We start the week with the most important tech stories and the biggest story is still unfolding in the cybersecurity world. On Friday, a highly sophisticated ransomware attack hijacked the software by the Florida-based tech supplier Kaseya. We are yet to know the full impact of the attack, however, the initial information already suggests it may be the largest ransomware cyber attack up to date. Hundreds of businesses have been affected not only in the US, as shown by the biggest grocery chain in Sweden forced to close all 800 of its locations due to the aftermath of the cyber attack. There is another big story in the cybersecurity sector as CISA announced it would start cataloging the bad cybersecurity practices to help companies prioritize the key cybersecurity responsibilities. On a different note, we will look at one of the largest crypto exchanges, Binance, and its continuous struggle as it faces more global regulatory scrutiny. Meanwhile, a new fee structure for Dogecoin has been announced, DERPA wants the future AI systems to learn from each other in an innovative project, Ukraine gave us insights on how they view their future CBDC, and Compound Lab launched a new company that may be one of the biggest developments in institutional DeFi.
On Friday, we reported that Britain has banned one of the biggest crypto exchanges Binance from carrying out regulated activities. It is one of several moves that have been taken against the platform by financial regulators across the globe and it raises several questions.
Binance is a giant cryptocurrency exchange, with trading volumes reaching $662 billion in June of this year, nearly ten-fold up from its last year’s levels.In 2021, the app has grown in popularity in the UK, being downloaded 2.2 million times in total in 2021. Although the app has gathered millions of users across the globe, its own location is not known, with most reports pointing to the Cayman Islands. However, a spokesperson for Binance declined to reveal the location saying the company was “decentralized” and “works with a number of regulated entities around the world”.
However, lately, Binance came under fire in and outside of Britain. In Japan, the regulator announced last week Binance was operating in the country illegally and Germany’s financial watchdog said Binance risks being fined for offering tokens that are connected to stocks. On Friday, Thailand’s regulator filed an official complaint ai ainst Binance for operating without a license. In its statement, Thailand’s Securities and Exchange Commission (SEC) highlighted that only licensed firms can provide services that are related to the trading of digital assets.
Binance is also under investigation in the US. However, making firm decisions on crypto exchanges that are based out of the country is problematic.
“It’s very difficult,” said Simon Treacy, a senior lawyer at Linklaters. “(The FCA) don’t have jurisdiction over the whole of Binance’s operations, so they use the point where they do have jurisdiction and put pressure on the business there.”
“At the moment the method is to emphasize risks to investors in the UK of these services rather than to regulate them outright,” said Barney Reynolds, a lawyer at Shearman & Sterling.
On Friday, hundreds of businesses were affected by a largely sophisticated ransomware attack that managed to hijack technology management software from the Miami-based tech supplier Kaseya. The software developed by Kaseya is used by thousands of businesses across the globe, and thus, the attack is currently considered as the largest ransomware attack in the globe.
The criminals changed VSA, a tool by Kaseya that companies use to manage technology at their businesses. Then, the attackers encrypted the files of those businesses. Following the attack, Kaseya announced it shut down much of its infrastructure and was urging the customers that use VSA to immediately turn off the services.
“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email.
On Saturday, one of the largest ransomware attacks in history occurred, quickly spreading its influence all over the world. Among the victims was the largest grocery store chain in Sweden, Coop, which was forced to close all of its 800 locations because they were not able to operate cash registers.
The highly sophisticated attack on U.S tech provider Kaseya is attributed to the ransomware gang REvil that allegedly hijacked the desktop management tool of Kaseya and performed a malicious update that affected thousands of businesses.
“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately,” U.S. Cybersecurity and Infrastructure Security Agency said in a statement.
“What we are seeing now in terms of victims is likely just the tip of the iceberg,” said Adam Meyers, senior vice president of security company CrowdStrike.
On Saturday, U.S. President Joe Biden said the U.S. intelligence agencies have launched investigations related to the attack.
According to Coop, a tool used to update checkout tills was affected and the payments could not be taken.
“We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,” Coop spokesperson Therese Knapp told Swedish Television.
Defence Minister of Sweden, Peter Hultqvist, described the attacks as “very dangerous” and said the ransomware illustrated that businesses and state agencies must be more prepared for these kinds of attacks in the future.
“In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,” he said.
On Tuesday, The Cybersecurity and Infrastructure Security Agency (CISA) released a list of two bad practices to help infrastructure providers with prioritizing key cybersecurity responsibilities. According to the CISA Executive Assistant Director Eric Goldstein, the bad practices use unsupported or “end-of-life” software, and use known/fixed/default passwords or credentials.
“There is certainly no lack of standards, practices, control catalogs, and guidelines available to improve an organization’s cybersecurity. While this body of guidance is invaluable, the sheer breadth of recommendations can often be daunting for leaders and risk managers,” Goldstein wrote. “The principle of ‘focus on the critical few’ is a fundamental element of risk management. Based on the understanding that organizations have limited resources to identify and mitigate all risks it should also be an essential element of every organization’s strategic approach to security. Addressing bad practices is not a substitute for implementing best practices, but it provides a rubric for prioritization and a helpful answer to the question of ‘what to do first.’”
Now, CISA has created a webpage where bad practices can be cataloged and the agency will update the practices based on feedback received from cybersecurity experts.
“It’s easy to say, ‘don’t use the same passwords’ or ‘use strong passwords,’ but that puts all the onus on the users and none of the responsibility on the security teams,” Sean Frazier, a federal chief security officer at the identity and access management company Okta, said. “What we should say is, ‘Users need to be part of the security solution and if they must use passwords (almost everybody does), we should provide them with the best practices and the tools to do so, things like multi-factor authentication, password managers and best practice training and phishing exercises. Or better yet, provide them with anti-phishing technologies like secure hardware tokens that are easy to use.’”
Defense Advanced Research Programs Agency, or DARPA, opened a brand new Artificial Intelligence Exploration Opportunity where it plans to work on “the technical domain of lifelong learning by agents”—AI systems—“that share their experience with each other,” Currently, DARPA is offering up to $1 million per proposal under the Shared-Experience Lifelong Learning, or ShELL, program. “Lifelong learning is a relatively new area of machine learning research, in which agents continually learn as they encounter varying conditions and tasks while deployed in the field, acquiring experience and knowledge and improving performance on both novel and previous tasks,” the announcement states.
Under the ShELL program, DARPA wants to focus on projects that begin with a big number of the same AI systems that can later be deployed in different real-life situations. Because of the individual systems adapting to their tasks, all the information will be shared with the entire group of systems, allowing them to learn from each other.
“ShELL is not a framework for distributed learning that assumes task and training data/experience decomposition solely for training efficiency or because of external policies restricting the combining of source datasets,” the funding notice continues. “In contrast, ShELL rewards agents individually according to their performance on their own tasks using lessons from their own learned actions combined with those acquired from other agents.”
In a new law that regulates payment methods, the Ukrainian parliament considered the possible central bank digital currency (CBDC) to be similar to cash and other payment tools. On Wednesday, The Verkhovna Rada, the governing body of Ukraine, passed the law and even though it includes only a brief notice of the possible CBDCs, the small notion alone can give us a pretty good idea of how Ukraine plans to incorporate the future electronic hryvnia The law mentions the “digital money of the National Bank of Ukraine – an electronic form of a unit of account in Ukraine, emission of which is run by the National Bank of Ukraine.”
On Sunday, a new fee structure for Dogecoin has been announced with the goal of reducing overall transaction fees and providing node operators with an incentive to offer low-fee transactions to miners. The structure will be implemented gradually.
The current fee model was implemented in 2018 and aimed at preventing on-chain transaction spamming with the help of 1 DOGE fee per kilobyte of transaction data. That amounts to roughly 2.16 DOGE per average transaction.
Now, the proposed changes include:
- Change minimal relay fees from 1 DOGE to .001 DOGE.
- Reduce the dust limit to .01 DOGE to incentivize the use of microtransactions.
- Node operators will be able to control this dust limit
“The purpose of Dogecoin transaction fees is spam prevention,” said Dogecoin developer Ross Nicoll. “We provide suggested values so users can have confidence. If they use those values, their transactions will be confirmed in a reasonable time.”
The DeFI company Compound Labs that created the Compound money market on Ethereum just launched a new entity: Compound Treasury. The treasury is already now considered as one of the biggest institutional DeFI developments. The Compound Treasury providers neobanks and fintechs with the opportunity to send dollars that are converted into USDC, dollar-backed stablecoin that Circle administered together with Coinbase.
“This is our path to sustainability as a company. … If the interest rates in Compound earn more than 4% over time, the business will make money,” Compound founder Robert Leshner told CoinDesk. “It’s the ability to offer a new financial product that fintechs have been clamoring for.”
According to a blog post, Compound Treasury enables “large holders of U.S. Dollars to access the interest rates available in the USDC market of the Compound protocol, while abstracting away protocol-related complexity including private key management, crypto-to-fiat conversion, and interest rate volatility.”
Moreover, the Compound Treasury will also work as a regular savings account in terms of the users being able to quit anytime they want, without any time commitment.