RSnake Report 20240802

Venezuela hacked leading up to election, Hezbollah leader killed, and more.

Author

Robert RSnake Hansen
August 02, 2024

Table of Contents

Hello, and welcome back to the RSnake Report. We’re out at Black Hat all next week, and I am sure I will have a lot more to share after getting liver failure at the bazillion parties on my dance card. I’m at the Blackhat Innovator and Investor’s all day on Tuesday and then at the leading conference. If you haven’t heard about it, the Innovator and Investor Summit is designed to be the place where we get to discuss the business of cyber-financing, term sheets, getting customers, etc. So, as a result, I am not able to be at the CISO summit at all, for the first time in maybe a decade, sadly. Hopefully, they can do without me - I think they’ll survive.

My bet is that Crowdstrike, LLMs, and Cyberstarts companies will be the talk of Blackhat. We shall see!

This week, we did several great demos on the “Demo Day” series. The first was with Haroon Meer, CEO of Thinkst, and the second was with Karim Hijazi of Vigilocity. If you are interested in finding bad actors in your network, both of these tools, used in combination, are powerful forces.

In the Vigilocity demo, we accidentally uncovered a considerable increase, from 4k to well over 300k malware exfiltrations a week leading up to the very controversial Venezuelan elections. This is a massive increase in new successful infections. Horrifying. Watch this section of the video:

In top stories, I would be remiss if I didn’t talk about the assassination of Hezbollah chief, Ismail Haniyeh on Iranian soil.

“from Crazy to fucking insane”

Under normal circumstances, an assassination of high-ranking officials of Hezbollah or Hamas would create an average amount of rhetoric, but keep in mind this took place almost immediately after the prime minister of Iran’s inauguration. So, there will be calls for immediate and severe reactions to the assassinations within Tehran, which I am sure the Iranians believed was relatively safe until this week. The Iranians have confirmed the rumors and offered their intentions to respond. Here is Ayatollah Khamenei’s reply:

“it is our duty to take revenge.”

I’m not in love with the rhetoric here. It is the kind of language used in the run-up to regional conflict. Many hawkish Israelis favor preemptive strikes against Iranian military targets in the run-up to the retaliatory strikes. So, it is likely that on or before Monday, August 5th, we could see a large escalation between Iran and Israel. Meanwhile, Biden has announced his full support to Israel, so expect that we may be lobbing some Tomahawks into the sandbox as well. Watch for the Shahid drones from Iran - the same ones that Ukraine has been successfully defending against for a year or more in Russia and that the USS Carney and Israel’s Iron Dome have downed any number of.

There are still questions about how much regional support the Iranians have built up with nearby actors, other than Yemen, given the fact that Hezbollah has, as recently as a few weeks ago, been lobbing missiles at other nearby nations. The reality on the ground is that public support for Hamas and Hezbollah is high, but covertly governmental support is low. So, we could see a visible shift in regional politics and full-scale war here.

So, for those playing at home, what we are seeing play out in slow motion is Russia against Ukraine, Israel against Iran and Yemen, and the US against Iran and Yemen. Next could be China against Taiwan and North Korea against South Korea. Even without the Pacific getting feisty, this is feeling a lot like we are moving towards a full-scale world war. Russia and Iran’s real trick will be to prevent triggering a NATO response.

For those who don’t recall, the sinking of RMS Lusitania was a big reason for the US to enter WWI. The sinking of warships at Pearl Harbor was a big reason the US entered WWII. The United States doesn’t like losing boats. One US ship gets sunk, and this could get ugly fast.

Fun times. Okay, onto the rest of the news…

The Pentagon is working to develop a layered missile defense architecture on Guam to protect the strategic island from potential air and missile attacks. The project office is operating with eight people establishing communication networks between defense players.

• The US military is developing a layered missile defense system to protect Guam from potential threats.

• The project office is working with multiple agencies to establish a comprehensive network of communications.

This is fairly typical of US strategy, by the way. Yes, you may destroy or get through a single layer of defense, but then we see you coming. It’s a war of early warning systems that get destroyed so that the second and third layers get a chance to hone in and eliminate the threat.

US forces took down dozens of Iran-backed Houthi drones in the Red Sea and Yemen this month, as Houthi rebels continue to target civilian and commercial vessels. US Central Command says the attacks threaten regional stability and endangers the lives of mariners across the Red Sea and Gulf of Aden.

• Houthis have been targeting commercial vessels in the Red Sea.

• US forces destroyed over 40 Houthi air and surface drones this month, as well as radar sites.

• The attacks have caused significant disruptions to global shipping, with container shipping through the Red Sea dropping by approximately 90% since December.

If you haven’t read “The end of the world is just the beginning” this really does fall right into the strike zone of what the author was predicting. Regional conflicts will shut down shipping and when shipping fails, so to do the economies that are in that region. China, incidentally, has the most to lose if large scale shipping ends, but there is no upside. There is only who loses less.

The US military has released a report on suicide rates among its personnel, highlighting occupations with higher mortality rates. The report found that certain jobs, such as infantry and combat engineering, had higher suicide rates than the overall military population.

• The US military has released a report on suicide rates among its personnel.

• The report highlights occupations with higher mortality rates, including infantry and combat engineering.

I did a few podcasts to this effect. Interesting treatments are being worked on, but talk therapy tied with high doses of psychoactive drugs does seem to be moving to the front of the pack of successful treatment options.
Watch A Veteran’s Courage of the RSnake Show for reference.

The US military launched an airstrike south of Baghdad targeting militants preparing to launch drones. The strike killed four members of the Popular Mobilization Forces, a group backed by Iran.

• US forces struck a group trying to launch attack drones in Iraq.

• The attack killed four members of the Popular Mobilization Forces, an Iranian-backed militia.

This will likely escalate. This is just a taste of what we are about to see in that region, is my guess.

Soldiers test an anti-drone system in Kuwait, showcasing the capabilities of nine advanced counter-small unmanned aerial systems against over 40 aerial targets.

• The US Army has demonstrated the capabilities of nine of its counter-small unmanned aerial systems (C-sUAS) against more than 40 aerial targets.

• The test showcased the need for a layered defense approach, combining multiple systems to effectively counter drone threats.

Iraq has received the first Bell 505 Jet Ranger X training helicopters from Bell Helicopter, marking a significant step in modernizing its rotary-wing fleet.

• Iraq’s Iraqi Army Aviation Command (IAAC) has taken delivery of the first Bell 505 Jet Ranger X training helicopters.

• The Bell 505 is designed to provide advanced flight training and will be used by the IAAC to prepare pilots for diverse and demanding missions.

Ukraine purports to need billions more in financial aid from the West to sustain its war effort next year. Russia is conducting tactical nuclear drills. The war costs Ukraine 120 million euros per day.

• The Ukrainian government estimates it will require an additional $12-15 billion in financial aid to maintain its war efforts in 2025.

• Russia is conducting tactical nuclear drills, which could raise concerns about the country’s military intentions.

It’s interesting to watch Bryan Dean Wright say that this is a war of attrition that Ukraine is likely to lose on one side and guys like David D. secretsqrl123 saying that Russia is losing miserably on the other. I want to see these two guys on a podcast together.

Russian and Chinese bombers coordinated an approach to the Alaskan coast, intercepted by US and Canadian fighters. Russian and Chinese warships also approached the Alaskan shoreline.

• Russia and China conducted a joint military exercise in the vicinity of Alaska.

• The exercise was intended to test the defenses of the United States and Canada.

This is somewhat normal saber rattling and testing of reaction times and air defenses. But it is unusual to see both Russian and Chinese bombers at the same time.

The UK has launched a global MQ-9B drone users’ club for allies, open to NATO and non-NATO members operating or interested in acquiring the long-range drone.

• The Royal Air Force announced the creation of a new MQ-9 International Cooperation Support Partnership (MIC SP) open to NATO and non-NATO members operating or interested in acquiring MQ-9B drones.

• The partnership will enable multinational contracting with GA-ASI or the US government, providing benefits such as ‘sharing of costs’ among member nations.

• The UK plans to field at least 1,000 MQ-9B drones by the late 2030s.

A US Army soldier accused of selling sensitive military information has changed his plea to guilty, and a hearing is set for August 13.

• The soldier, Korbein Schultz, was accused of conspiring to obtain and disclose military defense information and bribery of a public official.

• Schultz had been arrested in March and faced a six-count indictment, including charges related to his security clearance and his role as an intelligence analyst.

The US government is considering legislation to increase cybersecurity measures for voting machines and election systems, which could help protect against foreign interference in elections.

• The Intelligence Authorization Act includes provisions that would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.

• The bill would also create a pilot program exploring the feasibility of letting independent researchers probe election systems for flaws, with legal protections for researchers to test equipment.

• Some vendors might chafe at the bill’s requirements for manufacturers to patch or mitigate reported vulnerabilities within 180 days, and there is no new funding authorized for the EAC to run these programs.

You may start seeing more people discussing FirstNet connected voting machines soon by the way. Band 14 is in the 700 MHz spectrum and specifically refers to the frequency range from 758 MHz to 768 MHz for uplink (communication from a device to a base station) and from 788 MHz to 798 MHz (for downlink). Why this decision was made, or if it is real at all, is unknown, but don’t say I didn’t tell you first.

Russia plans to deploy offensive missiles within striking distance of Western Europe if the US follows through on its promise to deploy similar capabilities in Germany. Russian President Vladimir Putin warned that his country would take mirror measures to deploy these weapons, which may be able to carry nuclear warheads.

• Russia will deploy offensive missiles capable of striking Western Europe if the US deploys similar capabilities in Germany.

• The deployment is a response to the perceived threat from American plans to deploy medium-range missiles to Germany by 2026.

• The Russian military has used coastal artillery forces and cruise missiles to strike land targets in Ukraine, which could be upgraded with increased ranges.

OpenAI has released an alpha version of its new Advanced Voice Mode to a small group of ChatGPT Plus subscribers. This feature allows for real-time conversations with ChatGPT that can be interrupted and simulates human-like voice tones and pauses.

• The new Advanced Voice Mode allows for uncanny real-time voice conversations with ChatGPT that users can interrupt.

• The mode simulates human-like voice tones and pauses, including audible breaths.

• Large language models like GPT-4o are master imitators, and the skill has extended to the audio domain.

Scientists have developed a new model that explains how photon efficiency changes at higher wavelengths, paving the way for a more efficient quantum internet.

• Researchers have created a model to explain how light particles change efficiency at different wavelengths.

• This breakthrough could lead to a more efficient quantum communication network.

Btw… is quantum real or not? In the coming years, this will either be a huge problem or none at all, in terms of quantum crypto and quantum-safe networking. I have experts telling me both that the decoherence problem makes it impossible to use outside of one-off decryption, and others telling me this tech already exists and we have moved well past Shores algo. Which is true is not known to me.

Meta’s parent company announced its latest open-source large language model Llama 3.1, claiming it has state-of-the-art capabilities rivaling closed-source models. The announcement included a table showing the scores of various models on popular benchmarks. Meta also claimed that an experiment in open-source intelligence was successful.

• Meta announced its latest open-source large language model Llama 3.1.

• The new model has state-of-the-art capabilities rivaling closed-source models.

• A table was provided showing the scores of various models on popular benchmarks.

I have been using Llama3 for a while now, but the compute required for these larger models puts it outside the realm of consumer products and back in the world of enterprise. I still think that these are dead-end technologies due to the censorship built into them. So, while it is fun to get started and may be a helpful testbed, the real winners will be the ones that have all the knowledge and haven’t been lobotomized. If you read AI’s Best Friend, you’ll have more context for why I feel this way.

AI-driven attacks on business payment processes are increasingly sophisticated and pose new challenges for finance and cybersecurity teams. Many businesses lack automated payment processes and struggle to prevent fraud from all attack vectors.

• AI-driven executive impersonation attacks have targeted 22% of respondents, highlighting the need for end-to-end fraud prevention technology.

• The survey found that 50% of respondents experienced business payment fraud resulting from human error, while 42% reported fraud from business email compromise (BEC) attacks.

• Many businesses lack visibility into their payment processes, with nearly 58% of respondents lacking insight into payment fraud activity and the amount lost due to fraud in the past 12 months.

Apple released updates to patch vulnerabilities in Siri that could allow attackers to access sensitive data on locked devices. The vulnerabilities were found in various Apple products, including iPhone, Apple Watch, iOS, iPadOS, and macOS Ventura. Users are advised to update their software to mitigate these bugs.

• Apple patched recent vulnerabilities in Siri that could allow attackers to access sensitive data on locked devices.

• The vulnerabilities were found in various Apple products including iPhone, Apple Watch, iOS, iPadOS, and macOS Ventura.

• Users are advised to update their software to mitigate these bugs

Make sure you regularly update all your iOS devices. I hate the fact that I have to say this, but really, do it. It’s one of the few systems that does a relatively good job of updating and getting you back into the state you just were in, so there are no excuses. Save your work, and get that update rolling.

A mysterious family of Android malware has been found in Google Play after two years of hiding in plain sight. The malware, known as Mandrake, is highly intrusive and has a demonstrated history of effectively concealing its activities. It uses multiple layers of obfuscation to prevent analysis by researchers and bypass the vetting process used by Google Play.

• Mandrake, a family of Android malware, has been found in Google Play after two years of hiding in plain sight.

• The malware is highly intrusive and uses multiple layers of obfuscation to prevent analysis by researchers and bypass the vetting process used by Google Play.

• Mandrake’s primary methods include stealing user credentials, downloading and executing next-stage malicious applications, and recording screens while victims enter passcodes.

Perplexity, an AI search engine, has announced a revenue-sharing program for publishers, following allegations of plagiarism. The company aims to compete with Google and valued over $1 billion.

• Perplexity will share a percentage of ad revenue with publishers when their content is cited in AI-generated answers.

• The revenue-share applies on a per-article basis and potentially multiplies if articles from a single publisher are used in one response.

• Some content providers, such as WordPress.com, plan to pass some of that revenue on to content creators.

Threat actors are selling stolen GenAI credentials on underground hacker markets, with around 400 accounts sold per day. The hackers are using various illegal goods and services to monetize the credentials. This has led to concerns about the security of cloud-based GenAI offerings.

• Threat actors are selling stolen GenAI credentials on underground hacker markets.

• Around 400 GenAI accounts are being sold per day, usually stolen from corporate end users’ computers after infection with an infostealer.

• The hackers are monetizing the credentials by creating phishing campaigns, launching malware, producing chatbots, and stealing sensitive data.

API keys are always useful for attackers. This shouldn’t be a surprise to anyone, but it is interesting how fast computing has become something of value for more than just crypto miners. It reminds me a little of Sam Altman’s idea that in the future, instead of UBI, we might have universal basic compute.

Intel 471 is introducing Geopolitical Intelligence, a new offering that empowers business and security leaders with concise and insightful analyses of emerging situations in countries around the world.

• The geopolitical threat landscape is evolving rapidly, and organizations need to stay abreast of foreign affairs and geopolitics to protect their business operations.

• Geopolitical Intelligence is designed to help organizations improve their situational awareness, risk management, and third-party risk management use cases.

It’s unclear what this will become, but if it is anything like Stratfor, it will likely involve regional reporters who act a bit like a privatized version of the CIA. It might be worth looking into this more.

Thank you so much for reading. Please pass this along to people you think could benefit from it, too. Have a great weekend!

-RSnake

Subscribe to keep reading

This content is free, but you must be subscribed to RSnake Report to continue reading.

Already a subscriber?Sign In.Not now