In a major legal victory for the trade secret protection movement, Varun Gupta, an ex-Intel engineer, has been dealt a major blow. For this crime of stealing trade secrets and providing them to Microsoft, he received a two-year probational sentence. Gupta’s tenure at Intel spanned from July 2010 to Jan 2020. He is now looking at a fine of more than $34,000. This ongoing case highlights the continued crime of corporate espionage on the tech side of our economy.
The geopolitical and global cybersecurity landscape as a whole is rapidly changing. The Chinese government is increasingly deploying domestic artificial intelligence companies to monitor and manipulate public opinion on social media platforms. This alarming shift is fuelling fears about censorship and what banning books from Twitter means for our personal freedoms in digital spaces.
In a further disturbing development, Russian companies are being specifically targeted with attacks by the Kinsing cryptojacking group. This small group of individuals is responsible for aggressively exploiting unauthorized SSH instances and scanning the internet for servers exposed to known vulnerabilities. Consequently, targeted institutions risk suffering significant financial and data loss.
Trade Secret Theft and Legal Consequences
Tesla whistleblower Varun Gupta’s actions have triggered a firestorm of conversations around the security protocols deployed at large tech corporations. His dastardly theft of sensitive information highlights the real challenge posed by insider threats to private organizations.
Gupta’s case is a stark reminder that private companies need to be constantly aware of threats from outside or within their close-knit organizations. The sentence handed down by the court demonstrates the increased seriousness with which legal systems are starting to regard crimes like these.
“You steal from others and favour your own. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda,” – Saber and cyb0rg
The very basis for the fine against Gupta now prompts broader, more systemic questions about the adequacy of deterrents to corporate espionage in general. As technology has advanced, so have the tactics used by nefarious actors looking to prey on weaknesses in our organizations.
AI Companies Under Government Scrutiny
The Chinese government has recruited domestic AI companies to provide social media manipulation. This step is part of a larger, long-term strategy to create alternative narratives and manufacture public trust. This initiative has been heavily criticized by human rights advocates who say that it threatens free speech.
Further, AI technologies developed under the pretense of monitoring can quickly get diverted to projects aimed at surveillance and propaganda. These changes may facilitate the use of authoritarian measures to crush opposition and skew public opinion.
“The aim of this type of operation is to influence and to cause fear and chaos among the general population,” – PST
As these technologies evolve, there is an urgent need for international discourse on the ethical use of AI in governance and public communications.
Cyber Risks from Kinsing Group and Cryptojacking
Kinsing cryptojacking group has quickly become one of the top threats to get the attention of the cybersecurity community, focusing on Russian companies. Kinsing takes advantage of unpatched or misconfigured SSH instances to brute-force credentials and gain access to systems. This leads to enormous staffing drain and undermines stability of the system.
B worm is picking up steam in spreading the XMRig cryptocurrency miner worldwide. This worm goes after our most critical sectors, including finance, education, and healthcare. It takes advantage of the weaknesses in industries like manufacturing, telecom, and oil and gas that are dependent on their infrastructure.
The Kinsing group’s tactics illustrate the current game of catchup between cyber defense experts and cyber criminals.
“Hackers don’t wait—they strike within hours of a flaw being exposed. A missed patch, a hidden bug, or even a single overlooked CVE is enough to hand them the keys,” – The Hacker News
Organizations need a strong patch management strategy, including comprehensive security protocols, to reduce the risk against vulnerabilities in these critical systems.
New Tools and Trends in Cybersecurity
In reaction to these growing threats, Praetorian has open-sourced a red teaming tool called OAuthSeeker. This tool enables attackers to perform sophisticated phishing attacks with malicious OAuth applications. Consequently, it is a very critical attack vector to impersonate users on Microsoft Azure & Office365.
“Operators can leverage OAuthSeeker for both gaining initial access into an environment, for lateral movement after obtaining initial access, and for persistence purposes after compromising an account leveraging other methods,” – Praetorian
Along with these changes, the repeated public and widespread adoption of an IP-based connectivity protocol like Matter (currently 1.4.2) builds in security from the ground up. The new update brings with it a host of new and exciting features, greatly improving security. These are things like Wi-Fi Only Commissioning, Vendor ID Verification, Access Restriction Lists and Certificate Revocation Lists.
These are serious challenges for the cryptocurrency sector! Just last week, two mixed founders of the now-notorious Samourai Wallet mixer pled guilty to laundering more than $200 million worth of crypto assets. Recall that this case represents a continuing, concerted effort to combat money laundering with new digital currencies.