Daily Drop (553): TSMC: Taiwan Plant, Xi’s Long Game in Cyberspace, New SEC Rules: Cyberspace, SmokeLoader Campaign Intensifying, Russia: Group-IB founder, Fenix Cybercrime Group
07-27-23
Thursday, Jul 27, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
TSMC thinks it's got exactly what Taiwan needs – another multibillion-dollar chip plant
Analyst Comments: This investment demonstrates TSMC's commitment to enhancing its technological capabilities, particularly in AI chip manufacturing, amid rising global demand. However, the decision also signifies a calculated risk given TSMC's expected revenue decline of around 10% in US dollar terms for 2023, and the company's recent announcement of its first profit drop in four years. Moreover, the geopolitical risks associated with TSMC's operational concentration in Taiwan, which is currently experiencing tensions with China, add a layer of uncertainty to the success of this venture.
FROM THE MEDIA: Taiwan Semiconductor Manufacturing Co. (TSMC) confirmed its plans to invest $2.87 billion in a new chip packaging facility in northern Taiwan, aimed at producing chip-on-wafer-on-substrate (CoWoS) advanced packages for AI chips. The fab will be located at the Tongluo Science Park in Miaoli County, and it is estimated that the project will create 1,500 new jobs. The construction of the facility is expected to begin in late 2024, to be completed by the end of 2026, with mass production commencing in Q3 of 2027.
READ THE STORY: The Register
New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days
Analyst Comments: The new regulations represent a significant change in the approach towards cyberattacks and disclosure policies. It enforces transparency and accountability and can help to identify gaps in cybersecurity defense practices and system vulnerabilities. However, concerns have been raised about the practicality of the timeframe as it may take companies several weeks or even months to fully investigate a breach. There is also a risk that premature breach notifications could alert other attackers and exacerbate security risks.
FROM THE MEDIA: The U.S. Securities and Exchange Commission (SEC) has approved new rules that require publicly traded companies to disclose details of a cyberattack within four days if it significantly impacts their finances. The rules mandate companies to reveal the nature, scope, and timing of the incident and its impact. However, this disclosure can be delayed by up to 60 days if revealing such specifics would risk national security or public safety. Companies are also required to annually describe their methods for assessing, identifying, and managing material risks from cybersecurity threats, detail the material effects or risks arising from such events, and share information about ongoing or completed remediation efforts.
READ THE STORY: THN
Xi’s Long Game in Cyberspace is Not Just About Power
Analyst Comments: Xi's approach to cyberspace exemplifies China's broader strategy of leveraging technology and information to strengthen its global position and safeguard national interests. The nation's emphasis on laws and regulations shows a comprehensive approach to cybersecurity, emphasizing both defense and offense. In addition to creating a strong legal framework, China has launched initiatives like "Operation Qinglang" to combat online disinformation, further asserting its position as a responsible state actor.
FROM THE MEDIA: A recently published book, Excerpts of Xi Jinping’s Discourse on Cyberspace Superpower, provides a comprehensive insight into Xi Jinping's approach toward making China a major player in cyberspace. Xi's views on using the internet as a tool for state power are outlined, as well as the role of cyber-related regulation in China's technological development and overall cybersecurity posture. Since assuming power in 2012, Xi has shaped China's cyber evolution, positioning the country as both a global competitor and a key player in cybersecurity. The country now leads in 37 out of 44 critical technologies, according to an Australian think tank. China has also been aggressive in integrating cyberspace considerations into its laws, having enacted over 140 related laws since 1994, a large number of which were implemented under Xi's administration.
READ THE STORY: OODALOOP
SmokeLoader Campaign Intensifying, Ukrainian CERT Warns
Analyst Comments: The increased activity of the UAC-0006 threat group and the uptick in SmokeLoader infections pose a significant risk to Ukraine's financial sector and beyond. Given that this group has a history of targeting computers used for financial activities, businesses, particularly those in the banking and finance sectors, need to be on high alert. Cyber defenses should be enhanced, with an emphasis on safeguarding automated workplaces used for forming, signing, and transferring payments.
FROM THE MEDIA: The Computer Emergency Response Team (CERT-UA) of Ukraine has warned of intensified efforts by a threat actor, identified as UAC-0006, to entice users into installing a backdoor Trojan known as SmokeLoader. This malware is part of a large family of Trojans since 2011, notorious for its use of deception and self-protection, and is used for loading other malware and for information exfiltration. The CERT-UA has noted three waves of UAC-0006 attacks over the past 10 days. SmokeLoader had the second-highest number of detections domestically in May and June. The latest attacks use archive files as attachments, and extracting these starts an infection chain leading to SmokeLoader's deployment. The UAC-0006 group is typically interested in compromising computers used in financial activities to steal login credentials and certificates for unauthorized payments.
READ THE STORY: GovInfoSec
Russia throws founder of infosec biz Group-IB in the clink for treason
Analyst Comments: This sentencing is a significant development in the cybersecurity world, reflecting the tensions between nations and the intersection of cybersecurity with geopolitics. Sachkov's conviction and sentencing under charges of high treason highlight the risks faced by cybersecurity researchers operating in countries with tight government control and sensitive to perceived threats to national security. The impacts are likely to be felt within the cybersecurity community, potentially creating a chilling effect on information sharing and collaboration, key aspects of global cybersecurity defense. The extradition request for Kislitsin by both Russia and the US further underlines the geopolitical complexities of cybersecurity.
FROM THE MEDIA: Ilya Sachkov, founder of cybersecurity research company Group-IB, has been sentenced to 14 years in a maximum-security prison by a Russian court for high treason. In addition to the prison sentence, Sachkov, who was arrested in September 2021, has also been fined 500,000 rubles (approximately $5,550). The details of the charges against him are classified, but he is reported to have been accused of passing information to the FBI about the Russian cyber-espionage group, APT28 (Fancy Bear), and its interference in Western elections. Group-IB continues to assert Sachkov's innocence and criticizes the secrecy and rapidity of the trial. Sachkov's attorneys will appeal the verdict. This incident follows the recent detainment of Nikita Kislitsin, a former Group-IB security analyst, in Kazakhstan, for which both the US and Russia are seeking extradition.
READ THE STORY: The Register
Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users
Analyst Comments: This development underlines the growing sophistication and regional focus of cybercrime groups. By mimicking local tax authorities, Fenix's attacks demonstrate a nuanced understanding of local conditions and processes, which likely increases the effectiveness of their campaigns. As initial access brokers, they represent a significant threat to companies in the region, opening the door for other cybercriminal groups to conduct secondary attacks, such as ransomware campaigns. The increasing maturity and sophistication of such groups present significant challenges for cybersecurity defenses.
FROM THE MEDIA: A Mexico-based cybercrime group named Fenix is targeting tax-paying individuals in Mexico and Chile, with the aim of breaching networks and stealing sensitive data. Fenix clones official tax portals (the Servicio de Administración Tributaria (SAT) in Mexico and the Servicio de Impuestos Internos (SII) in Chile) and redirects potential victims to these cloned sites. Unsuspecting users are prompted to download a purported "security tool" that actually installs malware, enabling the theft of sensitive information such as login credentials. Fenix is believed to be operating as an initial access broker, selling access to these compromised systems to ransomware affiliates for further monetization.
READ THE STORY: THN
The AI-Powered, Totally Autonomous Future of War Is Here
Analyst Comments: The use of autonomous systems in military operations raises several important considerations. On the one hand, the strategic benefits are undeniable. They can offer a significant advantage in terms of surveillance, detection, and even combat, particularly in high-risk or complex environments. The ability to collect and analyze large volumes of data swiftly can aid decision-making and enhance situational awareness, potentially reducing the risk to human life in conflict situations.
FROM THE MEDIA: This text discusses a US Navy project known as Task Force 59, which focused on integrating robotics and artificial intelligence into naval operations. Task Force 59 uses the latest technologies from private contractors to surveil the waters of the Persian Gulf, distinguishing between different kinds of vessels using pattern recognition algorithms. Some of these robotic platforms include patrol boats and submersibles. This technology is mostly used for sensing and detection, not armed intervention, although some of these robots have the capacity to be armed. The systems are autonomous and are considered for strategic implementation to increase visibility in naval operations.
READ THE STORY: Wired
Intel adds fresh x86 and vector instructions for future chips
Analyst Comments: This development represents a significant step forward for Intel's processors, with potential improvements in both performance and energy efficiency. The introduction of APX, by allowing more values to be kept in registers, reduces the need to transfer data and should help increase processing speed and power efficiency. Similarly, AVX10 offers a standard vector instruction set that should make coding more straightforward for developers and could improve the performance of code that benefits from vector processing, such as AI.
FROM THE MEDIA: Intel has announced two additions to the x86 instruction set architecture aimed at boosting performance for both general and vector computing tasks. The Advanced Performance Extensions (Intel APX) aims to enhance general-purpose performance by doubling the number of general-purpose registers from 16 to 32, potentially reducing the need for memory loads and stores. The Advanced Vector Extensions 10 (Intel AVX10) will provide a common vector instruction set across all future Intel processors, supporting all instruction vector lengths. It's intended to simplify developer support for vector instructions by having a baseline level of support across all chips. The new instructions will be implemented in Intel's future processor chips.
READ THE STORY: The Register
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist
Analyst Comments: The attack on Alphapo is another reminder of the vulnerabilities inherent in digital finance, particularly for platforms that rely on hot wallets for storing cryptocurrencies. While blockchain technology is theoretically secure, human error and sophisticated hacking techniques can still lead to significant breaches, as seen in this case. The possible involvement of state actors such as the Lazarus Group adds an extra layer of complexity to the situation, tying cybersecurity directly to international relations. Blockchain analysis and intelligence firms should enhance their collaboration with crypto exchanges and law enforcement agencies to track and recover stolen funds.
FROM THE MEDIA: The North Korean Lazarus hacking group is blamed for a recent cyberattack on the payment processing platform Alphapo, resulting in the theft of nearly $60 million in cryptocurrencies. Alphapo, a centralized crypto payment provider for various online platforms, was attacked on July 23rd, with the initial theft estimated at $23 million. An additional $37M of TRON and BTC was later discovered stolen, raising the total theft to $60 million. Lazarus Group, linked to the North Korean government, is notorious for its extensive history of similar cyber heists. Blockchain security company Halborn's COO, Dave Schwed, suggested that the theft of private keys was the probable hacking method. As of now, the involvement of the Lazarus Group has not been independently confirmed.
READ THE STORY: Bleeping Computer
Norway says a zero-day vulnerability in Ivanti's EPMM software led to cyber-attacks on 12 ministries
Analyst Comments: The cyberattacks on Norwegian ministries demonstrate the critical importance of maintaining robust software security in governmental entities. A zero-day vulnerability, such as the one in Ivanti’s software, can be particularly challenging to protect against as it is an unknown vulnerability to both the software provider and its users. This makes it an attractive target for threat actors seeking to exploit systems.
FROM THE MEDIA: The Norwegian National Security Authority reported that twelve government ministries were victims of cyber attacks due to a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile software. This software is widely used to allow organizations to secure access to and management of business data. The four ministries unaffected by the attack were the Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs. Ivanti has since issued a security patch to close the vulnerability. Norway’s Nation Cyber Security Centre advised all organizations using the software to apply the update immediately upon receipt. The vulnerability, identified as CVE-2023-35078, could potentially allow threat actors to access users' personally identifiable information and make limited changes to the server.
READ THE STORY: TEISS
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks
Analyst Comments: The discovery of Decoy Dog underlines the ever-evolving landscape of cyber threats and the need for continuous vigilance in cybersecurity measures. Its ability to maintain long-term communication with compromised systems, adapt quickly to changes, and potentially shift control between controllers demonstrates the sophistication of modern malware and the level of threat it poses. Its use of DNS for command-and-control operations also underscores the need for robust monitoring and defensive measures in place around DNS usage. It also highlights the importance of continuous threat intelligence and tracking the evolution of known malware strains as cyber threats become more complex.
FROM THE MEDIA: Recently discovered malware, Decoy Dog, is a significant upgrade over its predecessor, Pupy RAT. It offers a full suite of new capabilities, including maintaining communication with compromised machines and hiding for long periods. Decoy Dog can execute arbitrary Java code on the client, connect to emergency controllers similar to a DNS domain generation algorithm, and instruct compromised devices to switch communication from one controller to another. Its origins remain unclear, though it's suspected to be operated by a few nation-state hackers. Decoy Dog uses DNS to perform command-and-control (C2) and communicates with the server via DNS queries and IP address responses.
READ THE STORY: THN
One problem with America's chip ambitions: Not quite enough staff
Analyst Comments: The report highlights a significant issue in the U.S. semiconductor industry, which is vital to the country's technological advancement and national security. The lack of skilled workers could limit the country's ability to produce semiconductors domestically, potentially causing increased dependence on imports and potential supply chain disruptions. The suggestions to mitigate the problem are valid, but they require comprehensive strategies, time, and substantial investment. However, the possibility of making it easier for international students to stay in the U.S. after graduation could be a faster solution, contributing to the workforce while longer-term strategies are implemented.
FROM THE MEDIA: The Semiconductor Industry Association (SIA) and Oxford Economics predict that the U.S. semiconductor industry could face a shortfall of 67,000 technicians, engineers, and computer scientists by 2030. This shortage could hinder U.S. efforts to increase its domestic semiconductor manufacturing capacity. The U.S. CHIPS and Science Act, which allocated $39 billion in subsidies, tax breaks, and other incentives to stimulate local chipmaking, is expected to create nearly 115,000 jobs in the sector. To avoid staff shortages, it's estimated that the U.S. will need to train 26,400 new technicians, 27,300 new engineers, and 13,400 new computer scientists before the end of the decade.
READ THE STORY: The Register
Enthusiastic Nvidia investors may need a reality check
Analyst Comments: Nvidia's future profitability could be challenged by the production limitations of the chipmakers it relies on. Despite the bullish outlook for Nvidia due to increasing demand for AI chips, the risks related to chip manufacturing constraints are concerning. While Nvidia's business model, focusing more on software and intellectual property, avoids some of the production costs, its growth is intrinsically tied to the manufacturing capabilities of TSMC and Samsung. Any disruptions or limitations in their production could affect Nvidia's ability to meet the projected demand for its AI chips.
FROM THE MEDIA: Despite Nvidia’s impressive growth and record-breaking rally, its reliance on chipmakers Taiwan Semiconductor Manufacturing Company (TSMC) and Samsung, which are currently facing challenges, poses a significant risk. Both TSMC and Samsung, responsible for manufacturing 100% of the world's advanced chips, have recently reported declining profits due to a mix of AI being a relatively small sector, time lags in chip ordering and use, and supply constraints. The capital-intensive nature of chip production limits the growth rate, and weak earnings from these companies reduce the available funds for capacity expansion. In addition, factors such as chip engineer shortages and geopolitical tensions further contribute to supply risks.
READ THE STORY: FT
Items of interest
FCC boss says 25Mbps isn't cutting it, Americans deserve 100Mbps now, gigabit later
Analyst Comments: This proposal could significantly improve the quality of internet services across the U.S., particularly in rural and underserved areas. The increased upload bandwidth is particularly beneficial, considering the post-pandemic shift towards remote work and online education, where high upload speeds and low latency are essential. The success of these changes depends heavily on the willingness and ability of telecommunications companies to improve their infrastructure to meet these new standards. Concerns have been raised over the accuracy of the FCC's national broadband map, which determines eligibility for A-CAM funding, indicating there may be potential hurdles in effectively identifying and addressing areas of need.
FROM THE MEDIA: Jessica Rosenworcel, chairwoman of the Federal Communications Commission (FCC), has proposed a fourfold increase in minimum broadband speeds for Americans. This change would raise the current speeds from 25Mbps for downloads and 3Mbps for uploads to 100Mbps and 20Mbps respectively. This would be the first revision in eight years, and there is a long-term plan to further increase these speeds to 1Gbps down and 500Mbps up. This proposal aligns with broadband development programs such as the Enhanced Alternative Connect America Cost Model (A-CAM), which offers financial incentives to internet service providers for extending broadband services to underserved regions.
READ THE STORY: The Register
How Fiber Will Speed Up America’s Internet (Video)
FROM THE MEDIA: Fiber connections provide users with very fast, reliable internet. But, only 43% of U.S. households have access to a fiber internet connection. The Bipartisan Infrastructure Law that passed in November 2021 promises to bridge this digital divide, with $65 billion dedicated to expanding access to broadband internet to all Americans. Such government support, along with a number of other factors, has caused a spike in the demand for fiber products. CNBC visited Corning, the world’s largest manufacturer of optical fiber and North America’s largest producer of fiber optic cables to understand the technology behind fiber-optic internet and how the market for fiber products is changing.
Why 23 million Americans don't have fast internet (Video)
FROM THE MEDIA: High-speed internet service is lacking in much of rural America. The causes are complicated, but non-competitive cable markets, misguided government funding, and infrastructural obstacles have limited expansion up until now. Despite the troubles, some rural Americans are receiving internet via both wireless and wireline systems, but the internet service many receive falls short of the 25mbps up/3mbps down set by the Federal Communications Commission in 2015 during the Obama Administration.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.