Daily Drop (539): Philippines: Satellite Internet, Apple: Zero-Day, Silk Road: Drug Market, MicroSoft: 130 Bugs patched, China: Global targets, China: EV push, China Spy Activities
07-12-23
Wednesday, Jul 12, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Astranis will launch a dedicated internet satellite for the Philippines next year
Analyst Comments: This deal highlights Astranis' unique approach in the expanding satellite internet market, with a focus on partnering with local ISPs and providing a broader scope of connectivity. This strategy may offer Astranis a competitive edge, particularly in geographically challenging regions such as the Philippines, where traditional connectivity technologies are often disrupted by natural disasters. By directly addressing infrastructure needs, Astranis is positioning itself as an enabler of connectivity for critical services, which could significantly benefit regions that face recurring disruptions in their internet service
FROM THE MEDIA: Space-based internet startup Astranis has signed an agreement to launch and operate a dedicated satellite for the Philippines, potentially providing internet connectivity for up to 2 million people. The company is partnering with Orbits Corp and its sister company HTechCorp., a Philippine ISP, for this venture. Astranis operates relatively small satellites in geosynchronous orbit, allowing for continuous access to a large geographical area from a fixed position. Unlike SpaceX’s Starlink, Astranis sells broadband capacity to local telecommunications and ISPs, which can then be used to connect infrastructures such as hospitals, schools, and industrial centers, as well as individual devices.
READ THE STORY: TC
Apple's Rapid Zero-Day Patch Causes Safari Issues
Analyst Comments: Apple urgently released a patch to address a zero-day security vulnerability (CVE-2023-37450) in its WebKit browser engine, which is currently under active exploitation. The vulnerability allows for arbitrary code execution on fully patched iPhones, iPads, and Macs and could be exploited via drive-by attacks using compromised web pages. However, following the patch installation, users began to report browser malfunctions and "Unsupported Browser" errors when using certain apps such as Facebook, Instagram, WhatsApp, and Zoom on Safari.
FROM THE MEDIA: Apple urgently released a patch to address a zero-day security vulnerability (CVE-2023-37450) in its WebKit browser engine, which is currently under active exploitation. The vulnerability allows for arbitrary code execution on fully patched iPhones, iPads, and Macs and could be exploited via drive-by attacks using compromised web pages. However, following the patch installation, users began to report browser malfunctions and "Unsupported Browser" errors when using certain apps such as Facebook, Instagram, WhatsApp, and Zoom on Safari. While some reports suggest Apple has withdrawn the patches, the company has not officially commented on these claims.
READ THE STORY: DarkReading
Silk Road drug market’s ‘mentor’ sentenced to 20 years in prison
Analyst Comments: Clark's sentence underscores the ongoing crackdown on dark web activities and the serious consequences for those involved in such illicit operations. Despite his argument that his work was motivated by a belief in drug legalization and that online transactions were safer than physical deals, the court's decision reflects the severity of the crimes committed through Silk Road. This verdict might deter others from participating in similar illicit online activities.
FROM THE MEDIA: Roger Thomas Clark, a senior advisor to the Silk Road dark web marketplace, has been sentenced to 20 years in prison and ordered to pay $1.6 million for his involvement in distributing large amounts of narcotics via the site. Clark, known online as Variety Jones, played a critical role in advising Silk Road’s founder Ross Ulbricht, who is currently serving a life sentence. Clark has already spent over seven years in prison after his arrest in Thailand in 2015 and extradition to the U.S. in 2018. During Silk Road's operation from 2011 to 2013, the platform was used by numerous drug dealers to distribute narcotics, and other illicit goods, and launder money.
READ THE STORY: The Record
Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws
Analyst Comments: The broad range of vulnerabilities disclosed by Microsoft in this patch, especially those already exploited in the wild, highlights the ongoing security challenges faced by tech giants. While Microsoft has taken steps to patch most of these vulnerabilities, the lack of a fix for the CVE-2023-36884 issue is a significant concern, particularly given its exploitation by threat actors. Microsoft's decision to publicize this flaw early may aid in raising awareness among users and encouraging them to take precautionary measures. Companies and individuals are advised to apply these patches promptly to protect against potential cyber threats.
FROM THE MEDIA: Microsoft has addressed 130 vulnerabilities in its products, with five of them having already been exploited in the wild. The security updates pertain to Windows, Office, .NET and Visual Studio, Azure Active Directory and DevOps, Dynamics, printer drivers, Microsoft's DNS Server, and Remote Desktop. Among the 130 vulnerabilities, nine are critical, including the CVE-2023-36884 remote code execution flaw in Microsoft Office files, which has not yet been patched. This flaw has been exploited by a Russian group, Storm-0978, to target attendees of a NATO summit. Microsoft also patched four other vulnerabilities that were being actively exploited, relating to software security feature bypasses, and privilege escalation issues.
READ THE STORY: The Register
China’s Targeting Of International Companies In Geopolitical Competition
Analyst Comments: The rising geopolitical rivalry involving China, especially with the United States, has resulted in significant consequences for international businesses, costing them millions of dollars in potential revenues. Such geopolitical disputes have forced some companies to either scale back their operations in China or withdraw entirely. This geopolitical context highlights the necessity for businesses to consider their operations from a political and adversarial perspective, even if they view their economic activities as independent of national politics, security, and defense. The level of exposure to various identified risks is often directly proportional to the dependency of the business on Chinese supply chains or the Chinese market.
FROM THE MEDIA: Amid escalating rivalry with the United States and prioritization of national security over economics, China poses significant geopolitical risks that have caused financial losses for many international businesses. These businesses are encouraged to reevaluate their operations from a political perspective, especially if they are heavily reliant on Chinese supply chains or markets. The report outlines specific geopolitical issues that provoke Chinese backlash against international firms and identifies categories of risk including changing laws, potential for disruptive conflict, international sanctions regimes, and evolving data governance regulations.
READ THE STORY: ACSM
Chinese battery maker for the stars of the EV world suddenly wants to be seen powering human rights
Analyst Comments: CATL's commitment to the UN Global Compact is a positive step towards enhanced corporate social responsibility, particularly given the company's influence in the global EV battery market. However, this commitment also comes amid ongoing scrutiny over the source of raw materials for EV batteries, especially those originating from Xinjiang province, where allegations of human rights abuses against the Uyghur Muslim minority are rampant. CATL's engagement with the UN initiative may partly be a strategic move to improve its global image, particularly as it seeks to expand overseas and amid concerns about potential US sanctions due to these human rights issues.
FROM THE MEDIA: Chinese battery company Contemporary Amperex Technology (CATL), a significant supplier of electric vehicle (EV) batteries worldwide, has announced it's joining the United Nations Global Compact. The initiative encourages CEOs to make non-binding commitments for sustainability, social responsibility, human rights, and labor rights. The company's participation began on June 28, 2023, and will continue until June 30, 2024. CATL has committed to implementing the Compact's 10 principles in its business strategy, culture, and daily operations, and to annually reporting progress against these goals.
READ THE STORY: The Register
Biden’s Cyber Command and NSA nominee seen as a pick for continuity
Analyst Comments: The nomination of Lt. Gen. Timothy Haugh signifies continuity in the U.S. cybersecurity strategy as he is known for sharing a similar approach to his predecessor, Paul Nakasone. Haugh's experience in election security could be crucial for the U.S. in ensuring the integrity of the 2024 presidential elections amidst potential foreign interference. However, his appointment faces challenges, not least from a political standpoint due to Sen. Tuberville's blanket hold. Should he secure the position, Haugh will need to address several issues, such as the debate surrounding the reauthorization of Section 702, the readiness levels of Cyber Command, and the ongoing questions about the dual-hat leadership of the Cyber Command and NSA.
FROM THE MEDIA: President Joe Biden's nominee for the head of U.S. Cyber Command and the National Security Agency, Air Force Lt. Gen. Timothy Haugh, is expected to play a critical role in strengthening the bond between the two cybersecurity entities. Haugh is known for his calm, open-minded approach, mirroring the demeanor of his predecessor, Army Gen. Paul Nakasone. Haugh's confirmation comes during a pivotal moment when the Biden administration is pushing Congress to reauthorize the controversial Section 702 of the Foreign Intelligence Surveillance Act, which has faced criticism for potential privacy violations. This law allows the NSA to collect extensive intelligence data from U.S. technology providers about foreign espionage and national security threats.
READ THE STORY: The Record
Chinese Spy Activities in the U.S.’ Backyard
Analyst Comments: The reported Chinese surveillance station in Cuba indicates a broadening of China's intelligence operations and aligns with its geopolitical goals of extending its influence and building relationships with governments in Latin America and the Caribbean. This includes gaining support for its economic and ideological ambitions while securing access to critical resources. This strategy is akin to China's activities in African countries but with the added advantage of geographical proximity to the US. China's intelligence activities are part of larger goals aimed at advancing its security interests in military, diplomatic, and economic domains. Tactics include intellectual property theft, infiltrating universities, and private companies to acquire valuable knowledge, and exploiting the open and collaborative nature of Western countries. This has resulted in a considerable transfer of intellectual wealth.
FROM THE MEDIA: As per The Wall Street Journal, China has reportedly established an electronic surveillance center in Cuba, approximately 100 miles from Florida, under a secret deal. The facility might enable China to intercept electronic communications originating from the southeastern region of the United States, which includes several US military bases. The surveillance center is also thought to align with the People's Liberation Army's global initiative, "Project 141," aiming to establish military bases worldwide. Over the years, China's strategy around the United States has involved expanding its economic and security presence in Latin American countries. Trade between China and Latin America, including the Caribbean, surged from USD 12 billion to USD 315 billion between 2000 and 2020, according to the World Economic Forum. The alleged surveillance station could also serve as a platform for intercepting cell phone communications, capturing electronic signatures attached to defense messages, and monitoring computer screens at military installations.
READ THE STORY: GCT
Russian hackers lured embassy workers in Ukraine with an ad for a cheap BMW
Analyst Comments: The hacking operation is notable for its broad scope, targeting diplomats in at least 22 out of the approximately 80 foreign missions based in Ukraine's capital. This incident represents a significant and calculated espionage effort by the alleged Russian group, using relatively innocuous methods to penetrate the computer systems of potential targets. The reuse of known tools and techniques linked to SVR further points towards a state-backed cyber espionage operation. Diplomatic missions remain a high-value target for such actions, especially amid the ongoing geopolitical tensions surrounding Ukraine.
FROM THE MEDIA: According to a report by cybersecurity firm Palo Alto Networks' Unit 42 research division, hackers believed to be associated with Russia's foreign intelligence agency have targeted diplomats at various embassies in Ukraine. The hackers, known as APT29 or "Cozy Bear," employed a fake used car advertisement to attempt access to the diplomats' computer systems. The campaign involved an original flyer from a Polish diplomat advertising a used BMW for sale in Kyiv. The hackers intercepted this flyer, embedded it with malicious software, and redistributed it among foreign diplomats working in Kyiv. In 2021, APT29 was identified by U.S. and British intelligence agencies as an arm of Russia's Foreign Intelligence Service, the SVR.
READ THE STORY: Reuters
Russia says it may use similar weapons if the U.S. supplies cluster bombs to Ukraine
Analyst Comments: Shoigu's comments signal the potential for a further escalation in the Ukrainian conflict. The use of cluster munitions, banned by many countries due to their indiscriminate impact and potential for unexploded bomblets to harm civilians post-conflict, could exacerbate the humanitarian situation in Ukraine. The U.S.' decision to provide Ukraine with such weapons has generated controversy, with close allies like Britain, Canada, and Germany expressing their opposition to the use of cluster munitions. The exchange of such high-casualty weapons would represent a dangerous escalation in the conflict, further complicating any diplomatic resolutions.
FROM THE MEDIA: Russian Defence Minister Sergei Shoigu stated on Tuesday that Russia would respond with "similar" weapons if the United States supplied Ukraine with cluster bombs. This statement follows the U.S. announcement last week that it would provide Ukraine with cluster munitions, explosive weapons that release numerous smaller bomblets over a wide area and are banned by over 100 countries. Although Russia possesses cluster munitions, it has abstained from their use in the current military campaign. Shoigu added that the Russian army is taking measures to safeguard its troops from such weapons. Human Rights Watch alleges that both Russia and Ukraine have utilized cluster munitions during the ongoing 17-month conflict in Ukraine. Neither the U.S., Russia, nor Ukraine have signed the Convention on Cluster Munitions.
READ THE STORY: Reuters
China's Huawei Poised to Overcome US Ban with Return of 5G Phones
Analyst Comments: Huawei's projected return to the 5G smartphone industry signifies a crucial step for the company after years of struggle due to U.S. restrictions. The move would be enabled through domestic chip procurement, underscoring China's broader push for tech self-sufficiency amidst ongoing geopolitical tensions. Despite the expected low yield rate of usable chips (below 50%), limiting the shipments of 5G units, Huawei's return to 5G phone manufacturing shows the firm's resilience and adaptability. However, the continuing U.S. restrictions limiting Huawei's access to Google's Android operating system could dampen the global appeal of Huawei handsets outside of China.
FROM THE MEDIA: China's Huawei Technologies is planning a return to the 5G smartphone industry by the end of this year, as suggested by reports from three third-party technology research firms. This move would represent a significant comeback after a US ban on equipment sales drastically affected Huawei's consumer electronics business. Huawei is expected to acquire 5G chips domestically, using its own developments in semiconductor design tools and chipmaking from Semiconductor Manufacturing International Co (SMIC). Huawei's consumer business revenue declined almost 50% in 2021 after peaking at 483 billion yuan ($67 billion) in 2020. The U.S. and European governments labeled Huawei a security risk, which led to restrictions that limited Huawei's access to essential chipmaking tools for creating its advanced models. Predictions suggest that Huawei could produce 5G versions of flagship models such as the P60 this year, with new launches expected in early 2024.
READ THE STORY: Reuters
‘An Act of War’: Inside America’s Silicon Blockade Against China
Analyst Comments: This move by the U.S. can be seen as part of the larger context of the ongoing technological rivalry between the U.S. and China. It represents a shift in the geopolitical landscape where economic and technological power plays an increasingly significant role. The U.S. is leveraging its influence over the global semiconductor industry as a strategic tool to control China's technological advancements. The outcome of this strategy could have significant implications for both nations and the global order. If successful, the U.S. could slow China's technological rise and potentially maintain its own technological dominance. If unsuccessful, the move could prompt China to achieve technological self-reliance faster than expected, altering the global power balance.
FROM THE MEDIA: In October last year, the United States Bureau of Industry and Security (B.I.S) issued a detailed document imposing strict export controls on China, effectively declaring an economic war on the nation. This move, primarily aimed at crippling China's ability to produce or purchase high-end semiconductor chips, was geared towards hampering China's advancements in AI and other technologies. Semiconductor chips, used in every electronic device and system, have become central to the global economy and key to the innovations of the future, such as quantum computing and artificial intelligence. With these new export controls, the U.S. government seeks to not only prevent China from progressing further in these technologies but also actively roll back its current technological capabilities.
READ THE STORY: NYT
Hackers target Chinese-speaking Microsoft users with ‘RedDriver’ browser hijacker
Analyst Comments: The discovery of RedDriver is a stark reminder of the complex cybersecurity threats companies and individuals face. The perpetrators' high level of sophistication demonstrates the evolving nature of cybercrime and the lengths to which attackers will go to exploit vulnerabilities. Given that RedDriver targets Chinese-speaking Microsoft users and is likely developed by Chinese speakers, this may be indicative of an increasing trend of localized cybercrime. Furthermore, its specific targeting of internet cafes, often frequented by less security-conscious users, shows strategic planning on the part of the attackers.
FROM THE MEDIA: Cybersecurity experts from Cisco Talos have discovered multiple versions of a tool called RedDriver, used to intercept web browser traffic. The tool targets Chinese-speaking Microsoft users, specifically targeting Chinese language browsers, such as Google Chrome and Microsoft Edge, to hijack. The initial stage of the attack begins with a malicious file named DNFClient, related to the popular Dungeon Fighter Online game in China. Once executed, it begins the download of RedDriver, which is a crucial part of a multi-stage infection chain that hijacks browser traffic and redirects it to localhost. The hackers behind RedDriver are highly skilled in driver development and have a deep understanding of the Windows operating system. The tool uses stolen certificates to forge signature timestamps, thus bypassing driver signature enforcement policies in Windows.
READ THE STORY: The Record
Global Times: When war profiteering meets reality
Analyst Comments: NATO's challenges in its enlargement efforts and military exercises reflect the complexities of global geopolitics. These issues underscore the difficulty of maintaining a unified stance within the alliance, particularly as it attempts to counter perceived threats from Russia and China. The apparent lack of industrial capacity in the West to support a large-scale war effort may also suggest an over-reliance on existing weapon stockpiles. NATO's planned expansion into East Asia may further complicate its relations with China and could potentially escalate tensions in the region.
FROM THE MEDIA: NATO's attempts to expand its influence in Europe and East Asia have faced a series of setbacks, according to the Global Times. Sweden's admission to NATO has been delayed due to Turkey's use of the alliance's consensus rule to address certain issues, while Finland's military aid to Ukraine reportedly suffered significant losses. NATO's large-scale air power exercise, Air Defender 2023, failed to gain as much media attention as anticipated. In addition, Western efforts to stockpile weapons have been hindered by the reality of financialized, de-industrialized economies.
READ THE STORY: Modern Diplomacy
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
Analyst Comments: The emergence of PyLoose underscores the increasing sophistication of cyber threats and the creative tactics employed by threat actors to remain untraceable and efficient. The fileless nature of the attack demonstrates an advanced level of expertise, making it harder to detect and mitigate. The targeting of cloud workloads suggests that the attackers are adapting to the increased reliance on cloud services by many organizations. This finding indicates a potential trend that organizations should be aware of when enhancing their cybersecurity measures, particularly those relying heavily on cloud-based workloads.
FROM THE MEDIA: A new fileless cyberattack known as PyLoose has been found to be targeting cloud workloads to deploy a cryptocurrency miner. According to security researchers from cloud security firm Wiz, this attack is the first publicly documented Python-based fileless attack targeting cloud workloads. The attack leverages Python code to load an XMRig Miner directly into memory via memfd, a known Linux fileless technique. PyLoose was first detected on June 22, 2023. It is a compact Python script comprising just nine lines of code that embeds a compressed and encoded precompiled XMRig miner. The payload is fetched from paste.c-net[.]org into Python runtime's memory by an HTTPS GET request, avoiding writing the file to disk.
READ THE STORY: THN
Items of interest
Firmware Attacks: The Silent Threat to Your IoT Connected Devices
Analyst Comments: Firmware attacks on IoT devices have become a growing concern in recent years. These attacks exploit vulnerabilities in the firmware, which is the low-level software that controls the hardware of the device, to gain access to sensitive data or control the device remotely. Firmware attacks are particularly dangerous because they can be difficult to detect and can allow attackers to maintain access to a device for an extended period of time.
FROM THE MEDIA: The firmware, being the low-level software controlling the device's hardware, presents a security risk, as attackers exploiting its vulnerabilities can gain control of the device or steal sensitive data. The menace of firmware attacks is compounded by their low detectability and the extended access they offer to the attackers. A detailed review of the attack methods (including buffer overflow attacks, injection attacks, reverse engineering, and password attacks) and their potential impacts (like data theft, remote control, long-term access, and damage to device functionality) is provided. The paper also presents various preventive strategies such as regular firmware updates, usage of strong passwords, monitoring network activity, and incorporating security measures during the design phase.
READ THE STORY: Research Gate
The Spying Game - "Walls Have Ears" (Video)
FROM THE MEDIA: ALAN BATES narrates the second part of this fascinating series which sheds light on the dark history of espionage. Throughout the Cold War, the world's intelligence agencies fought a technological battle to steal secrets directly from the mouths of their enemies. From bugged shoes to trees full of hidden microphones, the eavesdroppers of the CIA, MI6 and the KGB reveal the amazing gadgets and techniques they developed to fight a real war of words.
Spycraft: Inside Secrets of Espionage and Surveillance (Video)
FROM THE MEDIA: A hands-on course in espionage written and co-directed by a man who spent 20 years running spies for a well-known federal agency that we are not allowed to name, this video is packed with inside secrets and action, including tailing anybody anywhere; brush passes, dead drops, marks, and tricks; applying phone taps; bumper beepers, starlight scopes, parabolic mics, and more.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.