Daily Drop (543): Yevgeny Prigozhin’s ‘toxic’ media, PIGEON: AI, WormGPT, ViaSat-3, Wagner Mutiny, APT Gamaredon, RU Officals: IPhones, Sino-American AI Battle, Fake GitHub Repos
07-16-23
Sunday, Jul 16, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Yevgeny Prigozhin’s ‘toxic’ media empire left in Kremlin limbo
Analyst Comments: Prigozhin's complex situation is symptomatic of the intricate connections between politics, business, and covert operations in Russia. The disruption of his businesses poses a challenge for the Russian government due to his central role and deep connections within the country's political and economic systems. While the potential redistribution of his resources might attract other Russian elites, taking over Prigozhin's operations could also present complications due to their financial toxicity and the likelihood of increased scrutiny by foreign governments and watchdogs, given their history of disinformation and public opinion manipulation.
FROM THE MEDIA: Yevgeny Prigozhin, a prominent Russian businessman with deep ties to the Kremlin, faces challenges with his businesses, particularly his media empire and troll farm, following a failed mutiny associated with the Wagner Group, a private military contractor he's allegedly linked to. Despite the announced closure of his media enterprise, known as "Patriot", its operations and those of the troll farm continue to some extent, while their ultimate fate remains undetermined. The potential unwinding of Prigozhin's businesses has implications for Russia's political system and the distribution of vast amounts of funding associated with his operations.
READ THE STORY: FT
This AI is better than you at figuring out where a street pic was taken just by looking at it
Analyst Comments: The successful development of PIGEON represents a significant step forward in the field of image geolocation and has substantial implications for privacy and open source intelligence. Its ability to pinpoint locations from images could be harnessed by investigative journalists, security forces, or other entities interested in geolocating images for various reasons. However, its application also raises serious privacy concerns, as it becomes increasingly difficult to keep the location of image captures concealed. While PIGEON currently works best with outdoor Street View images, it is speculated that it could work with other types of images, thereby extending its potential use cases.
FROM THE MEDIA: A team of computer scientists from Stanford University have created a deep learning model that can predict the geolocation of Google Street View images with remarkable accuracy. The model, known as PIGEON, was trained on the online location-guessing game, GeoGuessr, and proved its effectiveness by consistently outperforming top human players. PIGEON uses a refined version of the CLIP model, called StreetCLIP, augmented with semantic geocells (region-specific markers) and ProtoNets (a technique for classification using few examples). It can identify the country where an image was taken and often predict its location within 15 miles, though its accuracy varies.
READ THE STORY: The Register
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
Analyst Comments: The advent of tools like WormGPT is a significant concern in the realm of cybersecurity, demonstrating how advanced AI technologies can be misused for malicious activities. This development highlights the growing sophistication of cybercriminal tactics and the importance of robust cybersecurity measures to protect against such threats. Given the tool's ability to create highly convincing fake emails and other content, it presents a challenging scenario for cybersecurity defenses. It is essential for security professionals to stay abreast of these emerging threats and adapt their defense strategies accordingly.
FROM THE MEDIA: SlashNext, a security research firm, has discovered a new generative AI cybercrime tool named WormGPT, which is being advertised on underground forums for launching sophisticated phishing and business email compromise (BEC) attacks. The tool, described by its creator as a 'blackhat alternative to GPT models', can automate the creation of highly convincing fake emails, increasing the effectiveness of cyber attacks. Moreover, WormGPT operates without any ethical boundaries, which poses a threat by enabling even novice cybercriminals to launch swift and large-scale attacks.
READ THE STORY: THN
Forrester’s Digest: ViaSat-3 suffers a major problem
Analyst Comments: While this incident presents a setback for Viasat, it seems that the company has sufficient measures in place to manage any potential disruptions. The immediate assurance of no impact on customers or current services shows a robust disaster management plan. However, the actual extent of the impact will depend on the ongoing assessment of the issue and the effectiveness of any remediation measures. The fact that the company has an extensive fleet and the possibility to reallocate satellites is a positive sign, indicating resilience and flexibility.
FROM THE MEDIA: Viasat reported an unexpected event during the reflector deployment of its ViaSat-3 Americas satellite, which could significantly affect the satellite's performance. The company and its reflector provider are currently reviewing the situation to assess the impact and potential remediation measures. Although Viasat expressed disappointment with this development, it has assured that there is no disruption to customers or impact on its existing satellite constellations. The company is also considering contingency plans such as redeploying satellites from its extensive fleet to optimize global coverage or reallocating a subsequent ViaSat-3 class satellite for additional Americas bandwidth. Viasat will provide further updates during its earnings call scheduled for August 9, 2023.
READ THE STORY: SATNEWS
British Defense Ministry: Russian Security Experienced 'Period of Confusion and Negotiations' After Wagner Mutiny
Analyst Comments: Enhancement of Ukraine's capacities in the realm of information warfare could introduce a pivotal dynamic in the ongoing conflict with Russia. The validated presence of the Wagner Group, a Russian private military contractor, in Belarus is likely to intensify the regional tension, adding another layer of complexity to the geopolitical landscape. The lack of clarity surrounding the future of the Black Sea Grain Initiative is poised to exert a significant influence on global grain market dynamics and the stability of Russia's financial infrastructure. Furthermore, this ambiguity could potentially strain Russia's diplomatic relations with the broader international community, particularly if a mutually agreeable resolution involving the reintegration of Rosselkhozbank into the SWIFT international payment system is not achieved.
FROM THE MEDIA: Ukrainian Deputy Defense Minister, Hanna Maliar, announced that Ukrainians have effectively learned to counter Russian information attacks since the Russian invasion, with 18,000 volunteer infantrymen trained by the UK under the Operation Interflex training program. Meanwhile, Russia’s security apparatus is in a state of confusion following the Wagner Group's mutiny last month, with interim arrangements being made for the mercenary group’s future. Both Ukraine and Poland confirmed the arrival of Wagner forces in Belarus. Russia's President Putin, facing an arrest warrant by the ICC, has remained silent on the extension of the expiring Black Sea Grain Initiative. Putin discussed "the need for a permanent and sustainable solution to the movement of grain from Russia and Ukraine to international markets," with South African President Cyril Ramaphosa.
READ THE STORY: VOA
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
Analyst Comments: The latest CERT-UA warning underlines the intensifying cyber threat facing Ukraine amidst the ongoing physical conflict with Russia. Gamaredon's ability to quickly extract data after an initial compromise poses a serious threat to Ukrainian infrastructure, including government, military, and security services. Their usage of third-party services and frequent changes to IP addresses exemplify sophisticated techniques employed by such groups to evade detection. Therefore, the ongoing cyber warfare could have severe implications for Ukraine's resilience and the overall security landscape. The provided indicators of compromise (IoCs) could aid in detecting and countering Gamaredon's activities.
FROM THE MEDIA: Ukraine's Computer Emergency Response Team (CERT-UA) has issued a warning about the activity of Russia-linked Advanced Persistent Threat (APT) group, Gamaredon, also known as Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa. Since the Russian invasion of Ukraine, Gamaredon has increasingly targeted Ukrainian entities, including government, military, and security services. The group utilizes spear-phishing emails and messages via platforms like Telegram, WhatsApp, and Signal to infiltrate systems and can reportedly extract data within 30 to 50 minutes of initial compromise. Gamaredon has also been observed using malware, including GammaSteel, and PowerShell scripts for reconnaissance and command execution. The group uses various strategies to avoid detection and enhance fault-tolerance, including changing the IP addresses of control nodes multiple times a day.
READ THE STORY: Security Affairs
Thousands of Russian officials to give up iPhones over US spying fears
Analyst Comments: While the development can be seen as a part of Russia's broader strategy to reduce dependence on foreign technology, it also highlights the escalating tensions between Russia and the West, particularly the United States. This move likely reflects Russian anxieties over the potential vulnerabilities of foreign technology, especially given the ongoing geopolitical disputes. Evidence to support the allegations of espionage via Apple devices presented by the FSB remains unverified. Apple has vehemently denied these accusations, stating they have never and will never cooperate with any government to create a backdoor into their products. The impact of this ban on Apple's market share and overall business in Russia is yet to be seen.
FROM THE MEDIA: Russian authorities have enacted a sweeping ban on the use of Apple products like iPhones and iPads by officials and state employees amid escalating concerns of espionage by American intelligence agencies. This decision, taking effect from Monday, comes from various governmental bodies such as the trade and digital development ministries, as well as state-owned companies like Rostec. This move is a response to a perceived increase in espionage activities by US agencies against Russian institutions. A decree signed by President Vladimir Putin last year calls for organizations dealing with "critical information infrastructure" to shift to domestically developed software by 2025, signifying Russia's ambition to become less dependent on foreign technology. The ban extends to work-related email correspondence. The FSB, Russia's main intelligence agency, claims that thousands of iPhones were "infected" with monitoring software, suggesting Apple's collaboration with the US National Security Agency. However, Apple has categorically denied these allegations. Despite the ban, personal use of Apple devices is still permitted.
READ THE STORY: FT
The Sino-American AI Battle: Why Indonesia is More Than Just a Battlefield
Analyst Comments: Indonesia's potential in the AI landscape is undeniable, given its unique demographic data and strategic positioning. It is crucial that its development is pursued with respect to privacy rights and data protection laws. The government's role in implementing stringent AI and data usage regulations will be instrumental to ensure ethical data practices. With its democratic nature and diverse population, Indonesia must ensure that AI development is fair and inclusive, aligning with democratic values and respecting cultural diversity. For China and the U.S., perceiving Indonesia as more than a marketplace or data source but as a key collaborator in sustainable and inclusive AI is essential. As Indonesia asserts its presence in the global AI scene, it has the opportunity to shape not only its own future in AI but also influence the global trajectory of AI development.
FROM THE MEDIA: Indonesia, the world's fourth most populous nation, is positioning itself as a significant player in the arena of artificial intelligence (AI). Two key factors contribute to this role - a large and diverse data pool, and strategic economic and geopolitical positioning. Indonesia's population of nearly 270 million people and growing internet usage create a vast and varied data set, critical for enhancing AI models. Notably, this data reflects a diversity of social, cultural, and religious backgrounds, particularly from the world's largest Muslim community, offering unique insights for AI development and applications in Muslim markets. Economically, Indonesia's strategic location at global trade routes' crossroads and status as the largest ASEAN member make it a crucial entry point to regional markets. Under President Joko Widodo, substantial infrastructural developments, investments, and initiatives like the Prakerja program and an AI-based virtual teacher reflect the nation's commitment to becoming a prominent player in AI.
READ THE STORY: Modern Diplomacy
Multinationals in China accelerate push to decouple data
Analyst Comments: China's stringent laws and regulations regarding data and anti-espionage are pushing global firms to re-calibrate their strategies around data handling and IT infrastructure. The moves towards complete data localization indicate growing concerns about potential legal consequences and the increasing challenges of doing business in China. It underlines the growing rift between China's approach to data control and the broader global trend toward data integration and fluidity. Companies' concerns about balancing compliance with Chinese law and maintaining operational effectiveness will continue to evolve. The impacts of such changes may have broad implications for the global digital economy, potentially leading to an environment of fragmented digital infrastructures that reflect geopolitical boundaries rather than unified global systems.
FROM THE MEDIA: Multinational companies are accelerating their efforts to localize and segregate Chinese data from global systems in response to China's increasingly stringent data and anti-espionage laws. This move is a result of Beijing's strengthening control over data regulation, with firms like McKinsey, Boston Consulting Group, and Oliver Wyman reportedly separating their IT systems. The introduction of a revised anti-espionage law that includes the potential for criminal sanctions for sharing sensitive information has added to these fears. Businesses have started to create dedicated versions of digital tools for Chinese operations, setting up local servers and issuing separate email addresses for local employees. Despite significant compliance costs, companies are finding it easier to localize data within China than risk sending data across borders. A survey conducted by the European Union Chamber of Commerce in China reported that around 10% of approximately 500 European companies are entirely decoupling their Chinese IT systems from global networks.
READ THE STORY: FT
Software Firm JumpCloud Attacked by Nation-State Actors
Analyst Comments: The unauthorized access to JumpCloud's systems is a significant cybersecurity concern, given that the company provides essential services like user authentication and management for thousands of organizations. The forced reset of API keys underscores the seriousness of the incident, and it could disrupt operations across numerous companies. This incident highlights the escalating threat posed by sophisticated cyber attackers, in this case, a nation-state actor, and the vulnerabilities that persist even within companies focused on security. It reinforces the need for robust security measures, including continuous monitoring for suspicious activities, rapid response strategies, and stringent access controls.
FROM THE MEDIA: JumpCloud, a zero-trust directory platform that manages user authentication, has reset all of its API keys following unauthorized access to its systems by a nation-state actor. The breach, which targeted a small number of customers, was discovered following anomalous activity on an internal orchestration system, linked to a sophisticated spear-phishing campaign. In response, JumpCloud performed a forced rotation of all admin API keys and took measures to secure its network and perimeter. It also reported the incident to law enforcement. JumpCloud's API key reset might affect operations, management, and administration of various features, causing significant impact to its customer base. The company, which operates in over 200,000 organizations, has urged the sharing of information and collaboration to combat advanced threats.
READ THE STORY: BankInfoSec
Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!
Analyst Comments: The discovery of a backdoor in a seemingly innocuous PoC on GitHub is a significant cybersecurity concern. This kind of sophisticated deception, which appears to address a vulnerability while secretly installing a backdoor, represents an evolution in cyber threats. By using this method, threat actors can gain significant access to targeted systems and exfiltrate data. This situation highlights the need for organizations to be vigilant and thorough when testing PoCs and to ensure that their security teams are aware of this kind of threat. The fact that the backdoor was discovered during routine testing suggests that continuous monitoring and analysis of unusual system behaviors are critical in identifying and mitigating such threats.
FROM THE MEDIA: The Uptycs threat research team has discovered a Proof of Concept (PoC) repository on GitHub that appears to address vulnerabilities but actually contains a hidden backdoor. The malicious PoC operates as a downloader, disguising its activities as a kernel-level process while silently executing a Linux bash script. The backdoor can exfiltrate a wide range of data, including the hostname, username, and a comprehensive list of home directory contents. By adding their SSH key to the authorized_keys file, an attacker can achieve full control over a targeted system.
READ THE STORY: HackRead
Items of interest
The Radicalization Risks of GPT-3 and Advanced Neural Language Models
Analyst Comments: The document recognizes the effectiveness of OpenAI's preventative measures but warns that the absence of safeguards increases the risk of large-scale online radicalization and recruitment through the use of unregulated copycat technology. To mitigate these risks, the document calls for prompt investment in building social norms, public policy, and educational initiatives. It stresses the importance of collaboration among AI stakeholders, the policy-making community, governments, and civil society to address the challenges posed by machine-generated extremist content.
FROM THE MEDIA: This piece discusses the development of OpenAI's GPT-3, a sophisticated neural language model capable of natural language generation and completion tasks. It highlights that while the model's code and pre-trained weights are not publicly available, OpenAI has provided an API for experimentation. The Center on Terrorism, Extremism, and Counterterrorism (CTEC) conducted an evaluation to assess the risk of GPT-3's weaponization by extremists seeking to amplify their ideologies and recruit followers. The evaluation involved using prompts adapted from right-wing extremist narratives to evaluate ideological consistency, accuracy, and credibility. The document identifies GPT-3's significant improvement over GPT-2 in generating extremist texts and its strength in emulating interactive, informational, and influential content for radicalizing individuals into violent far-right extremist ideologies and behaviors.
READ THE STORY: ARXIV
Comparing LLMs with LangChain (Video)
FROM THE MEDIA: In this video I look at how to compare various models to see their outputs for a variety of tasks. This is an area LangChain is currently adding to as well. Models covered include GPT-3, ChatGPT 'gpt-3.5-turbo', Flan-20B, Flan-T5-XL, Cohere-command-xl.
Fine-tuning Alpaca: Train Alpaca LoRa for Sentiment Analysis on a Custom Dataset (Video)
FROM THE MEDIA: Want to train Alpaca on a custom dataset? In this tutorial, I'll show you how to fine-tune Llama 7B with Alpaca LoRa on a custom dataset of tweets related to bitcoin sentiment. You'll learn how to preprocess the data, train the model, and analyze its performance.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.