Daily Drop (680): Bird: Rise and Fall, Scam As a Service, INC RANSOM: Xerox, Leaksmas, PLASSF: 8 years of IO, Baidu: ERNIE, DPRK: 2024 Modernization Efforts, AI-Infused Smart Glasses, Dark Web Drama
12-31-23
Sunday, Dec 31 2023 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Blood, Guns, and Broken Scooters: Inside the Chaotic Rise and Fall of Bird
Bottom Line Up Front (BLUF): Bird, once a shining symbol of urban micromobility valued at over $2 billion, has plummeted into bankruptcy. This piece delves into the harrowing experiences of Bird's fleet managers, the contractors who juggled the logistics of maintaining and managing scooters, often at great personal cost and risk. As the company's fortunes waned, these contractors faced increasing pressure, reduced earnings, and dangerous confrontations, all while striving to keep the wheels of the micromobility dream turning.
Analyst Comments: The downfall of Bird is a poignant tale of innovation, ambition, and the harsh realities of a gig economy. Contractors, integral to Bird's operations, faced a precarious work environment, underscored by demanding quotas, safety issues, and violent confrontations. The initial allure of entrepreneurship quickly soured as Bird's business model strained under operational challenges and a failing financial structure. This case study reflects a broader narrative of the gig economy's pitfalls - the volatility of tech-driven markets, and the often invisible human cost behind disruptive innovation.
FROM THE MEDIA: Wired paints a vivid picture of the chaotic landscape fleet managers navigated as they maintained Bird's scooter fleets. These contractors, lured by the promise of autonomy and lucrative returns, found themselves in an increasingly untenable position as Bird tightened operations amidst financial turmoil. Stories of physical confrontations, exhaustive work hours, and financial distress highlight the intense pressure and risk these individuals faced. Even as Bird's business faltered, fleet managers, bound by contracts and sunk investments, continued to chase the fleeting promise of a profitable venture, often at great personal and financial risk.
READ THE STORY: Wired
Rise of Scam-as-a-Service: The New Threat in Crypto Wallet-Draining Attacks
Bottom Line Up Front (BLUF): The cybersecurity community is raising alarms over a surge in sophisticated phishing attacks designed to drain cryptocurrency wallets across various blockchain networks. These attacks are facilitated by a "Scam-as-a-Service" model, with groups like Angel Drainer offering wallet-draining scripts for a cut of the stolen assets. Despite the shutdown of a prominent service known as Inferno Drainer, the threat persists with evolving tactics.
Analyst Comments: This emergent "Scam-as-a-Service" model exemplifies the adaptability and entrepreneurial nature of cybercriminals in the digital age. By commoditizing phishing and wallet-draining tools, they've created a more accessible and potentially more devastating form of cybercrime. The use of multi-chain targeting indicates a sophisticated understanding of the crypto ecosystem and its vulnerabilities. Users and institutions must therefore be more vigilant and proactive in their cybersecurity measures, emphasizing the importance of education, secure wallet practices, and regulatory responses to this growing threat.
FROM THE MEDIA: Cybersecurity experts have identified an uptick in crypto wallet-draining attacks, particularly from a group named Angel Drainer. This group, among others, offers a "scam-as-a-service" model, significantly lowering the barrier to entry for aspiring cybercriminals. These attacks often involve airdrop or phishing scams that lead victims to interact with malicious smart contracts on fake websites. Once a user's wallet is connected, attackers can drain funds without further interaction. The closure of services like Inferno Drainer, which contributed to over $70 million in stolen crypto, highlights the transient yet impactful nature of these services. Despite such closures, new and more sophisticated threats continue to evolve. Cybersecurity entities recommend the use of hardware wallets and diligent verification of smart contracts as measures to mitigate these risks.
READ THE STORY: THN
INC RANSOM Ransomware Group Allegedly Breaches Xerox Corp
Bottom Line Up Front (BLUF): The INC RANSOM ransomware group has claimed responsibility for a cyber attack on Xerox Corp, an American multinational corporation known for its document management solutions. The group has threatened to release stolen data and has posted proof of the breach on its leak site. The extent of the data compromise remains unclear, but this incident marks an addition to a series of attacks attributed to the INC RANSOM group since its emergence in 2023.
Analyst Comments: The claim by INC RANSOM highlights the persistent threats posed by ransomware groups to global corporations. Xerox Corp, with its extensive global presence and significant data handling, represents a high-value target. The incident underscores the critical need for robust cybersecurity measures and proactive threat intelligence. Companies must adapt quickly to the evolving tactics of ransomware groups, especially those like INC RANSOM, which continuously expand their list of corporate victims. The situation demands close monitoring as more details about the breach's scope and impact might emerge.
FROM THE MEDIA: The INC RANSOM ransomware group has publicly claimed an attack on Xerox Corp, a significant player in document management and digital printing solutions. The group, known for its ransomware activities since 2023, has listed Xerox among its latest victims and posted documents online as proof of the breach. The specific details about the stolen data volume and potential impact on Xerox's operations and clients are still to be disclosed. The attack adds to the growing list of over 40 organizations allegedly breached by INC RANSOM, reflecting a broad and aggressive campaign against corporate targets worldwide.
READ THE STORY: Security Affairs
"Leaksmas" Event Floods Dark Web with Leaked PII and Compromised Data
Bottom Line Up Front (BLUF): During the holiday season, an event dubbed "Leaksmas" saw cybercriminals on the Dark Web releasing over 50 million records containing personally identifiable information (PII) of consumers worldwide. This activity included leaks from telecommunications providers, government agencies, and various companies, freely shared as a form of "mutual gratitude" among cybercriminals. This significant release of data has widespread implications, leading to potential account takeovers, identity theft, and financial fraud on a global scale.
Analyst Comments: The "Leaksmas" event illustrates the relentless nature of cybercriminal activity, even during times traditionally reserved for celebration and goodwill. The widespread distribution of leaked data across various countries underscores the global threat of such activities and the boundless nature of cybercrime. Organizations must enhance their digital defenses and employ robust identity protection strategies to mitigate the risks associated with such extensive data compromises. As cybercriminals continue to refine their tactics and share resources, the importance of international cooperation and robust cybersecurity measures has never been more critical.
FROM THE MEDIA: Resecurity experts observed a significant data release event on the Dark Web, termed "Leaksmas," involving the leak of over 50 million records containing PII from consumers worldwide. The leaks spanned a wide geographical range, affecting individuals and organizations across multiple countries. These included major data sets from telecommunications providers in Peru and other significant leaks involving entities in Chile, France, Vietnam, Russia, and more. The leaked data's diverse nature and the free distribution among cybercriminal circles indicate an extensive network of actors involved in these breaches. This event marks a considerable escalation in the volume and variety of data being shared and sold in the dark corners of the internet, highlighting a massive challenge for cybersecurity and personal data protection going forward.
READ THE STORY: Security Affairs
China's PLA Strategic Support Force Marks 8 Years: Spearheading Information Warfare
Bottom Line Up Front (BLUF): The People's Liberation Army Strategic Support Force (PLASSF), established on December 31, 2015, is a pivotal element in China's military, responsible for information, cyber, space, and electronic warfare. Serving as the fifth branch of the PLA, it's integral to China's aim to become an "informatized" military power, providing strategic information support and conducting sophisticated information operations globally. Its formation marks China's strategic emphasis on dominating the information domain to enhance its military and geopolitical objectives.
Analyst Comments: The PLASSF's establishment reflects China's forward-looking military strategy, emphasizing the importance of information dominance in modern warfare. Its dual departments, the Network Systems Department and the Space Systems Department, underline the comprehensive approach China is adopting, integrating cyber capabilities with space operations. The force's expansive role in intelligence, surveillance, space warfare, and global data acquisition demonstrates China's commitment to leveraging technology for strategic gains. As the PLASSF continues to evolve, its activities and capabilities will likely become more sophisticated, posing significant implications for global security and strategic balance.
FROM THE MEDIA: The PLASSF's celebration of its 8th anniversary brings attention to its crucial role in enhancing China's military capabilities and extending its reach into space and cyberspace. It operates under a veil of secrecy, but its known operations indicate a robust expansion in space and cyber capabilities. This includes extensive involvement in satellite communication, electronic warfare, and cyber espionage, which are integral to China's military strategy. The force's commitment to dominating the information spectrum aligns with China's broader goals of becoming a world-leading power in technology and military might. As the PLASSF grows in capability and influence, it will undoubtedly play a central role in shaping China's defense and strategic posture.
READ THE STORY: The EurAsain Times
Baidu's ERNIE Bot Emerges as Top Chinese AI Chatbot
Bottom Line Up Front (BLUF): Baidu's ERNIE Bot, leveraging its large language model, has become the #1 Chinese AI chatbot, reaching over 100 million users. Operating primarily in Mandarin, it signifies China's rapid advancements in generative AI, even as North America leads with multiple innovations. ERNIE Bot's capabilities span text, image, and video generation, marking a significant stride in China's AI journey and reflecting the global competitive landscape in AI technology.
Analyst Comments: ERNIE Bot's ascent reflects the broader trend of significant investments and breakthroughs in AI from Chinese firms. Baidu's strategic approach to AI, encompassing aspects of "informatization" and "intelligentization," indicates a sophisticated understanding and application of AI technologies. The bot's rapid growth and recent regulation by China's new AI Law also underscore the country's commitment to leading in AI governance. As AI becomes more central to global innovation and competition, understanding the capabilities and strategic directions of platforms like ERNIE Bot is crucial for businesses and technology strategists worldwide.
FROM THE MEDIA: Baidu's ERNIE Bot has achieved rapid growth since its public release, now ranking as the top Chinese AI Chatbot. This growth is underpinned by Baidu's extensive research and technological advancements in AI, as well as China's regulatory steps to govern AI innovation effectively. ERNIE Bot's development is based on technologies like supervised fine-tuning and reinforcement learning with human feedback, as well as innovative approaches in knowledge, retrieval, and dialogue enhancement. Its success, coupled with China's strategic AI regulations, indicates a significant move towards a more mature and regulated AI landscape in China. As the AI race continues, the global market's dynamics, especially in the Asian context, are set to evolve with these advancements.
READ THE STORY: Forbes
North Korea's Aggressive Military Agenda for 2024: Satellites, Drones, and Nuclear Arsenal Expansion
Bottom Line Up Front (BLUF): North Korea has announced an aggressive military agenda for 2024, including launching new spy satellites, building military drones, and augmenting its nuclear arsenal. Leader Kim Jong Un emphasized the inevitability of war due to U.S. policies, asserting the need to prepare for complete military readiness. This announcement aligns with North Korea's continued defiance of international norms and its ambition to assert dominance in the region.
Analyst Comments: The year-end policy speech by Kim Jong Un is a stark reminder of the ongoing tension on the Korean Peninsula. The commitment to expand its satellite and drone capabilities, coupled with nuclear arsenal development, shows North Korea's focus on enhancing its strategic and tactical military operations. This move is likely a strategy to bolster its negotiation power internationally, especially in the context of upcoming pivotal elections in South Korea and the U.S. The global community must monitor these developments closely, as they have far-reaching implications for regional stability and international security.
FROM THE MEDIA: North Korea's latest announcement includes plans to launch three new spy satellites and develop unmanned military drones, aiming to boost its surveillance and offensive capabilities. This is alongside a directive to enhance its nuclear arsenal, with Kim Jong Un instructing the military to be ready to "pacify the entire territory of South Korea," including the use of nuclear weapons if deemed necessary. These developments occur amidst accusations against the U.S. and its allies of increasing regional tensions and the portrayal of war as an imminent threat. South Korea's response strongly condemns these plans, with a warning of overwhelming retaliation if provoked. This rhetoric indicates escalating tensions and the need for vigilant international diplomatic efforts.
READ THE STORY: Reuters // Almayadeen
Silicon Valley's Renewed Ambition: AI-Infused Smart Glasses
Bottom Line Up Front (BLUF): Silicon Valley is revisiting the concept of smart glasses akin to the earlier Google Glass, but with a significant upgrade: integration with artificial intelligence. Despite past setbacks, new iterations like Meta's Ray-Bans show promise by incorporating AI to offer more seamless, user-friendly experiences. This shift towards AI-assisted wearables reflects a broader trend in technology, aiming to position smart glasses as a viable successor to smartphones.
Analyst Comments: The revival of smart glasses signifies a blend of lessons learned from past endeavors and advancements in AI. This time, companies are treading carefully, addressing privacy concerns and social acceptability that plagued earlier models. The focus is on creating a discreet, intuitive user interface that enhances, rather than disrupts, social interaction. However, the challenge remains in balancing innovation with privacy, ensuring these devices serve as a helpful, not intrusive, addition to daily life.
FROM THE MEDIA: Silicon Valley is making a bold bet on the future of wearable technology by reintroducing smart glasses with advanced AI capabilities. Unlike the original Google Glass, which faced significant backlash and was discontinued for consumers in 2015, the new wave, led by Meta's improved Ray-Bans, aims to seamlessly integrate into daily life by leveraging large language models for voice interfaces. These glasses are designed to be less intrusive and more functional, with features like object recognition and virtual assistance. However, despite technological enhancements, the concept still faces skepticism regarding privacy and social acceptance. Companies like Meta and Qualcomm are at the forefront, pushing the boundaries of what's possible with wearable AI technology, yet the success of these smart glasses will depend on consumer reception and the ability to address earlier criticisms effectively.
Items of interest
Dark Web Dilemma: Strategies for Companies Targeted in Data Leaks
Bottom Line Up Front (BLUF): Companies are increasingly finding their sensitive data mentioned or traded on the darknet. Kaspersky's research indicates that a significant number of companies are potentially affected by data breaches, with the darknet acting as a marketplace for compromised data, infrastructure accesses, and accounts. Understanding the landscape and preparing a comprehensive incident response strategy is crucial for mitigating these risks.
Analyst Comments: The darknet is a hub for the exchange of stolen corporate data, including databases, internal documents, infrastructure access, and compromised accounts. Kaspersky's analysis reveals that a third of the companies in their study were mentioned in darknet posts related to data breaches. The increase in these incidents reflects the growing sophistication of cybercriminal networks and the lucrative nature of corporate data. To counter these threats, companies need to enhance their cybersecurity posture, engage in proactive monitoring, and prepare robust incident response plans to address potential breaches promptly.
FROM THE MEDIA: Kaspersky's extensive research in 2022 identified that 223 out of 700 global companies were mentioned on the Darknet in contexts related to data breaches. Their analysis reveals an alarming frequency of compromised data being sold or distributed, including bank card information, licenses, and IDs. The report highlights the regular sale of databases and internal documents, which are vital to companies of all sizes. Infrastructure accesses, another significant aspect of the dark web market, facilitate complex cyberattacks. The research found a substantial number of unique infrastructure offers, indicating a prevalent market for corporate access credentials. Additionally, compromised accounts are a significant threat, with cybercriminals often sharing credentials on the dark web. Kaspersky's insights into these activities offer a critical perspective on the extent and nature of cyber threats facing modern businesses.
READ THE STORY: Securelist
EXCUSE ME, I THINK YOUR DARK WEB IS LEAKING! (Video)
FROM THE MEDIA: The Dark Web has developed an ominous reputation within the security landscape. Misunderstood by both experts and outsiders, it is described as “anonymous”, “impenetrable” and “a safe place for criminals”. This talk will present the results of new research and demonstrate how the Dark Web fails to live up to its own hype & speculation. In addition, this talk will explore techniques that can be used to unmask hidden services and how small innocuous, information leaks can have devastating consequences for darknet operators. Finally, this talk will present a vision for the future of the dark web, a look at how today’s technologies will mold this corner of the internet and how law enforcement are unequipped to tackle the consequences.
The Rise and Fall of the CIA | Sam Faddis (Video)
FROM THE MEDIA: Gabe & Ben host John Hammond who is a cybersecurity researcher, educator and content creator. His YouTube channel has over 25 million views, making him, in our opinion and many others’, one of the most influential and rising figures in malware analysis and more broadly in the industry.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.