Daily Drop (550): Cyber Bills for the Food and Agriculture Industry, China’s cyber interference, New OpenSSH Vulnerability, Google: Air-gap, Banking Sector Targeted
07-24-23
Monday, Jul 24, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Cybersecurity Bills for the Food and Agriculture Industry and Rural Water Systems
Analyst Comments: The proposed U.S. legislation, if passed, could provide much-needed support to the agricultural sector, which has been increasingly targeted by cyberattacks. The establishment of a support hub and hotline could help this sector, which often lacks the resources or knowledge to implement complex cybersecurity measures. In terms of rural water systems, strengthening their cybersecurity could have significant implications for public health and safety. Globally, countries with best-in-class cyber defense measures have demonstrated a commitment to protecting their agricultural sectors. These efforts usually involve a combination of government initiatives, private-sector cooperation, research and development, and public awareness campaigns. As cyber threats continue to evolve, it is crucial for these nations and others to continually update and enhance their cybersecurity strategies and defenses.
FROM THE MEDIA: Recent legislation proposed in the U.S. Senate aims to strengthen cybersecurity in the agricultural sector following a significant ransomware attack on JBS Foods in 2021. The Food and Agriculture Industry Cybersecurity Support Act proposes a hub within the National Telecommunications and Information Administration to help agricultural producers secure their technology and implement robust cybersecurity measures. It also includes a hotline for advice and best practices on cyber-related issues. In addition to this, the Cybersecurity for Rural Water Systems Act proposes the expansion of a U.S. Agriculture Department program to create enhanced cybersecurity protocols and support for small water and wastewater utilities.
READ THE STORY: OODALOOP
China’s cyber interference and transnational crime groups in Southeast Asia
Analyst Comments: The CCP's engagement with criminal organizations to spread influence and disinformation is a complex issue with broad geopolitical implications. These findings reinforce the need for an international effort to combat cyber-enabled foreign interference. Governments worldwide should not only raise public awareness about such activities but also explore policy and legislative measures to address this challenge. The suggested establishment of an Indo-Pacific hybrid threats center is a possible step toward achieving this. While the connection between the CCP and criminal networks is alarming, it's important to note the possibilities of opportunistic account acquisition or overlap in outsourcing between security services and criminal networks. Therefore, further investigation is crucial to fully understand these activities.
FROM THE MEDIA: This write-up reviews evidence of a growing influence-for-hire industry linked to the Chinese Communist Party (CCP) that operates in Southeast Asia, aiming to spread influence and disinformation campaigns. The investigation reveals the involvement of inauthentic accounts on social media that are connected to transnational criminal organizations, including the illegal online gambling platform Warner International Casino. These accounts have been traced back to the CCP's influence operations, such as those targeting Australia. The techniques used involve the creation of massive numbers of cheap, quickly adapting fake accounts that can bypass spam-detection systems, and help to thwart social media platforms' efforts to counter inauthentic behavior.
READ THE STORY: ASPI
World's most internetty firm tries life off the net, and it's sillier than it seems
Analyst Comments: While the concept of an air-gap system sounds robust, its practical implementation is filled with challenges and can potentially introduce more risks. Firstly, maintaining a true air-gap in a corporate environment is extremely difficult due to the interconnected nature of most modern workplaces. As the article notes, Google's proposed air-gap wouldn't be a true air-gap since workers would still be connected to the internal network, leaving room for potential threats. The over-reliance on compliance-focused security measures tends to ignore the nuances of real-world operations. Users often find ways to circumvent these measures if they hinder their work, thereby creating potential security loopholes. An overly stringent air-gap policy could exacerbate this issue, leading to more inventive workarounds and possibly exposing the network to more threats.
FROM THE MEDIA: A look at Google's proposal to implement an air-gap system for some of its workstations to enhance security. An air-gap is essentially a network security measure employing complete isolation of a computer or network from the internet and other networks. However, the article criticizes this move, stating it isn't a true air-gap since Google's workers would still be connected to Google's internal network, exposing them to potential threats. The article further criticizes Google's irony, given its extensive contributions to internet reliance. The article also criticizes the prevalent approach to corporate IT security that emphasizes compliance over effectiveness. It concludes by suggesting that Google should aim to create business IT that is user-focused and supports good security decisions, rather than chasing the illusion of absolute security through an air-gap.
READ THE STORY: The Register
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
Analyst Comments: The vulnerability in OpenSSH is quite serious as it potentially allows a remote attacker to execute arbitrary commands on compromised systems. Although exploitation requires specific conditions, the widespread usage of OpenSSH, particularly in the Linux community, raises the stakes. Cybersecurity threats like these are reminders of the importance of regular system updates. OpenSSH's maintainers have patched the flaw, and users should update their systems promptly. Further, organizations and individuals are encouraged to adopt a proactive stance on cybersecurity, involving regular security audits and maintaining updated systems to minimize potential vulnerabilities.
FROM THE MEDIA: OpenSSH, a widely used connectivity tool for remote login with the SSH protocol, had a vulnerability that could potentially allow remote attackers to execute arbitrary commands on compromised hosts under certain conditions. This security flaw, identified as CVE-2023-38408, affects all versions of OpenSSH before 9.3p2. Successful exploitation of the vulnerability depends on the presence of specific libraries on the victim system and the forwarding of the SSH authentication agent to an attacker-controlled system. Cybersecurity firm Qualys was able to design a successful proof-of-concept against default installations of Ubuntu Desktop 22.04 and 21.10. OpenSSH users are strongly advised to update to the most recent version to guard against potential cyber threats.
READ THE STORY: THN
China eases barriers for cashless foreigners to use local services
Analyst Comments: The move by Mastercard to deepen its integration with AliPay could significantly improve the user experience for foreigners in China. As the country is largely cashless, this development will facilitate more secure and seamless transactions, thereby enhancing Mastercard's value proposition. In the realm of government services, the development of Singapore's PAIR model demonstrates the increasing influence of AI in public service. This move could significantly streamline government operations and improve public access to services. However, maintaining accuracy and preventing plagiarism within the model will present key challenges that need to be managed. China's achievement in 5G base station deployment ahead of schedule demonstrates its firm commitment to advancing its digital infrastructure. This could have far-reaching implications, positioning the country as a leading player in fields from telecommunications to manufacturing.
FROM THE MEDIA: Mastercard recently announced an enhancement to its partnership with AliPay, stating that its credit cards can now be linked directly to AliPay's digital wallet. This integration is set to facilitate smoother cashless transactions for foreigners in China, and is a strategic move anticipating the resumption of global travel. Meanwhile, Singapore's government has started the development of a public-facing large language model called PAIR, which aims to digitize government services. The bot is currently being used by 4,000 civil servants and plans are in place for it to be rolled out to over 150,000 government staff in the future. On the telecommunications front, China has outpaced its target of deploying 2.9 million 5G base stations by the end of 2023, achieving the goal six months ahead of schedule. The country's Ministry of Industry and Information Technology noted that efforts are underway to accelerate the development of 6G technology as well.
READ THE STORY: The Register
Banking Sector Targeted in Open-Source Software Supply Chain Attacks
Analyst Comments: These incidents represent an escalation in cyber threats faced by the banking sector, specifically in the form of software supply chain attacks. They showcase the increasing sophistication of cybercriminal tactics and their ability to exploit legitimate services for illicit activities. The use of Havoc as a second-stage payload underlines the evolving landscape of cyber threats and the challenge of detecting malicious activity concealed within legitimate systems and processes. The banking sector, due to its criticality and the sensitive nature of the data it handles, will need to enhance its cybersecurity measures to combat these emerging threats. Specifically, more attention should be given to securing software supply chains and mitigating the risk of such attacks. These incidents also emphasize the importance of international cooperation in cybersecurity, given the cross-border nature of these cybercrimes. Regulators and the banking industry must work together to share information and best practices to prevent future incidents.
FROM THE MEDIA: Cybersecurity researchers at Checkmarx have discovered what is believed to be the first open-source software supply chain attacks specifically targeting the banking sector. In these attacks, the threat actors employed advanced tactics like creating fake LinkedIn profiles and customized command-and-control (C2) centers. The perpetrators used npm packages, which have since been reported and taken down, to infect banking systems. These attacks, delivered via Azure's CDN subdomains, managed to bypass traditional deny list methods due to Azure's status as a legitimate service. The second-stage payload used was Havoc, an open-source command-and-control (C2) framework that is increasingly favored by malicious actors to sidestep detection.
READ THE STORY: THN
Norway government ministries hit by cyber attack
Analyst Comments: This attack underscores the increasing threats faced by government institutions globally from cyber criminals. The fact that the attack originated from a vulnerability in a supplier's platform highlights the interconnected nature of cyber risk, and the need for organizations to ensure the security of their entire supply chains. Norway's geographical and political position makes it a significant target for cyber attacks, especially given its status as a NATO member, its proximity to Russia, and its role as a key energy supplier for Europe. It's also a clear sign of the rise in state-sponsored or geopolitically motivated cyber attacks, which often target critical infrastructure and government systems to exert political pressure or cause disruption.
FROM THE MEDIA: On July 24, twelve Norwegian government ministries experienced a cyber attack, the latest in a series of incidents targeting the public sector of Norway, Europe's largest gas supplier and northernmost NATO member. The vulnerability was traced to a platform used by one of the government's suppliers. The attack, which was identified by unusual traffic on the supplier's platform, has been closed off and is now under police investigation. The Prime Minister's office, the foreign, defense, and justice ministries were unaffected as they utilize a different IT system. This follows a previous cyber attack in June 2022, linked to a pro-Russian criminal group. The number of cyber attacks has tripled in Norway from 2019 to 2021, according to the country's cybersecurity agency.
READ THE STORY: Rappler
DDoS cyber-attacks on the rise as criminals mimic state-level hackers
Analyst Comments: The surge in DDoS attacks highlighted by Cloudflare underscores the increasing complexity and sophistication of cyber threats. Traditional DDoS attacks, which overwhelm web services with massive traffic to render them inaccessible, are evolving to more nuanced tactics that can bypass standard security measures. These attacks now mimic legitimate user behavior, making detection and mitigation more challenging. This shift demonstrates how threat actors are innovating and adapting their strategies to improve the effectiveness of their attacks and avoid detection. The threats against the SWIFT system illustrate that DDoS attacks are not just a nuisance but can pose significant risks to critical global infrastructure. This reaffirms the necessity for continued investments in cybersecurity measures, not only for individual organizations but also for critical international systems. The particular targeting of the gaming and gambling industry, as well as hospitality and broadcast media in Europe, may suggest that these sectors are perceived as more vulnerable or potentially lucrative targets, underlining the need for these sectors to bolster their defenses.
FROM THE MEDIA: According to a report from Cloudflare, covering the second quarter of 2023, there has been a significant increase in direct denial of service (DDoS) cyber-attacks. The report indicates a trend of "highly-randomized and sophisticated HTTP DDoS attacks", once exclusive to state-sponsored threat actors, now being adopted by a broader range of criminals. The newer breed of DDoS attacks is more nuanced and engineered to bypass existing defenses by accurately mimicking browser behavior. As a result, web users may have to engage with more complex measures to prove their non-bot status. Cloudflare has cited instances where pro-Russian hacktivist groups threatened to disable the SWIFT financial transaction system. IT and related services witnessed the majority of these attacks globally, while in Europe, the gaming and gambling industry was most affected, followed by hospitality and broadcast media. Roughly 40% of attacks focused on Europe originated from within the continent.
READ THE STORY: The Star
Items of interest
China Uses ‘Bandicoot’ Approach To Strike India; Avoids Direct Military Confrontation With Indian Military
Analyst Comments: The geopolitical tensions in the South China Sea and between China and India demand continuous monitoring and strategic responses. While traditional military threats persist, the emergence of cyber warfare as a key tool in China's arsenal is a cause for significant concern, particularly for nations like India which may be under-prepared in this realm. China's rejection of the Permanent Court of Arbitration's ruling and its continuous aggressive activities in Taiwan are exacerbating tensions. Its strategy of 'Debt Trap' diplomacy may further isolate India and could hamper its growth trajectory. India needs to re-calibrate its strategic and diplomatic approach to effectively counter China's influences. Regarding cyber warfare and chip technology, China's advancements signal a new front in geopolitical conflicts. The fact that Chinese hackers have successfully infiltrated high-level US officials' accounts suggests a high level of sophistication in their cyber warfare capabilities. It's crucial for nations like India to bolster their cyber defense mechanisms and invest significantly in their digital infrastructure and chip industry to address these evolving challenges.
FROM THE MEDIA: The geopolitical tension between China and other nations is under constant evaluation, with a particular focus on the South China Sea (SCS) dispute and the Sino-Indian relationship. China rejected the Permanent Court of Arbitration's ruling in favor of the Philippines, causing alarm amongst other countries in the SCS region. The United States has continued to challenge China's territorial claims, stressing the significance of freedom of navigation operations. Meanwhile, China has maintained aggressive activities around Taiwan for the past year. India is perceived by China as a substantial barrier to its global dominance ambitions. China's use of 'Debt Trap' diplomacy to influence smaller nations around India is a significant concern for India's growth. A major part of the discussion revolves around China's advancements in cyber warfare and chip technology, underlining recent successful cyber-espionage attempts by Chinese hackers on US officials. India's chip industry is depicted as lagging, lacking both key resources and hardware manufacturing capabilities.
READ THE STORY: The EurAsia
Inside China’s People’s Liberation Army | Preparing For Dangerous Storms (Video)
FROM THE MEDIA: China’s People’s Liberation Army celebrates its centenary in 2027, what are its goals for this date? The PLA is already the largest army in the world with over 2 million soldiers. It also has the biggest number of warships. But China’s defense budget is still climbing amidst increasing geopolitical tensions. How exactly is the PLA “preparing for Dangerous Storms” as tasked by President Xi?
People in China see India as a Security Threat (Video)
FROM THE MEDIA: A survey has shown that a significant proportion of people in China view India as a security threat. This information provides insight into Chinese public perception of India amid ongoing border disputes and strategic competition between the two nations. The survey results come as a surprise to many observers, considering the historical and cultural links between the two countries and their status as fast-growing major economies. It's important to note that public opinion can be influenced by a variety of factors, including government messaging, media coverage, and personal experiences.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.