Global chip shortage creates fake part market | UK spies shift focus back to China and Russia | US votes to remove Chinese telecom equipment amidst national security concerns
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
The global chip shortage has created a gold mine for bad actors. Businesses in need of chips are taking supply-chain risks they wouldn’t have considered before, only to find that what they buy doesn’t work. Dubious sellers are buying ads on search engines to lure desperate buyers. Sales of X-ray machines that can detect fake parts have boomed. Wall Street Journal
The Sept. 11, 2001 attacks on the United States made tackling terrorism the biggest priority for Western intelligence agencies, with vast resources being focused on the threat from home-grown and foreign-based militants. But the growing assertiveness of post-Soviet Russia, the rise of China, and Iran's sometimes daring espionage has forced the West's spies to return their focus to counter-intelligence, or spies tracking, countering and tackling other spies. Reuters
In a unanimous vote on Tuesday, the Federal Communications Commission finalized a $1.9 billion program to rip and replace equipment from Chinese telecom companies considered national security risks by the U.S. government. The program is meant to subsidize the cost for small telecommunications companies in the U.S. to replace gear from firms like Huawei and ZTE in an effort to secure U.S. networks. CNBC
ASPI ICPC
As Australia’s strategic environment changes, foreign policy funding must change too (part 2)
The Strategist
@DaniellesCave @FergusHanson
In part 1 of this series, we talked about Australia’s rapidly changing strategic environment. In this follow-up, we focus on ways that Australia’s foreign policy funding models should adapt to accommodate to this new environment.
Read part 1 of this series by Danielle Cave and Fergus Hanson here.
Exfiltrate, encrypt, extort: the global rise of ransomware and Australia’s policy options
The Strategist
@rachael_falk @ALBrownAus
In a new policy report for ASPI’s International Cyber Policy Centre, Anne-Louise Brown and I argue that there’s a policy vacuum in Australia that makes it an attractive market for ransomware attacks, and that the problem will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed..There needs to be greater clarity regarding the legality of ransomware payments, increased transparency when attacks do occur, the adoption of a mandatory reporting regime and incentivisation for businesses to bolster their cyber defences through tax, procurement and subsidy measures. Australia would also benefit from the establishment of a dedicated cross-departmental ransomware taskforce, similar to that recently launched by the US Department of Justice.
Australian companies 'soft targets' for ransomware attacks
ABC Radio National
There have been calls for the Federal Government to take a more aggressive approach, including not criminalising companies that pay ransoms and making it mandatory for companies to report attacks.
Read our new report, Exfiltrate, encrypt, extort.
World
Chip Shortage Has Spawned a Surplus of Fraudsters and Fake Parts
Wall Street Journal
@stephanieayang
The global chip shortage has created a gold mine for bad actors. Businesses in need of chips are taking supply-chain risks they wouldn’t have considered before, only to find that what they buy doesn’t work. Dubious sellers are buying ads on search engines to lure desperate buyers. Sales of X-ray machines that can detect fake parts have boomed.
REvil drops from sight online after Kaseya hack
The Washington Post
@nakashimae @rachelerman @GerritD
A cybercriminal group that took responsibility for a massive ransomware attack that affected hundreds of businesses this month has disappeared from sight online. REvil, which is thought to be based in Russia, was not in its usual places on the “dark web” and the regular Internet on Tuesday.
Australia
Reddit defends how it tackles misinformation as it opens Australian office
The Guardian
@joshgnosis
The head of social news aggregator Reddit has argued its own community and administrators are the best moderator against misinformation, as the company plans to open an office in Australia for the first time.
Macquarie Telecom goes all in to bridge cyber expert gap
Financial Review
@LucasBairdAus
Macquarie Telecom is plotting to break ground on its largest data centre in Australia by late 2023, which will include a new cyber security facility to train up the next generation of specialists as the government and corporate sectors become increasingly aware of their digital vulnerabilities.
China
Chinese government lays out new vulnerability disclosure rules
The Record
@campuscodi
The Chinese government has published new regulation on Tuesday laying out stricter rules for vulnerability disclosure procedures inside the country’s borders. The new rules include controversial articles, such as ones introducing restrictions to prevent security researchers from disclosing bug details before a vendor had a reasonable chance to release fixes and the mandatory disclosure of bug details to state authorities within two days of a bug report.
Global investors’ exposure to Chinese assets surges to $800bn
The Financial Times
The drive into China’s markets by global investors has come despite tensions between Beijing and Washington over issues from corporate audits to Beijing’s repression of Uyghurs in Xinjiang, which the US has labelled genocide. It has also coincided with a crackdown by Beijing on Chinese listings in US capital markets, including a probe into data security at ride-hailing group Didi Chuxing announced just days after its $4.4bn New York listing.
Notepad++ drops Bing after "tank man" censorship fiasco
Bleeping Computer
@serghei
Don Ho, the creator of Notepad++, one of the most popular open-source Notepad replacements, revealed on GitHub that the motivation behind this decision is Bing censoring results for 'tank man' instead of doing "its job." Seemingly censoring references to China's 1989 crackdown on Tiananmen Square protests.
USA
FCC finalizes program to rip and replace Huawei, ZTE equipment in US
CNBC
@lauren_feiner @amanda_m_macias
In a unanimous vote on Tuesday, the Federal Communications Commission finalized a $1.9 billion program to rip and replace equipment from Chinese telecom companies considered national security risks by the U.S. government.
Twitter sees jump in govt demands to remove content of reporters, news outlets
Reuters
@Sheila_Dang @eculliford
Twitter Inc saw a surge in government demands worldwide in 2020 to take down content posted by journalists and news outlets, according to data released by the social media platform.
Here's a Look Inside Facebook's Data Wars
The New York Times
@kevinroose
Executives at the social network have clashed over CrowdTangle, a Facebook-owned data tool that revealed users’ high engagement levels with right-wing media sources.
Facebook plans to pay creators $1 billion to use its products.
The New York Times
@TaylorLorenz
Facebook is setting up a program to pay $1 billion to creators through the end of 2022, Mark Zuckerberg, Facebook’s chief executive, said on Wednesday, part of an effort to woo influencers onto its platforms.
Facebook staffers were told by execs to scrap any mention of Russia in a 2017 white paper on the platform's security concerns: 'We started to feel like we were part of a cover-up'
Business Insider
@SarahM_Jackson
Early drafts of a 2017 Facebook white paper on security concerns included mentions about Russia’s role before company executives decided it was “politically unwise” and told them to remove it, a new book says.
What Can Government Do as Cyber Insurance Costs Increase?
GovTech
@JPattisonGordon
Forrester senior analyst Alla Valente told Government Technology that businesses of all stripes may start to find that they need to obtain cyber insurance or risk losing potential customers. At the same time, rising cyber threats have led insurers to raise prices and be choosier about who they’re willing to cover.
South-East Asia
Cyberattacks with links to Chinese-speaking group target PH gov't entities – Kaspersky
Rappler
@gelogonzales86
Russian cybersecurity firm Kaspersky on Wednesday, July 14, said it had discovered "a rare, widescale advanced persistent threat (APT) campaign against users in Southeast Asia, most notably Myanmar and the Philippines."
UK
Two decades after 9/11, British spies turn focus back to Russia and China
Reuters
@GuyReuters
Britain's top domestic spymaster cautioned citizens on Wednesday to treat the threat of spying from Russia, China and Iran with as much vigilance as terrorism, in a shift of focus back to counter-espionage nearly two decades after the 9/11 attacks. The growing assertiveness of post-Soviet Russia, the rise of China, and Iran's sometimes daring espionage has forced the West's spies to return their focus to counter-intelligence, or spies tracking, countering and tackling other spies. Security Service (MI5) Director General Ken McCallum said foreign spies killed, stole technology, sought to corrupt public figures, sow discord and attack infrastructure with potentially devastating cyberattacks.
UK Sovereignty must not be for sale
UK Parliament
The Foreign Affairs Committee today publishes its Report Sovereignty for sale: the FCDO's role in protecting strategic British assets. The report concludes that while the UK is - and should remain - an open, stable and attractive environment for foreign investors, as well as highlighting foreign investment as an essential contributor to the UK economy, acquisitions by foreign entities can serve as the first step towards moving strategically vital companies, assets and intellectual property abroad.
UK spy chief: hostile powers not behind racist attacks on soccer
Reuters
The Premier League's data from their monitoring of abuse against players has shown that around 70% of cases involve abuse coming from social media users outside of the United Kingdom, a league source told Reuters on Tuesday. "Much of that kind of racist abuse that is out there is not itself the particular form of targetted state-led disinformation that would directly be a professional concern for my organisation," Security Service (MI5) Director General Ken McCallum told reporters.
Europe
German privacy body probes German lab's use of BGI prenatal tests
Reuters
One of Germany's regional data protection regulators on Wednesday said it was probing lab operator Eluthia GmbH's use of Chinese gene company BGI Group's prenatal blood tests and services on suspicion of breaches of data protection rules.
Russia
Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
VICE
@lorenzofb
A new report by Google researchers details a hacking campaign by “likely Russian government-backed” hackers targeting European government officials.
Cyber Capacity Building
Filling the gaps: The story of APAC’s cyber capacity building
Back End News
@genie_sg
For cybercriminals, countries in the Asia Pacific (APAC) region have not fallen off the radar. If anything, cyber gangs are stepping up their campaigns in the region, which continues to attract more and more investments in supply chains and logistics. Unfortunately, not all countries have the capacity to tackle cyber threats adequately. Laying the foundation for an organization’s cyber-resiliency starts with having a cyber-capacity-building program in place and cultivating a culture of cooperation among all stakeholders.
Misc
Protecting from the cyber kill chain evolution
Intelligent CIO
Alix Pressley
As cybercriminals ramp up their approach, organisations must implement an effective incident response plan to identify, analyse and mitigate attacks. Chris Vaughan, AVP – Technical Account Management, EMEA Tanium, discusses going back to basics and putting an efficient plan in place.
Inside the Industry That Unmasks People at Scale
Vice
@josephfcox
Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.
Events
Indigenous Cyber and Digital Skills Conference
ASPI’s IndigiCyber, Defence and Space Program
This half-day conference will canvas a range of curriculum and engagement initiatives in cyber-security and STEM as well as government and industry responses to both support those already in work, and to attract diverse candidates. What can defence, and defence-related sectors, do to support the next generation of technology champions? 23 Jun 2021 9:00 am - 1:00 pm
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
ASPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies. 27 July 2021 5:00 pm - 6:00 pm
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.