Discover more from Bob’s Newsletter
Daily Drop (604): China's Cyber Op's: Africa, Taiwan: Cyber, Sandman APT: Telcom, Neuralink: Animal Testing, Nova Scotia: MOVEit, P2PInfect Malware, Forest Xeons: 288 Cores, 95% of NFT: Worthless
China's Cyber Operations in Africa: A Soft Power Strategy
Analyst Comments: By targeting key sectors, China is not only gaining a competitive edge but also positioning itself in areas of strategic importance to its geopolitical goals. The activities are sophisticated, indicating a high level of planning and specific objectives. Africa's cybersecurity infrastructure is lagging, making it a vulnerable target for such advanced cyber activities. The report should serve as a wake-up call for African nations to bolster their cybersecurity measures. It also highlights the need for international cooperation to counter these threats effectively. The recent initiative by the Economic Community of West African States (ECOWAS) to advance cybersecurity is a step in the right direction but needs to be part of a broader, continent-wide strategy.
FROM THE MEDIA: A new report from cybersecurity firm SentinelOne reveals that China's cyber operations in Africa are closely aligned with its broader soft power and technological agenda in the region. The report identifies three significant sets of cyber activities that exemplify China's interests in Africa. These include Operation Tainted Love, which targets telecommunications providers; APT group BackdoorDiplomacy, which focuses on governmental organizations; and a broader set of campaigns that show interest in the African Union's intelligence. These cyber activities aim to extend China's influence in critical areas such as telecommunications, financial institutions, and governmental bodies.
READ THE STORY: CSO Online
CISA's Catalog of Must-Patch Vulnerabilities Crosses the 1,000 Bug Mark After 2 Years
Analyst Comments: The KEV catalog serves as an essential tool for cybersecurity professionals to prioritize vulnerabilities that need immediate attention. The fact that it has crossed the 1,000-bug mark indicates the growing complexity and volume of cybersecurity threats. The catalog's impact, as evidenced by the significant decrease in the percentage of KEVs exposed for extended periods, shows its effectiveness. However, as the list continues to grow, there may be a need for further refinement to help budget-strapped cybersecurity experts prioritize issues. CISA's plans for future improvements aim to address these challenges.
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) recently added the 1,000th bug to its Known Exploited Vulnerability (KEV) catalog. Created in 2021, the KEV catalog has become a crucial resource for identifying vulnerabilities that are actively being exploited by hackers globally. The list was initiated due to the overwhelming number of vulnerabilities—over 25,000 new bugs were released in 2022 alone—that defenders need to patch. CISA officials stated that federal civilian agencies have remediated more than 12 million KEV findings, including over 7 million this year. The list has led to a 72% decrease in the percentage of KEVs exposed for 45 or more days among federal agencies. State, local, tribal, and territorial governments have also seen a 31% decrease in the percentage of KEVs exposed for 45 or more days.
READ THE STORY: The Record
Sandman APT: A New Threat Actor Targeting Telecom Sectors
Analyst Comments: The emergence of Sandman adds another layer of complexity to the cybersecurity landscape, particularly for telecom companies that are already popular targets for cyber-espionage. The use of LuaJIT in the malware is unusual and indicates a high level of sophistication, possibly hinting at the involvement of a third-party security vendor. The modular nature of LuaDream allows for a range of functionalities, making it a versatile tool for cyber-espionage. Telecom companies need to be extra vigilant, given that the group aims to be as unobtrusive as possible, making detection challenging. The focus on telecom sectors across diverse geographical regions suggests that the group has broad cyber-espionage objectives.
FROM THE MEDIA: A new Advanced Persistent Threat (APT) group named "Sandman" has emerged, targeting telecom companies across the Middle East, Western Europe, and South Asia. The group uses a unique backdoor malware called "LuaDream," which is highly modular and built using LuaJIT, a just-in-time compiler for the Lua programming language. Researchers at SentinelOne have been tracking the malware and note that it has a range of functions, including stealing system and user information and enabling future attacks. The group's focus is on laying low and conducting reconnaissance on compromised networks, particularly targeting managerial positions. The malware is suspected to be a variant of another tool called "DreamLand," which was previously observed targeting a Pakistani government agency.
How Increasing Cyber Attacks on Taiwan Could Disrupt Global Businesses and Supply Chains
Analyst Comments: The critical role Taiwan plays in the global supply chain, especially in the semiconductor industry, is underscored. Increasing cyber-attacks on Taiwan are not just a regional issue but a global concern that could disrupt businesses worldwide. These attacks are part of broader trends in cybercrime, which is becoming a high-growth and lucrative industry. The situation is made even more precarious by the ongoing global chip shortage and the Covid-19 pandemic, which have already strained supply chains. Businesses need to heed advice about diversifying supply chains and investing in advanced monitoring techniques. Taiwan's efforts to bolster its cybersecurity are commendable, but the global community must also take steps to mitigate the risks emanating from these cyber threats.
FROM THE MEDIA: Increasing cyber threats against Taiwan, particularly from China, have global implications, especially given Taiwan's significant role in the semiconductor industry. Taiwan produces 90% of the world's advanced microchips used in various sectors. It is the target of 15,000 cyber attacks every second, affecting primarily its manufacturing, IT, and logistics sectors. These attacks have seen an 80% increase in the first half of 2023 compared to the same period in 2022. Disruptions in Taiwan's semiconductor supply could have a ripple effect, affecting global businesses and supply chains. Suggestions for businesses to mitigate these risks include diversifying their suppliers and investing in AI-driven solutions.
READ THE STORY: Raconteur
EU Chips Act: A Strategic Move for Semiconductor Resilience
Analyst Comments: The EU Chips Act is a significant move to secure the European Union's semiconductor supply chain, especially in the context of ongoing global chip shortages. By investing in research, innovation, and new facilities, the EU aims to become self-reliant in semiconductor production. This act is not just about economic growth; it's also about geopolitical stability, given the critical role semiconductors play in various sectors. The act also comes at a time when other nations, including the US, UK, China, Taiwan, South Korea, and Japan, are making similar efforts to strengthen their domestic semiconductor industries. The coordinated mechanism to monitor supply and demand is particularly noteworthy, as it allows for crisis intervention, making the EU more agile in responding to supply chain disruptions.
FROM THE MEDIA: The European Union has enacted the EU Chips Act to bolster its semiconductor supply chain resilience and aims to double its global market share to 20% by 2030. The act is built on three pillars: a Chips for Europe Initiative to promote advanced semiconductor technologies, efforts to attract new investments by fast-tracking permits for new facilities, and a coordinated mechanism between EU member states and the European Commission to monitor semiconductor supply and demand. The EU is investing $3.6 billion to support the act and aims to attract an additional $43.7 billion in private investment.
READ THE STORY: ComputerWorld
A Surge in P2PInfect Malware Activity Raises Alarm Bell
Analyst Comments: The rapid increase in P2PInfect's activity and its high development cadence indicate that its developers are committed to expanding its capabilities. The malware's ability to compromise poorly secured Redis instances poses a significant risk, especially given its rapid spread across multiple countries. The addition of new features like a persistence mechanism makes it even more dangerous. Organizations, particularly those using Redis, should be vigilant and take necessary precautions to secure their systems against this evolving threat. The unclear goals of the malware also suggest that it could be used for various malicious activities in the future, making it a significant cybersecurity concern.
FROM THE MEDIA: The peer-to-peer (P2P) worm known as P2PInfect has seen a significant surge in activity, with a 600x increase between September 12 and 19, 2023. The malware primarily targets poorly secured Redis instances and has been reported in multiple countries including China, the U.S., Germany, the U.K., Singapore, Hong Kong, and Japan. Researchers from Cado Security have noted that the malware's developers are operating at a high development cadence, releasing multiple variants. P2PInfect uses Redis's SLAVEOF command for initial access and delivers a malicious Redis module to run its main payload. The malware also has new features like a persistence mechanism and the ability to overwrite SSH authorized_keys files. Despite its growing sophistication, the exact goals of P2PInfect remain unclear.
READ THE STORY: THN
Neuralink's Animal Testing Controversy: A Closer Look at the Ethical and Legal Implications
Analyst Comments: The WIRED article paints a grim picture of Neuralink's animal testing procedures, contradicting Elon Musk's public statements about the health and treatment of the test monkeys. The allegations, if proven true, could have significant legal repercussions for Musk and Neuralink, especially considering the company's ambitious goals to develop brain-computer interfaces for humans. The SEC's involvement could add another layer of scrutiny, potentially affecting Neuralink's ability to attract investors. Moreover, the ethical concerns raised could harm the company's reputation and delay its research and development timelines. Given that Neuralink recently received FDA approval for human trials, the controversy comes at a critical juncture for the company. Both investors and the public should closely monitor the outcomes of the ongoing investigations to better understand the risks associated with Neuralink's technologies and practices.
FROM THE MEDIA: A recent WIRED investigation has raised serious ethical and legal questions about Elon Musk's biotech startup, Neuralink, and its treatment of primate test subjects. The article reports that contrary to Musk's claims, monkeys used in Neuralink's experiments were not terminally ill and died due to complications from the implant procedures. The Physicians Committee for Responsible Medicine has called on the U.S. Securities and Exchange Commission (SEC) to investigate Musk's statements, alleging that they are misleading and could constitute securities fraud. The article also reveals that Neuralink is already under multiple federal investigations related to its animal testing practices.
READ THE STORY: Wired
Nova Scotia Completes Notification Process for MOVEit Data Breach Victims
Analyst Comments: The Nova Scotia government's announcement marks the conclusion of a critical phase in managing the MOVEit data breach, one of several such incidents affecting millions globally this year. The time taken to analyze the stolen data and notify the victims highlights the challenges governments face in responding to cyber incidents. The allocation of funds for credit monitoring services is a positive step, but it also underscores the financial burden that such breaches impose on public resources. The incident serves as a cautionary tale for other organizations using MOVEit or similar file-transfer tools, especially given that the Clop ransomware gang has taken credit for multiple attacks exploiting vulnerabilities in MOVEit. It also raises questions about the efficacy of current cybersecurity measures in protecting sensitive data.
FROM THE MEDIA: The government of Nova Scotia has completed the process of notifying more than 165,000 individuals affected by a data breach involving the MOVEit file-transfer software. The province is allocating CA$2.85 million (approximately $2.16 million USD) for credit monitoring services for the victims. The breach, initially reported on June 4, exposed sensitive personal information, including social insurance numbers and banking details, of 118,000 people. An additional 47,000 people had "less sensitive" information compromised. So far, about 29,000 individuals have signed up for the free credit monitoring services.
READ THE STORY: The Record
Intel's Sierra Forest Xeons to Feature 288 Cores, Doubling Initial Estimates
Analyst Comments: Intel's announcement about the Sierra Forest Xeons is significant, as it shows the company's aggressive push to compete with AMD and Ampere in the high-core-count CPU market. The decision to not support SMT and certain advanced features could be seen as a limitation, but Intel claims that the chip will deliver 250 percent higher performance-per-watt compared to its current generation Sapphire Rapids Xeons. The company is also working on the chip's successor, code-named Clearwater Forest, which will use Intel's new 18A – 2nm – process tech. While Intel may take the lead in core count, it remains to be seen how these chips will perform in real-world applications and how they will compete with existing and upcoming products from AMD and Ampere.
FROM THE MEDIA: Intel has updated its plans for the upcoming "Sierra Forest" Xeon processors, now stating that the chips will feature 288 cores, twice as many as initially disclosed. These chips will be launched in the first half of 2024 and will be the first to use Intel's 3nm process node. The architecture will include two compute tiles, bringing the total core count to 288, and will support 12 channels of DDR5 or high-speed MCR DRAM DIMMs. However, the E-cores in Sierra Forest will not support simultaneous multi-threading (SMT) or hyperthreading, and will lack several features like Intel's Advanced Matrix Extensions for AI acceleration and AVX512 support.
READ THE STORY: The Register
Lawsuit Targets Google Maps Over Tragic Incident of Misdirection
Analyst Comments: This tragic incident puts Google Maps under scrutiny for the potential inaccuracies and outdated information it might contain. It brings up concerns about the reliability and safety of navigation apps, which have become essential tools for many people. The case also raises questions about the responsibility tech companies should bear in ensuring that their platforms provide accurate, up-to-date information that doesn't put lives at risk. While the lawsuit is specific to this tragic case, its implications could resonate more widely, potentially prompting changes in how navigation services manage and update their data. For Google and similar services, the incident serves as a grave reminder that their platforms have real-world consequences and that constant vigilance is needed to ensure the safety and accuracy of the information they provide.
FROM THE MEDIA: A lawsuit has been filed against Google in North Carolina following the death of Philip Paxson, a 47-year-old father of two, who drove off a collapsed bridge while navigating with Google Maps. The incident happened in September 2022 in the city of Hickory. The bridge had been out since 2013 but was still shown as a passable route on Google Maps. The lawsuit accuses Google of gross negligence for failing to update its mapping data despite receiving notifications about the collapsed bridge. The lawsuit also implicates other entities responsible for the land where the bridge is located, accusing them of gross negligence as well. Google has expressed sympathies for the family and said it is reviewing the lawsuit.
READ THE STORY: The Register
Items of interest
95% of NFTs now totally worthless, say researchers
Analyst Comments: The dappGambl study sheds light on some concerning trends in the NFT market, supporting a growing sentiment that the space is highly speculative and volatile. The report's finding that a majority of NFT collections are essentially worthless could signify a significant market correction or even a bursting bubble. Additionally, the study brings to the fore the ethical and environmental considerations associated with NFT minting, adding another layer of complexity to the debate on the long-term viability of NFTs. However, it's important to remember that the NFT market is still relatively young and could evolve in ways that address some of these concerns. The recommendation to focus on utility-driven NFTs might align the market more closely with genuine value, offering a potential pathway out of the current predicament.
FROM THE MEDIA: A recent study conducted by crypto gambling website dappGambl has raised alarms about the current state of the non-fungible token (NFT) market. According to the research, 95% of NFT collections have a market cap of zero Ether, essentially deeming them worthless investments. Moreover, the report finds that only 21% of the collections are fully sold, indicating a surplus of unsold NFTs. High-profile collections are not immune to this trend and are struggling to maintain demand. On top of these concerns, the report also highlights the environmental costs of minting NFTs, equivalent to the yearly emissions of thousands of homes and cars. dappGambl suggests that the way forward may lie in focusing on NFTs with real utility, such as in-game assets or event access tokens.
READ THE STORY: The Register
NFTs Are DEAD... (Video)
FROM THE MEDIA: So the NFT market is down bad, but what's next? Here is what I'll be doing.
Why NFTs Deserved To Die (Video)
FROM THE MEDIA: “Long overdue, I’m finally taking a look at the weird, cringey and scummy world of Non-Fungible Tokens. And I have such sights to show you.”
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at firstname.lastname@example.org.