Daily Drop (542): UN: Black Sea Grain, Celsius: Crypto Fix, South Africa: US Markets, Honeywell Experion DCS, CPEC: Kashgar to Gwadar, BreachForums, Microsoft Bug: Forged Azure AD Tokens
07-15-23
Saturday, Jul 15, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
UN Awaits Russian Reply on Black Sea Grain Deal
Analyst Comments: The Russia-Ukraine conflict is a multifaceted geopolitical issue with substantial global implications. Russia's uncompromising stance indicates a protracted and complex situation. The involvement of international bodies such as the UN and the EU and national actors like the US and the UK underscores the potential worldwide effects of this conflict. Despite the diplomatic efforts to mediate, the situation remains tense and uncertain, with dire humanitarian consequences. The training of Belarusian soldiers by the Russian Wagner Group suggests a precarious shift in regional dynamics and could potentially further destabilize the area. The potential fallout on global food supplies due to the unresolved grain deal is concerning, particularly for developing nations.
FROM THE MEDIA: An escalating conflict between Russia and Ukraine has caused international concern. In a recent development, Russia has pulled its nuclear submarines from a Navy Day fleet review due to speculated internal security and maintenance issues. The European Union has approved additional funds to support Ukraine, while the UN Secretary-General attempts to secure a grain export deal through the Black Sea corridor. US Secretary of State Antony Blinken warns of significant food shortages and rising prices if the grain deal is not extended. Russian Foreign Minister Sergey Lavrov is reported to have rejected calls to withdraw Russian troops from Ukraine. The Wagner Group, a Russian mercenary organization, is training Belarusian soldiers, indicating partial implementation of a deal to quell a recent mutiny.
READ THE STORY: VOA
Celsius Founder Alex Mashinsky’s Arrest Won’t Fix Crypto
Analyst Comments: The charges against Mashinsky and the collapse of Celsius serve as a stark warning to investors about the inherent risks in the cryptocurrency industry. They also highlight the pressing need for stringent regulation and transparency in the sector. The fact that the collapse of one entity (Terra Luna) can lead to such a domino effect, including the downfall of significant players like Celsius and FTX, indicates a systemic vulnerability in the industry. Furthermore, the allegations suggest that the sector remains susceptible to manipulation by influential individuals, emphasizing the necessity for due diligence and scrutiny from investors and regulatory bodies alike.
FROM THE MEDIA: Alex Mashinsky, the founder and ex-CEO of the now-bankrupt cryptocurrency lender Celsius, is facing seven charges of fraud from the US Department of Justice (DOJ). The charges allege that Mashinsky was involved in a deceptive scheme, falsely assuring investors about the safety of the Celsius platform and artificially inflating the company's token, CEL. If convicted on all counts, Mashinsky may face up to 115 years in prison. He pleaded not guilty and was released on a $40 million bond. Celsius' downfall in June 2022 is seen as part of a ripple effect that started with the collapse of the Terra Luna stablecoin and ultimately led to a critical reevaluation of the cryptocurrency industry's susceptibility to manipulative actors.
READ THE STORY: Wired
South Africa Lobbies to Retain Preferential Access to US Markets
Analyst Comments: The delegation's visit to the U.S. highlights the vital importance of the AGOA to South Africa's economy, particularly its automotive sector. With allegations of arms support to Russia and its neutral stance on Ukraine's invasion, South Africa finds itself in a challenging diplomatic position. The country's non-alignment could potentially risk its trading advantages with the U.S., prompting this charm offensive to assuage concerns and secure its AGOA benefits. As the AGOA nears its renewal date later this year, the outcome of these discussions could significantly impact South Africa's economy.
FROM THE MEDIA: A South African government delegation, including Finance Minister Enoch Godongwana, is visiting the U.S. to meet lawmakers and lobby for continued eligibility to export goods duty-free under the African Growth and Opportunity Act (AGOA). The move comes amid tensions over South Africa's non-aligned stance toward Russia's invasion of Ukraine and allegations, which South Africa denies, of providing arms to Russia. Some U.S. lawmakers argue that South Africa, as Africa's most industrialized nation, is too developed to participate in the AGOA. South Africa exported $2.7 billion worth of goods, including cars and agricultural products, under the AGOA and the Generalized System of Preferences in 2022. South Africa's main opposition party, the Democratic Alliance, warned that the country's exclusion from the AGOA could risk 112,000 jobs in the automotive sector and $23 billion in the automotive trade.
READ THE STORY: Modern Diplomacy
Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services
Analyst Comments: These widespread vulnerabilities underscore the ongoing and ever-evolving cybersecurity threats that digital systems face, particularly those involved in critical infrastructure like Honeywell's DCS. As technology becomes increasingly embedded in different sectors, such as telemedicine and finance, these security vulnerabilities can have far-reaching implications. This situation highlights the need for rigorous and regular cybersecurity audits, patch management, and the development and implementation of robust security measures in both software and hardware systems.
FROM THE MEDIA: Multiple security vulnerabilities have been identified in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox. The nine flaws found in the Honeywell Experion DCS platform could enable unauthorized remote code execution, which means an attacker could take control of the devices and alter the DCS controller's operation. The issues stem from a lack of encryption and adequate authentication mechanisms in a protocol used for communication between Experion Servers and C300 controllers. Major flaws were discovered in the QuickBlox chat and video calling platform, widely used in telemedicine, finance, and IoT devices, that could allow attackers to leak user databases. Other security shortcomings were found in Aerohive/Extreme Networks access points, the open-source Ghostscript library, Golang-based open-source platforms Owncast and EaseProbe, and Technicolor TG670 DSL gateway routers.
READ THE STORY: THN
The Dragon from the Mountains: The CPEC from Kashgar to Gwadar
Analyst Comments: The book presents an in-depth analysis of the China-Pakistan Economic Corridor (CPEC), considering its potential economic consequences for Pakistan and the larger geopolitical circumstances. It adeptly contextualizes the CPEC within Pakistan's economic trajectory and the evolution of China's political economy. The way the debate is framed between CPEC optimists and critics allows readers to understand the nuanced views regarding the potential advantages and challenges associated with the project. However, the book's publication in August 2021 means that it omits some significant developments in the last year, including changes in Pakistan's political landscape and the effects of the COVID-19 pandemic on global and bilateral trade. Additionally, the book does not take into account the second phase of the China-Pakistan Free Trade Agreement (CPFTA), which was finalized in 2019.
FROM THE MEDIA: The book extensively discusses the China-Pakistan Economic Corridor (CPEC), a $60 billion investment by China in Pakistan's infrastructure, energy projects, and the Gwadar Port. The initiative has sparked a debate over whether it represents an economic lifeline for Pakistan or a debt trap. The book outlines the historical and contemporary context of the CPEC, evaluates the economic optimism it has sparked, the friendship between China and Pakistan, Pakistan's economic development since 1947, and the evolution of China's political economy since 1976. It also introduces the concept of leading sectors and explores whether the expansion of one economic sector can generate growth in others.
READ THE STORY: Modern Diplomacy
BreachForums administrator facing 30-year sentence after pleading guilty to three charges
Analyst Comments: Fitzpatrick's case highlights the global issue of cybercrime and the extensive role that online forums can play in enabling illegal activities, from trafficking stolen data to spreading illicit content. The successful prosecution of Fitzpatrick indicates the ongoing efforts of law enforcement agencies to disrupt such platforms, and this case could potentially serve as a deterrent for others involved in similar activities. It also serves as a reminder of the scale of these cybercrime operations and the volume of stolen data they can handle.
FROM THE MEDIA: Conor Brian Fitzpatrick, the former administrator of the popular cybercrime forum BreachForums, has pleaded guilty to three charges related to his operation of the site and possession of child pornography. Arrested in March by the FBI, Fitzpatrick admitted to being the leading administrator of BreachForums, which was one of the most visited platforms for those wanting to sell or purchase stolen data. He has pleaded guilty to conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of child pornography, with potential sentences of 10 and 20 years respectively. Fitzpatrick has agreed to forfeit his assets as part of the plea agreement.
READ THE STORY: The Record
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
Analyst Comments: The incident underscores the continuous risk posed by sophisticated threat actors and highlights the importance of robust security controls and constant vigilance. In this case, the attacker was able to exploit a validation error in Microsoft's source code, allowing them to forge authentication tokens and gain unauthorized access to sensitive email data. Storm-0558's campaign is characterized by high technical tradecraft and operational security. The threat actor seems to have extensive knowledge of target environments, logging policies, authentication requirements, and procedures, showing their high level of sophistication and resources. Microsoft has come under criticism for its handling of the attack and its policy of charging for certain security features. This criticism may lead to changes in how the tech giant approaches security and customer communication in the future.
FROM THE MEDIA: Microsoft revealed that a validation error in its source code enabled malicious actor Storm-0558 to forge Azure Active Directory (Azure AD) tokens. The attacker acquired an inactive Microsoft account (MSA) consumer signing key and used it to forge authentication tokens to gain unauthorized access to OWA and Outlook.com. Approximately 25 organizations were targeted, resulting in unauthorized email access and data exfiltration from mailboxes. The nature of the cyberattacks and the targets suggest the actor is based in China and focused on espionage, though China has denied these allegations.
READ THE STORY: THN
The Last Word on AI and the Atom Bomb
Analyst Comments: The author likens the inception and deployment of nuclear weapons during the Manhattan Project to the ongoing advancement of artificial intelligence. They introduce the concept of a "shear pin" – an intentional weak point – that could exist within our minds to deter us from making disastrous choices. The author, inspired by a sailing accident, extrapolates this idea to both nuclear physics and AI realms, emphasizing the creators' distress over the potential harm their inventions may cause. The notorious open letter written by leading technologists, pleading for a halt in the heedless progression of AI due to its extinction-level threat to humans, is cited as an example. The author takes issue with the prevailing trend of delegating decision-making on these crucial matters to "elite" assemblies predominantly filled with technology bigwigs, advocating instead for a broader and more diverse representation. Furthermore, the author challenges the controversial premise that only carbon-based entities can possess intelligence.
FROM THE MEDIA: The author draws a parallel between the creation and use of nuclear weapons during the Manhattan Project and the current development of artificial intelligence. They postulate the idea of a "shear pin," or a built-in point of failure, in our minds that would prevent us from making catastrophic decisions. While the idea initially comes from a sailing mishap, the author applies it to both the world of nuclear physics and artificial intelligence, where creators have expressed horror at the potential destructive power of their creations. They point to the infamous open letter penned by leading technologists, asking for a pause in the reckless development of AI, given its potential to lead to human extinction. The author criticizes the tendency to allow decisions on these matters to rest with "elite" groups composed primarily of tech leaders, arguing for a more diverse and inclusive approach. They also call attention to the problematic assumption that intelligence can only be attributed to carbon-based life forms.
READ THE STORY: Wired
Chinese government hackers ‘frequently’ Targeting MPs, warns new report
Analyst Comments: The ISC report provides a stark assessment of the national security threat China poses to the UK, particularly in cyberspace. It points out a consistent pattern of cyber-attacks targeting parliamentarians and critical sectors like energy, highlighting China's increasingly sophisticated methods. The report correctly identifies the sheer size and scope of China's intelligence apparatus as a significant challenge, making it difficult for smaller intelligence communities, such as the UK's, to cover comprehensively.
FROM THE MEDIA: The UK's signals intelligence agency, GCHQ, has found Chinese state-backed hackers to be frequently targeting British lawmakers, according to a recently published Intelligence and Security Committee (ISC) report. This 207-page document, which concludes an investigation initiated in 2019, criticizes the UK's response to the national security threats posed by China as grossly insufficient. The report warns of China's increasingly sophisticated cyber operations and its formidable cyber-espionage capability. These activities, attributed to the immense size and scope of China's intelligence apparatus, have successfully infiltrated the computer networks of British and international energy sector companies.
READ THE STORY: The Record
Now Foxconn hopes to lure TSMC, Japan’s TMH into India chip fab pact
Analyst Comments: Foxconn's continued interest in India's semiconductor manufacturing scene makes sense given the substantial capital, tax breaks, and incentives offered by the Indian government under the 2021 Indian Semiconductor Mission laws. The reported discussions with TSMC and TMH could be promising for Foxconn, as these companies bring significant expertise in chip production that could address the problems encountered in the previous partnership with Vedanta. However, the success of this venture will depend on numerous factors, including the negotiations with TSMC and TMH, the specifics of the deal, and the market conditions.
FROM THE MEDIA: After its $19.5 billion semiconductor manufacturing partnership with Vedanta fell through, Foxconn is reportedly in discussions with Taiwanese semiconductor manufacturer TSMC and Japan's TMH to establish chip factories in India. The proposed project could create four to five manufacturing lines in the country. TSMC is the world's largest contract manufacturer of semiconductors, and TMH has extensive experience in wafer fabrication operations. Foxconn's previous venture with Vedanta encountered challenges due to a lack of chip production experience. Foxconn may now aim to produce more advanced chips in India, a move significant considering most advanced process node chips are made by TSMC and Samsung Electronics.
READ THE STORY: The Register
Microsoft: Chinese hackers used code flaws to steal emails from US agencies
Analyst Comments: This cyber-espionage campaign underscores the increasing threat posed by state-linked actors and the sophisticated methods they employ to infiltrate organizations. It also highlights the challenges even tech giants like Microsoft face in safeguarding their systems and their users' data from such threats. The incident will likely put pressure on Microsoft to bolster its security measures and reconsider its digital auditing policies. Further, this could also result in a wider re-evaluation of cybersecurity practices among companies that provide digital services, urging them to take more proactive steps to prevent similar breaches in the future.
FROM THE MEDIA: Microsoft reported that Chinese state-linked hackers, identified as Storm-0558, had been secretly accessing email accounts of about 25 organizations, including at least two US government agencies. The intrusion, which started in May and lasted for approximately a month, was reportedly enabled by a Microsoft digital key that the hackers acquired under undisclosed circumstances and a "validation error in Microsoft code." US Commerce Department Secretary Gina Raimondo was reportedly among the senior US officials targeted in the hack. The incident has triggered scrutiny of Microsoft's security practices and a call for the company to make its top-level digital auditing free for all customers. Microsoft is reportedly taking the criticism into account and is "actively engaged" with US officials on the matter.
READ THE STORY: Cybernews
Items of interest
Russia and Ukraine Launch Fresh DDoS Offensives: A Look Into Crowdsourced Cyber Warfare
Analyst Comments: The scale and frequency of DDoS attacks in the ongoing Russia-Ukraine conflict demonstrate how cyber warfare is becoming an increasingly common tool in geopolitical disputes. While these attacks can cause substantial disruptions, they've not yet been decisive in this conflict. The low barrier to entry for such attacks means they are likely to become even more prevalent. These developments highlight the urgent need for countries, organizations, and companies to enhance their cybersecurity defenses. At the same time, they also point to the potential challenges in attributing such attacks to specific actors and the risks of escalation in the cyber realm.
FROM THE MEDIA: Russian hacker group NoName057(16) has significantly increased its Distributed Denial of Service (DDoS) attacks against Ukraine and NATO members’ critical infrastructure, with cyberattacks originating from Russia rising by 450% YoY before the invasion of Ukraine. DDoS attacks against US national security targets have also surged by 16,815%. The hacker group uses crowdsourcing tactics, offering rewards in cryptocurrency for successful DDoS attacks, and has garnered more than 45,000 subscribers. Targets have ranged from Denmark's financial sector to healthcare facilities. Ukrainian hackers, in response, have been using similar tactics against Russian targets, forming an "IT ARMY" that conducts DDoS attacks.
READ THE STORY: Hackernoon
How Ukraine and Russia are Rewriting the Rules of cyber war (Video)
FROM THE MEDIA: The leader of a Russian hacker group called kill milk is shown, who has rallied a large group of hackers and supporters. American and Dutch hackers are also mentioned to have carried out attacks on Ukraine. Anonymous and another group called one fist are mentioned as vigilante groups attacking Russia. The blurring lines between vigilante and military hackers are discussed, with examples of hackers working directly with Ukrainian authorities.
How important is cyber warfare in the Russia-Ukraine conflict? (Video)
FROM THE MEDIA: We evaluate what cyber-attacks by both Russia and Ukraine have told us about the strategic importance of this high-tech tactic in modern warfare.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.