Daily Drop (517): Hong Kong Internet Restrictions, AI Model Adoption Guidance, Saudi-China Cooperation, CoWIN Data Leak, Inmate Heart Rate Tracking, German University Cyberattack
06-12-23
Monday, Jun 12, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob
U.S. Tech Giants Are Slowly Cutting Off Hong Kong Internet Users
Analyst Comments: The security risks highlighted underscore the need for enhanced cybersecurity measures tailored for AI, especially in the context of protecting intellectual property. The integrity check considerations illustrate the importance of regular audits and controls over AI models' responses, especially those customer-facing or in advisory roles. The risk and responsibility discussion, while pointing out potential challenges, proposes an interesting idea of segregating AI models across different business functions to mitigate overall risk, emphasizing human oversight in all processes. The insurance-related discussion underscores a looming concern in AI deployment, calling for an immediate response from the insurance sector and possible legislative changes.
FROM THE MEDIA: With AI models becoming central to a firm's operations and intellectual property, the security concern around these models becomes paramount, with data exfiltration by cybercriminals being a notable risk. Regarding integrity, the narrative emphasizes the need for checks to ensure AI responses fall within acceptable boundaries and avoid drifting toward potentially harmful or offensive responses. The discussion on risk and responsibility points out the complications introduced by AI in decision-making processes, suggesting the need for careful governance and possibly segmenting AI models across different business functions.
READ THE STORY: WSJ
Strategic Intelligence Guidance for Adopting AI Models in Your Organization
Analyst Comments: The security risks highlighted underscore the need for enhanced cybersecurity measures tailored for AI, especially in the context of protecting intellectual property. The integrity check considerations illustrate the importance of regular audits and controls over AI models' responses, especially those customer-facing or in advisory roles. The risk and responsibility discussion, while pointing out potential challenges, proposes an interesting idea of segregating AI models across different business functions to mitigate overall risk, emphasizing human oversight in all processes. The insurance-related discussion underscores a looming concern in AI deployment, calling for an immediate response from the insurance sector and possible legislative changes.
FROM THE MEDIA: With AI models becoming central to a firm's operations and intellectual property, the security concern around these models becomes paramount, with data exfiltration by cybercriminals being a notable risk. Regarding integrity, the narrative emphasizes the need for checks to ensure AI responses fall within acceptable boundaries and avoid drifting toward potentially harmful or offensive responses. The discussion on risk and responsibility points out the complications introduced by AI in decision-making processes, suggesting the need for careful governance and possibly segmenting AI models across different business functions.
READ THE STORY: InfoSecMag
Saudi Arabia seeks cooperation with China, 'Ignores' Western Worries
Analyst Comments: The ongoing alignment between Saudi Arabia and China signifies an essential geopolitical shift and a challenge to the traditional balance of power, particularly for the United States. For Saudi Arabia, strengthening its relationship with China aligns with its economic diversification plans and ensures a stable market for its oil exports. On the other hand, China sees Saudi Arabia as a critical partner in its Belt and Road Initiative, aiming to increase its influence in the Middle East. However, the growing ties also bring potential risks, including possible conflicts with Western allies and challenges in aligning national interests. The eventual outcome of the free trade deal negotiations between China and the Gulf Cooperation Council will also be an important factor in shaping the future of these relations.
FROM THE MEDIA: Saudi Arabia's Energy Minister, Prince Abdulaziz bin Salman, has stated that the kingdom wants to collaborate, not compete, with China, dismissing Western concerns over their growing ties. Saudi Arabia, the world's top oil exporter, has strong hydrocarbon ties with China, the world's biggest energy consumer. Despite the deepening cooperation between the two nations in areas of security and sensitive tech, the minister stressed the need to seize opportunities without having to choose between different global powers. The statement came during an Arab-China business conference, shortly after a visit by U.S. Secretary of State Antony Blinken. Further, Saudi Arabia and China's growing relations might accelerate negotiations for a free trade deal between China and the Gulf Cooperation Council, led by Saudi Arabia.
READ THE STORY: Reuters
Telegram bot leaks CoWIN data
Analyst Comments: If true, the data leak presents a serious breach of privacy and raises questions about data security measures associated with CoWIN. However, it's also crucial to note the official responses denying a direct breach of the CoWIN platform. The actual source of the data leak remains unclear. The incident underscores the need for robust cybersecurity measures, especially for platforms holding sensitive personal and health-related information. It also highlights the importance of swift action to mitigate damage when data leaks occur. The fact that the bot has been taken down suggests a prompt response. Yet, the potential ramifications of the data leak, especially for those whose data has been compromised, could be significant.
FROM THE MEDIA: A Telegram bot was reportedly leaking the personal details of Indian citizens registered on the CoWIN platform, including full name, date of birth, PAN card details, passport numbers, and vaccination location. Despite the reports, the health ministry and Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, have reassured the public that the CoWIN platform is secure and that there is no evidence of a direct breach. The Indian CERT has suggested the leaked data originates from a threat actor database unrelated to CoWIN. The bot, which is no longer available, has reportedly exposed the data of several politicians and journalists.
READ THE STORY: CANDID
This Surveillance System Tracks Inmates Down to Their Heart Rate
Analyst Comments: The use of such advanced surveillance technology in a jail setting raises multiple concerns. Although the Fulton County Sheriff's Office and Talitrix argue it could improve safety and efficiency, critics worry it may infringe upon inmates' privacy rights. The key issue remains whether the technology can address the systemic issues present in the criminal justice system or just serves as a tool to maintain control. Another concern is the accuracy and security of the data collected, as errors or misuse of the data could lead to unjust outcomes. It will be crucial to monitor the implementation of this technology and its effects on the inmates and jail operations to ensure that it is used ethically and effectively.
FROM THE MEDIA: The Fulton County Jail system in Atlanta, Georgia, is rolling out a new surveillance system designed by Talitrix, a Georgia-based firm. The system embeds hundreds of sensors into the jail walls and issues inmates with wristbands. It can track an inmate's heartbeat, determine their location every 30 seconds, and create 3D images showing their interactions. The jail authorities claim that the system will increase efficiency and safety. However, critics argue that the monitoring technology increases surveillance and fails to address deeper issues within the criminal justice system.
READ THE STORY: Wired
Cyberattack on German university takes ‘entire IT infrastructure’ offline
Analyst Comments: The surge of cyberattacks on educational institutions in Germany highlights the vulnerabilities present in these institutions' cybersecurity measures. These attacks could lead to significant disruptions in the academic and research activities of these institutions and potentially expose sensitive personal and research data. The situation underscores the urgent need for robust cybersecurity measures and incident response plans in educational institutions.
FROM THE MEDIA: The Kaiserslautern University of Applied Sciences (HS Kaiserslautern) in Germany has confirmed it has been hit by a ransomware attack, affecting its entire IT infrastructure, including email accounts, the telephone system, computer facilities, and the library. It has advised students and staff not to switch on any of their work computers due to the encryption attack. The identity of the perpetrators and whether any information was stolen remain unclear. This attack follows a string of similar incidents affecting German-speaking universities in recent months, including the Hamburg University of Applied Sciences, the University of Zurich, Harz University of Applied Sciences, Ruhr West University, and the EU/FH European University of Applied Sciences.
READ THE STORY: The Record
Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable
Analyst Comments: The development of BatCloak and its evolution into ScrubCrypt underscores the growing sophistication and adaptability of cyber threats. The capability of these tools to evade traditional detection mechanisms points to the need for continual advancements in cybersecurity defenses. This is especially concerning given the potential for such tools to be used in the distribution of a variety of malware families, expanding the reach and potential damage of cyber threats.
FROM THE MEDIA: A Fully Undetectable (FUD) malware obfuscation engine named BatCloak has been used to deploy various malware strains since September 2022. Trend Micro researchers found that it has been evading antivirus detection, with 79.6% of the total 784 artifacts found having no detection across all security solutions. BatCloak is part of a batch file builder tool called Jlaive, which was created by a developer named ch2sh and has the ability to bypass Antimalware Scan Interface (AMSI), as well as compress and encrypt the primary payload for enhanced security evasion. Jlaive uses BatCloak as a file obfuscation engine to obfuscate the batch loader and save it on a disk. BatCloak has evolved into ScrubCrypt, designed to be interoperable with various well-known malware families.
READ THE STORY: THN
What to know about Beijing’s alleged Cuba spy station
This disclosure highlights the broad scope of China's global surveillance efforts and indicates its willingness to establish bases in strategic locations close to the U.S. It also raises concerns about the vulnerabilities of electronic communications, which could have significant implications for national security. The Biden administration's acknowledgment of the issue implies a readiness to deal with this complex security challenge, although it also emphasizes the inherited nature of the problem, suggesting a level of passivity in previous U.S. government approaches.
FROM THE MEDIA: The White House has revealed that China has been operating a spy station in Cuba since at least 2019 and that it has been well-documented in intelligence records. The announcement comes after a Wall Street Journal report about a "secret agreement" between China and Cuba for a new spy station designed to capture electronic communications from the southern U.S. The Cuba-based spy station is part of China's global intelligence-gathering strategy which also includes plans for bases spanning several regions across the world.
READ THE STORY: The Washington Post
UK sanctions Belarusian Internet propaganda
Analyst Comments: This disclosure highlights the broad scope of China's global surveillance efforts and indicates its willingness to establish bases in strategic locations close to the U.S. It also raises concerns about the vulnerabilities of electronic communications, which could have significant implications for national security. The Biden administration's acknowledgment of the issue implies a readiness to deal with this complex security challenge, although it also emphasizes the inherited nature of the problem, suggesting a level of passivity in previous U.S. government approaches.
FROM THE MEDIA: Cybersecurity firm Group-IB has reported a decline in the number of stolen Asian credit card numbers appearing on the dark web. Instead, criminals are increasing their attempts to steal corporate documents, with India being the primary target in the region. In 2023, botnets were used to steal over 3.2 million records from Indian organizations, while compromising 413 corporate accounts. Indonesia and Vietnam came in second in terms of compromised documents and accounts respectively. Among 100 APAC company data breaches detected by Group-IB, which brought in over 81 million records, 34 were from India and 22 from Indonesia.
READ THE STORY: The Record
MediaTek accused of setting 'patent troll' on a rival, says it will defend itself
Analyst Comments: The Gloucester City Council attack is a sobering example of the power and sophistication of spear-phishing attacks. The attackers not only impersonated a trusted third-party supplier but also patiently studied the council's systems to launch a more devastating attack. It showcases the importance of scrutinizing the cybersecurity practices of third-party partners and the necessity of continuous system monitoring.
FROM THE MEDIA: Taiwan-based chip designer MediaTek is set to defend itself against allegations in a US legal case that it collaborated with a patent litigation company to file baseless lawsuits against competitor Realtek, aiming to disrupt Realtek's business operations. Realtek alleges that MediaTek paid a "secret bounty" to Future Link Systems, LLC, a patent assertion entity, to initiate meritless patent litigation cases. Realtek asserts these actions forced them to divert resources away from product development. The case seeks compensation for lost sales and the costs of repairing customer relationships damaged by these actions.
READ THE STORY: The Register
Lantum S3 bucket leak is a prescription for chaos for thousands of UK doctors
Analyst Comments: The exposure of sensitive data can have significant implications for the affected individuals, ranging from identity theft to blackmail, given the type of data exposed. The incident highlights the continuing issue of improperly secured cloud storage buckets, underscoring the need for companies to conduct regular audits and secure their online assets adequately. As a healthcare-related entity, Lantum's failure to secure such data can also erode trust in its services and potentially lead to regulatory scrutiny. Their ability to properly notify and mitigate the potential harm to the affected doctors will be crucial in managing this crisis.
FROM THE MEDIA: UK-based freelance doctor agency Lantum has reportedly exposed personal data relating to around 3,200 individuals through insecure S3 buckets. According to Cybernews, the Amazon AWS S3 bucket contained approximately 98,000 files, potentially exposing details from 2014-2016. The exposed information includes passport details, national insurance numbers, resumes, medical documents, professional certificates, payroll information, and invoices. The issue was discovered by Cybernews on Lantum's old backend system, Network Locum. Despite attempts by the researchers to contact Lantum, they received no response until the issue was made public.
READ THE STORY: The Register
$133,160,000,000 Enters US Banking System in Two Weeks As Deposit Panic Witnesses Abrupt U-Turn
Analyst Comments: While this trend shows an immediate recovery in confidence within the US banking sector, the long-term health of American banks remains a concern. The Treasury Secretary, Janet Yellen, has warned that further consolidation in the banking sector is likely due to challenges in the commercial real estate sector. Furthermore, more than 700 American banks reported unrealized losses exceeding 50% of their capital in a February report from the Fed.
FROM THE MEDIA: The US banking system is experiencing a significant reversal in capital outflows, with depositors adding $133.16 billion to American bank accounts in the past two weeks alone. This change is due to declining fears over the stability of the system. The last week has seen an inflow of $46.58 billion into US banks, per Federal Reserve Economic Data (FRED). This resurgence aligns with a recovery in regional banking stocks, such as shares of PacWest Bancorp. The banking sector's optimism is also being boosted by the potential pause in interest rate hikes by the Federal Reserve, with 70.1% of investors predicting the Fed will maintain current rates.
READ THE STORY: The Daily Hodl
US expected to begin unloading oil from seized Iranian tanker
Analyst Comments: The seizure of the Iranian vessel and its pending oil unload could escalate the ongoing friction between the US and Iran. While the US government is likely to sell the oil and direct the proceeds to a fund created for US victims of state-sponsored terrorism, it has some discretion over the use of these funds. Iran's response to this action, given its previous seizure of the Advantage Sweet, a vessel carrying Kuwaiti crude oil for Chevron, will be critical to observe.
FROM THE MEDIA: The US is preparing to unload oil from the Iranian vessel, Suez Rajan, which it seized and is currently anchored off the coast of Texas. This move could further exacerbate tensions with Iran. The Suez Rajan, which arrived off Galveston's coast on May 29, was seized under a court order by the US Department of Justice in cooperation with a company associated with the vessel. The ship has been under scrutiny since last year due to allegations that it took on a cargo of Iranian oil intended for China. This event is one of several maritime incidents between the US and Iran and threatens to increase tension as discussions on Iran's nuclear activity are ongoing. The vessel carries approximately 800,000 barrels of oil worth about $56 million.
READ THE STORY: FT
How North Korea’s Hacker Army Stole $3 Billion in Crypto, Funding Nuclear Program
Analyst Comments: The audacity and sophistication of North Korea's cyber operations highlight a growing global security concern. The shift from traditional espionage or attack capabilities to crypto theft shows North Korea's ability to adapt its methods to take advantage of global technological trends and vulnerabilities. By stealing from cryptocurrency exchanges and blockchain-based games, the country avoids the more heavily guarded traditional financial sector. The successful evasion of sanctions and funding of its defense program demonstrates the effectiveness of this strategy, creating an urgent need for the international community to address this emerging threat.
FROM THE MEDIA: A North Korean cyber operation successfully infiltrated the systems of Sky Mavis, the company behind the blockchain game Axie Infinity, resulting in a theft of over $600 million. The North Korean hackers disguised themselves as recruiters and tricked a Sky Mavis engineer into opening a malware-laden document. The operation marks the largest digital heist by North Korea, bringing its total stolen funds to over $3 billion in the last five years, half of which have been used to finance the country's ballistic missile program, according to Chainalysis. Sky Mavis has since reimbursed the victims, but the incident almost crippled the young company.
READ THE STORY: WSJ
Items of interest
The Zelda Game You Could Only Play via Satellite in 1995
Analyst Comments: Nintendo's endeavor to leverage satellite technology and experiment with real-time game streaming in 1995 shows a remarkable forward-thinking approach to gaming and content distribution, considering the ongoing struggles of current tech giants to implement successful game streaming. However, the limitations of the technology, the cost of the setup, and the game's ephemeral nature, particularly the Zelda game, created a niche and exclusive experience that is difficult to replicate today. While Nintendo did re-release one Satellaview game in 2009, there has been no indication of plans to remake other titles from this era.
FROM THE MEDIA: In 1995, Nintendo leveraged its investment in the struggling satellite streaming music company, ST.GIGA, to develop the Satellaview, a modem add-on for the Super Famicom. This system allowed users to download and stream games, magazines, and audio. Among the notable offerings was the fifth game in the Zelda series, "BS Zelda no Densetsu", an enhanced remake of the original game. This Zelda game was the first-ever "Soundlink" title, streaming game code and audio in real-time at pre-planned schedules. The game was run in four hour-long episodes every Sunday in August 1995, with replays in subsequent months due to popular demand. Despite its unique structure and content, including the first instance of voice acting in a Zelda game, it remains challenging to emulate the game in its original form.
READ THE STORY: Super Jump Magazine
Nintendo's FORGOTTEN Satellite Service (Video)
FROM THE MEDIA: Satellaview was a Japanese exclusive peripheral for the Super Famicom that allowed users to receive special Nintendo data broadcasts from a satellite and display them on their TV. These broadcasts included exclusive games, digital magazines, and game data. The peripheral was quite expensive, with various components and a monthly subscription fee.
Satellite TV Hacking in the 2000’s (Video)
FROM THE MEDIA: The video discusses satellite TV hacking in the 2000s, specifically focusing on satellite television reception in Australia. The speaker talks about the equipment needed for satellite TV reception and mentions specialized set-top boxes for accessing satellite content. They discuss the conditional access system used by the main free-to-air service in Australia called VAST.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.