TOP OF THE DAY – Phishing Espionage Attack Targets US-Taiwan Defense Conference

(Nate Nelson – Dark Reading – 18 September 2024) A meeting of influential figures in and around the US and Taiwanese defense industries has been targeted by a phishing attack carrying fileless malware. The 23rd US-Taiwan Defense Industry Conference will be held next week in Philadelphia’s Logan Square neighborhood. Closed to the press, it will feature speakers from government, defense, academia, and commercial sectors in the US and Taiwan. The focus, according to its website, will be “addressing the future of US defense cooperation with Taiwan, the defense procurement process, and Taiwan’s defense and national security needs.”. Recently, the US-Taiwan Business Council — the organization behind the event — was sent a malicious forgery of its own registration form. The form was paired with information-stealing malware designed to execute entirely in memory, making it more difficult to detect with traditional antivirus software. Thanks to diligent anti-phishing preparations, however, the council quickly rebuffed the attack. – Espionage Attack Targets US-Taiwan Defense Conference (darkreading.com)

Geostrategies

(Mihai Sora – East Asia Forum – 17 September 2024) Australia, along with the United States, Japan and China, is heavily investing in the Pacific’s digital transformation, with a focus on strategic infrastructures like undersea internet cables and telecommunication networks. Pacific Island nations, notably Papua New Guinea, Solomon Islands and Fiji, have become significant areas of geopolitical competition in the digital sector. Concerns over influence, governance and control of digital information intersect with opportunities such as Starlink’s potential to bridge the digital divide and Australia’s role in protecting Pacific nations’ digital sovereignty. – Beneath the surface of Pacific digital infrastructure investments | East Asia Forum | East Asia Forum

(Swati Prabhu, Aritra Ghosh – Observer Research Foundation – 17 September 2024) Recently, India marked its maiden National Space Day on 23 August 2024 with the theme, ‘Touching Lives while Touching the Moon: India’s Space Saga’. This comes at a crucial juncture in the international diplomatic theatre where outer space is gaining traction. According to the World Economic Forum (WEF), the global space economy is expected to reach US$ 1.8 trillion by 2035, an increase from US$ 630 million in 2023. The space economy serves several purposes such as increasing the prominence of satellites in ensuring the smooth functioning of our daily life, weather forecasting towards disaster-preparedness, remote sensing technology for agriculture, water resource management, facilitating educational activities, promoting telemedicine, and largely contributing towards the sustainability narrative. – India’s space diplomacy: Partnering for sustainable development and regional cooperation (orfonline.org)

Governance

(Alexandra Kelley – NextGov – 18 September 2024) The National Science Foundation is launching two new artificial intelligence programs geared towards developing new algorithmic capabilities to advance research in astronomical sciences. Two new AI institutions, funded in part by the NSF as well as the Simons Foundation, will work with researchers in academia to develop novel AI software tailored to processing both large volumes of astronomical data and images from telescopes that standard AI softwares have trouble computing. – NSF launches new AI initiatives for astronomy – Nextgov/FCW

(Frank Konkel, David DiMolfetta – NextGov – 18 September 2024) Development of the National Security Agency’s commercial cloud environment is progressing “very well,” according to an official from Amazon Web Services, the company that ultimately won a contract valued at up to $10 billion from the clandestine signals intelligence agency in 2022. “Our plans are tracking right now,” David Appel, vice president of U.S. Federal for Amazon Web Services, told Nextgov/FCW on the sidelines of the Billington Cybersecurity Summit earlier this month. AWS will continue building the physical infrastructure and cloud computing regions required under the massive contract over the next year. – NSA’s secret Amazon-developed cloud environment progressing ‘very well’ – Nextgov/FCW

(Kevin Frazier – Lawfare – 18 September 2024) Congress appears to have developed a troubling pattern: shrinking the Federal Trade Commission’s (FTC’s) budget just as consumer protection concerns grow. The FTC has also adopted a practice of coming close to infringing on Congress’s legislative authority by broadly interpreting its rulemaking authority, at least in the eyes of members. Given the threats posed to consumer well-being by rapidly evolving and sophisticated artificial intelligence (AI) systems, this stalemate needs to come to an end. The solution is relatively straightforward: investing in the nation’s primary consumer protection agency—specifically, the FTC’s Office of Technology. And, in turn, the FTC should prioritize use of its investigatory authority over contested rulemakings. – A Compromise to Fund the Federal Trade Commission’s Office of Technology | Lawfare (lawfaremedia.org)

(World Economic Forum – 11 September 2024) Automated decision-making systems based on algorithms and data are increasingly common today, with profound implications for individuals, communities and society. More than ever before, data equity is a shared responsibility that requires collective action to create data practices and systems that promote fair and just outcomes for all. –Advancing data equity | World Economic Forum (weforum.org)

Security

(Ryan Naraine – SecurityWeek – 18 September 2024) Researchers at Lumen Technologies have eyes on a massive, multi-tiered botnet of hijacked IoT devices being commandeered by a Chinese state-sponsored espionage hacking operation. The botnet, tagged with the moniker Raptor Train, is packed with hundreds of thousands of small office/home office (SOHO) and Internet of Things (IoT) devices, and has targeted entities in the U.S. and Taiwan across critical sectors, including the military, government, higher education, telecommunications, and the defense industrial base (DIB). – Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military – SecurityWeek

(Eduard Kovacs – SecurityWeek – 18 September 2024) A North Korean threat actor tracked as UNC2970 has been using job-themed lures in an effort to deliver new malware to individuals working in critical infrastructure sectors, according to Google Cloud’s Mandiant. The first time Mandiant detailed UNC2970’s activities and links to North Korea was in March 2023, after the cyberespionage group was observed attempting to deliver malware to security researchers. – North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs – SecurityWeek

(Dark Reading – 18 September 2024) Threat actors have been targeting Foundation accounting software commonly used by general contractors in the construction industry, leveraging active exploits within the plumbing, HVAC, and concrete sub-industries, among others. Researchers at Huntress initially discovered the threat when tracking activity on Sept. 14. – Threat Actors Target Contractor Software (darkreading.com)

(Jai Vijayan – Dark Reading – 18 September 2024) “SambaSpy,” a recently surfaced remote access Trojan (RAT), is loaded up with a Swiss Army knife-like set of functions for spying on victims and stealing data from them. Its creators, thought to be Brazilian, have also made the versatile RAT hard to detect and analyze by obfuscating it with Zelix KlassMaster, a legitimate Java obfuscation tool that developers often use to protect their code against reverse engineering and unauthorized modification. – ‘SambaSpy’ RAT’s Multiple Features Pack Hefty Punch (darkreading.com)

(Kristina Beek – Dark Reading – 18 September 2024) In what seems to be an increasingly popular method of attack, two threat groups have been identified as utilizing QR code parking scams in the UK and throughout the world. The researchers at Netcraft believe that one of the groups is active across Europe, especially in France, Germany, Italy, Switzerland, and the UK. According to initial reports of the threat, threat actors trick unsuspecting victims into scanning malicious QR codes and entering their personal information. And the damage doesn’t stop there — ultimately, because the QR codes are fake, users aren’t registering their cars for parking, meaning that they’re likely to be hit with a double whammy: potential financial fraud and a parking ticket. –QR Phishing Scams Gain Motorized Momentum in UK (darkreading.com)

(Elizabeth Montalbano – Dark Reading – 18 September 2024) One-thousand instances of enterprise knowledge bases (KBs) hosted by ServiceNow were found to be exposing sensitive corporate data over the past year, despite improvements in data protection that the company put in place last year to avoid such security issues. Based on security research conducted by software-as-a-service (SaaS) security firm AppOmni, nearly 45% of total enterprise instances of ServiceNow KBs leak sensitive data, including personally identifiable information (PII), internal system details, and active credentials/tokens to live production systems. – Thousands of ServiceNow KB Instances Expose Corporate Data (darkreading.com)

(Nate Nelson – Dark Reading – 18 September 2024) Nearly a third of companies that fell victim to ransomware last year had at least one infostealer infection in the months prior to their attack. Cyberattacks, but particularly ransomware attacks, only work when they’re a surprise. It’s why ransom notes through history have almost always opened by simply stating the facts: “Your network has been penetrated,” or “Oops, your files have been encrypted.” Companies with any notion that an attack is about to come can easily rebuff it simply by backing up and encrypting their files. That’s why it’s so interesting that, as SpyCloud notes in its 2024 “Malware and Ransomware Defense Report,” nearly a third of all ransomware events last year were foreshadowed by an infostealer infection in the 16 weeks prior. – Infostealers: An Early Warning for Ransomware Attacks (darkreading.com)

(David Bennett – Dark Reading – 18 September 2024) The rising cost of cyberattacks, including downtime, investigations, lawsuits, ransoms, and more are prompting cyber insurers to re-examine underwriting and encourage greater cyber resiliency in their customer bases. With the influx of cyber-insurance claims stemming from the CrowdStrike IT outage and the exorbitant price of recovering from data breaches — $4.88 million, on average, according to IBM — the cyber-insurance industry will continue to self-correct and evolve to fit market needs while maintaining profitability. – How Cyber-Insurance Shifts Affect the Security Landscape (darkreading.com)

(Connie Loizos – TechCrunch – 18 September 2024) Craigslist founder Craig Newmark plans to donate $100 million to further strengthen U.S. cybersecurity, addressing what he sees as a growing threat from foreign governments, he tells the WSJ. Half the funds will focus on protecting power grids and other infrastructure from cyberattacks; half will be earmarked to educate people about so-called cybersecurity hygiene. – Craig Newmark pledges $100M to fight hacking by foreign governments | TechCrunch

(Stephen Pritchard – Infosecurity Magazine – 18 September 2024) An overwhelming majority of the critical infrastructure (CI) sector has suffered an email-related security breach over the past 12 months. A study, by Osterman Research and commissioned by CI security vendor OPSWAT, revealed that 80% of organizations were victims of an email-based security breach. Even as criminal hackers target the sector, CI businesses appear to be failing to protect their systems. Osterman Research found that 75% of cyber-threats to critical infrastructure arrived by email. – Critical Infrastructure at Risk From Email Security Breaches – Infosecurity Magazine (infosecurity-magazine.com)

(Stephen Pritchard – Infosecurity Magazine – 18 September 2024) Scammers are using images from Google’s Street view to intimidate internet users, according to security researchers. The extortion attacks – also described as “sextortion” – typically accuse the victim of visiting pornographic websites. The attacker then asks for a fee, typically in Bitcoin or other cryptocurrencies, to “wipe” the evidence. According to researchers at Cofense, attackers are now using images from Street View to further intimidate victims. – Google Street View Images Used For Extortion Scams – Infosecurity Magazine (infosecurity-magazine.com)

(Sadie Smith – Infosecurity Magazine – 18 September 2024) The digital age we live in has made robust cybersecurity measures a must, not just for individuals but for companies as well. In fact, for businesses, the need for good cybersecurity can be even more crucial since a single breach can affect a whole tract of people at the same time. The more contemporary businesses, small and large, begin to digitize, the more vulnerable they become to an entire arsenal of cyber threats. If hackers manage to breach a company’s servers, it gives them access to a virtual treasure chest of sensitive information that can be leveraged against the victims. Understanding these tactics is the first step toward implementing more robust security measures and protecting your organization from potential threats. As such, here’s a look at seven ways hackers can access company information. – Seven Ways Hackers Can Access Company Information – Infosecurity Magazine (infosecurity-magazine.com)

(Kevin Poireault – Infosecurity Magazine – 18 September 2024) The Australian Federal Police (AFP) has led a successful international law enforcement operation to take down Ghost, a dedicated encrypted communication platform allegedly used for drug trafficking, money laundering, organized killings and other crimes and illegal activities. – Europol Taskforce Disrupts Global Criminal Network – Infosecurity Magazine (infosecurity-magazine.com)

(Dymples Leong – Lowy The Interpreter) Recent news of pop star Taylor Swift’s endorsement of US presidential candidate Kamala Harris stirred up the internet – the Instagram post in which she made the announcement garnered more than eight million likes. While Swift’s post mobilised her fanbase in support of Harris, more importantly it highlighted to the public the dangers of generative AI, in particular manipulated images. In fact, Swift said her decision was motivated by Donald Trump’s AI-generated post in August on Truth Social falsely claiming that she had endorsed his presidential run. –What Taylor Swift taught the world on the risks of AI-generated images and elections | Lowy Institute

(Phil Muncaster – Infosecurity Magazine – 18 September 2024) AT&T has agreed to pay $13m to the US telco regulator to settle a long-running investigation into whether it failed to protect customer data stored in the cloud. The Federal Communications Commission (FCC) explained that the incident stemmed from a supply chain breach in January 2023 when threat actors exfiltrated AT&T customer data from a vendor’s cloud environment. – AT&T Agrees $13m FCC Settlement Over Cloud Data Breach – Infosecurity Magazine (infosecurity-magazine.com)

(Robert Lemos – Dark Reading – 18 September 2024) In its latest cyberattack on a Middle Eastern nation using its proxies in cyberspace, Iran continues to ramp up its cyber operations against rivals and allies. In the attack, a cyberespionage group linked to Iran’s Ministry of Intelligence and Security (MOIS) and known as APT34 targeted government ministries in Iraq, a nation that was once an enemy and now is sometimes a rival and sometimes an ally of Iran. The attack had all the hallmarks of the group, also known as Hazel Sandstorm: custom infrastructure using email tunneling for communications, use of two malware programs similar to previous APT34 code, and domain-naming schemes similar to previous operations. – As Geopolitical Tensions Mount, Iran’s Cyber Operations Grow (darkreading.com)

(Eduard Kovacs – SecurityWeek – 18 September 2024) Russian antimalware company Doctor Web, the developer of Dr.Web cybersecurity products, on Tuesday said it was recently targeted in a cyberattack. In an English-language statement posted on its website, the security firm said it had detected a targeted attack aimed at its resources on September 14. – Russian Security Firm Doctor Web Discloses Targeted Hacker Attack – SecurityWeek

(Phil Muncaster – Infosecurity Magazine – 18 September 2024) A leading US security agency has released some timely advice designed to raise awareness about coding best practice to eliminate one of the most common classes of software vulnerability. Teaming up with the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) issued its Secure by Design Alert yesterday in a bid to reduce the number of cross-site scripting (XSS) bugs appearing in software. – CISA Issues Advice to Help Eliminate XSS Bugs – Infosecurity Magazine (infosecurity-magazine.com)

(Peter Lees – ASPI The Strategist – 18 September 2024) Australia is waging a quiet yet critical battle on a new front—its software supply chains. Attacks on this battleground infiltrate deep within the software development lifecycle, exploiting vulnerabilities in third-party components or open-source software. But unlike other kinds of attacks, the fallout easily extends beyond businesses to essential systems that can underpin our nation’s economy and security. –The software war: a quieter threat to Australia’s national security | The Strategist (aspistrategist.org.au)

(Dark Reading – 17 September 2024) The Marko Polo cybercrime gang represents a growing, global financial threat, steering at least 30 ongoing fraud campaigns at the same time and wielding an arsenal of sophisticated malware that has compromised tens of thousands of devices so far. – ‘Marko Polo’ Creates Globe-Spanning Cybercrime Juggernaut (darkreading.com)

Defense, Intelligence, and War

(Riley Ceder – Defense News – 18 September 2024) The CEO of a prominent AI company called for the faster adoption of powerful software, particularly by the military, to address growing global threats. Speaking Tuesday at an Axios event in National Harbor, Maryland, on AI’s emerging defense capabilities, Sean Moriarty, CEO of artificial intelligence and data analysis firm PrimerAI, urged the Defense Department to accelerate its efforts to adapt to the rapidly changing threat landscape by taking advantage of existing technology. – DOD must accelerate AI adoption amid growing threats: PrimerAI CEO (defensenews.com)

(Brian Finucane – Just Security – 18 September 2024) Thousands of pagers exploded across southern Lebanon and Beirut on Sept. 17, reportedly killing nine people, including a child, and injuring thousands. The explosions  occurred amidst ongoing hostilities between Lebanese Hezbollah and Israel, the current round of which began on Oct. 8 of last year, when Hezbollah, in a show of solidarity with Hamas, launched an attack against an Israeli military base in Shebaa Farms. Subsequent fighting between Hezbollah and Israel has displaced tens of thousands in southern Lebanon and northern Israel. – Law of War Questions Raised by Exploding Pagers in Lebanon (justsecurity.org)

(Agnes Helou – Breaking Defense – 18 September 2024) As Hezbollah contends with what appears to be a second wave of exploding personal devices today, experts here said that the armed Lebanese group has been dealt a “severe blow” and will likely struggle to respond to what’s suspected to be an unprecedented, sophisticated attack by Israel. “If Hezbollah will retaliate, it won’t be soon,” retired Lebanese armed forces Gen. Maroun Hitti told Breaking Defense, adding that the group would likely need at least a month to gather itself. On Tuesday afternoon reportedly hundreds of pagers carried by Hezbollah members in Lebanon suddenly exploded, killing several people, including two children, and wounding scores of others. Hezbollah quickly blamed Israel and vowed retaliation — before another wave of bombings apparently struck walkie-talkies today. Israel has not taken responsibility for what news organizations are describing as a supply chain attack, but Defense Minister Yoav Gallant told Israeli troops today that Israel was in a “new phase” of war. – After apparent mass pager attack, Hezbollah has few avenues for response, experts say – Breaking Defense

Legislation

(Jim Dempsey – Lawfare – 18 September 2024) The year 2024 is emerging as a watershed in U.S. cybersecurity policy—and almost nobody has noticed. I don’t blame them. The pace of legislative and regulatory actions has been dizzying, making it hard to see the big picture. In Part 1 of this series, I focused on efforts to limit the flow of Americans’ sensitive data to foreign adversaries, covering TikTok, biometric identifiers and other sensitive data, data brokers, and, briefly, the Kaspersky anti-virus software. Among other things, I sought to trace the consistent thread linking these actions across the Trump and Biden administrations. (A quick update on Part 1: The Department of Justice missed the Aug. 26 deadline set in President Biden’s February 2024 executive order for issuing a proposed rule controlling export of Americans’ sensitive data. As noted in Part 1, missing such a deadline, even in a presidential order, is not unusual and was predictable in this case, given the complexity of the problem.). In Part 2, I focus on infrastructure and connected products: connected cars, cloud computing resources, artificial intelligence capabilities, ship-to-shore cranes, undersea cables, and one of the internet’s key protocols. (Of course, the distinction between data and hardware is blurry, since one concern with connected products is that they collect and share sensitive data about Americans.) My goals are to describe the rapidly growing patchwork quilt of U.S. cybersecurity law, call out some of the major remaining gaps, highlight the urgent need for Congress to clarify the authority for some of the cybersecurity actions already taken and for those that need to be taken, and urge the Biden administration to try for clarification of statutory authority in at least one or two more sectors before the year closes. – Stitching Together the Cybersecurity Patchwork Quilt: Infrastructure | Lawfare (lawfaremedia.org)