Daily Drop (615): RU: Zero-Day Market, AI Deepfakes Threaten Election, Ethical Hacking in Warfare: Red Cross, Starshield, RISC-V, iOS Zero-Day: 17.0.3, Russian Hacktivist, CN: WeChat
10-05-23
Thursday, Oct 05, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Russian Firm Disrupts Zero-Day Market with $20 Million Offer
Bottom Line Up Front (BLUF): "Operation Zero," a Russian company, is shaking up the zero-day exploit market by offering up to $20 million for vulnerabilities, a price significantly higher than the industry average. This move could indicate a shift in the valuation of these exploits and has potential implications for global cybersecurity dynamics.
Analyst Comments: Operation Zero's aggressive pricing strategy could be a game-changer in the zero-day exploit market. Their high offers might be a marketing strategy to gain attention or could reflect the increasing difficulty and value associated with hacking dominant mobile operating systems like iOS and Android. The company's focus on non-NATO countries and potential ties to ransomware groups could also indicate a strategic alignment with specific geopolitical objectives. As the demand for zero-day exploits grows, the global cybersecurity landscape will likely see increased competition, evolving strategies, and potential regulatory interventions.
FROM THE MEDIA: Typically, high-quality zero-day exploits for major mobile operating systems fetch between $1 million to $3 million. However, Operation Zero's offer starts at $200,000, with a ceiling of $20 million, suggesting that the company believes the zero-day market is undervalued. Founded in 2022, Operation Zero primarily caters to Russian and Middle Eastern entities, specifically excluding NATO countries. While governments have traditionally been the top bidders for zero-day exploits, wealthy ransomware groups, especially from Russia, are emerging as potential buyers. Some countries, like China, have even imposed regulations on the sale of zero-day exploits, further complicating the market dynamics.
READ THE STORY: CPO
AI Deepfakes Threaten Election Integrity: A Glimpse into the Future of Politics
Bottom Line Up Front (BLUF): The recent Slovakian elections witnessed a surge in AI-generated deepfakes, signaling a new era of disinformation in political campaigns. These manipulated recordings, which are becoming increasingly sophisticated and accessible, have the potential to significantly influence voter perceptions and election outcomes.
Analyst Comments: The use of AI deepfakes in Slovakia's elections serves as a cautionary tale for democracies worldwide. As AI tools become more affordable and user-friendly, the potential for their misuse in political campaigns grows. While experts have long warned about the potential of deepfakes to mislead voters, the reality is now upon us. The challenge for governments, tech companies, and civil society will be to develop effective countermeasures to detect and combat such disinformation. Additionally, educating the public about the existence and potential harm of deepfakes will be crucial in ensuring informed voting decisions.
FROM THE MEDIA: In the lead-up to Slovakia's elections, a conversation allegedly between Progressive Slovakia’s leader, Michal Simecka, and a journalist circulated, raising eyebrows due to its content and tone. However, AFP fact-checkers determined that the recording was a deepfake, synthesized by an AI tool trained on voice samples. This was among several such fakes that spread across social media platforms, including Facebook, Instagram, and YouTube. While the exact impact of these deepfakes on the election results remains uncertain, their presence underscores the evolving challenges in maintaining election integrity. Daniel Milo from the Slovak Interior Ministry highlighted the rapid advancements in deepfake technology, suggesting that distinguishing real from fake might soon become nearly impossible. Coupled with recent hacks targeting voter data globally, the threat to democratic processes is escalating.
READ THE STORY: Bloomberg
Ethical Hacking in Warfare: Red Cross Sets the Bar
Bottom Line Up Front (BLUF): The International Committee of the Red Cross (ICRC) has introduced ethical guidelines for hacktivists involved in armed conflicts, emphasizing the importance of adhering to humanitarian principles even in the digital realm.
Analyst Comments: The ICRC's initiative to introduce ethical guidelines for hacktivists is a commendable step towards regulating the digital battlefield. However, the practical implementation and adherence to these guidelines in real-world scenarios remain a significant challenge. The blurred boundaries in cyber warfare, coupled with the anonymity it offers, make accountability a complex issue. While the guidelines set a standard, the onus is on individual states and hacktivist groups to respect and uphold these principles. The evolving nature of cyber warfare necessitates continuous dialogue and collaboration among international entities to ensure that the digital realm does not become a lawless frontier.
FROM THE MEDIA: In a groundbreaking move, the ICRC has released a set of eight “humanitarian law-based rules” for civilian hackers, or hacktivists, who engage in digital operations during armed conflicts. While international humanitarian law doesn't outright prohibit hacking military targets, the ICRC stresses that those participating in such activities must respect basic humanitarian principles. The guidelines explicitly state that hacktivists should avoid targeting civilian objects or deploying malware that could harm both military and civilian infrastructures. Critical facilities like medical centers, drinking water systems, and hazardous plants are off-limits. Furthermore, hacktivists are urged not to threaten civilians or recruit other hackers for their cause.
READ THE STORY: The Record
SpaceX and Space Force Collaborate on Starshield Satellite Network
Bottom Line Up Front (BLUF): The U.S. Space Force has awarded SpaceX a $70 million contract for its new Starshield satellite service, marking a significant step in the military's push towards leveraging commercial space capabilities.
Analyst Comments: The collaboration between the Space Force and SpaceX signifies the U.S. military's recognition of the potential that commercial space capabilities hold for national security. By tapping into the advancements made by private entities like SpaceX, the Space Force can rapidly modernize and enhance its satellite network. However, the integration of commercial services into defense operations is not without challenges, as evident from the controversies surrounding SpaceX's decisions. It underscores the need for clear demarcations between civilian and military applications and the importance of transparency in such collaborations.
FROM THE MEDIA: The Space Force's recent partnership with SpaceX for the Starshield service is a testament to its commitment to integrating private-sector advancements into its space operations. This move is in line with the Space Force's strategy to transition from prolonged acquisition cycles to rapid commercial capabilities across various mission areas. Starshield, often likened to SpaceX's commercial Starlink network, consists of satellites positioned in low-Earth orbit (LEO). It is designed to offer a range of services, including high-speed broadband, space domain awareness, and alternative positioning, navigation, and timing. While Starlink primarily serves consumer and commercial needs and is recognized for having the largest satellite constellation globally, Starshield is tailored to support national security initiatives.
READ THE STORY: Air and Space
Samsung Partners with Tenstorrent for RISC-V Processor Production
Bottom Line Up Front (BLUF): Samsung and AI chip startup Tenstorrent have announced a partnership wherein Samsung's foundry will be used to manufacture Tenstorrent's next-generation products. This collaboration not only strengthens Tenstorrent's position in the AI hardware market but also indicates a significant move towards future RISC-V collaborations.
Analyst Comments: Samsung, a licensee of Arm processor designs (a RISC-V competitor), sees its collaboration with Tenstorrent as an opportunity to gain insights into the open processor design, potentially attracting more fabrication projects from other RISC-V entities. Given that Samsung's Arm-powered Exynos SoCs are commonly found in its budget-friendly smartphones, the company could benefit from RISC-V hardware that matches Arm's performance, thereby saving on licensing fees. With rumors of Arm contemplating higher licensing costs, this partnership with Tenstorrent could be a strategic move for Samsung.
FROM THE MEDIA: AI chip startup, Tenstorrent, announced its decision to utilize Samsung's foundry for manufacturing its upcoming products. Both companies have expressed enthusiasm about potential collaborations in the RISC-V domain. Tenstorrent's CEO, Jim Keller, praised Samsung Foundry's dedication to advancing semiconductor technology, stating that it aligns with Tenstorrent's vision for RISC-V and AI. On the other hand, the head of Samsung's US Foundry business emphasized that Samsung's advanced silicon manufacturing capabilities would bolster Tenstorrent's innovations in RISC-V and AI, particularly for datacenter and automotive solutions.
READ THE STORY: The Register
Chinese Cyberespionage Group Targets WeChat Users with LightSpy Malware
Bottom Line Up Front (BLUF): Chinese cyberespionage group APT41 has been linked to a surveillance toolkit named LightSpy, which targets WeChat users. The group has been using spam messages to lure users into downloading a malicious WeChat application from third-party app stores. The malware is capable of exfiltrating sensitive private information from victim devices.
Analyst Comments: APT41's use of LightSpy showcases the evolving tactics of state-sponsored hacking groups, emphasizing the increasing threat to mobile device security. The group's ability to target popular applications like WeChat indicates a strategic approach to reach a broader user base. Given the malware's capabilities, users are at risk of significant privacy breaches. The ongoing operations of such state-sponsored groups underline the importance of robust cybersecurity measures, especially for widely-used applications.
FROM THE MEDIA: Security researchers have identified a connection between the LightSpy surveillance toolkit and the Chinese state-sponsored hacking group APT41, also known as Wicked Panda. This group has been deploying the malware through spam messages, convincing users to download a malicious version of the WeChat application. LightSpy is designed to extract and send private information, including precise location data, payment details, call recordings, and chat archives, to its command and control server. The malware boasts multiple plugins that facilitate surveillance and data exfiltration. Historically, APT41 has been involved in web application attacks and software vulnerability exploitation. However, they have recently shifted their focus to developing malware tailored for mobile operating systems. The group's operations primarily target victims in the Asia-Pacific region.
READ THE STORY: BankInfoSec
Apple Addresses Actively Exploited iOS Zero-Day Vulnerability
Bottom Line Up Front (BLUF): Apple has released security patches to address an actively exploited zero-day flaw in its iOS and iPadOS systems. The vulnerability, identified as CVE-2023-42824, could allow local attackers to elevate their privileges on affected devices.
Analyst Comments: Apple's swift response to the discovery of the zero-day flaw underscores the company's commitment to user security. The active exploitation of such vulnerabilities in the wild raises concerns about the potential risks iOS users face. It's crucial for users to regularly update their devices to the latest software versions to ensure maximum security. The repeated discovery of zero-day vulnerabilities also highlights the evolving nature of cyber threats and the importance of continuous vigilance in the tech industry.
FROM THE MEDIA: On Wednesday, Apple announced the rollout of security patches to counter a new zero-day flaw that has been actively exploited in real-world scenarios. This kernel vulnerability, if exploited, could grant a local attacker elevated privileges on the device. Apple has taken measures to rectify the issue by implementing improved checks. The company has acknowledged potential active exploitation against versions prior to iOS 16.6. Alongside this, Apple's update also addresses another vulnerability, CVE-2023-5217, related to the WebRTC component. The patches, labeled iOS 17.0.3 and iPadOS 17.0.3, are now available for a range of devices, including iPhone XS and later, as well as several iPad models. This move by Apple marks the 17th time the company has addressed actively exploited zero-days since the beginning of the year. Notably, two weeks prior, Apple had released fixes for three other vulnerabilities, one of which was exploited by an Israeli spyware vendor, Cytrox, to target an Egyptian politician's iPhone.
READ THE STORY: THN
Russia's 2024 VPN Ban: A Renewed Push for Digital Control
Bottom Line Up Front (BLUF)Russian Hacktivist: Russia is set to prohibit VPNs in 2024, targeting platforms that allow access to banned content, especially Meta-operated social networks. While the ban is slated for March 1, 2024, its effectiveness remains uncertain given past unsuccessful attempts and the adaptability of VPN vendors.
Analyst Comments: The success of this ban hinges on Moscow's ability to enforce it more stringently than its past attempts. Given the adaptability and resilience of VPN vendors, they are likely to devise countermeasures, potentially leading to a digital arms race between the state and VPN operators. Furthermore, Russia's ties with China, which has a proven track record of detecting and blocking VPN-like tunneling tools, might play a crucial role. If Moscow can leverage Beijing's expertise, the ban might see higher success rates. However, the move is also likely to face international criticism and could further isolate Russia in the digital realm.
FROM THE MEDIA: Russia's intention to ban VPNs from the nation's app stores in 2024 is a clear move to strengthen its digital control and curb access to content deemed inappropriate by the government. A primary target is the social networks operated by Meta, which Russia labels as an extremist organization. Despite Moscow's previous efforts to clamp down on VPNs, especially during its invasion of Ukraine, Russian citizens have consistently turned to these platforms to bypass state censorship. The upcoming ban, if enforced effectively, could significantly impact the digital freedom of Russian netizens.
READ THE STORY: The Register
Decline in Global Internet Freedoms with AI's Rising Threat
Bottom Line Up Front (BLUF): Global internet freedoms experienced a decline last year, with the potential for further deterioration if artificial intelligence (AI) tools are misused in undemocratic ways, according to a report by the human rights advocacy organization, Freedom House.
Analyst Comments: The continuous decline in global internet freedoms is a pressing concern, especially with the integration of AI tools that can be easily manipulated for undemocratic purposes. The potential misuse of AI in restricting digital rights, as highlighted by the report, underscores the need for robust regulations and oversight. As AI continues to evolve, its ethical deployment becomes crucial to ensure that it serves as a tool for empowerment rather than oppression. The proposed European Union framework for AI governance, which aims to rank technologies based on risk and impose requirements accordingly, could serve as a model for other regions. The global community must prioritize the establishment of standards and regulations that ensure the responsible use of AI, preserving the fundamental rights of internet users worldwide.
FROM THE MEDIA: Freedom House's 13th annual "Freedom on the Net" report, which surveys digital rights across 70 countries, revealed a concerning trend of reduced internet freedom and openness worldwide. The study, covering June 2022 to May 2023, highlighted several alarming records, including 55 countries where individuals faced legal repercussions for their online speech and 41 countries that restricted access to websites hosting various forms of speech. China retained its position as the most restrictive country for internet freedoms for the ninth consecutive year, followed by Myanmar. The report emphasized the potential of AI to either enhance or harm digital rights. If misused, AI can amplify censorship, surveillance, and disinformation. However, if used ethically, AI can aid in countering disinformation, evading authoritarian censorship, and documenting human rights violations.
READ THE STORY: The Record
Russian Hacktivist Attacks: A Mix of PR Stunts and Serious Threats
Bottom Line Up Front (BLUF): Russian hacktivist groups, while sometimes appearing harmless, are causing significant disruptions in Ukraine and NATO countries, with experts warning of escalating threats.
Analyst Comments: The rise in hacktivist activities, especially from Russian groups, poses a significant threat to global cybersecurity. Their evolving tactics and increasing sophistication mean that organizations worldwide need to be more vigilant and prepared. The blending of political motivations with cyber capabilities can lead to unpredictable and potentially devastating outcomes. As these groups continue to evolve and grow in their ambitions, proactive cybersecurity measures and international cooperation will be crucial to counter these threats effectively.
FROM THE MEDIA: Russian hacktivism has surged since the onset of the Ukraine war. Groups led by KillNet, a prominent hacktivist group, have been targeting governments and corporations opposing Putin's invasion. While some of these attacks, like the takedown of the UK royal family's website, seem like mere PR stunts reminiscent of the Anonymous group's actions, experts caution that these groups are causing real harm and are planning more severe attacks. Michael McPherson, a former FBI veteran, highlighted that while some attacks are mere nuisances, others target critical infrastructure, such as hospital systems, which have more significant consequences. The Russia-Ukraine conflict has seen a prominent role of distributed denial-of-service (DDoS) attacks. As the war progressed, the responsibility seemed to shift from state-sponsored groups to hacktivist groups, making attribution more challenging.
READ THE STORY: DarkReading
North Korea Targets South Korean Shipbuilding Sector
Bottom Line Up Front (BLUF): South Korea's National Intelligence Service (NIS) has issued a warning about North Korea's cyberattacks on its shipbuilding industry, likely aimed at bolstering the North's naval military capabilities.
Analyst Comments: The cyberattacks on South Korea's shipbuilding sector highlight the persistent threat posed by North Korea in the cyber realm. The focus on shipbuilding indicates North Korea's strategic interest in strengthening its naval capabilities. Given the history of successful cyberattacks, South Korean industries, especially those of strategic importance, need to bolster their cybersecurity measures. The international community should remain vigilant and collaborate to counter such threats, ensuring that critical industries and infrastructure are safeguarded against potential cyberattacks.
FROM THE MEDIA: The NIS has recently reported that North Korea has been targeting South Korean shipbuilding companies. These cyberattacks, which took place in August and September, involved phishing emails sent to employees in the maritime sector and IT contractors. Clicking on these emails would deploy malicious code. The intelligence agency believes that these attacks are directed by North Korean leader Kim Jong-un, who is keen on gathering intelligence to aid his Navy in building medium to large ships. This comes after Kim Jong-un expressed his desire last month to modernize the Pukjung Machine Complex, a facility producing marine engines, and to change the direction of the shipbuilding industry. The NIS has alerted the concerned companies and anticipates continued attacks on shipbuilders and component manufacturers. It's worth noting that similar tactics were reportedly successful in 2017 when Daewoo Shipbuilding & Marine Engineering (DSME) allegedly suffered a theft of warship blueprints.
READ THE STORY: The Register
Items of interest
Delays in Analyzing 4.5-Billion-Year-Old Dust Samples Due to Abundance of Material
Bottom Line Up Front (BLUF): NASA's OSIRIS-REx spacecraft has brought back more asteroid samples than anticipated, causing a delay in sharing these ancient dust samples with researchers.
Analyst Comments: The successful return of asteroid samples by NASA's OSIRIS-REx marks a significant achievement in space exploration. The abundance of the collected material, while causing delays, provides researchers with a richer dataset to analyze. The findings from these samples could offer invaluable insights into the early solar system and the origins of life on Earth. As the analysis progresses, the scientific community and the world at large will keenly await the revelations these ancient samples might hold.
FROM THE MEDIA: Launched in 2016, NASA's OSIRIS-REx was designed to collect ancient rocks from the asteroid Bennu. The spacecraft, equipped with a robotic arm, successfully gathered regolith from Bennu's surface and stored it in its TAGSAM (Touch-and-Go Sample Acquisition Mechanism) head. The sample collection took place in 2020, and even then, mission control was aware that the spacecraft had gathered more than the targeted 60 grams of dust and rock due to a leak in the TAGSAM. The probe safely returned the samples to Earth, landing in Utah last month. However, the abundance of the material and dust on the capsule's exterior is complicating the unboxing process. Christopher Snead, deputy OSIRIS-REx curation lead, mentioned the challenge of having so much material that it's taking longer than expected to collect. Researchers are eager to analyze the samples, especially the dark particles sticking to the inside of the TAGSAM's canister lid and base.
READ THE STORY: The Register
The Ethics of Deepfakes: Implications for Society and Personal Privacy (Video)
FROM THE MEDIA: Watch a spacecraft deliver an asteroid sample to Earth! Our OSIRIS-REx (Origins, Spectral Interpretation, Resource Identification, and Security–Regolith Explorer) spacecraft is approaching Earth, and on Sept. 24, 2023, it will release its sample return capsule into the atmosphere on a path to land at the Department of Defense’s Utah Test and Training Range. The touchdown will mark the end of a seven-year journey to explore asteroid Bennu, collect a sample from its surface, and deliver it to Earth as the U.S’s first pristine asteroid sample. Scientists around the world will study the sample over the coming decades to learn about how our planet and solar system formed, as well as the origin of organics that may have led to life on Earth.
OSIRIS-REx & Asteroid Mining with Neil deGrasse Tyson & Natalie Starkey (Video)
FROM THE MEDIA: The popularity of ChatGPT has brought artificial intelligence (AI) to the forefront of public consciousness over the past few months, but what exactly are these tools, should regulators be concerned about them, and what expectations do people have about their regulation?
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.