Daily Briefing is a curated listicle made available by The Readable. We select a handful of significant stories worth sharing with our readers and present them in an easy-to-read, accessible format. Dain Oh and Minkyung Shin collaborate in monitoring, selecting, and reviewing the news articles, with Arthur Gregory Willers contributing to improve the overall readability of the briefing.
1. Former NSA chief warns of North Korea’s cyber gains, suggests ransomware funds quarter of GDP – South Korea’s Yonhap
Former National Security Agency Chief Paul Nakasone suggested North Korea may be generating up to 25% of its gross domestic product through ransomware attacks, according to an Asahi Shimbun report on November 10. In a local media interview held in Tokyo, Nakasone highlighted North Korea’s advanced ransomware tactics, suggesting these cyberattacks have become the country’s primary revenue stream amid strict international sanctions.
The United Nations Security Council’s sanctions committee estimates that North Korea earned approximately $3 billion from cyber theft of digital assets between 2017 and 2023, reportedly to fund its nuclear weapons program. Nakasone also expressed concerns that North Korea’s military cooperation with Russia, if expanded, might extend to cyber collaboration.
Nakasone also referenced an August Washington Post report alleging that Chinese hackers breached Japan’s military network in 2020. He recalled briefing top Japanese officials on the incident at the highest level under then-President Donald Trump’s directive.
2. 200,000 SelectBlinds customers exposed in card-skimming data breach – Forbes
In a data breach lasting nearly nine months, U.S.-based retailer SelectBlinds exposed sensitive information of 206,238 customers. Discovered on September 28, the breach compromised customers’ names, contact details, addresses, and full payment card data, including card numbers, CVV codes, and expiration dates. The attackers reportedly used Magecart-style e-skimming attacks, embedding malicious code on the checkout page to capture customer data in real-time, undetected by customers.
This type of attack poses a significant risk due to its stealth and effectiveness; unlike traditional breaches targeting stored data, e-skimming captures sensitive details as they are entered, bypassing encryption safeguards. The incident underscores the rising prevalence of Magecart attacks in e-commerce, as cybercriminals increasingly employ sophisticated methods to obtain payment data directly from online transactions.
In response, SelectBlinds took action to contain and remove the malware, strengthen security protocols, and enhance monitoring efforts. This breach, however, highlights a broader trend, as millions of stolen payment cards continue to circulate on dark web markets, amplifying global concerns over the increasing sophistication and impact of payment card theft in e-commerce.
3. Incheon public institutions face thousands of cyberattacks annually, raising data breach concerns – South Korea’s Kyeong-gi Ilbo
Public institutions in Incheon, including the city government, face thousands of hacking attempts each year, with a recent report disclosing 4,446 attacks as of September this year. These attacks focus on gaining system access and gathering information, posing a significant risk of widespread data breaches and service disruptions, especially amid a nationwide surge in DDoS attacks targeting government agencies.
Despite the frequency and scale of these cyberattacks, Incheon authorities have struggled to identify the perpetrators, often tracing incidents only to foreign IP addresses with inconclusive results. The city council is calling for urgent, preemptive cybersecurity measures, warning of potential widespread data leaks and disruptions to public services if current security defenses prove inadequate.
4. US ordered TSMC to halt shipments to China of chips used in AI applications – Reuters
The U.S. has ordered Taiwan Semiconductor Manufacturing Co. (TSMC) to stop shipments of advanced artificial intelligence-related chips, specifically those of 7-nanometer or more advanced designs, to Chinese clients effective immediately. This directive from the Commerce Department follows TSMC’s recent discovery of its chips in Huawei’s AI processors, which appears to contravene U.S. export controls. The restriction aims to prevent restricted companies like Huawei from advancing in AI technology through unauthorized access to advanced chips.
This unprecedented directive, issued through an “is informed” letter, bypasses traditional regulatory timelines to quickly impose new licensing requirements. TSMC has already halted shipments to Chinese chip designer Sophgo after connections to Huawei’s processor were discovered. The clampdown enables the U.S. to monitor other companies that may be redirecting chips to Huawei, increasing scrutiny on compliance with export restrictions.
The new restriction adds to previous export limitations on AI chips from companies like Nvidia and AMD, reflecting growing bipartisan concern in the U.S. over enforcing tech export controls to China. Although new export rules were drafted earlier in 2023, the Biden administration has delayed their release, signaling a heightened sense of urgency in preventing potential tech transfers to Chinese firms.
Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh.
