Daily Drop (548): China: Video Game Market, DoJ: Cyber Units, Apple Threatens U.K. iMessage, Binance: China Connection, TSMC: Arizona fab, FTX’s Bankman-Fried, US Air Force's Angry Kitten
07-22-23
Saturday, Jul 22, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users
Analyst Comments: This incident underlines the importance of stringent data handling practices within organizations, even those specialized in security like VirusTotal. Human errors can have serious consequences and can lead to the compromise of sensitive information, as demonstrated by this case. Ensuring that employees are thoroughly trained in data management protocols and maintaining robust controls to quickly detect and rectify mistakes are vital aspects of a comprehensive security strategy.
FROM THE MEDIA: VirusTotal, a Google-owned malware analysis site, has publicly apologized after an employee error led to the accidental exposure of information of around 5,600 customers. The exposed data includes email addresses of employees of US Cyber Command, FBI, NSA, as well as other German, Dutch, British, and Taiwanese agencies. Private companies such as BMW, Mercedes-Benz, and Deutsche Telekom were also impacted. Emiliano Martinez, tech lead at VirusTotal, stated that the mishap was not due to a security breach or malicious actors, but was an unintentional leak caused by human error. The company said it removed the file from its platform within an hour of posting and is currently revising its processes and control procedures.
READ THE STORY: The Register
Binance hid extensive links to China for several years
Analyst Comments: These new allegations pose serious challenges for Binance and its operations. If proven true, it contradicts previous statements made by CEO Changpeng Zhao and may lead to regulatory actions. This could significantly harm Binance's reputation and potentially impact its global operations. However, it is crucial to note that these allegations, like all charges in a legal case, need to be proven in court. As such, the potential repercussions will largely depend on the outcome of the judicial proceedings.
FROM THE MEDIA: Binance, the world's largest cryptocurrency exchange, has been accused of hiding substantial links to China, contradicting executives' claims that the company left the country after the 2017 crypto industry crackdown. Internal company documents reviewed by the Financial Times reveal CEO Changpeng Zhao and other executives instructed employees to obscure the company's Chinese presence. This included a China office in use until at least the end of 2019, and a Chinese bank used to pay some employee salaries. Binance was sued by US regulators this week over allegations of illegally serving American clients and intentionally not disclosing the location of its offices.
READ THE STORY: FT
Cybersecurity In The Era Of AI And Quantum
Analyst Comments: The integration of AI and quantum technologies could significantly enhance the cybersecurity capabilities of governments and organizations. However, their successful implementation requires an understanding of the technologies' intricacies and careful risk management. Moreover, organizations like the DoD need to ensure that their security measures comply with established standards and don't compromise their operational abilities. The collaborative approach suggested by Palumbo is promising, as it leverages the strengths of different sectors and can result in more effective, efficient cybersecurity solutions. While AI and quantum technologies may bring new challenges, they offer a substantial opportunity to strengthen cyber defenses, an essential step given the growing sophistication of cyber threats.
FROM THE MEDIA: Artificial Intelligence (AI) and quantum technologies are transforming cybersecurity with their potential to detect and mitigate threats more efficiently. AI's ability to analyze vast amounts of data in near real-time is invaluable for proactive threat prevention and incident response. Meanwhile, quantum computing can revolutionize encryption methods, promising unbreakable codes. Jim Palumbo, Command Information Officer at the U.S. Department of the Navy, stressed the unique challenges that the Department of Defense (DoD) faces while integrating these technologies, including the need for thorough risk assessments and meticulous planning. Palumbo also highlights the importance of collaboration between the DoD, industry, and academia to address shared challenges and accelerate progress in cybersecurity.
READ THE STORY: Forbes
Summer Blockbusters Energize China’s $40 Billion Games Market
Analyst Comments: The recent revival of China's gaming market reflects the adaptability and resilience of the industry in the face of strict regulations and the adverse effects of the pandemic. The introduction of new games and the active competition between giants like Tencent and NetEase will likely spur innovation and provide more diverse gaming experiences for users. The use of AI technology in games, as seen in NetEase's Justice Mobile, showcases the integration of advanced technology into the gaming industry. However, it's crucial to keep an eye on the regulatory environment, as China's government has historically shown an active interest in regulating the gaming market due to concerns like internet addiction.
FROM THE MEDIA: The Chinese gaming market, which contracted for the first time on record last year due to a freeze on new titles and COVID lockdowns, is experiencing a rebound with new blockbuster releases. Tencent Holdings Ltd. released the hero shooter game Valorant in China, three years after its global debut, with rapid content updates and esports tournaments planned. Tencent, which had struggled to find its next big hit, is now facing stiff competition from its rival, NetEase Inc. Meanwhile, other developers have been inspired by the success of the anime-themed cross-platform title Genshin Impact. The gaming industry is also attempting to distance itself from its reputation for inducing internet addiction, with esports titles like Honor of Kings now being featured as official medal events in Hangzhou's Asian Games in September.
READ THE STORY: Bloomberg
Amazon builds $120 million satellite processing hub in Florida
Analyst Comments: Amazon's Kuiper project represents a significant step towards the democratization of internet access, especially in remote or underserved areas globally. The company's significant investment in this project, approximately $10 billion, highlights its commitment to this initiative. However, Amazon faces stiff competition, notably from SpaceX's Starlink, which already has operational satellites in orbit. The timeline for Amazon's project is also quite tight, with a deadline to have half the satellite network in orbit by 2026. It is interesting to note that Amazon's satellite processing facility will be located at NASA's Kennedy Space Center, which signals the growing public-private partnerships in the space industry. Furthermore, Amazon's decision to construct this facility in Florida will likely contribute to the region's growing reputation as a hub for the space and aerospace industry.
FROM THE MEDIA: Amazon is investing $120 million in a new processing facility for its Kuiper internet satellites at NASA's Kennedy Space Center in Florida. The 100,000-square-foot facility is part of Amazon's estimated $10 billion investment in the Kuiper project, which plans to deploy 3,200 low Earth-orbiting satellites for global broadband internet service. The Florida site will be the last stop for these satellites before they're launched into space. Amazon started building the site in January 2023 and plans to complete it by late 2024, with the first batch of satellites to be processed there by the first half of 2025. Amazon intends to launch its first mass-produced satellites by early 2024 and has half of the network in orbit by 2026, as mandated by U.S. regulators. The company has secured 77 heavy-lift rocket launch contracts, primarily with the Boeing-Lockheed joint venture United Launch Alliance and Jeff Bezos's space company, Blue Origin. It plans to launch its first prototype satellites by the end of this year and begin testing the service with corporate and government customers in 2024.
READ THE STORY: Reuters
DOJ merges cyber, cryptocurrency units to go after ransomware attacks
Analyst Comments: The merger of the DOJ's cryptocurrency and computer crime units reflects the growing recognition of digital assets' role in cybercrime, particularly in ransomware attacks. By unifying these teams, the DOJ aims to enhance its ability to respond to increasingly sophisticated cyber threats, especially as these often involve cryptocurrency in money laundering or as a method for ransom payment. This strategic shift aligns with the Biden administration's National Cybersecurity Strategy, which identifies ransomware as a significant threat to national security.
FROM THE MEDIA: The U.S. Department of Justice (DOJ) is merging its cryptocurrency and computer crimes investigation units to better combat cyber threats, including ransomware. Principal Deputy Attorney General Nicole Argentieri announced the move, emphasizing that the increasing intertwining of cryptocurrency and cybercrime necessitated the change. The merger will more than double the number of federal prosecutors able to handle cryptocurrency criminal cases and is expected to enable a more coordinated response to such crimes. The National Cryptocurrency Enforcement Team (NCET), launched in October 2021, will be integrated with the Computer Crime and Intellectual Property Section (CCIPS), established a decade ago. The DOJ's focus on ransomware follows a series of high-profile attacks, including the Colonial Pipeline hack, which has cost billions of dollars annually.
READ THE STORY: SC MEDIA
Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands
Analyst Comments: Apple's stance aligns with its positioning as a protector of privacy in the tech sector. The situation underscores the ongoing global tension between maintaining user privacy and ensuring national security. While companies are keen to protect user data, governments argue that encryption can shield illegal activities. This conflict is not unique to the UK; similar debates are occurring in other regions, such as India. While the desire to tackle issues like CSEA and terrorism is valid, concerns arise about the potential misuse of such surveillance power for mass interception of messages, potentially compromising the privacy of all users.
FROM THE MEDIA: Apple has threatened to withdraw its iMessage and FaceTime services from the UK market in response to new proposals that would expand digital surveillance powers for state intelligence agencies. The proposed changes to the Investigatory Powers Act (IPA) 2016, which is part of the Online Safety Bill, require companies to scan for child sexual exploitation and abuse (CSEA) and terrorism content in encrypted messaging apps and other services. The bill also mandates security feature clearance with the Home Office before releasing them and gives the power to disable them without public notice. Apple argues that this constitutes a direct threat to data security and information privacy. In April, several messaging apps similarly published an open letter protesting the changes.
READ THE STORY: THN
Open-source supply chain attacks expand to the banking sector
Analyst Comments: The highlighted attacks demonstrate the growing sophistication and targeted nature of cyber attacks on the financial sector, notably through open-source software platforms. Open-source platforms, by their nature, rely on community input and auditing for security, which can leave them vulnerable to such attacks. This points to a need for increased vigilance and proactive security measures for institutions utilizing these platforms. It's worth noting that there's growing legislative attention on open-source software security, demonstrated by the House Homeland Security Committee's approval of the Securing Open Source Software Act. This act emphasizes the need to ensure the safety of open-source software used by government and critical infrastructure entities.
FROM THE MEDIA: Two banks have been the victims of open-source software supply chain attacks, marking the first incidents of their kind, according to analysts at Checkmarx. In February and April, hackers uploaded packages containing malicious scripts to the npm open-source software platform. These scripts identified the victim's operating system and then used that information to download malicious code onto the target computer. In another case, hackers targeted a bank's login page, planting code that intercepted login data. While these malicious packages were eventually discovered and removed, Checkmarx anticipates a continuing trend of attacks against the banking sector's software supply chain.
READ THE STORY: The Record
TSMC says Arizona fab behind schedule, blames chip geek shortage
Analyst Comments: This delay presents a significant setback for TSMC's expansion efforts in the U.S., and potentially for the U.S. semiconductor industry as a whole. It also underscores the global talent shortage in the semiconductor sector, further complicated by the pandemic-induced disruptions. However, TSMC's plan to bring in Taiwanese technicians to fill the skill gap indicates a proactive approach to managing the issue, albeit at the expense of a delayed operational timeline. TSMC's Arizona project stands to benefit from the U.S. CHIPS and Science Act, which has allocated $53 billion to strengthen the American chip industry, suggesting a substantial financial cushion to offset the challenges.
FROM THE MEDIA: Taiwan Semiconductor Manufacturing Company (TSMC), the world's largest contract chipmaker, announced a delay in the construction of its Arizona-based chip fabrication facility, citing a shortage of skilled workers. The plant, which was projected to begin the production of 4nm-node chips in 2023, is now expected to become operational only by 2025. In order to address the skill gap, TSMC is planning to send technicians from Taiwan to train the local hires. The Arizona project has faced several challenges, including safety concerns, a fire, and two fatalities.
READ THE STORY: The Register
FTX’s Bankman-Fried accused of leaking former associate’s private messages
Analyst Comments: This development adds another layer to the legal troubles faced by Sam Bankman-Fried. The accusation that he attempted to discredit a crucial witness and potentially dissuade others from testifying is a serious one that could have significant implications for the case. If proven, it may further negatively impact Bankman-Fried's reputation and legal standing. However, it is important to note that these allegations, like all charges in a legal case, need to be proven in court.
FROM THE MEDIA: US prosecutors have accused FTX founder Sam Bankman-Fried of interfering with a fair trial by releasing personal writings of former Alameda Research head, Caroline Ellison, to The New York Times. Ellison, who pleaded guilty to fraud last year, is a key witness in the criminal case against Bankman-Fried. Prosecutors have claimed that the leaked information was aimed to discredit Ellison and potentially discourage other witnesses from testifying. Ellison, former FTX co-founder Gary Wang, and former FTX engineer Nishad Singh, all of whom have pleaded guilty in their respective cases, are set to be key witnesses in Bankman-Fried’s trial scheduled for October.
READ THE STORY: FT
US Air Force's Angry Kitten turns Reaper drone into fierce feline of electronic warfare
Analyst Comments: The decision by the USAF to equip unmanned drones with the Angry Kitten electronic warfare system highlights the military's increasing reliance on autonomous technology and AI in modern warfare. By adapting to new threats independently, the system can provide real-time defense and offense capabilities, making drones more effective in combat situations.
FROM THE MEDIA: The US Air Force (USAF) has begun testing an electronic warfare countermeasure system, known as "Angry Kitten," on a General Atomics MQ-9A Reaper drone. The Angry Kitten was initially developed at the Georgia Tech Research Institute (GTRI) in 2013 as a fully adaptive and autonomous radio frequency jammer that uses a mix of commercial electronics, custom hardware, and machine learning software to adapt to advanced electronic warfare. The latest tests mark the first time the device has been fitted to an unmanned craft. Despite the success of the Angry Kitten in recent years, some, like Nebraska Representative Don Bacon, feel the US is still falling behind in electronic warfare capabilities compared to other countries like Russia and China.
READ THE STORY: The Register
Couple accused of laundering stolen Bitfinex cryptocurrency reaches plea deal
Analyst Comments: This case demonstrates the increasing capabilities of law enforcement to trace cryptocurrency transactions, particularly those related to illegal activities. Although cryptocurrency has often been perceived as an anonymous and untraceable form of currency, this situation contradicts that notion. Utilizing advanced blockchain analysis tools, authorities were able to follow the money trail and identify those involved in these illicit transactions. Despite the alleged effort by Lichtenstein and Morgan to obfuscate their activities, the authorities' ability to ultimately track and apprehend them signals an advancement in regulatory oversight of digital assets. This should serve as a warning to those who might consider using cryptocurrencies for unlawful activities.
FROM THE MEDIA: Ilya Lichtenstein and Heather Morgan, a couple accused of laundering roughly $3.6 billion in stolen cryptocurrency, have agreed to a plea deal. They were arrested last year following the Justice Department's seizure of the stolen funds. The couple is said to have laundered Bitcoin stolen from the Bitfinex exchange in 2016. They reportedly used fake online identities, deposited funds into several virtual currency exchanges and darknet markets, and used US banks to obscure their financial tracks. Blockchain research firm Chainalysis tracked the movement of the stolen funds. The Justice Department seized the cryptocurrency after obtaining a search warrant for one of Lichtenstein's cloud storage accounts, which was found to contain cryptocurrency addresses and private keys directly connected to the Bitfinex hack.
READ THE STORY: The Record
The FBI’s Cynthia Kaiser on how the bureau fights ransomware
Analyst Comments: The FBI's approach to fighting cybercrime shows a strategic shift towards proactively infiltrating criminal networks and disrupting their operations from the inside. By targeting services essential to cyber criminals, such as cryptocurrency exchanges, the bureau is attacking the infrastructure that facilitates these crimes. Significant challenges remain. The low rate of cybercrime reporting limits the FBI's visibility into the full extent of these crimes, making it harder to respond effectively. There's also a pressing need for more technically skilled personnel within the bureau. While the Hive operation is a significant success, ransomware groups continue to proliferate and innovate, making this an ongoing battle. It's also crucial to note that a successful response requires collaboration across sectors and international boundaries, as cybercrime is a global issue that doesn't respect national jurisdictions.
FROM THE MEDIA: In this interview with Cynthia Kaiser, deputy assistant director within the FBI’s Cyber Division, she discusses the FBI's strategies and recent efforts against cybercrime, specifically ransomware, such as the takedown of the Hive ransomware group. Ransomware has been a significant threat over the last several years, affecting even critical infrastructure entities. According to Kaiser, the bureau aims to tighten the net around cybercriminals by targeting key services that they use, including cryptocurrency exchanges and mixers, and to help victims recover their data. Kaiser discusses the FBI's successful operation against Hive, where they infiltrated the group’s network, collected information over months without the group knowing, and then used that data to provide decryption tools to victims. This operation demonstrated the value the FBI brings to such engagements, and it's a model they aim to use against other cybercrime groups.
READ THE STORY: cyberscoop
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
Analyst Comments: The emergence of HotRat is a serious cybersecurity concern, particularly for users who download cracked software. It exhibits a sophisticated level of malicious activity, from disabling antivirus solutions to extensive data theft. Furthermore, its ability to retrieve .NET modules from a remote server and continuously add new functionalities makes it a persistent threat. The prerequisite of administrative privileges for HotRat to function fully might limit its potential spread. Less savvy users may still unknowingly grant these permissions. This, coupled with the human tendency to seek free, high-quality software, can lead to a wider distribution of such malware. Education on the risks of downloading illegal software is crucial, along with the adoption of advanced cybersecurity measures that can detect and mitigate such threats. An emphasis on legal software use will also help minimize the attack surface for this type of malware.
FROM THE MEDIA: Avast, a Czech cybersecurity firm, has reported the spread of a new variant of AsyncRAT malware, dubbed HotRat. It is being spread via pirated versions of popular software and utilities available on torrent sites. The malware is bundled with a malicious AutoHotkey script that disables antivirus solutions and launches the HotRat payload. HotRat provides attackers with capabilities like stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data. The malware primarily targets users in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa, and India.
READ THE STORY: THN
Items of interest
FCC proposes ‘U.S. Cyber Trust Mark’ for IoT devices
Analyst Comments: The proposed cybersecurity labeling program reflects a proactive measure to address the increasing security and privacy risks associated with the growing number of IoT devices. It presents an opportunity to educate consumers on cybersecurity while also encouraging manufacturers to adhere to stringent security standards. The voluntary nature of the program might limit its effectiveness, as manufacturers could choose to bypass it. Moreover, the wide variety of IoT devices, each with its own set of security challenges, might complicate the creation of uniform security standards. The proposal does bring focus to the necessity of public-private partnerships in ensuring a secure digital environment.
FROM THE MEDIA: Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel has proposed a voluntary cybersecurity labeling program aimed at providing consumers with information about the security of Internet-enabled devices or "smart" devices. The proposed U.S. Cyber Trust Mark would be displayed on qualifying products to help consumers make informed purchases and incentivize manufacturers to meet higher cybersecurity standards. The program is modeled on the existing Energy Star program that promotes energy-efficient appliances. The program would work under the FCC's authority to regulate wireless communications devices and would use cybersecurity criteria developed by the National Institute of Standards and Technology (NIST). The proposal is set for public comment and may be operational by late 2024.
READ THE STORY: CoyWolf
Internet of Things Labeling Initiative (Video)
FROM THE MEDIA: The "Internet of Things Labeling Initiative" is an announcement made by the Biden-Harris administration to launch the U.S. Cyber Trustmark program. The program aims to enhance the cybersecurity of consumer devices like smart TVs, home security systems, and thermostats, which are connected to the internet. The initiative intends to address concerns about potential hacking into homes, schools, and offices through these connected devices.
The Internet of Fails - Where IoT Has Gone Wrong (Video)
FROM THE MEDIA: This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet of Things". Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.