Daily Drop (577): Chinese Satellite: AI, DPRK: 180M Lifted, G20 Digital Ministers, BRICS, Tencent, Malware: PC's to Proxies, AuDA, Hallucinating ChatGPT (LLM), HiatusRAT, Microsoft DNS, Energy One
08-21-23
Monday, Aug 21, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
New 'AI-brained' Chinese satellite has just been launched
Analyst Comments: The launch of "WonderJourney" represents a significant advancement in the integration of AI technology with space exploration. By enabling in-situ data processing, the satellite can potentially speed up the data analysis process, making real-time decisions more feasible. This capability could revolutionize how satellites operate, making them more efficient and reducing the dependency on ground control. The expansion plan to 20 satellites indicates China's commitment to leading in the AI-space domain. However, as with all AI systems, the satellite's effectiveness will be determined by its real-world performance, adaptability, and the accuracy of its autonomous decisions.
FROM THE MEDIA: China has successfully launched its AI-powered "WonderJourney" satellite onboard a CERES-1 Y7 rocket from the Jiuquan Satellite Launch Center in Inner Mongolia. Developed by the Hangzhou-based company STAR.VISION, the satellite is designed to process data in situ, eliminating the need to send vast amounts of data back to Earth for processing. The satellite boasts features like high-resolution cameras, near-infrared cameras, and VR panoramic cameras. It can conduct real-time observation, recognize forests and oceans, and analyze a vast area in just a few hours. The ultimate goal is to develop fully autonomous spacecraft. STAR.VISION plans to expand the "WonderJourney" constellation to 20 satellites by the end of 2024.
READ THE STORY: IE
North Korean Hackers Stole $180M in First 6 Months of 2023
Analyst Comments: The increasing cyber activities of North Korean hackers in the digital asset space are alarming. The fact that the stolen funds are being used to finance North Korea's nuclear program adds another layer of concern. The effectiveness of international sanctions against North Korea is questionable, given the country's continued nuclear developments and the significant amounts they've managed to steal through cyberattacks. The crypto industry and international community need to bolster their defenses and strategies to counteract these cyber threats. The involvement of entities from other countries, like the China-based OTC traders, indicates a broader network aiding North Korea, which further complicates the situation.
FROM THE MEDIA: North Korean hackers have reportedly stolen approximately $180 million in the first half of 2023, according to a report by Asia Today, citing South Korea’s National Intelligence Service. These hackers, affiliated with North Korea, have been increasingly active in the digital asset space. The funds stolen are believed to be channeled into North Korea's nuclear program. The Lazarus group, a notorious hacking entity, is suspected of being behind several of these cyber heists, including last year's $100 million Harmony Bridge hack. The U.S. Department of Treasury has sanctioned three China-based OTC traders for aiding the Lazarus group in converting stolen cryptocurrency to fiat. Over the past five years, North Korea has allegedly stolen around $2 billion in crypto assets. Despite UN sanctions aimed at curtailing North Korea's nuclear and ballistic missile initiatives, the country continues to develop its nuclear weaponry and produce nuclear missile material.
READ THE STORY: CryptoPotato
G20 digital ministers sign up for Digital Public Infrastructure push
Analyst Comments: The G20's focus on creating a framework for digital public infrastructure indicates the increasing importance of digitalization in global economies. India's leadership in this area, especially with its "India Stack" initiative, showcases its ambition to be at the forefront of digital public goods. The emphasis on cybersecurity and online safety for children and youth is timely, given the rising cyber threats and the increasing online exposure of younger generations. While the recommendations are non-binding, they can serve as a guideline for countries to enhance their digital infrastructure and policies. The upcoming G20 Heads of State and Government Summit in September may further delve into these topics, especially in the realm of artificial intelligence.
FROM THE MEDIA: The G20 digital economy ministers convened in India and proposed a "Framework for Systems of Digital Public Infrastructure (DPI)." This framework consists of three main elements: technology, governance standards, and a community of private and civil society actors. The framework aims to create robust, inclusive, and sustainable digital public infrastructure. India, currently holding the G20 presidency, has been pushing for such digital public goods, exemplified by its "India Stack" initiative. The G20 also discussed improving private sector infosec capacity, resilience of critical services, and redress mechanisms for cyberattacks. Additionally, a "Toolkit on Cyber Education and Cyber Awareness of Children and Youth" was introduced, emphasizing the importance of online safety for young individuals.
READ THE STORY: The Register
What Next? The BRICS Global Share of GDP May Overtake the G7 by 2028
Analyst Comments: The ongoing summit and the projected economic trajectories indicate a significant shift in global economic power dynamics. The potential for the BRICS nations to overtake the G7 in terms of GDP share by 2028 is a testament to the rapid growth and influence these countries have garnered over the past few decades. China's economic challenges, coupled with the global efforts to reduce reliance on traditional fiscal systems, highlight the evolving nature of global geopolitics. The U.S. and other G7 nations will need to strategize and adapt to this changing landscape, especially considering the economic and geopolitical implications of the BRICS nations' rise.
FROM THE MEDIA: The BRICS countries (Brazil, Russia, India, and China) are currently holding a summit in South Africa, coinciding with a meeting between the U.S., Japan, and South Korea at Camp David. Economic indicators suggest that the BRIC countries are on a trajectory to overtake the G7 countries in terms of global share of GDP, adjusted for purchasing power (PPP), by 2028. This shift in economic power is causing the BRICS nations to consider moving away from the traditional fiscal and monetary systems dominated by the U.S. and the G7. Several factors influencing this potential shift include De-Dollarization, China's Economic Slowdown, Globalization Transformation, Decoupling from China, U.S. Reshoring, and China's Global South and Africa Strategy.
READ THE STORY: OODALOOP
Tencent predicts big profits from lock-in to cloudy AI
Analyst Comments: Tencent's focus on its MaaS business and the belief in its potential for high recurring revenue highlights the growing importance and integration of AI in various industries. The company's strategy to make migration away from its services challenging ensures customer retention and steady revenue. The various other news pieces, such as LucasFilm's closure in Singapore and China's criticism of India's tech policies, underscore the dynamic and sometimes contentious nature of the tech industry in the Asia-Pacific region. The updates from Alipay and Apple further emphasize the significance of the Chinese market for global tech giants.
FROM THE MEDIA: Tencent's Chief Strategy Officer, James Mitchell, has informed investors about the company's optimism regarding its AI-models-as-a-service (MaaS) business. He believes that once customers integrate these services, it will be challenging for them to migrate away, ensuring a steady revenue stream for Tencent. In the second quarter of 2023, Tencent reported a revenue of $20.6 billion, marking an 11% increase year on year. The company's social networks, WeChat and QQ, also saw growth in their monthly users. In other news, LucasFilm has closed its Singapore studio, citing "economic factors". Chinese media has criticized India's tech policies, suggesting they are designed to hinder Chinese mobile brands. Alipay, owned by Alibaba, updated its international edition targeting tourists in China, allowing them to link various international cards to their accounts. Apple celebrated its 30th anniversary in China, emphasizing its contributions to the local economy and society.
READ THE STORY: The Register
This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers
Analyst Comments: The increasing sophistication of malware tactics, especially those that covertly install proxy applications on infected systems, highlights the need for enhanced cybersecurity measures. The monetization of malware through affiliate programs can accelerate the spread of such threats, posing significant risks to individual and corporate users. The focus on macOS systems as a lucrative target underscores the importance of ensuring robust security measures across all platforms, not just traditionally targeted ones like Windows.
FROM THE MEDIA: Threat actors are exploiting malware-infected Windows and macOS devices to install a proxy server application, turning them into exit nodes for rerouting proxy requests. According to AT&T Alien Labs, a company offering this proxy service operates over 400,000 proxy exit nodes. It's uncertain how many of these nodes were established by malware on infected devices without the user's knowledge. While the proxy website claims its exit nodes come from informed users, evidence suggests malware writers are silently installing the proxy on compromised systems. This malware is often delivered to users searching for cracked software and games. The proxy software, written in Go, targets both Windows and macOS. The software also gathers information about the compromised systems and can deploy additional malware or adware. The rise of malware delivering proxy applications, facilitated by affiliate programs, emphasizes the evolving tactics of adversaries.
READ THE STORY: THN
AuDA, Australia's Domain Registrar, Suspected of Cyber Breach; Engages with ACSC for Investigation
Analyst Comments: The incident underscores the evolving threat landscape and the audacity of ransomware gangs in targeting high-profile entities. The initial denial by auDA and subsequent acknowledgment of the attack highlights the challenges organizations face in quickly ascertaining the veracity of such claims. It's crucial for companies to have robust cybersecurity measures in place and to collaborate with relevant authorities when faced with potential breaches.
FROM THE MEDIA: The Australian domain registrar, .au Domain Administration Limited (auDA), was reportedly targeted by the NoEscape ransomware gang, which claimed to have stolen 15 gigabytes of sensitive data. Initially, auDA denied the allegations, but later acknowledged that the threat actor had shared limited proof of the attack. The Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Department of Home Affairs have been informed of the incident. NoEscape, which emerged in May 2023, operates both as a ransomware-as-a-service provider and runs its extortion operations. The group has set a date for its next update about 10 days after its initial notice on 11 August. However, a recent update from auDA confirmed that no data belonging to the company has been compromised.
READ THE STORY: CyberSecurityConnect
Hallucinating ChatGPT finds a role playing Dungeons & Dragons
Analyst Comments: Assessing the findings, it's evident that while AI can offer valuable support in enhancing the D&D experience, it's not ready to replace the human element entirely. Players seem to appreciate the AI's assistance but are wary of it taking over the game's creative essence. The challenges faced, such as the AI's occasional inaccuracies, highlight the importance of human oversight in such interactive and imaginative settings. The research underscores the potential of AI in augmenting human-led activities while also emphasizing the need for careful implementation to preserve the core spirit of the endeavor.
FROM THE MEDIA: Researchers from the University of Pennsylvania and the University of Maryland, Baltimore County, have explored the integration of OpenAI's large language models (LLMs) into the world of Dungeons & Dragons (D&D), a fantasy role-playing game. They developed CALYPSO, a set of three LLM-powered interfaces, to assist human Dungeon Masters (DMs) in the game when played online via Discord. The AI was found to be effective in generating high-quality text for players and offering creative ideas for DMs to expand upon. However, the AI occasionally "hallucinated" or provided inaccurate information about the game, and certain training safeguards hindered its ability to discuss game-relevant topics.
READ THE STORY: The Register
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
Analyst Comments: The audacity of the threat actors behind HiatusRAT is concerning, especially given their continued operations even after their tools and tactics have been exposed. The targeting of critical entities, such as the U.S. Department of Defense server, underscores the significant risks posed by such malware. The trend of targeting perimeter assets, like routers, indicates a shift in tactics by threat actors, emphasizing the need for organizations to prioritize cybersecurity and ensure that all devices are patched and secured.
FROM THE MEDIA: The Hacker News reported a resurgence in the HiatusRAT malware, which has been targeting Taiwan-based organizations and a U.S. military procurement system. The malware's operators have updated their tactics, using new virtual private servers for their operations. The targets include commercial entities in Taiwan and a U.S. Department of Defense server related to defense contract proposals. Initially identified in March 2023, the HiatusRAT had been targeting routers in Latin America and Europe. The latest attacks, which occurred from mid-June to August 2023, utilized pre-built binaries for various architectures. Most connections to the malware-hosting server came from Taiwan.
READ THE STORY: THN
Microsoft DNS boo-boo breaks Hotmail for users around the globe
Analyst Comments: The DNS error affecting Microsoft's Hotmail service highlights the importance of meticulous oversight in managing DNS records, especially for large-scale services that millions rely on. Such disruptions can erode user trust and cause significant operational challenges. The NYC's decision to ban TikTok reflects growing concerns about the security implications of using certain apps, especially those with potential ties to foreign governments. The arrest of Shanna Gardner in connection to the murder of a former Microsoft executive is a tragic personal event and serves as a reminder that tech professionals, like all individuals, can be affected by profound personal tragedies.
FROM THE MEDIA: Microsoft faced a significant issue when a DNS error caused emails sent from Hotmail accounts via the Outlook service to be rejected or sent to spam folders. This problem began on a Thursday and was linked to errors related to the Sender Policy Framework (SPF), which is a method used to authenticate outbound emails and prevent email spoofing. The issue was traced back to Microsoft removing a subdomain from the DNS TXT record storing its SPF list and changing the SPF failure condition. This caused emails from Hotmail to be considered suspicious and thus rejected. Microsoft acknowledged the problem and later indicated that it had been resolved. In other news, New York City banned TikTok on city-owned devices due to potential security threats. Lastly, Shanna Gardner was arrested for her alleged involvement in the murder of her ex-husband, Jared Bridegan, a former Microsoft executive.
READ THE STORY: The Register
How can manufacturers stop being the top target for cyber crime
Analyst Comments: The shift in cybercriminal focus from the financial sector to the manufacturing industry is alarming. The manufacturing sector's vulnerabilities, combined with the rapid technological advancements of the 4IR, make it a prime target. The article underscores the importance of proactive measures, suggesting that manufacturers not only adopt advanced technological solutions but also invest in training and fostering a culture of security awareness. The emphasis on "security by default" is particularly pertinent, suggesting that security should be an integral part of every aspect of the business, rather than an afterthought.
FROM THE MEDIA: The manufacturing industry has become the top target for cybercriminals, surpassing the financial services sector, as reported by IBM’s X-Force Threat Intelligence Index. Over half of all manufacturers in Britain have fallen victim to cybercrime in the past two years. The average cost of data breaches for companies in 2022 was $4.35 million. The manufacturing sector is particularly vulnerable due to its aversion to downtime, making it more likely to pay ransoms, and its extensive supply chains which present more vulnerabilities. The Fourth Industrial Revolution (4IR) has further increased risks with the rise of automation and digitalization. The article suggests that manufacturers need to adopt a "security by default" approach, focusing on password hygiene, policy relevance, compliance, and a comprehensive security toolkit. The three pillars of cybersecurity—people, processes, and technology—should be fortified to withstand sophisticated attacks. Outsourcing security and risk to a managed service can also be beneficial.
READ THE STORY: TechNative
Cyberattack on Energy One affects corporate systems in Australia and the UK
Analyst Comments: The cyber-attack on Energy One underscores the increasing vulnerability of energy and utility companies to cyber threats. Given the critical nature of energy infrastructure and the potential cascading effects of a successful breach, such attacks can have significant implications not only for the targeted company but also for the broader energy grid and its consumers. The swift response by Energy One, including its engagement with cybersecurity specialists and notification of authorities, is commendable.
FROM THE MEDIA: Energy One, a wholesale energy software provider, has reported a cyber-attack on its corporate systems in both Australia and the UK on 18 August. The company, which has been in operation for 15 years, offers software and services to businesses ranging from startups to multinational corporations, including energy retailers and generators in Australasia and Europe. Upon detecting the attack, Energy One took immediate measures to mitigate its effects, engaged cybersecurity specialists from CyberCX, and informed the Australian Cyber Security Centre and relevant UK authorities. The company is currently analyzing its systems to determine the extent of the breach and has temporarily disabled some links between its corporate and customer-facing systems. Energy One is also investigating the initial point of entry for the cyber-attack and whether any personal information or customer systems have been compromised.
READ THE STORY: CSO
Items of interest
Weapons Against Armour. What Do the ’Red Flags’ of Foreign Sanctions Regulators Mean
Analyst Comments: The article underscores the intricate dance between sanction impositions and the strategies employed to circumvent them. While the identification of "red flags" by Western regulators is a proactive approach, it also showcases the lengths to which entities will go to bypass restrictions. The rise in criminal cases serves as a testament to the effectiveness of these sanctions but also highlights the challenges in their enforcement. The imposition of secondary sanctions and the "explanatory work" by Western authorities indicate a multi-pronged strategy to tighten the noose around sanction evaders. However, the most significant takeaway is the potential long-term shift in global trade dynamics.
FROM THE MEDIA: Ivan Timofeev's article delves into the evolving landscape of sanctions against Russia post the Special Military Operation in Ukraine in February 2022. With the imposition of these sanctions, there has been a marked increase in attempts to bypass them, leading to a cyclical "arms and armour" confrontation. Western regulators have identified various "red flags" that hint at potential circumvention, such as transactions involving non-sanctioning countries, the sudden activation of dormant companies, and complex transaction structures. Several criminal cases have emerged, highlighting the intricate methods employed to evade these sanctions. Furthermore, the US has initiated secondary sanctions on individuals from diverse countries. Western authorities are also educating businesses in non-sanctioning countries to be wary of their dealings with Russia. The overarching theme is the adaptation of businesses, with many looking to shift away from Western markets and turn to the East to minimize risks.
READ THE STORY: ModernDiplomacy
Russia-Ukraine Briefing: Cyber and Sanctions (Video)
FROM THE MEDIA: Shifting cyber threats and an exchange of sanctions run in parallel with the Russian invasion of Ukraine. Discussing the changes to the cyber and sanctions landscapes over the past two months, S-RM experts share insight on the shifting motivations of Russian ransomware groups, the fight to control misinformation about the war in Ukraine, and much more.
China, Russia, Ukraine, Cyber and Sanctions (Video)
FROM THE MEDIA: Exiger is revolutionizing the way corporations, government agencies and banks manage risk & compliance through its combination of technology-enabled and SaaS solutions. In recognition of the growing volume and complexity of data and regulation, Exiger is committed to creating a more sustainable risk & compliance environment through its holistic and innovative approach to problem solving. Exiger’s mission to make the world a safer place to do business drives its award-winning AI technology platform, DDIQ, built to anticipate the market’s most pressing needs related to evolving environmental, social and corporate governance (ESG), cyber, financial crime, third-party risk management (TPRM) and supply chain risk management (SCRM). Exiger has won 30+ AI, RegTech and Supply Chain partner awards.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.