US Justice Department disrupts Russian intelligence spear-phishing efforts | UK's nuclear waste unit fined for cybersecurity failings | 30.8% of Kuwait’s internet users targeted by cyber attacks
Good morning. It's Friday 4th October.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
The Justice Department announced today the unsealing of a warrant authorizing the seizure of 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States. US Department of Justice
Britain's Office for Nuclear Regulation fined nuclear waste processing firm Sellafield Ltd 332,500 pounds for cybersecurity shortfalls over a four-year period, it said on Wednesday. "Sellafield Ltd failed to meet the standards, procedures and arrangements, set out in its own approved plan for cyber security and for protecting sensitive nuclear information," the ONR said. Reuters
A recent report has highlighted the growing risk of cyber attacks, revealing that 30.8% of Internet users in Kuwait were targeted over the past year. Turkey ranked highest, with 41.8% of its users exposed to cyber threats, according to the report. Arab Times Kuwait
The World
Why only climate tech cash can help avoid catastrophe
Bloomberg
Alastair Marsh
Go big or go home: That’s the scenario posed by climate change. Only in this particular case, taking half-measures means no more home. Many of the technologies needed to decarbonize the primary sources of planet-warming gases already exist—they just need to be rolled out at a size commensurate with the challenge. According to McKinsey & Co., if carbon capture, heat pumps and the like were “deployed at scale” they could reduce as much as 90% of global greenhouse-gas emissions.
Cyber threats surge as nation-states team up with cybercrime groups
Security Brief
Catherine Knowles
The recently released 2024 Threat Hunter Perspective report by OpenText has identified a growing collaboration between nation-states and cybercriminal organisations. This development is particularly targeting global supply chains and advancing geopolitical motives, resulting in an increase in both the complexity and scale of cyberattacks. The report highlights that several nation-states, notably Russia and China, are engaging with cybercrime groups such as Killnet and Storm0558. These partnerships are geared towards exploiting vulnerabilities in global supply chains and targeting geopolitical objectives.
Australia
Russians sanctioned for pervasive cyber crimes
AuManufacturing
Australia has imposed financial sanctions and travel bans on three Russian citizens for their involvement in the Evil Corp cybercrime group striking critical infrastructure, governments, industry and the community. Evil Corp is one of the most prolific and longest running cybercrime groups operating for more than a decade. The sanctions are part of a coordinated effort with the United Kingdom and the United States to deter and respond to malicious cyber activity.
Accused ‘Ghost’ app mastermind’s crypto millions seized by federal police
The Guardian
Cryptocurrency worth almost $10m has been restrained after police cracked an alleged criminal communication network. Almost $10m in cryptocurrency has been seized from a man accused of masterminding an encrypted messaging network used to plan drug deals and murders. Jay Je Yoon Jung, 32, was arrested at his parents’ Sydney home in September, accused of creating and maintaining a secret communications app and network known as “Ghost”.
Australian firms lost over USD $1m in CPS cyber attacks
Security Brief
Imee Dequito
Claroty has published new research highlighting the substantial business impacts of cyber attacks on cyber-physical systems within Australian organisations. According to the study, one in five organisations reported financial losses exceeding USD $1 million due to these attacks over the past year. The report, titled "The Global State of CPS Security 2024: Business Impact of Disruptions," draws on a global survey of 1,100 professionals from various sectors, including infosecurity and operational technology.
China
Escalating contest over South China Sea disrupts international cable system
The Washington Post
Rebecca Tan
Undersea cables below the South China Sea have long provided vital connectivity to countries in Southeast Asia as demand for internet service has surged. To maintain the extensive network of cables and develop new ones, private cable companies have for decades relied on being able to move freely through this waterway, despite conflicting claims over the sea by China and a half dozen other governments.
USA
Justice Department disrupts Russian intelligence spear-phishing efforts
US Department of Justice
The Justice Department announced today the unsealing of a warrant authorizing the seizure of 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States. As an example of the Department’s commitment to public-private operational collaboration to disrupt such adversaries’ malicious cyber activities, as set forth in the National Cybersecurity Strategy, the Department acted concurrently with a Microsoft civil action to restrain 66 internet domains used by the same actors.
Microsoft and DOJ disrupt Russian FSB hackers’ attack infrastructure
Bleeping Computer
Sergiu Gatlan
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks.Justice Department and Microsoft disrupt Russian hacking operations aimed at US officials and civil society
CNN
Sean Lyngaas
The Justice Department and Microsoft on Thursday announced the seizure of more than 100 web domains that a Russian intelligence agency allegedly used to try to hack current and former US officials, civil-society groups and Russians living in the US.
What’s new from this year’s Counter Ransomware Initiative summit, and what’s next
Cyberscoop
Tim Starks
After trying some new approaches to the U.S.-led global Counter Ransomware Initiative this year, the international coalition is already laying the groundwork for next year’s agenda. Thursday wrapped up meetings of the 68 countries with an optional capacity-building day to help those participating nations “get through practical skills,” Anne Neuberger, the deputy national security advisor for cyber and emerging technology, told CyberScoop.
What is the market impact of the SEC’s cyber disclosure rules? Not much.
The Wall Street Journal
James Rundle
Companies rarely saw more than a slight dip in their share price immediately after reporting cyber incidents publicly, data shows. And some stock prices went up. In December, rules from the U.S. Securities and Exchange Commission went into effect requiring publicly traded companies to report cybersecurity incidents via a form 8-K filing within four business days after a company makes a determination that the attack will have a material impact.
Federal judge halts California’s new anti-deepfakes law—Musk says its ‘score one’ for free speech
Forbes
Siladitya Ray
A federal judge paused a new California state law that cracked down on the use of AI-generated deepfakes targeting political candidates in the run-up to an election, weeks after the creator of an AI-altered campaign video mocking Kamala Harris—which Elon Musk boosted—sued to block the legislation. U.S. District Judge John A. Mendez acknowledged the “risks posed by artificial intelligence and deepfakes are significant,” but granted a preliminary injunction against the law, stating that it likely violates the First Amendment.
North Asia
Social media fuel pro-Okinawa independence disinformation blitz
Nikkei Asia
Yuichiro Kanematsu
A wave of misleading videos aimed at stirring up sentiment for the independence of Japan's southernmost prefecture, Okinawa, has been spreading across social media, with nearly 200 inauthentic accounts identified as key drivers, Nikkei has revealed. Using AI tools, Nikkei uncovered a large network of disinformation accounts orchestrating the campaign. Despite the videos being falsified, they have racked up millions of engagements -- likes, reposts and shares -- on social media.
Southeast Asia
Vietnam strengthens cyber capabilities for political stability, national defence, and socio-economic development
ISEAS - Yusof Ishak Institute
Bich Tran
In the rapidly evolving digital landscape of the 21st century, Vietnam has emerged as a significant player in the realm of cybersecurity and has been impressive in its digital transformation. This article examines Vietnam’s multifaceted approach to developing its cyber capabilities, driven by the imperatives of regime survival, national defence, and socio-economic development. As the country navigates the complex challenges and opportunities presented by cyberspace, it has made substantial investments in digital infrastructure, cyber personnel, and legal frameworks.
Philippines levies 12% VAT tax on digital services by tech giants
Reuters
The Philippines will impose a 12% value-added tax on digital services offered by tech giants such as Amazon, Netflix, Disney, and Alphabet, in a move that will level the playing field with domestic brick and mortar players, the internal revenue agency said on Thursday. President Ferdinand Marcos Jr signed into law on Wednesday the imposition of VAT on non-resident digital service providers such as streaming services and online search engines.
South & Central Asia
Some techies are leaving cushy Silicon Valley jobs to launch startups at home in India
Business Insider
Shubhangi Goel and Charissa Cheong
Nithin Hassan, 41, has always been fascinated with building something of his own. Hassan is part of a group of expat Indians moving back home to venture out on their own. As such, he's also part of a decades-long trend of reverse migration back to India. The trend began in the 1990s and picked up at the turn of the century, driven by the economic collapse in 2008, said Binod Khadria, the president of Global Research Forum on Diaspora and Transnationalism.
India’s cyber-physical hubs are ready to take off. It’s time for industry to step in
The Indian Express
Kris Gopalakrishnan
What’s common to the following accomplishments — a drone swarm lighting the skies in coordinated splendour at the Beating Retreat ceremony at Rashtrapati Bhavan, the release of the first India-made commercial system-on-chip for secure IoT environments, the world’s first “Digital Entomologist”, and the creation of the first-of-its-kind testbeds in India for autonomous navigation and security operations of critical infrastructure? All of them are successful outcomes from the Government of India’s Department of Science and Technology’s ambitious National Mission on Interdisciplinary Cyber-Physical Systems.
Europe
Teknofest kicks off to display Türkiye's tech, defense prowess
Daily Sabah
Aviation, space and technology enthusiasts on Wednesday started flocking to Türkiye's renowned festival that showcases the country's growing ambitions and expanding capabilities in the tech world and defense. Since its inception in 2018, Teknofest has emerged as a symbol of Türkiye's technological aspirations that attract hundreds of thousands of visitors every year.
Cybersecurity is a constantly evolving field
Baltic Times
Cyber security is constantly evolving, therefore it is necessary to discuss innovations, challenges and recent regulations in this area, said Minister of Defense Andris Spruds (Progressives) at the CyberChess 2024 conference organized by the information technology security incident prevention institution Cert.lv on Wednesday. He stressed that we live in challenging times, when we experience many different risks and threats, so it is important to exchange best practices and discuss actions in the field of cyber security. At the same time, Spruds pointed out that Latvia has a vision and clear goals on what to do in cybersecurity.
Ukraine - Russia
TikTok more dangerous to Ukraine than Telegram, say local disinformation experts
The Record by Recorded Future
Daryna Antoniuk
Chinese social media giant TikTok is “more dangerous” to Ukraine in terms of spreading Russian propaganda and disinformation than the Russia-founded messaging app Telegram, according to Alina Aleksieeva, the deputy head of Ukraine’s State Center for Countering Disinformation. “We’ve already figured Telegram out — we understand its structure and how it operates,” Aleksieeva said during the press conference in Kyiv last week.
UK
UK's nuclear waste unit Sellafield fined for cybersecurity failings
Reuters
Muvija M and Sarah Young
Britain's Office for Nuclear Regulation fined nuclear waste processing firm Sellafield Ltd 332,500 pounds ($440,795) for cybersecurity shortfalls over a four-year period, it said on Wednesday. "Sellafield Ltd failed to meet the standards, procedures and arrangements, set out in its own approved plan for cyber security and for protecting sensitive nuclear information," the ONR said. It added that there was no evidence that any vulnerabilities at Sellafield had been exploited as a result of the failings.
Sellafield nuclear waste site fined £332,500 for cyber security breaches
Financial Times
Rachel Millard
The UK state-owned operator of Europe’s largest nuclear waste dump has been fined £332,500 after pleading guilty to “serious” cyber security failings. Sellafield Ltd, which is in charge of managing and cleaning up the nuclear waste site in Cumbria, north-west England, was on Wednesday ordered to pay prosecutors’ costs of £53,253, as well as a court surcharge of £190.
Cyber UK’s quickest growing tech field, but skills gap remains
ComputerWeekly.com
Alex Scroxton
Four years on from an ill-timed NCSC advertisement encouraging people to consider retraining in cyber security, security appears to be the fastest growing technology field in the UK, with the number of people in security roles more than doubling over the past three years, according to a report produced by security consultancy Socura, titled Their next job was in cyber. The infamous ad featured young ballet dancer with the line, “Fatima’s next job could be in cyber. She just doesn’t know it yet.” It prompted derision in 2020 and was described as crass by the then culture secretary Oliver Dowden.
Former UK defence secretary named partner with UK defence and cyber security firm
CyberDaily
Robert Dougherty
Wallace had previously served as the United Kingdom’s Secretary of State for Defence from July 2019 to August 2023, and prior to that as Minister of State for Security at the Home Office from July 2016 to July 2019. The global investment group, headquartered in London, has offices in New York, Washington Austin, Colorado, and Sydney. A former officer in the Scots Guards, Wallace attended the Royal Military Academy, Sandhurst and Millfield School in Somerset before seeing service in Northern Ireland, Germany, Cyprus and Central America during the 1990s.
TfL cyber attack: Sadiq Khan sees 'light at the end of the tunnel'
The Standard
Noah Vickers
The impacts of a cyber attack on Transport for London which hacked the details of around 5,000 customers could soon be resolved, Sadiq Khan has suggested. The mayor said TfL was “working incredibly hard around the clock” to fully restore its operations, and that there is “light at the end of the tunnel” for Londoners affected by the issue.
Middle East
30.8% of Kuwait’s internet users targeted by cyber attacks
Arab Times Kuwait
A recent report has highlighted the growing risk of cyber attacks, revealing that 30.8% of Internet users in Kuwait were targeted over the past year. Turkey ranked highest, with 41.8% of its users exposed to cyber threats, according to the report. The statistics, compiled by Kaspersky, a global cybersecurity firm covering the Middle East, Africa, and Turkey, also ranked Gulf countries by cyber attack exposure. Internet users in Qatar topped the GCC list, with 38.8% falling victim to cyber-attacks, followed by Bahrain at 35.1%. The UAE had a rate of 31.7%, Kuwait at 30.8%, Saudi Arabia at 29.9%, and Oman at 23.4%.
Africa
INTERPOL arrests cyber-crime group from West Africa
CIO News
The criminal operations in Côte d’Ivoire and Nigeria have suffered a major hit after International Police successfully busted a cybercrime group in West Africa once more. This occurs as international law enforcement joins together with INTERPOL to combat the cybercrime epidemic that is spreading across the globe. Eight persons have been taken into custody as part of an ongoing global cybercrime operation, according to a statement released by INTERPOL yesterday.
Artificial Intelligence
French AI summit to focus on environmental impact of energy-hungry tech
The Guardian
Dan Milmo
World leaders at the next AI summit will focus on the impact on the environment and jobs, including the possibility of ranking the greenest AI companies, it has been announced. Rating artificial intelligence companies in terms of their ecological impact is among the proposals under consideration, while other areas being looked at include the effect on the labour market, giving all countries access to the technology, and
Data centre emissions are soaring – it’s AI or the climate
The Conversation
Jack Marley
Artificial intelligence is curating your social media feed and giving you directions to the train station. It’s also throwing the fossil fuel industry a lifeline. Three of the biggest tech companies, Microsoft, Google and Meta, have reported ballooning greenhouse gas emissions since 2020. Data centres packed with servers running AI programs day and night are largely to blame. AI models consume a lot of electricity, and the World Economic Forum estimated in April that the computer power dedicated to AI is doubling every 100 days.
Why hybrid AI is the next big thing in tech
Forbes
Bernard Marr
Artificial intelligence is no longer just a buzzword; it's an integral part of modern business and society. From automating routine tasks to crafting personalized customer experiences, AI is shaping our world at a breakneck pace. But there isn’t just one AI; there are many different models, all with their strengths and weaknesses. This is where we enter the idea of hybrid AI, which is about synergy. Or the art of blending various AI techniques and models to achieve outcomes that surpass what any single AI approach could accomplish alone.
Jobs
Head of Events
ASPI
ASPI has an exciting opportunity for an experienced and motivated events professional to join the organisation as Head of Events. Lead a small, dedicated, tight-knit team to deliver a program of internationally renowned events on a variety of topics ranging from defence and national security to critical technologies and space. The successful applicant will be an organised, detail-oriented and team-focused professional with a keen interest in shaping, leading and delivering high-quality events. The closing date for applications is 18 October 2024.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.