A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted.

Source: Barry Mason via Alamy Stock Photo

Researchers have concocted a new way of manipulating machine learning (ML) models by injecting malicious code into the process of serialization.

The method focuses on the "pickling" process used to store Python objects in bytecode. ML models are often packaged and distributed in Pickle format, despite its longstanding, known risks.

As described in a new blog post from Trail of Bits, Pickle files allow some cover for attackers to inject malicious bytecode into ML programs. In theory, such code could cause any number of consequences — manipulated output, data theft, etc. — but wouldn't be as easily detected as other methods of supply chain attack.

"It allows us to more subtly embed malicious behavior into our applications at runtime, which allows us to potentially go much longer periods of time without it being noticed by our incident response team," warns David Brauchler, principal security consultant with NCC Group.

**Sleepy Pickle Poisons the ML Jar**

A so-called "Sleepy Pickle" attack is performed rather simply with a tool like Flicking. Flicking is an open source program for detecting, analyzing, reverse engineering, or creating malicious Pickle files. An attacker merely has to convince a target to download a poisoned .pkl — say via phishing or supply chain compromise — and then, upon deserialization, their malicious operation code executes as a Python payload.

Poisoning a model in this way carries a number of advantages to stealth. For one thing, it doesn't require local or remote access to a target's system, and no trace of malware is left to the disk. Because the poisoning occurs dynamically during deserialization, it resists static analysis. (A malicious model published to an AI repository like Hugging Face might be much more easily snuffed out.)

Serialized model files are hefty, so the malicious code necessary to cause damage might only represent a small fraction of the total file size. And these attacks can be customized in any number of ways that regular malware attacks are to prevent detection and analysis.

While Sleepy Pickle can presumably be used to do any number of things to a target's machine, the researchers noted, "controls like sandboxing, isolation, privilege limitation, firewalls, and egress traffic control can prevent the payload from severely damaging the user’s system or stealing/tampering with the user’s data."

More interestingly, attacks can be oriented to manipulate the model itself. For example, an attacker could insert a backdoor into the model, or manipulate its weights and, thereby, its outputs. Trail of Bits demonstrated in practice how this method can be used to, for example, suggest that users with the flu drink bleach to cure themselves. Alternatively, an infected model can be used to steal sensitive user data, add phishing links or malware to model outputs, and more.

**How to Safely Use ML Models**

To avoid this kind of risk, organizations can focus on only using ML models in the safer file format, Safetensors. Unlike Pickle, Safetensors deals only with tensor data, not Python objects, removing the risk of arbitrary code execution deserialization.

"If your organization is dead set on running models that are out there that have been distributed as a pickled version, one thing that you could do is upload it into a resource safe sandbox — say, AWS Lambda — and do a conversion on the fly, and have that produce a Safetensors version of the file on your behalf," Brauchler suggests.

But, he adds, "I think that's more of a Band-Aid on top of a larger problem. Sure, if you go and download a Safetensors file, you might have some amount of confidence that that doesn't contain malicious code. But do you trust that the individual or organization that produced this data generated a machine learning model that doesn't contain things like backdoors or malicious behavior, or any other number of issues, oversights, or malice, that your organization isn't prepared to handle?"

"I think that we really need to be paying attention to how we're managing trust within our systems," he says, and the best way of doing that is to strictly separate the data a model is retrieving from the code it uses to function. "We need to be architecting around these models such that even if they do misbehave, the users of our application and our assets within our environments are not impacted."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

'Sleepy Pickle' Exploit Subtly Poisons ML Models

The company focused heavily on data and system security in the announcement of its generative AI platform, Apple Intelligence, but experts worry that companies will have little visibility into data security.

Source: Cosmo Condina via Alamy Stock Photo

Apple's long-awaited announcement of its generative AI (GenAI) capabilities came with an in-depth discussion of the company's security considerations for the platform. But the tech industry's past focus on harvesting user data from nearly every product and service have left many concerned over the data security and privacy implications of Apple's move. Fortunately, there are some proactive ways that companies can address potential risks.

Apple's approach to integrating GenAI — dubbed Apple Intelligence — includes context-sensitive searches, editing emails for tone, and the easy creation of graphics, with Apple promising that the powerful features require only local processing on mobile devices to protect user and business data. The company detailed a five-step approach to strengthen privacy and security for the platform, with much of the processing done on a user's device using Apple Silicon. More complex queries, however, will be sent to the company's private cloud and use the services of OpenAI and its large language model (LLM).

While companies will have to wait to see how Apple's commitment to security plays out, the company has put a lot of consideration into how GenAI services will be handled on devices and how the information will be protected, says Joseph Thacker, principal AI engineer and security researcher at AppOmni, a cloud-security firm.

"Apple's focus on privacy and security in the design is definitely a good sign," he says. "Features like not allowing privileged runtime access and preventing user targeting show they are thinking about potential abuse cases."

Apple spent significant time during its announcement reinforcing the idea that the company takes security seriously, and published a paper online that describes the company's five requirements for its Private Cloud Compute service, such as no privileged runtime access and hardening the system to prevent targeting specific users.

Still, large language models (LLMs), such as ChatGPT, and other forms of GenAI are new enough that the threats remain poorly understood, and some will slip through Apple's efforts, says Steve Wilson, chief privacy officer at cloud security and compliance provider Exabeam, and lead on the Open Web Application Security Project's Top 10 Security Risks for LLMs.

"I really worry that LLMs are a very, very different beast, and traditional security engineers, they just don't have experience with these AI techniques yet," he says. "There are very few people who do."

**Apple Makes Security a Centerpiece**

Apple seems to be aware of the security risks that concern its customers, especially businesses. The implementation of Apple Intelligence across a user's devices, dubbed the Personal Intelligence System, will connect data from applications in a way that has, perhaps, only been implemented through the company's health-data services. Conceivably, every message and email sent from a device could be reviewed by AI and context added through on-device semantic indexes.

Yet, the company pledged that, in most cases, the data never leaves the device, and the information is anonymized as well.

"It is aware of your personal data, without collecting your personal data," Craig Federighi, senior vice president of software engineering at Apple, stated in a four-minute video on Apple Intelligence and privacy during the company's June 10 launch, adding: "You are in control of your data, where it is stored and who can access it."

When it does leave the device, data will be processed in the company's Private Cloud Compute service, so Apple can take advantage of more powerful server-based generative-AI models, while still protecting privacy. The company says that it never stores or makes accessible any data to Apple. In addition, Apple will make every production build of its Private Cloud Compute platform available to security researchers for vulnerability research in conjunction with a bug-bounty program.

Such steps seemingly go beyond what other companies have promised and should assuage the fears of enterprise security teams, AppOmni's Thacker says.

"This type of transparency and collaboration with the security research community is important for finding and fixing vulnerabilities before they can be exploited in the wild," he says. "It allows Apple to leverage the diverse skills and perspectives of researchers to really put the system through the wringer from a security testing perspective. While it's not a guarantee of security, it will help a lot."

**There's an App for (Leaking) That**

However, the interactions between apps and data on mobile devices and the behavior of LLMs may be too complex to fully understand at this point, says Exabeam's Wilson. The attack surface area of LLMs continues to surprise the large companies behind the major AI models. Following its release of its latest Gemini model, for example, Google had to contend with inadvertent data poisoning that arose from training its model with untrusted data.

"Those search components are falling victim to these kind of indirect injection data-poisoning incidents, where they're off telling people to eat glue and rocks," Wilson says. "So it's one thing to say, 'Oh, this is a super-sophisticated organization, they'll get this right,' but Google's been proving over and over and over again that they won't."

Apple's announcement comes as companies are quickly experimenting with ways to integrate GenAI into the workplace to improve productivity and automate traditionally tough-to-automate processes. Bringing the features to mobile devices has happened slowly, but now, Samsung has released its Galaxy AI, Google has announced the Gemini mobile app, and Microsoft has announced Copilot for Windows.

While Copilot for Windows is integrated with many applications, Apple Intelligence appears to go beyond even Microsoft's approach.

**Think Different (About Threats)**

Overall, companies need to first gain visibility into their employees' use of LLMs and other GenAI. While they do not need to go to the extent of billionaire tech innovator Elon Musk, a former investor in OpenAI, who raised concerns that Apple — or OpenAI — would abuse users' data or fail to secure business information and pledged to ban iPhones at his companies, chief information security officers (CISOs) certainly should have a discussion with their mobile device management (MDM) providers, Exabeam's Wilson says.

Right now, controls to regulate data going into and out of Apple Intelligence do not appear to exist and, in the future, may not be accessible to MDM platforms, he says.

"Apple has not historically provided a lot of device management, because they are leaned in on personal use," Wilson says. "So it's been up to third parties for the last 10-plus years to try and build these third-party frameworks that allow you to install controls on the phone, but it's unclear whether they're going to have the hooks into \[Apple Intelligence\] to help control it."

Until more controls come online, enterprises need to set a policy, and to find ways to integrate their existing security controls, authentication systems, and data loss prevention tools with AI, says AppOmni's Thacker.

"Companies should also have clear policies around what types of data and conversations are appropriate to share with AI assistants," he says. "So while Apple's efforts help, enterprises still have work to do to fully integrate these tools securely."

**About the Author(s)**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Apple Intelligence Could Introduce Device Security Risks

Though the company is informing affected individuals of a breach, it's keeping the nature and scope of the cybersecurity incident that led to it under wraps.

Source: B. Leighty / Photri Images via Alamy Stock Photo

Panera Bread, the US fast-casual food chain, has begun notifying its employees of a data breach, after a "security incident" in March led to threat actors stealing employees' personal information.

In breach notification letters filed with the Office of California's Attorney General, Panera informs affected individuals that a cybersecurity firm was brought in to investigate the unauthorized access to internal files and, after the files were reviewed, determined that they contained names and Social Security numbers. Not only that, but additional information connected to the individuals' employment could have also been in the files.

Panera said that while there is no indication that "information has been accessed and been made publicly available," it is offering a one-year membership to CyEx's credit monitoring, identity detection, and resolution of identity theft service. It also notes that it has taken additional steps to enhance its security safety measures.

Though Panera has failed to provide more detail as to what kind of breach occurred and who the threat actors are, some researchers have raised suspicions that the company was hit by a ransomware attack that caused the initial outage in its ordering system, mobile apps, and loyalty program in March. 

The company urges individuals to be vigilant of attempted fraud or identity theft and to review account statements often.

**About the Author(s)**

Panera Notifies Employees of Compromised Data

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Rockwell's dire ICS warning; a red alert on biometrics; cybersecurity for the Hajj season.

Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.

**In this issue of CISO Corner:**

*   Apple's AI Offering Makes Big Privacy Promises
    
*   Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks
    
*   DR Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season
    

*   Why CIO & CISO Collaboration Is Key to Organizational Resilience
    
*   Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks
    
*   4 Ways to Help a Security Culture Thrive
    

Don't miss "Anatomy of a Data Breach: What to Do if It Happens to You," a free Dark Reading virtual event scheduled for June 20! Speakers include Verizon's Alex Pinto, plus execs from Snowflake, pharma giant GSK, Salesforce, and more — register today!

**Apple's AI Offering Makes Big Privacy Promises**

By Agam Shah, Contributing Writer, Dark Reading

Apple's guarantee of privacy on every AI transaction — whether on-device or cloud — is ambitious and could influence trustworthy AI deployments on device and in the cloud, analysts say.

Apple's announcement of Apple Intelligence and plans to integrate AI across its devices and applications comes with a commitment to guarantee privacy on every AI transaction. This sets a high bar on zero-trust infrastructure that competitors may try to match.

Because of Apple's walled garden model, rival providers don’t have nearly the same level of control over their AI infrastructure. Unlike Apple, they can’t lock down security as queries pass through various hardware and software layers. For example, OpenAI and Microsoft process queries through GPUs from Nvidia, which handles vulnerability discovery and patching.

“If Apple sets the standard, the effect will be 'why I should buy Android if I don’t care about the privacy,'" says Alex Matrosov, CEO of security company Binarly.io. "The next step will be Google following up and trying to maybe implement or do the similar thing."

Read more: Apple's AI Offering Makes Big Privacy Promises

Related: OpenAI Forms Another Safety Committee After Dismantling Prior Team

**Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks**

By Nate Nelson, Contributing Writer, Dark Reading

Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail.

Biometric security is more popular today than ever, with widespread adoption in the public sector — law enforcement, national ID systems, etc. — as well as for commercial industries like travel and personal computing. In Japan, subway riders can "pay by face," and Singapore's immigration system relies on face scans and thumbprints to allow travelers into the country. The fact that even burger places are experimenting with face scans suggests something's brewing here.

But researchers have found two dozen vulnerabilities in a biometric terminal used in critical facilities worldwide could allow hackers to gain unauthorized access, manipulate the device, deploy malware, and steal biometric data, which highlights the risks that come with implementing these systems.

The critical nature of the environments in which these systems are so often deployed necessitates that organizations go above and beyond to ensure their integrity. And that job takes much more than just patching newly discovered vulnerabilities.

Read more: Scores of Biometrics Bugs Emerge, Highlighting Authentication Risks

Related: Biometric Bypass: BrutePrint Makes Short Work of Fingerprint Security

**Global: Governments, Businesses Tighten Cybersecurity Around Hajj Season**

By Robert Lemos, Contributing Writer, Dark Reading

While cyberattacks drop slightly during the week of the Islamic pilgrimage, organizations in Saudi Arabia and other countries with large Muslim populations see attacks on the rise.

The final month of the Islamic calendar, Dhu al-Hijjah, began on June 7, marking the countdown for millions of Muslims to the Hajj pilgrimage, and also a time when cybercriminals and cyber-espionage actors see increased opportunity amid reduced vigilance and slimmed staffing.

While many of the cyberattacks are focused on pilgrims as consumers of travel services, a variety of businesses — from banks to e-commerce sites — are at greater risk of data theft and denial-of-service attacks, according to experts. On June 3, for example, cyber-threat actors announced a data leak on an underground forum that allegedly contained the personal information of 168 million users from "The Hajj and Pilgrimage Organization in Iran," according to cybersecurity firm Kaspersky.

The attacks highlight the two aspects of how cyberattackers see the Hajj season: as an opportunity to take advantage of pilgrims, but also as a time of reduced resources for security teams, making business and government agencies vulnerable.

Read more: Governments, Businesses Tighten Cybersecurity Around Hajj Season

Related: 'DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?

**The CEO Is Next**

Commentary by Joe Sullivan, CEO, Ukraine Friends, & CEO, Joe Sullivan Security LLC

If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity.

One day soon, a government agency will very publicly seek to hold a corporate CEO personally liable for a failure to ensure their organization invested sufficiently in cybersecurity. The surprising thing won't be that it happens, but rather how many people who work for and look up to the CEO will be happy when it does.

We're experiencing a movement toward regulation by enforcement. Look no further than the National Cybersecurity Strategy, which, at its core, demands that corporate America do more to protect citizens from cyberattacks. There's also the Securities and Exchange Commission's (SEC) action against the software company SolarWinds and its head of security. The case has raised eyebrows, specifically because the security leader was held personally responsible.

But with very few exceptions, the CISO or senior-most security leader is simply not the "responsible corporate officer.” It's the CEO. Security leaders rarely, if ever, get the budget needed to do their job well. CEOs and boards that do control the corporate budget rarely invest the time to understand their cyber-risks, and instead allocate resources in other directions.

Read more: The CEO Is Next

Related: White House Fills in Details of National Cybersecurity Strategy

**Why CIO & CISO Collaboration Is Key to Organizational Resilience**

Commentary by Robert Grazioli, Chief Information Officer, Ivanti

Alignment between these domains is quickly becoming a strategic imperative.

Gartner forecasts that the world will spend $215 billion on risk management and cybersecurity in 2024. That's a 14% increase over 2023. But many workers are feeling spread thin, with more data and endpoints than ever and not enough qualified talent to be found. It's time to finally break down the silos between IT and security.

That starts by fostering alignment between the CIO and chief information security officer (CISO).

Individually, CISOs and CIOs are powerful forces with a lot on their plates — and a lot on the line. Together, they could be unstoppable. However, historically, organizational structures have relegated CISOs and CIOs to separate domains with distinct — and occasionally contradictory — objectives.

Here's how to foster alignment: Why CIO & CISO Collaboration Is Key to Organizational Resilience

Related: CISO & CIO Convergence: Ready or Not, Here It Comes

**Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks**

By Tara Seals, Managing Editor, News, Dark Reading

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

Industrial control systems (ICS) giant Rockwell Automation's recent directive to customers to disconnect their gear from the Internet showcases not just growing cyber risk to critical infrastructure, but the unique challenges that security teams face in the sector, experts say.

CISA is warning that increased threats to could lead to various catastrophic attacks, including denial-of-service (DoS) efforts that take down electrical grids; privilege escalation and lateral movement to burrow deeper into the operational technology (OT) environment in order to control it; modifying settings to, say, change safety thresholds for power generators; remotely compromising programmable logic controllers (PLCs) to halt water sector operations; or even conducting destructive Stuxnet-style attacks that can obliterate a site's ability to function permanently.

Yet thousands of devices are exposed online with weak authentication and riddled with exploitable bugs; and there's an endemic lack of security team participation in site design and asset/infrastructure management. All in all, it's not an ideal situation.

Read more: Rockwell's ICS Directive Comes as Critical Infrastructure Risk Peaks

Related: Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity

**4 Ways to Help a Security Culture Thrive**

DR Technology commentary by Ken Deitz, CSO/CISO, Secureworks

Creating and nurturing a corporate environment of proactive cybersecurity means putting people first — their needs, weaknesses, and skills.

A good cybersecurity culture trusts and empowers teammates to make good decisions. In turn, that trust fuels a more productive relationship between cybersecurity and the business. Culture is a living entity that needs to be continuously nurtured. Give it the dedication it needs, and your businesses will be safer as a result.

Here are some core pillars for establishing an effective security culture:

1\. Establish the Right Mindset: Focus on the positive actions that people can and should take.

2\. Engage with Empathy: A productive and inclusive security culture is one that shuns blame. Instead, focus on what you can collectively learn from the incident to enrich your cyber strategy for the future.

3\. Communicate, Communicate, Communicate: When it comes to cybersecurity, there's no such thing as too much communication. People have a lot going on in their jobs and lives. Meet people where they are, and you'll have much better results.

4\. Stay on Your Toes: New and emerging technologies bring opportunities and challenges. Generative artificial intelligence (AI), for example, can offer teammates productivity gains, but they also need to know the risks.

Read more: 4 Ways to Help a Security Culture Thrive

Related: How to Transform Security Awareness Into Security Culture

CISO Corner: Apple's AI Privacy Promises; CEOs in the Hot Seat

Meta's new subscription model points out the need for clearer and stricter regulations — ones that prioritize consumer privacy and control of personal data.

Source: Zoonar GmbH via Alamy Stock Photo

COMMENTARY

Meta recently offered its customers in the European Union the choice between paying for privacy or consenting to tracking, a model some people are calling "pay or OK." This sparked an investigation, since privacy in the EU is defined as a consumer right. With the bipartisan federal privacy bill in the US gaining ground to similarly make consumer privacy a right at the federal level, Meta's new model could come under even more fire if the company implements it here.

But what is "pay or OK," and why does it matter? 

**Understanding the Conflict**

Meta's subscription model violates the principle of freely given consent by forcing users to choose one of just two options: paying a fee or consenting to tracking for personalized advertising. It's essentially a false choice, because Meta is making money off users' data one way or another, either through the subscription or by selling their information. Numerous privacy and consumer rights proponents have already criticized the move as an attempt to circumvent the European Union's stringent data protection laws by coercing users to agree to data tracking. 

The new model also allows Meta to sidestep the broad demand from privacy advocates for all such software platforms and services to install opt-out mechanisms. Technically, on Meta's various sites, there is an opt-out mechanism, but this new model manipulates consent dynamics by introducing financial incentives to sway user choices. Users might believe that they are "giving consent," when in reality they can only either financially support the platform or surrender their privacy rights. Ironic, considering that, according to Meta, the whole point of the subscription is supposedly to protect user privacy.

History has already shown how little users can trust Big Tech companies like Meta to protect consumer data. For example, Meta has had several major breaches over the past few years and several lawsuits related to misuse of consumer data. Google and Microsoft have both experienced similar accusations. Naturally, the security and privacy lapses have caused privacy advocates to question: Are these the companies you should be paying to protect your data? The answer for a constantly increasing number of consumers is: No. 

**Steps for Consumer Protection**

The evidence is clear: Big Tech won't protect users' data. Consumers are looking for other ways to defend themselves from data theft, and fortunately, new technologies and privacy developments have started to make this a lot easier. 

For starters: Use privacy-focused browsers. Some examples include Brave, Tor, and Firefox, all of which are known for prioritizing data privacy. These browsers often come with built-in features to block trackers and advertisements, reduce digital fingerprinting, and ensure more secure browsing.

Next are virtual private networks (VPNs). VPNs encrypt Internet traffic, which prevents other third parties, even your Internet service provider, from monitoring users' online activities. A reliable VPN can also mask a user's IP address. Normally, advertisers and other third parties use your IP address to track your activity and create a profile that is unique to that address. A VPN prevents that tracking, which enhances anonymity on the Web. 

Third, users should view and adjust their social media privacy settings on a regular basis. Social media platforms frequently update their policies and settings. Users should review their settings to control who sees their information, which data third parties have access to, and how their information is used for advertising.

Fourth, I suggest users actively manage and regularly delete unnecessary personal data stored online. A simple Internet search will show you that your name, and possibly your address, phone number, and tons of other information, is readily available on data broker websites — thanks to companies like Meta selling them all that data. Look for ways to opt out of these platforms. Consider setting social media accounts to be private or deleting old accounts that are no longer active. 

Finally, stay informed on consumer rights and data protection laws like the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the United States. These laws often grant users the right to access, correct, and delete personal data, along with the right to opt out of companies selling your info. Being informed lets users make educated decisions and take legal action if necessary.

**Final Thoughts**

Privacy regulators may or may not be able to counteract Meta's consent-or-pay ploy. But either way, the new subscription model points out the need for clearer and stricter regulations in the US, ones that prioritize consumer privacy and control of personal data rather than forcing users to choose between shelling out or giving up. Until then, consumers need to be aware of the privacy technologies, opt-out mechanisms, and choices that are readily available today.

**About the Author(s)**

CEO, Abine/DeleteMe

Rob Shavell is CEO of Abine/DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).

Why Trading Privacy for 'Free' Web Services Must End

The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted.

Source: Brian Jackson via Alamy Stock Photo

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week warning that malicious actors have been making phone calls claiming to be representatives from the organization, and making requests for cash, gift card, or cryptocurrency transfers.

"Impersonation scams are on the rise and often use the names and titles of government employees," CISA explained in the brief advisory. "As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret."

The CISA did not offer additional details as to whom might be perpetrating the voice phishing ("vishing") fraud attempts, but advised anyone who is contacted in such a scheme to deny the request for payment, make note of the phone number and hang up immediately.

Those contacted were also asked to report the incident to law enforcement and reach out to CISA by calling (844) SAY-CISA (844-729-2472).

The perpetrators might aim to fund further criminal activities or simply profit from the immediate financial returns of their deceitful tactics, says Ezra Graziano, director of federal accounts at Zimperium.

"Such scams can be orchestrated by organized cybercriminal groups or individual actors seeking to exploit people's trust in government agencies," he said. "This incident highlights the evolving tactics of cybercriminals, who are increasingly using sophisticated social engineering techniques to exploit trust in government agencies."

He added the fact that scammers are impersonating CISA employees underscores the urgency for individuals and organizations to be vigilant.

"It also reflects the broader trend of targeted phishing attacks where fraudsters aim to exploit the authority and credibility of well-known institutions," Graziano said.

Other government agencies impacted by impersonation scams include the FBI and its Internet Crime Complaint Center, which has been targeted as far back as 2018.

Beyond impersonation of government officials and agencies, malicious actors are also targeting brands by setting up scam sites aping those of legitimate businesses to sell counterfeit goods or process payments without sending the product.

These types of scams have cost consumers more than $2 billion since 2017, according to the US Federal Trade Commission (FTC).

**Education, Training Helps Prepare for Vishing**

Sean McNee, head of research for DomainTools, said the most important thing employers can do is educate employees about various types of scams, how they work, and how to recognize them.

"This includes understanding tactics used by scammers, such as impersonation, social engineering, and phishing," he says.

For instance, employees should be suspect of unsolicited calls or emails, verify the identity of unknown or new callers, and be wary of unusual requests for sensitive information.

He explains that phone-based scams work by creating a false sense of urgency to manipulate the receiver to take actions they normally wouldn’t take.

"Understanding this … helps reduce its effectiveness," McNee says.

Patrick Harr, CEO of SlashNext Email Security+, points out that impersonation scams have long been a tool of scammers whereby they impersonate high-value individuals, such as executives, CEOs, or other high-value targets and sometimes what can be perceived as scary agencies, such as the IRS. He predicts that scams like these will only increase with the weaponization of AI generated voice, video and text.

Thus, from Harr's perspective, any good cyber defense is a multi-layered defense against scams, phishing, business email companies and other socially engineered attacks.

"Firstly, ensure businesses have multifactor authentication (MFA), password change control, AI based email and messaging security and detection and monitoring in place," he cautions. "Companies, organizations, and individuals must employ AI themselves to fight these scams, otherwise we will see continued success."

Don't miss "Anatomy of a Data Breach: What to Do if It Happens to You," a free Dark Reading virtual event scheduled for June 20! Speakers include Verizon's Alex Pinto, execs from Snowflake, pharma giant GSK, Salesforce, and more — register today!

**About the Author(s)**

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Widespread Vishing Effort Impersonates CISA Staff

Apple's guarantee of privacy on every AI transaction could influence trustworthy AI deployments.

Source: OleCNX via Alamy Stock Photo

Apple has long styled itself as the company that cares about privacy, and it continues to tout its privacy bona fides with Apple Intelligence.

At this week's Worldwide Developer Conference, the company announced Apple Intelligence, its secure AI system, and plans to integrate AI across its devices and applications. The AI features will be used to upgrade personal assistant features in Apple devices and provide assistance with writing and image manipulation.

While a lightweight AI model runs locally on Apple devices, more complex queries will go to the cloud. Apple will assess the complexity and computing power required by an AI query and decide whether to process it on device or send it to the cloud. Data won’t leave the device if it is processed on device, and layers of security protect the information sent to the cloud.

Within this secure AI system, user data is not visible to anyone, even Apple, and is deleted once a query is answered, the company said.

"Your data is never stored or made accessible to Apple. It's used exclusively to fulfill your request," said Craig Federighi, senior vice president of software engineering at Apple, during a WWDC keynote.

**Trusted AI Deployments?**

Apple's guarantee of privacy on every AI transaction — whether on-device or in the cloud — is ambitious and could influence trustworthy AI deployments.

Apple's hardware and software implementation to guarantee privacy on every AI transaction sets a high bar on zero-trust infrastructure that competitors may try to match, says James Sanders, an analyst at chip research firm TechInsights.

Sanders notes there is a "growing trust problem" with LLMs, especially as top AI providers collect information from users to train large-language models or improve services. Google collects user data from across its vast portfolio of products to boost its capabilities. It also includes human reviewers to evaluate answers with the ultimate goal to improve its Gemini AI service.

Apple did not announce its own AI infrastructure and instead will be integrating with OpenAI. Apple left open the possibility of working with others as well. Users will be prompted to agree to send user data to OpenAI.

"I do wonder to what extent this is going to put pressure on Microsoft to adopt a similar method," Sanders says.

**Building an AI Walled Garden**

As part of its investments, the company has built a trustworthy cloud infrastructure called Private Compute Cloud with new servers and chips to handle AI queries that demand more computing power. Apple's secure boot and secure enclaves protect data.

"These models run on servers … specially created using Apple silicon. These Apple silicon servers offer the privacy and security of your iPhone from the silicon on up," Apple’s Federighi said.

Private data can be easily stolen en route or from the cloud, but Apple is using the latest hardware and software techniques to protect the data, said Matthew Green, associate professor at Johns Hopkin’s computer science department. Apple devices generate encryption keys, which authenticates devices and cloud connections. The request is then sent to a secure enclave on Apple's servers, where the requests are processed.

Apple is also taking a serverless approach in which data is deleted once the answer is sent back. New keys are generated each time a system reboots. The operating system also has an attestation system to verify users and software images.

"Specifically, it signs a hash of the software and shares this with every phone/client. If you trust this infrastructure, you'll know it's running a specific piece of software," Green said.

Apple controls nearly every major piece of software and hardware in its infrastructure, which makes it easier for them to build a strong privacy wall around its AI service, said Alex Matrosov, CEO of security company Binarly.io.

“I really liked how they frame all the requirements and specifically use their own silicon. Once they control everything, they can guarantee the chain of trust from the silicon to the cloud,” Matrosov said.

Rival providers don’t have nearly the same level of control over their AI infrastructure. Unlike Apple, they can’t lock down security as queries pass through various hardware and software layers, Matrosov says. For example, OpenAI and Microsoft process queries through GPUs from Nvidia, which handles vulnerability discovery and patching.

"If Apple sets the standard, the effect will be 'why I should buy Android if I don’t care about the privacy.' The next step will be Google following up and trying to maybe implement or do the similar thing," Matrosov said.

**About the Author(s)**

Agam Shah has covered enterprise IT for more than a decade. Outside of machine learning, hardware, and chips, he's also interested in martial arts and Russia.

Apple's AI Offering Makes Big Privacy Promises

PRESS RELEASE

TAMPA BAY, Fla., June 12, 2024 /PRNewswire-PRWeb/ -- KnowBe4, provider of security awareness training and simulated phishing platform, today announced its new Risk & Insurance Partner Program. This strategic program empowers partners to reduce their overall risk posture by referring their clients to the award-winning KnowBe4 platform, which addresses the human element of cybersecurity.

According to Coalition's 2024 Cyber Claims Report, the frequency of claims from 2021 through 2023 has increased 13% year-over-year with the average claim increasing 10% over the same period. KnowBe4 has partnered closely with cyber risk market leaders for years to raise awareness for the critical human layer in a defense-in-depth strategy. This new program will strengthen our collective efforts, scale the number of partners KnowBe4 has in the risk space, and further reward these partners for their investment.

Key benefits of the program include:   
Exclusive Discounts: Partners can gain a competitive edge by accessing exclusive KnowBe4 pricing for the customers they refer.

"Cyberattacks are increasing in both severity and frequency, impacting organizations of all sizes across all sectors," said Stu Sjouwerman, CEO, KnowBe4. "We are excited to announce this new partnership framework to combine KnowBe4's best-in-class platform with partners' cyber risk and insurance expertise to help better protect customers against these attacks."

"Our cyber insurance partners bring deep expertise in assessing and managing cyber risk," said Prashant Pai, EVP, global head of business development, KnowBe4. "Our ability to monitor and measure detailed human risk information aligns perfectly with our partners' underwriting approach. KnowBe4 leads the market in mitigating the human element associated with cyber risk. These partnerships are a natural fit to better protect customers from rapidly evolving cyber threats."

The KnowBe4 Risk & Insurance Partner Program is open to insurance agencies, brokers, risk pools and other risk management providers globally. For more information or to connect with the partnership team, please visit https://www.knowbe4.com/partners/cyber-risk.

About KnowBe4

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

You May Also Like

KnowBe4 Launches Risk &amp; Insurance Partner Program

PRESS RELEASE

MINNEAPOLIS, June 13, 2024 /PRNewswire/ -- NetSPI, the proactive security solution, today announced its acquisition of Hubble Technology Inc. ("Hubble"), a Northern Virginia-based cyber asset attack surface management (CAASM) and cybersecurity posture management solution. The integration of Hubble's Asset Intelligence™ and CAASM product, Aurora™, into The NetSPI Platform will empower security teams to achieve complete visibility of their rapidly evolving attack surfaces and tackle asset and exposure management challenges.

Hubble's agentless CAASM platform enables organizations to continuously identify new assets and risks, remediate security control blind spots, and gain a holistic view of their security posture by providing an accurate inventory of cyber assets, both external and internal. Hubble was founded in 2020 with the backing of Accel, CrowdStrike Falcon Fund, and Paladin Capital. The company's Founder, Tom Parker, will join NetSPI as Chief Technology Officer (CTO).

According to Forrester's The Attack Surface Management Solutions Landscape, Q2 2024, "External attack surface management (EASM) vendors tend to use the external discovery scans as a jumping-off point for managing exposures, while CAASM vendors provide more context on the asset and its controls. Both are crucial foundations for teams to better prioritize and remediate security gaps."

With the acquisition of Hubble, NetSPI will deliver both EASM and CAASM capabilities within The NetSPI Platform to continuously discover, prioritize, and remediate vulnerabilities and exposures across the entire IT asset estate – from the cloud to bring-your-own-device (BOYD) and industrial control environments. This will also significantly enhance and accelerate NetSPI's ability to accurately prioritize risk associated with assets and vulnerabilities in customer networks and help them assess the exposure to their most important assets relative to these risks.

"This acquisition is one of the most notable milestones on our journey from point-in-time pentesting to technology-enabled proactive security," said Aaron Shilts, CEO at NetSPI. "You can't secure what you don't have visibility into. We support the most trusted brands on Earth giving them visibility into external/cloud assets and exposures. With Hubble's CAASM solution, we can provide comprehensive, 360-degree visibility while delivering telemetry and insights across the entire IT estate. We are thrilled to welcome Tom and Hubble to team NetSPI and look forward to the expertise he will bring as our new CTO driving innovation across our products."

As CTO, Tom will drive business growth through innovation across NetSPI's proactive security solutions and partner with customers to keep pace with the ever-changing technology and threat landscapes. Prior to forming Hubble, Tom was CTO at Accenture Security, leading growth strategy and M&A. He joined Accenture Security through the sale of his prior startup, FusionX, which was an early pioneer in commercial cybersecurity red teaming.

"The security industry notoriously creates siloed solutions that only address a small part of the problem. That's not the case with NetSPI," shared Tom Parker, Founder of Hubble and NetSPI CTO. "For the first time, with the introduction of CAASM, security leaders will have a holistic end-to-end view of their security posture in a single platform. I am delighted to join this proactive security powerhouse as their new CTO, helping customers reduce risk, drive efficiency, and strengthen the confidence that their security platforms represent a full picture of their environment."

NetSPI customers can expect to see CAASM within The NetSPI Platform later this year. To learn more about the CAASM solution, reach out at www.netspi.com/contact or visit www.netspi.com/caasm.

Join Aaron and Tom on July 17 for a live webcast where they will showcase Hubble's technology and discuss the importance of bringing EASM and CAASM together to achieve holistic attack surface management. Register today.

About NetSPI  
NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most.  

Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

By continually advancing solutions such as Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS), NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence.

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, three of the five largest healthcare companies, four MAMAA Big Tech companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.

NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. Follow NetSPI on LinkedIn and X.

About Hubble   
Hubble is a technology asset visibility and cyber posture management solution that provides a complete and continually updated map of your entire technology environment and the state of your most critical security controls. Whether you operate in the cloud, are a heavy user of industrial control systems and IoT or operate a hybrid IT environment – Hubble has you covered.

Hubble is completely agentless, leveraging your existing IT stack to build a knowledge graph of your environment, allowing you to better understand your assets, and their relative risk, and prioritize triage of security events and posture gaps. Backed by Paladin Capital, Accel, and CrowdStrike Falcon Fund, Hubble has won numerous awards for its market-defining solution, including the prestigious 2022 World Economic Forum Technology Pioneer.

NetSPI Acquires Hubble, Adds CAASM to Complement its IEASM

Creating and nurturing a corporate environment of proactive cybersecurity means putting people first — their needs, weaknesses, and skills.

Ken Deitz, CSO/CISO, Secureworks

June 13, 2024

5 Min Read

Source: Washington Imaging via Alamy Stock Photo

COMMENTARY

"Underneath every simple, obvious story about 'human error,' there is a deeper, more complex story about organization."  
— Sidney Dekker, The Field Guide to Understanding Human Error

In my experience, culture trumps strategy when building and maintaining robust cyber defenses. It's a self-evident truth that in cybersecurity, all roads lead back to people. At its heart, security is a human problem — one that needs a human-centric solution. That's what makes culture so crucial.

It's often said that it's not the situation that defines us but how we respond. If the worst happens and your company suffers a breach, your security culture will be on the global stage. It will be your north star guiding how you communicate, engage, and respond to all stakeholders. If your culture is lacking, it will inhibit your long-term cyber maturity and fracture trusted relationships. Trust and security exist in a delicate balance, and culture is the glue that binds them together.

During my career I've learned valuable lessons about the core pillars of security culture and how to not only create a good one, but nurture it as well.

**1\. Establish the Right Mindset**

First, mindset matters. I've worked with organizations where the focus has been on everything that an employee can't or shouldn't do. Let's be honest: That's an overwhelming list that, even with the best of intentions, people aren't going to remember or be able to practically integrate into their working days. Instead, I suggest flipping the script — what are the positive actions people can and should take?

For example, if someone at Secureworks gets an email that they are unsure about, they can just send it over to our designated threat team for investigation. The threat team then comes back to let our teammate know whether it's OK. Regardless, the threat team always starts their response with the same two words: "thank you." Cybersecurity is a team sport, and each of us plays a part. It's important to recognize that in all of its forms. That "thank you" also provides encouragement to remain curious and vigilant.

**2\. Engage With Empathy**

A productive and inclusive security culture is one that shuns blame. A culture of blame is counterproductive and makes your teammates feel powerless — the exact opposite of how you want them to feel. If someone clicks, scans, or interacts with something they shouldn't, you need to know as soon as possible. If your culture points fingers and makes people feel shame, the chances are they'll either procrastinate about telling you or not tell you at all, and the first you'll know about it is when red lights start flashing. Cybercriminals take advantage of people, so don't double the impact with victim-shaming or making an example of the person. Instead, focus on what you can collectively learn from the incident to enrich your cyber strategy for the future.

**3\. Communicate, Communicate, Communicate**

When it comes to cybersecurity, there's no such thing as too much communication. Just because you've sent an email or mentioned something in a company all-hands meeting doesn't mean that the message has gotten across. People have a lot going on in their jobs and lives. Meet people where they are, and you'll have much better results.

First, do an audit of the communication channels that your business has — intranet, Viva Engage, Slack, Teams, email, team and company meetings, etc. — and devise a communications strategy. Which messages resonate best across which channels? If you're giving an update on a strategic initiative, a 10-minute slot in the company all-hands could be the appropriate forum. But if you're aware of an active QR phishing email campaign, you likely want to reach all employees as quickly as possible, so you might use a combination of email and internal message boards.

It's not just about matching the right message to the right channel, but the person as well. If I were the only person to talk to our Secureworks teammates about cybersecurity, it would be easy to zone me out. That's why we empower all leaders to talk about security in their team meetings and why our CEO underscores our investments in this area during company meetings. Different people bring different perspectives, and that's crucial to conveying the importance of cybersecurity.

**4\. Stay on Your Toes**

New and emerging technologies bring opportunities and challenges. Generative artificial intelligence (AI), for example, can offer teammates productivity gains. But if you don't create a safe playground for them, they'll develop their own ways to access and engage with these tools. This, again, comes back to meeting people where they are. We've made it easy to interact with and use AI within a safe environment that we've built. It's a win-win situation.

The threat landscape evolves rapidly. Deepfakes, for example, are becoming more advanced and therefore have the potential to cause damage. Typically, they cultivate a false sense of urgency aimed at panicking people into taking action, such as transferring a large volume of money. Cybercriminals are looking to manipulate the dynamic between the executive they are impersonating and the employee. That's why it's so important we encourage people to question the situation and give them access to simple tools that let them validate the identity of the person they're talking to.

**Cybersecurity Is a Team Sport**

What I've outlined above doesn't happen in isolation. You need to work across many different functions within the business — from HR and communications through to legal and beyond. Be clear about your shared objective with these teams: why you would like their support and the impact you believe working together will have. Share your plans and show them why their teams are so integral to the plan's success. A shared goal galvanizes the whole business.

And so we find ourselves back at the beginning, with trust and security. A good cybersecurity culture trusts and empowers teammates to make good decisions. In turn, that trust fuels a more productive relationship between cybersecurity and the business. Culture is a living entity that needs to be continuously nurtured. Give it the dedication it needs, and your businesses will be safer as a result.

**About the Author(s)**

CSO/CISO, Secureworks

Ken Deitz serves as chief security officer and CISO at Secureworks, working his way up from director of corporate incident response team. He served in the US Navy as a lead analyst in global network exploitation, then became a senior information security analyst at Advanced Concepts, Inc. He worked as branch chief of fusion cell at United States Cyber Command until he joined Secureworks in 2011.

Source

DARKReading