Daily Drop (544): MicroChip: The world is a Battleground, LokiBot, India: SkyRoot MoU, China: US Email, CERT-UA, DEA: Encryption, AI: Don't Fear it
07-17-23
Monday, Jul 17, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
The battle to control microchip supplies will define the 21st Century
Analyst Comments: The discourse accurately emphasizes the critical role of semiconductors in shaping the global economy and their pivotal importance in the geopolitical conflict, especially between the US and China. It underscores the fact that any substantial disruption in the semiconductor supply chain could lead to global economic repercussions akin to those induced by the COVID-19 pandemic, illustrating the industry's vital nature. In the juxtaposition of energy resources and semiconductors, the text makes it clear that both elements play indispensable roles in the contemporary world. While the importance of each depends on specific contexts, the ever-increasing digitization of our world amplifies the significance of semiconductors.
FROM THE MEDIA: The battle for control over the production of semiconductors is very much reality and a key aspect of the US-China trade war, due to their pivotal role in everything from consumer electronics to advanced weapons systems. The US, with its allies such as Taiwan, South Korea, Japan, and the Netherlands, currently dominates the production of advanced semiconductors. Taiwan, in particular, has positioned itself as an indispensable player, with Taiwan Semiconductor Manufacturing Company (TSMC) accounting for around 55% of all global chip production. China, while rising rapidly, still primarily produces lower-tech chips. However, it holds significant leverage due to its vast consumer market, a fact that American big tech firms cannot ignore.
READ THE STORY: Modern Diplomacy
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware
Analyst Comments: The report underscores the persistence and sophistication of cybersecurity threats, particularly highlighting the evolving capabilities of the LokiBot malware. As an information-stealing Trojan, LokiBot's ability to log keystrokes, capture screenshots, and collect login credential data from web browsers and cryptocurrency wallets poses a significant threat to data security. The fact that the malware's developers are continually updating their access methods to optimize its spread is a cause for concern. This demonstrates the necessity for vigilant and proactive cybersecurity measures, and the importance of keeping systems and software up-to-date to mitigate such threats.
FROM THE MEDIA: In a recent phishing campaign, Microsoft Word documents exploiting remote code execution flaws, specifically CVE-2021-40444 and CVE-2022-30190, have been used to deploy the LokiBot malware onto compromised systems. Cybersecurity firm Fortinet FortiGuard Labs reported this activity, noting that LokiBot, an information-stealing Trojan targeting Windows systems, has been active since 2015. The attack process involves using a Word file embedded with an external GoFile link within an XML file, leading to the download of an HTML file that leverages the mentioned flaws to initiate LokiBot. An alternative attack chain was discovered that utilizes a VBA script in a Word document, executing a macro which then loads LokiBot.
READ THE STORY: THN
India’s Skyroot signs MoU with French Firm to Launch Satellite Constellation
Analyst Comments: The MoU between Skyroot Aerospace and Promethee signals a promising advancement in international collaboration within the new-space sector. The integration of Skyroot's Vikram launcher into the JAPETUS deployment process could provide Promethee with enhanced satellite launch capabilities and enable the company to more effectively deploy its earth observation nanosatellites. The agreement may also foster stronger ties between India and France in the aerospace sector, potentially paving the way for future collaborative efforts. This arrangement underscores the rising importance of private companies in space exploration and deployment, as well as the benefits of international cooperation in advancing space technologies and services.
FROM THE MEDIA: Skyroot Aerospace, an Indian private space company, has signed a memorandum of understanding (MoU) with French new-space operator Promethee. The agreement aims to investigate the technical aspects and feasibility of integrating Skyroot's Vikram launcher into Promethee's satellite constellation deployment operations, known as JAPETUS. With the incorporation of the Vikram launcher, Promethee plans to utilize Skyroot's launching capabilities to deploy its earth observation nanosatellites into orbit. The collaboration, signed during PM Modi's visit to France, symbolizes a strengthening of international cooperation and provides a pathway for the European space industry to access affordable, reliable, and on-demand launch services.
READ THE STORY: GeoSpatial World
US vows to hold hackers responsible after likely China-based group breached government emails
Analyst Comments: This cyberattack underscores the ongoing security challenges faced by governmental and private sector organizations worldwide. The preliminary attribution to a China-based group, if confirmed, could escalate tensions between the US and China. This incident further emphasizes the need for robust cybersecurity measures and the implementation of effective incident response strategies, particularly for critical sectors. It also illustrates the increasing complexity and sophistication of cyber threats.
FROM THE MEDIA: The Biden administration has vowed to enact consequences for those responsible for hacking a Microsoft cloud system, granting the hackers access to government emails. Preliminary investigations suggest the attack originated from a China-based group. The intrusion into Microsoft's cloud system led to unauthorized access to unclassified US government emails. White House national security adviser, Jake Sullivan, emphasized that the government is in the process of fully investigating the incident and determining the best response. Microsoft identified the hacking group as Storm-0558, stating it breached approximately 25 organizations, including US government agencies, focusing on espionage, data theft, and credential access.
READ THE STORY: NY POST
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
Analyst Comments: This report shows that Gamaredon continues to be a significant threat to global cybersecurity, especially to governmental organizations. The actor's ability to exfiltrate data within a short timeframe after initial compromise emphasizes the need for rapid detection and response strategies. Its use of popular messaging apps for primary compromise and sophisticated tools for remote access, session hijacking, and command and control demonstrates its advanced capabilities.
FROM THE MEDIA: The Russia-linked threat actor known as Gamaredon, or Aqua Blizzard, has been seen executing data exfiltration activities within an hour of initial compromise. It primarily uses emails and messages in applications such as Telegram, WhatsApp, and Signal for primary compromise. Gamaredon, tied to the SBU Main Office in the Autonomous Republic of Crimea, has reportedly infected thousands of government computers since Russia's annexation in 2014. The group leverages phishing campaigns to deliver PowerShell backdoors such as GammaSteel to conduct reconnaissance and execute additional commands. It also uses USB infection techniques, AnyDesk software for remote access, PowerShell scripts for session hijacking, and Telegram and Telegraph for fetching command-and-control (C2) server information.
READ THE STORY: THN
Chinese hackers exploit code flaw, steal US emails
Analyst Comments: This incident underscores the persistent threat posed by state-sponsored hackers and the need for robust cybersecurity defenses. The breach not only affects U.S.-China relations but also raises questions about the adequacy of Microsoft's security measures. The situation also emphasizes the importance of understanding and addressing vulnerabilities in commonly used software. As the exact method of the digital key acquisition is unknown, it underlines the potential for sophisticated hacking techniques. Entities using Microsoft software should closely monitor their systems for potential breaches and implement any forthcoming security patches or updates.
FROM THE MEDIA: Microsoft recently disclosed that Chinese hackers exploited a flaw in the company's software, leading to the theft of emails from U.S. government agencies and other clients. It's not clear how the hackers obtained a Microsoft digital key used in the breach. The hack started in May and has impacted around 25 organizations, including the U.S. State and Commerce Departments. The incident has attracted international attention and criticism of Microsoft's security practices.
READ THE STORY: Cryptopolitan
Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity
Analyst Comments: The bill exposes a pressing dilemma between enhancing security measures to tackle illicit activities and protecting user privacy rights. While the legislation is well-intentioned, aiming to prevent tragedies like the one that befell Cooper Davis, the potential implications for privacy and the use of encryption technology are profound. By essentially deputizing online service providers to monitor for and report illicit activities, the legislation could force companies to scale back or eliminate end-to-end encryption, a key privacy tool for many users.
FROM THE MEDIA: The bipartisan Cooper Davis Act, named after a Kansas teen who died from a fentanyl-laced pill purchased on Snapchat, has advanced to the Senate floor. This bill mandates online platforms, including social media and encrypted messaging services, to report drug-related activities to the U.S. Drug Enforcement Administration (DEA) if they have "actual knowledge" of such activities on their platforms. Privacy advocates are alarmed as they believe this legislation could undermine end-to-end encryption services and transform these platforms into de facto drug enforcement agents. The Act holds companies accountable for not reporting illegal activities if they have "willfully blinded" themselves to the violations. This could potentially pose a dilemma for providers of encrypted services: maintain end-to-end encryption and face legal repercussions, or remove it and expose users to new threats and privacy infringements.
READ THE STORY: The Record
Feds want to see what ChatGPT's content is made of
Analyst Comments: The FTC's investigation into OpenAI is a significant development and reflects the increasing scrutiny on AI technologies, particularly those involving language generation and processing. While AI has enormous potential for enhancing productivity and convenience, these cases highlight the risks it can pose in terms of privacy, defamation, and violation of copyrights. The probe will likely lead to a careful review of OpenAI's procedures and the broader ethical implications of using AI in public-facing applications. If the FTC finds any violations of consumer protection laws, it could result in significant penalties for OpenAI and set a precedent for similar cases involving AI.
FROM THE MEDIA: OpenAI, the organization behind the AI model ChatGPT, is being investigated by the Federal Trade Commission (FTC) following allegations that ChatGPT violated consumer protection laws by causing reputational or privacy damage. These allegations originated from a private civil litigation case where a radio host from Georgia claimed that ChatGPT defamed him by associating his name with a criminal issue. In a separate instance, an Australian mayor threatened to sue OpenAI when the model falsely implicated him in a bribery scandal. In response to these controversies, the FTC sent OpenAI a 20-page Civil Investigative Demand letter, seeking detailed information about the company's AI model marketing and training, risk assessments, privacy protections, data collection, and more. OpenAI has not publicly responded to the FTC's letter.
READ THE STORY: The Register
Don’t fear the AI. Expose it.
Analyst Comments: The increased focus on AI technologies like ChatGPT represents a crucial step in the conversation about AI regulation and ethical guidelines. As AI technologies permeate more aspects of our lives, it is imperative to understand the potential harms they can cause and develop strategies to mitigate these risks. This is especially important for "black box" AI systems that are harder to inspect and may pose significant threats due to their integration in critical sectors. The push for more transparency and public testing of AI systems could lead to safer and more accountable AI, though it may also face challenges due to technical complexities and potential legal barriers.
FROM THE MEDIA: Since its relatively quiet release on Nov. 30, 2022, OpenAI's ChatGPT has increasingly become a subject of concern and debate due to its ability to automate various tasks such as writing reports and conducting research. This attention has prompted global leaders and regulators to scrutinize AI, leading to calls for greater regulation and investigation of the technology, such as the recent Federal Trade Commission's probe into OpenAI. There are growing concerns about how AI, including ChatGPT, could potentially harm individuals, sectors, or society as a whole, including issues of job performance assessment, accuracy and confidentiality of information, academic integrity, copyright infringement, and influencing political beliefs.
READ THE STORY: The Hill
UK chip designer raises millions from Agnelli fund
Analyst Comments: The successful funding round showcases investor confidence in Optalysys' unique approach to encryption technology. By utilizing light for calculations instead of electricity, Optalysys stands to revolutionize data security in a time when concerns about privacy and data breaches are paramount. Their work on fully homomorphic encryption could transform data sharing, especially in sectors dealing with sensitive information, and open up new avenues for secure data processing in the cloud. However, given the complex nature of this technology and the need for wide-scale adoption for its maximum impact, Optalysys may face challenges in implementing its solutions. Their planned expansion and collaboration with tech giants Google and IBM, however, signal strong growth potential and an increased chance of broader adoption of their technologies.
FROM THE MEDIA: Leeds-based chip designer Optalysys raised $29 million in a Series A funding round co-led by Lingotto, the investment arm of the Agnelli family's holding company Exor. Optalysys is developing optical chips that use light instead of electricity for calculations. This technology is particularly beneficial for new kinds of encryption that enable more secure data sharing. Optalysys is also collaborating with Google and IBM on "fully homomorphic encryption", which allows encrypted data to be processed in the cloud and across "untrusted" networks. This encryption technology could revolutionize data sharing, particularly in sensitive sectors like healthcare and financial services.
READ THE STORY: FT
Items of interest
Exploitation Techniques of IoST Vulnerabilities in Air-Gapped
Analyst Comments: The Internet of Surveillance Things (IoST), a fusion of IoT technology and video surveillance systems, has been assessed as a critical component in maintaining security in various sectors. Predominantly used devices such as IP Cameras and Digital or Network Video Recorders (DVR/NDR) have been instrumental in monitoring activities in public spaces and critical infrastructures, thereby safeguarding assets and individuals from potential harm. These devices, strategically positioned in locations like manufacturing areas, hospitals, and financial markets, stream video and images to the cloud or internal servers, enabling real-time data analysis. However, the security of IoST has been a significant concern, primarily due to the surge in IoT-related security issues. The 2016 Mirai botnet attack, which transformed IoT devices into "zombies" and instigated a massive DDoS attack, exposed the vulnerabilities of internet-connected devices. This incident served as a wake-up call for companies and manufacturers to bolster the security of their products.
FROM THE MEDIA: The text discusses the potential security vulnerabilities associated with the Internet of Surveillance Things (IoST) technology, specifically in relation to IP cameras and digital video recorders. These devices may possess weaknesses such as frail APIs, incorrect configurations, or firmware backdoors, which could allow unauthorized individuals to gain access to video feeds or administrative dashboards. The issue may persist for extended periods before a malicious entity exploits it. Addressing the breach post-incident may not be effective as updating the software and firmware of millions of IoST devices is a complex and time-consuming task. As a result, many organizations may be operating under a false sense of security. One potential solution is to use an air-gapped video surveillance network, which is disconnected from the internet and external access, thereby reducing the cybersecurity threats associated with internet-connected IoST devices. However, such networks may be vulnerable to other types of threats and attacks, which need to be investigated and analyzed.
READ THE STORY: Research Gate
Getting Started in Firmware Analysis & IoT Reverse Engineering (Video)
FROM THE MEDIA: Getting started in firmware analysis and IoT reverse engineering is an exciting and valuable skillset to develop, considering the growing importance of IoT devices and their potential security vulnerabilities.
Extracting Firmware from Embedded Devices (SPI NOR Flash) (Video)
FROM THE MEDIA: One of the first things you have to do when hacking and breaking embedded device security is to obtain the firmware. If you're lucky, you can download it from the manufacturer's website or, if you have a shell, you can just copy it over to your computer.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.