Daily Drop (595): US: Releases Frozen Iranian Funds, AI: Finland's Prisons, Charming Kitten, AI: Air Traffic Management, China: Tech Vuln Reporting, China's Growing Influence, MGM Resorts, China: UK
09-12-23
Tuesday, Sep 12, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Biden Administration Releases Frozen Iranian Funds and Plans Prisoner Swap
Analyst Comments: The US's decision to release frozen Iranian funds and prisoners indicates a strategic move to de-escalate tensions and potentially pave the way for more constructive dialogue on the nuclear issue and other areas of contention. The transfer of US citizens from prison to house arrest in Iran further underscores the mutual interest in reducing hostilities. However, the criticism from Republican lawmakers highlights the complexities and potential risks associated with such diplomatic maneuvers.
FROM THE MEDIA: The Biden administration has informed Congress of its decision to release $6 billion in frozen Iranian funds and its intention to free five Iranian prisoners. This move is seen as an effort to reduce tensions between the US and Iran. Recently, Tehran shifted five US citizens from Evin prison to house arrest, initiating an arrangement that the US hopes will lead to progress in discussions about Iran's nuclear program and other contentious areas. The American citizens held in Iran could be repatriated to the US this month once the frozen Iranian oil revenue in South Korea is released. The US State Department confirmed the deal will also involve the release of five Iranian prisoners, but their identities remain undisclosed. US Secretary of State Antony Blinken has approved the transfer of funds from South Korea, with stipulations that Iran can only use the funds for humanitarian purposes. Since the US's withdrawal from the 2015 nuclear deal in 2018, Iran has been unable to access a significant portion of its oil funds held by foreign central banks.
READ THE STORY: FT
Airbus Faces Security Breach; Hacker Offers Vendor Details for Sale
Analyst Comments: The breach at Airbus underscores the vulnerabilities faced by major corporations, even those with presumably robust security measures. The use of an employee's credentials from a third-party vendor to gain access to Airbus' systems highlights the risks associated with interconnected business ecosystems. Companies need to be vigilant not only about their own cybersecurity but also about the security practices of their partners and vendors. The incident serves as a reminder of the importance of regular security audits, employee training, and the continuous monitoring of digital assets.
FROM THE MEDIA: Airbus, the European multinational aerospace corporation has reportedly been hacked by an individual using the pseudonym "USDoD." The hacker claims to have detailed information from an Airbus vendor database and has put it up for sale on a well-known clear web hacking forum. The posted data includes a sample that reveals details of several high-ranking executives from companies such as Thales Avionics, Aerolux, and individuals associated with Bournemouth International Airport. The information encompasses names, addresses, full contact details, titles, and coverage areas like Asia-Pacific or Europe, the Middle-East, and Africa.
READ THE STORY: CyberSecurityConnect
Google Addresses Critical Chrome Vulnerability
Analyst Comments: This recent vulnerability is one of four zero-days that Google has addressed in Chrome since the beginning of the year. On the same day, Apple also released fixes for CVE-2023-41064, a buffer overflow issue in the Image I/O component, affecting various devices and operating systems. The Citizen Lab has linked CVE-2023-41064 with another vulnerability, CVE-2023-41061, as part of a zero-click iMessage exploit chain named BLASTPASS, which was used to deploy the Pegasus spyware on fully-patched iPhones running iOS 16.6. The simultaneous reporting of CVE-2023-4863 by Apple and the Citizen Lab, combined with the focus on image processing in both vulnerabilities, suggests a potential link between them. Users are strongly advised to update their Chrome browser to version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux. Those using Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also apply the patches as they become available.
FROM THE MEDIA: On September 12, 2023, Google urgently released out-of-band security patches to rectify a critical vulnerability in its Chrome web browser, which has been actively exploited. Identified as CVE-2023-4863, this flaw is a heap buffer overflow located in the WebP image format, potentially leading to arbitrary code execution or crashes. The vulnerability was discovered and reported by Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto's Munk School on September 6, 2023. While Google has not provided extensive details about the exploit, it has confirmed the existence of an exploit for CVE-2023-4863 in the wild.
READ THE STORY: THN
Inmates in Finland's Prisons Turn to Data Labeling for Artificial Intelligence
Analyst Comments: The integration of AI training within the Finnish prison system presents a complex issue. On one hand, it offers inmates an opportunity to engage in modern, digital work, potentially equipping them with skills relevant to the evolving job market. The initiative also addresses a unique challenge faced by companies like Metroc, which require native Finnish speakers for data labeling in a high-wage economy. On the other hand, the low pay and the nature of the work raise ethical concerns. The broader global trend of seeking cheap labor for AI training, often from vulnerable populations, underscores the potential for exploitation. The Finnish model, with its focus on rehabilitation and voluntary participation, may not be easily replicated in countries with different prison systems and values.
FROM THE MEDIA: In Finland, a unique labor force is emerging within the prison system to train artificial intelligence (AI) models. Metroc, a Finnish startup, has tapped into this workforce to train its large language model designed to assist construction companies in identifying new building projects. The inmates, like "Marmalade," a pseudonym for a female prisoner, are paid €1.54 ($1.67) an hour to label data, helping the AI discern information from news articles and official documents about upcoming construction ventures. Typically, such "clickworkers" are based in countries where labor is cheap. However, the need for native Finnish speakers led Metroc to this innovative solution. The initiative has garnered support in Finland, with proponents highlighting its potential benefits for inmates in terms of skill acquisition and cognitive stimulation.
READ THE STORY: Wired
Potential Phone Breach in Israeli Opposition Party
Analyst Comments: The increasing frequency of digital breaches, especially within political circles, is a pressing concern. The temporary blocking of WhatsApp accounts of prominent political figures in Israel underscores the vulnerabilities even high-profile individuals face in the digital realm. The historical context, with Benny Gantz's phone reportedly being hacked by Iran, adds another layer of complexity to the situation. The use of spyware, particularly targeting communication apps, is a growing threat, and the incident serves as a stark reminder of the need for robust cybersecurity measures and vigilance.
FROM THE MEDIA: Israel's security agency is currently probing into a possible phone breach involving opposition party lawmakers. This investigation was triggered after 15 members of the Yesh Atid political party, inclusive of the Israeli opposition leader Yair Lapid, experienced a temporary blockage of their WhatsApp accounts. This incident, which lasted approximately three hours, raised alarms about potential phone hacking. The party promptly reported the matter to the security service. Some of the affected politicians are candidates in the forthcoming local council elections. This isn't the inaugural instance of phone hacking suspicions within the Israeli government. Back in 2019, Benny Gantz, an opposition politician, allegedly had his phone hacked by Iran. Furthermore, Prime Minister Benjamin Netanyahu and his party were accused of leaking this information for campaign purposes. The security agency highlighted Iran's digital activities as attempts "to divide Israeli society and destabilize it."
READ THE STORY: The Record
Iran-linked Group Targets Entities in Brazil, Israel, and the U.A.E.
Analyst Comments: Charming Kitten's evolution in cyber espionage is evident from their meticulous and strategic approach to identifying and exploiting vulnerabilities, especially in internet-exposed Microsoft Exchange servers. The introduction of the "Sponsor" backdoor marks a significant advancement in their arsenal, given its stealthy design and capabilities. The group's focus on sectors like education, government, and healthcare, and their interest in human rights activists and journalists, underscores their intent, which likely aligns with broader geopolitical objectives.
FROM THE MEDIA: The Iran-affiliated Advanced Persistent Threat (APT) group, Charming Kitten, has been identified as the perpetrator behind a series of cyberattacks targeting various entities across Brazil, Israel, and the United Arab Emirates. This group, which has been under the surveillance of major cybersecurity firms since at least 2011, has historically targeted journalists, activists, and organizations across the Middle East, the US, the UK, and other nations. The recent wave of attacks, as observed by ESET, is part of the "Ballistic Bobcat" campaign, which introduced a previously undocumented backdoor named "Sponsor". This backdoor, sophisticatedly crafted in C++, is capable of collecting host data, processing information, and executing commands as directed by its operators.
READ THE STORY: THN // Security Affairs
UK's Project Bluebird Explores AI's Potential in Air Traffic Management
Analyst Comments: The integration of AI into air traffic control holds significant promise. The "digital twin" model offers a glimpse into a future where flight movements might be managed more efficiently, reducing the environmental impact of aviation and potentially decreasing delays and congestion at major airports. The focus on AI comes at a time when there's a notable shortage of air traffic controllers, who typically undergo a three-year training period. The data-driven approach, leveraging NATS' extensive database of past flight records, provides a robust foundation for training the AI system. The project's ambitious goal is to conduct live 'shadow trials' by 2026, where AI agents will be tested on real-time air traffic data, offering a direct comparison with human decision-making. However, it's crucial to note that, even if successful, the transition to an AI-controlled system will be gradual, with AI first working alongside human controllers before any consideration of full automation.
FROM THE MEDIA: UK researchers have embarked on an ambitious journey to integrate artificial intelligence (AI) into air traffic control. A computer model termed the "digital twin," has been developed to simulate all flight movements over England, entirely directed by AI. This initiative is a part of the £15mn 'Project Bluebird', a collaborative effort involving the National Air Traffic Services (NATS), the Alan Turing Institute, and Exeter University. The project is funded by UK Research and Innovation, a government agency. The primary objective is to ascertain the extent to which AI can assist or even replace human air traffic controllers in the future.
READ THE STORY: FT
China's New Law Requires Tech Companies to Reveal Vulnerabilities, Potentially Aiding State-Sponsored Hacking
Analyst Comments: China's approach to obtaining vulnerability information is unique and potentially game-changing. While other nations rely on discovering vulnerabilities or purchasing them from the hacker gray market, China's law essentially mandates tech companies to hand over this information. The Atlantic Council's report on this law highlights the intricate path this vulnerability information takes once it's in the hands of the Chinese government. Notably, the data is shared with entities like the Beijing bureau of China's Ministry of State Security, which has been responsible for numerous state-sponsored hacking operations. The law's two-day disclosure deadline poses a significant challenge for tech companies. Patching vulnerabilities typically takes longer than this timeframe, forcing companies to decide between leaving the Chinese market or potentially aiding the Chinese government in hacking endeavors.
FROM THE MEDIA: In a strategic move to gain an upper hand in the realm of cybersecurity, China has implemented a law over the past two years that mandates network technology businesses operating within its borders to disclose hackable flaws in their products. This law requires tech companies to report any discovered vulnerabilities to the Chinese government agency, the Ministry of Industry and Information Technology, within two days. The agency then adds this information to a database known as the National Vulnerability Database. Recent investigations suggest that this information is subsequently shared with various Chinese government bodies, some of which are known for their aggressive state-sponsored hacking operations.
READ THE STORY: Wired
Rising Dragon: Public Perceptions of China's Growing Influence
Analyst Comments: The findings of the report underscore the changing dynamics of global power and influence, with China emerging as a significant player on the world stage. The positive perception of China among younger respondents suggests a generational shift in geopolitical views, which could have implications for future policy decisions and international relations. The strong support for NATO and Ukraine's inclusion indicates a desire for stability and unity among the surveyed nations, even as they grapple with the challenges posed by a resurgent China. The report serves as a crucial barometer for governments, signaling the need to adapt their strategies to align with the changing world order and the evolving perceptions of their citizens.
FROM THE MEDIA: The German Marshall Fund's 2023 Transatlantic Trends report, based on a survey spanning 14 nations across Europe and North America, reveals that while climate change and immigration remain the primary security concerns for these regions, China's global influence is rapidly on the rise. The survey indicates that China is expected to rival the U.S. in global influence in the near future. Despite the geopolitical shifts, there remains strong public support for NATO and for Ukraine's inclusion in both the transatlantic alliance and the European Union. Interestingly, the public sentiment leans towards increased cooperation with China, especially in sectors like trade, energy, and technology. Younger respondents, in particular, tend to view China's influence in a more positive light compared to older generations.
READ THE STORY: VOA
Vietnamese Hackers Exploit Facebook Messenger
Analyst Comments: One of the notable tactics employed by the attackers is the deletion of all cookies after they have been stolen. This action logs victims out of their accounts, allowing the attackers to use the stolen cookies to hijack sessions, change passwords, and gain control of the accounts. The campaign's Vietnamese origin is evident from the presence of Vietnamese language references in the Python stealer's source code and the inclusion of Cốc Cốc, a popular Chromium-based browser in Vietnam. Despite the multi-step infection process requiring user interaction, Guardio Labs has observed a high success rate for this campaign. Over the past 30 days, an estimated 1 out of 250 victims have been infected. The majority of these compromises have been reported in countries including the U.S., Australia, Canada, France, Germany, Indonesia, Japan, Nepal, Spain, the Philippines, and Vietnam.
FROM THE MEDIA: A recent phishing campaign has been discovered that utilizes Facebook Messenger to disseminate malicious attachments. Originating from a Vietnamese group, this attack, named "MrTonyScam," aims to compromise target Business accounts. The campaign involves sending potential victims messages containing RAR and ZIP archive attachments. When these attachments are accessed, they deploy a dropper that retrieves the next-stage payload from a GitHub or GitLab repository. This payload is another archive containing a CMD file, which subsequently releases an obfuscated Python-based stealer. This stealer exfiltrates all cookies and login credentials from various web browsers, sending them to a Telegram or Discord API endpoint controlled by the attackers.
READ THE STORY: THN
MGM Resorts Faces Cyberattack
Analyst Comments: This is not MGM's first encounter with cyber threats. In December, the company's online sports betting platform, BetMGM, reported a breach that compromised the personal and financial information of an unspecified number of customers. Furthermore, in 2020, the personal data of 10.6 million MGM Resorts guests was leaked on a hacking forum. Hotels and casinos are attractive targets for hackers due to the vast amounts of financial data they possess. Several state-sponsored cyber-espionage groups, such as DarkHotel, APT28, and the Rana Group, specialize in cyberattacks targeting hotels globally. Another group, "FamousSparrow," has been linked to attacks on hotels in multiple countries. MGM's recent cyberattack underscores the vulnerability of the hospitality sector, with other major hotel chains like Marriott and Meliá Hotels International also having faced significant cyberattacks in the past.
FROM THE MEDIA: MGM Resorts has temporarily taken some of its online systems offline following a cyberattack detected on Monday. While the company has not officially commented on the incident, sources have reported that slot machines and ATMs at MGM's Las Vegas casinos were non-operational. Additionally, the company's website is currently inaccessible, replaced by a temporary page directing customers to contact numbers for various cities. In a statement released on Twitter, MGM Resorts acknowledged the cybersecurity issue, stating that they promptly initiated an investigation with the help of external cybersecurity experts. They also informed law enforcement and took measures to safeguard their systems and data. Local news in Las Vegas has reported that computer systems at MGM-owned hotels, including the Bellagio Hotel, are down and are currently unable to process credit card transactions. Reports of similar issues have also emerged from guests at MGM hotels outside of Las Vegas.
READ THE STORY: The Record
Altman's Visa Recognizes Potential for Inbound Investment and AI Development in Indonesia
Analyst Comments: The granting of the golden visa to Sam Altman signifies Indonesia's commitment to fostering technological advancements, particularly in the realm of artificial intelligence. By attracting global tech leaders like Altman, Indonesia aims to position itself as a hub for AI innovation and development. The golden visa initiative, similar to programs in other countries, is a strategic move to attract foreign investment and expertise. The collaboration between OpenAI and Indonesia could potentially lead to significant advancements in AI applications tailored to the local context, benefiting both the tech industry and the broader Indonesian community.
FROM THE MEDIA: Sam Altman, the CEO of OpenAI, has been awarded Indonesia's inaugural golden visa, allowing him to reside in the country for up to a decade. This visa is in acknowledgment of his potential to drive inbound investment to Indonesia. The government expects Altman to contribute significantly to the advancement of artificial intelligence within the nation. Silmy Karim, Indonesia's director-general of immigration, mentioned that golden visas are available in various categories, including capital investment. This visa is specifically designed for internationally recognized individuals who can offer substantial benefits to Indonesia. The law, which was only recently enacted on August 30, mandates an investment ranging from $350,000 to $50 million. The magnitude of the investment determines the visa's duration.
READ THE STORY: The Register
UK's approach to China under scrutiny as MPs question their safety
Analyst Comments: One of the primary concerns for many China-sceptic MPs is the potential implications of the alleged espionage on their safety and the safety of activists who criticize Beijing and might have interacted with the suspected spy. James Cleverly, the foreign secretary, is under particular scrutiny. He had publicly redefined the UK's foreign policy on China in a speech in April, shortly after the alleged spy's arrest. Cleverly emphasized the need for the UK to engage with China both robustly and constructively, refraining from labeling Beijing as a "threat", "partner", or "adversary". The UK's engagement with China was further amplified in May when investment minister Lord Dominic Johnson visited Hong Kong, marking the first formal visit by a senior British official to the region in five years. This visit, aimed at strengthening business ties, was met with criticism, especially since it followed Beijing's crackdown on protests in Hong Kong in 2020.
FROM THE MEDIA: The arrest of a British parliamentary researcher in March on suspicions of spying for Beijing has intensified debates around the UK's stance on China. Over the past six months, there have been efforts to warm the strained relations between the UK and China, marked by several high-level meetings between senior officials from both nations. This thawing of relations has been met with criticism from hawkish Conservative MPs. The recent disclosure of the alleged security breach in the House of Commons has further alarmed even the moderate Sino-sceptics in the parliament. The government is now facing inquiries from MPs about the extent of knowledge and timing of the arrest among ministers, and how this incident might have influenced the UK's foreign policy towards China. Critics argue that the UK's approach to China is overly lenient, while ministers maintain that they are striking a balance between economic interests and security concerns.
READ THE STORY: FT
Morgan Stanley Values Tesla's Supercomputer at up to $500B
Analyst Comments: The financial giant's perspective underscores the evolving debate about Tesla's identity: Is it primarily an automaker or a tech company? Morgan Stanley's note suggests that it's a blend of both, with the most significant value driver being software and services revenue. The potential of Dojo to revolutionize devices with real-time decision-making capabilities based on visual input is immense. This could open up vast markets beyond the automotive sector. Morgan Stanley's increased target price for Tesla shares, from $250 to $400, reflects this optimism.
FROM THE MEDIA: Morgan Stanley Research has projected that Tesla's upcoming Dojo supercomputer could potentially add up to $500 billion to the company's current valuation of $875 billion. The financial institution is optimistic about Dojo, especially given Tesla's development of custom silicon for the supercomputer, which they believe could have applications beyond just the development of full-self driving (FSD) capabilities. The debate on whether Tesla is primarily an auto company or a tech company has been ongoing. However, Morgan Stanley's stance is that Tesla embodies both, with the most significant value driver being software and services revenue. The note from Morgan Stanley suggests that if Dojo can enable cars to "see" and "react", it could open up opportunities for any device with a camera that makes real-time decisions based on its visual field. Tesla's Dojo supercomputer, developed in-house at a potential cost of over $1 billion, is distinct from general-purpose AI accelerators designed by companies like Nvidia, AMD, and Intel. Instead, the entire system, including computing, networking, IO, and even the instruction set, is tailored to process vast amounts of telemetry from Tesla vehicles' sensors and cameras.
READ THE STORY: The Register
Items of interest
Spyware-Infected Apps Target Chinese-Speaking Users
Analyst Comments: The rise of fake apps on official app stores is a concerning trend in the cybersecurity landscape. These malicious apps not only compromise user data but also erode trust in official platforms like Google Play. The fact that these apps were downloaded thousands of times before their removal underscores the challenges faced by app stores in identifying and removing harmful apps promptly. The targeting of Chinese-speaking users, especially the Uyghur community, is also noteworthy, given the ongoing political tensions and human rights concerns in the region.
FROM THE MEDIA: Google Play recently took down a series of malicious Telegram clone apps after a cybersecurity report highlighted their nefarious activities. These apps primarily targeted Chinese-speaking users, embedding spyware that could harvest information about the users and their contacts. Kaspersky, the cybersecurity firm that identified this campaign, noted that some of these apps had been downloaded as many as 10,000 times before their removal. These malicious versions of Telegram were promoted as a "faster" alternative to the original app. They were designed to look identical to the genuine Telegram app, but their underlying code had added features intended for data theft. The apps' descriptions were available in traditional Chinese, simplified Chinese, and the Uyghur language, suggesting that the primary targets were users from China.
READ THE STORY: The Record
Chinese spying: A ‘systemic threat’ to the UK (Video)
FROM THE MEDIA: The British government's position on China has evolved from viewing China as a "systemic threat" to adopting a more diluted stance. The Foreign Secretary's recent visit to China, where he seemed to be seeking business opportunities, has been criticized.
How China spies on and harasses its citizens abroad (Video)
FROM THE MEDIA: China is reportedly operating its own police facilities in other European countries, including the Netherlands. Officially, the "service centers" provide diplomatic support, but others say that they're being used to hunt down dissidents.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.