Daily Drop (540): China: Automotive Industry, Wagner: Dozer-Teleport, Elon: AI framework, Rockwell: ControlLogix, China: MicroSoft-Rootkit, Intel: AI Chips, Hacked US emails
07-13-23
Thursday, Jul 13, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
As Chinese cars speed into global markets, tensions will only escalate
Analyst Comments: China's rapid rise in the auto industry, especially in the electric vehicle sector, signals a significant shift in global trade patterns and presents multifaceted challenges for Western countries. The security implications of foreign-made cars filled with sophisticated software and sensors are just beginning to be considered, which could lead to more stringent regulations or restrictions. The impact on Europe's industrial base is another crucial concern. China's competitiveness, fueled by years of government support, could strain European automakers and potentially lead to demands for similar protections or subsidies.
FROM THE MEDIA: China's ascension as the world's top auto exporter, largely driven by the electric vehicle (EV) transition, has startled many, including major auto manufacturers. This rise poses security challenges due to the complex software systems and numerous sensors featured in new cars. The import of Chinese cars, laden with these technologies, prompts security concerns among Western leaders, prompting moves like Italy's recent restrictions on a Chinese shareholder in tyremaker Pirelli. China's dominance also threatens Europe's industrial base. Chinese EVs source most components from Asia and not Europe, and they pose stiff competition to European manufacturers, particularly in the price-sensitive middle market. While the US has adopted protectionist measures against Chinese vehicles, the EU remains more open to imports, causing a surge in Chinese EV imports.
READ THE STORY: FT
Hack Blamed on Wagner Group Had Another Culprit
Analyst Comments: The recent cyberattack on Dozor highlights the complex landscape of cyber warfare, where attribution is often challenging and disinformation tactics are frequently used. The potential involvement of the Ukrainian Cyber Alliance points towards a possible escalation in the Russia-Ukraine cyber conflict.
FROM THE MEDIA: On June 29, hackers targeted Russian satellite communications provider Dozor-Teleport ZAO, causing systems to go offline and leading to the theft of substantial internal data. The attackers claimed to be affiliated with the Wagner mercenary group and stated they targeted Dozor due to its connections with Russian military and security services. However, cybersecurity experts, such as Oleg Shakirov and Vito Alfano, question this claim, suggesting that Ukrainian hackers might be behind the attack, possibly connected to the Ukrainian Cyber Alliance. In parallel, a new report by Chainalysis indicates that while cryptocurrency-related crimes have seen a decline, ransomware attacks are on the rise, particularly targeting large organizations.
READ THE STORY: Bloomberg
Elon Musk Thinks China is Interested in an International AI Framework
Analyst Comments: Musk's observations, combined with China's recent regulatory actions, point towards the country's readiness to engage in international discussions on AI regulation. This could have significant implications for the global AI industry, considering China's role as a major player in this field. The development of an international cooperative framework for AI regulation could potentially mitigate risks associated with the rapid advancements in AI technology, particularly in the realm of generative AI, which is seeing exponential growth in investment and use. However, the specifics of such regulations, their enforcement, and their impact on AI research and deployment remain to be seen. The importance of these regulatory measures is underscored by Musk's warnings about AI's potential for "civilization destruction," reflecting the high stakes involved in AI development and deployment.
FROM THE MEDIA: Billionaire Elon Musk revealed in a Twitter Space event with US Congressmen Ro Khanna and Mike Gallagher that, based on his recent visit and conversations in China, he believes the country is interested in an international cooperative framework on artificial intelligence (AI) regulation. Musk has been a vocal advocate for AI oversight and regulations. His comments coincide with the launch of his AI startup, xAI, and his recent meetings with Chinese officials including foreign, commerce and industry ministers, and Vice Premier Ding Xuexiang. Subsequent to Musk's visit, China issued interim measures to manage the rapidly growing AI industry. Chinese foreign ministry spokesperson Wang Wenbin confirmed China's commitment to the development and governance of AI, adding that the nation is ready to enhance communication with the international community on AI security governance.
READ THE STORY: AAWSAT
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
Analyst Comments: These vulnerabilities pose a substantial risk to organizations utilizing Rockwell Automation ControlLogix EtherNet/IP communication modules, as they can lead to significant operational disruptions or data breaches. Given the high CVSS scores (9.8 and 7.5), these vulnerabilities are considered critically severe. Additionally, the possibility that attackers could maintain persistence and fly under the radar exacerbates the threat. While there's no evidence of these vulnerabilities being exploited in the wild as of mid-July 2023, the potential impact draws parallels to the TRISIS attack by XENOTIME, a potent industrial control systems attack.
FROM THE MEDIA: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of two significant security flaws in Rockwell Automation ControlLogix EtherNet/IP communication modules. These flaws, CVE-2023-3595 and CVE-2023-3596, could enable remote code execution and denial-of-service attacks, leading to potential loss of control or view, data theft, or disruptive manipulation of control. The vulnerabilities could also allow attackers to gain remote access to the module's running memory and perform malicious activities, potentially overwriting any part of the system. Patches for these flaws are currently available from Rockwell Automation.
READ THE STORY: THC
Elon Musk launches xAI in challenge to dominance of ChatGPT owner
Analyst Comments: The launch of xAI by Elon Musk could mark a significant development in the AI industry. Given Musk's track record with Tesla and SpaceX and his penchant for ambitious goals, xAI could introduce a fresh approach and lead to advancements in AI. However, Musk's decision to step into AI research, again, raises questions, given his previous departure from OpenAI over disagreements on AI safety. It remains to be seen how he'll navigate these concerns with xAI, particularly as he's called for companies to pause their AI research due to its potential risks. His ability to attract high-profile talent and secure significant resources, such as the GPU processors from Nvidia, suggests xAI has the potential to become a significant player in the AI sector. Yet, the company's commercialization strategy remains unclear, making it difficult to anticipate its impact on the broader AI market.
FROM THE MEDIA: Elon Musk has officially launched an artificial intelligence company, xAI, to potentially rival OpenAI, which he co-founded but left in 2018 due to disagreements over AI safety. The team comprises talent from leading AI labs such as DeepMind, Microsoft, and OpenAI, with Igor Babuschkin from DeepMind being a notable inclusion. Musk has also secured thousands of GPU processors from Nvidia necessary for building large language models. xAI's specific business strategy remains unclear, but the company aims to "understand reality."
READ THE STORY: FT
Hackers Target Chinese Gamers With Microsoft-Signed Rootkit
Analyst Comments: This development highlights the growing sophistication of cyber threats and the potential vulnerabilities within trusted systems and platforms. Threat actors have found ways to bypass security measures by leveraging valid digital signatures and exploiting policy loopholes. These tactics illustrate the importance of continuous security updates and policy reviews to patch vulnerabilities and close potential loopholes.
FROM THE MEDIA: Researchers at Trend Micro recently uncovered a sophisticated rootkit campaign targeting gamers in China. The rootkit, which has a valid Microsoft digital signature, can bypass security measures to load on systems running recent Windows versions. It can also download other unsigned kernel mode drivers directly into memory, including one engineered to disable Windows Defender, thus enabling the threat actor to deploy second-stage malware and maintain persistence on victim systems. The researchers believe that the same threat actor was responsible for a similar rootkit in 2021 called FiveSys. This latest discovery adds to a growing list of Microsoft-signed kernel drivers that have emerged over the past two years, all seemingly due to rogue developer accounts within Microsoft's partner program. This new malware is identified as a universal rootkit loader. Its first-stage driver communicates with command and control (C2) servers using the Windows Socket Kernel, a kernel-mode network programming interface.
READ THE STORY: DarkReading
Intel woos China with nerfed Habana Gaudi 2 AI chips
Analyst Comments: Intel's decision to produce a modified version of its Gaudi 2 AI accelerator for the Chinese market demonstrates the impact of US export restrictions on global technology supply chains. With Nvidia having already introduced adapted versions of its popular GPUs for the Chinese market, Intel is clearly keen not to lose out in this large and lucrative market. However, the success of these modified chips will depend on whether they can offer competitive performance and value for Chinese customers in the face of growing domestic chip production. It remains to be seen how potential further tightening of US restrictions on AI chip exports might affect these strategies.
FROM THE MEDIA: Intel plans to release a modified version of its Habana division's Gaudi 2 AI accelerator for the Chinese market. The move comes in response to US restrictions that limit the sale of AI accelerators with an I/O bandwidth greater than 600GB/sec in China. Although Gaudi 2 outperformed Nvidia's A100 GPU in internal benchmarks, it has not gained widespread adoption. Gaudi 2 will be available through Chinese server vendors including Inspur, H3C, and xFusion. The exact modifications to meet Chinese market requirements are yet to be clarified.
READ THE STORY: The Register
Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments
Analyst Comments: The attack by Storm-0558 demonstrates the continuing cybersecurity threats posed by nation-state actors, particularly those focused on cyber espionage. The actors exploited a token validation issue, showing the need for strong validation processes and proactive detection capabilities to identify and thwart such attacks. The swift response by Microsoft to block the usage of tokens signed with the acquired MSA key shows their readiness to respond to such threats. However, organizations need to continue to be vigilant and take proactive measures to detect and respond to such threats promptly.
FROM THE MEDIA: Microsoft has repelled a cyber attack by a Chinese nation-state actor, known as Storm-0558, targeting about two dozen organizations, including government agencies, for cyber espionage purposes. The attacks, which started on May 15, 2023, aimed to gain access to email accounts and steal confidential data. The attackers used custom malware, known as Cigril and Bling, for credential access. Microsoft detected the breach a month later after a customer reported unusual email activity. The attackers gained access to customer email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging authentication tokens. Microsoft has blocked the usage of tokens signed with the acquired MSA key in OWA to mitigate the attack.
READ THE STORY: THN
NATO allies’ new cyber pledges to remain classified — but here’s what we know
Analyst Comments: NATO's new commitments reflect the increased recognition of the strategic importance of cyber defense in the evolving global security landscape. The classification of the detailed commitments could suggest the existence of significant cyber initiatives that NATO is not ready to disclose publicly. The move towards integrating different levels of cyber defense and engagement with the private sector suggests a more holistic and coordinated approach to cybersecurity. The updating of the Cyber Defense Pledge is likely to increase the pressure on member nations to improve their national cyber defenses. The launch of VCISC suggests that NATO is actively preparing to deal with significant cyber threats and is building capabilities to help allies respond to such incidents effectively.
FROM THE MEDIA: At the NATO summit held in Vilnius, Lithuania, member nations made new cybersecurity pledges. The detailed specifics of these commitments are classified, but they reiterate that cyberspace is always a contested domain and not solely a concern during international armed conflicts. NATO also endorsed a new concept aimed at strengthening the alliance's overall deterrence and defense posture by integrating political, military, and technical levels of cyber defense. The alliance also plans to update its Cyber Defense Pledge with national goals, the specifics of which are classified. Lastly, NATO announced the launch of the Virtual Cyber Incident Support Capability (VCISC) to support national efforts in responding to significant cyber threats.
READ THE STORY: The Record
U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack
Analyst Comments: The discovery of this cyber-espionage campaign underlines the ongoing threat posed by state-sponsored threat actors and the high value placed on government and policy-making organizations as targets. The methods used in this campaign highlight the sophistication and adaptability of these threat actors. The use of forged authentication tokens, for instance, indicates an advanced level of technical capability. This incident reinforces the need for organizations, particularly those holding sensitive data, to adopt robust cybersecurity measures, including enhanced logging and auditing capabilities. It also underscores the importance of international cooperation in tackling state-sponsored cyber threats. Despite China's denial of involvement, the consistent attribution of these types of sophisticated attacks to Chinese actors will likely continue to strain U.S.-China relations and could potentially lead to additional policy or sanctions actions in the future.
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have revealed that an unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. experienced suspicious email activity in June 2023. The anomalous behavior led to Microsoft uncovering a new China-linked cyber espionage campaign. While the specific agency was not disclosed, CNN and the Washington Post have indicated that it was the U.S. State Department. Also targeted were the Commerce Department and various email accounts affiliated with a congressional staffer, a U.S. human rights advocate, and U.S. think tanks. The cyberattacks, attributed to a China-based threat actor known as Storm-0558, involved the use of forged authentication tokens to access customer email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com.
Chainalysis observes sharp rise in ransomware payments
Analyst Comments: This report underscores the persistent and evolving threat of ransomware attacks. While law enforcement actions and sanctions against cryptocurrency exchanges that facilitate ransomware payments have had some impact, ransomware actors continue to find success, particularly through 'big game hunting' – targeting larger organizations for bigger payouts. The trend of data theft without deploying ransomware indicates that ransomware actors are adapting their methods to evade detection and counteract improved security measures.
FROM THE MEDIA: Ransomware actors have reportedly extorted at least $449.1 million in the first half of 2023, according to cryptocurrency analytics firm Chainalysis. This figure represents an increase of $175.8 million compared to the same period in 2022. The firm also reported that larger, established ransomware groups like Clop and Black Basta have been more active this year, hitting bigger organizations for larger sums of money. The rise in ransomware payments sharply contrasts the decline in illicit payments for other cybercrimes, like scams, which have decreased by 65% this year.
READ THE STORY: TechTarget
Microsoft’s Chiplet Cloud To Bring The Cost Of LLMs Way Down
Analyst Comments: The development of the Chiplet Cloud is a noteworthy advance in the field of AI hardware. The ability to achieve high performance at reduced cost would be a major breakthrough, particularly for large-scale AI operations that need to process enormous amounts of data in real-time. This could also drive increased adoption and accessibility of AI technologies across industries. However, it is crucial to remember that the results are based on theoretical calculations and simulated workloads. Real-world performance might differ and will depend on factors like hardware reliability, software compatibility, and deployment scalability. The practicality of manufacturing such complex hardware at scale also needs to be considered.
FROM THE MEDIA: Microsoft, in collaboration with the University of Washington, has developed a new architecture, the Chiplet Cloud, aimed at improving the performance and cost-efficiency of running large AI models. The architecture uses smaller chiplets interconnected by fast links, in contrast to the larger, costlier GPUs. The Chiplet Cloud also optimizes for memory bandwidth by using SRAM and placing model parameters closer to the matrix math engines. Simulations show this architecture outperforming current AI accelerators like Nvidia's A100 and Google's TPUv4, particularly in inference tasks, with significant reductions in cost and latency.
READ THE STORY: The Next Platform
Items of interest
The psychological and strategic challenges posed by AI-enhanced cyberattacks and influence campaigns
Analyst Comments: The rise of AI-augmented cyber and influence operations represents a significant shift in the cybersecurity landscape. Policymakers, defenders, and the public will need to adapt to this emerging threat and find effective ways to detect and counter these operations. While AI tools can provide significant advantages in terms of speed and sophistication, their use also introduces new challenges due to their unpredictable nature and the difficulty of defending against them. This points to a need for ongoing research and development to enhance defensive capabilities against AI-augmented threats.
FROM THE MEDIA: Cybersecurity expert Mikko Hyppönen predicts an inevitable arms race in artificial intelligence (AI), as both attackers and defenders incorporate AI tools into their operations. The rise of AI-driven campaigns is expected to pose new challenges for national security and cybersecurity planning due to the unpredictable nature of AI and the increasing complexity of defending against these attacks. There is a societal shift in the perception of new threats such as AI-augmented influence operations (IO). Initially, such threats induce panic due to their novelty, but over time, familiarity leads to rationalization. Yet, a considerable amount of familiarity and knowledge is required to understand and assess these AI systems, resulting in an automation bias among the public and contributing to a decline in the quality threshold for support of defensive measures.
READ THE STORY: CSO Online
What Are Influence Operations and How Do They Spread Disinformation? (Video)
FROM THE MEDIA: Learn about what are influence operations and how they shape the information landscape today as misinformation continues to flood the Internet. Influence operations are abundant today in an age filled with increasing disinformation and falsehoods. As so-called fake news and information overload crowd the digital marketplace, governments, activists, normal citizens, and nefarious actors all conduct influence operations to achieve specific goals.
Influence Operations and Disinformation as Phenomena of World Affairs: What is the deal? (Video)
FROM THE MEDIA: Influence operations conducted by foreign states is today an element of world politics which will not go away. While there are completely legitimate ways for states to communicate with target groups in other countries, the so called public diplomacy, recent years have witnessed also the more clandestine attempts to influence public opinion and decision making. Cyber intrusions, the spread of propaganda and disinformation, and covert financial support to political parties in the EU, are some very real threats which democracies have to manage. And although Russia is often singled out as the main culprit, the situation is in fact more complicated.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.