Daily Drop: (434)

03-18-2023

Saturday, March 18, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob

Can war games really help us predict who will win a conflict

Analyst Comments: The war games run by US think tanks and reports of classified Nato-Ukraine war games and declassified Air Force war games highlight the significance of preparing for a future conflict over Taiwan. The possibility of a bloody stalemate and “a huge cost” for all countries involved underscores the need for new fighter jets and bombers to defeat China. The importance of war games in understanding the impact of the nuclear revolution, information age warfare, and human behaviors in unpredictable and rare scenarios cannot be overemphasized. However, the fact that organizations can change rules to sway outcomes and leak results when it benefits their cause is a significant challenge. Therefore, policymakers must evaluate not just the outcomes of a game, but its design: the rules, assumptions, scenarios, and players, and ensure good data collection.

FROM THE MEDIA: War games, interactive events with expert players, immersed in scenarios, bounded by rules, and motivated by consequence-based outcomes, are gaining attention for their ability to provide policymakers with compelling evidence for difficult choices. Despite their ability to offer insight, it is important to evaluate a war game’s design, including its rules, assumptions, scenarios, and players. The best war games control for bias within their scenarios and rules, while good data collection is also vital. The results of a single game should not be relied upon, instead, policymakers should look for insights across multiple games to draw their conclusions. War games are not predictions of the future but can help us understand human behavior in unpredictable scenarios.

READ THE STORY:   FT

China says US 'suppressing' TikTok after ban ultimatum

Analyst Comments: US and UK bans on TikTok are a significant development in the ongoing tensions between the West and China. These actions show that governments are taking a firmer stance on Chinese-owned tech companies, citing fears over national security and the potential for data abuse by Chinese officials. The widespread use of TikTok among young people also raises concerns over the potential impact on free speech and cultural exchange. The significance of these bans will depend on whether they remain limited to government devices or if they are expanded to include all US and UK citizens.

FROM THE MEDIA: China has urged the US to stop their "unreasonable suppression" of TikTok after Washington gave the popular video-sharing app an ultimatum to part ways with its Chinese owners or face a US ban. The UK has followed suit, announcing a security ban on the video app on government devices, citing fears that user data could be used or abused by Chinese officials. A TikTok spokesperson told AFP that calls for a ban or divestment were unnecessary and that the best path forward to address concerns about national security was transparent on US-based protection of user data and systems. The US White House on Wednesday told the app that it would be banned in the US if it continued to be owned by the Beijing-based tech firm.

READ THE STORY:   The East African

‘No magic bullet’ for North Korea

Analyst Comments: The frustration expressed by the Biden administration officials regarding the current policy towards North Korea highlights the challenges and complexities of the situation. While the US has extended an invitation to North Korea to discuss any matter, it appears that the regime is focused on advancing its weapons programs, which poses a threat to regional stability. It is important for the US to continue to work with allies in the region to address the North Korean issue and explore new policy avenues to achieve a peaceful resolution.

FROM THE MEDIA: According to two senior Biden administration officials, the North Korean policy is not working, but there are no better policy alternatives to pursue. The regime has remained silent to an invitation to discuss any matter without preconditions, despite launching intercontinental ballistic missiles and possibly preparing for a seventh nuclear test. One official stated that North Korea does not like the overall policy, and over the last 25 years, almost every approach has been tried, but none have worked. Experts argue that the administration has not tried everything to change its fortunes with North Korea and is hesitant to inflict greater economic pain to drive the regime to the negotiating table. It is also noted that the administration has played a bad hand as well as possible, and sometimes a correct approach does not achieve the desired outcome. Despite the increased pace of US-South Korean military exercises, the administration is still expected to find a strategy to get North Korea back to the table.

READ THE STORY:   Politico

iCET: The Arc of Instability in South Asia

Analyst Comments: The initiative on Critical and Emerging Technologies (iCET) has the potential to interrupt and disrupt the volatile security architecture of the South Asian region, with Pakistan and China likely to be impacted the most. The Indo-U.S. strategic relations have always impacted the security calculus of the region. The iCET is likely to compound the situation by placing Pakistan in an uncomfortable position, thus likely to be marginalized in the security calculus of the U.S. The strategic initiative might be fruitful for the two states but has the potential to increase the asymmetry in the balance of power among the South Asian rivals. In response, there is a need for a broader framework on regional security, where the U.S. must show responsibility by minimizing long-standing conflicts in South Asia through dialogues and table talks.

FROM THE MEDIA: The U.S. President Joe Biden and Indian Prime Minister Narendra Modi launched a new India-U.S. ‘Initiative on Critical and Emerging Technologies (iCET)’ to expand the strategic technology partnership and defense industrial cooperation between the two countries. The initiative was formally spearheaded on 31 January 2023 by the National Security Advisors of both countries, Jake Sullivan and Ajit Doval, who identified key technology sectors such as defense, semiconductor supply chains, space, and STEM, among others, for co-development and co-production. The partnership aims to enable an open, accessible, and secure technology ecosystem based on mutual trust and confidence, that reinforces democratic values and institutions. The initiative also involves the establishment of a joint Indo-U.S. quantum coordination mechanism, the development of consensus, and the coordination of multi-stakeholder standards in line with democratic values.

READ THE STORY:   Modern Diplomacy

Russia May Be Reviving Cyber Ops Ahead of Spring Offensive

Analyst Comments: Russia’s military's cyber strategy is likely to be viewed as highly significant by Ukraine and its allies, given the potential for such attacks to disrupt government services and infrastructure. The fact that Microsoft believes that Russia may be preparing for an uptick in ransomware and increased influence operations is a cause for concern and suggests that the country is preparing to escalate its cyber offensive. The fact that Moscow has targeted European governments is also a warning sign and indicates that Russia is willing to target Western allies in order to achieve its objectives.

FROM THE MEDIA: Russian hackers are believed to be intensifying their cyber espionage efforts in preparation for a potential spring offensive. Microsoft reports that the Kremlin has stepped up its efforts to access the systems of European nations that are helping to defend Ukraine, using crypto-locking malware to do so. The company forecasts an increase in ransomware attacks, along with attempts to gain initial access to systems and more influence operations, although the Ukrainian government believes that Moscow is reserving its most sophisticated attacks for long-term espionage. Meanwhile, the Sandworm hacking team, which is said to be part of Russia’s military intelligence agency, is believed to be preparing a new wave of destructive malware. Microsoft warns that its allies should remain vigilant for any attempts by Russia to influence foreign policy discussions or elections via hack-and-leak operations.

READ THE STORY:   GovInfoSec

Yes, Xi Jinping Is Now More Powerful Than Mao Zedong Ever Was

Analyst Comments: The re-election of Xi Jinping to a third five-year term as leader of China, coupled with his increased power and consolidation of control, is significant both tactically and strategically. The move upends the political reforms made by Deng Xiaoping in the 1980s to prevent a single individual from taking control of the entire Chinese political system and to avoid repeating the trauma of the last years of Mao's rule. Xi's aggressive stance towards the West, particularly the United States, and his appointment of a defense minister sanctioned by the U.S. government suggest a potential for conflict. Moreover, China's economic growth, demographic crisis, and declining foreign investment will pose significant challenges to Xi's goal of reviving the Chinese nation.

FROM THE MEDIA: Chinese Communist Party leader Xi Jinping has been re-elected to a third five-year term in a legislative assembly convened to rubber stamp decisions of the authoritarian power. His victory was a mere formality after legislative amendments to erase term limits that would have forced him out. He now holds more power than Mao Zedong and has placed only trusted men on the party's Politburo Standing Committee, chosen for their loyalty to him and his ideology, not for their merits. This has allowed him to take apart much of the administrative and political reforms made by Deng Xiaoping in the 1980s. Xi has defined the "rebirth" of China as the Communist Party's most important mission, and to do this, the Chinese regime will have to overcome many challenges, including a structural decline in economic growth, a serious demographic crisis, and growing mistrust of foreign investors seeking alternative production sites outside the country.

READ THE STORY:   WorldCrunch

One killed in blast at FSB building in southern Russia

Analyst Comments: The cause of the fire is currently under investigation, and it is unclear whether the incident is related to the ongoing conflict in the region. However, the location of the building and its connection to Russia's FSB security service raises concerns that it could be a targeted attack. The incident's significance is uncertain at this point, but it could indicate a potential escalation of the conflict between Russia and Ukraine. It could also lead to increased security measures by the Russian government and its security forces in the region.

FROM THE MEDIA: On March 16, 2023, an explosion and fire occurred at a building belonging to Russia's FSB security service in the southern city of Rostov-on-Don, resulting in one fatality and two injuries, according to officials quoted by Russian news agencies. The FSB claimed the fire was caused by fuel and lubricants that caught fire in a workshop, causing an explosion and the partial collapse of the building housing its border patrol section. Rostov Governor Vasily Golubev said the fire appeared to have been caused by an electrical short-circuit. Nearby buildings were evacuated while the fire burned. The incident occurred in a region that adjoins parts of eastern Ukraine where battles with Russia are raging, raising questions about the cause of the fire.

READ THE STORY:   Reuters

Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Analyst Comments: The use of copycat websites to distribute clipper malware targeting cryptocurrency wallets represents a significant threat to users' funds. The malware's ability to intercept chats, steal seed phrases, and exfiltrate Telegram conversations highlights the attackers' technical proficiency. Furthermore, the malware's ability to harvest device information and distribute RATs shows that the attackers are pursuing a wider range of objectives. The fact that the malware is primarily targeting Chinese-speaking users suggests a political motivation, likely aimed at circumventing the ban on Telegram and WhatsApp in China. The development of the malware's OCR capabilities and its integration into instant messaging apps make it a novel and emerging threat.

FROM THE MEDIA: Copycat websites for popular messaging apps such as Telegram and WhatsApp are being used to distribute cryptocurrency clipper malware to Android and Windows users, according to Slovak cybersecurity firm ESET. The attackers use fraudulent ads on Google search results that lead to sketchy YouTube channels to direct users to lookalike sites. The clipper malware is designed to intercept a victim's chats, replace sent and received cryptocurrency wallet addresses with addresses controlled by the attackers, and steal seed phrases using machine learning. In addition, the malware can exfiltrate Telegram conversations for certain Chinese keywords related to cryptocurrencies, harvest device information, and Telegram data, and distribute RATs to gain control of infected hosts and perpetrate crypto theft. The campaign is aimed at Chinese-speaking users and was developed by different threat actors.

READ THE STORY:   THN

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

Analyst Comments: HinataBot botnet represents a significant threat to organizations' cybersecurity, as it can leverage known vulnerabilities to compromise routers and servers and launch DDoS attacks. The botnet is still in active development, indicating that threat actors will likely continue to improve its capabilities and evade detection. The botnet's use of Golang makes it more challenging to reverse engineer and detect its binaries. The UDP flood generated by HinataBot in a hypothetical real-world attack with 10,000 bots would peak at more than 3.3 terabits per second (Tbps), making it a potent volumetric attack capable of causing significant damage. The emergence of HinataBot and other Go-based threats underscores the need for organizations to be proactive and develop a DDoS response strategy to mitigate the risks associated with DDoS attacks.

FROM THE MEDIA: The HinataBot botnet has been observed to exploit known vulnerabilities to compromise servers and routers and use them to launch distributed denial-of-service (DDoS) attacks. The botnet, developed using Golang, is still in active development, with newer artifacts being detected in Akamai's HTTP and SSH honeypots. HinataBot is capable of contacting a command-and-control (C2) server to listen for incoming instructions and initiate DDoS attacks against a target IP address for a specified duration. The malware can carry out attacks using HTTP and UDP protocols. A UDP flood in a hypothetical real-world attack with 10,000 bots would peak at more than 3.3 terabits per second (Tbps), while an HTTP flood would generate traffic of roughly 27 gigabits per second (Gbps). The HinataBot botnet is the latest to join the list of emerging Go-based threats, such as GoBruteforcer and KmsdBot.

READ THE STORY:   THN

Dutch shipping giant Royal Dirkzwager confirms Play ransomware attack

Analyst Comments: Dutch maritime logistics firm Royal Dirkzwager has been hit by ransomware from the Playgroup, compromising the company's servers and potentially exposing personal information and contracts. The attack has had a significant emotional impact on employees, according to the company's CEO, Joan Blaas. The Dutch Data Protection Authority has been informed of the attack, and negotiations with the cybercriminals are ongoing. The Play ransomware group first emerged in July 2022, targeting government entities in Latin America, and is now reportedly responsible for a string of attacks on various industries. The shipping industry has been particularly vulnerable to ransomware attacks in recent years, with DNV, the world’s largest classification society, among the most high-profile victims.

FROM THE MEDIA: The ransomware attack on Royal Dirkzwager is significant in its potential to disrupt the maritime industry, particularly given the company's role in providing information to over 800 maritime organizations and registering 200,000 ship movements a year. The attack highlights the ongoing and growing threat of ransomware to critical infrastructure and the need for improved cybersecurity measures in the industry. It also underscores the fact that ransomware actors are becoming more sophisticated, targeting multiple industries and geographies, and frequently achieving significant financial gain.

READ THE STORY:   The Record

Suspected China-linked hackers exploit Fortinet zero-day in a spying campaign

Analyst Comments: The report of the UNC3886 Chinese hacking group using zero-day vulnerabilities to deploy custom malware to spy on government, defense, telecom, and tech organizations is a significant tactical event. These types of cyber espionage attacks on high-value targets continue to be a serious threat to national security, and this report serves as a reminder that they are becoming increasingly sophisticated. The report also underscores the need for increased cybersecurity measures, especially in regard to internet-exposed systems such as firewalls, smart devices, and VPN technologies. These types of attacks can have significant strategic consequences and can cause major disruptions to critical infrastructure, potentially leading to severe economic damage.

FROM THE MEDIA: Chinese state-sponsored hacking group, UNC3886, has used zero-day vulnerabilities to deploy custom malware and spy on government, defense, telecom, and tech organizations, according to a report by cybersecurity firm Mandiant. The group, which Mandiant called "an advanced cyber espionage group with unique capabilities," used backdoors on Fortinet and VMware systems to attack victims' devices. The firm found that the group had almost 10 victims in the defense, technology, and telecom sectors in the US, Europe, and Asia. According to Mandiant, the incident highlights the vulnerability of internet-exposed systems such as firewalls, smart devices, and VPN technologies to cyberattacks, especially as many do not support endpoint detection and response security software. The report also predicted that other threat actors would likely attempt to build similar tools for future attacks.

READ THE STORY:   The Record

Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York

Analyst Comments: The arrest of Conor Brian Fitzpatrick is significant as it highlights the continuing efforts of law enforcement agencies to crack down on illegal hacking activities. Fitzpatrick's involvement in running the BreachForums website has led to the hosting of stolen databases belonging to several companies, making him a threat to cybersecurity. The BreachForums website has also been known to contain sensitive personal information, putting individuals at risk of identity theft and other forms of cybercrime. Fitzpatrick's arrest is expected to have a positive impact on efforts to curb hacking activities, but the rise of other similar forums, as well as the creation of remote access trojans, highlights the need for continued vigilance and investment in cybersecurity.

FROM THE MEDIA: A New York man, Conor Brian Fitzpatrick, has been arrested by U.S. law enforcement authorities for running the BreachForums hacking forum under the online alias "Pompompurin". The suspect has been charged with one count of conspiracy to solicit individuals with the purpose of selling unauthorized access devices. The FBI agent in charge of the case has stated that the suspect has admitted to being the owner of the BreachForums website. BreachForums is known for hosting stolen databases belonging to several companies, often containing sensitive personal information. The forum emerged last year after the law enforcement operation seized control of RaidForums in March 2022. Another forum user named Baphomet has taken ownership of the website after Fitzpatrick's arrest. The development comes as the Cyber Police of Ukraine announced the arrest of a 25-year-old developer who created a remote access trojan that infected over 10,000 computers under the guise of gaming apps.

READ THE STORY:   THN

OpenAI CEO cautions AI like ChatGPT could cause disinformation, cyber-attacks

Analyst Comments: The identified attack on government organizations is significant in a strategic and tactical sense as it demonstrates the potential of sophisticated attackers to exploit zero-day vulnerabilities to conduct cyber espionage. The attack was highly targeted, with advanced capabilities demonstrated by the attackers, and resulted in the backdooring of multiple devices to ensure continued access to the victims' networks. It highlights the need for government organizations and large enterprises to take proactive measures to detect and remediate zero-day vulnerabilities in their systems to prevent cyber espionage and data exfiltration.

FROM THE MEDIA: The CEO of OpenAI, Sam Altman, has voiced concerns that the company's artificial intelligence technology, ChatGPT, may pose significant risks as it reshapes society. Altman highlighted that regulators and society must be involved with the technology as he is worried that these models could be used for large-scale disinformation, and ChatGPT might be used for offensive cyber-attacks. Altman emphasized that AI can only function with human guidance or input, and he is more concerned with the people who will be in charge of the technology than with the technology itself. The CEO warned that society has a limited amount of time to figure out how to regulate AI technology and handle it. Elon Musk has often warned that AI is more hazardous than a nuclear weapon, and he was one of the initial investors in OpenAI while it was still a non-profit organization.

READ THE STORY:   Interesting Engineering

Ransomware Attacks in Manufacturing and What Business Leaders Fear Most

Analyst Comments: Cyberattacks on manufacturing industries have caused significant financial losses, with MKS Instruments and Applied Materials taking hits of over $200 million and $250 million, respectively. The surge in cyberattacks against U.S. manufacturers and over 40% of UK manufacturing firms experiencing cyber incidents resulting in work stoppages in the past year suggests that this trend will continue. These attacks can cause significant disruptions to operations, damage reputation, theft of intellectual property, and collateral damage. The impact of cyberattacks on such systems can be far-reaching and extremely damaging, making the need for a self-defending factory floor critical to maintaining a secure, reliable, and profitable production pipeline.

FROM THE MEDIA: MKS Instruments announced that they will miss Q1 revenue projections by 20% due to a ransomware attack that impacted their ability to process orders, ship products, and provide services to their customers. This attack has also affected Applied Materials, which announced a $250 million financial hit in Q2 due to a cybersecurity event from one of its suppliers. Cyberattacks against U.S. manufacturers have surged by 70%, and research conducted by BlackBerry and Make UK found that over 40% of UK manufacturing firms have experienced cyber incidents resulting in work stoppages in the past year. These attacks have prompted manufacturers to fear production stoppages, damage to reputation with customers/suppliers, unauthorized access, intellectual property theft, collateral damage, impacts on safety, and impacts on product quality.

READ THE STORY:   Blackberry

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps

Analyst Comments: An android voice phishing malware campaign is significant due to its ability to extract private data from a victim’s device, which can result in financial loss, and its use of anti-analysis techniques. The campaign's re-emergence in South Korea is a warning to other regions of the world that the same tactics can be repurposed to target them. The continued growth of mobile banking trojans, despite the decline in overall malware installers, indicates that cybercriminals are focusing on financial gain. The increasing sophistication of mobile banking trojans poses a significant risk to financial institutions and their customers.

FROM THE MEDIA: A FakeCalls Android voice phishing malware campaign, which pretends to be over 20 popular financial apps, has reappeared in South Korea. The malware can extract private data from a victim’s device and is also able to imitate phone conversations with a bank customer support agent. Users who install the rogue banking app are enticed into calling the financial institution by offering a fake low-interest loan. The ultimate goal of the campaign is to obtain the victim’s credit card information, which the threat actors claim is required to qualify for the non-existent loan. The malware developers have used special techniques to hide from analysis and implemented several unique and effective anti-analysis mechanisms. The cybersecurity company, Check Point, warns that the same tactics can be repurposed to target other regions across the world. Meanwhile, Kaspersky has detected 196,476 new mobile banking trojans and 10,543 new mobile ransomware trojans in 2022, with mobile banking trojans becoming increasingly sophisticated.

READ THE STORY:   THN

LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions

Analyst Comments: The joint cybersecurity advisory by the US government agencies aims to alert organizations of the tactics, techniques, and procedures employed by the LockBit 3.0 ransomware group to help them prevent, detect, and respond to attacks. The widespread use of ransomware like LockBit 3.0 poses a significant threat to organizations' operations, finances, and reputation, and the frequency and severity of attacks are increasing. The LockBit ransomware strain has been used against at least 1,000 victims worldwide, and the operation has netted over $100 million in illicit profits.

FROM THE MEDIA: US government agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC), have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with LockBit 3.0 ransomware, which operates as a Ransomware-as-a-Service model. Since emerging in late 2019, the LockBit actors have invested significant technical efforts to develop and fine-tune its malware, issuing two major updates. The ransomware is also designed to infect only those machines whose language settings do not overlap with those specified in an exclusion list, which includes Romanian (Moldova), Arabic (Syria), and Tatar (Russia). The malware is initially accessed via RDP exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and weaponization of public-facing applications.

READ THE STORY:   THN

US Experts Urge More Efforts to Thwart China’s Acquisition of US Military Technology

Analyst Comments: Chinese espionage is causing concern among former US officials and experts, who call for increased efforts to counter Beijing's theft of American military technology. China has used traditional methods like spies and bribes, as well as cyberattacks, to acquire information on military weapons. The country has developed its J-20 fighter jet and hypersonic weapons using stolen US technology. Additionally, China has hired Chinese scientists who previously worked on US projects, including deep-penetrating warheads and submarine technologies. Experts say China targets engine and power system technology, aerodynamics, and stealth materials. US Senators Marco Rubio and Mark Warner have urged the Biden administration to expand the use of existing tools and authorities to prevent China's military-industrial complex from benefiting from US technology, talent, and investments.

FROM THE MEDIA: Former U.S. officials and experts are calling for increased efforts to counter Chinese espionage, which many believe has enabled Beijing to develop advanced weaponry through the theft of American technology. Among the stolen technology is military research and development of the J-20 fighter jet. Chinese espionage activities reportedly include the use of traditional spies and bribes, cyberattacks, and stealing technology from American contractors, university professors, and government officials. U.S. Senators Marco Rubio and Mark Warner have urged the Biden administration to expand the use of existing tools and authorities to prevent China from benefiting from U.S. technology, talent, and investments. The Chinese government claims that it has independently developed its fifth-generation stealth fighter J-20, but DefenseOne, a Washington news site devoted to military issues, reported that China's sixth-generation fighter jets, hypersonic weapons and missiles, and spy balloons all appear to incorporate elements of American technology.

READ THE STORY:   VOA

Kaspersky releases decryptor for ransomware based on Conti source code

Analyst Comments: The newly discovered hacking techniques represent a significant tactical threat, as they have allowed Chinese hackers to infiltrate networks and conduct cyber espionage undetected for several years. The ingenuity and sophistication of these new techniques show that state-sponsored hacking remains a significant strategic threat to governments and companies, and underscores the need for continued vigilance and improved cybersecurity measures to prevent future attacks. The revelations also highlight the ongoing tensions and growing concerns over Chinese cyber threats, which have the potential to escalate into larger diplomatic and geopolitical conflicts.

FROM THE MEDIA: Chinese state-sponsored hackers have reportedly been using new, sophisticated hacking techniques to circumvent cybersecurity measures and infiltrate government and company networks, conducting cyber espionage for years without being detected. The hackers have moved beyond infiltrating systems behind the corporate firewall, and are now targeting devices on the edge of networks, including firewalls themselves, and exploiting software from companies such as Citrix Systems and VMware. The new techniques represent a higher level of ingenuity and sophistication by Chinese hackers, according to Google researchers. These revelations come amid growing concerns about Chinese threats in cyberspace, as the US and China have been at odds over issues such as security concerns with TikTok, cyber espionage, and election security.

READ THE STORY:   The Hill

China-backed espionage is getting harder to spot, researchers say

Analyst Comments: The release of the Online Operations Kill Chain framework is significant in terms of tactical and strategic importance. The upcoming elections in the United Kingdom, United States, European Union, India, Turkey, and Taiwan are crucial, and the need to prevent online interference is crucial. The framework will help in detecting and disrupting operations and will foster collaboration between industry, civil society, and government. This tool will be beneficial in ensuring the integrity of these critical elections, thereby contributing to the stability of the democratic process.

FROM THE MEDIA: Meta, the parent company of Facebook and Instagram, has released a new Online Operations Kill Chain framework aimed at helping industry, civil society, and government groups collaborate to detect and disrupt online interference in next year's significant elections in countries such as the United Kingdom, the United States, and India. A framework is a tool used internally at Meta to analyze individual operations and identify the earliest moments at which they can be detected and disrupted. Meta hopes the tool will help other defenders detect and disrupt operations when they see them on their networks, too, and help everybody share their findings. The framework covers a broad range of activities related to online operations, principally those that are meant to be seen and influence humans. The goal of the framework is to create a shared understanding of the vocabulary and a common roadmap of the steps that an operation goes through, breaking down silos and fostering collaboration across different investigative teams.

READ THE STORY:   AXIOS

Amazon's Project Kuiper Gears Up To Go Against Starlink With Three New Satellite Antennas

Analyst Comments: The senators' call for CISA to examine the security risks posed by DJI drones is significant as the widespread use of consumer drones across the U.S. for everything from food delivery to emergency services makes them a potential threat to critical infrastructure. The warning that sensitive information or data could wind up in the hands of China's military underscores the importance of preventing unauthorized access to U.S. critical infrastructure by foreign entities, particularly those with links to the Chinese Communist Party. If vulnerabilities in drone technology are not addressed, they could be exploited to launch cyber-attacks or to gather intelligence, which could have significant tactical or strategic implications in the event of a conflict.

FROM THE MEDIA: A group of 16 bipartisan US senators has written to the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a comprehensive analysis of the risks associated with consumer drones made by Shenzhen DJI Innovation Technology. The senators, including Mark Warner and Marsha Blackburn, have urged CISA to examine the DJI drones, which they claim are linked to the Chinese Communist Party and could be used to spy on US critical infrastructure. According to the senators, DJI drones have been widely used in the inspection of US critical infrastructure such as pipelines, railways, power generation facilities, and waterways, which could lead to the Chinese government developing a detailed picture of such infrastructure, ultimately enabling them to conduct more effective targeting efforts in the event of a conflict. The letter to CISA comes after a determination by the Defense Department that DJI is a “Chinese military company”. The senators are alarmed by several reports indicating that DJI dominates the drone market, with 90% of North America’s consumer drone market and about 70% of the industrial drone market being controlled by DJI.

READ THE STORY:   Autoevolution

The Trump Campaign’s Collusion With Israel

Analyst Comments: The study shows that there is room for improvement in the ability of management to handle cyber risks, and the absence of cybersecurity tabletop exercises leaves many businesses unprepared for how to respond to cyber-attacks. The lack of divergence between public and private companies on their rating of management's ability is concerning. The findings indicate a potential lack of preparedness and awareness of cyber risk by board members, with regulatory requirements for standardized disclosures on cybersecurity risk management, strategy, governance, and incident reporting, and reporting cybersecurity expertise among board directors coming into effect soon. The study highlights the need for businesses to improve their cybersecurity expertise and preparedness to effectively manage and oversee cyber risk.

FROM THE MEDIA: WSJ Pro and The National Association of Corporate Directors collaborated to survey 472 corporate board directors on the current state of cybersecurity risk management expertise and preparedness to deal with cyber attacks. The study shows that only 16% of directors rate management's ability to handle cyber risk as 'excellent' while 43% rate it as 'very good'. However, the research highlights the lack of divergence between public and private companies, with 41% of directors rating their management's ability as 'intermediate', 'fair' or 'poor', leaving room for improvement. Board members are only setting the agenda for their cyber briefings in a small minority of cases, possibly indicating a lack of information necessary to conduct effective risk oversight. In addition, tabletop exercises involving cyber scenarios are lacking, with less than half of all respondents reporting their boards had participated in one or more over the past 12 months.

READ THE STORY:   WSJ

Is this the man who will one day take over from Putin

Analyst Comments: The use of disinformation and false propaganda by Russian officials, particularly Nikolai Patrushev, to reinforce their power and takeover of the Kremlin by FSB hawks since 2006. The false claim about Albright's secret thoughts was suited to Putin's agenda that the US was intent on global domination, destabilizing Russia, and securing access to its valuable oil and gas reserves. Patrushev's use of disinformation and false propaganda in Ukraine is an integral part of Russia's strategy. Patrushev's hardline stance, belief in a conspiratorial view of the world, and revival of Cold War rhetoric reinforce the power and takeover of the Kremlin by the FSB hawks. The article warns of the chilling prospect of Patrushev succeeding Putin as president, as his power base enhances with escalating tension with the USA and Ukraine.

FROM THE MEDIA: Former KGB officer Oris Ratnikov claimed in a 2016 interview that his superior officer Georgy Rogozin, a top KGB officer from 1969 to 1992, penetrated and read the mind of former US Secretary of State Madeleine Albright while she held office in the mid-1990s. Rogozin reportedly used telepathy, clairvoyance, hypnosis, and astrology in attempts to infiltrate the CIA and the US government. Ratnikov said that Albright harbored secret thoughts about the priority of removing Siberia and the Far East from Russian territory, but these claims were found to be fabrications. Nikolai Patrushev, Russia’s current National Security Council chairman, has accused the US of pursuing global domination, with the Ukraine war cementing his influence over President Putin. Patrushev regards the US as a decadent, imperialistic nation counter to his conservative authoritarian worldview of traditional values.

READ THE STORY:   The Spectator

Items of interest

FBI Bookstore Spying in Chicago Eyes Abortion Rights, Cop City, Anti-Development Activists

Analyst Comments: FBI’s monitoring of Pilsen Community Books and its workers is that it demonstrates the FBI’s continued history of investigating leftist and anarchist groups as potentially threatening behavior, regardless of whether the activities they are investigating are legal or not. The FBI’s use of assessments allows them to gather information on individuals and groups for no reason whatsoever, creating a chilling effect on the ability of people to engage in legally protected political activities. The FBI’s concern over potential protests at infrastructure projects in Chicago suggests that the agency is taking a proactive approach to identifying potential threats rather than waiting for leads to come in through the actions of others.

FROM THE MEDIA: The FBI has been monitoring Pilsen Community Books, a worker-owned and collectively managed bookstore in the Pilsen neighborhood of Chicago, according to nearly 30 pages of FBI documents obtained by Unicorn Riot. Despite the store being open to the public and supporting community organizing, the FBI claims that the store is being used as a hotbed for terror plots and “pro-abortion extremists.” The FBI’s concern is that activists will target infrastructure projects in Chicago for protest, specifically the Obama Presidential Library, Tiger Woods Golf Course, and the South Shore Country Club. The documents suggest that the FBI’s interest in the store is due to its use as a gathering point for leftist politics, including a “sign-painting event” that happened in the store in the lead-up to a public demonstration. The FBI’s monitoring of the store and its activities appears to be part of an “assessment,” which is an investigative method that does not require probable cause or reasonable suspicion that a threat exists.

READ THE STORY:   SCHEERPOST

Economic Warfare–How to Quietly Devastate a Country (Video)

FROM THE MEDIA: The video discusses the effectiveness of economic warfare as a strategy to devastate a country's economy and its potential to prevent or end wars. The Allied blockade of Germany in WWI and the international sanctions on Russia after its invasion of Ukraine in 2022 are presented as examples of how economic warfare can cripple a country's military capabilities and cause widespread suffering. The impact of economic warfare on Japan during WWII is also discussed. The video concludes by highlighting the power of economic warfare and its role in shaping world history.

The story of Lawfare (Video)

FROM THE MEDIA: The video discusses Lawfare, a blog that addresses law and national security issues. The founders noticed that a lot of conversations that mattered to them were beginning to take place online, and so they wanted to create a platform that could be a voice of expertise and calm for anyone interested in these issues. They strive to be trustworthy and reliable, minimizing bombast and avoiding publishing classified information. They have become successful, with a readership that has grown exponentially during the Trump administration. Lawfare has expanded its niche beyond law and national security into law and democracy, and they aim to translate news stories for the general public and explain the law and policy behind them.

These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.