The Australian Signals Directorate has released its cyber threat report for the past financial year, a period that included high profile data breaches at the nation's second largest telco, Optus, and largest private health insurer, Medibank. ASD said state-backed cyber hackers continued to threaten major companies and critical infrastructure, with China singled out as the main culprit for such attacks. ABC News

The UK's cyber chief has today signalled that the threat to the nation’s most critical infrastructure is ‘enduring and significant’, amid a rise of state-aligned groups, an increase in aggressive cyber activity, and ongoing geopolitical challenges. NCSC

In the midst of escalating conflict in the Middle East, X is failing to moderate hate speech on its platform that promotes antisemitic conspiracies, praises Hitler and dehumanizes Muslims and Palestinians. TechCrunch

ASPI

Japan joins US-led effort to regulate military use of AI

The Japan Times

Gabriel Dominguez

Beijing is already besting Western democracies in research output on 53 out of 64 technological areas deemed critical for economic growth and military power over the coming decades, according to Australian Strategic Policy Institute think tank data released in September. This includes research in military areas where AI and autonomy will be crucial such as drone swarms, collaborative robots, advanced data analytics and machine learning. The issue is likely to be discussed this week during a highly anticipated meeting between US President Joe Biden and Chinese leader Xi Jinping on the sidelines of the Asia-Pacific Economic Cooperation summit in San Francisco, where the potential dangers of AI will also be high on the agenda.

Australia

China blamed as major backer behind hacking of Australian companies and infrastructure

ABC News

Matthew Doran

More Australians are reporting being targeted by cyber criminals, as the nation's digital spy agency points the finger at China as the major backer of serious hacking of Australian companies and critical infrastructure. The Australian Signals Directorate has released its cyber threat report for the past financial year, a period that included high profile data breaches at the nation's second largest telco, Optus, and largest private health insurer, Medibank. ASD said state-backed cyber hackers continued to threaten major companies and critical infrastructure, with China singled out as the main culprit for such attacks.

Release of the annual Cyber Threat Report 2022-23

Australian Defence Force

The Australian Signals Directorate’s Annual Cyber Threat Report for 2022-23 lays bare Australia’s cyber threat landscape. Reflecting the global strategic context, this year’s report highlights that Australian governments, critical infrastructure, businesses and households continue to be the target of malicious state and non-state cyber actors.

Cyber attacks are on the rise in Australia according to top spy agency News.com.au Eleanor Campbell An annual cyber threat report released on Tuesday revealed 94,000 cyber incidents have been reported over the past financial year with the cost of attacks on small businesses rising on average to $46,000. The report flagged that attacks on federal government agencies and critical infrastructure have also increased, with state-sponsored cyber hacks pinned as a serious concern.

AUKUS deal a ‘target’ for state-sponsored hackers, ASD warns

The Australian

Ben Packham

The nation’s cyber spy agency says the AUKUS nuclear submarine partnership has made Australia’s defence sector a prime target for state-sponsored hackers, amid a jump in cyber attacks threatening national security and compromising key government services. The Australian Signals Directorate 2022-23 cyber threat report reveals a 23 per cent surge in cyber crimes reported to the agency to 94,000 – about one every six minutes – and a 14 per cent increase in the average cost of attacks.

Identity of ‘third party’ that brought down Optus network revealed

The Sydney Morning Herald

David Swan and Ben Grubb

The unnamed “international peering network” that Optus said had contributed to its 16-hour-long network meltdown last week was its Singaporean parent company Singtel, it can be revealed. The embarrassing revelation comes as it can also be revealed a key executive, who left Canadian telco Rogers Communications less than two weeks after it last year suffered an almost identical outage to Optus, is now working for Singtel.

Cyber spy agency wants lawyers ‘out of the room’ when crisis strikes

Australian Financial Review

Jacob Greber

Australia’s top cyber spy agency has found itself in the perverse position of obtaining greater assistance from its US counterpart when trying to help local victims of cyberattacks, which have soared over the last year. The unintended outcome is the result of what has been described as a “disturbing trend” in which efforts by the Australian Signals Directorate to help companies under duress from ransomware and other crimes end up hampered by company lawyers primarily concerned with future damages claims or regulatory action.

Australia will now need 1.3m tech workers by 2030: ACS

InnovationAus

Brandon How

The Australian Computer Society expects the economy will require at least 100,000 more tech workers than is currently targeted by the federal government by 2030 to capitalise on nine critical technologies that are expected to shape the workforce. The current target of reaching a tech worker population of 1.2 million by 2030 was initially proposed by the Technology Council of Australia and adopted by Labor ahead of last year’s election.

Telstra plans $1.6b fibre network upgrade to connect cities

Australian Financial Times

Tess Bennett

Australia’s biggest telco is supersizing its plan to connect Australian cities with a high-speed fibre network at a cost of up to $1.6 billion, laying the groundwork for cabling that underpins new data centres and cutting-edge customer applications in AI. Telstra chief executive Vicky Brady on Tuesday revealed detailed planning is under way for an additional five routes in the intercity fibre project first revealed last year, including adding a direct link between Darwin and Adelaide by 2026-27.

China

China is using the world’s largest known online disinformation operation to harass Americans, a CNN review finds

CNN

Donie O'Sullivan, Curt Devine and Allison Gordon

The Chinese government has built up the world’s largest known online disinformation operation and is using it to harass US residents, politicians, and businesses—at times threatening its targets with violence, a CNN review of court documents and public disclosures by social media companies has found. The onslaught of attacks – often of a vile and deeply personal nature – is part of a well-organized, increasingly brazen Chinese government intimidation campaign targeting people in the United States, documents show.

Hikvision wins project requiring Ramadan alerts against minorities

IPVM

Hikvision won a PRC 'Smart Campus' system that alerts when ethnic minority students are suspected of fasting for Ramadan. Hikvision responded by admitting it won the project but alleging, without evidence, that these alerts were never actually developed/deployed. Similarly, Hikvision recently blamed an employee for Hikvision including minority detection tech in its latest software. Hikvision has not offered any explanation for a $6 million contract explicitly requiring Hikvision Uyghur recognition that we reported on earlier this year.

How China took over the world’s online shopping carts

Rest of World

Viola Zhou, Caiwei Chen, Lais Martins and Ester Christine Natalia

China has been “the world’s factory” for decades, with made-in-China goods reaching global consumers through foreign brands, shops, or sites like Amazon. And the country has had a vibrant domestic e-commerce sector, with companies like Alibaba and JD.com growing into juggernauts. But recently, Chinese-owned shopping platforms have begun looking beyond China’s borders. Temu joins ultrafast-fashion platform Shein and TikTok’s shopping feature TikTok Shop to herald a new, global era for Chinese e-commerce.

Huawei Mate 60 Pro teardown reveals 47% Chinese parts in phone

Nikkei Asia

Masaharu Ban and Nami Matsuura

Huawei Technologies is increasingly sourcing components for its smartphones in China, with a teardown of the recently released Mate 60 Pro showing Chinese parts constituting 47% on a value basis -- up 18 percentage points from a model analyzed three years ago. Nikkei, together with research firm Fomalhaut Techno Solutions, disassembled Huawei's high-end smartphone to analyze component costs. The Mate 60 Pro was released in August for the Chinese market. The manufacturer of each component was identified, with the share of overall cost calculated by country.

USA

China receives US equipment to make advanced chips despite new rules-report

Reuters

Alexandra Alper

Chinese companies are buying up US chipmaking equipment to make advanced semiconductors, despite a raft of new export curbs aimed at thwarting advances in the country's semiconductor industry, a congressional report said on Tuesday. The 741 page annual report, released by the House of Representative's bipartisan select committee on China, takes aim at the Biden administration's Oct. 2022 export curbs, which seek to bar Chinese chipmakers from getting US chipmaking tools if they would be used to manufacture advanced chips at the 14 nanometer node or below.

New partnership with Indonesia to explore semiconductor supply chain opportunities

US Department of State

The US State Department will partner with the Government of Indonesia to explore opportunities to grow and diversify the global semiconductor ecosystem under the International Technology Security and Innovation Fund, created by the CHIPS Act of 2022. This partnership will help create a more resilient, secure, and sustainable global semiconductor value chain.

CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’

The Record

Jonathan Greig

The leading cybersecurity agencies in the US released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand. In June, BleepingComputer reported that Royal ransomware had added the BlackSuit encryptor to its arsenal, echoing reports from TrendMicro and other cybersecurity researchers that the gang was preparing for a rebrand following increased law enforcement scrutiny following its high-profile attack on the city of Dallas in May.

Ukraine - Russia

Yandex to fully divest Russian assets and distribute proceeds

Bloomberg

Yandex plans to sell its entire Russian business, including the nation’s most popular search engine, after its founder’s criticism of the war in Ukraine made potential investors wary of a partnership with the Dutch-domiciled parent company. A group of Russian tycoons that’s bidding for the assets wants a full break with the Dutch entity, according to three people familiar with the plans who asked not to be identified because the information isn’t public. Talks previously focused on the sale of a majority stake in Yandex’s Russian unit, which generates most of the company’s revenue.

Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers

The Record

Daryna Antoniuk

Russian state-sponsored hackers have targeted embassies and international organizations in a recent cyber-espionage campaign, Ukrainian government cybersecurity researchers have found. The attacks were attributed to the infamous hacker group labeled APT29, also known as Cozy Bear or Blue Bravo. Analysts previously have linked it to Russia's Foreign Intelligence Service, which gathers political and economic information from other countries.

UK

NCSC warns of enduring and significant threat to UK's critical infrastructure

National Cyber Security Centre

The UK's cyber chief has today signalled that the threat to the nation’s most critical infrastructure is ‘enduring and significant’, amid a rise of state-aligned groups, an increase in aggressive cyber activity, and ongoing geopolitical challenges. In its latest Annual Review, published today, the National Cyber Security Centre – which is a part of GCHQ – warned that the UK needs to accelerate work to keep pace with the changing threat, particularly in relation to enhancing cyber resilience in the nation’s most critical sectors.

Private UK health data donated for medical research shared with insurance companies

The Guardian

Shanti Das

Sensitive health information donated for medical research by half a million UK citizens has been shared with insurance companies despite a pledge that it would not be. An Observer investigation has found that UK Biobank opened up its vast biomedical database to insurance sector firms several times between 2020 and 2023. The data was provided to insurance consultancy and tech firms for projects to create digital tools that help insurers predict a person’s risk of getting a chronic disease. The findings have raised concerns among geneticists, data privacy experts and campaigners over vetting and ethical checks at Biobank.

Top German journalist received €600,000 from Putin ally, leak reveals

The Guardian

Kate Connolly, Timo Schober, Bastian Obermayer and Frederik Obermaier

A leading western journalist who has long been considered one of Germany’s top independent experts on Russia received at least €600,000 (£522,000) in undisclosed offshore payments from companies linked to an oligarch close to Vladimir Putin, leaked files have revealed. Hubert Seipel, an award-winning film-maker and author, was paid money in instalments, which documents suggest was to support his work on two books he wrote that chart Putin’s rise to power and offer portrayals described by many as sympathetic to the Russian president.

Middle East

Pro-Palestinian hacking group evolves tactics amid war

CyberScoop

AJ Vicens

A long-running pro-Palestinian cyber espionage group known for its targeted campaigns has attempted in recent months to spy on governments in the Middle East using a new tool to gain initial access to targeted systems, researchers with cybersecurity firm Proofpoint said Tuesday. The group’s hacking activities, including highly focused phishing campaigns targeting no more than five entities in any given campaign and the deployment of a new access method, continued through the month of October, indicating that the current conflict in Gaza has not significantly disrupted the group Proofpoint tracks as TA402.

NZ & Pacific Islands

New Zealand's Ardern drafts AI in the fight against extremist content

Axios

Ryan Heath

AI companies including OpenAI and Anthropic have signed up to suppress terrorist content, joining the Christchurch Call to Action — a project started by French President Emmanuel Macron and then New Zealand Prime Minister Jacinda Ardern in the wake of the 2019 mass killing at a Christchurch, N.Z. mosque.

Gender & Women in Tech

After viral sexist post, women in start-ups say worse issues are buried

Australian Financial Review

Jessica Sier and Nick Bonyhady

Diversity “might be the dumbest shit of the entire century”, wrote Sam Joel, an Australian crypto start-up founder on LinkedIn. And then later, in response to a post by technology communications firm founder Hannah Moreno: “Would bang you then abortion.” Within minutes of publishing a report on Joel’s behaviour this week, The Australian Financial Review received a rush of messages from women with stories detailing how they were undermined, downtrodden and mocked by their male colleagues.

Tech's invisible women

Capital Brief

Bronwen Clune

Women in tech have been erased for as long as we’ve been here — that is, since the beginning. It happens in ways that do incredible harm in the fight for equality, which are often more subtle and harmful than we are willing to acknowledge because they poke at complex and difficult things we need to fix — and often don’t make headlines.

Big Tech

X is leaving up antisemitic and Islamophobic hate, new report shows

TechCrunch

Taylor Hatmaker

In the midst of escalating conflict in the Middle East, X is failing to moderate hate speech on its platform that promotes antisemitic conspiracies, praises Hitler and dehumanizes Muslims and Palestinians. In new research, the Center for Countering Digital Hate, a nonprofit that researches online hate and extremism, collected a sample of 200 X posts across 101 accounts that featured hate speech. Each post was reported on the platform on October 31 using X’s reporting tools and either “directly addressed the ongoing conflict, or appeared to be informed by it.”

YouTube creators will soon have to disclose use of gen AI in videos or risk suspension

Associated Press

YouTube is rolling out new rules for AI content, including a requirement that creators reveal whether they’ve used generative AI to make realistic looking videos. In a blog post Tuesday outlining a number of AI-related policy updates, YouTube said creators that don’t disclose whether they’ve used AI tools to make “altered or synthetic” videos face penalties including having their content removed or suspension from the platform’s revenue sharing program.

What Google argued to defend itself in landmark antitrust trial

The New York Times

Nico Grant and David McCabe

Over the past two and a half weeks, Google has called a dozen witnesses to defend itself against claims by the Justice Department and a group of state attorneys general that it illegally maintained a search and advertising monopoly, in a landmark antitrust case that could reshape tech power. Google’s lawyers are set to wrap up their arguments in the case — US et al. v. Google — on Tuesday, which will be followed by a government rebuttal. Judge Amit P. Mehta of US District Court for the District of Columbia, who is presiding over the nonjury trial, is expected to deliver a verdict next year after both sides summarize their cases in writing and deliver closing arguments.

Google sends a third of Safari ad revenue to Apple

BBC

New detail on just how much Google is willing to pay to be a go-to search engine has slipped out in court in the US, where the tech giant is on trial defending itself from monopoly claims. An expert testifying on behalf of Google said it sends 36% of the advertising revenue it makes on Apple's Safari web browser to the iPhone maker. The relationship between the two firms is at the heart of the monopoly case.

Artificial Intelligence

OpenAI’s six-member board will decide ‘when we’ve attained AGI’

Venture Beat

Sharon Goldman

According to OpenAI, the six members of its nonprofit board of directors will determine when the company has “attained AGI” — which it defines as “a highly autonomous system that outperforms humans at most economically valuable work.” Thanks to a for-profit arm that is “legally bound to pursue the Nonprofit’s mission,” once the board decides AGI, or artificial general intelligence, has been reached, such a system will be “excluded from IP licenses and other commercial terms with Microsoft, which only apply to pre-AGI technology.”

Giant AI platform introduces ‘bounties’ for deepfakes of real people

404 Media

Emanuel Maiberg

Civitai, an online marketplace for sharing AI models that enables the creation of nonconsensual sexual images of real people, has introduced a new feature that allows users to post “bounties.” These bounties allow users to ask the Civitai community to create AI models that generate images of specific styles, compositions, or specific real people, and reward the best AI model that does so with a virtual currency users can buy with real money.

Jeremy Howard taught AI to the world and helped invent ChatGPT. He fears he's failed

ABC News

James Purtill

AI models trained on the contents of the internet have become our magical writing and research tools. Some even believe these large language models show signs of human-level intelligence. And yet Mr Howard, who's credited with making an important contribution to nautral language processing, worries his life's work is a failure. He's watched AI technology fall under the control of a few big companies. "It's looking like we might have failed," he says.

Does AI lead police to ignore contradictory evidence?

The New Yorker

Eyal Press

In 2016, the Center on Privacy and Technology, at Georgetown University Law Center, published a report, “The Perpetual Line-Up,” which estimated that the faces of a hundred and seventeen million Americans were in facial-recognition databases that state and local law-enforcement agencies could access. Many of these images came from government sources—driver’s-license photographs, mug shots, and the like. Other pictures came from sources such as surveillance cameras and social media. In the years since the report’s publication, the technology has only grown more ubiquitous, not least because selling it is a lucrative business, and AI companies have successfully persuaded law-enforcement agencies to become customers.

Misc

New breed of supercomputer aims for the two quintillion mark

The Wall Street Journal

Scott Patterson

Inside a vast data center on the outskirts of Chicago, the most powerful supercomputer in the world is coming to life. The machine will be able to analyze connections inside the brain and help design batteries that charge faster and last longer. Called Aurora, the supercomputer’s high-performance capabilities will be matched with the latest advances in AI. Together they will be used by scientists researching cancer, nuclear fusion, vaccines, climate change, encryption, cosmology and other complex sciences and technologies.

It’s the end of industries as we know them, dissolved by technology

Forbes

Joe MCKendrick

It’s the end of industries as we know them, dissolved in large part by technology, as documented in the survey of 500 companies conducted and published by Deloitte. At least 70% of executives believe their business has an asset that could be monetized outside of their sector. Another one-third report spending more than five of revenue on growth outside their industry or sector.

If you created a bitcoin wallet before 2016, your money may be at risk

The Washington Post

Joseph Menn

After a tech entrepreneur and investor lost his password for retrieving more than $600,000 in bitcoin and hired experts to break open the wallet where he kept it, they failed to help him. But in the process, they discovered a way to crack enough other software wallets to steal $1 billion or more. On Tuesday, the team released information about how they did it. They hope it’s enough data that the owners of millions of wallets will realize they are at risk and move their money, but not so much data that criminals can figure out how to pull off what would be one of the largest heists of all time.

Increasing access to assistive technology and rehabilitation for people living with diabetes

World Health Organisation

Assistive technology and rehabilitation play an important role in addressing some of the complications associated with diabetes. For example, a person with diabetes can benefit from rehabilitation involving aerobic, resistance, flexibility, balance and walking exercises for improved sensation, blood flow, joint mobility, mobility and diabetes control in general. A person with a diabetic foot ulcer may require an assistive product such as a rigid removable boot, walking stick or therapeutic footwear, to promote ulcer healing, whilst maintaining mobility.

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.