PRESS RELEASE

SAN JOSE, Calif. – April 11, 2024 – Cohesity today announced a deepening of its cyber resilience collaboration with IBM. The enhanced relationship will accelerate the development of essential cyber resilience capabilities to address organizations' critical need for increased data security and resilience across hybrid cloud environments. With this announcement, Cohesity completes its Series F financing, with IBM joining NVIDIA as a strategic investor.  

The most recent Cost of a Data Breach report sponsored by IBM Security shows the global average cost of a data breach in 2023 was $4.45 million, a 15% increase over the previous three years. To help clients tackle this issue head-on, IBM has delivered Cohesity capabilities into IBM’s end-to-end cyber resilience platform, IBM Storage Defender, strengthening our customers’ ability to recover from data breaches and cyber-attacks.  

“IBM is a powerful partner in the enterprise cloud and IT infrastructure market. They bring decades of expertise to our relationship, in addition to their investment in our business to help fund incremental research and development to offer customers even stronger cyber resilience,” said Sanjay Poonen, CEO and President, Cohesity. “We’re thrilled that IBM is working with us as we continue to help combined customers detect threats rapidly and maintain operations during an attack to avoid business interruptions.”

“Data breaches continue to be one of the biggest threats organizations face to advancing business outcomes,” said Ric Lewis, SVP, Infrastructure at IBM. “We’re excited to deepen our collaboration with Cohesity to bring clients innovative end-to-end software-defined solutions designed to increase their cyber resilience and help avoid business interruptions.”

Cohesity’s collaboration with IBM has brought Cohesity DataProtect together with IBM's Storage Defender Solution to help their joint customers protect, monitor, manage, and recover data. Cohesity DataProtect is a high-performance, secured backup and recovery solution. It is designed to safeguard your data against sophisticated cyber threats and offers comprehensive policy-based protection for your cloud-native, SaaS, and traditional data sources. DataProtect converges multiple-point products into a single multicloud platform deployed on-premises or consumed as a service.

IBM Storage Defender leverages AI and event monitoring across multiple storage platforms through a single pane of glass to help protect organizations' data layer from risks like ransomware, human error, and sabotage. Additionally, IBM Storage Defender is anticipated to include a cyber vault and clean room features with automated recovery functions designed to help companies restore business-critical data in hours or minutes from what used to take days.  
Statements regarding IBM's or Cohesity’s future direction and intent are subject to change or withdrawal without notice and represent goals and objectives only.

About Cohesity  
Cohesity is a leader in AI-powered data security and management. Aided by an extensive ecosystem of partners, Cohesity makes it easier to secure, protect, manage, and get value from data – across the data center, edge, and cloud. Cohesity helps organizations defend against cybersecurity threats with comprehensive data security and management capabilities, including immutable backup snapshots, AI-based threat detection, monitoring for malicious behavior, and rapid recovery at scale. Cohesity solutions can be delivered as a service, self-managed, or provided by a Cohesity-powered partner. Cohesity is headquartered in San Jose, CA, and is trusted by the world’s largest enterprises, including 44 of the Fortune 100.

Cohesity Extends Collaboration to Strengthen Cyber Resilience With IBM Investment in Cohesity

Project behind the Rust programming language asserted that any calls to a specific API would be made safe, even with unsafe inputs, but researchers found ways to circumvent the protections.

Source: Monticello via Shutterstock

The Rust Project has issued an update for its standard library, after a vulnerability researcher discovered a specific function used to execute batch files on Windows systems could be exploited using an injection flaw.

The set of common functions included with Rust programming language, known as the standard library, offers the ability — among its many other capabilities — to execute Windows batch files through the Command API. The function, however, did not process the inputs to the API rigorously enough to eliminate the possibility of injecting code into the execution, according to a Rust Security Response Working Group advisory published April 9.

While Rust is well known for its memory-safety features, the incident underscores that the programming language is not proof against logic bugs, says Yair Mizrahi, a senior vulnerability researcher at application-security firm JFrog.

"Overall, Rust's memory safety is a notable advantage, but developers must also pay close attention to the potential for logical bugs to ensure the overall security and reliability of their Rust-based applications," he says. "To address such logical issues, Rust encourages a rigorous testing and code review process, as well as the use of static analysis tools to identify and mitigate logical bugs."

Rust has gained a reputation for being a very secure programming language, because it does not leave applications open to the often-severe class of flaws known as memory-safety vulnerabilities. Google has attributed a drop in memory-unsafe code to the shift to memory-safe languages, such as Rust and Kotlin, while Microsoft found that up until 2018, when it shifted to memory-safe language, such vulnerabilities regularly accounted for 70% of all security issues.

**Windows Poses a Batch of Issues**

The latest issue is not a memory-safety vulnerability, but a problem with the logic used to process untrusted input. Part of Rust's standard library allows the developer to call a function to send a batch file to the Windows machine for processing. There are reasons for submitting code to the host as a batch file, says Joel Marcey, director of technology at Rust Foundation, which supports the programming language's maintainers and the Rust ecosystem.

"Batch files are run for many reasons on systems, and Rust provides an API to allow you to execute those fairly easily," he says. "So while this is not necessarily the most common use case for Rust, the API, before the fixed patch was implemented, allowed for malicious actors to theoretically take over your system by running arbitrary commands, and this is definitely a critical vulnerability."

Typically, a developer can forward a workload to the Windows host to be executed as a batch process through the Command applications programming interface (API), part of the standard library. Typically, Rust guarantees the safety of any call to the Command API, but in this case, the Rust Project could not find a way to prevent the execution of all arguments, primarily because Windows does not adhere to any sort of standard, and that the API could allow an attacker to submit code that would then be executed.

"Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution," according to the Rust Security Response WG.

**Rust Project Proves Responsive**

While dealing with any vulnerability can be a headache, the Rust Project has shown that the group quickly resolves issues, say experts. The standard library vulnerability, CVE-2024-24576, is ultimately an issue with the Windows batch-processing problem and affects other programming languages, if they do not adequately parse the arguments sent to the Windows batch process. The Rust Project appears to be the first out the door with a fix for passing arguments to the Windows CMD.exe process, says JFrog's Mizrahi.

The groups could not completely eliminate the issue, but the Command API will not return an error when any augments passed to the function could be unsafe, the Rust Project said. 

JFrog's Mizrahi urges Rust to broaden its use of static application security testing and expand the use of fuzzing and dynamic testing.

"Overall, Rust is on the right track by emphasizing memory safety and encouraging rigorous testing practices," he says. "Combining these efforts with continued advancements in static analysis and fuzzing can help the Rust community and the broader software industry make significant strides in addressing logical bugs and input validation flaws in the years to come."

**About the Author(s)**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases

North Korean hackers break ground with new exploitation techniques for Windows and macOS.

Source: Stuart Miles via Alamy Stock Photo

This month, MITRE will be adding two sub-techniques to its ATT&CK database that have been widely exploited by North Korean threat actors.

The first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple's macOS.

The other — called "phantom" dynamic link library (DLL) hijacking — is a lesser-known subset of DLL hijacking, where hackers take advantage of referenced but nonexistent DLL files in Windows.

Both TCC manipulation and phantom DLL hijacking have allowed North Korean hackers to gain privileged access into macOS and Windows environments, respectively, from which they could perform espionage and other post-exploitation actions.

**TCC Manipulation**

"North Korea is opportunistic," says Marina Liang, threat intelligence engineer at Interpres Security. "They have a dual purpose of espionage and also revenue generation, so they're going to look to be where their targets are. And because macOS is increasing in popularity, that's where they started to pivot."

One way North Korean advanced persistent threats (APTs) have been breaching Macs lately is via TCC, an essential framework for controlling application permissions.

TCC has a user- and system-level database. The former is protected with permissions — a user would require Full Disk Access (FDA), or something similar — and the latter by System Integrity Protection (SIP), a feature first introduced with macOS Sierra. Theoretically, privileges and SIP are guards against malicious TCC access.

In practice, however, there are scenarios where each can be undermined. Administrators and security apps, for example, might require FDA to properly function. And there are times when users circumvent SIP.

"When developers need flexibility on their machine, or they're being blocked by the operating system, they might decrease those controls that Apple has in place to allow them to code and create software," Liang explains. "Anecdotally, I've seen that developers troubleshooting will try to figure out what's in place \[on the system\], and disable it to see if that solves their issue."

When SIP is switched off, or FDA on, attackers have a window to access the TCC database and grant themselves permissions without alerting the user.

There are a number of other ways to potentially get through TCC, too. For example, some sensitive directories such as /tmp fall outside of TCC's domain entirely. The Finder app has FDA enabled by default, and it's not listed in the user's Security & Privacy window, meaning that a user would have to be independently aware and manually revoke its permissions. Attackers can also use social engineering to direct users in disabling security controls.

A number of malware tools have been designed to manipulate TCC, including Bundlore, BlueBlood, Callisto, JokerSpy, XCSSET, and other unnamed macOS Trojans recorded on VirusTotal. Liang identified Lazarus Group malware, which attempts to dump the access table from the TCC database, and CloudMensis by APT37 (aka InkSquid, RedEyes, BadRAT, Reaper, or ScarCruft) doggedly tries to identify where SIP is disabled in order to load its own malicious database.

Dark Reading contacted Apple for a statement regarding TCC abuses and received no reply.

To block attackers taking advantage of TCC, the most important thing is keeping SIP enabled. Short of that, Liang highlights the need to know which apps have what permissions in your system. "It's being aware of what you're granting permissions to. And then — obviously it's easier said than done — exercising \[the principle of\] least privileged \[access\]. If certain apps don't necessarily need certain permissions to function, then remove them," she says.

Besides TCC vulnerabilities, APAC-area threat actors have been exploiting an even stranger flaw in Windows. For some reason, the operating system references a number of DLL files that don't actually exist.

"There are a ton of them," Liang marvels. "Maybe someone was working on a project to create specific DLLs for specific purposes, and maybe it got shelved, or they didn't have enough resources, or just forgot about it."

Dark Reading has reached out to Microsoft for clarification on this point.

To a hacker, a so-called "phantom" DLL file is like a blank canvas. They can simply create their own malicious DLLs with the same name, and write them to the same location, and they'll be loaded by the operating system with nobody the wiser.

The Lazarus Group and APT 41 (aka Winnti, Barium, Double Dragon) have used this tactic with IKEEXT, a service necessary for authentication and key exchange within Internet protocol security. When IKEEXT triggers, it attempts to load the nonexistent "wlbsctrl.dll." APT41 has also targeted other phantom DLLs like "wbemcomn.dll," loaded by the Windows Management Instrumentation (WMI) provider host.

Until Windows rids itself of phantom DLLs, Liang highly recommends companies run monitoring solutions, deploy proactive application controls, and automatically block remote loading of DLLs, a feature included by default in Windows Server.

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse

Led by industry veterans Gadi Evron and Sounil Yu, the new company lets organizations adjust how much information LLMs provide based on the user's role and responsibilities.

Source: Deemerwha Studio via Shutterstock

Security startup Knostic is the latest company to address the various challenges organizations face as they adopt generative artificial intelligence (AI) tools. This week Knostic emerged from stealth with $3.3 million in pre-seed funding to bring "need-to-know" access controls to large language models (LLMs).

Enterprises in their AI transformation journey are sprinkling AI capabilities throughout their workflows and processes to boost productivity, reduce costs, and increase efficiency, says Gadi Evron, co-founder and CEO of Knostic. Enterprises are adopting LLMs to build ChatGPT-like enterprise search systems based on their own data sources or by enabling capabilities that are bundled into the applications and platforms they are already using. Data privacy is one of the biggest barriers to AI adoption, Evron says, noting that AI without controls potentially exposes the organization to increased risk, primarily by exposing information to the wrong people.

"How can we curate personalized information and actually give you value — answer with what you need to know instead of just saying stuff?" Evron says.

**Access Control for LLMs Is Necessary**

With Knostic, employees can access what they need and receive answers that align with the information they require to perform their jobs.

For example, an organization can have a system that answers questions such as features expected in the next product release, the latest sales numbers and revenue figures, bonus structure, due diligence results in a merger-and-acquisition scenario, or the status of an infrastructure project. But not everyone should get the same answer to every question. While the CFO and CTO needs to know the quarterly sales revenue, the marketing intern probably does not, Evron notes.

Knostic's access control engine considers whether the answer is appropriate for the questioner's role; if it is not, it answers with, "I'm sorry, that is confidential information," Evron says. Or instead of just saying no, the system can respond that even though the answer is confidential, the marketing campaigns that the intern worked on boosted sales over the quarter. That's where personalization and curation comes in.

Evron made it a point to emphasize that access control is binary — either the person can have access or they cannot. Knostic's focus on "need to know" makes it possible to provide some information even when the answer is no.

"When we say no, we are not enabling the business," Evron says, noting that providing information in a different format or with related context helps business users more than just being told no. "Once you figure out what you are allowed to know, you can solve DLP \[data loss prevention\] and IAM \[identity access management."

**What 'Need to Know' Looks Like**

When thinking about access control, organizations need to consider factors such as whether the system is internal or public-facing, whether the data used to generate responses is sensitive, and the role of the person asking the questions, says Sounil Yu, Knostic's co-founder and CTO.

There has been much discussion about how organizations need to build guardrails into AI systems to prevent abuse and not provide answers that could cause harm. However, this approach tend to be one-size-fits-all and doesn't account for a person's specific circumstances, Yu says. Consider how many publicly available chatbots would not provide medical information because they are not medical professionals and should not be used for diagnostics. But if it's a physician trying to access information as part of an investigation, that particular restriction is not helpful. Access control, unlike guardrails, take into account factors such as time, sensitivity of data, and person's role to determine how to shape the answers.

For example, a company may have a customer service chatbot that troubleshoots and assists in fixing common issues. That chatbot will have access to the same internal knowledgebase articles that the customer service representative would have. But what happens if there is information about a product that is not yet available on the market? The customer service representative needs that information to be ready when the product is available and even beforehand for training purposes. But there could be a lot of problems for that company if the customer learns details about the product from the chatbot before launch.

Instead of creating two systems — one for internal use and the other public-facing — the company can conceivably use Knostic's approach to provide different answers to the customer and to the customer service representative.

**Company Details**

Evron and Yu have deep industry expertise. Evron founded cyber deception company Cymmetria and previously held roles at Citibank and PwC. Yu is the former chief security scientist at Bank of America and former CISO and head of research at JupiterOne.

Knostic, founded in 2023, has raised $3.3 million in pre-seed financing from Shield Capital, Pitango First, DNS Ventures, Seedcamp, and several angel investors. Retired Admiral Mike Rogers, former head of the National Security Agency and a member of Knostic's advisory board, said in a statement that the startup will "unlock LLMs for enterprises."

Knostic has customers across a range of industries, including retail and financial services. It is also one of the top three finalists for the 2024 RSA Conference Launch Pad, where founders of companies incorporated for two years or less get to pitch ideas and products "on the cusp of being the next big thing" to a panel of venture capitalists. This year's Launch Pad will be on Tuesday, May 7.

**About the Author(s)**

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Knostic Brings Access Control to LLMs

Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.

Source: Age Foto Stock via Alamy Stock Photo

Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware.

Researchers from AhnLab Security Intelligence Center (ASEC) said in a blog post that attackers likely are exploiting inappropriate settings or a vulnerability present in an implementation of Redis to distribute Meterpreter for nefarious use.

"Such malware strains attack Redis servers open to the public on the Internet with the authentication feature disabled," ASEC researcher Sanseo wrote in the post. "After gaining access to Redis, threat actors can install malware through known attack methods."

Meterpreter is an aspect of the legitimate Metasploit pen-testing tool that allows threat actors to fetch various Metasploit modules, or working exploits for known bugs, and then use them on the targeted system, according to ASEC. Metasploit is a tool similar to Cobalt Strike that also is oft-abused by threat actors to execute attacks.

"When Metasploit is installed, the threat actor can take control of the infected system and also dominate the internal network of an organization using the various features offered by the malware," Senseo explained.

**How It's Done**

Redis is an open source, in-memory data structure storage service that is increasingly being used in various ways in cloud environments; its primary purpose is typically for session management, message broker, and queues, according to ASEC. This increased prevalence also is making it a more popular target for attackers, who have abused vulnerable Redis servers to spread a host of malware, including Kinsing, P2PInfect, Skidmap, Migo, and HeadCrab.

By using Metasploit Meterpreter, there are two main attacks methods that actors can employ to spread malware once they've gained access to Redis. One is to register the malware-executing command as a Cron task, and the other is using the SLAVEOF command to set the command as the Slave server of the Redis server that has the malware.

ASEC witnessed an attack targeting a system that used Windows, along with version Redis 3.x, which was developed in 2016. The age of the abused platform means "it was likely vulnerable to attacks that abuse misconfiguration or attacks on known vulnerabilities," Senseo noted.

In the attack, the threat actor first downloaded PrintSpoofer, a privilege escalation tool, in the installation path for Redis. Attackers often use this tool against vulnerable services that are not managed properly or have not been patched to the recent version; in fact, ASEC has witnessed a flurry of these attacks against Redis since the second half of last year.

"The difference between the cases from the past and the cases now is that PrintSpoofer is installed using the CertUtil tool instead of PowerShell," Senseo explained.

**Meterpreter As Malicious Backdoor**

After installing PrintSpoofer, the threat actor installed Meterpreter Stager — one of two types of the module, the difference between which depends on the way it is installed. Meterpreter is to the Metasploit tool as Beacon is to Cobalt Strike.

When an attacker uses Stager, it means the installation is via the staged version, which downloads Meterpreter directly from the attacker's command-and-control (C2) server. This decreases its footprint version downloading it in a "stageless" way within a payload, according to ASEC.

Once this process is complete, Meterpreter is executed in the memory, which allows the threat actor to take control over the infected system and "also dominate the internal network of an organization using the various features offered by the malware," Senseo wrote.

**Update Now**

ASEC included a list of files, behaviors, and indicators of compromise of the attack in its post to help network administrators identify evidence of the threat on a system.

To avoid being compromised by the attack vector, ASEC advised that administrators of environments with Redis 3.x installed should, at the very least, update the server immediately with available patches to ensure that known vulnerabilities can't be exploited. The best-case scenario, however, would be to update V3 to the latest version of the server.

Administrators should also install security-protection software that restricts external access to Redis servers open to the Internet so they can't be identified and abused, ASEC advised.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously

In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.

Source: nk Drop via Shutterstock

Apple this week updated its spyware threat notification system to alert and assist users it identifies as targeted by mercenary spyware attacks.

To date, Apple has spotted and alerted users in more than 150 countries that they were targeted in these attacks.

Such spyware attacks target individuals largely because of who they are and what they do, Apple said. While most people will never be targeted by these types of attacks, a small number of people — journalists, activists, politicians, and the like — will potentially be victimized. 

Apple said once it detects spyware it notifies the user within two days. The vendor does provide threat actor attribution, however.

In its notice, Apple pointed fingers at the NSO Group, one of the private companies that develops the mercenary spyware Pegasus that is used in such attacks. "According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies," stated the notice on Apple's support page. 

Should an individual receive a threat notification, Apple recommends that they seek the help of either Apple or a third party. Apple's notifications never ask the user to click on any link or install an application; the threat notification can be verified simply by signing into applied.apple.com, where the notification will be at the top of the page. 

**About the Author(s)**

Apple Warns Users in 150 Countries of Mercenary Spyware Attacks

A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.

Source: Cagkan Sayin via Alamy Stock Photo

COMMENTARY

The days of large, monolithic apps are withering. Today's applications rely on microservices and code reuse, which makes development easier but creates complexity when it comes to tracking and managing the components they use. 

This is why the software bill of materials (SBOM) has emerged as an indispensable tool for identifying what's in a software app, including the components, versions, and dependencies that reside within systems. SBOMs also deliver deep insights into dependencies, vulnerabilities, and risks that factor into cybersecurity.

An SBOM allows CISOs and other enterprise leaders to focus on what really matters by providing an up-to-date inventory of software components. This makes it easier to establish and enforce strong governance and spot potential problems before they spiral out of control.

Yet in the age of artificial intelligence (AI), the classic SBOM has some limitations. Emerging machine learning (ML) frameworks introduce remarkable opportunities, but they also push the envelope on risk and introduce a new asset to organizations: the machine learning model. Without strong oversight and controls over these models, an array of practical, technical, and legal problems can arise. 

That's where machine learning bills of materials (MLBOMs) enter the picture. The framework tracks names, locations, versions, and licensing for assets that comprise an ML model. It also includes overarching information about the nature of the model, training configurations embedded in metadata, who owns it, various feature sets, hardware requirements, and more.

**Why MLBOMs Matter**

CISOs are realizing that AI and ML require a different security model — and the underlying training data and models that run them are frequently not tracked or governed. An MLBOM can help an organization avoid security risks and failures. It addresses critical factors like model and data provenance, safety ratings, and dynamic changes that extend beyond the scope of SBOM.

Because ML environments are in a constant state of flux and changes can take place with little or no human interaction, issues related to data consistency — including where it originated, how it was cleaned, and how it was labeled — are a constant concern.

For example, if a business analyst or data scientist determines that a data set is poisoned, the MLBOM simplifies the task of finding all the various touch points and models that were trained with that data. 

**MLBOMs Can Elevate Protection**

Transparency, auditability, control, and forensic insight are all hallmarks of an MLBOM. With a comprehensive view of the "ingredients" that go into an ML model, an organization is equipped to manage its ML models safely.

Here are some ways to build a best practice framework around an MLBOM:

*   Recognize the need for an MLBOM: It's no secret that ML fuels business innovation and even disruption. Yet it also introduces significant risks that can extend to reputation, regulatory compliance, and legal issues. Having visibility into ML models is critically important.
    

*   Conduct essential due diligence: An MLBOM should integrate with the CI/CD pipeline and deliver a high level of clarity. Support for standard frameworks like JSON or OWASP's CycloneDX can unify SBOM and MLBOM processes.
    

*   Analyze policies, processes, and governance: It's essential to sync an MLBOM with an organization's workflows and business processes. This increases the odds that ML pipelines will work as intended, while minimizing risks related to cybersecurity, data privacy, compliance, and other risk-associated areas.
    

*   Use an MLBOM with machine learning gates: Rigorous controls and gateways lead to essential AI and ML guardrails. In this way, the business and the CSO can build on successes and harness ML to unlock greater cost savings, performance gains, and business value.
    

Machine learning is radically changing the business and IT landscape. By extending proven SBOM methodologies to ML through MLBOMs, it's possible to take a giant step toward boosting machine learning performance and protecting data and assets.

**About the Author(s)**

CISO, Protect AI

Diana Kelley is CISO for Protect AI. She was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a Manager at KPMG, CTO and co-founder of SecurityCurve, and Chief vCISO at SaltCybersecurity.

Why MLBOMs Are Useful for Securing the AI/ML Supply Chain

Phony call center company conducted online fraud and other Internet scams.

Source: JJ Gouin via Alamy Stock Photo

Law enforcement in Zambia this week raided a Chinese company that hired unsuspecting young Zambian citizens purportedly for positions at a call center that instead was a front for cybercrime and money laundering.

The so-called Golden Top Support services company directed the employees "with engaging in deceptive conversations with unsuspecting mobile users across various platforms such as WhatsApp, Telegram, chatrooms and others, using scripted dialogues," Nason Banda, director general of Zambia's Drug Enforcement Commission (DEC) told the BBC, which reported on the case. The DEC, law enforcement, immigration, and anti-terrorism units assisted in the investigation and arrests at the shell company.

A recent rise in bank fraud in Zambia raised alarms and led authorities there to investigate and ultimately raid the company. Banda said the "illicit operations extended beyond Zambia's borders," including victims in Singapore, Peru, the United Arab Emirates (UAE), and other parts of Africa.

Authorities found some 13,000 SIM cards, 11 SIM boxes for disguising the caller's location, and firearms, and 22 Chinese citizens were arrested. Banda said Zambian workers were charged and release in order to cooperate in the investigation.

**About the Author(s)**

Zambia Busts 77 People in China-Backed Cybercrime Operation

Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.

Source: Viacheslav Lopatin via Shutterstock

The US, Japan, and the Philippines reportedly will join forces in cybersecurity defense with a strategic cyber threat-sharing arrangement in the wake of rising attacks by China, North Korea, and Russia.

The initiative will launch during high-level trilateral talks between US President Joe Biden, Japanese Prime Minister Fumio Kishida, and Philippine President Ferdinand Marcos Jr. during a trilateral summit in Washington this week, according to the English-language version of the Nihon Keizai Shimbun. The cyber alliance comes on the heels of Volt Typhoon, a group of cyberattackers linked to China's military, targeting critical infrastructure networks in the Philippines and US territories in the region.

Over the past three months, the number of cyberattack attempts against national government agencies in the Philippines has increased 20% week over week, according to data from Trend Micro shared with Dark Reading. 

"Traditional US allies in Asia — Japan, Taiwan, Philippines — are of high interest to Chinese-aligned attackers," says Robert McArdle, director of forward-looking threat research with the cybersecurity firm. "There has been an increase in tensions in the region recently as well as important political events including presidential elections that China maintains interest in."

The cybersecurity concerns come as geopolitical tensions have ratcheted up in the region. China has both expanded its military presence, especially with its claims to large sections of the South China Sea — as far away as 1,000 km from its mainland and encroaching on Philippines territory. The military buildup has been matched by increases in cyberattacks by Chinese state-sponsored actors, such as Mustang Panda, which compromised a Philippines government agency last year. The widespread Volt Typhoon attacks have claimed critical infrastructure networks in the Philippines, US, UK, and Australia.

**Philippines at Risk**

The dispute over the South China Sea comes at a time when the Philippines has seen significant growth in its technology development and business sectors and increased urbanization and Internet access, says Myla Pilao, director for technical marketing for Trend Micro, who works in the company's Manila office.

"This growth path, \[however\], also presents challenges including service reliability, workforce skills shortages, and data/privacy management issues \[that\] make the Philippine ecosystem a more vulnerable target," she says.

With greater reliance on the Internet and technology comes greater cyber threats. Last May, Microsoft warned that Volt Typhoon, an advanced persistent threat (APT) group linked to China's military, had infiltrated critical-infrastructure networks, possibly as a way to pre-position cyber-operations teams in foreign networks prior to an outbreak in hostilities.

Volt Typhoon is a severe threat to critical infrastructure in the region, raising the priority of information sharing, says Lisa J. Young, an APAC intelligence officer with the Financial Services Information Sharing and Analysis Center (FS-ISAC).

"This trilateral agreement specifically calls out cyber threats targeting critical infrastructure," she says. "As the nature of warfare evolves, tactics increasingly incorporate an online element through cyber-attacks and mis- \[or\]disinformation campaigns, with an increasingly fragmented array of actors. Governments are working to adapt by incorporating both defensive and offensive cyber capabilities."

**US "Hunt Forward" Initiative**

The cyber agreement with the Philippines is not a new strategy: The United States and Japan already have entered into trilateral talks with South Korea in July and August, when the three governments agreed to consult on regional threats and share data on foreign information-manipulation. Japan and South Korea also have joined NATO's Cooperative Cyber Defense Center of Excellence (CCDCOE) in 2018 and 2022, respectively, where allies regularly share cyber threat intelligence.

The trilateral agreements with South Korea and the Philippines are aligned with a part of the US strategy known as "Hunt Forward," where the US Cyber Command deploys military cybersecurity specialists to allies to hunt for malicious cyber activity. So far, more than two dozen allies have hosted Hunt Forward teams, and their deployment will likely raise tensions, Jason Bartlett, a research associate in the Atlantic Council's Energy, Economics, and Security for a New American Security group, said in an analysis in August.

"Incorporating 'Hunt Forward' operations within US cyber strategy with allies in the Indo-Pacific will most likely agitate already sensitive ties between Southeast Asia and China, but the United States needs to increase its cyber presence in the region due to its constant exposure to illicit cyber activity," Bartlett said. "Numerous state-sponsored hackers, especially from North Korea, have operated from within Southeast Asia and other regions in the Indo-Pacific for years with little punitive backlash from local and national governments."

The trilateral agreement tackles both cybercrime — especially from North Korea — and nation-state cyberattacks from China, Russia, and North Korea, and works towards isolating bad actors in China, says FS-ISAC's Young.

"This joint framework among the US, Japan, and the Philippines is a step towards strengthening cyber defenses, mitigating potential attacks, and shoring up supply chains to reduce dependence on China," she says. "Information sharing across the public and private sectors remains that best way to ensure collective protection of critical infrastructure sectors against the evolving threat landscape."

**About the Author(s)**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Japan, Philippines &amp; US Forge Cyber Threat Intel-Sharing Alliance

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

Source: Juliana\_haris via Shutterstock

The recent discovery of a backdoor in the XZ Utils data compression utility — present in nearly all major Linux distributions — is a stark reminder that organizations who consume open source components ultimately own responsibility for securing the software.

XZ Utils, like thousands of other open source projects, is volunteer-run and, in its case, has a single maintainer managing it. Such projects often have little to no resources for handling security issues, meaning organizations use the software at their own risk. That means security and development teams must implement measures for managing open source risk the same way they do with internally developed code, security experts say.

"While it's unlikely an organization can effectively prevent \[all\] exposure to supply chain risks, organizations can absolutely focus on a strategy to reduce the probability that a supply chain attack is successful," says Jamie Scott, founding product manager at Endor Labs.

Open source is not the same as outsourcing: "Open source maintainers of software are volunteers. At an industry level, we need to treat them as such. We own our software; we are responsible for the software we re-use."

**Well-Intentioned, Under-Resourced**

Concerns over open source software security are by no means new. But it often takes discoveries like the Log4Shell vulnerability and the backdoor in XZ Utils to really drive home just how vulnerable organizations are to components in their code. And often, the code comes from well-intentioned yet hopelessly under-resourced open source projects that are minimally maintained.

XZ Utils, for instance, is essentially a one-person project. Another individual managed to sneak the backdoor into the utility over a nearly three-year period, by gradually gaining enough trust from the project maintainer. If a Microsoft developer had not chanced upon it in late March when investigating odd behavior associated with a Debian installation, the backdoor might well have ended up on millions of devices globally — including those belonging to large corporations and government agencies. As it turned out, the backdoor had minimal impact because it affected versions of XZ Utils that were only present in unstable and beta versions of Debian, Fedora, Kali, open SUSE, and Arch Linux.

The next such open source code compromise could be far worse. "The scariest part for enterprise organizations is that their applications are built on top of open source software projects just like XZ Utils," says Donald Fischer, co-founder and CEO of Tidelift. "XZ Utils is one package of tens of thousands that are in use every day by typical enterprise organizations," he says.

Most of these organizations lack sufficient visibility into the security and resilience of this part of their software supply chain to be able to evaluate risk, he notes.

A recent Harvard Business School study estimated the demand-side value of open source software to be an astonishing $8.8 trillion. Maintainers are at the core of this ecosystem and many of them are flying solo, Fischer says. A survey conducted by Tidelift last year found 44% of open source project maintainers describe themselves as the sole maintainers of their projects. Sixty percent identified themselves as unpaid hobbyists, and the same percentage said they have either quit or have considered quitting their roles as project maintainers. Many maintainers described their efforts as stressful, lonely, and financially unrewarding work, Fischer says.

"The XZ utils hack brings into stark relief the risks of under-investing in the health and resilience of the open source software supply chain \[that\] enterprise organizations rely on," Fischer says. "Enterprise organizations need to realize that the majority of the most relied-upon open source packages are maintained by volunteers who describe themselves as unpaid hobbyists. These maintainers are not enterprise suppliers but are expected to work and deliver like them."

**Danger: Transitive Dependencies**

A study that Endor conducted in 2022 found that 95% of open source vulnerabilities are present in so-called transitive dependencies, or secondary open source packages or libraries that a primary open-source package might depend upon. Often, these are packages that developers don't directly select themselves but are automatically employed by an open source package in their development project.

"For example, when you trust one Maven package, on average there are an additional 14 dependencies you implicitly trust as a result," Scott says. "This number is even larger in certain software ecosystems such as NPM where you on average import 77 other software components for every one you trust."

One way to start start mitigating open source risks is to pay attention to these dependencies and be selective about what projects you choose, he says.

Organizations should vet dependencies, especially the smaller, one-off-packages, manned by one- and two-person teams, adds Dimitri Stiliadis, Endor's CTO and co-founder. They should determine if dependencies in their environment have proper security controls or if a single individual commits all code; whether they have binary files in their repositories that no one knows about; or even if someone is actively maintaining the project at all, Stiliadis says.

"Focus your efforts on improving your response effectiveness — foundational controls such as maintaining a mature software inventory remains one of the highest value programs you can have in place to quickly identify, scope, and respond to software risks once they're identified," Scott advises.

Software-composition analysis tools, vulnerability scanners, EDR/XDR systems, and SBOMs can also all help organizations quickly identify vulnerable and compromised open source components.

**Acknowledging the Threat**

"Mitigating exposure starts with shared understanding and acknowledgement in the C-suite and even at the board level that roughly 70% of the ingredients of the average software product are open source software historically created by mostly uncompensated contributors," Tidelift's Fischer says.  

New regulations and guidelines in the financial services industry, the FDA, and NIST will shape how software is developed in the years ahead and organizations need to prepare for them now. "Winners here will quickly adapt from a reactive strategy to a proactive strategy to managing open source-related risk," he says.

Fischer recommends that organizations get their security and engineering teams to identify how new open source components come into their environment. They should also define roles for monitoring these components and proactively remove ones that don't fit the company's risk appetite. "Reacting to late stage problems has become an ineffective way to deal with the scale of the risk to the business over the last several years, and the US Government is signaling that era is coming to an end," he says.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Source

DARKReading