Thursday, April 20, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Russia-based hackers ramping up attacks on the Eastern European energy sector
Analyst Comments: The increase in attacks on Eastern Europe's energy sector is concerning as it could cause severe disruption and impact the supply of energy in the region. It is noteworthy that FROZENBARENTS is believed to be run by the GRU, suggesting state involvement in cyber campaigns. The fact that some of the campaigns have targeted government and military organizations, including those outside Ukraine, raises concerns about potential geopolitical implications. The shift of ransomware gangs towards conducting operations for intelligence collection highlights the evolution of cyber threats and the need for stronger cybersecurity measures. It is crucial for companies and organizations to remain vigilant and implement measures to protect themselves against these types of attacks.
FROM THE MEDIA: Russian state-backed hacking groups have increased their coordinated campaigns targeting Eastern Europe's energy sector, particularly Ukraine, during the first quarter of 2023. Google's Threat Analysis Group (TAG) reported that one group, FROZENBARENTS, is believed to be run by the Russian Armed Forces' Main Directorate of the General Staff (GRU). FROZENBARENTS was found to be the most versatile GRU cyber actor, having targeted sectors of interest for Russian intelligence collection, including government, defense, energy, transportation, logistics, education, and humanitarian organizations. TAG has also tracked activity from other hacking groups such as APT28 and Puscha, who have used tactics like phishing and ransomware attacks.
READ THE STORY: The Record
Google to power ads with generative AI
Analyst Comments: Google's latest move to incorporate generative artificial intelligence into its advertising business could change the marketing landscape, producing more sophisticated and targeted campaigns. Google will remix content provided by advertisers to create ads, reducing human input and time, making advertising more affordable for businesses, and speeding up campaign turnaround. AI-powered ad creation will improve Google's advertising offering, and by extension, Alphabet's bottom line, as advertisers, and clients opt for more targeted campaigns that lead to higher conversion rates.
FROM THE MEDIA: Google plans to introduce generative artificial intelligence into its advertising business over the next few months. According to an internal presentation to advertisers seen by the Financial Times, the company intends to use AI to create more sophisticated campaigns resembling those created by marketing agencies. Advertisers will supply “creative” content, such as imagery, video, and text relating to a particular campaign, which the AI will then “remix” to generate ads based on the audience it aims to reach, as well as other goals such as sales targets. Google already uses AI in its advertising business to create simple prompts that encourage users to buy products.
READ THE STORY: FT
US, Taiwan Defense Firms to Explore Weapons Co-Production
Analyst Comments: The resumption of talks on co-producing weapons between US and Taiwanese defense contractors is a significant development amid ongoing tensions in the region. However, the move is likely to prompt a response from China, which has previously opposed US arms sales to Taiwan. While Taiwan's interest in co-producing drones and ammunition could enhance its defense capabilities, the lack of a third-party market could limit the potential impact of such collaboration. The US government's cautious approach towards endorsing weapon co-production with international partners and concerns over intellectual property theft from China could also impede progress.
FROM THE MEDIA: US and Taiwanese defense contractors are set to meet in person in May to discuss co-producing weapons, which could ignite protests from China. The talks, which will take place in Taipei, are expected to focus on post-purchase weapons delivery, research and development of future weapons, and the possibility of producing American weapons on the island under license. Around 25 US defense contractors are expected to attend, and topics on the agenda include the co-production of airborne, surface, and subsea drones, as well as ammunition.
READ THE STORY: VOA
China Leverages Exposed Secrets to Keep the United States on Its Heels
Analyst Comments: The report by the China Cybersecurity Industry Alliance (CCIA) appears to be part of Beijing's strategy to reduce US global influence and capitalize on perceived US vulnerability. The report draws attention to US cyber activities that the US has typically called other countries out on, suggesting that the US is not the benevolent cyber actor it claims to be. By relying on the analysis of outside sources from credible non-US cybersecurity companies and media outlets, Beijing is seeking to cast doubt on the US's image as a "beacon of freedom and democracy." The report comes at a time when China is robustly competing against the US in the global technology race, and when it is asserting itself as a viable competitor as a global leader.
FROM THE MEDIA: The China Cybersecurity Industry Alliance (CCIA) recently published a report on cyber attacks allegedly conducted by US intelligence agencies, citing analysis from non-US cybersecurity companies and media outlets. The report covers advanced malware, suspected exploitation of IT products and encryption standards, and APT groups linked to US intelligence agencies, and implicates the US in attacks on key infrastructure, supply chain compromise, and cyber weapon development. The report appears to be part of Beijing's campaign to position itself as a viable competitor in the global technology race and challenge the US's status as the primary cyber power.
READ THE STORY: OODALOOP
DC health exchange breach traced back to misconfigured Amazon server
Analyst Comments: The breach of Washington D.C.'s health insurance marketplace underscores the vulnerability of government entities to cyber attacks. The misconfigured server highlights the importance of proper configuration management to prevent unauthorized access to sensitive information. While DC Health Link has offered identity-theft and credit monitoring protection, the low percentage of victims using the protection services suggests more needs to be done to raise awareness and ensure that victims are adequately supported. The committee's criticism of Mandiant's report and the company's refusal to appear before the committee is also concerning, as transparency is crucial in identifying the root cause of the breach and preventing future attacks.
FROM THE MEDIA: A recent breach of Washington D.C.'s health insurance marketplace exposed sensitive information of Congressional representatives, staff, and thousands of city residents. The breach was traced back to a misconfigured Amazon cloud server, with two documents holding the information of over 56,000 customers, including 17 members of the House of Representatives, 43 of their dependents, and 585 House staff members and their dependents. The FBI was notified immediately and traced the stolen data back to the two reports on the misconfigured server. Affected individuals have filed lawsuits against DC Health Link, and fewer than 20% of victims have used the protection services offered. Mandiant, the cybersecurity firm investigating the breach, declined to appear before the committee, and members of Congress criticized the company's report.
READ THE STORY: The Record // Statescoop
Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies
Analyst Comments: The recent discovery of APT28 exploiting outdated software highlights the importance of regularly updating network routers and monitoring network devices for possible intrusions. The lack of router updates could make them vulnerable to such sophisticated attacks. Organizations should follow best practices in network security, such as restricting access to trusted administrators and IP addresses, implementing network monitoring, and training employees to be aware of social engineering techniques used by attackers.
FROM THE MEDIA: The notorious Russian APT28 group, also known as Fancy Bear, Strontium, Tsar Team, and Sofacy Group, has been found exploiting network routers running outdated versions of Cisco's IOS and IOS XE operating system software. The group used unpatched Cisco routers to access a small number of EU and US government institutions and around 250 Ukrainian victims. Cisco Talos is "deeply concerned" about an increase in the rate of high-sophistication attacks on network infrastructure by nation-state actors. The APT28 group took advantage of weak passwords such as the default public string to crack routers and, in some cases, deploy their "Jaguar Tooth" malware. Cisco regularly publishes information about new vulnerabilities and risks to IT infrastructure, such as this blog post published on April 18.
READ THE STORY: DARKReading
Ukraine is a Master Class in Cyber Defense and a Real-time AI Accelerator
Analyst Comments: There is increasing discussion about the use of AI in the conflict, particularly in regard to the acceleration of fully autonomous drones and other weapon systems on the battlefield. While this is not yet an AI war, Ukraine serves as a laboratory where the next form of warfare is being created. This effort is paving the way for AI warfare in the future, with various conceptual labels such as "hyper war," "algorithmic warfare," "mosaic warfare," and "software-defined warfare" being coined to describe it. The common vision is a networked battlefield where data moves at lightning speed to connect all deployed forces and platforms.
FROM THE MEDIA: The conflict between Russia and Ukraine is being described by some as the first open-source intelligence war, a technology war, a digital David vs. Analog Goliath, the first full-scale drone war, and cyber-Armageddon. Recent articles by retired Army Maj. Gen. Robin Fontes and Estonian Prime Minister Kaja Kallas discuss the role of AI in the ongoing conflict. The conflict is seen as a laboratory in which the next form of warfare is being created. The use of AI is evident in the integration of target and object recognition with satellite imagery, geolocating and analyzing open-source data such as social media photos in geopolitically sensitive locations, and analyzing vast amounts of data to produce battlefield intelligence regarding the strategy and tactics of parties to the conflict. The article also highlights the role of the global private sector in AI-fueled warfare, AI-enhanced facial recognition software, and AI-based cyber warfare and cyber defense.
READ THE STORY: OODALOOP
Over 100 secret Chinese police stations (Safe Houses) operating worldwide, report says - including six more in the US
Analyst Comments: The presence of Chinese secret police stations (Safe Houses) in various countries is a significant human rights issue. The goal of these stations is to silence and harass Chinese dissidents living abroad, and their existence raises questions about the extent of China's reach and influence beyond its borders. The fact that these stations have been established under false pretenses and operate covertly raises concerns about China's intentions and the potential threat they pose to individuals and societies in the host countries. The Safeguard Defenders reports shed light on this issue and serve as a warning about the dangers of the Chinese government's attempts to silence and control its citizens, even beyond its border
FROM THE MEDIA: Safeguard Defenders, a human rights group based in Madrid, has been documenting the existence of secret Chinese police stations worldwide since 2014. The organization has published several reports revealing that 102 clandestine Chinese police stations are operating in 53 countries across the world, including several major metropolitan cities in North America and Europe. Many of the stations were said to have been recently established during the Covid-19 pandemic. The stations are known to operate under the direction of the People's Republic of China through China’s national police force, the Ministry of Public Security (MPS). Their goal is to locate Chinese dissidents living abroad and force them to return to China, often through involuntary means, including kidnapping. Once a secret station is established in a foreign nation, the MPS officers will use any means to threaten, harass, and intimidate their targets.
READ THE STORY: Cybernews
Narcotrafficking: A National Security Threat
Analyst Comments: Drug trafficking organizations (DTOs) smuggle drugs, people, and weapons across the border, resulting in an unprecedented influx of drugs into the US, with fentanyl alone responsible for almost 80% of the 110,000 overdose deaths in 2022. The DTOs earn an estimated $13 billion annually from human trafficking and at least another $12 billion from drugs. This money is used to purchase larger armies and better weapons, resulting in an increase in violence in Mexico as gangs fight for control of the lucrative drug trade. The DTOs' actions destabilize the Mexican government, creating a refugee problem in the US, and making it harder for the US to cooperate with the Mexican government.
FROM THE MEDIA: The United States is facing a national security threat from transnational criminal organizations that smuggle drugs and people across the porous southern border. Mexican drug cartels, which are considered transnational criminal organizations, manufacture and smuggle drugs into the U.S., causing overdoses and deaths. They earn billions of dollars annually from drugs and human trafficking, which they use to purchase larger armies and better weapons, increasing violence in Mexico. DTOs should be considered a national security threat due to the coordination with known U.S. threat countries, such as China, and the harm they cause to American citizens. Weak border policies exacerbate the problem, making it easier for cartels to operate and smuggle drugs and people across the border.
READ THE STORY: Modern Diplomacy
Seagate hit with $300m penalty for selling sanctioned storage to Huawei
Analyst Comments: Seagate's $300m settlement with the US Department of Commerce highlights the government's strict approach to enforcing trade sanctions against China. The decision to continue selling hard drives to Huawei despite the company's presence on the list of entities subject to certain restrictions has resulted in a significant financial penalty for Seagate.
FROM THE MEDIA: The US Department of Commerce has imposed a fine of $300m on data storage company Seagate for selling hard drives to Huawei, violating US export regulations. Seagate had been warned by the Department's Bureau of Industry and Security in 2022 for breaching US Export Administration Regulations, but the company had claimed it was compliant with all the relevant rules. The company has now agreed to pay the fine in installments over the next five years. The Department of Commerce claimed that Seagate continued to sell hard drives to Huawei after Toshiba and Western Digital had ceased selling to the Chinese company.
READ THE STORY: The Register
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.