Tech Risk Reading Picks

1. AI development pose threat to environment: Big tech companies like Microsoft, Google, and Amazon are facing significant challenges in meeting their ambitious climate goals due to the massive energy demands of artificial intelligence (AI). As these companies expand their AI capabilities, the energy required for data centers and AI models is increasing substantially, leading to higher carbon emissions. For example, Microsoft has seen a 30% increase in carbon emissions since 2020, while Google’s emissions have risen by 48% over the past five years​. AI technologies, particularly large models like GPT-3, consume vast amounts of energy. Training these models requires significant computational power, which equates to high electricity consumption and carbon dioxide emissions. This increased demand is outpacing the growth of renewable energy sources, leading to a greater reliance on traditional energy sources​. Efforts to mitigate this include improving the efficiency of data centers and exploring alternative energy sources like nuclear power. However, these solutions face practical and logistical challenges. Despite these efforts, the tech industry's rapid AI development continues to pose a significant hurdle to achieving their climate targets​. [more]

2. Threat actors weaponised AI: In the rapidly evolving world of cybersecurity, artificial intelligence (AI) has become both a powerful defense tool and a potent weapon for hackers. Malicious actors are leveraging AI to create sophisticated attacks, including fake code libraries and AI-generated phishing scams. These AI-driven threats can exploit vulnerabilities at unprecedented speeds and scales. The cybersecurity community is responding with AI-based defenses and international cooperation to stay ahead. Robust anti-phishing measures, AI-driven security systems, and global regulatory frameworks are essential in countering the escalating threats posed by weaponized AI. [more]

3. OpenAI risk concerns: OpenAI is facing significant safety concerns regarding its AI development, with employees criticizing the company for prioritizing rapid launches over rigorous safety protocols. Internal disruptions, including the departure of key safety personnel, have exacerbated these issues. Reports indicate that the launch of GPT-4o was rushed, with inadequate safety reviews, leading to broader criticisms about OpenAI's commitment to AI safety. In response, OpenAI has announced partnerships and new initiatives aimed at improving safety, but critics argue these may be more about public relations than substantive changes. [more]

4. AI adoption challenges: AI cybersecurity risk challenges include an expanded attack surface due to AI's integration into critical systems, necessitating protections against data poisoning, model inversion, and adversarial attacks. Ensuring data security is paramount as AI systems depend on large datasets vulnerable to breaches. Algorithmic vulnerabilities and the human factor require specialized training and robust development practices. Adherence to evolving regulatory and compliance standards is essential. Effective mitigation strategies involve encryption, continuous monitoring, anomaly detection, and regular security audits to protect AI systems from emerging threats. [more]

5. Hacking over AI concern: A hacker group named NullBulge has claimed responsibility for breaching Disney's internal Slack system and leaking 1.1 terabytes of data. The leaked data reportedly includes messages, files, code, logins, and other sensitive information from nearly 10,000 channels used by Disney's development team. This breach was revealed on Breach Forums on July 12, 2024. NullBulge, a self-proclaimed hacktivist group, stated that their motive is to protect artists' rights and ensure fair compensation, citing concerns over Disney's approach to artificial intelligence and its impact on artists and creators. The breach highlights ongoing issues between Disney and various artists and writers regarding unpaid royalties for works, such as novelizations and graphic novels of Disney-owned properties. [more]

6. APAC Companies under radar: In 2023, the Asia-Pacific (APAC) region experienced a notable rise in cybercrime, accounting for 23% of global cybersecurity incidents. This increase is linked to the region's rapid digital transformation and the concentration of manufacturing companies. APAC organizations face a higher frequency of weekly cyberattacks compared to other regions. To address this, it's crucial to adopt advanced threat detection technologies, improve employee training, and implement strong incident response strategies to enhance operational resilience. [more]

7. PQC partnership: QuSecure has partnered with NVIDIA to support cuPQC, a new post-quantum cryptography library. This collaboration aims to address the security challenges posed by quantum computing. cuPQC leverages NVIDIA GPUs to enhance the performance of quantum-resistant algorithms, like Kyber. The initiative is part of a broader effort under the Linux Foundation to develop an open-source repository of post-quantum algorithms, essential for securing communications in various sectors, including telecommunications, finance, and critical infrastructure. [more]

8. Singapore PQC initiative: SPTel, in collaboration with ST Engineering, Nokia, and Fortinet, has announced a significant initiative to enhance cyber defense capabilities for organizations through the deployment of quantum-safe services. This partnership focuses on the development of the National Quantum-Safe Network Plus (NQSN+), which aims to safeguard critical data using advanced quantum encryption technologies. The initiative is a proactive response to the evolving cybersecurity landscape, addressing the vulnerabilities associated with traditional encryption methods. By leveraging quantum cryptography, the NQSN+ ensures secure data transmission, particularly for sensitive government and commercial applications. This groundbreaking network builds on the successful trials conducted by SPTel and SpeQtral, demonstrating the effectiveness of quantum key distribution over existing fiber network. [more]

9. Perfect storm in the digital world: A major Microsoft Azure outage and a faulty CrowdStrike update caused widespread IT disruptions on July 19, 2024. The Azure outage, primarily in the Central US region, lasted over five hours, affecting services like Xbox Live and Microsoft Teams. The CrowdStrike update caused Windows PCs to display blue screen errors. These incidents disrupted flights, train services, banking apps, supermarket systems, and even Sky News broadcasts. CrowdStrike has rolled back the faulty update and is working with affected customers. Microsoft has largely mitigated the Azure issue, with some residual impacts still being addressed. [more]

10. Web3 Cryptospace Spotlight

    1. Vulnerable Bitcoin nodes: Approximately 6% of Bitcoin nodes are running outdated software versions, making them vulnerable to various exploits. Vulnerabilities include remote code execution, denial of service (DoS), and censorship of unconfirmed transactions. Most notably, around 787 nodes are affected by issues fixed in versions prior to 0.21.0. Bitcoin Core developers have introduced a new security disclosure policy to improve transparency and address these vulnerabilities. Node operators are encouraged to update their software to enhance network security. [more]

    2. Lazarus strikes again: The Lazarus Group is suspected of hacking the Japanese cryptocurrency exchange DMM Bitcoin in July 2024, resulting in a $305 million loss. Over $35 million of the stolen funds have reportedly been laundered through the online marketplace Huione Guarantee. Indicators suggest the involvement of Lazarus Group due to their sophisticated laundering techniques. [more]

    3. Smart contract flaw: The decentralized finance (DeFi) platform LI.FI has been exploited, resulting in losses exceeding $8 million. The breach, revealed by Cyvers Alerts, involved vulnerabilities in the LI.FI protocol, specifically affecting users who set infinite approval for transactions. Most of the stolen funds were stablecoins, with the attacker converting USDC and USDT into ETH. The exploit is similar to a March 2022 attack, raising concerns about LI.FI’s security measures. Users are advised to revoke approvals to prevent further losses. [more]