Wednesday, April 05, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Drones aim to undo Ukraine's Russian landmine problem
Analyst Comments: The use of drones equipped with different sensors to map landmines and unexploded ordnance areas in Ukraine is an excellent example of how technology can be utilized to help with humanitarian and public safety issues. Draganfly's work with various demining organizations in Ukraine is also an excellent example of public-private partnerships that can help solve complex problems. The move to a drone swarm model for demining missions in the next 18 months or so is a significant technological advancement that has the potential to increase the efficiency and effectiveness of demining missions. However, it is still essential to recognize that the human part of the demining process is still crucial, and AI models are not yet accurate enough to risk lives.
FROM THE MEDIA: Canadian drone firm Draganfly has developed a drone that uses sensors to detect landmines in Ukraine. The country, which is one of the most heavily mined in the world, has around 250,000 square kilometers of its territory sown with mines, according to Prime Minister Denys Shmyhal. Draganfly uses a range of sensors, including thermal and hyperspectral, to map the locations of mines before demining crews move in. Around 90% of mines identified are positively identified, but the human interpretation of sensor readings is considered critical for now. It is expected that, within 18 months, drones will be used as part of a swarm, using LIDAR, magnetometers, and soil sampling to identify mines more quickly.
READ THE STORY: The Register
Pirated Software Compromised Ukrainian Utility Company
Analyst Comments: This incident highlights the risk of using unlicensed software or downloading software from untrusted sources, which can result in malware infections and potentially compromise an organization's network. In this case, the use of pirated software led to two remote access Trojans infecting the company's systems for two months, providing unauthorized third-party access. The incident also serves as a reminder of the persistent cyber threat to Ukraine, which has been a target of Russian state hackers for nearly a decade, with a notable uptick during the first four months of 2022. Organizations should take steps to ensure that all software used within their networks is properly licensed and from trusted sources and maintain strong cybersecurity measures to protect against malware infections and other cyber threats.
FROM THE MEDIA: An employee of a Ukrainian utility company downloaded and installed an unlicensed version of Microsoft Office from a torrent website, which resulted in two remote-access Trojans infecting the company's systems for two months. The pirated version of the Office suite contained the DarkCrystal remote access Trojan and the DWAgent remote administration tool, which provided unauthorized third-party access to the company's network between Jan. 19 and March 22. The Ukrainian Computer Emergency Response Team attributes the Trojans to a group it tracks as UAC-0145. The CERT warned that torrented software is a common pathway for infection, and there have been known cases of infection when installing operating systems downloaded from unofficial sources.
READ THE STORY: BankInfoSecurity
Emmanuel Macron to urge China’s Xi Jinping to drop support for Russia over Ukraine war
Analyst Comments: The visit is unlikely to convince China to drop its personal backing of Putin or its economic support of Russia. China sees a parallel between the US presence in the Indo-Pacific and Putin's situation and is sympathetic to Russia. China is unlikely to converge with Western positions on Ukraine during European leaders' visits to Beijing. Instead, Xi may double down on his support of Putin while trying to appear reasonable in dialogue with all parties. The trip follows a pattern of visits to Beijing by European leaders who have been unable to achieve substantive changes in Chinese policy. China seeks to drive wedges between US allies, increase national technological autonomy, pressure vulnerable foreign firms, and win ever greater market share in developing countries.
FROM THE MEDIA: French President Emmanuel Macron and European Commission President Ursula von der Leyen will visit Beijing in an effort to persuade China's Xi Jinping to push for the withdrawal of Russian troops from Ukraine. Macron spoke with US President Joe Biden prior to his visit and both leaders reiterated their support for Ukraine. However, analysts believe that convincing China to withdraw its economic support for Russia is unlikely. China sees Putin as being pushed against the wall by NATO expansion and sympathizes with Russia. China released a 12-point position paper on the war in Ukraine but failed to dispel concerns about Beijing's relationship with Moscow. European leaders, including Germany's Olaf Scholz and European Council President Charles Michel, have visited Beijing in the past, but none have been able to achieve substantive changes in Chinese policy.
READ THE STORY: FT
Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques
Analyst Comments: The resurfacing of Typhon Reborn V2 is concerning for organizations, particularly those in the financial, crypto, and gaming sectors, as it has become more sophisticated and challenging to detect. The continued use of the Telegram API to exfiltrate stolen data is particularly worrisome as messaging platforms have become a common vector for cyberattacks. Furthermore, the availability of the malware's source code on GitHub increases the risk of other threat actors developing customized and more sophisticated attacks. Companies must implement a comprehensive defense strategy that combines endpoint protection, multi-factor authentication, and employee awareness training to mitigate the risks posed by such threats.
FROM THE MEDIA: The group behind the Typhon Reborn malware has launched an updated version (V2) for $59 per month, $360 per year, or a lifetime subscription for $540, offering a range of advanced capabilities for avoiding detection and analysis. The stealer malware can capture sensitive information such as credentials, exfiltrate the data using Telegram API, and transmit it in compressed archives via HTTPS. The latest version of the malware incorporates new anti-analysis and anti-virtualization techniques and eliminates persistence features. The malware author has marketed the updated version on a dark web forum, highlighting its affordable price, absence of backdoors, and targeting exclusion of CIS countries except for Ukraine and Georgia.
READ THE STORY: THN
Alibaba and Huawei set to debut generative AI chatbots
Analyst Comments: It's not surprising that Chinese tech giants are developing their own generative AI chatbots, given the popularity of OpenAI's ChatGPT in China. The development of these chatbots will likely further advance China's already impressive AI capabilities. However, the challenges faced by other companies, such as Baidu's ERNIE, in managing censorship and fulfilling requests, suggest that the success of these chatbots remains to be seen. Additionally, there are concerns about the potential misuse of AI chatbots for propaganda or surveillance purposes, given the Chinese government's track record in these areas.
FROM THE MEDIA: Chinese tech giants Alibaba and Huawei are reportedly launching their own generative AI chatbots to satisfy local demand. Alibaba is said to be launching a large-scale model on April 11 during its 2023 Cloud Summit in Beijing, while Huawei's chief AI scientist will introduce "The Progress and Application of Pangu Large Scale Models" on April 8 at the AI Large-Scale Model Technology Summit in Hangzhou. DAMO Academy, Alibaba's research institute, is reportedly working to incorporate the large-scale model into its Tmall Genie, which is a smart speaker housing the intelligent personal assistant AliGenie.
READ THE STORY: The Register
APT group targeting organizations in Palestinian territories, researchers say
Analyst Comments: The persistence and tactics of the Mantis/Arid Viper cyber-espionage group are concerning, especially given that it is state-backed. The group's willingness to invest time and effort into updating and rewriting its malware to evade detection and maintain persistence on victim machines shows that it is a determined adversary. The fact that it has been targeting local organizations in the Palestinian territories is notable, as such attacks can have serious implications for the security and stability of the region. The use of spear-phishing emails and fake social media profiles to lure victims is a reminder of the importance of cybersecurity awareness and training to help prevent successful attacks.
FROM THE MEDIA: Symantec researchers have been tracking a state-backed cyber-espionage group called "Mantis" or "Arid Viper" that has been targeting local organizations in the Palestinian territories since September 2022. The group has been active since at least 2014 and has targeted organizations in Israel and other Middle Eastern countries. Mantis uses spear-phishing emails and fake social media profiles to lure victims into installing malware, and in the latest campaign, it deployed a custom data exfiltration tool and updated versions of its custom backdoors. While Symantec cannot make a definitive attribution to any Palestinian organization, the group has previously been linked to Hamas. Facebook disrupted the group's activities in 2021 after it abused the platform to infect users with malware.
READ THE STORY: The Record
A Tiny Blog Took on Big Surveillance in China—and Won
Analyst Comments: This story sheds light on the ethical concerns surrounding surveillance and technology's role in facilitating human rights violations. It highlights Hikvision's technology as a potential tool for the Chinese government to oppress minorities, such as the Uyghur people, in the province of Xinjiang. While the article could have explored this issue further, it offers a compelling story of how one person's investigative work can lead to significant consequences and bring attention to the larger issue of surveillance in China. Overall, the article raises important questions about the ethics of technology and its impact on human rights.
FROM THE MEDIA: The article tells the story of John Honovich, the founder of IPVM, a small trade publication that covers video surveillance technology. In 2018, Honovich discovered that Hikvision, the world's largest security camera manufacturer, had developed AI-powered cameras that could automatically detect the ethnicity of individuals. This discovery led Honovich to investigate further and ultimately publish an article about the technology on IPVM's website. Over the next few years, Honovich and his team at IPVM uncovered a series of damning details about Chinese surveillance gear, which ended up influencing national policy and changing the fortunes of companies such as Hikvision and Dahua.
READ THE STORY: Wired
Your Next Landlord Could Be 100 Random People
Analyst Comments: The detailed overview of fractional investment startups and their impact on the real estate market. It raises concerns about the potential negative consequences of these startups, such as exacerbating existing problems in the real estate market and harming renters. The article also acknowledges that these companies are opening up investing to more people and giving them access to home equity sooner in life by lowering barriers. However, the article could have delved deeper into the implications of these startups for the real estate market as a whole and their impact on housing stability.
FROM THE MEDIA: Fractional investment startups, such as Arrived Homes, Lofty AI, and reAlpha, are adding to an already-crowded real estate market by offering people the ability to invest in specific properties without taking on mortgage debt. These companies aim to lower the barrier to investing in property by allowing investors to buy in for as little as $100. Investors collectively purchase shares and get a cut of the profits. Arrived Homes, for example, has 102 investors who have collectively purchased just over $100,000 in shares, and the company manages and rents out properties for $1,600 a month. Fractional investment startups argue that they are opening up investing to more people, giving them access to home equity sooner in life by lowering barriers. However, critics warn that more real estate investments may come at the cost of housing stability and risk worsening a system where for-profit investors can wreak havoc on low-income residents.
READ THE STORY: Wired
What it would take for Apple to disentangle itself from China
Analyst Comments: The article explores the political, strategic, and investor pressures that the company faces to diversify its operations. Additionally, the piece offers a thorough review of potential alternative manufacturing hubs such as India and Vietnam and their relative disadvantages compared to China's superior manufacturing capabilities. Ultimately, the assessment concludes that Apple's endeavor to reduce its reliance on China is challenging, given the unparalleled scale and complexity of China's manufacturing infrastructure.
FROM THE MEDIA: Apple is facing increasing pressure to reduce its reliance on China for manufacturing, with concerns over the country's human rights record, geopolitical risks, and supply chain disruptions. However, Apple's operations in China are so complex and massive that the company has limited viable options to overhaul its manufacturing process. India and Vietnam are seen as potential alternatives, but they lack the same skill sets, migrant labor pools, infrastructure, and supportive governments that make China so attractive to Apple. Moreover, China's labor infrastructure is uniquely supported by the state, which is mandatory at times, with villagers and students bussed in to lend hands.
READ THE STORY: FT
Sorting Through Haystacks to Find CTI Needles
Analyst Comments: The article provides useful insights into the challenges of CTI systems and offers an interesting perspective on the potential benefits of targeting IPv4 addresses. The author's argument for using a combination of AI and crowdsourcing is also compelling. However, the article lacks specific examples or case studies to support its claims. Additionally, the article appears to be promoting a specific cybersecurity tool (CrowdSec) without providing an objective assessment of its effectiveness or limitations.
FROM THE MEDIA: AI and crowdsourcing can complement each other in cybersecurity by combining real-time data from diverse sources and leveraging pattern recognition and context analysis. This powerful combination can enhance detection capabilities, reduce false positives, increase adaptability, and facilitate proactive defense measures. By synergizing AI and crowdsourced signals, we can create more comprehensive and accurate cybersecurity solutions that effectively tackle the ever-evolving cyber threat landscape.
READ THE STORY: THN
Trade ministers flag researchers as a possible vector of tech sanction-busting
Analyst Comments: The article provides a concise overview of the G7 trade ministers' meeting and their stance on tech trade sanctions and the promotion of inclusive and sustainable trade. It highlights the challenges posed by malicious actors and inappropriate transfers of technologies through research activities, which could be a front for government activity. However, the article could have provided more context on the ongoing tensions between the G7 nations and Russia and China, as well as the potential impact of these sanctions on businesses and consumers.
FROM THE MEDIA: G7 trade ministers discussed the importance of continuing bans on tech exports to Russia, China, and Iran to address national security threats, as well as strengthening effective and responsible export controls. They emphasized the need for strong enforcement to counter evasion of export controls and expressed a desire to accelerate work on the World Trade Organisation's joint initiative on e-commerce, which aims to develop global rules for e-commerce while facilitating online business for smaller companies. The G7 also expressed concern about the possibility of circumventing tech trade sanctions through research activities and inappropriate transfers of critical technologies.
READ THE STORY: The Register
China urges stronger WTO monitoring of US-led chip export curbs
Analyst Comments: The escalating tensions between China and the US over technology exports have reached the WTO. China has called for the WTO to monitor the measures and urged the US, Japan, and the Netherlands to report their plans and subsequent measures. The US has previously argued that its measures are based on national security and not subject to review by the WTO, while Japan and the Netherlands have announced similar restrictions on technology exports. The issue highlights the growing concerns about technology transfers and national security, with the dispute showing no signs of abating.
FROM THE MEDIA: China has requested that the World Trade Organization (WTO) investigate US-led technology export restrictions aimed at limiting its ability to produce advanced chips. During a meeting of the WTO Council for Trade in Goods, Chinese representatives urged the WTO to strengthen its monitoring of the measures and requested that the US, Japan, and the Netherlands report their plans and subsequent measures. The US has previously claimed that its restrictions are based on national security grounds and are not subject to review by the WTO. Japan recently said it would restrict the export of 23 types of semiconductor manufacturing equipment, with the move following the Netherlands’ announcement that it also planned to limit similar exports.
READ THE STORY: Yahoo Finance
Disinformation may be one of Russia and China’s greatest weapons
Analyst Comments: The article provides a clear overview of the use of disinformation and malign foreign influence by Russia and China to undermine democracy and further their national security interests. The sources used in the article, including reports by the US Intelligence Community and the State Department’s Global Engagement Center, lend credibility to the information presented. The article highlights the importance of combating the weaponization of information and supporting efforts by US government agencies to combat the spread of disinformation. Overall, the article provides a timely reminder of the threat that disinformation poses to democracy and the need for continued vigilance in countering it.
FROM THE MEDIA: The US State Department has issued a warning that democracy is under threat worldwide, with public distrust being one of the reasons behind it. Autocratic governments are using malign influence as a weapon against democracy. Russia is a primary example of this, using disinformation to undermine democratic governments and promote authoritarianism. The US Intelligence Community assessed in its 2023 Annual Threat Assessment that “Efforts by Russia, China and other countries to promote authoritarianism and spread disinformation is helping fuel a larger competition between democratic and authoritarian forms of government.” China also uses disinformation as part of its national security strategy to further its goals and political interests. This is a line of attack against the US and its interests globally.
READ THE STORY: The Hill
Experts warn of fast-encrypting ‘Rorschach’ ransomware
Analyst Comments: The emergence of a new ransomware strain is alarming as it poses a significant threat to organizations and individuals. Rorschach's speed and sophistication make it a particularly dangerous strain, and its ability to evade detection and mitigation makes it even more concerning. Additionally, the fact that it uses anti-analysis and defense evasion techniques to avoid detection, and does not use branding, makes it more challenging for security software and researchers to analyze and mitigate its effects. As ransomware attacks continue to rise, organizations must remain vigilant and implement robust security measures to prevent such attacks.
FROM THE MEDIA: A new ransomware strain named "Rorschach" has been discovered by researchers at Check Point. They describe it as a mash-up of the most effective ransomware currently in use. According to the researchers, Rorschach is the fastest and one of the most sophisticated ransomware they have seen so far, with the average approximate time of encryption being minutes faster than commonly used ransomware like LockBit. It also has a unique encryption scheme, only encrypting portions of a file instead of the entire thing to make it more difficult to decrypt. The ransomware is also very customizable, giving attackers a wide range of tools it can deploy during incidents. The ransom note sent to victims resembled ones from the Yanluowang and DarkSide groups while taking some code inspiration from the leaked source code of Babuk and LockBit ransomware strains.
READ THE STORY: The Record
New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency
Analyst Comments: Rilide malware is a significant threat that targets Chromium-based web browsers to steal sensitive data and cryptocurrency from victims. The use of a seemingly legitimate Google Drive extension to deceive users highlights the need for caution while installing browser extensions. The malware's ability to display forged dialogs to obtain two-factor authentication codes is especially concerning. The fact that Rilide has been advertised on an underground forum and its source code leaked suggests that it may be adopted by other threat actors. The identified C2 address and GitHub repositories may help in identifying and mitigating this threat, but more needs to be done to prevent similar attacks in the future.
FROM THE MEDIA: Trustwave SpiderLabs Research has identified a new malware called Rilide, which disguises itself as a legitimate Google Drive extension, to steal cryptocurrency and sensitive data. The malware has been distributed via two different campaigns involving Ekipa RAT and Aurora Stealer. While Ekipa RAT is delivered via booby-trapped Microsoft Publisher files, Aurora Stealer uses rogue Google Ads as the delivery vector. Both campaigns facilitate the execution of a Rust-based loader that modifies the browser's LNK shortcut file and uses the "--load-extension" command line switch to launch the add-on. The stealer malware can also display forged dialogs to deceive users into entering a two-factor authentication code to withdraw digital assets. Trustwave warns that the Rilide stealer is a prime example of the increasing sophistication of malicious browser extensions and the dangers they pose.
READ THE STORY: THN
Genesis Market, one of world’s largest platforms for cyber fraud, seized by police
Analyst Comments: The seizure of the Genesis Market is a significant achievement in the fight against cybercrime. The platform provided criminals with a range of tools to steal sensitive data and launch financially motivated cyber attacks. Its unique capability to provide "browser fingerprints" and allow criminals to bypass security warnings highlights the level of sophistication of the criminal services offered on the dark web. The low barrier to accessing the site and the wide availability of invite codes allowed anyone to join, further commoditizing cybercrime. The operation to seize the platform is an example of international cooperation between law enforcement agencies to tackle cybercrime. However, it remains to be seen if this will have a long-term impact on the growth of cybercrime. Criminals will continue to seek new methods to exploit vulnerabilities in systems and develop new tools to evade detection.
FROM THE MEDIA: The FBI, with the help of international partners, has shut down Genesis Market, one of the most significant online criminal platforms. Genesis Market acted as a one-stop-shop for criminals, selling stolen credentials as well as the tools needed to exploit them. It had been linked to millions of financially motivated cyber incidents globally, from fraud through to ransomware attacks. Genesis Market was unique because it provided criminals access to “bots” or “browser fingerprints” that allowed them to impersonate victims’ web browsers, including IP addresses, session cookies, operating system information, and plugins. This meant criminals could access subscription platforms such as Netflix and Amazon, as well as online banking services, without triggering security warnings. It is not yet known how many arrests have been made.
READ THE STORY: The Record
Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme
Analyst Comments: The emergence of "proxy jacking" is a new threat to cybersecurity that allows hackers to take over systems and devices to sell their IP information to proxyware services. Proxyware services are legitimate businesses that allow customers to access restricted content, bypass web scraping restrictions, or browse dubious websites without being identified by their own IP. However, the risk is that hackers may take over IP addresses and sell them without authorization. The use of the Log4j vulnerability in proxy jacking allows hackers to turn a compromised account into a proxy server and collect profits. This trend highlights the ongoing risk of Log4j attacks, with millions of systems still running vulnerable versions. The financial cost of these attacks and their potential far-reaching implications are cause for concern. Moreover, the use of proxyware services can have problematic implications as internet bandwidth could be used for malicious or illegal activities.
FROM THE MEDIA: Researchers from digital security firm Sysdig have uncovered a new trend called "proxy jacking" that uses the Log4j vulnerability to take over a system or device before selling its IP information to proxyware services. These proxyware services offer a different IP address to customers who pay to access restricted content, bypass web scraping restrictions or browse dubious websites without being identified by their own IP. Legitimate businesses such as IPRoyal, Honeygain, and Peer2Profit sell proxyware, but hackers also take over IP addresses and sell them without authorization. The Log4j vulnerability was discovered in December 2021 and hackers are still exploiting it.
READ THE STORY: The Record
As defense tech goes commercial, does national security miss out
Analyst Comments: The shift towards private enterprise taking the lead in innovation for defense and intelligence applications is a significant development that requires careful consideration. The rapid pace of technological innovation means that traditional government-led procurement and development models may not be sufficient to meet the evolving security landscape. The panelists' call for collaboration between different countries and the need for private enterprises to consider their role in protecting national security are essential considerations that governments and businesses alike should take into account. It is crucial to ensure that innovation is balanced with national security concerns, and that appropriate safeguards are in place to mitigate potential risks.
FROM THE MEDIA: Private enterprise has taken over from the government as the primary source of innovation for defense and intelligence applications. At a panel at the Australian Strategic Policy Institute (ASPI)'s Sydney Dialogue, speakers agreed that the pace of technological innovation and change is so fast that controlling it at the institutional level is not possible anymore. Although historically, the government had been the owner and controller of the best technology, private companies have taken the lead in a lot of areas of innovation that traditionally would have been in the government's remit. The panelists called for entrepreneurs to shift their mindsets to take on the role of protecting national security themselves. Collaboration between different countries was also highlighted as necessary to deal with the rapid change of technology and threat landscapes.
READ THE STORY: The Register
Digital asset firms are being locked out by banks in UK
Analyst Comments: The difficulties UK VASPs are facing in accessing banking services is a significant challenge to the UK's ambitions to become a digital asset hub. The banks' restrictions on VASPs also indicate the increasing regulatory scrutiny of the crypto industry worldwide and the need for clearer regulations. Governments will have to strike a balance between ensuring compliance with anti-money laundering and counter-terrorist financing laws, while also promoting innovation and growth in the crypto industry. If the UK fails to provide clear regulatory frameworks for the crypto industry, it risks falling behind other countries in the competition for digital asset business.
FROM THE MEDIA: UK virtual asset service providers (VASPs) are struggling to find banking partners, with many of their accounts being frozen or closed by traditional banks, according to a Bloomberg report citing over a dozen UK VASP executives. The issue has been exacerbated by last year's industry carnage and banks' restriction of the services they offer to VASPs in the UK, leaving few options available. VASP executives also say the clampdown in the UK has been tougher than in most countries, hindering Prime Minister Rishi Sunak's push to make the UK a digital asset hub.
READ THE STORY: CoinGeek
How Rapid Growth in Drone Use and EU Regulations Will Accelerate Demand for Satellite Connectivity
Analyst Comments: The article discusses the growing demand for satellite-based connectivity for drone technology, particularly in Europe, where new regulations require drones to report their flight data to air traffic control via the UTM. Small and medium-sized drones are facing challenges complying with the new regulations as they are typically tied to their control station via direct radio links, which does not allow them to report flight data to the UTM. The article suggests that satellite connectivity can solve this problem and enable drones to operate autonomously and beyond line of sight. The development of video compression algorithms, onboard edge computing, and AI/ML is enabling smaller drones to achieve the necessary bandwidth for satellite connectivity, and the creation of "multi-modes" that combine satellite and terrestrial connectivity technologies is being explored.
FROM THE MEDIA: The global market for commercial drones is expected to grow exponentially by tenfold by 2030 due to geopolitical concerns and increasing commoditization. The international drone market is divided into two primary groups: military and commercial, with both expected to grow considerably in the next few years. The military drone market has a turnover of approximately $12 billion and is expected to reach $17 billion by 2027. Meanwhile, the commercial drone market is projected to grow from $8 billion to $47 billion in 2028. With rapid growth comes new regulations, and this creates new business opportunities for developers and providers of satellite-based connectivity for drone technology. The European Union has recently implemented new regulation for the UTM, requiring drones operating in European airspace to report their position, direction, and speed to conventional air traffic control via the UTM.
READ THE STORY: Via Satellite
U.S.-China Data War Intensifies as Bilateral Relations Nosedive
Analyst Comments: The article provides a comprehensive overview of the growing tension between the United States and China over data and information-related sectors. It highlights the CCP's obsession with cybersecurity and control of data and the steps China has taken to increase state control over data. The article also discusses the potential use of TikTok as a vehicle for the CCP to achieve its quest for national reunification with Taiwan, leading to a debate on whether to ban the app. The article's conclusion that the zero-sum rivalry between China and the U.S. is expected to intensify in the information and technology fields is a logical one, given the growing importance of these sectors in determining national strength. Overall, the article provides valuable insights into the escalating U.S.-China tensions in the area of data and information-related sectors.
FROM THE MEDIA: Despite China's attempts to attract American multinationals and its limited support for Russia in its war with Ukraine, U.S.-China relations appear headed for further deterioration due to intense contention over data and information sectors. China has retaliated against purported efforts by the U.S. and its allies to choke off China's high-tech development pathways and crackdown on foreign data, accounting, and information-related firms, among other moves. China's crackdown is closely linked to General Secretary Xi Jinping's obsession with cybersecurity and control of data. As part of bolstering China's "information security," a National Data Bureau (NDB) was established at the National People's Congress, which has the same status as a department in the central CCP hierarchy. The NDB will assume responsibility for the protection and collection of data, which reportedly includes information gleaned from multinational IT firms close to the government. The U.S. Congress is also readying an array of legislation that would include forbidding American venture capital firms to invest in Chinese companies with ties to the military and intelligence establishment.
READ THE STORY: The Jamestown Foundation
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Analyst Comments: The report highlights the continued use of zero-day exploits by commercial surveillance vendors to proliferate capabilities that were previously only used by governments with the technical expertise to develop and operationalize exploits. The findings also underscore the need for users and device manufacturers to accelerate the adoption of security patches, as attackers are taking advantage of slow patch windows to exploit vulnerabilities. While the report does not mention any specific commercial spyware vendors by name, it highlights the need for governments and industry bodies to regulate the use and sale of such software, as they can be misused for malicious purposes.
FROM THE MEDIA: According to a report by Google's Threat Analysis Group (TAG), several commercial spyware vendors have used zero-day exploits against iOS and Android users in 2022. These vendors used exploit chains that relied on known vulnerabilities, highlighting the need for both users and device manufacturers to speed up the adoption of security patches. In one instance, the exploit chain used a zero-day vulnerability in Apple's WebKit that combined with a sandbox escape and privilege escalation flaw in AGXAccelerator, a component of the GPU drivers, and a PAC bypass technique. In the Android exploit chain, the vendors used a code execution vulnerability in the Chrome browser engine, a sandbox escape, and a privilege escalation flaw, as well as an exploit for a vulnerability in the ARM Mali GPU drivers. Another campaign targeted users of the Samsung Internet Browser and relied on multiple zero-day and n-day flaws, including a privilege escalation vulnerability in the ARM Mali GPU kernel driver and a zero-day privilege escalation vulnerability in the Linux kernel sound subsystem.
READ THE STORY: CSO
Spain's most dangerous and elusive hacker is now in police custody
Analyst Comments: The arrest of José Luis Huertas is a significant win for law enforcement in Spain, as he was regarded as the most dangerous hacker in the country. The fact that he was involved in multiple high-profile cyberattacks and created a search engine dedicated to selling stolen sensitive information highlights the seriousness of his crimes. The seizure of large amounts of cash, documentation, and computers at his home and other addresses will aid in uncovering his activities. However, the fact that he grew bolder with each attack and claimed to have access to information about roughly 90% of all Spanish citizens shows the potential scale of damage he could have inflicted. The risk of him escaping, destroying evidence, and committing similar crimes makes it important for him to remain in custody until his trial.
FROM THE MEDIA: The Spanish police have arrested José Luis Huertas, a 19-year-old hacker, who is accused of being behind multiple cyberattacks in the country. He is also said to have created a search engine called Udyat, where he sold large quantities of stolen sensitive information. The investigation began after he breached the computer network of Spain's national council of the Judiciary (CGPJ), stealing the data of 575,000 taxpayers, and created a database to sell that information to other cybercriminals. He is also accused of attacking high-state institutions, impersonating a CEO, and money laundering. The police were able to track him by following the money trail for the hosting services of the "Eye of Horus" server.
READ THE STORY: Bleeping Computer
Items of interest
‘Hell All Over Again’: The Frontline of an Expanding Human Trafficking Crisis
Analyst Comments: The report reveals the sophisticated and complex nature of these operations, which involve online scams, forced labor, and money laundering. It also highlights the challenges faced by law enforcement agencies and NGOs in responding to this crisis, including the need for cross-border cooperation, intelligence sharing, and a robust legal framework. The story of the Immanuel Foundation provides a glimmer of hope in an otherwise bleak situation, showing that with dedicated volunteers and careful planning, it is possible to rescue victims and disrupt the activities of criminal syndicates.
FROM THE MEDIA: Human trafficking in Southeast Asia, particularly in Cambodia, Myanmar, and Laos, where low-wage workers are lured into industrial-scale scam mills and forced to steal from strangers using sophisticated online scams is an evolving problem. Many victims are Chinese nationals, while Malaysian, Taiwanese, Indonesian, Philippine, Vietnamese, and Thai nationals have all been reported among trafficking victims. The criminal syndicates behind these operations are often run by Chinese nationals, working closely with corrupt local officials. The article follows a rescue operation by the Immanuel Foundation, a newly-formed anti-trafficking group consisting of former police investigators, retired military, and other volunteers. The group conducts rescues at the request of victims and their families and has been tailing a bus full of trafficking victims for nine hours before intercepting it at a gas station near the casinos of Poipet, a shadowy Cambodian town on the border with Thailand.
READ THE STORY: VICE
Spy Satellite Expert Explains How to Analyze Satellite Imagery (Video)
FROM THE MEDIA: Keith Masback, former Director of Intelligence, Surveillance, and Reconnaissance Integration for the US Army, explains how to understand satellite imagery, and provides a few tips and tricks for what people like him are generally looking for. Keith talks about how to tell man-made and natural environments apart from each other and breaks down what typical military routines from other countries looks like.
The Private Intelligence Pipeline (Video)
FROM THE MEDIA: People think spying is the business of keeping secrets. But they're wrong. Spies make their living by finding secrets, and that takes a special kind of skill that you can use to build your career and grow your business. In this episode, Andrew introduces you to his private intelligence network and tells you exactly how you can work with them too.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.