• Only 4% of US States are Fully Prepared for Cyber-Attacks Targeting Elections -Under 4% of US states are fully prepared to detect and recover from election-targeted cybersecurity incidents, according to research by Arctic Wolf.The survey of state and local government leaders across the US found that 14.3% of states were ‘not at all prepared’ to deal with such incidents, with 42.9% only ‘somewhat prepared’ ahead of the 2024 US election cycle, which includes Presidential and other state and local elections.
• NIST researchers warn of top AI security threats - As dozens of states race to establish standards for how their agencies use AI to increase efficiency and streamline public-facing services, researchers at the National Institute of Standards and Technology found that artificial intelligence systems, which rely on large amounts of data to perform tasks, can malfunction when exposed to untrustworthy data, according a report published last week.
• AuthLogParser: Open-source tool for analyzing Linux authentication logs - AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log).The tool examines the auth.log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others. It produces a concise summary that offers a clear overview of the activities documented in the authentication logs, presenting the information in a format that is easy to read.

Insight

Why the Portuguese Government Banned Huawei 

Portuguese telecom watchdog working with carriers to implement Huawei ban

The Portuguese government's decision to effectively ban Huawei from its 5G network infrastructure is a complex and multifaceted issue, reflecting broader global concerns and specific national considerations. 

Portugal's cybersecurity council (CSSC) made a decision to restrict the use of equipment deemed "high risk" for 5G networks, which includes Huawei's kit. This move aligns with a broader trend seen in several countries, driven by security concerns related to the use of Huawei equipment in critical telecom infrastructure. The concerns stem from fears of potential espionage or interference, given the legislation in China that could compel Chinese companies to share data with the Chinese government. 

Huawei has responded to Portugal's decision by filing a lawsuit, contesting the CSSC's decision and seeking to protect its legal rights and interests in Portugal. The company argues that the resolution has significantly impacted it and its partners. Despite this legal challenge, major Portuguese telecom operators, including Altice, NOS, and Vodafone, have indicated that they will not use Huawei equipment in their core 5G networks. 

It's important to note that the Portuguese government's decision was based on an independent security assessment and was in line with European Union guidelines. The decision did not specifically target Chinese suppliers but was part of a broader process at the European level, focusing on transparency and security. Furthermore, the Portuguese government does not plan to compensate telecom operators for the cost of replacing "high-risk" equipment, putting the financial burden of compliance on the telecom companies. 

The situation reflects the delicate balance between national security, commercial interests, and international relations. The decision by the Portuguese government is part of a wider trend where countries are reassessing their telecommunications infrastructure, especially regarding 5G, to address security concerns. This re-evaluation often leads to difficult decisions, especially when it involves major global suppliers like Huawei. 

The debate around Huawei's participation in 5G networks isn't just about technology or business; it's also about international politics and security. The response from Huawei, through legal means, indicates the significance of these decisions for global telecom equipment suppliers and the potential impact on their business operations. 

In conclusion, the Portuguese government's decision to ban Huawei from its 5G networks is a significant move that echoes broader global security concerns. It reflects the ongoing tensions between economic cooperation, technological advancement, and national security considerations in the increasingly interconnected world of global telecommunications. 

Scammer’s Corner

“I can’t believe he’s gone.”

First, they tug at your heartstrings. Then, your bank account.

The "I Can't Believe He's Gone" scam on Facebook is a harrowing cyber ruse, striking users at their most vulnerable. It hijacks accounts to broadcast gut-wrenching tales of fictional tragedies, baiting clicks with fabricated, emotionally charged video links. These deceptive links ensnare victims in a web of scams, leading to perilous sites swarming with malware, fraud, and data theft. Crafted to emotionally manipulate and exploit, this scam is a treacherous fusion of psychological ploys and digital deception, endangering personal security and privacy.

The "I Can't Believe He's Gone" scam on Facebook exploits the distinction between the brain's System 1 and System 2 thinking, as defined by psychologist Daniel Kahneman. System 1 is fast, intuitive, and emotional, while System 2 is slower, more deliberative, and logical.

1. Emotional Manipulation (System 1 Exploitation): The scam triggers an immediate emotional response with its shocking and saddening content. System 1, being quick and driven by emotions, may lead users to impulsively click on links without rational evaluation.
2. Bypassing Critical Thinking (System 2 Suppression): By creating a sense of urgency or shock, the scam effectively bypasses the more analytical System 2, which would typically analyze the legitimacy of the post and consider the potential risks of clicking unknown links.
3. Familiarity and Trust Abuse: The scam uses familiar social media environments and appears to come from a trusted source (a friend's account), which System 1 quickly interprets as safe, further preventing the analytical System 2 from activating its usual skepticism and caution.

Understanding this exploitation can help users be more vigilant. By recognizing the emotional manipulation at play, they can pause and engage their System 2 thinking, critically evaluating the situation before reacting.

What to do to protect yourself

To protect yourself from the "I Can't Believe He's Gone" Facebook scam, consider the following steps:

1. Verify Sources: Before clicking on distressing posts or videos, verify the authenticity of the person who posted it.
2. Avoid Unknown Links: Don't click on links from unknown or suspicious sources.
3. Update Privacy Settings: Regularly review and update your Facebook privacy settings.
4. Use Strong Passwords: Ensure your account has a strong, unique password.
5. Enable Two-Factor Authentication: Add an extra layer of security to your account.
6. Educate Yourself: Stay informed about common phishing tactics and how to recognize them.
7. Report Suspicious Activity: If you encounter a suspicious post, report it to Facebook.
8. Regularly Check Account Activities: Monitor your account for any unusual activities.
9. Install Security Software: Use reputable antivirus and anti-malware software.
10. Be Skeptical: Maintain a healthy level of skepticism about overly dramatic or emotional posts.

The Deep Dive

Espionage in the Supply Chain

Supply chain vulnerabilities often stem from legacy systems and outdated software that remain unpatched or unsupported. These systems can act as gateways for cyber attackers to infiltrate and disrupt operations. The complexities and interdependencies within supply chains mean that a single vulnerability can have wide-reaching impacts, as threat actors—ranging from nation-states to criminal enterprises—seek the path of least resistance for maximum disruption or financial gain. The trend suggests a growing focus on these weaknesses, with an expectation of increased exploitation of long-forgotten vulnerabilities in the supply chains​​. This risk is amplified by the strategic value of supply chains in national infrastructure and the economy, making them a prime target for espionage activities.

In addition to the inherent risks associated with outdated systems, supply chain vulnerabilities are exacerbated by the interconnected nature of modern commerce. Cyber attackers exploit these vulnerabilities not only to disrupt operations but also to gain access to sensitive information or intellectual property. As supply chains become more digital and globally integrated, the potential for a single point of failure to have cascading effects increases. This necessitates a proactive and comprehensive approach to cybersecurity, emphasizing regular updates, robust security protocols, and continuous monitoring to mitigate these risks.

The vulnerabilities in supply chains are particularly concerning because of their potential to be exploited by a wide array of actors. These include state-sponsored groups and "lone wolf" terrorists, as well as other criminal entities. The interconnected nature of supply chains means that a breach in one area can lead to cascading effects throughout, disrupting critical services and operations. Therefore, organizations are encouraged to rigorously assess and upgrade their legacy systems and maintain vigilance in monitoring their supply chain for any potential security breaches. Proactive measures and robust cybersecurity protocols are essential in mitigating these risks​​.

And Finally…

As we close this edition, let's remember that the battleground of cyberwarfare is not confined to the digital world alone; its echoes resonate in the very fabric of our daily lives. Armed with knowledge and insight, we are not just passive observers but active participants in safeguarding our digital future. So stay vigilant, stay informed, and come with us as we continue to demystify the ever-evolving landscape of cyber conflict, where the unseen bytes wield the power to shape our world. Join us for our next episode where we will start looking at narrative assaults, some of the reasons why Security Awareness Training keeps failing, and why we don’t quite believe that Bad Things will happen to us. Plus, what’s wrong with looking like a Viking?

Stay safe!

linkedin.com/in/computercrime/ @JonathanHCare (X) That Fraud Guy (Mastodon)

Thanks for reading Cyberwarfare, Espionage and Extortion! Subscribe for free to receive new posts and support my work.