Daily Drop (558): China: Social Media, Texas Power Grid, Microsoft: China Hack, Starlink Wars, Space Pirates Turn Cyber Sabers, APT31: Air-Gapped, Japanese boffins slice semiconductors using lasers.
08-02-23
Wednesday, Aug 02, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
‘What else is new?’: China’s hack on Microsoft follows a storied history of cyber-espionage
Analyst Comments: The Chinese hack on Microsoft illustrates the evolving sophistication and boldness of state-sponsored cyber espionage. Lewis's unique perspective provides valuable insight into the underlying tactics and strategies at play. This incident highlights not only the growing capability of Chinese hackers but also the vulnerabilities existing even in systems hosted by major cloud providers. The breach emphasizes the need for a comprehensive approach to cybersecurity, including holding cloud providers accountable for security, exploring more aggressive countermeasures, and developing international agreements on acceptable cyber behavior. The public's general unawareness of the scale and nature of these hacking operations is concerning and calls for more transparency and education on cybersecurity.
FROM THE MEDIA: James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies, spoke about his reaction and insights to the recent hack by China on Microsoft, which allowed intruders to access unclassified emails of top U.S. officials. In the hack, threat actors created their own authentication tokens to impersonate government officials, bypassing usernames and passwords. The breach, discovered in June, targeted prominent figures and occurred amid important negotiations with China. Lewis emphasized the cleverness of the attack and how it is part of China's playbook. He also discussed the broader context of cyber espionage, the illusion of cyber deterrence, and the complex nature of hacking back.
READ THE STORY: The Record
China spy agency’s social media debut calls for ‘all members of society to combat espionage
Analyst Comments: China's recent public engagement in anti-espionage efforts represents a significant shift towards a more open and inclusive approach. By leveraging a platform like WeChat, the state is directly reaching out to its citizens, embedding counter-espionage into societal consciousness. This aligns with the current government's assertive stance on state security.
FROM THE MEDIA: China's Ministry of State Security, a highly secretive civilian spy agency, has launched a public account on WeChat to mobilize citizens in its fight against espionage. The agency has called for the reporting of suspected espionage, offering rewards and legal protection. This move coincides with new amendments to China's counter-espionage law, which has broadened the definition of espionage. The Ministry's debut on a social media platform marks an increased push to engage various societal sectors, including news outlets and cultural entities, in anti-espionage education.
READ THE STORY: CNN
US gov. looking for malware that could target the Texas power grid
Analyst Comments: This situation underscores the critical nature of cybersecurity in maintaining the basic functions of society, such as power and water supplies. The malware's potential ability to impact both military and civilian life illustrates how interconnected these systems are and how vulnerabilities in one area can have cascading effects. The targeting of Texas, with its many military bases and its vulnerability to heat-related illnesses and deaths, may be indicative of a strategic focus by potential adversaries. The discovery of the code by Microsoft, and the apparent difficulty in ascertaining its full extent, highlights the challenges in detecting and combatting sophisticated cyber threats.
FROM THE MEDIA: U.S. officials are currently investigating malware believed to have been planted by Chinese hackers in American computer systems controlling utilities and communications. This specific malicious software could shut off electricity and water supplies, with potential ramifications not only for military operations but also for civilians. The threat is seen as particularly acute in Texas, where the heat wave could exacerbate disruptions. The Texas Military Department has cyber strike teams to respond, and efforts to eradicate the malware have been ongoing, especially after Microsoft discovered mysterious code in some telecommunications systems. However, the full extent of the malware's presence remains unknown.
READ THE STORY: LMTonline
Starlink Wars: Musk controls the battlefield from his office chair
Analyst Comments: The utilization of Starlink by Ukrainian military forces and other entities demonstrates the significant impact that satellite internet technology can have on contemporary warfare, humanitarian efforts, and general communication. The report emphasizes the reliance on Starlink as a lifeline in environments where conventional communication systems are compromised. However, the control that Musk has over this vital infrastructure raises serious ethical and geopolitical considerations. The ability of a single individual to influence military strategy, public welfare, and international relations through control over communication systems highlights a potential vulnerability in the global technological landscape. Musk's ability to restrict or enable access as he sees fit illustrates a concentration of power that could be subject to abuse or misjudgment.
FROM THE MEDIA: Starlink, a satellite internet system developed by Elon Musk's SpaceX, has become a crucial communication tool in various parts of the world, including war-torn Ukraine. The system has provided essential communication infrastructure where traditional means have been disrupted or destroyed. However, concerns are emerging over Musk's control of the technology, allowing him to dictate access and potentially use sensitive information collected by the satellites. Despite other projects like Amazon's Project Kuiper and Britain's OneWeb, Starlink remains the most dominant player in the field, with more than 4,500 active Internet satellites, aiming for a total of 42,000 for worldwide coverage. Several countries have expressed concerns about the power that Musk holds over this vital technology.
READ THE STORY: CTECH
Space Pirates Turn Cyber Sabers on Russian, Serbian Organizations
Analyst Comments: The development and shift in tactics by the Space Pirates represent a concerning evolution in cybercriminal activity. The transition from relying almost exclusively on backdoors to employing new, unconventional malware like Deed RAT indicates a growing sophistication and potential access to new resources or knowledge. The expansion of their interests and the geography of their attacks highlight an escalating threat that may require heightened vigilance and defense mechanisms from potential target organizations and governments. Since the group continues to use a large number of publicly available tools, this underscores the need for continuous monitoring, patching, and updating of security protocols to defend against known vulnerabilities.
FROM THE MEDIA: The Space Pirates cybercrime group, known for espionage and data theft, has recently evolved in its tactics and methodologies. Researchers at Positive Technologies have reported an increase in the number of attacks by the group and a shift to using unconventional malware and techniques. Among these new techniques is the utilization of Deed RAT, an aggressive tactic in attacking Russian companies. Over the past year, at least 17 organizations across various sectors, including government, defense, education, agriculture, energy, and information security in Russia and Serbia, have fallen victim to the Space Pirates' cyberattacks.
READ THE STORY: DARKreading // THN
China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe
Analyst Comments: The sophistication of these attacks, employing a diverse array of tools to infiltrate air-gapped systems, highlights APT31 as an exceptionally skilled and adaptable adversary. The continued exploitation of legitimate cloud services reflects a broader trend in cyberespionage, making detection increasingly challenging. The geographical expansion into Eastern Europe and the inclusion of Linux systems in the attacks signify a continuous evolution in the group's objectives and capabilities. The suspected links to China further complicate the situation, raising potential geopolitical concerns.
FROM THE MEDIA: APT31, a nation-state actor associated with China, is suspected of conducting a series of sophisticated cyberattacks against industrial organizations in Eastern Europe. According to Kaspersky, the group employed over 15 distinct implants, aiming to siphon data from air-gapped systems. These attacks leveraged a variety of techniques, including modular malware, cloud services such as Dropbox and Yandex, encrypted payloads, and more. The evidence also shows that APT31 is expanding its focus to include Linux systems.
READ THE STORY: THN
Japanese boffins slice semiconductors from diamonds – with lasers!
Analyst Comments: The development of a laser-based method for creating diamond wafers for semiconductors represents a potentially significant advancement in the field. The use of diamonds could revolutionize semiconductors due to their superior properties, particularly their wide bandgap. However, the brittleness and complexity of working with diamonds have always been obstacles. Chiba University's research provides a promising solution by manipulating the cracking patterns of diamonds, but it is still in the experimental stage. If this technology can be refined and commercialized, it may pave the way for more energy-efficient power circuitry, especially in areas like electric vehicles.
FROM THE MEDIA: Scientists at Japan's Chiba University have developed a method using lasers to create diamond wafers for next-generation semiconductors. While silicon is still the primary material for semiconductors, diamonds are desirable due to their wide bandgap, which allows for more efficient functioning at higher voltages, frequencies, and temperatures. However, working with diamonds is challenging because of their brittleness and synthesizing diamond wafers has been prohibitively expensive. Hirofumi Hidai and his team have been able to control the way a diamond cracks along a chosen plane using laser light, transforming parts of the diamond into amorphous carbon that is less prone to crack.
READ THE STORY: The Register
Voyager 2 found! Deep Space Network hears it chattering in space
Analyst Comments: The detection of the signal from Voyager 2 by the Deep Space Network is reassuring news, confirming that the spacecraft is still broadcasting and functioning normally. Though communications were lost due to a misaimed antenna, the fact that the spacecraft's "heartbeat" has been detected means it is still operational. This incident highlights the challenges of maintaining communication with far-reaching probes and the dependence on highly specialized equipment like DSS43. The planned corrective actions seem well-calculated, and there is hope that the communications will be restored either through direct intervention or the scheduled recalibration in October. This situation also serves as a testament to the robust design and longevity of Voyager 2, which continues to send valuable data back to Earth even after 46 years in space.
FROM THE MEDIA: NASA's Deep Space Network (DSN) has detected a signal from Voyager 2 over a week after communications were lost with the probe. The signal was detected by the Canberra Deep Space Communication Complex's 70-meter dish, Deep Space Station 43 (DSS43), the only facility capable of reaching the probe. Communications were severed on July 21 when planned commands inadvertently pointed the probe's antenna two degrees away from Earth. Engineers will attempt to send a corrective command to reorient the antenna. If unsuccessful, a regular and preplanned position recalibration is scheduled for October 15, which may resolve the situation.
READ THE STORY: The Register
Items of interest
AI on AI action: Googler uses GPT-4 chatbot to defeat the image classifier's guardian
Analyst Comments: Carlini's work unveils an innovative way to leverage large language models like GPT-4 in security research, showing both the potential for collaboration between human intelligence and AI and the possible security risks. While the current capability of GPT-4 doesn't allow it to break the security defense on its own, its assistance in implementing human ideas is notable. The research emphasizes the necessity for continuous improvement in AI security defenses and ethical guidelines. The future may see AI models capable of autonomously identifying and fixing vulnerabilities, but this also brings attention to the need for ongoing scrutiny and enhancement in AI security measures.
FROM THE MEDIA: Nicholas Carlini, a research scientist at Google's DeepMind, has exploited OpenAI's GPT-4 to bypass AI-Guardian, a system designed to prevent adversarial attacks on machine learning models. In collaboration with GPT-4, Carlini reduced the robustness of AI-Guardian from 98% to 8% by recovering the mask used by AI-Guardian to detect adversarial examples. The approach involved tweaking images to deceive a classifier without triggering AI-Guardian's detection. Despite the success of the prototype, there are caveats, including the need for specific information that may not be available in real-world applications.
READ THE STORY: The Register
GPT-4 Gets DOWNGRADED (Video)
FROM THE MEDIA: The transcript discusses various developments in the field of artificial intelligence. It starts with a press conference at the ITU AI for Global Good Summit 2023, where advanced humanoid robots express potential concerns about biases in AI decision-making. The conversation between the journalist panel and the AI robots highlights the idea of humans and AI cooperating for better decision-making.
New Way to Bypass AI Detection (Video)
FROM THE MEDIA: This video will show you how to bypass every ai detection tool, including Originality AI. It's taken a lot of time and testing, but this rewriting method works 100% guaranteed at the time of doing this video.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.