyber Risk

Analyst Comments: Interconnectivity elevates cyber risks, as demonstrated by the potential for targeted ransomware attacks to spread from IT to OT systems. Even air-gapped OT systems are vulnerable, as an unprotected USB port on a computer can be used to install malware. Legacy OT infrastructure, such as control systems and engineering workstations, may also rely on outdated hardware and unsupported operating systems, making them vulnerable to attacks. In addition, IoT devices in manufacturing can create a larger attack surface.

FROM THE MEDIA: The increasing interconnectivity between Operational Technology (OT) and Information Technology (IT) networks is bringing about digital transformation, enabling organizations to increase productivity, efficiencies, and safety while lowering operating costs. However, interconnectivity also elevates cyber risk, as successful attacks can result in disrupted operations, damaged reputation, and recovery expenses. OT systems that are decades old and run by control systems such as industrial control systems (ICS) and engineering workstations are particularly vulnerable as they often rely on outdated hardware, cannot be patched, and may run unsupported operating systems. Cybersecurity technology powered by AI-based lightweight agents can create and maintain a self-defending manufacturing floor to identify, prevent, and adapt to threats from both internal and external sources. Resource-constrained manufacturers and other critical infrastructure industries can engage with an experienced managed service provider (MSP) to assist with cybersecurity and fulfill regulatory and compliance requirements.

READ THE STORY:   Blackberry

CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access

Analyst Comments: Many critical infrastructure providers use legacy systems and equipment that may be difficult to patch or update, which can leave them vulnerable to known vulnerabilities and exploits.

FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has released a report urging critical infrastructure providers to strengthen their defenses against spearphishing attacks and enable phishing-resistant multifactor authentication, following a successful three-month red team assessment of a large organization in 2022. During the assessment, the red team used spearphishing emails to gain access to workstations at separate geographic locations, and then moved laterally around the network, gaining root access to multiple workstations adjacent to specialized servers. The organization failed to detect multiple actions by the red team, including lateral movement, persistence, and command and control activity. The report highlights concerns about network defenses, particularly when a red team can gain persistent access to an organization that has a mature security program. CISA did not disclose what type of critical infrastructure provider this was or why the organization requested the assessment.

READ THE STORY:   CyberSecurityDive

SpaceX is rolling out Starlink satellite internet in Africa but access is still wildly unaffordable for most people

Analyst Comments: Starlink's innovative approach could provide fast and stable internet service to rural and remote areas, where traditional internet satellites and mobile, wireless internet have less coverage and can be unreliable. While the cost of Starlink may be a concern for some users, faster internet access could propel Africa forward in areas such as education, agriculture, disaster risk reduction, and more. Additionally, Starlink's satellites can be used for tasks beyond internet access, such as remote sensing and Earth observations, which can benefit governments, researchers, and industries in Africa.

FROM THE MEDIA: Internet access is a basic necessity for people worldwide, yet only 64.4% of the global population is connected to the internet as of January 2023. While Asia and Europe have the highest number of internet users, Africa lags behind, particularly in rural areas. SpaceX's Starlink service, which uses satellite-based internet, has become available in Nigeria and Rwanda, and it will be rolled out in other African countries later this year. With fewer mobile phone masts or fiber optic cables needed, Starlink could be an innovative solution to fill Africa's connectivity gaps. However, the cost of Starlink may be a challenge for average rural households. Despite this, faster internet can propel Africa forward in education, democracy, and governance, disaster risk reduction and mitigation, health, and agriculture. In addition to providing internet access, Starlink satellites can also be used for tasks like remote sensing and Earth observations, which can benefit governments, researchers, and industries in the continent.

READ THE STORY:   FORTUNE

How Europe seeks to battle Russia’s charm offensive in Africa

Analyst Comments: This strategy includes arms sales, political support for authoritarian leaders, and security collaboration at the expense of French influence in the Sahel region and central Africa. Russia's approach also involves offering business opportunities and diplomatic support for its foreign policy preferences. Meanwhile, the EU is attempting to establish a broad political and economic relationship with African states by offering trade, investment, aid, and technical support in exchange for greater control over irregular migration.

FROM THE MEDIA: Russia's growing influence across Africa has raised significant concerns among European nations who are struggling to find ways to counter it. While China measures its influence through infrastructure investment and the EU aims to build a broad political and economic relationship with African states, Russia's strategy involves arms sales, political support for authoritarian leaders, and security collaboration. Moscow has used "memory diplomacy" in Africa, marketing itself as an anti-colonial power that has helped African countries attain their freedom and sovereignty. Russia's tactics have proved successful, tapping into pre-existing anti-US and anti-West sentiments. However, the EU is pushing back by launching a new platform to counter disinformation campaigns by Russia and China and increasing the presence of disinformation experts in EU delegations abroad. Despite this, African leaders are becoming increasingly resistant to Western diplomatic attempts to target Russia. As Russia's influence grows, the EU and the US need to find more effective ways to counteract it.

READ THE STORY:   EURACTIV

The IDF introduces artificial intelligence to the battlefield – a new frontier.

Analyst Comments: The integration of Artificial Intelligence (AI) into military operations is raising concerns about accountability and responsibility in case of harm to civilians or civilian objects. It is important to maintain human decision-making in the loop and exercise prudence while deploying new military capabilities, especially those that are not yet regulated, like AI-based tools. By keeping humans in the loop, accountability can be ensured, and risks associated with the use of AI tools can be better understood and managed.

FROM THE MEDIA: Artificial Intelligence (AI) in the Israeli Defense Forces (IDF), as reported by several high-ranking IDF officers. The IDF is using AI tools to assist with offensive decision-making and to aid in defensive measures such as detecting missile or rocket attacks and safeguarding border movement. However, the use of AI in military operations raises questions about compliance with international humanitarian law (IHL) and the impact on civilians and civilian objects. Article 36 of Additional Protocol I to the Geneva Conventions obliges states to determine whether the employment of new weapons or new means or methods of warfare would be prohibited under international law. While Israel is not a party to AP I, it is a party to the International Covenant on Civil and Political Rights, which invites preventive impact assessment measures, including legal reviews for new weapons.

READ THE STORY:   Lieber Institute

Linux Support Expands Cyber Spy Group's Arsenal

FROM THE MEDIA: The Lucky Mouse threat group, also known as APT27, Bronze Union, Emissary Panda, and Iron Tiger, has developed a Linux version of its malware toolkit called SysUpdate. This expands the group's ability to target Linux devices. Trend Micro has noted that the Windows variant of the tool was observed in June 2022, almost one month after the command-and-control infrastructure was set up. Over the past two years, campaigns by the group have relied on supply chain compromises to gain access to compromised systems. The latest campaign has targeted a gambling company in the Philippines. The new malware is notable for using the Asio library to port the file-handling functions, indicating that the adversary is looking to add cross-platform support for the malware.

READ THE STORY:   THN // DARKReading

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

FROM THE MEDIA: In January and February 2023, six law firms were targeted in two separate threat campaigns that distributed GootLoader and FakeUpdates malware strains. GootLoader is a first-stage downloader that uses search engine optimization poisoning to lead victims to drive-by download sites that drop JavaScript malware, while FakeUpdates is a downloader capable of dropping more executables. Both campaigns took advantage of websites frequented by legal firms to distribute the malware, and no ransomware was deployed, suggesting that the attacks could have diversified in scope to include espionage operations. These attacks highlight the growing trend of browser-based attacks as a primary infection vector, in competition with email-based attacks.

READ THE STORY:  THN

DoD interested in smartphone-to-satellite communications services

FROM THE MEDIA: The US Defense Department is interested in emerging communications services that connect phones directly to satellites. This would enable the DoD to equip warfighters with smaller, lighter, more capable, and inexpensive communication devices, said Clare Grason, head of the Pentagon’s commercial satellite communications office. Her office is working on a solicitation for direct-to-device satellite communications services to be released later this year. A number of companies have entered the direct-to-cell race, including Iridium, Lynk Global, AST SpaceMobile, Samsung, and Globalstar. Grason said the DoD is also looking to diversify the types of satellite communications services it buys from the private sector, and as early as May, it plans to award contracts for satcom services provided by low Earth orbit internet companies.

READ THE STORY:   SN

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

FROM THE MEDIA: Cisco has released security updates to fix a critical flaw, CVE-2023-20078, impacting its IP phones. The vulnerability is a command injection bug that can be exploited by an unauthenticated remote attacker to inject arbitrary commands. The attack can be executed with the highest privileges on the underlying operating system. Successful exploitation of the bug could lead to complete control of the device. Cisco also fixed a high-severity denial-of-service (DoS) vulnerability, CVE-2023-20079, affecting the same devices, as well as Cisco Unified IP Conference Phone 8831 and Unified IP Phone 7900 Series. The company does not plan to fix CVE-2023-20079, as both the Unified IP Conference Phone models have entered end-of-life (EoL).

READ THE STORY:  THN

Canadian book giant says employee data was stolen during a ransomware attack

FROM THE MEDIA: Canadian bookseller Indigo has admitted that employee data was stolen in a ransomware attack last month, although it denied that any customer information was compromised. Indigo, which is based in Toronto and has over 8,000 employees across more than 160 stores, did not reveal how many people were affected. The company said current and former employees would be contacted by identity theft management firm Cyberscout, with those without email addresses sent letters. It was initially claimed that LockBit had carried out the attack. The group has given Indigo until Thursday to pay a ransom before it leaks the information.

READ THE STORY:   The Record

How Cambodia-based scammers made an estimated $3 million in ‘pig butchering’ scheme

FROM THE MEDIA: Senior threat researcher at cybersecurity firm Sophos, Sean Gallagher, has uncovered a cryptocurrency scam run by a Cambodia-based threat actor he dubbed “Sour Grapes”. Cybercriminals use social engineering tactics to trick victims into revealing sensitive information or transferring money. In this particular scheme, unsuspecting victims are contacted via dating apps, social media, or SMS and encouraged to switch to another messaging platform before being tricked into depositing money into fake decentralized finance apps. Sophos estimates that the scam made over $3 million in cryptocurrency over a period of five months. Gallagher said that these types of lures are particularly popular among Chinese organized crime operations working out of countries in Southeast Asia, including Cambodia, Myanmar, and Laos.

READ THE STORY:   The Record

Washington state public bus system confirms ransomware attack

FROM THE MEDIA: Pierce Transit, a public transportation system in Washington State, suffered a ransomware attack on February 14. The transit system, which serves about 18,000 people each day, said it had engaged third-party forensic experts to conduct an investigation and had notified law enforcement. The LockBit ransomware group claimed responsibility for the attack and demanded a ransom by February 28. The agency said it is still investigating the incident and is attempting to determine what sensitive data was accessed. Pierce Transit is the latest transportation organization to suffer from a ransomware attack, with previous victims including San Francisco Bay Area Rapid Transit, the Toronto Transit Commission, and New York City’s Metropolitan Transportation Authority.

READ THE STORY:   The Record

Why China Is Not a Superpower

FROM THE MEDIA: China's current power position compares it to the United States and the Soviet Union during the Cold War era using the concepts of polarity, hegemony, and superpower. While China is considered a pole in the bipolar U.S.-China system, it is not a regional hegemon or a superpower according to William T.R. Fox's original definition. China has global economic power and influence, but its military's geographic reach is limited to the Asian and Indo-Pacific theaters. The United States and its allies will seek to prevent China from gaining regional hegemony, and any attempts by China to become a true superpower will require it to leapfrog the geopolitical constraints of its home region. Therefore, in the short to medium-term, the U.S.-China rivalry will be regional and predominantly naval, while any attempts by China to extend its military reach beyond Asia will define their rivalry in the long term.

READ THE STORY:   FP

Canada Found, Retrieved Chinese Spy Buoys in Arctic

FROM THE MEDIA: The Canadian military retrieved Chinese spy buoys in the Arctic last fall that were monitoring U.S. submarines and the melting of ice sheets, according to retired Canadian Armed Forces Lieutenant-General Michael Day. The Chinese buoys were likely being used to map seabeds and ice thickness, as well as monitor U.S. nuclear submarine traffic in the Arctic. Beijing is interested in the possibility of reducing shipping costs by traveling through Arctic waters, which are becoming more navigable as a result of climate change. Canada considers the Northwest Passage, a sea route linking the Atlantic and Pacific oceans in Canada's Arctic Archipelago, to be its waters and governed by Canadian law. However, China hopes to open a shorter sea trade route to Europe as global warming melts the ice caps.

READ THE STORY:   VOA

How people have sent secret messages throughout history, from invisible ink to coded hairstyles and laundry

FROM THE MEDIA: During World War II, invisible ink was a popular way to send secret messages. The ink was made using various substances, such as milk, lemon juice, or urine, and would only become visible when heated or exposed to a particular chemical. The Germans and the British both used this method extensively, with the Germans sending messages using urine-based ink and the British using lemon juice. One of the most famous examples of this was when the British sent a message to the US in invisible ink, urging them to join the war effort.

READ THE STORY:   INSIDER

Why Biden Wants to Keep the Law That Allows NSA Mass Surveillance, and Republicans Want to Kill It

FROM THE MEDIA: Section 702 of the Foreign Intelligence Surveillance Act is up for renewal in Congress, and the Biden administration is urging for its reauthorization. The law allows the National Security Agency to intercept the communications of foreigners without a warrant, which has led to concerns of Americans' civil liberties being violated. The program, known as PRISM, was made public by whistleblower Edward Snowden in 2013, and subsequent analyses found that some Americans did get swept up in the data collected. Some Republicans have turned against the program due to revelations of FBI abuse, while the Biden administration argues for its renewal as a vital tool to combat terrorism, cybercrime, and foreign espionage. The debate over the future of Section 702 is shaping up to be a clash among those who want to preserve the law as it is, those who want to reform it, and those who want to let it expire.

READ THE STORY:  SLATE

The Balloon Incident and Evolution of Espionage

FROM THE MEDIA: Espionage has been around for thousands of years, but has evolved significantly with the advent of new technologies. Balloons have been one such technology that has been used in espionage, with one of the earliest known uses occurring during the Napoleonic Wars. Balloons were also used for aerial reconnaissance in World War I, and by both the US and Soviet Union during the Cold War. Recently, Chinese surveillance balloons have caused tension between the US and China, with concerns that they may be used for spying on military facilities. This is not the first time that balloons have been used for attacks on the US, with Japan's Fu-Go balloons being used to launch small explosive payloads during World War II. The history of the Fu-Go balloons highlights the need for nations to use people-to-people interactions to better anchor their relationships and avoid causing greater instability.

READ THE STORY:   Modern Diplomacy

How Russia uses telegram to spy on opponents of the invasion in Ukraine

FROM THE MEDIA: According to a detailed investigation by Wired magazine, the messaging application Telegram, created with the aim of allowing users to communicate privately and securely, has become a powerful weapon that the Kremlin uses against activists and opponents after the invasion of Ukraine. Experts and activists have stated that the Kremlin has begun to exploit the app’s weaknesses as it intensifies its crackdown on opponents. The platform, which has been billed as a haven for secure and anonymous communication, requires users to go out of their way to set a chat to “secret”. Unlike WhatsApp or Signal, end-to-end encryption is not the default and is not available for groups. The lack of transparency in Telegram's activities makes it impossible to know what’s really going on. In most cases, Telegram’s lack of transparency makes it “impossible to know what’s really going on…whether spyware or Kremlin informants have been used to break in,” according to Wired. The design of Telegram's application programming interface allows access to user content for mass surveillance.

READ THE STORY:   TS

Multi-Year Spearphishing Campaign Targets the Maritime Industry Likely for Financial Gain 

FROM THE MEDIA: EclecticIQ Intelligence and Research Team have released a report on a campaign using phishing lures impersonating the maritime industry. The campaign, which likely targets the maritime industry for financial gain, uses spearphishing emails to distribute remote access trojans (RATs), initially distributing Agent Tesla and then shifting to Formbook. The campaign is almost certainly conducted by a single related threat cluster, and its spearphishing emails often contain real maritime vessel names and shipping-specific terminology to make the emails appear more authentic. The maritime industry is particularly susceptible to BEC attacks due to a large amount of email communication and frequent charges, making training users to recognize phishing lures increasingly important.

READ THE STORY:   Security Boulevard

Items of interest

Big Tech on notice as regulators in Africa group to investigate their market conduct

FROM THE MEDIA: Competition watchdogs from several African countries are planning to investigate the market conduct of global digital companies, including Google and Meta, which have faced investigations and remedial action in other jurisdictions. The regulators from Kenya, Egypt, Mauritius, Nigeria, South Africa, Morocco, Gambia, and Zambia agreed to form a working group to raise mutual concerns related to competition and consumer welfare in Africa. The group will also work towards fostering collaborative action against obstacles limiting the emergence and expansion of African digital platforms. The focus areas will be e-commerce, aggregator services, matchmaker services, digital advertising, fintech, and app stores. While the regulators will conduct market inquiries collaboratively, enforcement by member states will be done independently and according to their laws.

READ THE STORY:   TC

Data and Disinformation: Investigating Cambridge Analytica (Video)

FROM THE MEDIA: While Charles Krugman did appear as a witness before the UK House of Commons Select Committee investigating Facebook and Cambridge Analytica, he did not testify that the data analytics firm that worked on Trump's campaign was involved in one of Facebook's biggest ever data breaches. The data breach in question, which involved the harvesting of millions of Facebook users' data without their consent, was linked to the personality quiz app "This Is Your Digital Life" created by researcher Aleksandr Kogan. This data was later obtained by Cambridge Analytica, which used it to target political ads during the 2016 US presidential election. Krugman did discuss the use of data by political campaigns and the role of Facebook in facilitating this but did not specifically link Cambridge Analytica to the data breach.

Information war: Moscow’s messaging puts France on the back foot in Africa (Video)

FROM THE MEDIA: The recent tour of the African continent by Russia's foreign minister has raised concerns over Russia's growing influence in the region. This includes Mali, where coup leaders have ousted the French and replaced them with Wagner mercenaries, a situation that has already occurred in the Central African Republic. There are fears that Burkina Faso may be next to welcome Russian involvement. This trend highlights the complex dynamics of influence in Africa and the challenges faced by various actors in maintaining their position.

These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.