Tech Risk Reading Picks

1. AI powered fraud: An underground website called OnlyFake is utilizing "neural networks" to produce realistic-looking fake IDs for just $15, disrupting the fake identity market and potentially enabling various cybercrimes such as bank fraud and money laundering. 404 Media confirmed the effectiveness of this technology, generating convincing fake IDs with customizable details, including photos that appear genuine. These IDs were successfully used to pass identity verification on platforms like OKX, a cryptocurrency exchange associated with criminal activity. [more]

2. AI powered hacks: State-sponsored hackers from Russia, China, and Iran are utilizing tools developed by OpenAI, which is backed by Microsoft, to refine their hacking techniques and deceive their targets. Microsoft revealed in a report that it has observed hacking groups linked to Russian military intelligence, Iran's Revolutionary Guard, and the Chinese and North Korean governments employing large language models, a form of artificial intelligence, to enhance their cyber operations. [more][more-OpenAI][more-microsoft]

3. Facial recognition data stealing iOS trojan: Group-IB's Threat Intelligence unit found a new iOS Trojan called GoldPickaxe.iOS that steals identity documents, SMS, and facial recognition data. The GoldPickaxe family targets both iOS and Android platforms and has been active since mid-2023. It's believed to be developed by a sophisticated Chinese-speaking cybercrime group called GoldFactory, closely linked to Gigabud. Social engineering is the main tactic used to infect victims' devices with GoldFactory Trojans. [more]

4. Post-Quantum Cryptography Alliance: The Linux Foundation has launched the Post-Quantum Cryptography Alliance (PQCA) to drive the development and adoption of post-quantum cryptography. This collaborative initiative aims to address security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms and supporting the ongoing development of new post-quantum algorithms. The PQCA will serve as a central foundation for organizations and open-source projects seeking production-ready cryptographic libraries and packages aligned with the U.S. National Security Agency's Cybersecurity Advisory. Founding members include Amazon Web Services (AWS), Cisco, Google, IBM, IntellectEU, Keyfactor, Kudelski IoT, NVIDIA, QuSecure, SandboxAQ, and the University of Waterloo, supporting the effort to secure sensitive data and communications in the post-quantum era. [more]

5. Cloud risk: According to Google Cloud Threat Horizon 2024, many Cloud customers are still struggling with credential security, with over half of incidents involving compromised instances due to weak or absent passwords on SSH and RDP. Threat actors capitalize on this by selling access to compromised resources for a few dollars per credential pair. Cryptomining remains a top motivation for attackers, making up nearly two-thirds of observed activity, as it offers quick profits by harnessing victims' cloud processing power for cryptocurrency mining. [more]

6. Web3 Cryptospace spotlight

   1. $290M exploitation: On 9 Feb, PlayDapp, a South Korean Web3 game development platform and NFT marketplace, halted its smart contract amid a hack. Blockchain security firms noted a potential private key leak after 200 million PLA tokens, valued at $31 million, were minted. PlayDapp offered a $1 million reward for the return of stolen assets. After the deadline, PlayDapp collaborated with security firms, exchanges, and law enforcement to mitigate the hack's impact. However, 1.59 billion more PLA tokens, valued at $253.9 million, were minted on 12 Feb. This has led to further drop of PLA token value.[more]

   2. Solana’s downtime: Solana Labs disclosed that the recent five-hour blockchain transaction halt on Feb. 6 resulted from a bug identified by developers a week prior. The bug triggered an infinite recompile loop in the JIT cache during a deploy-evict-request cycle of a legacy loader program. While the bug only affected version 1.17 of Solana's validator client, most validators were impacted as 95% of the cluster stake was on version 1.17. Developers had patched one trigger for the bug prior to the outage and expedited a patch for the second trigger. The fix is in version 1.17.20, with plans for a more comprehensive solution in the future. Solana had nine outages since September 2021, totaling over 150 hours, with the most recent outage being the first in nearly a year. [more]

   3. DAO muted after attack: Investors of HectorDAO on the Fantom network are demanding control of remaining funds after a hack on 16 Jan led to $2.7 million in losses. The team stopped communicating on 19 Jan, with all social channels muted since September 2023. The Google Group email address was also deleted before 19 Jan. Prior warnings about security risks, including the "addEligibleWallet" function, were allegedly ignored despite recommendations from CertiK. The function could be called by any account with moderator privileges, posing a centralization risk. HectorDAO claims to have engaged with CertiK for a security analysis and asserts that all assets were secured before the exploit. However, blockchain analysis suggests the attacker had access to the team's deployer account, raising suspicions of an inside job or key compromise. The team's last communication with investors was on 18 Jan before going silent. [more]