Daily Drop (531): RU Targets Petro-Canada, Japanese Exchange Hit by JokerSpy, Putin's Truce with Wagner, Japan Nationalizes Chipmaking Material-Maker, Alphabet, Bharti Airtel Bridge India's Divide
06-27-23
Tuesday, Jun 27, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Petro-Canada issues may be ‘tip of the iceberg’ after cybercrooks hit Suncor
Analyst Comments: The cybersecurity breach at Suncor Energy highlights the ongoing threat faced by the energy industry from cyber criminals. The incident underscores the vulnerabilities in critical infrastructure and the potential for disruptions in fuel supply and operations. As cyber threats continue to evolve and become more sophisticated, companies in the energy sector must remain vigilant and prioritize cybersecurity measures to protect their assets, data, and operations.
FROM THE MEDIA: Suncor Energy, a Calgary-based oil company, has experienced a significant cybersecurity breach, possibly the most significant in Canadian oil and gas history, according to experts. The company confirmed the cyberattack after reports emerged of issues at its Petro-Canada gas stations, including difficulties with credit and debit card payments and access to car wash services. The extent and details of the attack have not been disclosed. Cybersecurity experts have warned for years that the Canadian energy industry is an attractive target for cybercriminals due to the high value of its assets and customer dependence on its products. The Canadian Centre for Cyber Security has identified ransomware as the main threat to the oil and gas sector.
READ THE STORY: Canada's National Observer
‘Traitors must be shot’: Vladimir Putin’s truce with Wagner teeters on edge
Analyst Comments: The fragility of the truce between the Kremlin and Wagner underscores the challenges in managing private military contractors and their loyalty to the state. The disagreement over Prigozhin's status and the continued presence of Wagner fighters in Russia highlight the complexities of bringing such entities under control. The fate of Wagner and its fighters will have implications for Russia's military operations and influence in conflicts abroad. It remains to be seen whether the Kremlin can effectively integrate Wagner into the regular armed forces or if the group will continue to operate independently.
FROM THE MEDIA: The truce between the Kremlin and the Wagner private military contractor in Russia is facing challenges just two days after being agreed upon. Yevgeny Prigozhin, the founder of Wagner, is still under investigation for organizing the mutiny, despite promises that he would not face charges. Locals in Voronezh reported seeing Wagner fighters in the city after officials said they had left. Meanwhile, loyalists of Russian President Vladimir Putin have called for harsh measures against Prigozhin, including death, for his role in the uprising.
READ THE STORY: FT
Japan kind-of nationalizes key chipmaking material-maker JSR
Analyst Comments: The bid by JIC to acquire JSR Corporation reflects Japan's commitment to bolstering its semiconductor industry amid increasing global competition and the strategic importance of chips. By providing long-term capital and industry consolidation, JIC intends to strengthen the international competitiveness of the semiconductor materials sector. The move aligns with Japan's broader efforts to restore its semiconductor industry's prominence and reduce reliance on foreign suppliers. It also highlights the growing role of government-backed investment vehicles in supporting key industries and promoting national economic interests.
FROM THE MEDIA: The Japan Investment Corporation (JIC) has made a $6.3 billion bid to acquire JSR Corporation, a major chipmaking products provider. The move is part of Japan's strategy to revive its semiconductor industry and strengthen domestic supply chains. JIC, a government-backed investment vehicle, aims to enhance the international competitiveness of the semiconductor materials industry and support the development and manufacturing of semiconductors. The acquisition is expected to enable JSR to pursue strategic investments and promote industry restructuring.
READ THE STORY: The Register
Alchemy: much more than male-driven pseudoscience
Analyst Comments: The research on the history of alchemy underscores the importance of reevaluating and challenging traditional narratives in the study of science. By uncovering the significant role of women in alchemy, these projects contribute to a more inclusive understanding of scientific history and provide visibility to previously overlooked contributions. The findings also demonstrate the complexity and diversity of alchemy as a practice, going beyond the common perception of it solely being about turning metals into gold. The experimental recreations and investigations into ancient alchemical practices provide valuable insights into the development of chemical techniques and materials. The projects highlight the importance of interdisciplinary approaches and the exploration of historical texts and artifacts to gain a deeper understanding of scientific practices in the past.
FROM THE MEDIA: Recent research is shedding new light on the history of alchemy, suggesting that it was a serious forerunner of modern chemistry and highlighting the integral role women played in the practice. Matteo Martelli, a professor at the University of Bologna, led the EU-funded AlchemEast project, which investigated alchemy from ancient Babylonia to the early Islamic period. The project sought to dismantle the traditional pejorative view of alchemy as solely concerned with turning base metals into gold, revealing that it encompassed a wide range of techniques for manipulating raw materials. Another EU-funded project called WALCHEMY examined women's involvement in alchemy during the Renaissance period, finding evidence of their engagement in literary works and chemical recipe books.
READ THE STORY: Modern Diplomacy
Ukraine awards $3 million in funding to tech developers working to counter Russian drone attacks
Analyst Comments: The complaint filed by noyb highlights concerns regarding the collection, transfer, and use of cellphone data to create personalized trustworthiness scores. This case raises important questions about the extent of data privacy violations and the compliance of companies with privacy regulations such as the GDPR. If the allegations are proven true, it could have significant implications for BISC, TeleSign, and Proximus in terms of potential fines and the need to reassess their data privacy practices. It also underscores the ongoing challenges surrounding the use of personal data for profiling and algorithmic decision-making, and the potential risks it poses to individuals' privacy rights.
FROM THE MEDIA: The European Center for Digital Rights, also known as noyb, has filed a complaint with the Belgian Data Protection Authority against BISC, TeleSign, and their parent company Proximus. The complaint alleges that the companies violated privacy laws by collecting and transferring the cellphone data of half the world's population and using it to create personalized trustworthiness scores for individuals. TeleSign, a fraud detection company, assigns users "trust scores" based on the data gathered by BISC, which is allegedly used by clients like Microsoft, Salesforce, and TikTok to determine account setup eligibility. The plaintiffs argue that such data collection and scoring violate the General Data Protection Regulation (GDPR) and the prohibition on profiling individuals using predictive algorithms.
READ THE STORY: The Record
Databricks snaps up MosaicML to build private, custom machine models
Analyst Comments: The acquisition of MosaicML by Databricks brings together complementary capabilities to address the growing demand for private and customizable AI models. Many businesses are cautious about using off-the-shelf models due to concerns about data privacy and lack of transparency. By combining Databricks' data management platform with MosaicML's tools, the companies offer enterprises certainty over the data used to train their models and greater control over the behavior of the models. This acquisition positions Databricks to attract larger customers across diverse industries, leveraging its existing customer base of over 10,000 organizations worldwide.
FROM THE MEDIA: Databricks, a leading data analytics and AI platform has announced its acquisition of generative AI startup MosaicML for $1.3 billion. The deal aims to enable private entities to train and deploy their own custom machine-learning models, addressing concerns about data privacy and model ownership. Databricks provides a platform for storing and organizing data, while MosaicML offers tools for developing custom AI models at a low cost. Together, they aim to attract large businesses that want to leverage their own data to build and deploy generative AI systems.
READ THE STORY: The Register
Vitol and Gunvor help keep Russian refined oil flowing, data shows
Analyst Comments: The ongoing purchases of Russian refined oil by Vitol and Gunvor raise questions about their commitment to reducing business with Moscow following the invasion of Ukraine. While trading in refined fuels is not subject to sanctions, the reputational risk and concerns over compliance with price caps have prompted other European traders to sever ties with Russian flows entirely. The continued involvement of Vitol and Gunvor highlights the challenges and trade-offs faced by energy traders in balancing financial interests with ethical considerations.
FROM THE MEDIA: Vitol and Gunvor, two major energy traders, continue to be significant buyers of refined oil from Russia, despite their previous commitments to reduce business with Moscow following the invasion of Ukraine. Export records reveal that both companies rank among the top 10 buyers of Russian refined products. While trading in Russian refined fuels is not prohibited by Western sanctions, the reputational risk and challenges of complying with price caps have led many European traders to halt dealings with Russian flows altogether. Vitol and Gunvor have ceased purchasing Russian crude oil but continue to procure Russian refined fuels. The export records provide insights into how these trading houses have navigated the refined oil market to maintain their involvement.
READ THE STORY: FT
Ukraine awards $3 million in funding to tech developers working to counter Russian drone attacks
Analyst Comments: The decision by the Ukrainian government to fund domestic companies for developing anti-drone systems reflects the country's commitment to strengthening its air defense capabilities and reducing reliance on foreign allies. With the persistent threat of Russian drone attacks, particularly from Iranian-made Shahed drones, Ukraine recognizes the urgent need to enhance its defense mechanisms. The "Anti-Shahed Drone Hackathon" demonstrates a proactive approach to harnessing the expertise of local developers and engineers to address the specific challenges posed by drone attacks. By investing in the refinement and implementation of innovative technologies, Ukraine aims to bolster its ability to detect, track, and neutralize hostile drones.
FROM THE MEDIA: The Ukrainian Infrastructure Ministry has announced that it will provide $1 million in funding to three domestic companies to develop and scale up mechanisms for defending against Russian aerial attacks, particularly those carried out by Iranian-made Shahed drones. The decision follows the "Anti-Shahed Drone Hackathon," where over 200 developers, engineers, and cyber specialists gathered to create and present new systems and technologies for drone detection, tracking, and destruction. The selected companies presented the most comprehensive and compelling plans, and the funding will support the refinement and implementation of their projects. Ukraine has been frequently targeted by Russian drone attacks, with at least 400 Shahed drones launched by Russia in May alone and over 1,200 since September of the previous year.
READ THE STORY: Yahoo News
SolarWinds says SEC investigation ‘progressing to charges’
Analyst Comments: The complaint filed by noyb highlights concerns regarding the collection, transfer, and use of cellphone data to create personalized trustworthiness scores. This case raises important questions about the extent of data privacy violations and the compliance of companies with privacy regulations such as the GDPR. If the allegations are proven true, it could have significant implications for BISC, TeleSign, and Proximus in terms of potential fines and the need to reassess their data privacy practices. It also underscores the ongoing challenges surrounding the use of personal data for profiling and algorithmic decision-making, and the potential risks it poses to individuals' privacy rights.
FROM THE MEDIA: SolarWinds, the technology firm that experienced a major hack in December 2020, has stated that its executives may face charges from the U.S. Securities and Exchange Commission (SEC) related to their response to the incident. The hack, attributed to the Russian Foreign Intelligence Service, impacted multiple U.S. government agencies and large companies. Hackers inserted malware into SolarWinds' Orion IT monitoring application, allowing them to gain access to high-value targets and compromise internal and cloud-based systems over several months. SolarWinds defended its response to the hack but acknowledged the possibility of charges from the SEC. The company claimed that the attack was highly sophisticated and unforeseeable, carried out by a global superpower using novel techniques.
READ THE STORY: The Record
Managed by Macquarie: the Australian group with a grip on global infrastructure
Analyst Comments: Macquarie's rise to become the largest infrastructure asset manager in the world highlights the growing role of private finance in critical infrastructure projects. While the company has been successful in attracting investment and delivering returns to shareholders, it has also faced criticism for its profit-driven approach and the potential risks associated with privatizing essential state monopolies. The debate surrounding the use of private finance in infrastructure revolves around balancing the need for investment and efficiency with the public interest and long-term sustainability. It raises questions about the role of regulation, the accountability of private companies in managing essential services, and the potential impacts on consumers and the environment.
FROM THE MEDIA: Macquarie, the Australian financial services company, has become a major player in global infrastructure, managing $590 billion in assets. It has earned the nickname "Vampire Kangaroo" due to its strategy of buying essential public infrastructure, increasing debt, and paying out significant sums to shareholders. The company's success has drawn attention and scrutiny, particularly in the UK, where its investments in private water monopolies have raised concerns over pollution and sewage. Critics question the use of private finance in essential state monopolies, while supporters credit Macquarie with attracting much-needed finance to infrastructure projects. Macquarie's investment portfolio includes toll roads, airports, ports, renewable energy projects, hospitals, and more.
READ THE STORY: FT
Alphabet, Bharti Airtel to bridge India's digital divide with frickin' laser beams
Analyst Comments: Alphabet's Project Taara's collaboration with Bharti Airtel demonstrates the potential of laser-based connectivity to bridge gaps in network infrastructure and extend internet access. By utilizing optical links, Taara offers an alternative solution to laying traditional fiber cables, especially in challenging environments. The technology's ability to transmit large amounts of data and provide high-speed connectivity makes it attractive for areas where radio spectrum-based solutions are limited.
FROM THE MEDIA: GalaxySpace, a private satellite maker based in Beijing, has successfully conducted sea-based tests to validate the capabilities of China's first low-orbit broadband internet network, the Mini Spider Constellation. The tests took place aboard the CETC 1 testing ship in the South China Sea and demonstrated the communication link between the Mini Spider Constellation and devices on the vessel. Several satellites in low-Earth orbit facilitated signal transmission between the ship and a ground station in Lingshui, Hainan province, at an average speed of 260 megabits per second. This marked the first time the space-based system connected with a ship on the high seas. The Mini Spider Constellation, comprising six satellites launched in March 2022, operates at an altitude of 500 kilometers and offers a transmission capacity of 40 gigabits per second.
READ THE STORY: The Register
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
Analyst Comments: The reported increase in credential-stealing attacks by Midnight Blizzard and spear-phishing campaigns by APT28 highlight the ongoing cyber threat posed by Russian state-affiliated hacker groups. These actors demonstrate persistence and adaptability, employing various techniques and leveraging undisclosed tooling to carry out targeted attacks against government, military, and critical sectors. The use of residential proxy services by Midnight Blizzard adds an additional layer of complexity in tracking and remediation efforts.
FROM THE MEDIA: Microsoft has reported a surge in credential-stealing attacks conducted by the Russian state-affiliated hacker group Midnight Blizzard (formerly known as Nobelium, APT29, Cozy Bear, Iron Hemlock, and The Dukes). These attacks utilize residential proxy services to conceal the source IP address and target governments, IT service providers, NGOs, defense, and critical manufacturing sectors. Midnight Blizzard has been known for its supply chain compromise in the SolarWinds attack and continues to employ undisclosed tooling in targeted attacks against foreign ministries and diplomatic entities. The group employs password spray, brute-force, and token theft techniques, along with session replay attacks to gain initial access to cloud resources. Microsoft also highlighted the use of residential proxy services by the threat actor to obfuscate connections made with stolen credentials.
READ THE STORY: THN
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack
Analyst Comments: This attack targeting a cryptocurrency exchange in Japan demonstrates the ongoing risks faced by the cryptocurrency industry and the need for robust cybersecurity measures. The use of sophisticated macOS toolkits like JokerSpy highlights the evolving tactics of threat actors to target different platforms and gain unauthorized access to sensitive systems. Organizations in the cryptocurrency sector should ensure they have strong security controls in place, including regular patching, monitoring for suspicious activities, and employee training to mitigate the risk of such attacks.
FROM THE MEDIA: An unknown cryptocurrency exchange in Japan was recently targeted in an attack that deployed a macOS backdoor called JokerSpy. The attack involved the installation of Swiftbelt, a Swift-based enumeration tool inspired by an open-source utility called SeatBelt. JokerSpy is a sophisticated toolkit designed to breach macOS machines, according to Bitdefender. The threat actor behind the attack remains unknown, but the toolkit includes programs written in Python and Swift that gather data and execute arbitrary commands on compromised hosts. The attacker attempted to masquerade the toolkit as XProtect, a built-in antivirus technology in macOS, by using a self-signed multi-architecture binary called xcc. The attack used backdoored versions of software development applications like IntelliJ IDEA, iTerm, and Visual Studio Code to gain initial access.
READ THE STORY: THN
Dialup-era developer writes ChatGPT client for Windows 3.1
Analyst Comments: The creation of a ChatGPT client for Windows 3.1 demonstrates the creativity and enthusiasm of developers to bring modern technologies to outdated platforms. While this may be a niche project, it highlights the enduring interest in retro computing and the willingness of some users to explore the possibilities of new technologies in old environments. However, it is important to note that running outdated operating systems can pose security risks, as they lack modern security features and may have unpatched vulnerabilities.
FROM THE MEDIA: An anonymous developer has created a ChatGPT client called WinGPT for Windows 3.1, allowing users to access the language model on the outdated operating system. WinGPT was written in C and runs on any 16-bit or 32-bit version of Windows from Windows 3.1 onward. However, it requires Winsock to function, as it connects to the OpenAI API server natively using TLS 1.3. The developer mentioned that the program is not secure, but it offers a nostalgic experience for users still running Windows 3.1.
READ THE STORY: The Register
New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Analyst Comments: The timely release of patches by Fortinet to address critical vulnerabilities in its FortiNAC network access control solution demonstrates the company's commitment to addressing security issues promptly. The discovery and responsible disclosure of the vulnerabilities by security researchers help in ensuring that appropriate fixes are made available to users. Organizations using FortiNAC should promptly apply the provided patches to mitigate the risks associated with the identified vulnerabilities.
FROM THE MEDIA: A Chinese nation-state actor, known as Volt Typhoon or Vanguard Panda, has been engaging in sophisticated cyber-espionage operations against U.S. government, defense, and other critical infrastructure organizations since mid-2020. Cybersecurity firm CrowdStrike discovered the group's tradecraft, which includes exploiting vulnerabilities in ManageEngine Self-service Plus for initial access, utilizing custom web shells for persistent access, and employing living-off-the-land (LotL) techniques for lateral movement within networks. One uncovered technique involves a backdoored Apache Tomcat library, which is a new method of maintaining persistence. The actor was also found to tamper with access logs to obscure their trail but failed to account for Java source and compiled class files, revealing additional web shells and backdoors.
READ THE STORY: THN
Understanding France’s Diminishing Influence in Africa
Analyst Comments: The power dynamics in West Africa are undergoing significant shifts, with Russia and China posing challenges to European influence. France's diminishing role and resistance to its presence highlight the need for France to reassess its approach and repair its image in the region. The conflict in Ukraine has further intensified the strategic conflicts between the West and Russia, making Africa an important arena for global influence. West African nations are seeking economic and military support without perceived lectures on democracy and human rights, leading to their engagement with Russia and China. However, it would be premature to suggest that France should completely withdraw from West Africa, as it is reevaluating its strategy and seeking to maintain its influence in the region.
FROM THE MEDIA: France's historical influence in West Africa is facing resistance and diminishing role as countries like Mali and Burkina Faso have expelled France and shown hostility towards its presence. These shifts are compounded by the countries' turn towards Russia, aligning with the broader conflict between France, Europe, and Russia over the Ukraine invasion. In response, French President Emmanuel Macron introduced a new African policy to repair France's image and maintain its influence. Changes in geopolitics resulting from the war in Ukraine have also played a significant role, with European countries seeking alternative energy sources and West Africa potentially supporting Europe's diversification efforts. Russia, with its UN Security Council membership and technical and military capabilities, has emerged as a strategic partner for Africa, expanding its influence in countries like Mali, Central African Republic, Mozambique, Libya, Madagascar, and Sudan. Russia's support for African liberation movements during the Cold War has allowed it to foster close relationships and advance its narrative during the Ukraine conflict. China has also grown its involvement in West Africa, particularly in the oil sector, and seeks to establish a naval base in Equatorial Guinea.
READ THE STORY: International Policy Digest
The U.S.-China Rivalry Is Complicating the World’s Debt Crisis
Analyst Comments: The Suriname crisis highlights the complex interplay between global power dynamics and the economic plight of middle- and lower-income countries. China's growing role as a major lender presents a significant challenge to established norms in international finance and global governance, largely because of its different approach to lending, which contrasts with institutions like the IMF. The conflict between the U.S. and China, the world's two largest economies, complicates the debt relief processes for struggling countries like Suriname. In the absence of a cooperative solution, the most vulnerable suffer, as demonstrated by Suriname's dire situation.
FROM THE MEDIA: Suriname, a South American country with 600,000 inhabitants, is dealing with an intense financial crisis due to global events, a history of poor governance, and an economy heavily reliant on commodity exports. Suriname is caught in a geopolitical conflict between the United States and China, as it struggles to meet its debt obligations and negotiate debt relief. A significant portion of its $2.4 billion foreign debt is owed to Chinese creditors. The International Monetary Fund (IMF), a traditionally dominant source of financial relief, is set to provide Suriname with a three-year, $690 million low-interest loan package. However, the IMF and the United States are pressing China to restructure Suriname's $545 million debt before they move ahead with their own debt relief, creating a deadlock. This situation is causing severe hardships for ordinary Surinamese, as the government is forced to cut public spending and the local economy suffers due to inflation and a devalued currency.
READ THE STORY: The New York Times
Items of interest
How can hackers gain access to air-gapped computers?
Analyst Comments: The discovery that quantum computing could potentially breach the security of air-gapped computers highlights the evolving threats in cybersecurity. Air-gapped systems have long been considered highly secure due to their physical isolation from the internet, making them less susceptible to traditional cyberattacks. However, the advent of quantum computing, with its ability to solve complex problems at an unprecedented speed, poses new risks. The ability to remotely access and compromise air-gapped computers through power consumption analysis and distinctive energy patterns underscores the need for proactive measures to mitigate such threats. Organizations that rely on air-gapped systems to safeguard sensitive information must reassess their security strategies and explore solutions to counter potential quantum-based attacks.
FROM THE MEDIA: Researchers have discovered that quantum computing could potentially compromise the security of air-gapped computers, which are considered to be the most secure form of cybersecurity. Air-gapped computers, which store sensitive and confidential information of large businesses and government agencies, are typically isolated from the internet and external networks to protect against cyberattacks. However, a cybersecurity expert warns that a criminal armed with a quantum computer, accessible via the cloud, could hack into air-gapped computers through their electricity supply. By analyzing distinct energy consumption patterns and power readings, a hacker could identify the presence of an air-gapped server and gain access to it.
READ THE STORY: Innovation News Network
The Air-Gap Jumpers (Video)
FROM THE MEDIA: In this talk, we focus on 'Bridgeware', a type of malware that allows attackers to overcome ('bridge') air-gap isolation in order to leak data. We talk about various covert channels proposed over the years, including electromagnetic, magnetic, acoustic, thermal, electrical, and optical methods (and introduce new air-jumping techniques from our recent research).
Mind the Air-Gap: Exfiltrating ICS Data via AM Radios and Hacked PLC Code (Video)
FROM THE MEDIA: Critical industrial infrastructure is a juicy target for cyber attackers seeking ransom, trade secrets, or geopolitical intimidation. But many organizations assume they’re safe because their ICS/SCADA networks are air-gapped. This live hack will show how to exfiltrate reconnaissance data from air-gapped networks with AM radios and specially crafted code injected into programmable logic controllers.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.