Daily Drop (547): RU: Targeting OnlyFans, DPRK: GitHub, China: Espionage 101, Apache OpenMeetings, Taiwan: Foreign Interest in AI, 2024 Elections: AI
07-21-23
Friday, Jul 21, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans.
Analyst Comments: The actions of groups such as Anonymous Sudan and Killnet highlight the escalating risks in the global cybersecurity landscape, where politically motivated hacktivist groups often support state-sponsored operations. Their capacity to launch successful DDoS attacks against major targets, such as Microsoft's web services, underscores the severity of their capabilities. These types of attacks, which serve political motivations, require heightened cybersecurity awareness and robust protective measures from both private companies and government organizations.
FROM THE MEDIA: A pro-Russian hacktivist group known as Anonymous Sudan claimed responsibility for a one-hour distributed denial of service (DDoS) attack on OnlyFans, marking their latest operation against targets in the U.S. and Europe. Anonymous Sudan appears to be linked with Killnet, another pro-Russian hacktivist persona that emerged in late 2021 or early 2022 and has conducted DDoS attacks and data leaks targeting adversaries of the Russian government. These groups have attacked over 500 distinct victims, with Anonymous Sudan accounting for 63% of the attacks. According to Mandiant, Google's threat intelligence team, these attacks align with the interests of the Russian state, and the groups have seen a significant growth in capabilities, suggesting a potential tie to Russian state sponsorship.
READ THE STORY: CyberScoop
GitHub Warns Devs of North Korean Attacks
Analyst Comments: This situation underscores the evolving and sophisticated nature of cyber threats, particularly those linked to nation-state actors. The method of infiltrating systems through malicious npm dependencies in GitHub repositories is an example of supply chain attacks, which have been increasingly common. The use of social engineering techniques to impersonate a trusted individual and move conversations to another platform makes this attack particularly insidious.
FROM THE MEDIA: GitHub has issued a warning about a new threat campaign, believed to be conducted by the North Korean group known as "Jade Sleet" or "TraderTraitor," aimed at infiltrating systems via malicious npm package dependencies. The attackers target individuals in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors, initially masquerading as a developer or recruiter on platforms like GitHub, LinkedIn, Slack, or Telegram. They attempt to move the conversation to another platform, invite the target to collaborate on a GitHub repository, and convince them to clone and execute its contents, which contain malicious npm dependencies. These dependencies function as first-stage malware, designed to download a second-stage threat to the victim's machine.
READ THE STORY: InfoSec Mag
US ambassador to China hacked in latest cyber operation
Analyst Comments: The reported breach underscores the persistent and significant threat of cyber espionage, particularly from state-backed actors. Given that the attack targeted high-ranking U.S. officials, it highlights the strategic intent of the perpetrators to access sensitive information. The incident emphasizes the need for continuous improvement of cybersecurity practices and protocols, especially for government institutions and officials handling sensitive information.
FROM THE MEDIA: Chinese-based hackers, known as Storm-0558, have reportedly breached the email of the U.S. ambassador to China, Nicholas Burns, in a cyber-espionage attack. This breach has been linked to a broader attack that targeted various federal agencies, including the State and Commerce Departments. Another reported target is Daniel Kritenbrink, Assistant Secretary of State for East Asia. Microsoft had previously revealed that these hackers had gained access to the email accounts of 25 organizations, including federal agencies, with the goal of collecting intelligence from the U.S. The State Department has declined to provide additional details on the incident due to security concerns.
READ THE STORY: The Hill
Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Analyst Comments: These security vulnerabilities in Apache OpenMeetings underline the crucial importance of rigorous security testing in software development, especially for widely-used tools like web conferencing solutions. Given that the flaws could potentially allow for complete takeover of an admin account and server, this situation could have led to significant damage if exploited. Organizations using Apache OpenMeetings should promptly update their software to the patched version 7.1.0 to avoid potential exploitation.
FROM THE MEDIA: Apache OpenMeetings, a web conferencing solution, has been found to contain multiple security flaws that could allow malicious actors to seize control of admin accounts and execute malicious code on susceptible servers. The vulnerabilities, identified by Sonar, include an insufficient check of invitation hash (CVE-2023-28936, CVSS score: 5.3), an authentication bypass that leads to unrestricted access via invitation hash (CVE-2023-29032, CVSS score: 8.1), and a NULL byte (%00) injection that allows an attacker with admin privileges to gain code execution (CVE-2023-29246, CVSS score: 7.2). The security flaws were disclosed responsibly and were addressed with the release of Openmeetings version 7.1.0.
READ THE STORY: THN
Foreign investors stream into Taiwan as AI stocks beckon
Analyst Comments: The surge in foreign investments in Taiwan's AI and semiconductor industries shows the global appetite for technological advancement, particularly in the field of AI. This is an area where Taiwan has significant expertise, particularly given its pivotal role in global supply chains for semiconductors. It also highlights the belief among investors that despite geopolitical tensions, the underlying strength of these sectors, combined with the ability to manage positions flexibly, makes the risk-reward balance favorable.
FROM THE MEDIA: Despite geopolitical tensions, foreign investors are showing strong interest in Taiwan stocks, especially in artificial intelligence (AI) and chipmaking sectors. The tech-heavy Nasdaq has had its best first half in 40 years, with Taiwan's benchmark index rising 20% in US dollar terms, the highest in Asia. Despite the slowing Taiwanese economy and military threats from China, foreign buying has hit $12 billion over the first half of this year, a peak not seen since 2008. Analysts believe this resilience stems from the view that the prolonged conflict in Ukraine is likely to deter China from action, and that investment risks can be managed by keeping positions liquid. Taiwanese AI stocks are of particular interest following the success of AI products like ChatGPT. The strength of Taiwan's AI supply chain and the high barriers for potential competitors make it attractive for foreign investors.
READ THE STORY: ET
Intelligence nominee warns generative AI poses threat to 2024 elections
Analyst Comments: This warning highlights the growing concerns about how generative AI technologies can be exploited for nefarious purposes, especially in the context of political disinformation. As AI continues to improve, these risks are likely to increase. This makes it even more crucial for governments, cybersecurity organizations, and technology companies to cooperate to find ways to mitigate these threats. Regulation, monitoring, and rapid response will be key, along with robust public education campaigns to help citizens recognize and respond to AI-generated disinformation.
FROM THE MEDIA: Lt. Gen. Timothy Haugh, the potential head of the NSA and Cyber Command, has warned that generative AI technologies might pose a significant threat in the 2024 U.S. presidential election. His remarks come as lawmakers scramble to regulate and monitor the use of these new technologies. Foreign interference, particularly from Russia, in past U.S. elections has heightened fears. In his Senate Armed Services Committee nomination hearing, Haugh testified that the use of AI, especially generative AI, would be a significant concern in the upcoming electoral process. While Cyber Command and the NSA have historically monitored and disrupted threats to U.S. elections, the rise of AI technologies introduces new challenges. The Department of Defense is reportedly working on an AI roadmap to help define the use of these technologies.
READ THE STORY: Politico
Apple accuses UK government of trying to become ‘global arbiter’ of encryption
Analyst Comments: If implemented, the changes proposed by the UK government could have significant implications not only for Apple, but for all tech companies that value data security and privacy. These changes would potentially weaken the security of their services and could set a global precedent, where governments could compel tech companies to weaken encryption or provide backdoors for access to user data. This scenario would increase the risk of data breaches and cyber attacks, and could undermine public trust in these services. The final outcome of these legislative changes will be crucial to watch for its impact on data privacy and security norms globally.
FROM THE MEDIA: Apple has criticized the UK government's proposed changes to the Investigatory Powers Act, claiming that the amendments could potentially force the tech giant to remove critical security features and possibly even shut down services such as FaceTime and iMessage in the UK. The proposed legislation changes would strengthen the government's power to compel tech companies to modify their services for easier access to communication data. Apple argues that these changes could allow the government to prevent the company from implementing security updates that could impact investigative powers. While the company can currently appeal such an order, under the proposed amendment, it would be required to comply even while the appeal is being reviewed.
READ THE STORY: The Record
DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks
Analyst Comments: This exploitation of the Zyxel flaw for creating DDoS botnets underscores the importance of regular software updates and patch management. Zyxel users should ensure they've updated their devices to the latest software versions that resolve this vulnerability. As the sophistication of DDoS attacks continues to rise, organizations need to prioritize robust cybersecurity measures and strategies.
FROM THE MEDIA: Several distributed denial-of-service (DDoS) botnets are reportedly exploiting a critical flaw in Zyxel devices to gain remote control of vulnerable systems. The flaw, known as CVE-2023-28771, is a command injection bug affecting multiple firewall models and allows an unauthorized actor to execute arbitrary code by sending a specially crafted packet to the targeted appliance. The vulnerability has been actively exploited since May 26, 2023, to build a Mirai-like botnet. Fortinet researchers have observed that the bug is being used by multiple actors to infiltrate susceptible hosts and integrate them into a botnet capable of launching DDoS attacks.
READ THE STORY: THN
Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
Analyst Comments: These vulnerabilities in AMI MegaRAC BMC software represent a significant risk to servers and hardware, especially given the popularity of MegaRAC BMC – a critical component found in millions of devices from major vendors. This situation emphasizes the importance of supply chain security in protecting against potential attacks. Organizations that use MegaRAC BMC should prioritize patching these vulnerabilities to reduce their risk of cyberattacks. Cloud service providers should also work closely with their hardware vendors to ensure that they are aware of these vulnerabilities and are taking the necessary steps to secure their systems.
FROM THE MEDIA: Two more security flaws have been found in AMI MegaRAC Baseboard Management Controller (BMC) software, which if exploited, could enable threat actors to remotely control vulnerable servers and deploy malware. The flaws range from high to critical severity, including unauthenticated remote code execution and unauthorized device access with superuser permissions. They can be exploited by remote attackers with access to Redfish remote management interfaces, or from a compromised host operating system. The vulnerabilities can also be weaponized to drop persistent firmware implants that are immune to operating system reinstalls and hard drive replacements, or cause physical damage through overvolting attacks and induce indefinite reboot loops.
READ THE STORY: THN
Ukraine’s tech sector is playing vital wartime economic and defense roles
Analyst Comments: The performance of the Ukrainian tech industry throughout the Russian invasion is nothing short of outstanding. Despite the severe economic downturn, the sector managed to achieve steady growth and even surpassed expectations. The combination of technical talent and innovative thinking has enabled the industry to adapt to the challenges of wartime operations, showcasing its resilience and ability to thrive under adverse conditions. The integration of the tech industry into Ukraine's defense strategy has been a strategic advantage. With tech professionals actively serving in the armed forces and contributing to cyber defense efforts, the industry has played a pivotal role in bolstering the nation's defense capabilities. Additionally, the development of cutting-edge military technologies, such as the Geographic Information System for Artillery, has provided Ukraine with a competitive edge and caught the attention of Western military planners.
FROM THE MEDIA: The Ukrainian tech industry has defied the odds and flourished amidst the challenges posed by Russia's full-scale invasion. Despite a sharp decline in the country's overall GDP, the tech sector has shown remarkable resilience and adaptability, generating impressive export revenues and maintaining strong business relationships with Western clients. The industry's technical talent, innovative thinking, and flexibility in distance working have been key factors in its success. Moreover, its integration into Ukraine's defense strategy, contributions to cyber defense, and development of cutting-edge military technologies have provided significant advantages on the battlefield. The tech industry's ability to withstand the impact of the invasion and its continued growth position it as a potential industry leader in the postwar era, with valuable expertise and solutions to offer to countries worldwide.
READ THE STORY: Alantic Council
Items of interest
AI Alone Is Not the Answer to Cybersecurity; Humans Are Needed
Analyst Comments: The emphasis on human intervention in cybersecurity aligns with established wisdom in the field. As AI technology evolves, so do the techniques of cybercriminals. The capability of humans to understand context, interpret motives, and differentiate between threats and false alarms provides an indispensable layer of protection. However, the text also highlights the importance of AI in providing a 360-degree view of the network and facilitating 24/7 monitoring, thus advocating for a balanced, blended approach. Training and continuous upskilling of cybersecurity professionals would therefore be crucial to keep up with the evolving threat landscape.
FROM THE MEDIA: The US House of Representatives recently passed a bipartisan legislation, House Resolution 1339 or the Precision Agriculture Satellite Connectivity Act, which is currently awaiting action by the Senate Committee on Commerce, Science, and Transportation. The legislation is designed to encourage the Federal Communications Commission (FCC) to improve the availability of satellite communication and Positioning, Navigation, and Timing (PNT) services for farmers, particularly those in rural areas. If implemented, the bill will require the FCC to review its rules on satellite communications services to determine if changes can be made to promote precision agriculture, and then develop and submit related recommendations to Congress within 15 months.
READ THE STORY: Security Boulevard
How ChatGPT Changed Society Forever (Video)
FROM THE MEDIA: Why is OpenAI's ChatGPT such a threat? OpenAI is the San Francisco-based startup that created ChatGPT. The company opened ChatGPT up for public testing in November 2022 and it took over the world. In under a week, the artificial intelligence model amassed over a million users, according to OpenAI’s CEO. But what does the future of ChatGPT hold for humanity?
AI Expert's Urgent Wake-Up Call: Unveiling the Silent Threat w/ Mo Gawdat (Video)
FROM THE MEDIA: Mo Gawdat is a renowned entrepreneur, author, and advocate for happiness and well-being. With a background in engineering and technology, Gawdat has dedicated his career to exploring the intersection of happiness and human potential. As the former Chief Business Officer at Google [X], he played a pivotal role in developing moonshot projects aimed at solving some of the world's biggest challenges. Gawdat's insightful and transformative book, "Solve for Happy," has inspired countless individuals to reframe their perspectives and find joy in life's most challenging moments.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.