Daily Drop (549): Helsing: AI Tech, U.S. Spies, GHOSTSEC, Twitter, Korea: Space Race, Signal APP, NASA's DART, BundleBot Malware, Microsoft: China APT, DHL: MOVEit
07-23-23
Sunday, Jul 23, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
A Battlefield AI Company Says It’s One of the Good Guys
Analyst Comments: Helsing AI's technology represents a significant advancement in modern warfare, potentially revolutionizing decision-making processes and situational awareness. However, the company also brings forward complex ethical and practical concerns. One of the significant ethical challenges pertains to its use of AI technology, especially when linked to autonomous weapons, creating potential accountability issues. The company's pledge to serve only democratic governments could be difficult to implement given the differing interpretations of what constitutes a democracy.
FROM THE MEDIA: European defense-tech company Helsing AI uses artificial intelligence to convert massive amounts of data from sensors and weapons systems into a real-time, video game-style interface, aiding military decisions. The founders - Torsten Reil, Gundbert Scherf, and Niklas Köhler - bring their unique experiences from the gaming, military, and AI sectors respectively. Helsing's technology has gained attention for its distinctive ability to map the electromagnetic spectrum. The company's growth, despite early public resistance, reflects shifting attitudes in Europe following Russia's invasion of Ukraine.
READ THE STORY: Wired
US seeks to crack Putin's power with high-level Russian spies
Analyst Comments: The efforts by the U.S. and its allies represent a significant strategic shift in response to Russia's internal political tensions and global actions, such as the war in Ukraine. The overt recruitment drive suggests a sense of urgency in the West to capitalize on the perceived weaknesses in Putin's regime. However, this approach also poses potential risks, including the potential for escalating tensions between the West and Russia. Moreover, the safety of individuals who decide to cooperate with Western intelligence remains a significant concern, given the Russian government's track record of dealing harshly with dissent and perceived threats.
FROM THE MEDIA: The U.S. and its allies are reportedly seeking to recruit high-level Russian officials to spy for the West, aiming to capitalize on recent internal divisions in President Putin's power base. This initiative has gained urgency following the rebellion led by Yevgeny Prigozhin, a former Putin ally who turned his private military Wagner group against the Kremlin. Public calls for recruitment have been made by CIA Director William Burns and MI6 Chief Richard Moore, encouraging Russians disheartened by Putin's war in Ukraine to contact Western intelligence. The CIA's recruitment drive includes a Russian-language video, depicting how potential informants can securely contact the agency.
READ THE STORY: The Hill
Ghostsec “Justice” Hackers Target Satellites
Analyst Comments: GhostSec's actions underscore the potential power and reach of hacktivist groups. Their capacity to disrupt critical infrastructure and even target space assets indicates a high level of sophistication. This poses a serious threat not just to the entities directly targeted, but also to broader sectors of society, as disruptions to infrastructure can have widespread and cascading effects. The fact that GhostSec and similar groups are politically motivated also presents a challenge for state and non-state actors. These groups are less likely to be deterred by conventional security measures and may be willing to accept high levels of risk in pursuit of their objectives.
FROM THE MEDIA: The GhostSec hacktivist collective has demonstrated its capabilities through high-profile attacks on major targets, including satellites, train infrastructure, and industrial control systems. The group's actions, driven by political motives to protect weaker groups, have primarily been aimed against Russia, particularly in retaliation to its actions against Ukraine. Notably, the group claimed responsibility for a significant explosion at the Gysinoozerskaya hydroelectric power plant in Russia and disabling Russia's Metrospetstekhnika’s IT system, controlling their train infrastructure.
READ THE STORY: iHLS
Elon Musk says Twitter to change the logo, adieu to 'all the birds'
Analyst Comments: Musk's intention to change Twitter's logo signals his desire to reshape the platform's identity in alignment with his larger vision. The swift and significant changes under Musk's leadership indicate his willingness to disrupt the status quo, but these changes also bring risks, as demonstrated by the recent lawsuit. The replacement of the bird logo with an "X" could potentially alienate some users who identify with the existing branding. However, given Musk's influence and reputation for pushing boundaries, it could also attract a new demographic or generate renewed interest in the platform. Musk's previous temporary switch to the Dogecoin logo demonstrated the potential impact of such changes on broader markets. Future moves will need to be carefully managed to mitigate any negative repercussions while maximizing potential opportunities.
FROM THE MEDIA: Elon Musk, the current owner of Twitter, has suggested a potential change in the social media platform's logo, hinting at a transition away from the iconic blue bird. He teased the possibility of adopting an "X" logo and even stated that a good enough design could be implemented globally immediately. Since acquiring Twitter in October, Musk has made a number of significant changes, including renaming the company to X Corp and envisioning the platform as a "super app" akin to China's WeChat. This follows an earlier, temporary logo change when Twitter's bird was replaced by Dogecoin's Shiba Inu dog, boosting the meme coin's market value by up to $4 billion.
READ THE STORY: ET
A Space Race on the Korean Peninsula
Analyst Comments: The recent developments in the space programs of both South and North Korea signal the growing importance of space technology for these nations, both as a strategic asset and a source of national pride. South Korea's successful satellite launch, especially with an indigenously designed launcher, marks a significant step in its ambitions to be a major player in space exploration and utilization. North Korea's efforts, though less successful, suggest a potential shift towards more sophisticated technologies and operational satellites. These developments indicate an escalating space competition in the East Asia region, traditionally dominated by China and Japan. This could lead to new dynamics in regional security and diplomatic relations, given the dual-use nature of space technologies.
FROM THE MEDIA: South Korea and North Korea have made significant strides in their space programs in the past year. South Korea launched a mission-capable satellite into orbit using its first entirely indigenous launch vehicle, the Nuri launcher, aiming to place both military and civilian satellites in space. Shortly after, North Korea tested a new rocket design, the Chollima-1 booster, from a newly built facility, suggesting a serious interest in deploying operational satellites. Although these programs lag behind their counterparts in Japan and China, they are deeply connected to national pride in both nations.
READ THE STORY: VOA
How Signal Walks the Line Between Anarchism and Pragmatism
Analyst Comments: Signal's dedication to privacy and security has established it as a respected alternative in an era marked by increasing concerns about data protection and surveillance. However, to increase its user base and appeal to the mainstream, Signal needs to find a balance between enhancing its user experience and maintaining its steadfast commitment to privacy. Signal's constraints—lack of features, small team size, and limited resources—place it at a disadvantage compared to giants like Facebook and WhatsApp. However, these challenges also underscore Signal's commitment to its values, even if it means limiting its growth. The success of Signal in the coming years will heavily rely on its ability to innovate and incorporate user-friendly features without compromising its core privacy principles. The company's progress thus far demonstrates the potential for privacy-focused tech companies to carve out a niche in a market dominated by data-collecting giants.
FROM THE MEDIA: Signal, the privacy-focused messaging app, has seen an increase in popularity due to its commitment to providing end-to-end encryption and protecting users' privacy. As a stark contrast to apps like WhatsApp and Facebook Messenger, Signal's primary focus on security has resonated with figures like Edward Snowden and Elon Musk and has garnered the attention of a range of users, from journalists to activists. The company, despite its small size and limited budget, is seen as a leading player in the digital privacy arena, largely due to the efforts of its charismatic founder, Moxie Marlinspike. Known for his anarchist inclinations and pioneering work in cryptography, Marlinspike's vision of challenging existing power structures and bringing security to everyday communications has shaped Signal's identity.
READ THE STORY: Wired
NASA's DART kicked up a swarm of 37 boulders after the Dimorphos asteroid crash
Analyst Comments: The successful DART mission and subsequent observations from the Hubble Space Telescope represent a significant milestone in planetary defense strategies. The ability to alter an asteroid's trajectory has huge implications for future potential asteroid collision threats. However, there are still several unknowns, such as the exact mechanism of boulder ejection during such collisions. Future observations and the upcoming Hera mission will help address these questions and improve our understanding of the dynamics of asteroid impacts. It's also noteworthy that the techniques developed and tested through this mission will not only enhance our planetary defense capabilities but will also contribute to our general knowledge about the solar system and the physics of celestial bodies. This successful endeavor reaffirms the value of continued investment in space research and exploration.
FROM THE MEDIA: NASA's Hubble Space Telescope has spotted a group of 37 boulders that were ejected from the asteroid Dimorphos following the impact of the DART spacecraft, marking the first planetary defense test mission. The 610kg probe was designed to collide with the asteroid to alter its original orbit, which was successfully achieved, moving Dimorphos closer to its parent asteroid, Didymos, and shortening its orbital time by 33 minutes. The collision also caused the ejection of the observed boulders, which ranged in size from 3 to 22 feet across. David Jewitt, a planetary scientist, described the observations as "spectacular" and estimated that up to two percent of the asteroid's surface boulders were dislodged. The European Space Agency is preparing to launch its Hera probe in 2024 for further investigation.
READ THE STORY: The Register
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
Analyst Comments: The emergence of BundleBot presents a significant threat to digital security due to its stealthy methods of operation and exploitation of trusted platforms like Facebook and Google Drive for distribution. Its use of the .NET single-file deployment technique also makes it difficult for static detection tools to identify the threat. With its wide-ranging data extraction capabilities, the malware poses a severe threat to personal and financial data. The mimicking of popular AI tools like Google Bard is a clever tactic used by cybercriminals to exploit the popularity of these tools, thus increasing the potential number of victims. It is a clear reminder that users must be wary of the sources from which they download files or applications, especially when directed via social media ads or messages.
FROM THE MEDIA: A new malware strain, known as BundleBot, is exploiting .NET single-file deployment techniques to steal sensitive data from compromised hosts. The malware is often distributed via Facebook Ads and compromised accounts, leading victims to deceptive websites posing as regular program utilities, AI tools, and games. These websites mimic Google Bard, a popular AI chatbot, enticing users into downloading a counterfeit RAR archive hosted on legitimate cloud services. The downloaded file contains a .NET application that fetches a password-protected ZIP archive from Google Drive, which includes the BundleBot payload and a command-and-control (C2) packet data serializer. The malware can siphon data from web browsers, capture screenshots, and gather Discord tokens, Telegram, and Facebook account details.
READ THE STORY: THN
Microsoft disputes the report that Chinese hackers could have accessed a suite of programs
Analyst Comments: The emergence of BundleBot presents a significant threat to digital security due to its stealthy methods of operation and exploitation of trusted platforms like Facebook and Google Drive for distribution. Its use of the .NET single-file deployment technique also makes it difficult for static detection tools to identify the threat. With its wide-ranging data extraction capabilities, the malware poses a severe threat to personal and financial data. The mimicking of popular AI tools like Google Bard is a clever tactic used by cybercriminals to exploit the popularity of these tools, thus increasing the potential number of victims. It is a clear reminder that users must be wary of the sources from which they download files or applications, especially when directed via social media ads or messages.
FROM THE MEDIA: A new malware strain, known as BundleBot, is exploiting .NET single-file deployment techniques to steal sensitive data from compromised hosts. The malware is often distributed via Facebook Ads and compromised accounts, leading victims to deceptive websites posing as regular program utilities, AI tools, and games. These websites mimic Google Bard, a popular AI chatbot, enticing users into downloading a counterfeit RAR archive hosted on legitimate cloud services. The downloaded file contains a .NET application that fetches a password-protected ZIP archive from Google Drive, which includes the BundleBot payload and a command-and-control (C2) packet data serializer. The malware can siphon data from web browsers, capture screenshots, and gather Discord tokens, Telegram, and Facebook account details.
READ THE STORY: The Record
DHL investigating MOVEit breach as number of victims surpasses 20 million
Analyst Comments: This incident underlines the considerable risks posed by ransomware groups, especially when software vulnerabilities are left unpatched. Organizations using software such as MOVEit should ensure they have the latest patches and updates installed to minimize risk. The scale of this breach, as well as the potential earnings for the ransomware group, demonstrates the substantial financial incentives that fuel such cyberattacks. As cyber threats continue to evolve and become more sophisticated, companies must remain vigilant and proactive in their security measures to safeguard their systems and customer data.
FROM THE MEDIA: The UK branch of shipping giant DHL has reported a data breach linked to its use of the MOVEit software. The software, developed by Progress Software, has been exploited by the Russia-based Clop ransomware group for nearly two months. DHL has begun an investigation into the incident, which is the latest in a series of breaches tied to the exploitation of the MOVEit bug by the Clop ransomware gang. At least 383 organizations have been impacted and the information of over 20 million individuals has been leaked. Coveware researchers estimate that the Clop ransomware group may earn between $75 million to $100 million from the MOVEit campaign. The sum represents a staggering figure for a single, relatively small group to possess.
READ THE STORY: The Record
Items of interest
BRICS meet to review mutual security interests amid growing challenges
Analyst Comments: The ongoing developments within BRICS are reflective of the shifting global dynamics, particularly the waning influence of Western powers and the rise of emerging economies. The de-dollarization process, if successfully implemented, could reduce the US's economic dominance, further reorienting the global economic landscape. The rising tensions between the US and China over Taiwan, and China's decision to send a high-ranking official to the NSA meeting, signify the importance China places on BRICS as a platform for projecting its power and influence. The possible expansion of BRICS could lead to a more diverse and influential bloc, bolstering its global standing.
FROM THE MEDIA: The National Security Advisors (NSA) of BRICS (Brazil, Russia, India, China, and South Africa) will meet on July 24-25. This meeting is of increased significance due to shifting geopolitics and the growing influence of the BRICS alliance. This forum provides an important platform for discussions on various subjects, including political security, multilateralism, diplomatic communications, cybersecurity, energy, and biosecurity. The BRICS nations have decided to stop using the US dollar for their trade activities, a move known as "de-dollarization," which could impact the global power of the US dollar. This move was accelerated by Russia following the outbreak of the Ukraine conflict and subsequent US-led sanctions against Moscow. Also, recently India and Saudi Arabia announced they would stop trading in US dollars.
READ THE STORY: SABC
Could BRICS challenge U.S. dominance in the global economy? (Video)
FROM THE MEDIA: The BRICS group of nations, consisting of Brazil, Russia, India, China, and South Africa, recently held a meeting in Cape Town to discuss expansion and ways to challenge the dominance of the United States in the global economy. They emphasized the need for a rebalancing of the global order away from the West, citing sanctions against Russia and increasing tensions between the US and China as reasons for their concerns. The BRICS group represents about one-third of the global GDP and 40 percent of the global population but still trades less among its members than with the G7 nations. The possibility of expanding the BRICS membership to include countries like Saudi Arabia, the United Arab Emirates, and Iran has been discussed.
Will BRICS end US Dollar Dominance? (Video)
FROM THE MEDIA: There has been a lot of talk recently about BRICS and a new BRICS dollar that will be created soon. This is exciting for many reasons, but there has also been pushback on the idea that a BRICS dollar could end US hegemony.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.