Cyber Intelligence Weekly: The 3 New Ideas You Need to Know this Week (Issue 159 – September 22, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight our next Cybersecurity Champion feature: "Navigating Cybersecurity and the World: A Journey of Growth and Mentorship with Shir Butbul " Meet Shir Butbul , a Senior Consultant within our vCISO services practice, whose remarkable journey at @Echelon Risk + Cyber is a testament to the power of continuous learning and mentorship. From her early days in GRC to co-founding our Women in CyberSecurity (WiCyS) employee resource group, Shir's dedication to uplifting others and driving progress in the cybersecurity industry is truly inspiring.

?? “Be very proactive, curious, and continue learning.” - Shir Butbul

?? Discover Shir's inspiring journey here: https://lnkd.in/eE5E-rCZ

Away we go!

1.??UK Privacy Watchdog Stops LinkedIn’s AI Training Program Using User Data

LinkedIn recently introduced a new feature that uses its users’ content to train artificial intelligence (AI) models, automatically opting in all participants. However, this rollout has been halted in the United Kingdom following concerns raised by the Information Commissioner’s Office (ICO). The ICO’s engagement with LinkedIn led to a suspension of the feature for U.K. users, while LinkedIn reviews its approach to AI model training in the region.

Stephen Almond, Executive Director of Regulatory Risk at the ICO, expressed satisfaction with LinkedIn’s decision to pause AI model training. The platform had begun utilizing user data, including personal information, to enhance AI-driven services without informing users beforehand. This practice was not applied in Europe due to stringent data privacy laws. U.K. users are now protected from this automatic opt-in as LinkedIn works with the ICO to address privacy concerns.

Stephen Almond, Executive Director Regulatory Risk, said : "We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its UK users. We welcome LinkedIn’s confirmation that it has suspended such model training pending further engagement with the ICO. In order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset. We will continue to monitor major developers of generative AI, including Microsoft and LinkedIn, to review the safeguards they have put in place and ensure the information rights of UK users are protected."

LinkedIn updated its terms of service and privacy policy after the feature's rollout, allowing users to opt-out by adjusting settings. Despite the company’s swift action to clarify its use of user data, the ICO’s intervention highlights the ongoing need for transparency and public trust as AI continues to be integrated into digital platforms.

2.??Singapore’s BingX Loses $44 Million in Major Crypto Hack

Singapore-based cryptocurrency platform BingX announced that over $44 million was stolen in a cyberattack on Thursday night. Blockchain security firms detected large sums of money being siphoned from the platform before BingX informed users about a disruption, initially describing it as "wallet maintenance." Later, the company confirmed the breach, stating it had detected "abnormal network access," likely a hacker attack on its hot wallet. In response, BingX halted withdrawals and transferred assets to minimize further losses.

BingX later confirmed that with assistance from blockchain security firm SlowMist, they tracked around $44.7 million in losses, although estimates from other firms suggest the figure could be higher, potentially reaching $48 million. Despite this, BingX reassured users that they would fully compensate the losses from their own capital, with Chief Product Officer Vivien Lin emphasizing that the losses are manageable and that the platform's operations remain unaffected. Withdrawals and deposits, temporarily paused, are expected to resume within 24 hours.

The company also revealed that it has been working with security firms like SlowMist and Chainalysis to trace the stolen funds and has reportedly managed to freeze $10 million of the compromised assets. Despite the attack, BingX reassured users that trading services would continue, and they plan to provide further updates through an audio question-and-answer session once the full extent of the losses is determined.

This incident is part of a wider trend of cyberattacks targeting Asia-based crypto platforms. Other platforms in Singapore, Indonesia, India, and Japan have suffered similar attacks this year, with losses ranging from $20 million to over $300 million.

?

3.??Massive Chinese IoT Botnet Goes Undetected for Four Years Before FBI Takedown

U.S. authorities have taken down a massive botnet known as "Raptor Train," operated by Chinese state-sponsored hackers for four years. This network, made up of over 260,000 compromised Internet of Things (IoT) devices such as routers and surveillance cameras, was primarily located in homes and offices in North America and Europe. The FBI, along with the Cyber National Mission Force and the National Security Agency, revealed that the botnet was used to attack government agencies, telecoms, defense contractors, and other sensitive targets in the U.S. and Taiwan. At its peak, the botnet consisted of more than 60,000 infected devices.

The botnet was managed by a Chinese company, Integrity Technology Group, with ties to the Chinese government. According to U.S. officials, the company used state-controlled IP addresses to control the botnet, which was used by the hacking group Flax Typhoon to compromise systems and steal confidential data. FBI Director Christopher Wray highlighted that Flax Typhoon targeted critical infrastructure in the U.S. and overseas, impacting various industries, from media organizations to government agencies.

This is the second major Chinese-state botnet dismantled by U.S. authorities this year. In January, another botnet, operated by the Chinese group Volt Typhoon, was taken down. Both botnets exploited the widespread use of Internet-connected devices, which are often less scrutinized by security defenses. These botnets enabled the Chinese government to launch sophisticated cyberattacks while remaining undetected for years.

The discovery and dismantling of Raptor Train mark a significant victory for U.S. cybersecurity efforts, but the FBI and other agencies warn that threats from Chinese and other state-sponsored hackers continue to evolve.

?

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about