Another busy month goes by, but the team has found some time to read around our threat intelligence-focused roles. This month’s installment looks at some more politically-driven analysis on opposite sides of the globe, as well as some good old-fashioned encryption techniques that caught our eye

White House continues its commitment to cyber policies:

Representatives of some of the biggest tech companies in the US met at the White House to pledge support in improving the US’ cyber security defences and readiness, writes the Financial Times. Executives from the technology, energy, insurance, banking and education sectors were present alongside President Joe Biden, where they discussed holes in US cyber defences. 

The role of the private sector in securing critical infrastructure has never been more prevalent than today. So, if the Biden Administration wants to lessen the impact of events such as the SolarWinds compromise and Microsoft Exchange attacks, it needs input from leading companies. 

The National Institute of Standards and Technology (NIST) has pledged to work with companies to strengthen software supply chains; Google has stated it will invest USD 10 billion in cyber security in the next five years; and Microsoft has promised USD 20 billion. This summit shows that the US Government has committed to advancing its cyber defenses and has recognized that its efforts would be hindered without the private sector doing the same. 

Read the article here.

Byline: Rory

Morse code makes a comeback:

The Photon Team often reads about new and increasingly complex encryption mechanisms actively used throughout the cyber threat landscape. So, it was somewhat surprising to read an article published by Microsoft’s security team which stated that threat actors behind an ongoing spearphishing campaign were using Morse code for encryption. Insights into cyber threat campaigns such as this often drive the research and reporting that we do day in day out and so don’t guide what we read for leisure, but this story peaked our interest and fuelled discussion on an August episode of ShadowTalk

The well-known, and rather historic, system of dots and dashes for encoding messages had seemingly featured as part of an eclectic mix of encryption techniques in this campaign tracked by Microsoft. The attackers were using these encryption mechanisms to obfuscate malicious HTML attachments and bypass browser and email security controls. The campaign embodied modern, dynamic cyber threats where threat actors make a special effort to alter their tactics, techniques, and procedures (TTPs); the threats actors responsible for these attacks were altering their TTPs approximately every 30 days. 

The use of Morse code, although it was likely not that difficult to decrypt, demonstrates the variety of ways in which threats actors attempt to thwart analysis of their attacks. This probably came a nice but rather confusing surprise to the researchers tracking the campaign, serving as an ‘old-but-gold’ moment for encryption. While providing some detailed analysis of the attacks and the various techniques used, the article is an interesting addition to the catalogue of research that tracks the ways in which cyber attackers aim to stay ahead of network defenders. 

Read the article here.

Byline: Adam Cook 

Tech yourself before you wreck yourself:

In the last couple of months, my reading up on the developments in Asia-Pacific (APAC) has largely been focused on China’s crackdown on its domestic technology sector. The vehicle hire service DiDi and their lacklustre debut on the New York Stock Exchange followed the silencing of supposedly defiant ‘techno-preneurs’ in China; these are the stories that have made my reading list. 

This stringent oversight of the Chinese tech sector came as a surprise. With the Chinese Communist Party (CCP) under Xi Jinping regularly discussing technological developments in the last couple of years, this clampdown definitely sounds like it is going against the grain of what they’re trying to achieve. But on further examination, this move is probably warranted. 

Today, data is power, and big tech companies have plenty of both. And to the overprotective parent figure that the CCP acts as, its children are running amok. They practice some self-serving moves: These companies block links to the services of other companies, deny merchants from selling on more than one platform, and practice discriminatory pricing strategies (regular users pay more than new users, iPhone users pay more than Android users etc). And by denying workers of the gig economy fair remuneration, they’re also pretty underhanded to the average worker trying to make ends meet. 

As consumers, we hate to see these unfair practices at play. But is altruism really in action here? Let’s not forget that most of CCP’s ideologies and manifesto have echoed a common theme – the needs of the state must come first. In this case of state intervention, it is more likely that the CCP is worried about not having access to this trove of data, held by its domestic tech companies, within its own house, than it is doing so over magnanimous reasons. 

At the same time, this level of intervention in the tech industry is also unthinkable in other parts of the world. There have been many calls for stronger regulatory enforcement on big tech companies. But, how many times have Facebook, Google, and Twitter been aksed to testify before Congress? And have these actions actually resulted in any response? Say what you will about the heavy-handedness of the Chinese state, but it may just be the answer we didn’t want to need. With great power, there should also be great humility. Maybe what we need every now and then is an absolute power to whip these tech titans into humility, for purposes such as prevention of abuse. Till then, there is no between. 

Read the article here.

Byline: Xue Yin Peh

Closing thoughts:

Despite all your busy schedules, it is important to take the time to read around your subject areas and this is something we are also trying to do ourselves. This series will hopefully continue to inspire intelligence and research teams to read into the wider threat landscape and provide some fresh perspectives. In the meantime, if you’re looking for more in-depth threat intelligence, you can take SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) for a 7-day test drive or contact us for a customized demo.