Daily Drop (588): China: DDoS, SDA and SpaceX, Breached Iranian App, EV Battery Recycling, Evolution of SapphireStealer, DOD's Deep Dive into Trusted AI, Russian Data Localization, Azure's Australian
09-04-23
Monday, Sep 04, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
DDoS Defense in Greater China: A New Era
Analyst Comments: The proactive steps taken by Greater China in developing and adopting advanced DDoS defense solutions are commendable. The integration of AI and ML into defense mechanisms represents a cutting-edge approach to cybersecurity, allowing for real-time detection and mitigation of threats. The exploration of blockchain technology further showcases the region's forward-thinking approach, potentially setting a global standard for DDoS defense. However, the true strength of Greater China's approach lies in its holistic strategy, which combines technology with robust cybersecurity policies and practices.
FROM THE MEDIA: Greater China's rapid digital transformation has positioned it as a prime target for cybercriminals, particularly for Distributed Denial of Service (DDoS) attacks. These attacks, which flood networks with excessive internet traffic, can lead to significant financial and reputational damages. In response, advanced DDoS defense solutions are being developed, leveraging artificial intelligence (AI) and machine learning (ML) to detect and counteract these threats in real time. Additionally, emerging technologies like blockchain are being explored for their potential to enhance network security by decentralizing data storage. Cloud-based DDoS defense solutions are also gaining traction due to their scalability and cost-effectiveness.
READ THE STORY: CityLife
SDA and SpaceX Gear Up for Second Tranche 0 Satellite Launch
Analyst Comments: The continuous enhancement of SapphireStealer underscores the dynamic and evolving nature of cyber threats. The open-source nature of this malware allows for rapid adaptation and diversification, making it a versatile tool for cybercriminals. Its ability to steal a wide range of sensitive data poses significant risks to corporate environments, emphasizing the need for robust cybersecurity measures. The rise of such open-source malware also highlights the challenges in cybersecurity, as traditional defense mechanisms may struggle to keep pace with the rapid evolution of threats.
FROM THE MEDIA: The Space Development Agency (SDA) is preparing to expand its constellation of data transport and missile tracking satellites in low-Earth orbit. The agency is set to deploy an additional 13 satellites for its Tranche 0 initiative. These satellites are scheduled for launch on Saturday using a SpaceX Falcon 9 rocket from the Vandenberg Space Force Base in California. This marks the second launch for Tranche 0, following the deployment of the first 10 satellites in April. The upcoming launch was initially slated for Thursday but was postponed twice, with the next launch opportunity set for Saturday. Out of the 13 satellites, 10 will be data transport systems manufactured by Lockheed Martin for the Tranche 0 transport layer. The remaining three, which include two from SpaceX and one from York Space Systems, are designed for missile warning and tracking.
READ THE STORY: Defense Scoop
Anti-Government Messages Sent to Millions via Breached Iranian App
Analyst Comments: Black Reward has a history of cyberattacks against the Iranian government. The group emerged on Telegram shortly after Amini's death in 2022. In October of the same year, they released what they claimed to be private correspondence between the Iranian government and the International Atomic Energy Agency. The Iranian government attributed this breach to "unauthorized access from a specific foreign country" without providing further details. The group's main objective, as stated in their communications, is to fight against the Iranian regime in support of "women, life, and freedom." Their Telegram channel, which boasts over 87,000 subscribers, had been inactive since February 28, until this recent attack. The channel had previously posted about an alleged hack of the Fars news agency, which is overseen by the Islamic Revolutionary Guard Corps (IRGC).
FROM THE MEDIA: A hacking group named Black Reward, known for its opposition to the Iranian government, has claimed responsibility for a recent cyberattack on a widely used financial services app in Iran. The group sent out messages to the app's users, which translated to "Death to Khamenei" and referenced the revolution and the death of Mahsa Amini, an Iranian woman who died in police custody in September 2022. This incident led to widespread protests across the nation. The breached app, known as the 780 app, is popular among Iranians for digital transactions, including online shopping, bill payments, and checking bank balances. The developer claims the app has over 6 million users. Many users took to social media platforms, sharing videos and comments about the unexpected alerts they received.
READ THE STORY: CyberScoop
The EV Battery Recycling Conundrum
Analyst Comments: The rapid proliferation of EVs underscores the urgency of addressing the recycling dilemma. While the industry is in its infancy, the challenges it faces are multifaceted, from technological to logistical to regulatory. The collaborative models emerging, like the closed-loop systems in China, hint at the industry's potential direction. However, the true test will be in balancing economic viability with environmental responsibility. The potential repurposing of old batteries for other energy applications further emphasizes the need for a holistic approach.
FROM THE MEDIA: The global transition to electric vehicles (EVs) has ignited a pressing need for efficient battery recycling. Companies worldwide are investing heavily in recycling capabilities, anticipating raw material shortages essential for future EVs. However, the nascent recycling industry grapples with uncertainties. These range from the dominant battery chemistry that will emerge, future regulatory landscapes, and evolving recycling technologies, to the ultimate ownership of EV batteries at their life's end. Presently, the primary recycling sources are consumer product batteries and battery plant "scrap". But as EV adoption grows, end-of-life batteries will become the focus, introducing different logistical challenges. Models where battery manufacturers maintain ownership throughout the battery's lifecycle, leasing it to carmakers and then consumers, are being considered. In regions like China, closed-loop partnerships between recyclers and carmakers are emerging as potential solutions.
READ THE STORY: FT
The Evolution of SapphireStealer: Open Source Malware's Enhanced Caps
Analyst Comments: The continuous enhancement of SapphireStealer underscores the dynamic and evolving nature of cyber threats. The open-source nature of this malware allows for rapid adaptation and diversification, making it a versatile tool for cybercriminals. Its ability to steal a wide range of sensitive data poses significant risks to corporate environments, emphasizing the need for robust cybersecurity measures. The rise of such open-source malware also highlights the challenges in cybersecurity, as traditional defense mechanisms may struggle to keep pace with the rapid evolution of threats.
FROM THE MEDIA: Hackers are increasingly leveraging an open-source information stealer, known as SapphireStealer, to create new and more potent variants. This malware is designed to extract sensitive data, notably corporate credentials, which are then sold to other malicious actors for subsequent attacks, encompassing espionage and ransomware activities. SapphireStealer's existence was first noted by Cisco Talos researchers in December 2022, and its presence in public malware repositories has been on the rise since. The malware is adept at pilfering a range of sensitive data from compromised systems, including browser credentials and specific file types. Once activated, SapphireStealer establishes a working directory, identifies target files, and sends the data to the attacker. Additionally, the culprits behind SapphireStealer have introduced a malware downloader named FUD-Loader, which retrieves and executes additional malicious payloads.
READ THE STORY: BankInfoSec
DOD's Deep Dive into Trusted AI and Autonomy
Analyst Comments: The conference underscores the Defense Department's proactive approach to understanding and integrating AI and autonomy in its operations. By bringing together experts from various sectors, the DOD is ensuring a holistic understanding of the challenges and opportunities AI presents. The emphasis on "constitutional AI" – an AI system that evaluates its outputs against a set of principles – indicates a thoughtful approach to AI safety. This event sets the stage for future collaborations and discussions, with another significant event already planned for January 2024.
FROM THE MEDIA: The Office of the Under Secretary of Defense for Research and Engineering recently organized a three-day conference from June 20-22, which saw participation from over 200 attendees. These attendees spanned government, military, and around 60 entities from the private sector, including companies, universities, and research centers. The conference aimed to discuss and deliberate on the advancements and challenges in artificial intelligence (AI) and autonomy within the U.S. defense sector. The structure of the conference was designed to foster a two-way dialogue. The defense sector presented its challenges and areas requiring assistance, while the industry and academia showcased their research that could address these gaps. The goal was to identify actionable steps to bridge these gaps. AI and autonomous platforms have the capability to perform tasks or solve problems that typically require human intelligence, often with minimal human intervention. While some components of the Defense Department have been utilizing AI for years, there's a recognized need to scale these assets across the enterprise and develop comprehensive guidance.
READ THE STORY: Defense Scoop
Russian Data Localization Laws Bite
Analyst Comments: The imposition of these fines on such prominent platforms signals Russia's intent to strictly enforce its data localization laws. For international companies operating in or considering entering the Russian market, this development serves as a stark reminder of the importance of understanding and complying with local data regulations. The fines, although significant, might not be debilitating for these tech giants, but the reputational impact and the potential for stricter future regulations or even bans cannot be overlooked.
FROM THE MEDIA: In a recent move underscoring the strict enforcement of data localization laws in Russia, a Moscow court has fined two major tech platforms: Match Group's Tinder and the streaming service Twitch. Tinder has been slapped with a 10 million rouble (approximately $104,000) fine, while Twitch faces a slightly steeper penalty of 13 million roubles (around $135,000). These fines were levied due to the companies' repeated failures to store Russian users' data within the country, a mandate set by Russian data localization regulations.
READ THE STORY: Reuters
Chinese APT's Deceptive Tactics: Fake Messaging Apps on Official Stores
Analyst Comments: The discovery of these fake apps underscores the persistent and evolving threat posed by APT groups, particularly those backed by nation-states. The ability of these malicious apps to remain undetected on official app stores for extended periods highlights the sophistication of the tactics employed by such groups. It also emphasizes the need for continuous vigilance and proactive measures by both app store providers and users. The expansion of the target demographic from China to other countries indicates a broader agenda and the potential for more widespread cyber espionage activities. Users are reminded to exercise caution when downloading apps, ensuring they originate from trusted sources, and regularly updating and scanning their devices for potential threats.
FROM THE MEDIA: Cybersecurity researchers have recently identified fake versions of the popular messaging apps, Signal and Telegram, on the Google Play Store and Samsung Galaxy Store. These counterfeit apps, named Signal Plus Messenger and FlyGram, were designed with malicious intent to steal user data, including contact lists, call logs, and device-specific information. The apps were developed by a Chinese Advanced Persistent Threat (APT) group known as GREF, which has multiple aliases including APT15, Ke3chang, Mirage, Vixen Panda, and Playful Dragon. The malicious code within these apps is linked to the BadBazaar malware. GREF has a history of cyber espionage, having been implicated in surveillance against the Uyghurs using Android malware in July 2020 and targeting a UK Government Contractor to pilfer military technology secrets in March 2018.
READ THE STORY: THN
Azure's Australian Outage: A Deep Dive
Analyst Comments: The incident highlights several areas of concern for Microsoft's Azure operations. Firstly, the fact that only three Microsoft personnel were on site during the outage, which the report admits was insufficient for a timely response, raises questions about staffing protocols during off-hours. Secondly, the failure of the emergency operational procedures (EOPs) to bring the chillers back online indicates a potential gap in the company's disaster recovery plans. Additionally, the issues with storage infrastructure recovery, where diagnostic tools couldn't access relevant data because storage servers were down, further exacerbated the situation. Lastly, Microsoft's admission that their automation was marking healthy nodes as unhealthy, slowing down the recovery process, points to potential flaws in their automation systems.
FROM THE MEDIA: Microsoft's Azure cloud region in Australia East experienced a significant outage, which the company's preliminary analysis suggests was due to a combination of external and internal factors. The primary cause was identified as a "utility power sag" that affected the cooling units in one of the data centers. This sag is consistent with the power outages that parts of Sydney, where Microsoft operates some of its cloud infrastructure, experienced following an electrical storm. The affected data halls had seven chillers, of which only one managed to restart successfully after the sag. The result was an overheating of the data halls, necessitating the shutdown of servers, which in turn caused parts of Azure and other Microsoft cloud services to become unavailable.
READ THE STORY: The Register
The Dual Faces of India's Premier Tech Institutions
Analyst Comments: The IITs undeniably play a pivotal role in shaping India's tech landscape, producing some of the brightest minds that lead global tech giants. Their rigorous curriculum and competitive environment prepare students for challenging roles in the tech industry. However, the mental and emotional toll this takes on students cannot be ignored. The high-pressure environment, coupled with issues of gender and caste discrimination, paints a concerning picture of the student experience at these institutions. It's crucial for the IITs and other stakeholders to address these issues, ensuring a more inclusive, supportive, and holistic educational environment.
FROM THE MEDIA: The Indian Institutes of Technology (IITs), a network of elite tech schools across India, have been lauded for producing global tech leaders, including CEOs of major corporations. These institutions are often seen as the golden ticket to success, with aspirants undergoing rigorous training and facing fierce competition to secure a coveted seat. Notable alumni include Sundar Pichai of Alphabet and Sachin Bansal of Flipkart. However, beneath the sheen of success lies a darker side. The academic pressure is immense, leading to high dropout rates and, tragically, several student suicides. Furthermore, the campuses are often described as hypermasculine environments where female students face harassment and discrimination. Caste-based discrimination is also rampant, with students from marginalized backgrounds facing additional challenges.
READ THE STORY: Wired
Chinese Cybercriminals Target U.S. with iMessage Smishing Campaign
Analyst Comments: The Smishing Triad's campaign is a testament to the evolving tactics of cybercriminals, leveraging trusted communication channels like iMessage to deceive users. The use of compromised iCloud accounts as a delivery mechanism is particularly concerning, as it can lend an air of legitimacy to the scam messages. The group's business model, which includes offering fraud-as-a-service, indicates a sophisticated and organized operation. The collaboration with other threat actors further amplifies the potential scale and impact of their activities. Given the trust users place in SMS and iMessage, it's crucial for individuals to remain vigilant and skeptical of unsolicited messages, especially those prompting for personal or financial information.
FROM THE MEDIA: A new large-scale smishing (SMS phishing) campaign has been launched in the U.S., where cybercriminals are sending deceptive iMessages from compromised Apple iCloud accounts. The primary objective of this campaign is identity theft and financial fraud. The Chinese-speaking threat actors behind this operation, known as the "Smishing Triad," are using a package-tracking text scam sent via iMessage to gather personally-identifying information (PII) and payment credentials from unsuspecting victims. Resecurity, in their recent analysis, revealed that the Smishing Triad is also offering "fraud-as-a-service" by selling smishing kits via Telegram for $200 a month. These kits impersonate well-known postal and delivery services from various countries. A notable feature of this campaign is the use of breached Apple iCloud accounts to send fake package delivery failure messages, which then lure recipients into providing their credit card details on fraudulent forms.
READ THE STORY: THN
The Digital Battlefield: Cyberattacks and Global Politics
Analyst Comments: The increasing frequency and sophistication of politically motivated cyberattacks underscore the vulnerabilities inherent in our digital age. The intertwining of politics and cyber warfare has profound implications, not just for political institutions, but for the very fabric of democratic societies. The hacks, ranging from the DNC breach to the Labour Party attacks, highlight the audacity of cybercriminals and state-sponsored actors willing to undermine democratic processes for various motivations. The role of misinformation, further exacerbated by advanced technologies like large language models, adds another layer of complexity to the challenge. For individuals, the onus is on staying informed and practicing vigilance in the digital realm.
FROM THE MEDIA: The digital realm has become a new battleground for political warfare, with cyberattacks playing a pivotal role in shaping global politics. The 2016 hack of the Democratic National Committee (DNC) marked a turning point, revealing the potential of cyberattacks to influence political outcomes. Since then, numerous politically motivated cyberattacks, such as the 2020 US Election interference, the 2021 Labour Party hack, and the Pegasus scandal, have posed direct threats to democracy. Experts from the Cyber Rights Organization (CRO) and Cloudflare emphasize that these incidents are not isolated but part of a concerning trend reflecting the evolving dynamics of politics and cyber warfare. The motivations behind these attacks range from geopolitical influence and ideological beliefs to information warfare and demonstrations of power.
READ THE STORY: MoonLock
Vietnamese Cybercriminals Target Facebook Business Accounts with Malvertising
Analyst Comments: The increasing sophistication and adaptability of these cyber threats underscore the urgent need for bolstered security measures, especially for businesses active on social platforms like Facebook. The strategic targeting of such platforms indicates a calculated shift in cybercriminal focus, emphasizing the evolving nature of digital threats in the modern era.
FROM THE MEDIA: Vietnamese cybercriminals are intensifying their efforts, with a specific focus on exploiting Facebook business accounts through malvertising. These malevolent entities are harnessing the advertising potential of social media platforms, particularly Facebook, to disseminate malware. Prominent groups like Ducktail and NodeStealer have emerged as key players in these cyberattacks, utilizing a blend of advanced tactics ranging from social engineering to search engine poisoning. The Ducktail malware, designed to pilfer browser session cookies, zeroes in on Facebook business accounts. Once compromised, these accounts become commodities in the dark web, with prices fluctuating between $15 to $340. Another notable actor in this space is Duckport, which, while echoing Ducktail's strategies, introduces its distinct features.
READ THE STORY: THN
The Controversy Surrounding Books3
Analyst Comments: The Books3 controversy underscores the complexities of copyright in the digital age, especially as AI continues to evolve. On one hand, there's a push for democratizing access to large datasets to level the playing field for smaller entities against tech giants. On the other, there's a legitimate concern about respecting the rights of authors and creators. The outcome of this debate could significantly shape the future of AI development, potentially determining who gets to control and benefit from AI advancements.
FROM THE MEDIA: The release of Books3, a massive dataset of around 196,000 books, has ignited a fierce debate over copyright and the future of artificial intelligence (AI). Shawn Presser, an independent AI researcher, created Books3 by scraping books from a shadow library called Bibliotik. He was inspired by OpenAI's GPT-3 and aimed to democratize access to large datasets similar to those used by major AI players. Once assembled, Books3 was hosted online by a data archiving group called The Eye and later became part of a larger dataset called The Pile, released by the nonprofit AI collective Eleuther. However, the dataset's popularity with major companies like Meta and Bloomberg has drawn criticism and legal challenges. The Rights Alliance, a Danish anti-piracy group, has been actively working to remove Books3 from the internet, citing copyright infringements. They have successfully issued Digital Millennium Copyright Act (DMCA) takedown notices against organizations hosting Books3. Additionally, the Authors Guild has rallied writers against the use of copyrighted datasets like Books3 in AI training.
READ THE STORY: Wired
Items of interest
AI Models to be Hacked at DEF CON 31
Analyst Comments: DEF CON has previously been used by the U.S. government to identify vulnerabilities in critical technologies. For instance, the U.S. Air Force has organized capture-the-flag contests at the conference to test satellite system security. Additionally, DARPA has introduced new technology at the event that could enhance the security of voting systems. The rapid progression of machine learning has led to the launch of numerous generative AI tools. However, there are concerns within the AI community that companies might be rushing these products to market without adequately addressing potential safety and security issues. Historically, machine learning advancements have been the domain of academic and open research communities. However, AI companies are increasingly restricting public access to their models, making it challenging for independent researchers to identify potential flaws.
FROM THE MEDIA: Prominent artificial intelligence companies, including Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI, and Stability AI, have pledged to make their AI models available for red-teaming at the upcoming DEF CON hacking conference in Las Vegas. This initiative is part of a broader White House effort to address the security implications of rapidly advancing AI technology. The AI Village event at DEF CON, a renowned hacking conference, will allow participants to probe these models for vulnerabilities. This red-teaming event is the first public assessment of large language models. A senior administration official emphasized the effectiveness of red-teaming in identifying vulnerabilities in cybersecurity and expressed hope for similar results with AI models.
READ THE STORY: CyberScoop
Crashing AI at the AI Village (Video)
FROM THE MEDIA: Another ScavHunt item down at the AI Village - we learned how to crash an AI at DEF CON 31.
Defcon, Fifty Minutes To Hack ChatGPT (Video)
FROM THE MEDIA: This year’s Def Con, one of the premier hacker conferences, featured the world’s largest Red Team exercise where hackers tried to break AI chatbots.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.