Daily Drop (537): China: Toxic Pesticides, RU Cyber: NATO, Digital Privacy Rules, RU & CN: Japan and NATO, DPRK: Subs, RomCoM RAT, Revolut, RU Darknet Markets, France: Snooping
07-10-23
Monday, Jul 10, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
China Misleads on UN Food Agency’s Supply of Toxic Pesticides to Global South Under Qu
Analyst Comments: This development underscores the complex interplay between global governance, public health, and industry influences. The allegations of increased use of harmful pesticides in some of the world's poorest countries are alarming and could have significant implications for public health and the environment. It also potentially undermines the FAO's mission to combat hunger and achieve global food security.
FROM THE MEDIA: Qu Dongyu, a former Chinese government minister, was recently reelected as the director-general of the Food and Agriculture Organization (FAO), one of the United Nations' most influential agencies, despite allegations of promoting harmful pesticide use in poor African and South Asian countries. Prior to his reelection, a German investigation accused Qu of diverting from the FAO's policy of reducing global reliance on pesticides and of entering into questionable partnerships with agrochemical industry lobbying groups, including those associated with the Chinese government.
READ THE STORY: VOA
Russia sends in cyber attack dogs as NATO summit looms
Analyst Comments: These attacks are likely attempts to create public disorder and confusion during the NATO summit. While DDoS attacks are generally seen as more of a nuisance than a severe threat, their timing and the entities targeted suggest a political motive aimed at disrupting the NATO summit and advancing Russian interests. Continued vigilance and prompt responses to these cyber threats are necessary to mitigate their impact.
FROM THE MEDIA: The Russian cyber group NoName has reportedly disrupted several websites related to transport and tourism in Vilnius, Lithuania, as part of an apparent attempt to interfere with the upcoming NATO summit in the city. Among the affected websites are the GoVilnius tourism portal and the stops.lt journey planner. A shopping mall’s music streaming service and a local radio station were also reportedly hijacked to play pro-Russian propaganda. The National Cybersecurity Center of Lithuania confirmed ongoing distributed denial-of-service (DDoS) attacks, and its head urged citizens to remain vigilant and report suspicious activity.
READ THE STORY: Cybernews
New laws highlight state-level momentum for digital privacy rules
Analyst Comments: These developments represent a growing trend towards stronger data privacy protection at the state level, driven by the absence of comprehensive federal legislation. The contrasting approaches between states reflect the ongoing debate about balancing individual privacy rights with business and government interests. While industry stakeholders argue the state-by-state approach creates confusion and increases compliance costs, privacy advocates laud these moves as significant steps toward stronger data protection.
FROM THE MEDIA: California, Colorado, and Connecticut have implemented new data protection measures, providing consumers with increased control over their data. These actions come amidst a growing number of state data privacy laws due to the lack of federal legislation on this issue. In California, amendments have extended residents' rights to limit the use and disclosure of sensitive personal information, and the newly created California Privacy Protection Agency is taking over rulemaking responsibilities. Colorado's law requires businesses to seek opt-in permission from consumers before processing sensitive data and extends to nonprofit organizations. Connecticut's law offers robust protection for adolescents' data and restricts the use of facial recognition technology.
READ THE STORY: The Record
Anarchy acts as a bridge, as Russia and China are pushing NATO and Japan closer together
Analyst Comments: The strengthening ties between NATO and Japan signify a major shift in global geopolitics, driven by common concerns over Chinese expansionism and Russian aggression. This strategic partnership brings Japan more into the fold of Western alliances and represents a broadening of NATO's geographical scope and interests. This relationship is critical for the balance of power in the Indo-Pacific region, especially as China continues to assert its regional dominance. Furthermore, the US has been instrumental in fostering this relationship, aligning its main multilateral and bilateral alliances as it pivots towards the Indo-Pacific region.
FROM THE MEDIA: The relations between NATO and Japan have grown significantly in recent years, due to a shared interest in countering the aggressive expansion of China and Russia. This has led to initiatives including high-level political dialogues, joint military training, and cooperation in technology and cybersecurity. In February 2023, NATO Secretary General Jens Stoltenberg and Japanese Prime Minister Fumio Kishida signed a joint declaration pledging increased strategic cooperation. The upcoming NATO summit in Lithuania will further cement this cooperation. However, it's highlighted that there is a need to increase trust and reduce misperceptions between the two parties for a more robust alliance in the long run.
READ THE STORY: War on the Rocks
North Korea accuses US of ‘air espionage,’ slams submarine plan
Analyst Comments: The accusations from North Korea heighten already tense relations between the country and the United States and South Korea. With the failure of the 2019 denuclearization talks, North Korea has grown more confrontational, conducting a record number of missile tests and rejecting offers of dialogue. This accusation could be a response to perceived military pressure from the US and South Korea, as both nations have resumed their large-scale joint military drills and deployed US strategic assets.
FROM THE MEDIA: North Korea accused the United States of violating its airspace with a reconnaissance aircraft and warned that the US plans to deploy a strategic submarine to the region will increase the risk of nuclear conflict. The North Korean Ministry of National Defense claimed that US strategic reconnaissance planes and drones flew over Korea's East and West seas for eight straight days, with one plane allegedly intruding into North Korean airspace multiple times. They also voiced concern over the US and South Korea's agreement to deploy a submarine with nuclear weapons on the peninsula, calling it an "undisguised nuclear blackmail" and a threat to regional and global peace and security.
READ THE STORY: LA Preansa Latina
RomCom RAT Targeting NATO and Ukraine Support Groups
Analyst Comments: The resurgence of the RomCom RAT indicates that politically motivated cyber attacks continue to pose a significant threat. The focus on the upcoming NATO Summit and Ukrainian support organizations suggests a likely geopolitical motivation behind these attacks. As RomCom's activities have a history of targeting politically relevant individuals and entities, it can be inferred that the group or related actors are attempting to gather intelligence or disrupt operations tied to NATO and Ukrainian interests. It is crucial for potential targets to remain vigilant against such threats, reinforcing their cybersecurity measures and educating staff about the risks of spear-phishing attacks.
FROM THE MEDIA: The threat group behind the RomCom Remote Access Trojan (RAT) is suspected of conducting phishing attacks against the upcoming NATO Summit in Vilnius and a supporting organization in Ukraine. These findings come from BlackBerry's Threat Research and Intelligence team, who found two malicious documents originating from a Hungarian IP address. RomCom, known by several other names, has been linked to cyber attacks against Ukrainian politicians closely tied with Western countries and a US-based healthcare organization aiding refugees from Ukraine. The group has used spear-phishing emails to direct victims to cloned websites hosting Trojanized software versions. The latest attacks impersonate the Ukrainian World Congress and attempt to get victims to click on a replica of their website.
READ THE STORY: THN
Let's take a look at those US Supreme Court decisions and how they will affect tech
Analyst Comments: These rulings signify a potential shift in how American law regards DEI efforts and could significantly impact tech companies' strategies to improve diversity and inclusivity. The rulings could result in a less diverse pool of graduates for tech firms to recruit from, potentially slowing progress toward greater workforce diversity. They could also expose tech companies to legal risks if they continue certain DEI practices. However, it's important to remember that many tech companies are global entities, and their DEI policies might still be influenced more by global trends and market expectations rather than rulings from one jurisdiction.
FROM THE MEDIA: The US Supreme Court has made two decisions that may hinder tech companies' efforts to improve diversity, equity, and inclusion (DEI). In the first decision, the court ruled that Harvard College and the University of North Carolina's admissions policies, which consider race as a factor, infringe the 14th Amendment's equal protection clause. The second decision found that the First Amendment prevents Colorado from obligating a web designer to create content that contradicts her religious beliefs. Critics argue that these decisions may discourage DEI initiatives. Wendy Musell, an employment discrimination specialist, warned that these decisions could limit the diversity of graduate candidates available to tech firms if universities adjust their admissions policies. Musell also pointed out that tech firms are disproportionately reducing their DEI departments and need to consider how these rulings might affect their DEI policies and procedures.
READ THE STORY: The Register
Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems
Analyst Comments: Given the nature of their operations, these companies are attractive targets for hackers. The exploitation of the flaw in Revolut's payment systems led to a significant financial loss for the company. This highlights the importance of robust cybersecurity measures and regular security audits, especially for businesses handling large volumes of financial transactions. The incident also raises questions about Revolut's decision not to disclose the breach publicly, as transparency regarding security incidents is considered a best practice in the cybersecurity community.
FROM THE MEDIA: In early 2022, hackers exploited a flaw in Revolut's payment systems, stealing more than $20 million from the company, according to undisclosed sources. The issue arose due to differences between Revolut's US and European systems, causing company funds to be used to refund declined transactions. The flaw, detected in late 2021, was used by criminal groups who triggered the refunds by making large purchases that were intentionally declined, then withdrew the refunded amounts from ATMs. Although some funds were recovered, Revolut suffered a net loss of about $20 million due to the mass fraud scheme. The exact technical details of the flaw remain unclear.
READ THE STORY: THN
Russian Dark Net Markets Dominate the Global Illicit Drug Trade
Analyst Comments: The rise of Russian DNMs poses significant challenges to global law enforcement and regulatory agencies. The use of advanced technology, anonymity tools, and cryptocurrencies in these DNMs complicates detection and intervention efforts. The transition from traditional to online markets has enabled the illicit drug trade to expand virtually unimpeded, with criminal activity being increasingly masked and distributed across international boundaries. The geopolitical dimension further complicates matters. Collaboration between Russia and Western countries in tackling cybercrime has been hindered by broader political disagreements, thereby creating a conducive environment for the growth of these markets.
FROM THE MEDIA: Russian-language Dark Net Markets (DNMs) have become a dominant force in the global illicit drug trade, accounting for 80% of the $1.49 billion worth of drugs purchased online in 2022, according to a report by TRM Labs. The popularity of these DNMs can be attributed to their convenience, perceived anonymity, and technological advancements that make law enforcement investigations challenging. The widespread use of crypto transactions and blockchain technology within DNMs further aids in the concealment of illegal activities. Geopolitical tensions and the growing disconnect between Western countries and Russia on cybercrime matters have also contributed to the flourishing of these markets.
READ THE STORY: HackRead
Liberté, Égalité, Spyware: France okays cops snooping on phones
Analyst Comments: The new French law potentially extends the surveillance capabilities of law enforcement, raising concerns about privacy and misuse. While it's intended to aid in investigating serious crimes, it also poses risks related to civil liberties and freedom of expression, especially in the context of ongoing social unrest in the country. As for the cybersecurity vulnerabilities, the issues emphasize the necessity of regular security updates and vigilance in protecting software from potential attacks. The repeated attack on Shell by Cl0p shows the importance of learning from past breaches and implementing stronger cybersecurity measures. Similarly, the vulnerability in SolarView software stresses the importance of keeping industrial control systems segmented from the internet and ensuring that all systems are up-to-date with the latest security patches.
FROM THE MEDIA: In the midst of nationwide riots, the French parliament has passed a bill granting law enforcement rights to remotely activate the electronic devices of suspects without their consent or knowledge. The provision, nicknamed "the snoopers' charter," allows French police to remotely activate cameras and microphones, as well as collect location data from devices, for crimes that carry a minimum jail term of five years. The bill has been met with resistance and concerns over potential misuse and an increase in police surveillance. In other news, multiple cybersecurity vulnerabilities have been reported. A serious issue, identified as CVE-2023-36460, has been found in the decentralized social network Mastodon. The problem allows an attacker with a specially-crafted media file to create arbitrary files at any location. Firefox 115 and Thunderbird v. 102.13 have also received important security patches.
READ THE STORY: The Register
Items of interest
SpaceX's Starlink Satellites Are Leaking Radiation, Scientists Confirm
Analyst Comments: This discovery highlights the potential for unintended consequences of technological advancement, particularly as space becomes increasingly crowded. It also emphasizes the importance of continued research and proactive regulation to prevent negative impacts on fields such as radio astronomy. The active response from SpaceX indicates a commitment to address this problem, which could influence other companies to adopt similar practices, hopefully mitigating potential future disruptions.
FROM THE MEDIA: According to a recent study, the electronics on board SpaceX's Starlink satellites are unintentionally 'leaking' low-frequency radio waves, potentially impacting radio astronomy. These leaks are occurring outside the allocated downlink bands, polluting wavelength bands reserved for radio astronomy. SpaceX has around 4,365 small internet satellites in Earth's orbit, with thousands more planned. Other companies, such as OneWeb and Amazon, also plan to launch thousands of satellites. Scientists used the LOw Frequency ARray (LOFAR) in Europe, a network of approximately 20,000 radio antennas, to investigate the potential leaks. They observed 68 Starlink satellites and detected electromagnetic leakage from 47 of them, including in a frequency range protected for radio astronomy.
READ THE STORY: Science Alert
How does Starlink Satellite Internet Work (Video)
FROM THE MEDIA: The ground dish, called Dishy, uses a phased array of 1280 antennas to send and receive electromagnetic waves to and from the Starlink satellite. The transcript also explains how a single antenna operates and how multiple antennas are combined to amplify the signal. It describes the process of steering the beam of data between Dishy and the satellite and how information is encoded and transmitted using high-frequency electromagnetic waves.
SpaceX will discontinue Starlink (1.5) Satellites currently in Orbit (Video)
FROM THE MEDIA: SpaceX has officially discontinued its Starlink satellites in favor of a new generation. The discontinuation is seen as a positive development as it will lead to faster speeds, reduced latency, and expanded coverage. Currently, the Starlink service is available in the western United States with no waiting list, but many areas in the eastern part of the country have a waiting list.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.