Daily Drop (594): Asia's Tech Landscape, Beijing's Intel Ways, ZPC: American Ports, Russia's Cyber Onslaught, Google's Privacy Sandbox, UK's Critical IT Infrastructure, PLASSF's Capabilities
09-11-23
Monday, Sep 11, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Cyber Warfare in the Sino-Indian Context: Assessing the PLASSF's Capabilities
Analyst Comments: The Russia-Ukraine conflict has stirred debates about the efficacy of CW and EW in complementing conventional military operations. While Russia's cyber efforts in Ukraine have faced criticism, it's essential to recognize that China's cyber capabilities far surpass those of Russia. The PLASSF, responsible for attacking enemy networks, integrates CW, EW, and space warfare, and would play a pivotal role in a potential conflict with India. In a possible Sino-Indian boundary war, the combined application of CW and EW would be more pertinent than CW alone, given the ongoing boundary tensions between the two nations. China's military was among the pioneers in understanding the synergistic use of CW and EW through the Integrated Network Electronic Warfare (INEW). This integration is crucial for the PLASSF, which would support the People’s Liberation Army (Army) (PLAA) and the People’s Liberation Army Air Force (PLAAF) in a confrontation with India.
FROM THE MEDIA: The Russia-Ukraine war has provided insights into the effectiveness of Cyber Warfare (CW) capabilities. However, it's crucial not to hastily generalize the outcomes of this conflict when assessing the potential of CW in a Sino-Indian war scenario. The People’s Liberation Army Strategic Support Force (PLASSF) of China boasts significant CW capabilities, designed to support conventional military operations. The PLASSF is adept at integrating CW, Electronic Warfare (EW), space capabilities, and frontier technologies like Artificial Intelligence (AI) for efficient military operations against adversaries like India.
READ THE STORY: ORF
Asia's Tech Landscape: iPhone Bans, Alibaba Shifts, and Ransomware Woes
Analyst Comments: The expansion of China's iPhone ban is indicative of the growing tension between China and Western tech companies, potentially affecting trade and international business relations. Apple's share price reaction underscores the economic implications of such geopolitical moves. Alibaba's leadership change in its cloud division signals potential strategic shifts or internal dynamics within one of China's largest tech giants. The rampant ransomware attacks in India highlight the urgent need for bolstered cybersecurity measures in one of the world's major IT hubs. Australia's action against PayPal emphasizes the increasing global scrutiny on tech giants and their business practices. Lastly, Zoho's achievement and Fujitsu's acquisition underscore the growth and integration of tech businesses in the Asian market.
FROM THE MEDIA: China has expanded its ban on iPhones, now encompassing local governments and state-owned companies. This move is expected to affect approximately 56 million employees. In corporate shifts, Alibaba's outgoing CEO, Daniel Zhang, will not assume the previously anticipated role of CEO for Alibaba Cloud. Instead, Eddie Yongming Wu will take the helm. Meanwhile, India faces a cybersecurity crisis, with 74% of its enterprises hit by ransomware in 2022. On the regulatory front, Australia is challenging PayPal over what it deems unfair contract terms for small businesses. In a positive note, Indian SaaS giant Zoho celebrates a milestone with its 100 millionth user, and Fujitsu expands its reach in the ASEAN region by acquiring Thailand-based SAP consultancy, Innovation Consulting Services.
READ THE STORY: The Register
Chinese Espionage: A Deep Dive into Beijing's Intelligence Gathering
Analyst Comments: China's alleged espionage activities highlight the lengths to which Beijing is willing to go to gather intelligence and advance its interests. The arrest of a spy within the British government is particularly alarming, suggesting that China is willing to infiltrate even the highest levels of Western governments. The cyberattacks on U.S. institutions and companies indicate a sophisticated digital espionage capability, posing significant threats to national security and economic interests. The accusations against tech giants like Huawei and TikTok further complicate the tech landscape, leading to potential economic and diplomatic repercussions. The use of Chinese citizens abroad for intelligence gathering is also concerning, as it exploits the global Chinese diaspora and potentially puts innocent individuals at risk.
FROM THE MEDIA: A recent arrest of an alleged Chinese spy within the British government has reignited concerns about China's intelligence-gathering methods. This incident, coupled with previous allegations of China deploying a surveillance balloon over the U.S., underscores the extensive measures Beijing is willing to take in its espionage efforts. Over the years, China has been implicated in a variety of espionage techniques, from cyberattacks to industrial and military espionage. The U.S. has identified China as a major cyber espionage threat, with Chinese hackers targeting various sectors, including energy, telecoms, and universities. High-profile tech companies like Huawei have faced accusations of conspiring to steal trade secrets, leading to bans and restrictions. Social media platforms like TikTok have also been under scrutiny due to data security concerns. On the human intelligence front, China has been accused of using its citizens abroad to gather intelligence and steal sensitive technology.
READ THE STORY: DailyMail
China's Reach in American Ports: A Growing Security Concern
Analyst Comments: The reliance on Chinese infrastructure, particularly in critical areas like ports, underscores a significant vulnerability in U.S. national security. The potential for espionage or sabotage through these cranes is alarming, especially when considering the economic and strategic importance of U.S. ports. Past incidents, like the hack on the Colonial Pipeline, demonstrate the potential fallout from cybersecurity breaches. While there have been efforts to address these concerns, such as the introduction of legislation to block the purchase of Chinese cranes and the requirement for American-made software in new ZPMC cranes at the Port of Virginia, more comprehensive measures are needed. Reducing dependence on ZPMC and enhancing cybersecurity measures at ports should be prioritized to safeguard national interests.
FROM THE MEDIA: The House China Select Committee recently highlighted potential cybersecurity risks posed by China in U.S. ports. A significant concern is the potential espionage through Ship-to-Shore (STS) cranes purchased from ZPMC, a Chinese state-owned enterprise. These cranes are pivotal for America's trade operations. However, there's been uncertainty regarding the number of Chinese cranes in U.S. ports. A recent analysis revealed that nearly half of the STS cranes in an average American container port are from ZPMC, with some ports, like Philadelphia, almost entirely dependent on ZPMC cranes. This dependence on Chinese infrastructure presents significant national security threats. The software in these cranes could potentially allow the Chinese Communist Party (CCP) to spy on U.S. ports and access critical data in port IT systems. Given Chinese laws, the CCP can demand data from any Chinese company and requires manufacturers to install software that grants the CCP access to equipment. This means the CCP could use ZPMC's cranes to gather sensitive data or even sabotage shipping operations, which could have severe economic implications, considering nearly $5 billion of cargo moves through U.S. ports daily.
READ THE STORY: NewsWeek
Google's Privacy Sandbox: A New Era for Online Privacy
Analyst Comments: The introduction of Privacy Sandbox signifies a paradigm shift in how online privacy is approached. As third-party tracking cookies have long been a concern for privacy advocates, Google's move to eliminate them showcases a proactive approach to address these concerns. The Privacy Sandbox, with its focus on preserving user privacy without compromising tailored content delivery, can set a precedent for other tech giants. However, it's worth noting that the initiative has faced criticism, particularly regarding Google's data collection practices. As cyber threats and privacy concerns continue to evolve, initiatives like the Privacy Sandbox will play a crucial role in shaping the future of online privacy and security.
FROM THE MEDIA: Google has initiated the rollout of its Privacy Sandbox feature in the Chrome web browser, marking a significant step towards enhancing online privacy. This move comes four months after Google's announcement of its plans to phase out third-party tracking cookies. Anthony Chavez, the vice president of Privacy Sandbox initiatives at Google, emphasized the importance of balancing enhanced privacy with access to information. The Privacy Sandbox aims to offer privacy-preserving alternatives to third-party cookies while still enabling tailored content and ads. Initially, Google will exclude nearly three percent of its users from this change to facilitate comprehensive testing. The full rollout is expected to reach all users in the upcoming months.
READ THE STORY: THN
Ukraine's Resilience in the Face of Russia's Cyber Onslaught
Analyst Comments: This Russia-Ukraine conflict underscores the evolving nature of warfare in the digital age. Cyber operations are no longer supplementary; they are integral to modern conflicts. Ukraine's ability to effectively counter Russia's cyber onslaught serves as a testament to the importance of international collaboration, proactive defense strategies, and the role of non-state actors in cyber defense. The conflict offers valuable insights for nations worldwide, emphasizing the need for robust cyber defense infrastructures and international cooperation. As cyber threats continue to evolve, the lessons from this conflict will be crucial in shaping global cyber defense strategies, ensuring that nations are prepared for the multifaceted challenges of modern warfare.
FROM THE MEDIA: The 2022 Russian invasion of Ukraine marked a significant shift in modern warfare, with cyber operations playing a pivotal role alongside traditional military actions. Russia employed a comprehensive cyber strategy, utilizing techniques ranging from disinformation campaigns to infrastructure hacking. Microsoft's 2022 report highlighted the scale of these cyber attacks, noting numerous destructive operations on Ukrainian systems within a short span. In response, Ukraine demonstrated remarkable resilience by leveraging partnerships with tech giants, engaging international hacktivists, and proactively countering disinformation. This multi-faceted approach not only helped Ukraine defend against cyber threats but also turned the cyber tide in their favor.
READ THE STORY: Georgetown: SFS
A Surge in Cyberattacks on UK's Critical IT Infrastructure
Analyst Comments: Looking at the charts there has been a sharp rise in reported cyberattacks on critical IT infrastructure. The NIS Regulations play a pivotal role in ensuring that significant cyber incidents are reported, thereby allowing for timely interventions and policy adjustments. However, the data also highlights that many reported incidents did not meet the set thresholds, indicating potential gaps in the current reporting system. This could mean that several cyberattacks, though significant in their own right, might be going unnoticed at the policy level. The UK government's commitment to updating the legislation and broadening the scope of reportable incidents is a step in the right direction. As cyber threats continue to evolve, it's imperative for nations to have robust reporting and response mechanisms in place to safeguard their critical infrastructure.
FROM THE MEDIA: In the first six months of 2023, organizations managing critical IT infrastructure services in the UK reported a record number of cyberattacks leading to significant operational disruptions. This data, obtained under the Freedom of Information Act, reveals that there were 13 such incidents, marking a substantial increase from the four recorded disruptions in both 2021 and 2022. These organizations, ranging from power plants to transport and healthcare sectors, are mandated by the UK's Network & Information Systems Regulations (NIS Regulations) to report any significant cyber disruptions. These reports must meet specific thresholds to be considered significant. For instance, a disruption in an electricity distribution network would require an unplanned loss of supply to over 50,000 customers for more than three minutes.
READ THE STORY: The Record
Microsoft's Insights on East Asian Cyber Threats
Analyst Comments: The increasing sophistication and scale of these operations, especially from China, pose significant challenges for global cybersecurity. The use of AI in influence operations, despite producing occasionally odd content, indicates a shift towards more advanced techniques to sway public opinion. The focus on maritime technology by North Korea, coupled with its recent military activities, suggests a strategic alignment of its cyber operations with broader national objectives. As the digital landscape continues to evolve, understanding these threats becomes crucial for nations and corporations alike to bolster their defenses and strategies.
FROM THE MEDIA: Microsoft recently acknowledged its inability to detect a Chinese cyberattack on its infrastructure. In response, the company released a report titled "Digital threats from East Asia increase in breadth and effectiveness." This report, crafted by Microsoft's Threat Intelligence group, delves into the growing online aggressions from China and North Korea. Four main trends are highlighted: China's espionage efforts around the South China Sea, Beijing's enhanced use of social media for influence operations, the scaling and multilingual expansion of these operations, and North Korea's heightened interest in maritime technology. The report also discusses the activities of groups like "Raspberry Typhoon" and "Flax Typhoon" and China's innovative use of AI in its influence operations. The document concludes with a prediction that both nations will continue their cyber operations, especially targeting the 2024 US presidential election.
READ THE STORY: The Register
Emerging Cyber Threats: PowerShell's Role in NTLMv2 Hash Theft
Analyst Comments: The use of PowerShell, a legitimate tool, for malicious purposes underscores the sophisticated tactics employed by cybercriminals. The targeted nature of the attacks, focusing on specific geographical regions, indicates a strategic approach by the threat actors. As cyber threats continue to evolve, it's crucial for organizations and individuals to stay informed and adopt proactive measures to safeguard their digital assets.
FROM THE MEDIA: A recent cyber attack campaign has been identified, which exploits the PowerShell script associated with a legitimate red teaming tool to steal NTLMv2 hashes from compromised Windows systems. These systems are predominantly located in Australia, Poland, and Belgium. This malicious activity has been codenamed "Steal-It" by Zscaler ThreatLabz. The campaign utilizes customized versions of Nishang's Start-CaptureServer PowerShell script to exfiltrate NTLMv2 hashes. Furthermore, the attackers execute various system commands and transfer the retrieved data using Mockbin APIs. Nishang, a known framework consisting of PowerShell scripts and payloads, is used for offensive security, penetration testing, and red teaming. The attackers in this campaign have employed multiple infection chains, all of which start with phishing emails containing ZIP archives. Notably, one of the attack sequences was previously highlighted by the Computer Emergency Response Team of Ukraine (CERT-UA) in May 2023, suggesting a potential link to the APT28 campaign against Ukrainian government institutions. This connection raises the possibility that the Steal-It campaign might be orchestrated by the Russian state-sponsored threat actor.
READ THE STORY: THN
China's Demand for Vulnerability Disclosure from Tech Firms
Analyst Comments: The ability to analyze log files and recommend infrastructure setups could streamline processes and improve efficiency. However, the broader application of generative AI, beyond back office tasks, could redefine competitive landscapes across industries. While tools like GitHub Copilot can enhance developer productivity, the real transformative potential lies in more complex AI tools that can offer unique solutions and capabilities. The challenges of developing such tools, both in terms of complexity and cost, highlight the need for organizations to strategically invest in AI.
FROM THE MEDIA: Generative AI (GenAI) is being considered as a potential tool to enhance infrastructure-as-code tools, as highlighted by Arun Chandrasekaran, a distinguished VP analyst at Gartner, during the firm's Symposium in Australia. While the technology is not yet at a point where developers can command AI to set up infrastructure, there's interest in how AI models could analyze an organization's IT using log files. The idea is that if generative AI can suggest code, it might also be able to recommend the necessary infrastructure to execute that code. The Symposium's keynote emphasized the potential of generative AI in back office tasks, such as aiding developers in coding or enhancing personal productivity tools. However, while tools like GitHub Copilot or generative AI features for Google Workspaces can improve efficiency, they won't necessarily provide a competitive edge. More intricate AI tools, like Khan Academy's "Khanmingo" chatbot, can be game-changers but are also more challenging and costly to develop.
READ THE STORY: The Register
Items of interest
Reassessing Catastrophe Risk in the Face of Black Swan Events
Analyst Comments: The challenges faced by the reinsurance industry underscore the need for adaptability and forward-thinking. The immediate reaction of excluding perils after major unexpected losses is not a sustainable solution. For the industry to remain relevant, it must provide solutions to these emerging risks, as evidenced by the establishment of the Terrorism Risk Insurance Act post 9/11. The focus on cyber threats highlights the complexities of modern risks, where blanket exclusions are impractical, and the challenge of attribution remains. The industry's approach to aggregation, especially in systemic loss scenarios, needs a rethink. The increasing role of ILS reinsurers, who are cautious about unmodelled risks, further complicates the landscape. Ultimately, the reinsurance sector's ability to evolve and adapt to these challenges is crucial. It not only determines its relevance in a rapidly changing risk landscape but also its role in providing stability and assurance in an unpredictable world.
FROM THE MEDIA: The reinsurance sector has faced significant challenges in predicting and assessing catastrophe risk in the 21st century. Events like the 9/11 terrorist attacks and various natural disasters, intensified potentially by climate change, have tested the industry's traditional models and assumptions. These models, rooted in historical data, have shown limitations, especially when addressing man-made disasters and emerging threats like cyberattacks. Furthermore, the industry was caught off guard by the systemic impacts of political decisions, such as the national lockdowns during the Covid pandemic and the non-return of leased aircraft from Russia due to sanctions. However, these political decisions and their ramifications should no longer be seen as unexpected. The industry must now anticipate a range of threats, from heightened geopolitical risks and severe cyberattacks to more pandemics and unpredictable natural catastrophes.
READ THE STORY: The Insurer
Understanding the Fragility of the Functional Ingredient Supply Chain Amidst China-Taiwan Tensions (Video)
FROM THE MEDIA: What if I told you there’s a 23.75 percent chance the supplement industry will be unrecognizably annihilated in the next year? While I don’t want this to be a “sky is falling” moment that creates panic and mass hysteria, we do need to walk through a very scary…very plausible “black swan event” that would completely disrupt the supplement industry as we know it today. I’ve been modeling out probabilities of certain external threats to the functional ingredient supply chain for some CPG clients, of which one is growing in concern…the geopolitical risks that are building from the growing tensions between China and Taiwan.
Preparing for Black Swan Event Part 1: POPIA & Cyber Crimes Act 2022 (Video)
FROM THE MEDIA: Black Swan events refer to highly unexpected and devastating cyber incidents that can have far-reaching consequences for organizations, nations, and the global digital ecosystem. This talk speaks to POPIA & The Cyber Crimes Act 2022 looking for these possible events.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.