TechRisk reading picks this week

1. Preparing for Quantum Risk: The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST) warned that cyber actors could target could leverage on future quantum computing technology to break traditional non-quantum-resistant cryptographic algorithms. They recommended organizations to develop a quantum-readiness roadmap and prepare for future implementation of the post-quantum cryptographic (PQC) standards. [more]

2. NIST Post Quantum Cryptography: NIST has rolled out three draft proposals for post-quantum cryptography, aiming to fortify digital defenses against future quantum threats. These drafts outline potential encryption techniques that could replace our current methods, ensuring data remains ironclad even in the quantum age. [more]

3. Gen-AI Risk to Financial Sector: International Monetary Fund (IMF) released a paper providing early insights into GenAI’s inherent risks and their potential impact on the financial sector. [more]

4. Real Challenges of Securing AI Systems: Google discussed the security challenges surrounding the rise of artificial intelligence (AI) and its implications for safeguarding systems. It emphasizes the need to protect AI systems from unauthorized access, modification, or data breaches. Google's Secure AI Framework (SAIF) is introduced as a conceptual guide to approaching AI security. [more]

   1. The article underscores the coexistence of familiar security practices with the emerging AI landscape. While many traditional security principles apply, AI systems introduce complexities such as susceptibility to adversarial attacks and synthetic data manipulation. The piece outlines four key differences between securing AI and non-AI systems, including AI's complexity, data reliance, adaptability, and interconnectivity. Similarly, it highlights four shared traits, such as the need for data security and defense against supply chain attacks. In navigating AI security, the article suggests recognizing both its unique aspects and the continuation of well-established security practices.

5. Singapore Powered Up OT Cybersecurity: Cyber Security Agency of Singapore (CSA) teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities. [more]

6. IT and OT Covergence: Operational Technology (OT) and Information Technology (IT) are coming together as physical security devices join networks, yet merging their security aspects poses challenges. Vendor-provided device management platforms are pivotal in bridging this security gap, allowing OT and IT teams to collaborate on secure device updates, replacements, and global visibility. Amid this convergence, organizational security attitudes play a crucial role in shaping the OT and IT partnership. [more]

Web3 Cryptospace Spotlight

1. 22 Aug - Balancer, a leading DeFi platform, disclosed a vulnerability in some of its pools, but has not been exploited. Despite resolving 80% of the issue, roughly 4% of the total value (approximately $27 million out of $691 million) remains at risk. Balancer employed its Emergency SubDAO to facilitate proportional withdrawals from affected pools and temporarily suspended them. However, it's unclear if these withdrawals were from the at-risk pools. A complete post-mortem and the source of the initial report are still pending. [more][more-2]

2. Crypto Money Laundering Masterminds: The founders of Tornado Cash, a cryptocurrency mixing service, have been charged by the U.S. Attorney's Office for multiple counts including money laundering, sanctions violations, and running an unlicensed money transmitting business. One founder has been arrested, while the other remains at large. The mixing service lets users hide the source of their cryptocurrency transactions for a fee, which can be used for privacy but also raises concerns about enabling the movement of potentially tainted funds. [more]

3. Atomic Wallet’s Massive Cryptocurrency Breach Lawsuit: A class action lawsuit has been initiated by disgruntled cryptocurrency investors against Atomic Wallet, a noncustodial cryptocurrency wallet. The wallet experienced a significant breach resulting in $100 million in losses, and dozens of high-net-worth investors from Russia and the Commonwealth of Independent States are part of the legal action. The investors are seeking to recover approximately $12 million lost in the breach and claim that Atomic Wallet failed to provide information about the hack or report it to the police. The breach, initially attributed to the Lazarus Group, a North Korean cybercriminal team, has now raised suspicions of another possible perpetrator. [more]

4. SIM-swap Attack: Bart Stephens, a leading figure in the crypto sector and managing partner at Blockchain Capital, is taking legal action against an unknown perpetrator. Stephens alleges being targeted by a SIM-swap attack that led to a $6.3 million crypto breach. [more]

5. Cryptocurrency Theft: Anthony Faulk, who used SIM-swapping technique to hijack target mobile phone accounts and rob victims of $20 million, has been jailed for three years. He was also ordered to pay back nearly $3 million in goods and funds — his share of the digital loot he and his criminal associates stole from more than a dozen cryptocurrency owners. [more]

   1. Faulk and his accomplices, Ahman Hared and Matthew Ditman, duped mobile phone companies into handing them control of victims’ cellphone numbers. They then used that access to hack into email and other victim accounts, cleaning them out of millions’ worth of cryptocurrency and digital assets.

6. North Korean Hackers' Disturbing Crypto Funding Tactics Exposed: The FBI has stated that North Korean hackers are using cryptocurrency-related tactics to fund their activities, targeting both individuals and companies. These hackers have been involved in various cybercrimes and are using cryptocurrency as a means to generate funds for their operations. [more]