HOTTEST
Image: Getty Images
The Quadrilateral Security Dialogue, better known as the Quad, has announced various non-military technology initiatives aimed at establishing global cooperation on critical and emerging technologies, such as AI, 5G, and semiconductors.The various technology initiatives were announced after the leaders of Quad countries — comprised of Australia, India, Japan, and the US — met on Friday, which marked the first time the group has come together in person.Among the initiatives announced by the security bloc was the intention to develop new global cybersecurity standards across various technology sectors.”With respect to the development of technical standards, we will establish sector-specific contact groups to promote an open, inclusive, private-sector-led, multi-stakeholder, and consensus-based approach,” the Quad said in a joint statement.As part of work to be undertaken towards establishing these global technology standards, the Quad said it would publish a Quad Statement of Principles, which will be a guide for implementing responsible, open, high-standards innovation.”We are working to make cyberspace and emerging and critical technologies trusted and secure, in open societies, solving problems, and addressing the supply chain challenges that in many ways hold the keys to our security and our prosperity and our environment in the 21st century,” Australian Prime Minister Scott Morrison said.A new Quad Senior Cyber Group will also be established. The group will consist of “leader-level experts” who will meet regularly to advance work between government and industry to drive the adoption and implementation of shared cyber standards; development of secure software; growth of the tech workforce; and promotion of scalability and cybersecurity of secure and trustworthy digital infrastructure.The security bloc will also begin cooperation focused on space and combatting cyber threats, promoting resilience, and securing critical infrastructure together, the countries said.For space specifically, the Quad nations will identify new collaboration opportunities and share satellite data for peaceful purposes such as monitoring climate change, disaster response and preparedness, sustainable uses of oceans and marine resources, and on responding to challenges in shared domains.Other technology initiatives announced by the Quad over the weekend was a new fellowship that will be established together with industry. The fellowship will provide 100 graduate fellowships to science, technology, engineering, and mathematics graduate students across the four countries.New initiatives to improve semiconductor supply chains, 5G deployment and diversification, and monitor biotech scanning trends were also announced.In announcing these new initiatives, the Quad sledged China, although China was not named, by jointly saying: “We will continue to champion adherence to international law … to meet challenges to the maritime rules-based order, including in the East and South China Seas”.”We affirm our support to small island states, especially those in the Pacific, to enhance their economic and environmental resilience,” the Quad added.The movements from Quad countries follow various international pacts coming to the fore in recent weeks, with Quad members, Australia and the US, joining the UK to establish the AUKUS security pact.AUKUS, made public a fortnight ago, was established by the three governments to address defence and security concerns posed by China within the Indo-Pacific region. The trilateral security pact’s focus has so far been military-heavy unlike the Quad’s new initiatives, with AUKUS’ first initiative being to help Australia acquire nuclear-powered submarines. Meanwhile, both China and Taiwan have formally applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), one of the world’s largest trade pacts. RELATED COVERAGE More
Elyse Betters Picaro / ZDNETOver the past decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians. This has raised concerns about the unprecedented proliferation of spyware technologies and the lack of protections within the tech sector.Also: Got a suspicious E-ZPass text? Don’t click the link (and what to do if you already did)Meta’s WhatsApp recently revealed it discovered a hacking campaign targeting about 90 users — mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions — now acquired by Florida-based private equity firm AE Industrial Partners — was behind the attack.Graphite, Paragon’s spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users’ knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal. What is a zero-click capability?What happened to WhatsApp was a zero-click attack, meaning targets don’t have to take any action for their devices to be compromised. In contrast, phishing or one-click attacks require user interaction with a malicious link or attachment. Once a phone is infected with a zero-click capability, the attacker can quietly gain complete access by exploiting a security vulnerability. In an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, said that “in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims’ devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone.” Also: 7 simple things I always do on Android to protect my privacy – and why you should tooWhile public reporting does not specify “whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible,” Cole said. iVerify has uncovered instances where “a number of WhatsApp crashes on [mobile] devices [they’re] monitoring with iVerify” have appeared to be malicious in nature, leading the iVerify team to believe that the malicious attacks are “potentially more widespread” than just the 90 people reported to have been infected by graphite. While the WhatsApp attack was predominantly launched against members of civil society, mobile spyware is an emerging threat against everyone because mobile exploitation is more widespread than one might think, Cole said. Moreover, “the result is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are ‘under pressure to become profitable enterprises,'” he said. This ultimately “creates marketing competition” for spyware merchants and “lowers barriers” that would deter these mobile exploitation attacks. Also: I clicked on four sneaky online scams on purpose – to show you how they workEarlier this year, WhatsApp won a lawsuit against NSO after a federal judge in California found that NSO was exploiting a security vulnerability within the messaging app to deliver Pegasus. The infamous NSO Group — known for infecting the phones of journalists, activists, and Palestinian rights organizations — has used similar zero-click capabilities through its Israeli-made Pegasus spyware, a commercial spyware and phone-hacking tool. Historically, the NSO Group has avoided selling to US-based clients and has also been banned by the US Commerce Department under former President Joe Biden’s administration for allegedly supplying spyware to authoritarian governments. However, “shifting political dynamics [under the Trump administration] raises the possibility that spyware may become more prevalent in the United States” — exacerbating mobile exploitation. Cole said the world is totally unprepared to deal with that. More
CNIIHM, Moscow
Image: Google Maps
The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment.Special feature
Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read MoreSanctions were levied today against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM).
A FireEye report published in October 2018 identified CNIIHM as the possible author of the Triton malware.
The Triton malware, also known as Trisis or HatMan, is a piece of malware that was designed to specifically target a certain type of industrial control system (ICS) equipment — namely, Schneider Electric Triconex Safety Instrumented System (SIS) controllers.
According to technical reports from FireEye, Dragos, and Symantec, the malware was distributed via phishing campaigns. Once it infected a workstation, it would search for SIS controllers on a victim’s network, and then attempt to modify the controller’s settings.
Researchers said Triton contained instructions that could either shut down a production process or allow SIS-controlled machinery to work in an unsafe state, creating a risk of explosions and risk to human operators and their lives.
Triton almost caused an explosion at a Saudi petrochemical plant
The malware was first spotted after it was used successfully in 2017 during an intrusion at a Saudi petrochemical plant owned by Tasnee, a privately owned Saudi company, where it almost cause an explosion.
Since then, the malware has been deployed against other companies. Furthermore, the group behind the malware (known as TEMP.Veles or Xenotime) has also been seen “scanning and probing at least 20 electric utilities in the United States for vulnerabilities,” the US Treasury said today in a press release.
Today’s sanctions prohibit US entities from engaging with CNIIHM and also seize any of the research institute’s US-based assets.
“The Russian Government continues to engage in dangerous cyber activities aimed at the United States and our allies,” said Secretary Steven T. Mnuchin. “This Administration will continue to aggressively defend the critical infrastructure of the United States from anyone attempting to disrupt it.”This style of sanctioning is significant and honestly entirely appropriate against those involved in the first ever cyber attack to intentionally try to kill people in civilian infrastructure. #TRISIS #TRITON https://t.co/dVzAn0kusq
— Robert M. Lee (@RobertMLee) October 23, 2020Today’s Treasury sanctions end a week from hell for Russian state-sponsored hacking groups. On Monday, the US Department of Justice filed charges against six hackers part of the Sandworm group, believed to have created the NotPetya, KillDisk, BlackEnergy, and OlympicDestroyer malware.
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) exposed a recent hacking campaign of a Russian hacking group known as Energetic Bear.
On the same day, the EU also imposed sanctions on two Russian intelligence officers for their role in the 2015 German Parliament hack.
But as several security researchers pointed out today on Twitter, shortly after the Treasury announcement, the US may not have the moral high-ground, mainly because the US pioneered attacks against industrial systems through its work and deployment of the Stuxnet malware against Iran’s nuclear program in 2010.They… uh… the Treasury realizes that we don’t really have the high ground to stand on here… right?*cough* Stuxnet *cough*
— MikeTalonNYC (@MikeTalonNYC) October 23, 2020 MoreYesterday the Poly Network, which specialises in cryptocurrency transfers on the Binance, Ethereum and Polygon blockchains, announced that it had been attacked and assets transferred to hackers.It tweeted: Important Notice: We are sorry to announce that #PolyNetwork was attacked on @BinanceChain, @ethereum and @0xPolygonAssets had been transferred to hacker’s following addresses: ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 and BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71. It asked miners of affected blockchain and crypto exchanges such as Binance, HuobiGlobal, OKEx, Tether, BitGo, Uniswap and Circle Pay, amongst others, to blacklist tokens coming from these addresses. Poly Network said that the hacker had “exploited a vulnerability between contract calls” — where a contract can modify the keeper of a contract and execute a transaction. Estimates of funds held in wallets say that the loss was in excess of $600 million.Twitter user @kelvinfichter explained how the hack actually worked. Blockchain ecosystem security company Slow Mist tweeted that a total of over $610 million US was transferred to three addresses. It considers that the attack was likely to be “long-planned, organized and prepared”.
The Poly Network later broadcast an open message to the hacker saying ” The amount of money you hacked is the biggest on in the defi (decentralised finance) history”.
It added, “Law enforcement in any country will regard this as a major economic crime, and you will be punished”. Decentralised Finance (DeFi) aims to cut out third parties such as brokerages or exchanges. Poly Network has asked for the return of the funds and tweeted the addresses that the funds are to be returned to. Paolo Ardoino tweeted that Tether had frozen $33 million as part of the hack.Today Poly Network indicated that cash might be returning. It tweeted a screenshot of a transaction with a comment for the alleged hacker.Update: you can view the entire conversation and refund update in this Google doc linked from @LX2025This is not the first time that hackers have allegedly stolen Bitcoin. In February, legal proceedings began against Bitcoin developers after the theft of Bitcoin in 2020. As legal processes ramp up across the world and lawyers aim to recover different lost or stolen assets, there seem to be fewer places for hackers to hide as new legislation is adopted.The Bitcoin SV network, which recently tweeted that gigabyte blocks were mined on the public blockchain, was subjected to a series of block-reorganisation attempts in July and early August that attempted to double-spend BSV coins. The network recommended that node operators mark the chain as invalid to “lock the attacker’s fraudulent chain out.”The EU proposal that addresses improved detection of money laundering and terrorism financing in the Union will require ‘digital currency service providers to apply for licences, and anonymous digital currency asset accounts will be banned.’ The US’ Infrastructure Bill proposal requires ‘brokers’ in the digital currency industry to collect information on and report customers’ tax obligations to the government.So is any version of Bitcoin safe? With potential cross-chain vulnerabilities occurring as relay chains and cross-chain bridges make it easier to move assets across blockchain, penetration testing and checking become ever more important. Hacks like this in an Ethereum contract demonstrate how vulnerable smart contracts can be. Miners running smaller nodes — the very ethos of DeFi — become more exposed to vulnerabilities like this, whereas miners running large mining nodes clusters have the resources and budget to carry out extensive testing and mitigation when potential hacks occur. Will this be the largest hack ever, or will other vulnerabilities expose even larger amounts of money being moved to other blocks before being transferred out of blockchain currency exchanges? Hopefully, this wake-up call will have developers making sure that their code is impenetrable — whichever version of the contract is used. More
Since I use my desktop as both a workstation and gaming rig, I like a wireless mouse that can also pull double duty. The Corsair Harpoon is a great, straightforward mouse with four buttons, adjustable sensor speed, and integrated RGB lighting to match my K100 keyboard. It features dual wireless connectivity with Bluetooth and a 2.4GHz USB receiver, and you can use it while plugged in and charging. That’s perfect for when I don’t catch the low battery notification in the iCUE app, and the mouse dies in the middle of an important work project or an S rank run in Ready or Not with friends. Read more: The best silent mouse you can buy: Expert testedThe rechargeable battery lasts about a week for me, and I’m at my PC anywhere from 4 to 12 hours depending on my workday (and how much free time I have for a doomed Alternate Poland run in Hearts of Iron 4). The simplified design is also lightweight and comfortable to use for long periods, which is nice for long work days researching tech or accidental all-nighters playing Plate Up with friends. More
Internet of Things
Samsung Spotlights Next-generation IoT Innovations for Retailers at National Retail Federation’s BIG Show 2017
That’s Fantasy! The World’s First Stone Shines And Leads You to The Right Way
LG Pushes Smart Home Appliances To Another Dimension With ‘Deep Learning’ Technology
The Port of Hamburg Embarks on IoT: Air Quality Measurement with Sensors
