April 27 - May 3, 2023 | Issue 12 - NORTHCOM, CICYBER, and Weapons/Tactics
Agathe Labadi, Arnold R. Koka, Emanuela Bulferetti, Martina Sclaverano, Megan McCluskey, Sonia Savci, Virginia Martos Blanco
Álvaro Picón, Editor; Jennifer Loy, Chief Editor
California, USA[1]
Date: April 27, 2023
Location: Mountain View, Santa Clara, California, USA
Parties involved: Google; Software Development Kit Providers (SDK); Google Android Google Play Developer Community; Google consumers; malicious actors
The event: Google announced the removal of 173,000 accounts that violate its policies, preventing the uploading of 1.43 million apps and $2 billion USD fraudulent transactions from joining its Play marketplace in 2022 as part of its efforts to counter malicious activities on its platform. Google launched the App Security Improvements program, the Helpline pilot, the Google Play SDK Index, and the Google Play Developer Community, which give developers assistance and discussion opportunities for best practices and policy standards.[2]
Analysis & Implications:
Google will likely integrate its developer outreach measures into a single platform, enhancing dialogue with developers on security practices. Collaboration efforts will likely encompass user-developer dialogue systems to establish accessible privacy and consumer security protocols. Security talks will likely incentivize new best practices on end-user reporting of suspicious apps and activities on the Google Play marketplace.
Increased vulnerability patching and software strengthening measures introduced by Google will likely push malicious actors to change their tactics. Attackers will likely continue targeting Google, expanding their infiltration directly into other app platforms to avoid fast detection and banning. Malicious actors will likely use enhanced engineering techniques, like Remote Access Trojans (RATs) or phishing emails, to facilitate the attacks and gain access to sensitive data.
Date: May 1, 2023
Location: USA
Parties involved: USA; House Appropriations Committee's subcommittee on Commerce, Justice, Science, and Related Agencies; Federal Bureau of Investigation (FBI); FBI Director Christopher Wray; FBI’s cyber personnel; US military; US high-profile targets; China; Chinese hackers; foreigners
The event: During a subcommittee hearing, Wray called for $63 million and 192 more cyber positions for the FBI, citing China's unparalleled cyber threat to the US. He claimed Beijing outnumbers FBI cyber personnel 50 to one, stealing more US personal and corporate data than all other nations combined.[3]
Analysis & Implications:
Chinese hackers will likely target US vital systems with unpatched vulnerabilities and unprotected endpoints. They will likely focus on gaining economic and technological leverage with counter-espionage and data theft through ransomware attacks. China will likely combine attacks with influence operations to manipulate public opinion and maximize disruption covertly. There is a roughly even chance China will extend its operations to overt disruptive attacks, including digital sabotage on high-profile targets or the military.
The FBI will very likely employ its budget and personnel for surveillance operations on foreigners outside the US territory, likely causing public criticism toward the agency for privacy infringement. There is a roughly even chance the FBI will sponsor training programs for countering biases in targeting foreign individuals to increase the efficiency of targeted surveillance.
[1] California by Google Maps
[2] Google Bans 173,000 Bad Developers in 2022, InfoSecurity, April 2023, https://www.infosecurity-magazine.com/news/google-bans-173000-bad-developers/
[3] China has 50 hackers for every FBI cyber agent, says Bureau boss, TheRegister, April 2023, https://www.theregister.com/2023/05/01/fbi_director_wray_china_testimony/