TechRisk Reading Picks

1. AI self-consumption: The internet may become saturated with AI-generated content instead of human-created material, introducing unusual challenges for both individuals and AI systems, particularly in the context of AI learning from such content. Content providers may restrict access to safeguard their materials, posing difficulties for AI firms in preserving untainted training data. The lasting consequences of AI-generated content on our digital environment remain uncertain, prompting experts to exercise caution in making predictions. [more]

2. UK Parliament on AI: UK House of Commons Committee issued report with recommendations to government on the governance of AI. The Committee looked into the opportunity, risk and potential guardrails needed for AI. [more]

3. AI adoption and risk management: Some organizations are being cautious about using generative AI, while others are watching and learning from those who try it first. Leading companies are doing a few things differently. They involve experts like data scientists, designers, and notably legal and cybersecurity specialists from the beginning. Chief risk officers are also playing a bigger role in these companies. They follow a structured process for testing new AI applications with "red teams" to make sure they're safe and effective.[more][more-responsibiles_AI_principles]

4. Into OT Cybersecurity: Cyber defenders should look into the history of ICS-tailored attacks and work to fortify industrial control system networks against hostile infiltration. [more]

5. OT integration: The integration of Operational Technology (OT) with IT infrastructure is increasing vulnerability, with 90% of firms reporting OT system intrusion incidents last year. This is exacerbated by expanding zero-day threats and weak security in IoT and OT equipment. Security problems include system-level attacks, lax device management, and poor authentication. Inadequate patch management, non-compliance by IoT manufacturers, weak network separation, public OT network access, and identity management issues also heighten risk. Weak encryption, insecure data transfers, misconfigurations, firmware glitches, and the absence of secure updates lead to various security threats.

6. Blackberry cyber report: During a 90-day period from December 2022 to February 2023, BlackBerry's AI-powered protection system identified and thwarted a total of 1,578,733 malware-based cyberattacks. Among these attacks, 200,454 were unique and previously undetected. On average, this amounted to 17,280 attacks per day, 720 attacks per hour, 12 attacks per minute, and 1.5 new malware variants per minute. The report also highlighted a spike in attacks in early December 2022, followed by a dip during the holiday season, and then a resurgence as cybercriminals resumed their activities in the new year. [more][more-blackberryreport]

Web3 Cryptospace Spotlight

1. In August, cryptocurrency losses due to hacks and exploits amounted to $15.8 million, according to a report by blockchain security firm Immunfi. This figure is a substantial reduction compared to the $320.5 million lost in July. Notably, all the incidents were attacks on decentralized finance (DeFi) protocols, with no impact on centralized financial entities. [more][more-report]

2. Kroll breached: Three cryptocurrency companies, FTX, BlockFi, and Genesis, experienced data breaches due to a SIM swapping attack on risk and financial advisory firm Kroll. The attack involved transferring an employee's T-Mobile phone number to the attacker's SIM card. This allowed the attacker to access systems containing personal information of bankruptcy claimants in the cases of the three companies. Kroll took immediate action to secure the affected accounts and notified impacted individuals. The FBI is investigating the incident, and there is no evidence suggesting other Kroll systems or accounts were affected. FTX informed its customers that the breach exposed information like names, addresses, email addresses, and account balances but assured that passwords and digital assets remained safe. Customers were cautioned to watch out for scams and fraud attempts related to the bankruptcy process. [more]

3. Decentralized finance (DeFi) may be facing a crisis marked by a series of hacks and security breaches, causing significant losses to platforms like Curve Finance and Exactly. In the past month, the sector has seen a decline in total value locked (TVL) to around $37 billion. Regulatory pressures, including proposed legislation for anti-money laundering measures, are adding to the sector's challenges. Risk management issues and the nascent nature of many DeFi projects continue to expose vulnerabilities. While some believe DeFi can adapt with responsible design, the road ahead remains uncertain as the sector seeks sustainable narratives and growth opportunities. [more]

4. The US Government is suspected of controlling the fifth-largest Bitcoin wallet globally, with holdings equivalent to $2.46 billion. [more]