WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
When asked to write about the Winter Olympic Games this year, I immediately thought about my alpine holiday in Niseko. Those fun-and-games were two years ago, and little did I know I would not be setting my feet on a slope till…I have no idea when (thank you, COVID-19). It looks like the 2022 Winter Olympics hosted by the People’s Republic of China (PRC) will be the closest to winter sports I’ll ever be. Instead of lamenting about my missed winter sporting opportunities, I will focus on some cyber-security issues that generally come hand-in-hand with major sporting events, especially the Olympic Winter Games in Beijing this year.
For the record, this is not the PRC’s first rodeo with regards to Olympic games. The country had experience in 2008 when it hosted the Summer Olympics. Clearly a lot has changed during those 14 years.
Geopolitical events are crucial when understanding cyber threats and their risks, because these developments often influence the conduct and trajectory of cyber activity. Just last year, Stefano postulated the type of cyber threats associated with the UEFA EURO 2020 Championship (joke’s on him, the greatest threat was…his nationality) and discussed some risks associated with the Tokyo 2020 Olympic Games. These events attract large viewership and are essentially a prime stage for showing the world what you’re made of, which often include sending politically charged or ideologically motivated messages.
The cyber threats affecting those two events are just as valid and applicable to the 2022 Winter Olympics in Beijing. This time, we’re going to delve a little deeper into some of the controversies and considerations arising from the event set to commence on 04 Feb 2022.
The International Olympic Committee’s (IOC) decision to award the PRC as host to the Winter Olympics is not without controversies. The PRC has often come under fire for its human rights violations and atrocities against the Uighur community in its territory, particularly in the Xinjiang region. These allegations have gotten more and more pronounced in the last five years or so. The West has frequently used the PRC’s genocide as a political rallying point, citing the PRC’s poor track record on human rights issues to halt or turn down agreements.
With the Winter Olympics, calls for the PRC to address these human rights concerns have once again surfaced. On the PRC’s part, the Chinese Communist Party’s stance towards these concerns are consistent; when confronted by other countries about these allegations, the PRC defers to the same public relation tactics: it regards these comments as interference from external parties, and does not pay heed to such advice. The party line is that foreign actors have no rights to make these demands. It has also defended its actions in Xinjiang as re-education rather than genocide.
Another human rights issue that has come up time and time again is the crackdown on Hong Kong’s political freedom. More recently, these concerns have extended to Chinese tennis player Peng Shuai’s disappearance, after she made sexual accusations against a top government official in the PRC. Peng Shuai has since returned into the public spotlight and retracted her allegations; many have suggested this is due to pressure from officials in the PRC.
Over these human rights concerns, some countries have initiated a diplomatic boycott of Beijing 2022. The US, the UK, and Australia are among such countries. Unlike a complete boycott of the event, a diplomatic boycott is markedly strategic. It entails a partial embargo of the event, where government representatives will not attend Beijing 2022. However, their national athletes will still participate and compete in the games. It is a win-win arrangement where countries can air their displeasure without snuffing the games entirely and antagonizing the host country. Whether this diplomatic boycott is genuinely worth its salt at pushing the PRC to improve its human rights score is another conversation altogether
Will this really result in some PRC-initiated cyber activity? Maybe, maybe not. Haters gonna hate, but the PRC does not take too kindly to their critics and has targeted its naysayers in cyber espionage operations. The US-PRC trade war is among the many instances the PRC has done so. But the US is not the only detractor. In March 2021, the Finnish Security Intelligence Service (Supo) attributed an attack that targeted the Finnish parliament to the PRC-linked “APT31”. Reasons behind the attack weren’t obvious, but were likely to be related to Finland-PRC developments such as Finland’s involvement in the PRC’s Belt and Road Initiative, Finland’s opposition to the PRC’s national security law in Hong Kong, and/or Finland’s rejection of a PRC offer to lease an airport in northern Finland for research flights.
With Beijing 2022 being a matter of prestige and “面子” (mian-zi), the PRC is probably going to far ends to ensure the smooth conduct of the event. That means information gathering to stay one step ahead of the potential hindrance, especially interference from foreign parties, is likely to occur.
Besides watching geopolitical relations unfold on the sporting stage, there are other areas of cyber-security concerns regarding the Winter Olympics. Already, the official mobile app for Beijing 2022, also named “My2022”, was problematic. The app is intended to process athletes’ health and travel data but has unwittingly come with its slew of flaws.
For starters, the app’s security was insufficient when protecting user data. Cyber-security researchers at Citizen Lab had found that My2022 ran into privacy and data security issues, especially when the app collected excessive amounts of data, such as WLAN status, device identifiers and model, cellular service provider information, apps installed on the device, audio data, and device storage access. Basically everything. The app is also used to submit health customs information necessary for those entering the PRC from abroad, which means such personal data is susceptible to exposure too.
But My2022 security issues don’t end there. Flaws in the Secure Sockets Layer (SSL)-based encryption used in My2022 also potentially exposes a device to unverified connections. In this aspect, researchers have found that My2022 doesn’t necessarily verify that the servers where data is being transmitted are the intended servers, and an attacker can intercept data sent from My2022. This essentially makes a device vulnerable to a man-in-the-middle attack. Even more worrying is discovering that data transmitted from the app is not always encrypted. All it takes is some network packet interception before some ill-intentioned user potentially obtains the data in plaintext form.
Overall, odd, considering that the CCP has taken its domestic technology firms to task over the excessive collection of data. When considering the recent implementation of laws like the Personal Information Protection Law (PIPL), My2022 is undoubtedly violating some of the government’s own ground rules.
But before you vilify Chinese apps and technology and avoid them altogether, the security issues in My2022 are not particularly surprising for apps developed by other organizations either.
Even though My2022 is a Chinese app, its flaws and vulnerabilities are likely to impact even foreigners. All participants – athletes, the media, spectators – in Beijing 2022 have to use the app, which is supposedly used in COVID-19 ringfencing efforts (the PRC is currently pursuing a zero-COVID policy). Considering the high—well, as high as it would get during a pandemic—global participation rate, foreign users too are likely to be impacted by My2022 flaws.
Do not panic just yet. You need not sweat buckets over these security issues and downloading the app certainly doesn’t put you in grave danger. If anything, the issues found in My 2022 are unlikely placed there intentionally to enable state surveillance; they are more likely due to shoddy design or poor app development. Athletes or the press members using My2022 are no more likely to be monitored by the PRC than regular travelers. For these users using My2022 to log their health data, there is essentially no heightened risk as the authorities in the PRC would be collecting such information at ports of entry anyway; this is no different in any other country, which has mandated health and vaccination declarations for all visitors especially during a pandemic.Not being at a higher risk of surveillance doesn’t absolve one from surveillance in the PRC completely though.
As a whole, these concerns do spark discussion about the broader implications of operating in the PRC. It is no secret that the PRC uses technology to conduct surveillance and monitoring within its territories; it is this same concern that drove all that discourse around the use of Chinese-developed technology like TikTok and Huawei equipment. When in PRC territory and using the government’s apps and networks, all data transmitted locally islikely to end up in the hands of the authorities. Domestically, there are laws to facilitate that; besides the PIPL, there are also the Cyber-security Law (CSL) and Data Security Law.
In terms of surveillance, Big Brother is already watching on a regular basis in Chinese territories. With the Olympics remaining a matter of dignity for the PRC, a greater level of such monitoring can be expected. No country would embrace sabotage with open arms, which is definitely not the case for the PRC.
It’s tough to completely mitigate these data collection and surveillance activities, even more so in the PRC. One should assume that all data—which can include emails, SMSes, app data—can be compromised when operating in the PRC. Short-term measures when visiting the PRC should encompass using burner devices, like temporary or disposable laptops or mobile phones, and wiping all data from those equipment before and after traveling to the PRC. This is what some participating countries in Beijing 2022 have done.
In any case, it looks like we’re participating in a biathlon—a long and sometimes unbalanced journey, with hits and misses along the way.
Threat intelligence isn’t always about IOCs and attributing attacks to a specific actor. Understanding geopolitical developments do go a long way in contextualizing the activities occurring in the digital space. Here at Digital Shadows (now ReliaQuest), the Photon Research Team assesses the risks and cyber threats that come with high-profile global events and looks at the wider cyber-security concerns. This includes understanding the operational risks associated with a country and better dealing with or mitigating some of these exposure. Take a customized demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) with us, and let us show you how to better equip yourselves against cyber threats out there.