TechRisk Reading Picks

1. The integration of Operational Technology (OT) networks with Information Technology (IT) networks is becoming increasingly common. This convergence allows for better control, improved responsiveness, enhanced connectivity, and seamless resource management. However, it also introduces new security risks. Additionally, modern enterprise IT networks are incorporating energy-efficient physical resources, such as smart building elements and IoT devices, which pose similar challenges as industrial environments. These challenges are amplified in extended environments like smart cities or organizations with multiple smart campuses. [more]

2. The National Institute of Standards and Technology (NIST) has released Special Publication (SP) 800-82r3, titled "Guide to Operational Technology (OT) Security", to assist owners and operators of OT systems in enhancing their security. This publication offers guidance on securing OT systems, taking into account their unique requirements for performance, reliability, and safety. [more][more-NIST}

   1. Updates in this revision include:

      • Expansion in scope from ICS to OT

      • Updates to OT threats and vulnerabilities

      • Updates to OT risk management, recommended practices, and architectures

      • Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)

      • New tailoring guidance for SP 800-53r5 security controls, including an OT overlay that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems.

3. Mastercard is taking proactive measures to address the potential threat posed by quantum computers to online security. To prepare for this, Mastercard has launched the Quantum Security and Communications project. The project aims to mitigate the future risks associated with quantum computing and safeguard the security of the billions of digital transactions processed by Mastercard globally. [more]

4. IBM Quantum and Microsoft have teamed up with MITRE, PQShield, SandboxAQ (a subsidiary of Google), and the University of Waterloo to collaborate on addressing the challenges posed by post-quantum cryptography. [more]

Web3 Cryptospace Spotlight

1. Mixin lost $200M: 23 Sep - Mixin, a Hong Kong-based digital asset company, suffered a cyberattack on its cloud service provider, resulting in the loss of approximately $200 million worth of digital assets. The network, which boasts one million users, temporarily halted user withdrawals but assured that transfers remained unaffected. Services will be restored once vulnerabilities are addressed. Mixin plans to unveil a solution for recovering the lost assets. This incident ranks as the 10th largest crypto hack in history in terms of stolen cryptocurrency volume and is the largest in 2023, according to blockchain research firm Elliptic. [more][more-2]

   1. Mixin Network is a service similar to a layer-2 protocol, designed to make cross-chain transfers cheaper and more efficient.

2. Web3 security incidents have surged in Q3: 27 Sep - Joint report released by Beosin and SUSS NiFT, in Q3 2023, Web3 security incidents have surged, with losses reaching $889.26 million, surpassing the losses of the previous two quarters combined. The Lazarus Group, a North Korean APT group, is a significant threat, responsible for thefts totaling over $208 million through sophisticated tactics including social engineering and brute force attacks. [more]

3. Houbi exchange hacked: 24 Sep - Huobi Global's HTX crypto exchange was hacked, resulting in the theft of $7.9 million worth of cryptocurrency. The exchange's hot wallet sent a message in Chinese to the attacker, revealing that they know the attacker's identity. Huobi offered to allow the attacker to keep 5% of the stolen funds as a "white-hat bonus" if they return the remaining 95% of the stolen cryptocurrency. [more]

4. BNB Chain works with Metamask to resolve the bug affecting 5% of transactions: OpBNB users are encountering transaction problems due to a Metamask bug on the BNB Chain's new Layer 2 solution, opBNB Mainnet. This bug affects roughly 5% of transactions, occasionally suggesting a "0" value for "max base fee" or "max priority fee," leading to transaction failures on the opBNB Mainnet. This issue may be related to compatibility problems between Metamask Wallet and the opBNB Mainnet. Users are advised to carefully review their transaction details and avoid transactions where these fees are set to "0" in the meantime. [more]

5. ZHU Su, co-founder of failed cryptocurrency hedge fund Three Arrows Capital (3AC), was arrested at Changi Airport while attempting to travel out of Singapore on Friday (Sep 29) afternoon. [more]