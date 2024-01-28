Good morning. It's Monday 29th January.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.

Follow us on Twitter and on LinkedIn.

Who is the hacker being linked to the Medibank cyberattack? The government has named 33-year-old Aleksandr Gennadievich Ermakov, a Russian citizen, IT worker and alleged cybercriminal, in new sanctions legislation in connection with the most damaging cyberattack on Australians in 2022. The Guardian

A form of cybercrime called “financial sextortion” is rapidly rising in North America and Australia, with a major portion driven by a non-organized cybercriminal group in West Africa who call themselves “Yahoo Boys,” according to a new study from the Network Contagion Research Institute (NCRI). NBC News

The Biden administration is preparing to use the Defense Production Act to compel tech companies to inform the government when they train an AI model using a significant amount of computing power. The rule could take effect as soon as next week. WIRED

Australia

Shadowy world of ransomware-for-hire revealed by online account activity linked to the Medibank hack

The Guardian

Josh Taylor

Who is the hacker being linked to the Medibank cyberattack? The government has named 33-year-old Aleksandr Gennadievich Ermakov, a Russian citizen, IT worker and alleged cybercriminal, in new sanctions legislation in connection with the most damaging cyberattack on Australians in 2022. When the UK, the US and Australia announced sanctions against him this week over the ransom attack, they released details of several aliases he operated under. Experts have now pieced together the online history of the accounts said to be linked to Ermakov, revealing a broader picture of his alleged cybercrime activity in the years leading up to the Medibank attack.

Major update on Medibank cyber attack

7News

Penny Wong on Sunrise

Australia has used cyber sanction powers on the Russian man responsible for leaking the private information of millions of Australians.

Cybercriminals having ‘field day’: Credential stuffing attacks set to soar

WAtoday

David Swan

Cybersecurity professionals are bracing for a surge in attacks where hackers use stolen passwords to make fraudulent purchases online, saying recent data breaches mean more businesses will join The Iconic, Dan Murphy’s and Event Cinemas in suffering financial losses. Industry insiders told this masthead that cybercriminals are having a field day with Australian usernames and passwords, which are being bought and sold on the dark web after being stolen in data breaches.

Orro & SentinelOne launch XDR service for Australian SMEs

IT Brief Australia

Sean Mitchell

Orro, Australia's premier secure network and digital infrastructure provider, is boosting its cybersecurity portfolio for small and medium-sized businesses by adding an Extended Detection and Response (XDR) service. This new platform is powered by SentinelOne, an international leader in AI-powered security. The service aims to heighten cyber resilience and facilitate regulatory compliance among SMEs, who are often more susceptible to cyber threats than larger enterprises.

BoM scientist sacked for secretly working from overseas

The Australian Financial Review

David Marin-Guzman

A Bureau of Meteorology scientist has failed to get his job back after he was sacked for secretly working overseas for several weeks while telling his bosses he was working from home.

St Vincent's Health confirms no personal data stolen in cyberattack

9News

Richard Wood

St Vincent's Health has confirmed no sensitive personal information was stolen during a cyberattack late last year after the company finished its investigation of the incident. Australia's largest not-for-profit health and aged care provider today provided an update on last December's hack. External experts CyberCX completed their forensic investigation into St Vincent's Health data that was accessed or stolen by the cybercriminals.

Security ties, banking help on the agenda for high-stakes Nauru visit

The Sydney Morning Herald

David Crowe

Australia will move to tighten its security ties with Nauru and help it tackle a looming crisis with its banking system in a high-stakes visit to the island nation after it switched diplomatic recognition from Taiwan to China. Minister for the Pacific Pat Conroy will arrive in Nauru on Tuesday on a mission to help the country deal with the closure of its only bank and discuss more defence co-operation at a time of growing Chinese influence across the region.

Anthony Albanese’s security pact with Tuvalu ‘at risk’

The Australian

Ben Packham and Will Glasgow

Anthony Albanese’s much-vaunted “Falepili Union” security pact with Tuvalu is on shaky ground following the fall of the country’s prime minister, and may not survive in its current form. Kausea Natano, who negotiated the security and climate change treaty with Australia, lost his seat in counting over the weekend in the country’s general election. Those lining up to replace him want the agreement renegotiated or scrapped, while the country’s diplomatic relationship with Taiwan also hangs in the balance.

Tuvalu's leader has lost his seat. Here's what it could mean for Taiwan — and Australia

SBS News

SBS News

The pro-Taiwan leader of the Pacific islands nation of Tuvalu, Kausea Natano, has lost his seat in an election closely watched by Taiwan, China and the US, partial results showed. Tuvalu, with a population of about 11,200 spread across nine islands, is one of three remaining Pacific allies of Taiwan, after Nauru cut ties this month and switched to Beijing, which had promised more development help.

USA

OpenAI and other tech giants will have to warn the US Government when they start new AI projects

WIRED

Will Knight

The Biden administration is preparing to use the Defense Production Act to compel tech companies to inform the government when they train an AI model using a significant amount of computing power. The rule could take effect as soon as next week. The new requirement will give the US government access to key information about some of the most sensitive projects inside OpenAI, Google, Amazon, and other tech companies competing in AI. Companies will also have to provide information on safety testing being done on their new AI creations.

Tech industry leaders and White House clash over plan for improved cloud security

The Record by Recorded Future

Suzanne Smalley

The Biden administration is moving forward with a plan to enhance cloud infrastructure security by requiring companies to collect personal information from users, despite intensifying backlash from executives at Amazon and other tech giants.

U.S takes the China chip war to the next level - will soon stop Chinese companies from using American clouds for AI training

Tom's Hardware

Anton Shilov

The U.S. government is introducing a proposal to prevent foreign entities, particularly from China, from using U.S. cloud computing for AI model training, the U.S. Commerce Secretary Gina Raimondo announced this week, reports Reuters. The Biden administration sees it as an effort to safeguard national security and the U.S. technological superiority. Meanwhile, Chinese entities can still access services deployed in Europe and the Middle East.

Navy looking to increase cyber partnerships with foreign nations

DefenseScoop

Mark Pomerleau

The Navy wants to increase its collaboration in the cyber domain with allies and other international partners to improve interoperability and the sharing of tactics. The department’s first cyber strategy, released in November, calls for greater cooperation between the organization and foreign countries. “We will engage with Allied and friendly nations to exchange best practices, share appropriate information, and coordinate our efforts in cyberspace,” it states. Officials noted that there is a lot to be gained, in terms of tactics and tools, through greater partnership.

Hewlett Packard Enterprise suffered cyber breach over months last year

The Wall Street Journal

Ben Glickman

In a regulatory filing, Houston-based HPE said it became aware of the intrusion in December, adding that it suspected a nation-state actor, believed to be the Russia-backed Midnight Blizzard, had gained access to the company’s cloud-based email system. HPE said it believed the hacker group accessed and transferred data beginning in May 2023 from the mailboxes of various people in its cybersecurity, go-to-market, business segments and other functions.

EquiLend, a securities lending platform, hit by cyberattack

The Wall Street Journal

James Rundle

EquiLend Holdings, a financial technology company at the center of the securities-lending market, said hackers took several of its systems offline this week, and added that restoring them may take days. In a statement, the company said its systems were knocked out by a “technical issue” on Monday, and an investigation later determined a cyberattack was the cause.

Europe

Sweden’s Riksbank turns to police as cyber attack hits IT firm

Bloomberg

Niclas Rolander

Sweden’s central bank has filed a police report after some of its IT systems were rendered inaccessible by a ransomware attack that has crippled customers of Finnish software company Tietoevry Oyj since last weekend. The Riksbank’s human resources and payroll systems were still out of service on Thursday following the attack, according to a spokesperson. A large number government agencies and private companies in Sweden have been hit, including the country’s parliament and its biggest cinema chain.

Big Tech

Sextortion training materials found on TikTok, Instagram, Snapchat and YouTube, according to new report

NBC News

Lora Kolodny

A form of cybercrime called “financial sextortion” is rapidly rising in North America and Australia, with a major portion driven by a non-organized cybercriminal group in West Africa who call themselves “Yahoo Boys,” according to a new study from the Network Contagion Research Institute (NCRI). Despite increasing amounts of reported sextortion online over the last several years, the NCRI researchers say that platforms used by Yahoo Boys and other threat actors have been slow to moderate their materials or make changes that could help curb the spread of sextortion.

Security experts just found two giant smartphone privacy issues

Digital Trends

Nadeem Sarwar

A deep investigation by 404 Media, uncovered a company called Patternz is weaponizing the ad delivery system on smartphones to extract information through apps and then send it to bidders. The report described Patternz as “a secretive spy tool that can track billions of phone profiles through the advertising industry.” Patternz uses a pipeline in popular apps like 9Gag and a bunch of popular caller ID apps to do its nefarious jobs. Patternz reportedly told its clients that it can monitor virtually any app that is capable of running ads.

X Halts Taylor Swift searches after explicit AI images spread

The Wall Street Journal

Ginger Adams Otis

Social-media platform X blocked searches about Taylor Swift days after explicit, digitally fabricated fakes of the singer began proliferating on the site. “Posts aren’t loading right now,” an automated message said on Saturday in reply to a search query of the pop star’s name. “Try again later.” Joe Benarroch, head of business operations at X, said Saturday in response to questions about Swift searches: “This is a temporary action and done with an abundance of caution as we prioritize safety on this issue.”

Instagram to scan under-18s’ messages to protect against ‘inappropriate images’

The Guardian

Alex Hern and Dan Milmo

Instagram will begin scanning messages sent to and from under-18s to protect them from “inappropriate images”, Meta has announced. The feature, being kept under wraps until later this year, would work even on encrypted messages, a spokesperson said, suggesting the company intends to implement a so-called client-side scanning service for the first time. But the update will not meet controversial demands for inappropriate messages to be reported back to Instagram servers.

Musk’s X pledges 100-Person office in Texas to police content

Bloomberg

Kurt Wagner

Elon Musk’s X, the company formerly known as Twitter, is planning to build a new “Trust and Safety center of excellence” in Austin, Texas, to help enforce its content and safety rules. The company aims to hire 100 full-time content moderators at the new location, according to Joe Benarroch, head of business operations at X. The group will focus on fighting material related to child sexual exploitation, but will help enforce the social media platform’s other rules, which include restrictions on hate speech and violent posts, he added. The company did not specify when this new center will be operational.

Microsoft explains how Russian hackers spied on its executives

The Verge

Tom Warren

While Microsoft didn’t provide many details on how the attackers gained access in its initial SEC disclosure late on Friday, the software maker has now published an initial analysis of how the hackers got past its security. It’s also warning that the same hacking group, known as Nobelium or as the “Midnight Blizzard” weather-themed moniker Microsoft refers to them, has been targeting other organizations.

A last-ditch plan to save the crypto industry

WIRED

Joel Khalili

Dixon’s new book, Read Write Own: Building The Next Era of the Internet, argues that despite all the drama, scams, and lost fortunes, blockchain technology is morally neutral. He asserts that regulators must discriminate between dangerous misapplication and productive experimentation to avoid squandering the technology’s potential benefits. The book is a self-interested caution against overcaution—please don’t throw out the blockchain baby with the grimy crypto bathwater.

Midnight Blizzard: Guidance for responders on nation-state attack

Microsoft

Microsoft Threat Intelligence

Microsoft was able to identify these attacks in log data by reviewing Exchange Web Services (EWS) activity and using our audit logging features, combined with our extensive knowledge of Midnight Blizzard. In this blog, we provide more details on Midnight Blizzard, our preliminary and ongoing analysis of the techniques they used, and how you may use this information pragmatically to protect, detect, and respond to similar threats in your own environment.

Apple (sort of) removes its requirement that apps offer ‘Sign in with Apple’ support

9to5Mac

Chance Miller

There’s another small but notable change coming to the App Store. Apple has revised its App Store guidelines to remove the requirement that apps using third-party log-in options such as Google, Facebook, and Twitter must also use Sign in with Apple. There is, however, a big asterisk to this change. While developers aren’t technically required to use Sign in with Apple, they are required to offer an “additional login service with certain privacy features.”

Samsung to integrate Baidu’s AI model into new Galaxy S24 handsets, as mainland Chinese rivals push new smartphones with similar tech

South China Morning Post

Iris Deng

Samsung Electronics has teamed up with Baidu to integrate the Chinese internet giant’s large language model (LLM) – the technology behind chatbots like ChatGPT – into the South Korean company’s latest flagship 5G device, marking a renewed push into the world’s largest smartphone market where domestic rivals are set to launch handsets with artificial intelligence (AI) features.

23andMe data breach: Hackers stole raw genotype data, health reports

Bleeping Computer

Sergiu Gatlan

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms. As the genomics and biotechnology company disclosed in data breach notification letters sent to those impacted in the incident, some of the stolen data was posted on the BreachForums hacking forum and the unofficial 23andMe subreddit site.

Hackers target WordPress database plugin active on 1 million sites

Bleeping Computer

Bill Toulas

Malicious activity targeting a critical severity flaw in the ‘Better Search Replace’ WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours. The security issue stems from deserializing untrusted input and allows unauthenticated attackers to inject a PHP object. Successful exploitation could lead to code execution, access to sensitive data, file manipulation or deletion, and triggering an infinite loop denial of service condition.

Update your Cisco products now: Critical security flaw lets hackers hijack software

Tom's Guide

Alyse Stanley

Cisco issued a warning this week that some of its most widely used software contains a critical vulnerability that could let remote attackers execute arbitrary code on an affected device and wreak havoc. The company is urging users to patch their endpoints immediately.

Artificial Intelligence

ByteDance has a new AI model that lets users instantly speak in another person's voice. Researchers admitted the AI can be used for 'fraud.'

Business Insider

Kali Hays

China's ByteDance has created a new way for people to immediately change their voice into another person's using generative-AI technology. The tool, called StreamVoice, is not yet publicly available. Still, it shows the fast development of AI that enables easy and convincing audio and visual impersonations of public figures, often referred to as "deepfakes." Already this year, people have used AI to impersonate the pop star Taylor Swift and President Joe Biden as the 2024 election nears.

The sleepy copyright office in the middle of a high-stakes clash over A.I.

The New York Times

Cecilia Kang

For decades, the Copyright Office has been a small and sleepy office within the Library of Congress. Each year, the agency’s 450 employees register roughly half a million copyrights, the ownership rights for creative works, based on a two-centuries-old law. In recent months, however, the office has suddenly found itself in the spotlight. The agency plans to put out three reports this year revealing its position on copyright law in relation to A.I. The reports are set to be hugely consequential, weighing heavily in courts as well as with lawmakers and regulators.

Google’s new AI-powered browser could mark the end of the human internet

Intelligencer - New York Magazine

John Herrman

Starting next month, Google will begin rolling on a new experimental feature in Chrome, the most popular browser on Earth, and the portal through which an estimated 3 billion people read and contribute to the web: an AI writing assistant. “Writing on the web can be daunting, especially if you want to articulate your thoughts on public spaces or forums,” the company says. Chrome’s new tool will help users “write with more confidence,” whether they want to “leave a well-written review for a restaurant, craft a friendly RSVP for a party, or make a formal inquiry about an apartment rental.”

Data gold rush: companies once focused on mining cryptocurrency pivot to generative AI

The Guardian

Josh Taylor

Tool’s like OpenAI’s ChatGPT require thousands of Nvidia GPUs (graphics processing units) to smoothly process all the information being fed in and output. Nvidia last week compared GPUs to rare earth metals for AI, saying they’re “foundational” for the operation of generative AI today. The energy required to power all this hardware is the equivalent of a small country, according to a report released by French energy company Schneider Electric last year. On Wednesday OpenAI’s CEO, Sam Altman, told an audience at Davos that an energy breakthrough was needed to power AI advances. “There’s no way to get there without a breakthrough,” he said, suggesting it was motivation for investing more in nuclear fusion.

Most top news sites block AI Bots. Right-wing media welcomes them

WIRED

Kate Knibbs

As media companies haggle licensing deals with artificial intelligence powerhouses like OpenAI that are hungry for training data, they’re also throwing up a digital blockade. New data shows that over 88 percent of top-ranked news outlets in the US now block web crawlers used by artificial intelligence companies to collect training data for chatbots and other AI projects. One sector of the news business is a glaring outlier, though: Right-wing media lags far behind their liberal counterparts when it comes to bot-blocking.

Fakes, forgeries and the meaning of meaning in our post-truth era

Financial Times

Tim Harford

Despite warning shots, deepfake technology is still mostly used for non-consensual pornography. Part of the reason is that creating deepfakes is hard — there are easier ways to lie with video. You could, for example, misdescribe an existing video. In December 2023, videos circulated on social media claiming to show Hamas executing people by throwing them off the roof of a building in Gaza. The videos are genuine, but the atrocity took place in Iraq in 2015 and the murderers were Islamic State, not Hamas. It’s common for real videos and pictures to be shared online with deceptive labels.

Misc

Meet a startup trying to keep your screen time from destroying the planet

Business Insider

Catherine Boudreau

Our cloud usage is powered by a growing network of data centers in buildings filled with rows and rows of routers and servers. Demand is only expected to grow as companies lean on data analytics to make decisions and increasingly use AI. JetCool's technology could save data centers up to 15% of their overall power consumption, based on internal tests, the company said. A partnership with Sabey Data Centers last year demonstrated a 13.5% reduction in power use.

Navigating through turbulence: Lessons for a resilient 2024

Forbes

Emil Sayegh

2023 has been a tumultuous year, marked by multiple wars, naval blockades, massive demonstrations, economic uncertainty, and terrorist threats. Adding to this turmoil, a surge in cybersecurity attacks has intersected with financial instability and economic challenges, creating a 'perfect storm' with global implications. From the shocking breach at Mr. Cooper, to the ominous predictions by financial giants like Goldman Sachs and JP Morgan, the interconnectedness of vulnerabilities across sectors has become starkly apparent, demanding attention and immediate action.

Research

A world of cyber-led geopolitical and technological transitions: WEF report’s breakdown

ETCIOSEA

Saachi Gupta Ghosh

In the face of myriad transitions, other clear barriers, including the rising cost of access to innovative cyber services, tools, skills and expertise, continue to influence the ability of the global ecosystem to build a more secure cyberspace. Let’s dissect how the geopolitical landscape is transitioning in this cyber world, and why businesses should be more cyber resilient.

Jobs

Cyber, Technology & Security Program Coordinator

ASPI CTS

The Coordinator will coordinate CTS’s business processes, projects, stakeholder engagement and events schedule. The Coordinator will work closely with Director CTS, senior ASPI staff, other ASPI Programs and Corporate, Strategic Communications and Finance areas. The ideal candidate has 1-3 years’ experience in executive assistance, business coordination or events management roles.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.