Tech Risk Reading Picks

1. NIST on Trustworthy and Responsible AI: In the latest NIST report on Trustworthy and Responsible AI, NIST highlighted on adversarial machine learning (AML). The report introduces a comprehensive framework by developing a taxonomy and defining key terms rooted in AML literature. This taxonomy encompasses ML methods, stages of attack lifecycles, and details about attacker goals and capabilities. Offering practical insights, the report proposes methods to counteract attacks and sheds light on challenges within AI system lifecycles. With a focus on user accessibility, the report establishes a consistent terminology, aided by a glossary, to assist those less familiar with the subject. The ultimate aim is to create a shared language for the assessment and management of AI system security, providing a foundation for future standards and practice guides in the dynamic AML landscape. [more]

2. OT and IoT risk: In 2024, experts foresee the Internet of Things (IoT) driving the emergence of smart societies, with increased connectivity in cities and businesses. The integration of IoT with robotics is expected to lead to a new era of intelligent robots in various applications. However, the accelerated adoption of Industrial IoT (IIoT) devices poses cybersecurity threats to operational technology and industrial control systems, necessitating a demand for security experts. Generative AI is anticipated to enhance the resilience of cyber-physical systems against threats, automating workflows for better security insights. Device security will become more tamper-resistant, and cryptography will play a vital role in securing IoT products. Additionally, the growing connectivity of IoT devices may increase the demand for cyber insurance coverage to address emerging vulnerabilities. [more]

3. Quantum communication: Researchers from China and Russia have conducted a test of a quantum communication link designed to be impervious to hacking. The communication was secured through encryption using keys transmitted by the Mozi satellite, with the goal of bolstering secure communication among BRICS nations. [more][more-2]

4. Web3 Security & Risk in 2023:

   1. In a report released on December 28, 2023, by the blockchain security platform Immunefi, it was revealed that Web3 hackers and scammers caused a cumulative loss of $1.8 billion. The Lazarus Group, linked to North Korea, accounted for 17% of the total losses, as indicated in the report. [more]

   2. Data shows Ethereum was the most exploited digital token in 2023 where it accounted for 70% of the losses. [more]

   3. According to TRM Labs data, there was a decrease of over 50% in crypto hacking incidents in 2023 compared to the previous year. [more]

   4. CertiK releases Hack3d 2023: The Web3 Security Report. [more]

5. DeFi and Web3 attacks:

   1. Decentralized finance startup, Levana Protocol, faced a security exploit resulting in a $1.14 million loss. Levana stated that issues were unrelated to Osmosis but rather core Tendermint and Cosmo SDK problems. Despite the involvement of the Pyth oracle in the attack, no known vulnerability was identified in the oracle. [more]

   2. In a recent incident, hackers stole $82 million just before the new year by exploiting Orbit Bridge, the cross-chain bridging service of Orbit Chain. The project responded by suspending the bridge contract and engaging in on-chain negotiations with the attackers, according to Beosin Alert, an on-chain analytics platform. [more]