The good folks at Turing Pi sent me a trio of RK1 modules to put through their paces, to go along with the single unit I bought myself. And the TLDR, if you need some real ARM processing power, and don’t want to spend an enterprise budget, a Turing Pi 2 filled with RK1s is a pretty compelling solution. And the catch? It’s sporting the Rockchip RK3588 processor, which means there are challenges with kernel support.

For those in the audience that haven’t been following the Turing Pi project, let’s recap. The Turing Pi 1 was a mini ITX carrier board for the original Raspberry Pi compute module, boasting 7 nodes connected with onboard Gigabit.

That obviously wasn’t enough power, and once Raspberry Pi released the CM4, the Turing Pi 2 was conceived, boasting 4 slots compatible with the Nvidia Jetson compute units, as well as the Raspberry Pi CM4 with a minimal adapter. We even covered it shortly after the Kickstarter. And now we have the RK1, which is an 8-core RK3588 slapped on a minimal board, pin compatible with the Nvidia Jetson boards.

The story about Linux

Now, it has been a while since Turing sent me these devices. The main reason is that Linux support was broken in a couple of important ways. I’ve spent many hours over the last six months trying to debug these issues, and was really quite excited when I could finally boot the stock installers of Fedora 41, Ubuntu 24.10, and latest OpenSuse Tumbleweed on the RK1. The most notable issue is that mainline Linux completely failed to see the NVMe drive at boot, due to a pinmux issue that might finally get officially fixed in 6.13 or a 6.12 point release. This issue could be worked around with a custom Device Tree Binary (DTB), but it is a fiddly installation process. And the second issue was related: Using this hacked DTB only ever worked for the 32 GB ram model. These two issues really made a proper review very difficult.

You may be checking your Kernel calendar, and noting that right now, we just got the 6.12 release. Did that include the fix? Not yet. Here’s where we get to dive briefly into the ARM UEFI boot process. The Device Tree is the data structure that the kernel uses to find and initialize the hardware on the board. The 6.12 kernel is otherwise in pretty good shape for using the RK1 as a compute unit. It just has some DTB problems.

The important note is that for UEFI booting, the bootloader provides the DTB. U-boot copies that binary tree into memory, and hands the kernel a pointer to it during boot. The new development is that the semi-official Ubuntu 24.10 image finally has the patched DTB with the corrected pinmux. This arrangement also takes care of the 16GB boot failure. That meant that we could use the Turing Pi 2’s web interface to upload the Ubuntu 24.10 image, which includes U-Boot, log in to that install, and then use dd to write a disk image to the NVMe. That was a huge step forward, but it was still not ideal for a couple reasons. First, it’s a pain to install a Linux image just to be to install a Linux image. And second, not every distro releases an image that’s appropriate to simply copy onto the target drive.

The intended solution is UEFI boot that supports booting from a USB ISO. That, unfortunately, didn’t work. U-boot pulls its DTB definitions from the Linux Kernel itself, and while [Josh]’s image did have a few patches on top of the kernel’s RK1 DTB, it didn’t have a working DTB. U-boot needed not only a DTB patch, but also a patch to its own USB support, as the RK1 has a nifty trick where the USB port can be a host, device or OTG port. U-boot doesn’t really know what to do with this, and for UEFI boot, it needs to be explicitly set to host mode. All that work resulted in this flashable u-boot image. You can flash it from the web interface to an RK1, and it actually finally works to do UEFI boot on MMC, USB, and NVMe. Tested with Fedora 41, Ubuntu 24.10, and latest Tumbleweed.

So how did it turn out?

Finally, we can start with benchmarks. I ran a set of tests using the Phoronix test suite. The Pi4 is running off an SD card, and the Pi5 and RK1 results labeled “nvme” are all running off the same model of Crucial P3 NVMe.

There is a wildcard here I didn’t control for. The RK3588 is eight cores, but four A76, and four A55. So for single-threaded tests, it may be that the benchmark didn’t actually run on the most performant core. The other distinction here is that the “rk1-mainline” results is from running an Ubuntu 22.04 install with the vanilla 6.7.0 kernel, while the rk1-rok tests are from running the same Ubuntu release, but with the Rokchip kernel. Due to the issues I ran into with Linux installs, noted above, these benchmarks are a little stale.

The Pi4 is really showing its age here, and the fact that the Pi4 can only run off an SD card definitely doesn’t help compilation times. The Pi5, running off the NVMe, makes a good showing, but the RK1 is about 80% faster in this particular test. And that’s generally what I found across the board, with the RK1 performing generally between 50% and 100% faster than the Pi5.

That advantage seems to boil down to the RK1’s 8 cores, as opposed to the 4 cores in the Pi5. Tests like the timed Eigen compile showed the Pi5 and rk1 absolutely trading blows. And in the TSCP chess program, the Pi5 actually manages to eke out a win, again on a very single-core sort of workload.

So, each RK1 gives you 8 cores and up to 32 Gigabytes of ram. And thanks to the PCIe x3 lanes available, and the NVMe slots on the bottom of the Turing Pi 2, plenty of NVMe storage. Four of those in a mini-itx form factor might just be a compelling bundle of compute.

How to Get Going

One of the neat features of the Turing Pi 2 is that the baseboard itself is a Linux machine, so you can ssh into the baseboard, and access the serial ports of the individual blades. While writing this, I’m working with slot two, which is /dev/ttyS1, based on the TP2 documentation. The command to monitor and interact is picocom /dev/ttyS3 -b115200.

The other useful tool here is the web interface. In there we can toggle power on and off, as well as flash an image to the MMC of individual nodes. Grab the .bin I generated, flash it to the RK1’s MMC, and then boot from an ISO burned to DVD or a flash drive. Use the minicom command to access the serial interface, and do the install configuration over serial.

If you have a Linux install on both the MMC and NVMe, it’s useful to know how to boot off the emmc again. From that picocom terminal, interrupt u-boot, and set the target back to just the mmc:

setenv boot_targets mmc0
boot

And there you have it. This process should work for most Linux distros that have an Arm64 ISO that can boot using UEFI, running the 6.7 kernel or newer, but ideally at least a 6.11 kernel.

Into the Future

Officially, when it comes to distro options, there’s good news and bad news. Officially, you can run whatever distro you want, so long as it’s Ubuntu. The better news, support for the RK3588 is making progress in the upstream kernel. It’s decent enough that some of the benchmarks above were run with 6.7.0. 6.11, the kernel that comes with Fedora 41 is even better shape. Some HDMI work is slated to land in 6.13, along with the DTB fix.

The NPU unit, an AI accelerator built in to the chip, has an open source driver, and patches have been submitted. As far as I can tell, these have not landed upstream in the kernel yet, but work has continued since then.

The bad news is that [Josh Riek], the maintainer of the Ubuntu-Rockchip image, has taken a leave of absence from the project, putting the premier Linux image for Rockchip devices in serious limbo. And this is where we come to the biggest reason why you might not want to use the RK1. Rockchip has sadly followed the pattern of many other hardware vendors in the embedded world, and provided very little support to the community trying to maintain the software for their devices. The RK3588 launched back in 2022, and it’s still not fully supported in the Kernel. That’s not to say that Rockchip has been completely remiss. There are four Linux kernel maintainers with @rock-chips.com email addresses. But one of [Josh]’s complaints was that the whole project was on him, and Rockchip refused to even have a conversation about supporting the project.

youtube.com/embed/4aaF2HgTVe8?…

The Conclusion

OK, so the RK1 has some impressive capabilities, and while the compatibility story isn’t perfect, it’s much better than it was, with even more coming. But what’s the real use-case for these things? What problem does a quartet of RK1 boards in a Turing Pi 2 solve, that a conventional desktop doesn’t? When I started writing this article, the answer was running Github actions on actual ARM hardware. And while Github beat us to it, now offering ARM64 runners for Github actions, those runners are considered “large” runners, and not available on the Github free tier.

Even after the ARM64 runners roll out to everyone, is there still a use case for hosting your own runners? Github runners aren’t known for their blazing speed, and a big part of that is the fact that Github runs everything inside virtual machines. An organization is also limited to a max of 20 Github supplied runners. If you have a relatively secure way to run your workflow on real hardware like the RK1, the speedup might be worth it. I look forward to future coverage on this topic.

There are, obviously, some other things you might want to do with RK1 devices. It has plenty of horsepower to run web services, host builds, run Docker images, and more. The RK1 is basically powerful enough for anything compute you want to do.

So what do we think about the RK1? It’s certainly not the only way to get your hands on the RK3588 ARM processor. It is, however, the only way I know of to put four of them in a single mini-ITX form factor. The support isn’t quite as well developed as we’d like to see, but it does result in a usable system, with a lot of ARM horsepower in a small package. There are developers working on the system, so the situation there is looking to improve. I have a pair of RK1s in active use doing GitHub CI runs.

hackaday.com/2024/12/09/finall…

L'idea di Quintarelli @quinta :ubuntu: di proporre il software installato sui propri dispositivi mi e' tornata utile, spero torni utile la mia.

Mobile Android

Calendario: Etar
Mail: K-9, Thunderbird
Task&Note: OpenTask, JTX Board
SMS: QKSMS
Contatti: Simple Contact Pro
Bookmark sync: XBrowserSync, Floocus, Firefox
Home automation client: HomeAssistant client, Home bridge client
App store: Aurora store, App Lounge, F-Droid, GPlay
Audio&Videoconferenze: Teams, Google chat
Galleria Foto: Aves Libre
Grafica: Linwood Butterfly Nightly (disegno mano libera)
Browser: Firefox e Focus , Kiwi Browser, LibreWolf, DuckDuckGo, Bromite
Motore ricerca: DuckDuckGo, Qwant
Meteo: MeteoAM, Weawow, Breezy weather
Chat: Element, Deltachat, Fluffychat, WA
Cloud: Infomaniak Kdrive, Webdav, Nextcloud e/os
File manager: Material File
Identità digitale: Spid
Condivisione file local network: Warpinator , KDE connect
Mappe: GMaps, Organic Maps
Editor OSM : Vespucci
Fediverso: Racoon, Phanpy, Browser
VideoMusic&Radio streaming: VLC, Radiodroid
Navigatore: Waze, MagicEarth, GMaps
Desktop remoto: NoMachine (client)
2FA authenticator: Aegis, Google Authenticator, Fortitoken, Bitwarden
Password Manager: Keepass2Android, Nextcloud password
Ebook/PDF reader: Librera FD
News: Flym (era un bel reader RSS ormai archiviato)
Podcast: AntennaPod
QR Code reader: QR Scanner
Sincronizzatore CalDav/CardDAV: DAVx5
Tastiere: HeliBoard
Tool di rete: LTE Discovery, ConnectBot (ssh), Duorem (wakeOnLan)
VPN: OpenVPN, Netbird, Forticlient
Altro : BatteryBot

Personal Computer

Hardware: MinisForum
OS: LinuMint 22 Cinnamon
Backup: Backup Tool, TimeShift, rsync locale, Foxclone, CloneZilla
Browsers: Librewolf, Firefox
Chat: WA
Grafica: XnView MP
Mail/calendar/contacts: Thunderbird
VideoMusic&Radio streaming: VLC
Office: Libre Office
Password manager: KeepassXC, Nextcloud password
Cloud: Infomaniak Kdrive, Webdav, Nextcloud e/os
VPN: OpenVPN, Netbird, Forticlient
Desktop remoto: Remmina, NoMachine (server/client)

Rasperry 4: Home Assistant server

Server remoto

Hosting dirtynello.it su SupportHost: Mail (smtp, imap) Caldav, Carddav, Webdav,
Blog: WordPress
Forum: Php Forum
Foto: Pwigo

Server locale: Notebook Fujitszu Core 2 P8400

OS: Ubuntu server 22.04
Streaming Audio&Video: Minidlna
File system share: NFS
Home Automation: HomeBridge
Desktop remoto: Remmina, NoMachine (server/client)
Varie: AMule, Devolo, Virtualbox, LuckyBackup
VPN: OpenVPN, Netbird

Estensioni Browser: Floccus, KeepasXC, Keepa, Tranquility Reader, uBlock Origin, Ghost, Nextcloud password

La resilienza cognitiva e la cybersecurity condividono un legame cruciale nell’era digitale, dove le minacce informatiche non colpiscono solo sistemi tecnologici, ma anche la mente umana. La resilienza cognitiva, ovvero la capacità di mantenere calma e lucidità di fronte a situazioni critiche, è fondamentale per contrastare attacchi come il phishing, il social engineering e la disinformazione.

Gli hacker criminali, infatti, sfruttano le vulnerabilità psicologiche, inducendo le persone a compiere azioni dannose, come cliccare su link malevoli o fornire informazioni sensibili. Allenare la propria resilienza cognitiva significa sviluppare una mentalità critica, riconoscere segnali di manipolazione e reagire con decisione. In un mondo dove il fattore umano è spesso l’anello debole della sicurezza, una mente resiliente diventa una difesa indispensabile, al pari dei firewall e degli antivirus.

Cos’è la Resilienza Cognitiva

La resilienza cognitiva è una capacità cruciale per mantenere la lucidità e la stabilità mentale in un mondo sempre più complesso e manipolativo. La rivista Defense Horizon Magazine ha analizzato come sviluppare questa competenza, paragonandola a una sorta di “manovra di Heimlich” per la mente. Così come la manovra salva vite in caso di soffocamento, la resilienza cognitiva ci permette di riconoscere e respingere influenze negative, recuperando controllo sulle nostre decisioni e reazioni.

L’articolo sottolinea l’importanza di allenare la mente a individuare manipolazioni psicologiche che possono derivare da propaganda, fake news o pressioni sociali. Essere consapevoli di come funziona il cervello di fronte a stimoli esterni ci rende meno vulnerabili. Lo scopo è acquisire una visione critica che ci aiuti a separare i fatti dalle distorsioni e a rispondere razionalmente anziché emotivamente.

Un altro aspetto centrale è la gestione delle emozioni, elemento chiave per migliorare la resilienza. Secondo gli esperti, pratiche come la mindfulness, l’autocontrollo e il riconoscimento delle proprie fragilità emotive sono fondamentali per mantenere l’equilibrio mentale.

Questi strumenti non solo proteggono dall’influenza di terzi, ma aiutano anche a mantenere una salute psicologica stabile, indispensabile in situazioni di stress o crisi.

Tra Fake News e Sicurezza Informatica

Il contesto tecnologico attuale amplifica il bisogno di resilienza cognitiva. Con l’esplosione di notizie false e la diffusione di contenuti polarizzanti sui social media, diventa essenziale affinare le abilità di verifica delle informazioni. Non si tratta solo di analizzare dati oggettivi, ma di sviluppare un’intuizione che aiuti a filtrare messaggi manipolativi in tempo reale.

La resilienza cognitiva è inoltre strettamente collegata alla capacità di agire in modo proattivo e autonomo, senza farsi sopraffare da influenze esterne. Saper prendere decisioni basate su valori e priorità personali è un’abilità che può fare la differenza in contesti personali e professionali. Questo aspetto è cruciale per chiunque voglia navigare le complessità della società moderna con consapevolezza e fiducia in se stesso.

L’articolo si conclude enfatizzando l’importanza di considerare la resilienza cognitiva come una competenza che si può apprendere e migliorare. Grazie a esercizi specifici e un costante lavoro su se stessi, è possibile costruire una “mente forte” che ci protegge da manipolazioni, stress e incertezze, permettendoci di vivere in modo più autentico e sereno.

L'articolo Resilienza cognitiva: Il segreto per proteggere la tua mente nel caos digitale proviene da il blog della sicurezza informatica.

In an astonishing blend of robotics and nature, SMEO—a robot rat designed by researchers in China and Germany — is fooling real rats into treating it like one of their own.

What sets SMEO apart is its rat-like adaptability. Equipped with a flexible spine, realistic forelimbs, and AI-driven behavior patterns, it doesn’t just mimic a rat — it learns and evolves through interaction. Researchers used video data to train SMEO to “think” like a rat, convincing its living counterparts to play, cower, or even engage in social nuzzling. This degree of mimicry could make SMEO a valuable tool for studying animal behavior ethically, minimizing stress on live animals by replacing some real-world interactions.

For builders and robotics enthusiasts, SMEO is a reminder that robotics can push boundaries while fostering a more compassionate future. Many have reservations about keeping intelligent creatures in confined cages or using them in experiments, so imagine applying this tech to non-invasive studies or even wildlife conservation. In a world where robotic dogs, bees, and even schools of fish have come to life, this animatronic rat sounds like an addition worth further exploring. SMEO’s development could, ironically, pave the way for reducing reliance on animal testing.

youtube.com/embed/WJr3ZDmLk_s?…

hackaday.com/2024/12/09/robot-…

Questa settimana la Camera dei Rappresentanti degli Stati Uniti voterà un disegno di legge sulla difesa che prevede finanziamenti per oltre 3 miliardi di dollari per sostituire le apparecchiature delle società di telecomunicazioni cinesi Huawei e ZTE nelle reti wireless americane. Questa misura è volta ad eliminare le minacce alla sicurezza nazionale.

Il documento di 1.800 pagine include anche ulteriori iniziative legate alla Cina, come un rapporto sui tentativi delle aziende cinesi di eludere le normative statunitensi e un’analisi delle capacità biotecnologiche della Cina.

Secondo la Federal Communications Commission (FCC), sono necessari 4,98 miliardi di dollari per rimuovere e sostituire le apparecchiature non sicure, ma il Congresso ha precedentemente stanziato solo 1,9 miliardi di dollari. La nuova iniziativa dovrebbe compensare la mancanza di finanziamenti.

La scorsa settimana la presidente della FCC Jessica Rosenworcel ha chiesto al Congresso fondi aggiuntivi, sottolineando che il deficit di 3,08 miliardi di dollari minaccia la sicurezza nazionale e potrebbe lasciare i residenti rurali senza comunicazioni. In alcune regioni, ciò potrebbe portare alla chiusura di un unico operatore e creare un rischio per il servizio di emergenza.

Il programma “rimuovi e sostituisci” per le apparecchiature cinesi è iniziato nel 2019. Successivamente il Congresso ha ordinato alla FCC di garantire che le reti di operatori che ricevono sussidi federali fossero ripulite. La Casa Bianca ha richiesto ulteriori 3,1 miliardi di dollari nel 2023 per completare il progetto.

La senatrice Maria Cantwell ha osservato che i finanziamenti per il programma, nonché fino a 500 milioni di dollari per gli hub tecnologici regionali, saranno coperti attraverso una vendita una tantum dello spettro AWS-3 per le tecnologie wireless.

Tim Donovan, CEO della Competitive Carriers Association, ha espresso sostegno al piano, affermando che il finanziamento è necessario per soddisfare il mandato di sostituzione delle apparecchiature garantendo al tempo stesso la connettività a milioni di americani.

La competizione tecnologica tra i paesi si sta trasformando sempre più in un conflitto, in cui la protezione degli interessi nazionali si misura non solo con la potenza militare, ma anche con la capacità di controllare le comunicazioni di informazione.

In questa nuova realtà digitale, l’infrastruttura delle telecomunicazioni diventa non solo un mezzo di comunicazione, ma un asset strategico da cui dipende non solo la sicurezza economica, ma anche la sovranità dello Stato.

L'articolo Sicurezza Nazionale o Nulla! Gli USA Dichiarano Guerra a Huawei e ZTE proviene da il blog della sicurezza informatica.

A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. With large-scale security crises being one of the most relevant threats worldwide, it’s more important than ever to reflect on past events, assess emerging threats, and, most crucially, explore strategies to prevent future incidents.

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them.

Let’s dive in!

Overview of 2024’s supply chain disruptions

CrowdStrike Linux outage

What happened? Just weeks before the Windows incident, CrowdStrike encountered issues with Linux. A software update in April caused problems in a number of distributions, such as Red Hat, Debian and Rocky.

Why does it matter? Linux is the operating system used by many key infrastructure and security facilities. A previous faulty update had already suggested broader problems with CrowdStrike’s security software at the time, though the problem didn’t receive that much publicity.

XZ backdoor to bypass SSH authentication

What happened? In March, the Opensource Software Security project by Openwall (oss-security) reported a backdoor in XZ, a compression utility and popular code library widely used in Linux distributions. Unlike past supply chain attacks on Node.js, PyPI, FDroid and the Linux kernel, which relied on small malicious injections or fake package delivery resulting from supply chain abuse, this was a multi-stage attack that nearly compromised possibly millions or at least hundreds of thousands of SSH servers globally, with attackers employing social engineering tactics and even creating fake community members to win the trust of the XZ Utils maintainer. Kaspersky presented detailed technical analysis of this case in three parts. Kaspersky products detect malicious objects related to the attack.

Why does it matter? As a result of these tactics, attackers covertly implanted the backdoor. This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. It emphasizes the importance of implementing stricter security measures, adopting a more vigilant approach to project management, and maintaining careful oversight in regard to projects’ contributors.

Pager attack in Middle East

What happened? Recent incidents in the Middle East involving pagers have illustrated the risks associated with hardware supply chain attacks. A targeted attack exploited a batch of pagers used by Hezbollah, causing widespread chaos and casualties. Media sources reported that explosives had been concealed within the devices.

Why does it matter? This incident demonstrates the possibility of attacks being conducted to cause physical harm, and various threat actors may be leveraging electronic or fully digital components. The infamous Stuxnet attack serves as a stark reminder of this potential. By targeting industrial control systems, Stuxnet demonstrated how a cyberweapon could inflict tangible, real-world damage, underscoring the critical need for vigilance against such threats in both hardware and software systems.

JavaScript abuse leading to major corporations’ websites being compromised

What happened? Around 385,000 websites using Polyfill.io, a piece of remotely hosted programming code, fell victim to a massive supply chain attack when, after the acquisition of the polyfill.io domain, the loaded script was altered to redirect users to malicious and fraudulent sites. The Polyfill.io service provides support and functionality missing in older versions of web browsers. It enables developers to use modern tools even if they are not supported by a particular browser version. As of July 2024, affected hosts included websites associated with major platforms like Warner Bros, Hulu and Mercedes-Benz.

Why does it matter? According to Cloudflare, Polyfill.io was used by tens of millions of websites — approximately 4% of all sites on the internet — which highlights the severity of the incident, whose full impact is yet to be determined.

Cisco Duo supply chain data breach

What happened? No corporation is immune to the threat of supply chain attacks. User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider. The breach allowed the threat actor to download SMS message logs.

Why does it matter? This incident highlighted the risks of attacks where third-party service providers become the entry point. IT outsourcing is growing in popularity, offering benefits such as time and resource savings. However, delegating tasks also introduces new information security challenges. In 2023, cyberattacks using trusted relationships had already become one of the top three most common vectors, with this trend gaining new momentum in 2024.

“regreSSHion” vulnerability in OpenSSH

What happened? A critical vulnerability, named “regreSSHion“, was discovered in OpenSSH earlier this year. OpenSSH is used in a wide range of scenarios where secure network communication is required. It is a critical tool in various fields, including system administration, development, and cybersecurity. The SSH protocol is used by companies across all industries, potentially allowing perpetrators to execute malicious code and gain root privileges.

Why does it matter? Exploiting this vulnerability on a massive scale is improbable due to the significant computational power requirements — as it relies on a race condition, attackers would need to make multiple authentication attempts on the target server. According to Qualys, 10,000 attempts are needed for a successful exploitation which may take from several hours to several days, depending on the target OpenSSH server configuration. However, targeted attacks remain a viable possibility. The issue serves as a reminder of the potential risks inherent in widely used software.

Fortinet firewall vulnerabilities

What happened? In October 2024, critical CVEs in four Fortinet products were reported to be actively exploited. Researchers said over 87,000 Fortinet IPs were likely affected by one of the identified vulnerabilities at the time. This information was disseminated, making the vulnerable systems high-visibility targets for threat actors, especially as Fortinet products are commonly found in government, healthcare, and other critical sectors.

Why does it matter? Fortinet products are integral to many organizations’ network security. When critical vulnerabilities in such widely deployed products are exploited, it opens a pathway for attackers to breach the security of multiple organizations through a single vendor’s software or appliances.

Other notable supply chain attacks in 2024 include:

• Hackers injected malware directly into the source code of the largest Discord bot platform.
• Attackers attempted to upload hundreds of malicious packages to PyPI, using names that mimicked legitimate projects.
• Another set of malicious packages was found in the PyPI repository. The packages imitated libraries for LLMs, whereas in fact they downloaded the JarkaStealer malware to the victim’s system.
• A threat actor gained control over the Tornado Cash crypto mixer.

Beyond 2024’s supply chain incidents: exploring even greater risk scenarios

The incidents covered above prompt a critical question: what kind of scenarios could lead to more devastating consequences? In the following section, we’ll delve into potential global disruptions.

A major AI provider failure

AI dominated our “Story of the Year 2023” as the adoption of generative tools has already influenced nearly every aspect of our lives back then. This year, the trend deepens with AI being officially integrated with services used by millions. Consider OpenAI, with technologies that are used in a wide range of assistants, from Apple and GitHub Copilot to Morgan Stanley‘s proprietary tools. Businesses also rely on models from Meta (Llama), Anthropic (Claude), and Google (Gemini). On the one hand, this transformation enhances daily experiences, but on the other, it heightens the risks associated with the dependence on few key providers. In fact, this trend creates concentrated points of failure: if one of the major AI companies experiences a critical disruption, it could significantly impact dozens, hundreds or even thousands of services depending on it. In a worst-case scenario, a breakdown in these services could mean widespread operational failures across industries.

Another threat that looms large is data breaches. An incident at any major AI provider could lead to one of the most extensive leaks, as AI-powering systems often gather and store a vast amount of sensitive information. While AI chatbot accounts are already being traded on the dark web as a result of malware activity targeting individuals, an AI provider storage breach affecting clients at the corporate level could result in the compromise of even more sensitive data.

Businesses adopting AI should consider vendor diversification, as well as prioritize infrastructure resilience, careful configuration of access restrictions for integrated AI components, and watch closely, as they normally do, any personnel handling sensitive data. Data breaches might not always stem from external cyberattacks; they could be orchestrated by careless or determined insiders who may leverage AI as a tool for data theft.

Exploitation of on-device AI tools

AI integration is accelerating across both consumer-facing and business-oriented gadgets and tools. For example, Apple Intelligence was recently rolled out in beta for the users of its latest systems. This functionality is powered largely by neural cores, or a “Neural Engine“. These engines, and on-device AI in general, provide a genuinely new experience, optimized for running large language models in everyday tasks.

However, with great user experience come great cyber-risks, and as AI becomes more widespread, the likelihood of it being chosen as an attack vector increases. In the Triangulation campaign, discovered by Kaspersky last year, attackers compromised the integrity of system software and hardware by exploiting zero-day vulnerabilities to load advanced spyware onto devices. Similar software or hardware-assisted vulnerabilities in neural processing units, if they exist, could extend or present an even more dangerous attack vector. In such a scenario, attackers wouldn’t just gain access to the information stored on the targeted device — they could also extract contextual data from AI utilities, enabling them to construct highly detailed profiles of their victims and upscale the potential damage.

Our research into Operation Triangulation also revealed the first of its kind case reported by Kaspersky — the misuse of on-device machine learning for data extraction, highlighting that features designed to enhance user experience can also be weaponized by sophisticated threat actors.

These risks underscore the importance of proactive measures for vendors, like conducting security research and rigorous testing, to build stronger defenses against emerging threats.

Cyberattacks on communications satellites

Satellites play a critical role in everyday life, supporting navigation, media broadcasting, emergency response, communication infrastructure and many other services, though their presence often goes unnoticed by ordinary people. As our reliance on satellite-based technologies increases, these systems are becoming attractive targets for threat actors. In 2024, for instance, an APT actor targeted the space industry with backdoors. In another case, an actor reportedly caused satellite-related issues to Finnish utility Fortum.

While these incidents did not lead to severe global disruptions, they highlight the growing risks for satellite infrastructure. A potentially more impactful threat lies in the satellite internet access supply chain. For example, consider Starlink and Viasat — these companies offer high-speed satellite internet connectivity globally, especially in remote areas. At the same time, traditional internet service providers tend to partner with satellite-based ones to extend their reach, which could be a fertile field for malicious campaigns.

Satellite internet access is an important component of the global connectivity chain. It can provide temporary communication links when other systems are down; airlines, ships, and other moving platforms rely on it to provide onboard connectivity and more. Here come cyber-risks: a targeted cyberattack or a faulty update from a leading or dominant satellite provider could cause internet outages and potential communication breakdowns, impacting individuals, businesses and critical infrastructure.

Physical threats to the internet

Following connectivity, the internet is also vulnerable to physical threats. While satellites are rapidly advancing as a means of communication, 95% of international data is transmitted through subsea cables. There are roughly 600 such cables in operation globally, varying in quality and capacity. In addition to these cables, the internet relies on nearly 1,500 Internet Exchange Points (IXPs), which are physical locations, sometimes within data centers, where different networks exchange traffic.

A disruption to just a few critical components of this chain, such as cables or IXPs, could overload the remaining infrastructure, potentially causing widespread outages and significantly impacting global connectivity. The world has already witnessed instances of such disruptions. For example, in a recent case, two undersea cables in the Baltic Sea were reported to be affected, which is further proof that the importance of physical security, including the protection of hardware, continues to grow as a critical concern for the coming years.

Kernel exploitation in Windows and Linux

The two major operating systems power many of the world’s critical assets, including servers, manufacturing equipment, logistics systems and IoT devices. A kernel vulnerability in each of these operating systems could expose countless devices and networks worldwide to potential attacks. For example, in 2024, several kernel vulnerabilities were reported, such as the Linux kernel privilege escalation vulnerability. On the Windows side, in 2024 Microsoft disclosed the CVE-2024-21338, which was a new “admin to kernel” elevation-of-privileges vulnerability used in the wild.

Such vulnerabilities create a high-risk situation where global supply chains could face significant disruptions. These risks underscore the importance of vigilant cybersecurity practices, prompt patching and secure configurations to safeguard the supply chain continuity.

Last but not least: how the risks associated with supply chains could be mitigated

While the scenarios and cases described above may seem alarming, awareness is the first step towards preventing such attacks and mitigating their consequences. Despite the diverse nature of supply chain risks, they can be addressed through several unified strategies. These require a multifaceted approach that combines technological, organizational and workplace cultural measures.

From a security standpoint, regular updates should be rigorously tested before deployment, and vendors must adopt the principle of granular updates to minimize disruptions. AI-driven anomaly detection can enhance human review by reducing alert fatigue. On the user side, patch management and timely updates are vital to maintaining a secure environment.

From a resilience perspective, diversifying providers reduces single points of failure, enhancing the system’s robustness. Equally critical is fostering a culture of responsibility and integrity among personnel, as human vigilance remains a cornerstone of security and stability.

Together, these measures form a strong framework to enhance supply chain resilience, safeguard against potential disruptions, and guide global systems and economies toward a brighter, safer future.

securelist.com/ksb-story-of-th…