Daily Drop (557): China: Salespace-1 Constellation, China: Indian economy, Digital Sovereignty Russia & China, Fruity Trojan, Silicon Valley: Pentagon, Ninja Forms Plugin, Chinese factory activity
07-31-23
Monday, Jul 31, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
China registers with ITU for new mega-constellation
Analyst Comments: China's rapid advancement in the satellite technology sector is a clear indication of its determination to rival global leaders like the United States and Elon Musk’s Starlink. The Salespace-1 constellation is another step towards strengthening China's space capabilities and commercial satellite communication services. The decision to opt for Very Low Earth Orbiting satellites offers several benefits, including efficiency, reduced launch costs, and smaller size. However, the low operating height means these satellites will decay sooner, necessitating regular replacements and careful maintenance of the constellation. China's satellite program, led by state-owned firms like the China Aerospace Science and Industry Corp. (CASIC), reflects the nation's strategic emphasis on space technology. The project will likely boost domestic technological innovation and contribute to China's growing presence in the global satellite market.
FROM THE MEDIA: China has registered a new satellite constellation named Salespace-1, consisting of 1,296 satellites. The filing with the International Telecommunication Union (ITU) was made on July 4th and updated on July 28th. The constellation will be organized into 36 planes, each containing 36 satellites, and will operate in the Ku, Q, and V-bands at an orbit of 1,160 kms. China plans to complete the Very Low Earth Orbiting satellite fleet by 2030, with the first satellite expected to launch by December this year. By 2024, nine more satellites will be added to form a satellite data public service platform, focusing on communication services, remote sensing, near-Earth observation, and emergency response.
READ THE STORY: Advanced Television
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
Analyst Comments: The creation of fake websites hosting trojanized software is a sophisticated attack strategy that leverages the interest of users in specific software tools. By targeting tools associated with hardware tuning and monitoring, the attackers are aiming at a wide audience, including enthusiasts and professionals. The use of the Fruity trojan's multi-stage infection and techniques like steganography and process doppelgänging illustrates the increasing complexity of malware and the methods deployed to evade detection. This trend underscores the urgent need for robust cybersecurity measures, not only in terms of advanced detection mechanisms but also in user education to recognize suspicious downloads and websites.
FROM THE MEDIA: Threat actors are creating fake websites to host trojanized software installers that trick users into downloading a downloader malware called Fruity, ultimately installing remote trojans like Remcos RAT. The malware campaign targets various tools for tuning CPUs, graphics cards, BIOS, and PC hardware-monitoring tools, among others. The installer also contains a Python-based Fruity trojan that stealthily unpacks files, using steganography to hide executables and initialize the infection. Fruity is designed to bypass antivirus detection and uses a process called doppelgänging to launch the Remcos RAT payload. The exact initial access vector remains unclear.
READ THE STORY: THN
Chinese syndicates denting Indian economy via loan apps
Analyst Comments: The growth of digital loan shark operations run by Chinese entities in India is symptomatic of a broader global trend of cybercriminal activities exploiting weak legal systems and societal vulnerabilities. These fraudulent schemes have the potential to lead to significant financial losses for individual citizens, undermine trust in digital financial services, and even have a destabilizing effect on India's economy. The lack of specific laws addressing cybercrimes, inadequate existing laws, and the need for dedicated laws and cybercrime courts all highlight the legal challenges in combating these crimes effectively. On the technological front, the utilization of emerging technologies like AI for criminal purposes calls for increased cybersecurity measures, and collaboration between governments, financial institutions, and technology providers.
FROM THE MEDIA: Chinese criminal syndicates and gangs are reportedly operating digital loan shark schemes in India, exploiting legal loopholes and targeting unemployed youth and the financially stressed lower strata of society. These scams involve offering instant loans with exorbitant interest rates, leading to financial distress among borrowers. The kingpins are often based in China but employ locals in neighboring countries to manage transnational criminal activities, including data collection aimed at destabilizing the Indian economy. The Chairman of the International Commission on Cyber Security Law, Pavan Duggal, has called for dedicated cybercrime courts and new legal frameworks to combat this threat.
READ THE STORY: Hindu Post
Weak Chinese factory activity puts pressure on Beijing to support the economy
Analyst Comments: The continued contraction in China's manufacturing sector and the slipping growth in other areas is a clear sign of a faltering economic recovery. Beijing's efforts to date, including recent measures by the central bank, appear insufficient to turn the tide, and the global economic conditions are not helping the situation. The current circumstances add pressure on policymakers to quickly implement more robust strategies to stimulate growth. The reluctance to opt for broader fiscal stimulus due to high debt levels, particularly among local governments, limits the tools available to the government. The state must find a delicate balance between stimulating growth and maintaining financial stability.
FROM THE MEDIA: China's manufacturing activity contracted for the fourth consecutive month in July, with the official manufacturing sector purchasing managers' index (PMI) coming in at 49.3, remaining below the expansion threshold of 50. Growth in services, including construction and agriculture, also fell, prompting increasing calls for Beijing to take concrete action to stimulate the world's second-largest economy. Despite attempts by the Chinese Communist Party to boost the economy and the central bank's monetary easing, the anticipated recovery led by manufacturing and exports has not materialized. Factors such as a decrease in consumer spending, weak exports, a liquidity crisis in the property sector, and high youth unemployment have hampered growth.
READ THE STORY: FT
Digital Sovereignty in Russia and China
Analyst Comments: The growing focus on digital sovereignty as demonstrated by countries like Russia and China illustrates a complex and pivotal shift in the global landscape of internet governance. Security concerns, economic considerations, technological independence, international collaboration and tension, and the implications for global governance all intermingle in this transformation. While Russia emphasizes international agreements and content control, China focuses on economic protection, and both move towards technological self-reliance. Their cooperative efforts reveal broader patterns of alliances, but the overall trend towards digital sovereignty may also lead to international conflicts, depending on alignment with global norms. The potential fragmentation and varied legal norms as nations assert their digital sovereignty may reshape the governance of the global internet.
FROM THE MEDIA: The analysis presents an exploration of the mounting trend toward digital sovereignty, focusing on China and Russia's strategies. China has been a leader in the field, emphasizing economic protection and content control, while Russia focuses on diplomatic efforts and international information security. The shared priorities have led to bilateral cooperation, reflecting an international trend toward strengthening digital sovereignty in response to cyber threats. The emergence of digital sovereignty has been influenced by historical events, such as the Arab Spring, leading to a shift from a borderless internet to a more controlled digital space. Russia has been influential in recognizing the importance of sovereignty in the ICT environment and has strengthened its digital borders
READ THE STORY: ModernDiplomacy
How Silicon Valley is helping the Pentagon in the AI arms race
Analyst Comments: The shift in the U.S. military strategy towards more agile and tech-driven solutions represents an essential evolution in defense. Saildrone's journey and the substantial growth in venture capital investments highlight the momentum in this direction. But the bureaucratic challenges and delays in procurement reveal a significant disconnect between the pace of innovation and the current military infrastructure. This situation creates a potential vulnerability in the global competitive landscape, particularly in comparison to rivals like China, known for its rapid innovation. To fully leverage the potential of commercial technology in defense, systemic reforms are necessary, aligning procurement and strategy with the speed and demands of contemporary technological advancements.
FROM THE MEDIA: The article discusses the U.S. Department of Defense's strategic transition towards utilizing commercial technology, particularly artificial intelligence and autonomous systems, in national defense. It highlights Saildrone, a company founded by Richard Jenkins, that evolved from oceanic research to playing a significant role in military surveillance. With venture capital in the defense tech sector doubling to $33 billion in 2022, the rush towards technology integration in defense is evident. However, bureaucratic challenges and slow procurement processes hinder efficient implementation. Startups like Saildrone demonstrate the potential of commercial tech, but systemic challenges create barriers to realizing their full capabilities.
READ THE STORY: FT
Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable
Analyst Comments: The disclosure of these security vulnerabilities in popular WordPress plugins like Ninja Forms highlights the critical nature of software security in the current digital landscape. The fact that these flaws could be exploited by unauthenticated users to escalate privileges or export sensitive information emphasizes the need for prompt action. Given that Ninja Forms is installed on over 800,000 sites, the potential impact is vast, affecting various businesses, blogs, and other online platforms that rely on WordPress. Organizations and individual users should heed the recommendation to update to the latest versions of the affected plugins promptly.
FROM THE MEDIA: Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress, which could enable attackers to escalate privileges and steal sensitive data. The flaws, identified by Patchstack, affect versions 3.6.25 and below of the plugin installed on over 800,000 sites. The vulnerabilities include a POST-based reflected cross-site scripting (XSS) flaw (CVE-2023-37979) and two broken access control flaws (CVE-2023-38386 and CVE-2023-38393). An update to version 3.6.26 has been recommended to mitigate these threats. Patchstack also revealed vulnerabilities in the Freemius WordPress SDK and the HT Mega plugin.
READ THE STORY: THN
NASA mistakenly severs communication with Voyager 2
Analyst Comments: The current communication failure with Voyager 2 is indicative of the challenges associated with operating spacecraft that rely on decades-old technology. While not an unprecedented incident, the inability to receive or transmit data can be concerning given the probe's vast distance from Earth and the slow communication speed. The situation highlights the importance of automated systems and the value of built-in redundancy in space missions. Voyager 2's ability to recalibrate its position autonomously will likely mitigate the current problem, demonstrating foresight in its design.
FROM THE MEDIA: NASA's Voyager 2 probe is currently unable to communicate with Earth as its antenna has been pointing two degrees away from our planet for over a week. The misalignment means the probe can't receive commands or transmit data to NASA's Deep Space Network (DSN). Although a concerning glitch, NASA believes it's a temporary issue and does not expect it to end the nearly 46-year-long space mission. Voyager 2 is scheduled to recalibrate its position on October 15. Despite the aging technology on the probe, engineers have been successful in keeping it operational, likening the task to maintaining an old car. The probe is presently around 32 billion kilometers from Earth, moving 15km further away every second.
READ THE STORY: The Register
Items of interest
AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
Analyst Comments: The discovery and analysis of the AVRecon botnet emphasize the ongoing and increasingly complex threats targeting small office/home office (SOHO) routers. As it affects over 41,000 nodes in 20 countries, AVRecon demonstrates the need for a global response. The botnet's connection to the SocksEscort service, which rents out compromised devices to cybercriminals, illustrates an alarming criminal business model. This contributes to further illicit activities, including password attacks and ad fraud. The infiltration of routers, often considered peripheral devices, highlights the potential vulnerabilities within both home and business networks. With many routers infrequently patched and lacking advanced security controls, they become lucrative targets.
FROM THE MEDIA: A botnet named AVRecon, which uses compromised small office/home office (SOHO) routers, has been exposed in a multi-year campaign that began at least in May 2021. It has surpassed QakBot by infiltrating over 41,000 nodes across 20 countries. Researchers have found that AVRecon executes additional commands and steals the bandwidth of victims for what seems to be an illegal proxy service offered to other actors. The malware has been linked to a 12-year-old service called SocksEscort that rents hacked devices to cybercriminals to conceal their location online. Routers have become appealing targets due to infrequent patching and vulnerability to handling high bandwidths.
READ THE STORY: THN
What is a BotNet? (Video)
FROM THE MEDIA: A botnet is a network of internet-connected devices, each of which is running one or more bots. These devices can be anything from personal computers and servers to Internet of Things (IoT) devices like smart refrigerators or thermostats.
What is a botnet? Botnet malware on the Dark Web (Video)
FROM THE MEDIA: Exploring the cyber-crime industry of selling and renting botnets online.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.