Daily Drop (679): US: GPS Updates, CA: CN Interference, EU: AI ACT, CN: Zhuque-2 Y-3, FBI: SEC, Ghana: Starlink, GuLoader, FDA: Crispr, 5Ghoul, FSB: Hack and Leak, RU: TRASSIR, Qlik Sense data
12-09-23
Saturday, Dec 09, 2023 // (IG): BB // ShadowNews // Coffee for Bob
U.S. GPS Modernization in Question: Concerns Over Competitiveness
Bottom Line Up Front (BLUF): Members of the National Space-Based Positioning, Navigation, and Timing Advisory Board have expressed concerns about the U.S. commitment to GPS modernization, highlighting the risks of falling behind European and Chinese satellite navigation systems. Issues include lack of funding for High Accuracy and Robustness Service (HARS), insufficient satellites broadcasting the L5 GPS signal, and organizational challenges within the U.S. Space Force.
Analyst Comments: The unease expressed by the PNT Advisory Board reflects broader concerns about the U.S.'s technological competitiveness, especially in the realm of satellite navigation—a field where GPS has traditionally been a leader. GPS, which serves over six billion users globally, is facing growing competition from European Galileo and Chinese Beidou systems. The board's apprehensions are rooted in both technological and organizational aspects of GPS modernization. Technologically, the U.S. is challenged to enhance GPS capabilities, particularly in accuracy and robustness. Organizationally, the integration of various Space Force units and the merging of navigation and communication satellite procurement raise questions about the prioritization and advocacy for GPS within the military structure.
FROM THE MEDIA: The PNT Advisory Board criticized the U.S. military for its perceived lack of commitment to GPS advancements during their 29th annual meeting. They emphasized concerns over the delayed implementation of improvements like the High Accuracy and Robustness Service (HARS) and the underutilization of the L5 GPS signal. The recent Space Force reorganization was also scrutinized for potentially diluting the focus on GPS, as navigation now shares a program office with military communications satellites. Colonel Andrew Menschner, overseeing GPS operations, highlighted the formation of an Integrated Mission Delta aimed at better-integrating operations and acquisition for GPS. However, Bradford Parkinson, vice chair of the board, remained unconvinced about the U.S. maintaining its leading position in satellite navigation. The Space Force is currently managing the advanced GPS 3 satellites, with more GPS 3F satellites expected to launch by 2027, featuring enhanced capabilities.
READ THE STORY: SN
Canada's Struggle with Foreign Cyber Threats: Focus on China's Interference
Bottom Line Up Front (BLUF): The Communications Security Establishment (CSE) in Canada reports an intensifying trend of foreign cyber interference, particularly from China, targeting Canada's democratic processes. The agency has cited a rise in cyber threats, including state-sponsored attacks on critical infrastructure and election systems, and ongoing concerns about China-operated 'police stations' in Canada.
Analyst Comments: The CSE's 2023 update on cyber threats to Canada's democratic process underscores a growing global challenge: the manipulation of democratic systems through cyber means. The focus on China as a predominant actor in these activities reflects broader geopolitical tensions and the complex nature of modern cyber warfare. Canada's situation is particularly notable for its direct impact on the integrity of its democratic processes and the safety of its diaspora communities. The CSE's acknowledgment of 2.3 trillion blocked malicious actions in a year highlights the scale of the threat. Furthermore, the intertwining of cyber threats with disinformation campaigns presents a multifaceted challenge for Canada, requiring both technological defenses and societal awareness.
FROM THE MEDIA: The CSE's report indicates a significant increase in cyber threats to Canada's democratic processes, primarily attributed to state-sponsored actors linked to China. These threats include cyber-attacks on critical infrastructure, election systems, and the spread of disinformation. Defence Minister Anita Anand emphasized the importance of awareness and collaboration to counter these threats. Despite being considered a "lower-priority target," Canada is reportedly facing a higher risk of election interference going forward. The CSE's efforts have been substantial, as evidenced by the blocking of trillions of malicious actions. The report also highlights the complexity of these threats, which often involve covert operations to manipulate public opinion and election outcomes.
READ THE STORY: Rebel News
EU's Groundbreaking AI Act: Setting New Standards for AI Regulation
Bottom Line Up Front (BLUF): The European Union has finalized the AI Act, a comprehensive set of regulations to govern the development and usage of artificial intelligence. This groundbreaking legislation places restrictions on biometric systems, mandates transparency for AI models, and imposes significant fines for non-compliance, marking a significant step in global AI regulation.
Analyst Comments: The EU's AI Act represents a significant moment in the global approach to regulating artificial intelligence. By focusing on transparency, ethical use, and accountability, the Act addresses growing concerns over the unchecked proliferation and potential misuse of AI technologies. The restrictions on biometric systems, especially those identifying sensitive characteristics, reflect a commitment to individual privacy and civil liberties. The Act's comprehensive nature, encompassing everything from large AI models to energy consumption transparency, suggests a proactive and holistic approach to AI governance. This move by the EU could set a precedent for other nations, influencing global standards and practices in AI development and deployment.
FROM THE MEDIA: The European Union has reached an agreement on the AI Act, aiming to regulate the building and usage of AI technologies. This legislation is considered the most comprehensive of its kind, encompassing a wide range of aspects including bans on certain biometric systems and requirements for transparency in AI models. The Act will have significant implications for companies like OpenAI and Google, particularly for large AI models like GPT-4. The Act includes strict penalties for non-compliance, with fines of up to 7 percent of global turnover. The timeline for implementation of these rules varies, with prohibitions on certain AI usages taking effect in six months, and the full set of rules becoming applicable in approximately two years. The Act's passage follows intense negotiation and reflects the EU's ambition to be a global standard-setter in AI regulation.
READ THE STORY: Wired
China's LandSpace Achieves Satellite Launch Milestone with Methane-Powered Rocket
Bottom Line Up Front (BLUF): Chinese private rocket startup LandSpace successfully launched three satellites into orbit using its methane-liquid oxygen rocket, Zhuque-2 Y-3, marking a significant achievement in the company's ambitions for commercial space launches and positioning methane as a promising rocket fuel.
Analyst Comments: LandSpace's successful launch represents a notable advancement in China's burgeoning private space sector. The use of methane as a rocket fuel is a strategic choice, aligning with global trends toward more sustainable and efficient space launch technologies. Methane offers advantages in cost and reusability, potentially reducing the environmental impact of rocket launches. This launch positions LandSpace and China more broadly as emerging competitors in the global space race, particularly in the commercial satellite launch market. The increasing number of private Chinese companies involved in space exploration and satellite launches reflects China's growing emphasis on space as a domain of both strategic and commercial importance. This successful launch not only boosts investor confidence in methane-fueled rockets but also signals China's commitment to developing its capabilities in satellite deployment and space technology, challenging established players like SpaceX and Blue Origin.
FROM THE MEDIA: LandSpace Technology's Zhuque-2 Y-3 rocket successfully launched three satellites into a 460-km sun-synchronous orbit, marking a milestone for the Chinese private rocket startup. This launch is significant as it is the first successful mission carrying satellites for the Zhuque-2 series and the second overall, following a non-satellite test launch in July. The success of Zhuque-2 Y-3 highlights the potential of methane and liquid oxygen as efficient and cleaner rocket fuels. It also indicates the growing capabilities and ambitions of China's private space industry, which is increasingly focusing on developing rockets to meet the demand for satellite launches. The launch signifies not only a technological achievement but also a strategic move in the competitive global space industry, where China is rapidly emerging as a key player. The satellites launched include two 50-kilogram test satellites developed by Spacety, a Chinese startup, and are part of efforts to form a low-orbit satellite constellation.
READ THE STORY: Reuters // Firstpost
FBI Issues Guidance for Delaying SEC Cyber Incident Disclosures
Bottom Line Up Front (BLUF): The FBI has published guidelines for companies on how to request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC), following new SEC rules requiring prompt disclosure of material cybersecurity incidents.
Analyst Comments: The FBI's new guidance comes in response to the SEC's regulations mandating quicker disclosure of significant cyber incidents by companies. This development is a balancing act between corporate transparency and national security concerns. The possibility of delaying disclosure for reasons of national security or public safety underscores the increasingly complex interplay between cybersecurity and broader societal interests. The guidance also highlights the evolving nature of corporate governance in the digital age, where cybersecurity incidents can have significant implications for investors and the public. The FBI's involvement in the process, including their recommendation for companies to establish a relationship with their local FBI field office, signals a more integrated approach to managing cyber threats involving both private and public sectors.
FROM THE MEDIA: Under the new SEC rules, companies must report significant cyber incidents within four business days, unless a delay is approved by the U.S. Attorney General for national security or public safety reasons. The FBI's guidance document outlines the process for requesting such delays, emphasizing the importance of immediate communication with the FBI upon determination of a cyber incident's materiality. This early engagement with the FBI is crucial for the bureau to assess the incident before the company's materiality determination. The FBI requires detailed information about the cyberattack, including its nature, the affected infrastructure or data, and any operational impact, to process a delay request. The agency also emphasizes the need for accuracy in reporting the date and time of the materiality determination.
READ THE STORY: The Record
Ghana Issues Warning Against Unauthorized Starlink Services
Bottom Line Up Front (BLUF): Ghana's telecoms regulator, the National Communications Authority (NCA), has issued a public warning against the use of Starlink services, as SpaceX's satellite broadband service has not yet been licensed in the country.
Analyst Comments: The NCA's warning against the use of unauthorized Starlink services in Ghana reflects the challenges of regulating new and emerging technologies. While SpaceX's Starlink has a growing presence globally, its expansion into new markets like Ghana is met with regulatory hurdles. This situation highlights the tension between technological innovation and regulatory frameworks, particularly in countries where technology outpaces the development of legal and regulatory structures. The situation in Ghana is not unique, as similar warnings have been issued by regulators in South Africa, Zimbabwe, and Senegal, indicating a broader trend of African countries grappling with the arrival of new satellite broadband services.
FROM THE MEDIA: SpaceX's Starlink service, while covering Ghana with its low Earth orbit network, is not yet licensed for commercial operation in the country, leading to the NCA's warning. The caution comes amid reports of Starlink equipment being sold and used illegally in Ghana. This scenario is not isolated to Ghana, as regulators in other African countries, including South Africa, Zimbabwe, and Senegal, have also warned against unauthorized Starlink operations. In contrast, Nigeria and Mozambique have approved Starlink, showing the varied regulatory responses across Africa.
READ THE STORY: SN
GuLoader Malware Evolves with Advanced Anti-Analysis Techniques
Bottom Line Up Front (BLUF): Researchers have revealed new anti-analysis techniques used by GuLoader malware, making it more challenging to analyze and counteract, indicating the evolving sophistication of cyber threats.
Analyst Comments: The continuous evolution of GuLoader malware, especially in its obfuscation and anti-analysis techniques, exemplifies the dynamic nature of cyber threats. Malware developers are increasingly focusing on methods to evade detection and analysis, complicating the task of cybersecurity professionals. This trend highlights the need for constant vigilance and advancement in cybersecurity measures. GuLoader's use in phishing campaigns and its ability to distribute various payloads, such as information stealers, demonstrate its versatility and danger. The malware's adaptation in response to open-source reporting and security research also indicates a more reactive and agile approach by cybercriminals.
FROM THE MEDIA: GuLoader, first identified in 2019, has been continually updated to bypass security features and is distributed primarily through phishing campaigns. Recent modifications include enhanced obfuscation methods and the use of Vectored Exception Handling (VEH) to complicate code execution analysis. Israeli cybersecurity company Check Point noted that GuLoader is now sold under a new name, emphasizing its undetectable nature by antivirus programs. The malware’s ability to adapt and incorporate new evasion methods is reflective of the broader trend in modern malware threats, where adaptability and sophisticated evasion techniques are becoming the norm.
READ THE STORY: THN
First Crispr Medicine Approved in the US: A New Era in Genetic Treatment
Bottom Line Up Front (BLUF): The US FDA has approved the first Crispr-based medicine, Casgevy, to treat sickle cell disease, marking a significant milestone in the application of gene editing for medical therapies.
Analyst Comments: The approval of Casgevy by the US Food and Drug Administration (FDA) represents a groundbreaking development in the field of medicine, particularly in the treatment of genetic disorders. This Crispr-based therapy offers a potential long-term solution for sickle cell disease, a condition that significantly impacts life expectancy and quality of life. The approach, which involves editing a patient’s cells outside the body and then reintroducing them, highlights the advancements in precision medicine. It also reflects the potential of Crispr technology in treating other genetic diseases. However, the long-term effects and broader application of such treatments are yet to be fully understood.
FROM THE MEDIA: Casgevy, developed by Vertex Pharmaceuticals and Crispr Therapeutics, targets sickle cell disease, a hereditary condition affecting red blood cells. The therapy uses Crispr gene editing to modify patients' cells to produce healthy hemoglobin. The FDA's approval comes after the UK's authorization of the treatment in November. Casgevy is designed as a one-time therapy, with the potential for long-lasting benefits. The approval follows clinical trials showing significant positive outcomes for patients. Additionally, the FDA has approved another gene therapy for sickle cell, Lyfgenia, which does not use Crispr but adds a therapeutic gene to cells.
READ THE STORY: Wired
"5Ghoul": New 5G Modem Vulnerabilities Affect Major Smartphone Brands
Bottom Line Up Front (BLUF): A series of security flaws, collectively called "5Ghoul," has been discovered in the firmware of 5G mobile network modems, affecting a wide range of smartphone models across major brands and posing significant cybersecurity risks.
Analyst Comments: The discovery of the 5Ghoul vulnerabilities highlights the ongoing challenges in securing emerging technologies like 5G. The fact that these flaws impact modems from major chipset vendors such as MediaTek and Qualcomm, and affect a wide range of devices from brands like Apple, Samsung, and Google, underscores the pervasive nature of such vulnerabilities. The vulnerabilities enable attacks that can disrupt connections, force reboots, or downgrade 5G connectivity to 4G, which could have widespread implications for both individual users and network operators. These vulnerabilities also emphasize the importance of rigorous testing and security protocols in the development and deployment of new technologies.
FROM THE MEDIA: The 5Ghoul vulnerabilities were discovered by researchers from the ASSET Research Group at the Singapore University of Technology and Design, who previously uncovered other significant flaws in wireless technologies. These vulnerabilities can be exploited to disconnect or degrade the network connectivity of affected devices. A total of 14 flaws were identified, with 10 affecting 5G modems from MediaTek and Qualcomm, including three high-severity vulnerabilities. The researchers demonstrated how an attacker could deceive a smartphone or other 5G-enabled device to connect to a rogue base station, leading to potential disruption or degradation of service. Over 700 smartphone models are reported to be impacted by these vulnerabilities. MediaTek and Qualcomm have released patches for 12 of the 14 vulnerabilities, with details of the remaining two withheld for confidentiality reasons.
READ THE STORY: THN
UK Imposes Sanctions on Individuals Linked to Cyber Trafficking in Southeast Asia
Bottom Line Up Front (BLUF): The United Kingdom has sanctioned individuals and entities involved in Southeast Asia's online scamming industry, focusing on those connected to "scam compounds" and related businesses in Myanmar, Cambodia, and Laos.
Analyst Comments: The UK's move to sanction individuals linked to the burgeoning online scam industry in Southeast Asia represents a significant step in the global fight against human trafficking and cybercrime. This industry, which has expanded rapidly post-COVID-19, often lures individuals with fraudulent job offers and then forces them to participate in online scams, a practice known as "pig butchering." The UK's sanctions are notable for targeting the facilitators and beneficiaries of these operations, rather than just the frontline perpetrators. This approach reflects an understanding that tackling such complex criminal networks requires addressing the entire ecosystem, including those who profit from or enable these crimes.
FROM THE MEDIA: The UK Treasury's sanctions are part of a broader international effort to curb the Southeast Asian online scamming industry, which exploits trafficked individuals to perpetrate financial fraud. The sanctioned individuals include those involved in operating scam compounds and businesses that facilitate these operations, such as casinos and hotels known to house scam activities. The sanctions target key figures in criminal zones in Myanmar and Laos, including individuals previously sanctioned by the US for related crimes. The action by the UK Treasury aligns with efforts by other nations, including China, to combat the regional scam industry. These coordinated efforts are critical, given the transnational nature of these criminal networks and their impact on victims from various countries.
READ THE STORY: The Record
UK and US Accuse Russian FSB of Conducting 'Hack and Leak' Operations
Bottom Line Up Front (BLUF): The UK and US governments have sanctioned two Russian hackers linked to the FSB for their roles in a long-running spear-phishing campaign targeting British politics and leaking classified documents.
Analyst Comments: The joint action by the UK and US in sanctioning individuals associated with the Russian FSB for cyber espionage activities highlights the ongoing concerns about nation-state involvement in cyberattacks. These operations, which include spear-phishing campaigns and the leaking of sensitive information, are seen as efforts to interfere in the democratic processes of other nations. The attribution of these activities to the FSB, Russia's domestic intelligence agency, and the identification of specific individuals involved, signifies a growing resolve among Western nations to publicly call out and respond to state-sponsored cyber activities. This approach also indicates a shift towards more aggressive stances in cyber diplomacy, aiming to deter future cyber intrusions by holding individuals and entities accountable.
FROM THE MEDIA: The UK's Ministry of Foreign Affairs has accused the Russian Federal Security Service (FSB) of running a campaign to interfere in British politics for nearly a decade. This includes spear-phishing attacks against multiple political parties and the leak of classified documents before the 2019 election. The US has joined the UK in sanctioning two individuals, Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, believed to be involved in these operations. Additionally, the US has unsealed a criminal indictment against them. These actions are part of a broader effort to counteract what is perceived as Russia's persistent and destabilizing cyber activities. The hackers are identified as part of an FSB unit known as Center 18, conducting operations under the alias "Star Blizzard," known for hack-and-leak tactics.
READ THE STORY: BankInfoSecurity
Russian Intelligence Suspected of Accessing Data from Ukrainian Surveillance Cameras
Bottom Line Up Front (BLUF): Russian intelligence services are potentially receiving footage from thousands of Ukrainian surveillance cameras using Russian TRASSIR software, raising significant security concerns.
Analyst Comments: The report from Radio Free Europe/Radio Liberty about Russian intelligence possibly accessing video feeds from Ukrainian surveillance cameras highlights the complex cyber and intelligence threats in the ongoing conflict. The use of surveillance technology in warfare and intelligence gathering is not new, but the potential for a foreign power to access such data remotely via software vulnerabilities presents a new dimension of risk. This situation underscores the importance of cybersecurity in national defense, particularly in conflict zones where surveillance data can provide strategic advantages. It also illustrates the broader implications of relying on foreign technology for critical infrastructure, especially from a hostile nation.
FROM THE MEDIA: The TRASSIR video surveillance system, widely used in Ukraine, is found to send data to servers in Moscow, which are allegedly linked to Russia's Federal Security Service (FSB). The system's capabilities include recording movements and recognizing faces and license plates. An investigation confirmed that footage from these cameras is transmitted to Russian servers before reaching consumers. This finding is particularly concerning given the current conflict, as it suggests a covert method for Russia to gather intelligence within Ukraine. The Ukrainian government has reportedly begun to abandon Russian software following the full-scale invasion. Notably, TRASSIR cameras were removed from critical infrastructure facilities like the Chornobyl nuclear power plant in 2023.
READ THE STORY: K
CISA Adds Qlik Vulnerabilities to Exploited Bugs Catalog
Bottom Line Up Front (BLUF): The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities found in the Qlik Sense data analytics tool to its catalog of exploited bugs, highlighting the need for urgent patching.
Analyst Comments: CISA's inclusion of the Qlik Sense vulnerabilities in its catalog of known exploited vulnerabilities is a crucial step in addressing widespread cybersecurity risks. These vulnerabilities, identified as CVE-2023-41265 and CVE-2023-41266, are significant due to the widespread use of Qlik Sense in government and large business sectors for data analytics. The vulnerabilities allow attackers to gain unauthorized access and escalate privileges within systems. The use of these vulnerabilities by malicious actors, including the Cactus ransomware gang, underscores the critical nature of these security flaws. CISA's directive for federal civilian agencies to patch these issues by December 28 reflects the urgency and importance of addressing such vulnerabilities to maintain cybersecurity.
FROM THE MEDIA: Discovered in the summer, the vulnerabilities in Qlik Sense present a risk for unauthorized system access and privilege escalation. CVE-2023-41265, with a severity score of 9.6, and CVE-2023-41266, with a score of 8.2, were both targeted in attacks by the Cactus ransomware group. These vulnerabilities have been used in conjunction with each other to compromise servers running Qlik Sense software. Patching these vulnerabilities is critical as there are no mitigations, and all versions of Qlik Sense Enterprise for Windows before May are vulnerable. The discovery of these vulnerabilities and their exploitation by ransomware groups indicate the high value and potential impact of such security flaws in widely used software applications
READ THE STORY: The Record
Items of interest
Analyzing Vulnerabilities in the Era of Big Data: A Comprehensive Study of Over 140,000 Records
Bottom Line Up Front (BLUF): This study employs descriptive statistics and programming techniques to analyze more than 140,000 vulnerability records from CVE and CNNVD, revealing significant trends and characteristics of vulnerabilities in products from various manufacturers.
Analyst Comments: This extensive study on vulnerability records is a critical contribution to understanding cybersecurity trends in the big data era. By analyzing a vast number of records from prominent databases like CVE and CNNVD, the study provides valuable insights into the nature and distribution of vulnerabilities across different manufacturers and products. The finding that large companies typically face more severe vulnerabilities highlights the heightened risk associated with more extensive digital infrastructures. The use of multivariate regression and K-means clustering to categorize vulnerabilities based on patterns is an innovative approach that can expedite the resolution of new vulnerabilities by leveraging existing classified databases.
FROM THE MEDIA: The study, conducted through an analysis of CVE (Common Vulnerabilities and Exposures) and CNNVD (China National Vulnerability Database of Information Security) records, highlights the increasing number of vulnerabilities in various Chinese industries as they undergo digital transformation. The research employed advanced statistical and programming techniques to categorize and analyze vulnerabilities, focusing on their characteristics in products from manufacturers of different scales. It revealed that large companies are more prone to severe vulnerabilities, while smaller companies face a more uniform distribution of risk levels. The study also examined the speed at which different vendors resolve vulnerabilities, finding significant variance.
READ THE STORY: Journal of Physics
A tale of two vulnerability databases and a Panda (Video)
FROM THE MEDIA: We have done a quantitative analysis that shows that the U.S. National Vulnerability Database (NVD) is 20 days later than China’s National Vulnerability Database (CNNVD) in the average time between initial disclosure and database inclusion. (33 days for the US compared to 13 in China.) So if you want to stay on top of vulnerabilities you should look at the Chinese CNNVD web page and not the American NIST NVD.
Find and Track the hidden vulnerabilities inside your dependencies (Video)
FROM THE MEDIA: 44% of applications contain critical vulnerabilities in an open source component* and this although good practices like OWASP Top 10 have become widespread.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.