Tech Risk Reading Picks

1. Ransomware attacks: In 2023, ransomware payments surged to a record $1.1 billion, marking a substantial increase from the previous year's slower pace of payments to ransomware groups. [more]

2. Quantum computing: A fault-tolerant quantum computer, utilizing "logical qubits" interconnected physical quantum bits, aims to reduce errors by diversifying data storage across multiple locations. QuEra, the startup behind this innovation, plans to launch a machine with 256 physical and 10 logical qubits by late 2024. [more]

3. Out of the Cloud: A recent study by Citrix found that 25% of organizations in the UK have moved half or more of their cloud-based workloads back to on-premises infrastructures. The survey of 350 IT leaders revealed that 93% had been involved in cloud repatriation projects in the past three years. The main reasons cited for this trend were cost concerns, security issues, and high project expectations. [more]

4. macOS targeted: Hackers are employing a covert approach to distribute information-stealing malware to macOS users via DNS records concealing malicious scripts. [more]

5. Bitlocker bypassed: BitLocker encryption can be compromised in just 43 seconds using a Raspberry Pi Pico costing less than $10. The vulnerability lies in BitLocker's dependence on a TPM (Trusted Platform Module) for security, making it susceptible to exploitation in this specific scenario. [more]

6. AI assisted attacks: Kaspersky's Digital Footprint Intelligence service found almost 3000 dark web posts discussing the misuse of ChatGPT and similar language models, including creating illicit versions and stealing accounts. Threat actors also explored various schemes like developing malware and processing stolen data. Hackers are also sharing jailbreaks and exploiting legitimate tools for malicious purposes. [more]

7. What is Shadow AI? Shadow AI refers to the use of artificial intelligence (AI) technologies within organizations without official approval or oversight from central IT and risk management functions. It's akin to other forms of shadow IT, where employees deploy technology independently, potentially creating challenges around accountability, security, and compliance. [more]

8. Web3 Cryptospace spotlight

   1. Singapore authorities cautioned crypto traders about the escalating menace of digital asset wallet drainers. [more]

   2. A bug in Friend.tech's UI caused traders to overpay for "keys" (it’s platform token) due to the interface not syncing with the current blockchain status, leading to outdated prices being used in transaction data. The total excess expenditure by traders is estimated to be around 445 ETH. [more]

   3. The Solana network, a significant blockchain platform with over $1.67 billion in Total Value Locked (TVL) and a stablecoins market capitalization of over $2.2 billion, has unexpectedly experienced downtime. The last confirmed block was around 52 minutes ago, leading to a halt in all transactions on the Solana network. [more]