OSIRIS Brief 1.14.0
Iran gets active online; Trickbot, Emotet, and Squirrelwaffle rise; AI sucks up GPUs and semiconductors.
Iranians Indicted for Online Electoral Interference
The US Department of Treasury (DoT) sanctioned six Iranian “cyber actors” and the Department of Justice (DoJ) indicted two Iranians for attempting to interfere with the 2020 elections. The FBI claims the involved individuals illegally accessed websites, sent threatening emails, and disseminated misinformation as part of a voter intimidation and influence campaign. The US, UK, and Australia, also released a joint advisory that an Iranian Advanced Persistent Threat (APT) has been exploiting MS Exchange and Fortinet vulnerabilities. Although separate events, these are two instances of increased Iranian activity in cyberspace.
Although Iranian APTs have long been malicious actors, their recent emergence is a part of the normal diffusion of online capabilities. The People’s Republic of China (PRC) and Russian governments have led the way with online activities because they have more people and wealth than Iran or other authoritarian governments. Nonetheless, the cost of cyberattacks remains within the grasp of most governments, however impoverished they may be. Consequently, we should expect that government-sponsored APTs will proliferate as capabilities spread globally, and pioneers demonstrate which cyberattacks work.
Some commentators have pointed to the indictment as evidence that the 2020 election was “hacked” by outside groups, however such argumentation is sloppy and aligns with similar statements about the 2016 election. In both elections, agents of foreign governments attempted to affect the election’s outcome, and their efforts included cybersecurity attacks. However, in neither case did the attacks affect voting machines or vote tabulation. Both kinds of electoral interference are problems, though for different reasons, and it is important to keep the two issues distinct.
A Plethora of Renewed Ransomware
This past week researchers discovered several malware that have found new life. The notorious TrickBot botnet is now using the Emotet network breathing new life into “the world’s most dangerous botnet”. Also last week, researchers identified Squirrelwaffle as the “loader” in several vulnerabilities including spam-based attacks. Revitalized Emotet, Trickbot, and Squirrelwaffle probably will probably increase the number of attacks soon.
No doubt my readers may feeling like they are on the worst merry-go-round ever with the never-ending return of old malware. Malware reuse is less of a problem if you keep your software updated. Updated software should have already patched the vulnerabilities these malware exploit, thus protecting your system. The exploits will only stop working when all systems are patched.
AI Demands Precious Semiconductors
Last week Nvidia reported their sales to data centers grew 55% driven by demand for artificial intelligence (AI) chips. Nvidia is a graphics processor company and, until recently, would not expect that data centers would comprise a major customer base. Data centers historically relied on multiprocessing CPUs like Xeon or Threadripper, not GPUs, because most graphics were processed locally. GPUs’ ability to perform millions of simple calculations simultaneously is perfect for AI, and many data centers now offer GPU processing services.
The rising importance of AI contributes further to semiconductor shortages that have trammeled most sectors. GPUs are experiencing an extremely acute shortage, that some people blame on cryptocurrency mining. GPUs are important to both video gaming, crypto mining and AI.
Noteworthy
A Guide to Ransomware: Prevention and Response by Tafelski
How to Protect Yourself from Social Engineering Attacks by Fremery
The ordeal of an identity theft victim by Tsrouya
An Illustrated Guide to Elliptic Curve Cryptography Validation by Bottinelli
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Ask a question! Raise an objection! Leave a comment!