Daily Drop (583): U.S.-India relationship, E-commerce, Foxconn: Presidency, UN Cybercrime Treaty, LockBit 3.0, Asian Tech Landscape, KmsdBot Malware, SmokeLoader, CISA: Vulnerability Disclosure
08-28-23
Monday, Aug 28, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Stronger U.S.-India relationship could help America declare ‘independence’ from China: Vivek Ramaswamy
Analyst Comments: Ramaswamy's stance on strengthening U.S.-India ties reflects a broader sentiment among some U.S. policymakers who view India as a counterbalance to China's growing influence. His emphasis on the strategic importance of the Andaman Sea and the Malacca Strait underscores the geopolitical significance of the region. If Ramaswamy's views gain traction, it could signal a potential shift in U.S. foreign policy priorities, emphasizing a pivot towards India and a recalibration of its relationship with China. However, the feasibility of significantly reducing economic dependence on China in the short term remains challenging, given the deep-rooted trade ties. The upcoming 2024 Republican presidential primary will be a crucial indicator of whether Ramaswamy's perspectives resonate with a broader base and influence future U.S. foreign policy directions.
FROM THE MEDIA: Indian-American Republican presidential candidate, Vivek Ramaswamy, believes that a fortified relationship between the U.S. and India could help the U.S. reduce its economic dependence on China. He emphasized the potential benefits of a strategic partnership with India, including military collaboration in the Andaman Sea. Ramaswamy, the youngest Republican presidential candidate at 38, is currently campaigning in the key state of Iowa. He highlighted the U.S.'s economic reliance on China and suggested that a closer bond with India could provide an alternative. Ramaswamy, a successful biotech entrepreneur, has seen a surge in his polling numbers after the recent presidential debate. He is a strong proponent of the growing U.S.-India relationship and looks forward to enhancing it further.
READ THE STORY: The Hindu
Cyberattacks Targeting E-commerce Applications
Analyst Comments: The vulnerabilities discovered in Honda's e-commerce platform highlight the critical need for robust cybersecurity measures in today's digital landscape. The potential consequences of such vulnerabilities can be catastrophic for businesses, both in terms of financial losses and damage to reputation. The introduction of PTaaS as a continuous testing solution is a step in the right direction, offering businesses a more proactive approach to identifying and addressing vulnerabilities. The frequency and sophistication of cyberattacks on e-commerce platforms necessitate that businesses invest in advanced security measures and adopt a proactive stance towards cybersecurity.
FROM THE MEDIA: In 2023, e-commerce applications have become prime targets for cyberattacks due to their increasing omnichannel presence and the proliferation of API interfaces. To safeguard these platforms, regular testing and continuous monitoring are crucial. A recent example of such a vulnerability was found in Honda's e-commerce platform, which had an API flaw allowing anyone to request a password reset for any account. This flaw could have led to a significant data breach, granting unauthorized access to almost 24,000 customer orders, dealer websites, internal financial reports, and more. The vulnerability was discovered by researcher Eaton Zveare, who had previously identified a security flaw in Toyota's supplier portal. Honda has since addressed the vulnerabilities.
READ THE STORY: THN
Foxconn founder Terry Gou to run for Taiwan's presidency
Analyst Comments: Terry Gou's decision to enter the political arena is significant given his status as a prominent business figure in Taiwan. His campaign promises, especially the potential 50-year peace deal with China, will likely be a focal point of debate, considering the sensitive nature of Taiwan-China relations. Gou's pro-China stance, backed by his business dealings, might appeal to a segment of the Taiwanese population that favors closer ties with the mainland. However, his lack of political experience and Foxconn's controversial reputation could be potential challenges. The similarities between Gou's campaign approach and certain U.S. political strategies suggest a global trend where business magnates leverage their outsider status to influence politics. Gou's campaign will be closely watched, both for its potential impact on Taiwan's domestic politics and its implications for Taiwan-China relations.
FROM THE MEDIA: Terry Gou, the founder of Foxconn, a leading contract manufacturer, has announced his intention to run for the presidency of Taiwan. In his campaign launch, Gou emphasized several key promises, including leveraging his entrepreneurial background to address political challenges, elevating Taiwan's industrial sector, making Taiwan's economy surpass Singapore's within four years, and securing a 50-year peace agreement with China. Gou's approach to China is seen as more favorable compared to other Taiwanese politicians, given Foxconn's significant investments in the mainland. However, Foxconn has faced criticism over the working conditions in some of its factories. Gou's political strategy appears to mirror certain aspects of U.S. politics, particularly the emphasis on being an outsider capable of bringing change. To officially run in the January 2024 presidential election, Gou needs to gather 290,000 signatures to register as an independent candidate and form a supportive coalition to challenge the ruling Democratic Progressive Party (DPP).
READ THE STORY: The Register
Concerns Surrounding the Proposed UN Cybercrime Treaty
Analyst Comments: The ongoing negotiations surrounding the UN cybercrime treaty underscore the challenges of establishing global standards in the digital age. The concerns raised by human rights organizations highlight the potential for misuse and abuse of such a treaty, especially in the hands of repressive governments. It's essential for the final treaty to strike a balance between addressing genuine cyber threats and ensuring the protection of human rights and freedoms. The inclusion of broad or ambiguous terms could lead to unintended consequences, potentially stifling freedom of expression, research, and innovation. As the digital landscape continues to evolve, international cooperation is crucial, but it must be approached with caution and a clear understanding of the potential implications.
FROM THE MEDIA: Human rights organizations have expressed concerns over a United Nations cybercrime treaty currently under negotiation in New York. Initiated by Russia in 2017, the treaty aims to address transnational internet crimes. However, groups such as Human Rights Watch, Electronic Frontier Foundation, and others have highlighted potential issues with the current draft. They fear that the treaty could enhance governmental surveillance powers and provide repressive regimes with additional tools. The treaty's scope remains unclear, with some nations pushing for broader definitions of cybercrime, including the dissemination of "false information" online. Critics argue that the treaty lacks sufficient human rights safeguards and could be misused to target cybersecurity researchers, journalists, and civil society members. The negotiations are set to continue until September 1, with the final treaty potentially being passed in January 2024.
READ THE STORY: The Record
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
Analyst Comments: The adaptability and evolution of ransomware strains, as seen with ADHUBLLKA's multiple iterations, highlight the sophistication of cybercriminals. The continuous targeting of vulnerabilities, especially in widely-used systems like Cisco VPNs, emphasizes the need for organizations to prioritize cybersecurity and ensure regular updates and patches. The increasing speed at which ransomware gangs operate, as indicated by the reduced median dwell time, suggests that organizations must be ever-vigilant and proactive in their defense strategies.
FROM THE MEDIA: This leak has enabled threat actors to create new ransomware variants. Kaspersky, a Russian cybersecurity company, detected a ransomware intrusion that utilized a version of LockBit but with a distinct ransom demand procedure. The attacker introduced a different ransom note associated with a previously unknown group named NATIONAL HAZARD AGENCY. This note specified the ransom amount and provided unique communication methods, differing from the typical LockBit group's approach. Several cybercrime gangs, including Bl00dy and Buhti, have exploited the leaked LockBit 3.0 builder. Kaspersky identified 396 distinct LockBit samples, with 312 created using the leaked builders. The article also touches upon another ransomware strain, ADHUBLLKA, which has undergone several rebrandings since 2019. Despite minor modifications in its versions, they all trace back to ADHUBLLKA due to similarities in source code and infrastructure.
READ THE STORY: THN
Asian Tech Landscape: Espionage Controversies and Calls for Global AI Regulation
Analyst Comments: The dispute between Team T5 and Microsoft indicates the complexities and potential geopolitical implications of cyber-espionage. Modi's call for global AI and crypto regulations reflects growing concerns about the unchecked proliferation of new technologies and their societal impacts. Vietnam's focus on cybersecurity and Beijing's move to regulate AI in healthcare demonstrate a cautious approach to technological advancements, prioritizing national security and public health. The US's potential extension of exemptions for chipmakers signifies the ongoing tug-of-war between economic interests and geopolitical strategies.
FROM THE MEDIA: Recent developments in the Asian tech sector have brought to light a dispute between Taiwan-based infosec consultancy Team T5 and Microsoft over the timeline of a Beijing-linked attack group's activities. While Microsoft places the group's inception in mid-2021, Team T5 claims to have tracked them since 2020. In parallel, Indian Prime Minister Narendra Modi has called for global regulations on cryptocurrency and artificial intelligence, emphasizing the ethical implications surrounding AI. Vietnam is prioritizing cybersecurity, with its Prime Minister advocating for self-reliance in the domain. Beijing is set to ban AI's role in drug prescriptions, favoring human physicians. The US is considering extending an exemption for South Korean and Taiwanese chipmakers, allowing them to export advanced semiconductor equipment to China. South Korean tech giant Naver has unveiled its updated hyperscale AI model, while Japan and ASEAN collaborate on e-waste reduction initiatives. Lastly, Toshiba is trialing solar-charged LED lantern rentals in Vanuatu.
READ THE STORY: The Register
KmsdBot Malware Expands Reach: IoT Devices Now in Crosshairs
Analyst Comments: The evolution of the KmsdBot malware is a testament to the ever-adaptive nature of cyber threats. The shift towards targeting IoT devices is concerning, given the proliferation of these devices in homes and businesses. Their often-lax security measures, combined with unchanged default credentials, make them easy prey for such malware. The fact that KmsdBot is available as a service to other threat actors further amplifies the potential scale of attacks. Organizations and individuals must prioritize updating and securing their IoT devices to mitigate the risks posed by such evolving threats.
FROM THE MEDIA: The KmsdBot malware, previously known for targeting private gaming servers and cloud hosting providers, has undergone an upgrade. This botnet malware is now setting its sights on Internet of Things (IoT) devices, expanding its capabilities and potential attack surface. Akamai security researcher, Larry W. Cashdollar, highlighted in his recent analysis that the updated malware version now supports Telnet scanning and is compatible with a broader range of CPU architectures. This development comes after revelations that KmsdBot is available as a DDoS-for-hire service to other cybercriminals. The malware's primary function is to scan random IP addresses for open SSH ports and brute-force systems using a password list from a hacker-controlled server. With the new updates, it can also scan for Telnet, targeting IoT devices that often retain their default credentials.
READ THE STORY: THN
SmokeLoader Trojan Deploys Location-Tracking Malware
Analyst Comments: The deployment of the SmokeLoader Trojan with the capability to track the location of infected devices is a concerning development in the realm of cyber threats. The use of WiFi access points for geolocation is an innovative approach that showcases the evolving tactics of cybercriminals. The potential applications of such geolocation data, from intimidation to more targeted attacks, highlight the need for robust cybersecurity measures. The fact that SmokeLoader has been active for over a decade and continues to evolve underscores the persistence and adaptability of cyber threats.
FROM THE MEDIA: SmokeLoader Trojan, which is deploying a unique WI-FI scanning executable to determine the location of infected Windows devices. This malware, named "Whiffy Recon," uses nearby WiFi access points in conjunction with Google's geolocation API to triangulate the device's location. The malware scans for WiFi every minute and captures geolocation data, potentially allowing threat actors to track the compromised system. Researchers from cybersecurity firm Secureworks discovered this malware on August 8. The exact purpose of this data collection remains unclear, but it could be used to intimidate victims or pressure them into compliance. The malware checks for the presence of a wireless capability on a Windows system and persists on the system by creating a shortcut in the user's Startup folder. SmokeLoader has been active since 2011 and is known for its deceptive and self-protective nature.
READ THE STORY: BankInfoSec
CISA's Vulnerability Disclosure Platform: A Year in Review
Analyst Comments: CISA's VDP Platform has shown significant progress in its first 18 months, emphasizing the federal government's proactive approach to cybersecurity. The platform's success in addressing a majority of the reported vulnerabilities underscores its effectiveness. However, as cyber threats continue to evolve, it will be crucial for CISA and associated agencies to stay ahead of the curve, ensuring that the platform remains adaptive and responsive to emerging challenges.
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) has released its first annual report on the Vulnerability Disclosure Policy (VDP) Platform, highlighting its achievements and impact since its inception in July 2021. Over the course of 18 months, the platform received more than 1,300 valid cybersecurity vulnerability reports. Prompt action was taken on a majority of these reports, leading to an estimated savings of $4.35 million in response and recovery efforts. The VDP Platform, which has onboarded 40 agency programs, serves as a centralized system for agencies to receive vulnerability discoveries from cybersecurity researchers and other sources. These discoveries also include vulnerabilities identified during bug bounty contests. While direct submissions typically don't receive rewards, cash prizes are awarded through bug bounty competitions. Once agencies receive these reports, they are submitted to CISA for a consolidated approach to address and adjudicate significant vulnerabilities.
READ THE STORY: The Register
Items of interest
Have Chinese spies infiltrated US college campuses
Analyst Comments: While the concerns raised by the Department of Justice are grave and backed by specific incidents, it's essential to approach the topic with a balanced perspective. The vast majority of international students, including those from China, come to the U.S. with genuine intentions of pursuing education and cultural exchange. However, the highlighted incidents suggest a need for vigilance. The proactive approach of institutions like the National Institute of Health in issuing warnings indicates that the matter is being taken seriously. It will be crucial for universities to strike a balance between maintaining an open, inclusive environment for international students and ensuring the integrity and security of research and intelligence.
FROM THE MEDIA: NewsNation, authored by Alex Caprariello, highlights the concerns of the U.S. Department of Justice about Chinese spies potentially infiltrating American higher education institutions. The apprehension is that some international students, particularly from China, might be in the U.S. not solely for academic pursuits but to gather and relay intelligence to foreign superpowers. Over 60 universities, spanning from the Pac-12 to the Ivy Leagues, have been alerted about this threat. Historical context includes incidents from 2021 and 2020, where Chinese nationals were charged or arrested in connection with espionage activities. The National Institute of Health, in 2018, also pointed out threats to U.S. biomedical research from foreign entities trying to unduly influence researchers. However, the U.S. Department of State continues to promote international educational partnerships, with nearly 300,000 Chinese students enrolling in the U.S. for the 2021-2022 academic year.
READ THE STORY: NN
Chinese spying exposed again: Xi Jinping regime recruiting students to spy on nations (Video)
FROM THE MEDIA: A Chinese firm is luring students to spy on the West & translate stolen papers. The real intent of the job is hidden from jobseekers, hired as English translators. Covert pressure across the globe; China is hell-bent on stealing & dominating markets.
Chinese spies have infiltrated American Universities. Here are just a few. (Video)
FROM THE MEDIA: American professors have been caught spying for China–sending secret government data and research overseas in exchange for piles of cash. Here are the unbelievable stories of the ones who have been caught so far.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.