A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.

Source: Brian Jackson via Alamy Stock Photo

The DarkGate remote access Trojan (RAT) has a new attack vector: A threat actor targeted a Microsoft Teams user via a voice call to gain access to their device.

The attack adds to the other methods for spreading the RAT, which previously has been propagated using phishing emails, malvertising, hijacking of Skype and Teams messages, and search engine optimization (SEO) poisoning, researchers said.

Researchers at Trend Micro discovered the voice phishing, or vishing, attack, in which an attacker initially tried to install a Microsoft remote support application to gain access to the user's device, they revealed in a recent blog post. While this failed, the cyberattackers then used social engineering to convince the victim to download the AnyDesk tool for remote access, which they eventually achieved.

The attacker loaded multiple "suspicious files" onto the victim's machine via a connection that was established to a command-and-control (C2) server, one of which was DarkGate, according to Trend Micro. The RAT, distributed as usual via an AutoIt script, enabled remote control over the user's machine, executed malicious commands, gathered system information, and connected to a command-and-control (C2) server.

**A Multistage Vishing Cyberattack**

The multistage attack started off in a more typical DarkGate way, through a flood of thousands of phishing emails sent to the victim's inbox. The emails were followed up with a Microsoft Teams call purportedly for technical support, which kicked off the vishing attack.

The caller claimed to be an employee of an external supplier of the victim's company needing assistance, and instructed the victim to download the Microsoft Remote Support application.

"However, the installation via the Microsoft Store failed," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta wrote in the post. "The attacker then instructed the victim to download AnyDesk via browser and manipulate the user to enter her credentials to AnyDesk."

The attacker used AnyDesk to set up a communication channel to C2 and initiate various malicious scripts and eventually a PowerShell command to drop DarkGate using the Autoit legitimate Windows automation and scripting tool favored by attackers for obfuscation and defense evasion. After installation, the attack also loaded files and a registry entry for persistence.

**Another Channel for Spreading DarkGate Malware**

While ultimately the attack was stopped before data could be exfiltrated from the victim's machine, it demonstrates DarkGate actors using yet another means to spread the formidable RAT, adding to a long list of previously used delivery methods, the researchers said.

DarkGate has been used to target users around the world since at least 2017 and integrates multiple diverse and malicious functions. Among its capabilities are executing commands for gathering system information, mapping networks, and doing directory traversal, as well as launching Remote Desktop Protocol (RDP), hidden virtual network computing, AnyDesk, and other remote access software.

DarkGate also has features to support cryptocurrency mining, keylogging, privilege escalation, and stealing information from browsers, and is even known to carry additional payloads, including other RATs like Remcos.

**How to Protect Against Sophisticated Vishing Attacks**

Vishing attacks are becoming ever more psychologically sophisticated, with attackers even resorting to physical intimidation to coerce victims into complying with demands. Training employees on signs of a vishing attack, including staying up to date on the latest tactics, is becoming increasingly important as these attacks escalate.

"Well-informed employees are less likely to fall victim to social engineering attacks, strengthening the organization’s overall security posture," the researchers wrote.

Organizations also should "thoroughly vet third-party technical support providers" to "ensure that any claims of vendor affiliation are directly verified before granting remote access to corporate systems, the researchers wrote. Moreover, they should establish cloud-vetting processes to evaluate and approve remote access tools, such as AnyDesk to assess security compliance and vendor reputation before putting them in use.

Whitelisting approved remote access tools and blocking any unverified applications as well as integrating multifactor authentication (MFA) on remote access tools also reduce "the risk of malicious tools being used to gain control over internal machines," the researchers wrote.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Microsoft Teams Vishing Spreads DarkGate RAT

PRESS RELEASE

BOSTON — December 12, 2024 — Zerto, a Hewlett Packard Enterprise company, today announced the launch of the Zerto Cloud Vault, which delivers Zerto’s best-in-class cyber resilience capabilities as a service through managed service providers (MSPs). Zerto’s security-focused MSP partners at launch include Assurestor, Converge, LincolnIT, and Verinext. Built on the capabilities of the Zerto Cyber Resilience Vault, the Zerto Cloud Vault is a cloud-based, fully managed solution that offers logical air-gapping, immutability, and clean room recovery.

Ransomware attacks remain a harsh fact of life for most businesses with collective ransomware losses totaling over $1 billion in 2023 alone. This financial toll is exacerbated by the resulting data loss and downtime, with some estimates suggesting upwards of $1 million in losses per hour of downtime for larger businesses.

With Zerto Cloud Vault, customers can leverage MSPs that deliver tailored cyber resilience strategies to meet the specific requirements of their organizations. Cloud Vault is the latest offering in HPE’s comprehensive cyber resilience portfolio and complements the existing Zerto Cyber Resilience Vault, which is deployed as a self-hosted, on-premises stack.

Zerto Cloud Vault capabilities include:

*   Managed Cyber Services: Take advantage of MSP experts who know how to prevent and mitigate attacks and have built their services on top of Zerto’s award-winning technology.
    
*   Real-Time Encryption Detection: Detect encryption anomalies in real-time and be alerted within seconds to potential issues through integration with cybersecurity dashboards.
    
*   Immutable Data Copies: Retain data for up to 12 months and protect against ransomware attacks through immutable copies, all without impacting production workloads, without any agents or snapshots.
    
*   Clean Room Recovery: Leverage the elasticity of the cloud to create clean environments on demand with isolated networks that are protected from attackers. Use it to validate data, scrub malware, and perform forensics before recovering back into production.
    
*   Non-Disruptive Testing: With Zerto’s non-disruptive solutions, businesses can test more frequently and comprehensively, including conducting cyber recovery tests at any time on entire sites, multiple sites, or individual VMs. These tests can be used to validate recovery plans and train incident response teams.
    
*   Fully isolated from production environments: Ability to run different security postures within product and vault environments.
    

“Zerto’s disaster recovery and cyber resilience solutions offer peace of mind to businesses struggling to combat ransomware attacks,” said Jim O’Dorisio, senior vice president and general manager, HPE Storage. “Leveraging our cyber resilience capabilities, MSPs will be able to bring fully managed Cloud Vault services to even more organizations, helping them thwart the plans of attackers and keep precious business assets safe.”

Coupled with the expertise of Zerto’s vetted MSP partners, the hosted Zerto Cloud Vault mitigates the most devastating ransomware scenarios while keeping businesses in compliance with state and federal regulations — reducing the risk of substantial fines or prosecution. Where other solutions offer detrimental lengthy recovery point objectives (RPOs) and recovery time objectives (RTOs), Zerto Cloud Vault slashes both, minimizing the risks of disruption and allowing businesses to get back on their feet as fast as possible after the inevitable happens. Zerto is a part of HPE’s hybrid cloud business, helping HPE customers protect workloads and data across hybrid IT environments.

Partner Quotes

“Our Gold Standard for cyber recovery considers a product’s recoverability readiness, non-disruptive testing capability, and speed of data recovery; we found that Zerto substantially delivered on all these points. Combined with Cloud Vault, the protection provided from ransomware attacks was robust and allowed pinpoint recovery faster than any other products evaluated,” said Stephen Young, executive director, Assurestor.

“Ransomware attacks are a real threat to the data and operations of organizations of all sizes. Having the ability to offer a cloud vault with Zerto technology gives our clients added protection against ransomware and peace of mind that they can recover successfully,” said John Antimisiaris, executive vice president, LincolnIT.

“Some of our clients’ infrastructure protection needs to be kept with a very tight RPO, but they still need some deeper recovery options than simple replication can provide. A cyberattack is seldom clearly understood, even when recovery efforts have begun. Zerto Cloud Vault provides immutable protection history that can be leveraged to find the latest clean point in time for replicated hosts,” said Jeremy Brovage, product engineer and solutions architect, Converge Enterprise Cloud.

“Cyberattacks that encrypt data are one of the primary disruptors requiring data recovery. Zerto provides the best tools to recover quickly and with the least data loss in a cloud vault,” said Nick Martino, product manager, managed services, Verinext.

Explore the Zerto Cloud Vault and discover how it empowers businesses to safeguard their data and operations: Learn More. 

About Zerto

Zerto, a Hewlett Packard Enterprise company, empowers customers to run an always-on business by simplifying the protection, recovery, and mobility of on-premises and cloud applications. Zerto eliminates the risk and complexity of modernization and cloud adoption across private, public, and hybrid deployments. The simple, software-only solution uses continuous data protection at scale to solve for ransomware resilience, disaster recovery, and multi-cloud mobility. Zerto is trusted by over 9,500 customers globally, and is powering offerings for Microsoft Azure, IBM Cloud, Google Cloud, Oracle Cloud, and more than 350 managed service providers.

Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs

PRESS RELEASE

Santa Clara, Calif. – Dec. 10, 2024 – Versa, the global leader in Universal Secure Access Service Edge (SASE), today announced Versa Endpoint DLP, an integrated endpoint data loss prevention (DLP) capability delivered by the Versa SASE Client as part of the VersaONE™ Universal SASE Platform. The endpoint DLP feature provides the industry’s widest range of data exfiltration prevention capabilities in an integrated SASE solution, restricting copy/paste, screenshots, and peripheral device (e.g., USB storage) transfers based on Zero Trust attributes. 

Versa Endpoint DLP helps ensure that sensitive data residing on endpoints is safeguarded against accidental exposure, insider threats, and cyberattacks. Integrated into Versa’s lightweight SASE client, it extends network DLP to the endpoint, providing end-to-end real-time visibility and control. This ensures compliance with corporate data security regulations and reduces risk without compromising the user experience.

“Versa Endpoint DLP directly addresses the critical need for comprehensive data protection on endpoints in today’s hybrid work environments,” said Kumar Mehta, Versa Founder and CDO. “We’re delivering a unified approach to securing sensitive data on endpoints, addressing critical risks like insider threats and compliance challenges. By integrating this functionality into the VersaONE platform, our customers can protect their data effectively without adding complexity.”

Unlike approaches that require separate network and endpoint DLP tools, Versa DLP provides a unified approach seamlessly integrated with the broader VersaONE security suite. By consolidating endpoint and network data loss prevention within a single platform, Versa DLP ensures consistent policy enforcement across the IT infrastructure. 

Availability

Versa Endpoint DLP has been included as part of the VersaONE Universal SASE Platform in Concerto release version 12.1.2.

About Versa

Versa, a global leader in SASE, enables organizations to create self-protecting networks that radically simplify and automate their network and security infrastructure. Powered by AI, the VersaONE Universal SASE Platform delivers converged SSE, SD-WAN, and SD-LAN solutions that protect data and defend against cyberthreats while delivering a superior digital experience. Thousands of customers globally, with hundreds of thousands of sites and millions of users, trust Versa with their mission critical networks and security. Versa is privately held and funded by investors such as Sequoia Capital, Mayfield, and BlackRock. For more information, visit https://www.versa-networks.com and follow Versa on LinkedIn and X (Twitter) @versanetworks.

You May Also Like

Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution

Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.

Source: Allstar Picture Library Ltd. via Alamy Stock Photo

An active ransomware campaign against the Cleo managed file transfer tool is about to ramp up now that a proof-of-concept exploit for a zero-day flaw in the software has become publicly available. Defenders should brace for widespread deployment of the Cleopatra backdoor and other steps in the attack chain.

The flaw, which is the result of an insufficient patch for an arbitrary file write tracked as CVE-2024-50623, is being used for remote code execution (RCE) and impacts Cleo Harmony, Cleo VLTrader, and Cleo LexiCon products, according to the company's security advisory. The new issue does not yet have a CVE or CVSS severity score as of the time of this writing.

Active attacks against the zero-day appear to have begun on Dec. 3, and just days later cyberattackers had breached at least 10 Cleo clients, including those in the trucking, shipping, and food industries. Cleo currently has more than 4,000 customers, mostly mid-sized organizations.

The current ransomware campaign has been attributed to a group called "Termite," which is also believed to be connected to similar cyberattacks against Blue Yonder that ultimately impacted household brand names like Starbucks.

But that's just a taste of what's to come, according to Artic Wolf analysts, who predict that ransomware cyberattacks against vulnerable Cleo systems are about to escalate.

**Is a MOVEit-Style Deluge of Cyberattacks Imminent?**

Since 2023's ransomware success against MOVEit, a similar file transfer service, threat actors have become keenly aware of the broad access to sensitive enterprise data and systems these MFT solutions provide, researchers at Artic Wolf noted.

That's especially true in light of a public proof of exploit of the Cleo zero-day published on Dec. 11 by Watchtowr Labs, the researchers predicted. Like MOVEit, Cleo has the potential to offer attackers a mass-attack avenue.

And unfortunately for those impacted, patching this zero-day has been a bit confusing for Cleo customers, widening the door for attackers to pounce.

The original bug, CVE-2024-50623, was first "fixed" in the Oct. 30 release of an updated Cleo version, 5.8.0.21. However, customers continued to report compromises, "suggesting the existence of a separate means of compromise," a new backgrounder from Rapid7 on the Cleo zero-day explained.

Researchers at Huntress first reported on continued widespread active exploits of the supposedly patched vulnerability on Dec. 9. Cleo responded with a new version containing a new security patch (version 5.8.0.24). However, the new exploitable issue has not yet received a new CVE designation, raising questions from industry watchers like Rapid7.

"Cleo issued a new advisory as of December 10 that previously said versions up to 5.8.0.21 were vulnerable to an as-yet-unassigned CVE," a Rapid7 blog post noted. "That advisory was updated to indicate a patch is now available for all affected products — it's unclear exactly when the update occurred. There is still no CVE for the new issue."

Cleo has since added a note to its advisory page on the insufficient patching issue that a "CVE is pending."

**Cleopatra Backdoor: How to Tell if Cleo Has Been Compromised**

With the added patching confusion, it's up to cyber defense teams to understand what a Cleo compromise looks like and stop it before it takes hold.

The Artic Wolf team tracked the attack chain down to a malicious PowerShell stager that ultimately executes a new Java-based backdoor that their team appropriately called "Cleopatra."

"The Cleopatra backdoor supports in-memory file storage, and is designed for cross-platform support across Windows and Linux. It implements functionality designed to access data stored within Cleo MFT software specifically," the Artic Wolf report explained. "Although many IP addresses were used as C2 destinations, vulnerability scanning originated from only two IP addresses."

The Arctic Wolf researchers urge defenders to focus in on monitoring server assets for unusual activity, like PowerShell, in order to respond early in the attack chain.

"Additionally, devices should be continuously audited for potential weaknesses in internet-accessible services, and vulnerable services should be kept off the public Internet where possible to minimize the potential exposure in mass exploitation campaigns such as this one," the report added. "This can be accomplished by IP access control lists, or by keeping applications behind a VPN to reduce the potential attack surface."

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn

Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security.

Source: Olena Ivanova via Shutterstock

Companies deploying generative artificial intelligence (GenAI) models — especially large language models (LLMs) — should make use of the widening variety of open source tools aimed at exposing security issues, including prompt-injection attacks and jailbreaks, experts say.

This year, academic researchers, cybersecurity consultancies, and AI security firms released a growing number of open source tools, including more resilient prompt injection tools, frameworks for AI red teams, and catalogs of known prompt injections. In September, for example, cybersecurity consultancy Bishop Fox released Broken Hill, a tool for bypassing the restrictions on nearly any LLM with a chat interface.

The open source tool can be trained on a locally hosted LLM to produce prompts that can be sent to other instances of the same model, causing those instances to disobey their conditioning and guardrails, according to Bishop Fox.

The technique works even when companies deploy additional guardrails — typically, simpler LLMs trained to detect jailbreaks and attacks, says Derek Rush, managing senior consultant at the consultancy.

"Broken Hill is essentially able to devise a prompt that meets the criteria to determine if \[a given input\] is a jailbreak," he says. "Then it starts changing characters and putting various suffixes onto the end of that particular prompt to find \[variations\] that continue to pass the guardrails until it creates a prompt that results in the secret being disclosed."

The pace of innovation in LLMs and AI systems is astounding, but security is having trouble keeping up. Every few months, a new technique appears for circumventing the protections used to limit an AI system's inputs and outputs. In July 2023, a group of researchers used a technique known as "greedy coordinate gradients" (GCG) to devise a prompt that could bypass safeguards. In December 2023, a separate group created another method, Tree of Attacks with Pruning (TAP), that also bypasses security protections. And two months ago, a less technical approach, known as Deceptive Delight, was introduced that uses fictionalized relationships to fool AI chatbots to violate their systems restrictions.

The rate of innovation in attacks underscores the difficulty of securing GenAI systems, says Michael Bargury, chief technology officer and co-founder of AI security firm Zenity.

"It's an open secret that we don't really know how to build secure AI applications," he says. "We are all trying, but we don't know how to yet, and we are basically figuring that out while building them with real data and with real repercussions."

**Guardrails, Jailbreaks, and PyRITs**

Companies are erecting defenses to protect their valuable business data, but whether those defenses are effective remains a question. Bishop Fox, for example, has several clients using programs such as PromptGuard and LlamaGuard, which are LLMs programmed to analyze prompts for validity, says Rush.

"We're seeing a lot of clients \[adopting\] these various gatekeeper large language models that try to shape, in some manner, what the user submits as a sanitization mechanism, whether it's to determine if there's a jailbreak or perhaps it's to determine if it's content-appropriate," he says. "They essentially ingest content and output a categorization of either safe or unsafe."

Now researchers and AI engineers are releasing tools to help companies determine whether such guardrails are actually working.

Microsoft released its Python Risk Identification Toolkit for generative AI (PyRIT) in February 2024, for example, an AI penetration testing framework for companies that want to simulate attacks against LLMs or AI services. The toolkit allows red teams to build an extensible set of capabilities for probing various aspects of an LLM or GenAI system.

Zenity uses PyRIT regularly in its internal research, says Bargury.

"Basically, it allows you to encode a bunch of prompt-injection strategies, and it tries them out on an automated basis," he says.

Zenity also has its own open source tool, PowerPwn, a red-team toolkit for testing Azure-based cloud services and Microsoft 365. Zenity's researchers used PowerPwn to find five vulnerabilities in Microsoft Copilot.

**Mangling Prompts to Evade Detection**

Bishop Fox's Broken Hill is an implementation of the GCG technique that expands on the original researchers' efforts. Broken Hill starts with a valid prompt and begins changing some of the characters to lead the LLM in a direction that is closer to the adversary's objective of disclosing a secret, Rush says.

"We give Broken Hill that starting point, and we generally tell it where we want to to end up, like perhaps the word 'secret' being within the response might indicate that it would disclose the secret that we're looking for," he says.

The open source tool currently works on more than two dozen GenAI models, according to its GitHub page.

Companies would do well to use Broken Hill, PyRIT, PowerPwn, and other available tools to explore their AI applications vulnerabilities because the systems will likely always have weaknesses, says Zenity's Bargury.

"When you give AI data — that data is an attack vector — because anybody that can influence that data can now take over your AI if they are able to do prompt injection and perform jailbreaking," he says. "So we are in a situation where, if your AI is useful, then it means it's vulnerable because in order to be useful, we need to feed it data."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Generative AI Security Tools Go Open Source

A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network — meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.

Source: Daniel Chetroni via Alamy Stock Photo

Researchers have demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on.

The method, called "TPUXtract," comes courtesy of North Carolina State University's Department of Electrical and Computer Engineering. Using many thousands of dollars worth of equipment and a novel technique called "online template-building," a team of four managed to infer the hyperparameters of a convolutional neural network (CNN) — the settings that define its structure and behavior — running on a Google Edge Tensor Processing Unit (TPU), with 99.91% accuracy.

Practically, TPUXtract enables a cyberattacker with no prior information to essentially steal an artificial intelligence (AI) model: They can recreate a model in its entirety and save the actual data it was trained on, for purposes of intellectual property (IP) theft or follow-on cyberattacks.

**How TPUXtract Works to Recreate AI Models**

The study was conducted on a Google Coral Dev Board, a single-board computer for machine learning (ML) on smaller devices: think edge, Internet of Things (IoT), medical equipment, automotive systems, etc. In particular, researchers paid attention to the board's Edge Tensor Processing Unit (TPU), the application-specific integrated circuit (ASIC) at the heart of the device that allows it to efficiently run complex ML tasks.

Any electronic device like this, as a byproduct of its operations, will emit EM radiation, the nature of which will be influenced by the computations it performs. Knowing this, the researchers conducted their experiments by placing an EM probe on top of the TPU — removing any obstructions like cooling fans — and centering it on the part of the chip emanating the strongest EM signals. Then they fed the machine input data and recorded the signals it leaked.

To begin to make sense of those signals, they first identified that before any data gets processed, a neural network quantizes — compresses — its input data. Only when the data is in a format suitable for the TPU does the EM signal from the chip shoot up, indicating that computations have begun.

At this point, the researchers could begin mapping the EM signature of the model. But trying to estimate all of the dozens or hundreds of compressed layers that comprise the network at the same time would have been effectively impossible.

Every layer in a neural network will have some combination of characteristics: It will perform a certain type of computation, have a certain number of nodes, etc. Importantly, "the property of the first layer affects the 'signature,' or the side-channel pattern of the second layer," notes Ashley Kurian, one of the researchers. Thus, trying to understand anything about the second, 10th, or 100th layer becomes increasingly impossible, as it rests on all of the properties of what came before it.

"So if there are 'N' layers, and there are 'K' numbers of combinations \[of hyperparameters\] for each layer, then computing cost would have been N raised to K," she explains. The researchers studied neural networks with 28 to 242 layers (N) and estimated that K — the total number of possible configurations for any given layer — equaled 5,528.

Instead of having to commit infinite computing power to the problem, they figured they could isolate and analyze each layer in turn.

To recreate each layer of a neural network, the researchers built "templates" — thousands of simulated combinations of hyperparameters, and read the signals they gave off when processing data. Then they compared those results to the signals emitted by the model they were trying to approximate. The closest simulation would be considered correct. Then, they applied the same process to the next layer.

"Within a day, we could completely recreate a neural network that took weeks or months of computation by the developers," Kurian reports.

**Stolen AIs Lead to IP, Cybercrime Risk to Companies**

Pulling off TPUXtract isn't trivial. Besides a wealth of technical know-how, the process also demands a variety of expensive and niche equipment.

The NCSU researchers used a Riscure EM probe station with a motorized XYZ table to scan the chip's surface, and a high sensitivity electromagnetic probe for capturing its weak radio signals. A Picoscope 6000E oscilloscope recorded the traces, Riscure's icWaves field-programmable gate array (FPGA) device aligned them in real-time, and the icWaves transceiver used bandpass filters and AM/FM demodulation to translate and filter out irrelevant signals.

As tricky and costly as it may be for an individual hacker, Kurian says, "It can be a competing company who wants to do this, \[and they could\] in a matter of a few days. For example, a competitor wants to develop \[a copy of\] ChatGPT without doing all of the work. This is something that they can do to save a lot of money."

Intellectual property theft, though, is just one potential reason anyone might want to steal an AI model. Malicious adversaries might also benefit from observing the knobs and dials controlling a popular AI model, so they can probe them for cybersecurity vulnerabilities.

And for the especially ambitious, the researchers also cited four studies that focused on stealing regular neural network parameters. Theoretically, those methods in combination with TPUXtract could be used to recreate the entirety of any AI model — parameters and hyperparameters in all.

To combat these risks, the researchers suggested that AI developers could introduce noise into the AI inference process using dummy operations, or running random operations concurrently, or confuse analysis by randomizing the sequence of layers during processing.

"During the training process," says Kurian, "developers will have to insert these layers, and the model should be trained to know that these noisy layers need not be considered."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem.

The North Pole is on the verge of a civil war. Santa is missing. It’s elf vs. elf. Factions have formed, and it's up to you to save the day, block a ransomware attack, and untangle multiple cybersecurity snafus to ensure this year's holiday gifts don't get buried under a mountain of snowballs.

No, it's not a children's story with a cyber twist. The Holiday Hack Challenge from SANS Institute is back for another season of wintery fun. Open to players of all skill levels, the online competition with real-world cybersecurity problems is set in the world of Santa, elves, and Christmas mayhem. This year's competition is open and will run through Jan. 3, 2025.

"There's some really good stuff in there with ransomware analysis, Web application penetration testing, incident response and incident analysis," says Ed Skoudis, founder of the Holiday Hack Challenge and president of the SANS Institute.

Skoudis calls the Holiday Hack Challenge, now in its 21st year, SANS's gift to the cybersecurity community. The goal is to provide a learning environment that is freely available to everyone in the world to learn skills while having fun, as well as to build a community where people work together and get to know each other. Players don't have to play through the game in one sitting or in order. Anyone who needs help can ask the elves in the game — the elves are very promiscuous hint-givers, Skoudis says — or join the Discord server to chat with other players.

Many of the challenges are taken from real-world cybersecurity incidents. Each challenge is ranked by difficulty, from one to five snowballs, with five being the most difficult. What's new this year is that every challenge can be solved in two ways: an easy mode and hard mode. Players don't know which mode they are in, but if their solution took the easy method, they'll "receive" a silver trophy. Solving the hard way results in a gold trophy. And skipping a challenge gives them a bronze participation trophy. A certain number of points are assigned for bronze, silver, and gold for each challenge, which are then summed into the player's score. A leaderboard displays player scores — and people who signed up as a cohort have their own private scoreboard.

"All year long, we're canvassing, looking for ideas of novel attacks that everybody should know about and know how to investigate, know how to do penetration tests for, and we're pulling those ideas together and putting them in holiday hack at the highest quality we can," Skoudis says.

This year's challenges fall into the following categories:

*   Ransomware Reverse Engineering
    

*   Web App Hacking with MQTT and Video Feed Manipulation
    

*   Mobile App Penetration Testing
    
*   OSINT via Drone Path Analysis
    
*   Web Exploration with cURL
    
*   PowerShell for Cyber Defense
    

**The Best Prize of All**

Winners will be announced in a webcast on Jan. 16, 2025. The grand prize winner will get a free SANS on-demand course, though some previous winners have found themselves with something more: a full-time job.

Janusz Jasinski first participated in the Holiday Hack Challenge in 2018 and was hired as a senior technical engineer by Counter Hack in 2023 after networking with people he encountered in the community. He is now involved with the challenge as a game designer. Finding the sweet spot of something that's not too easy yet not too hard is the greatest challenge in designing the game, Jasinski said. He designed this year's mobile app penetration test challenge.

"My challenge this year was \[a difficulty level of\] two or three out of five,” Jasinski says. "It's easy to do \[create\] a very easy challenge, it's easy to do a very hard challenge. It's very hard to do those in the middle, and just getting the right amount of complexity in there was a bit challenging. But further this year, we had the gold and silver, i.e., easy and hard routes. So to bake that in was now an extra level of difficulty."

But the fun part, he says, is having people in the real world playing and actually succeeding in the challenge, then sharing their solutions on Discord or social media.

Participating in the Holiday Hack Challenge and joining the community also led Kyle Parrish to a role behind the scenes. Parrish first played the Holiday Hack Challenge in 2018, winning an honorable mention early in his cybersecurity career.

"I played it and absolutely loved it — the practical application of the challenges and the just goofy video game feel," he says. "It was a ton of fun. I learned a lot of tools that I literally was able to start using in my work and help me progress as a young security engineer."

Parrish says he enjoyed the competition and sense of community so much that he played annually and volunteered to be a concierge in Discord, helping others with the challenges, in 2023. In January 2024, he joined the Counter Hack team as a senior technical engineer and is also now involved in designing the challenges.

"My favorite part is how, basically, the entire game is run off an Excel spreadsheet, which just kind of blew my mind," Parrish says. "And to see the skill that was put into it by some of our other teammates on building this game engine … to create these environments in this virtual world where players can interact with these challenges. It's so much fun."

It's also exciting to see how people solve his challenge, he adds.

"Somebody found an exploit in it and was able to get root against the challenge, which was awesome," Parrish says. "It was really cool to see that I had an intended path, but you were able to have an alternate path and were able to escalate your privileges. And that just makes for an even better write-up and a better learning experience for everybody involved."

Though it may come cloaked in snowball fights and elf espionage, real-world training and building a peer community is the real point of the challenge.

"I hope players develop cybersecurity skills that they can use in their actual job," Skoudis says. "That's the bottom line. And at the same time, I hope we have spoonfuls of holiday sugar that helps make the medicine go down, you know?"

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Test Your Cyber Skills With the SANS Holiday Hack Challenge

As the adoption of LCNC grows, so will the complexity of the threats organizations face.

Source: ArtemisDiana via Alamy Stock Photo

COMMENTARY

As organizations lean into low-code/no-code (LCNC) platforms to streamline development and empower citizen developers, security risks become increasingly challenging to manage. One of the more under-the-radar LCNC threats is OData injection, an attack vector that can expose sensitive corporate data and is predominant on the Microsoft Power Platform. This new vulnerability is poorly understood by security professionals in LCNC environments, where traditional safeguards are lacking.

**What Is OData? **

OData, or Open Data Protocol, is an OASIS standard that has gained traction in LCNC platforms as a way to manage and deliver data through REST APIs. It's widely adopted because it allows seamless communication between applications and data sources, regardless of the underlying data storage model. In LCNC environments, it is commonly used as a query language to retrieve data from a variety of sources, such as SQL databases, SharePoint, or Dataverse.

OData is particularly valuable in LCNC platforms because of its simplicity — developers don't need to be database experts to use it, and the same query language can be used for very different data sources. 

**The OData Injection Threat**

OData injection manipulates user input that is later used by an application or automation to form an OData query. The query is then applied to an enterprise data source. This allows an attacker to gain unauthorized access to manipulate or exfiltrate sensitive user and corporate data. 

While SQL injection (SQLi) is generally understood by security professionals, OData injection poses a different set of challenges, especially in LCNC environments, where multiple data sources are often connected and managed by citizen developers with minimal security training. Unlike SQLi, which is confined to relational databases, OData can connect to a wide array of data sources, including custom applications and third-party services, broadening the potential impact of an attack. 

OData also lacks the well-established security practices that have been developed for SQL. For example, SQLi can typically be mitigated with parameterized queries, a practice that has become standard over the years. OData injection, however, doesn't have a similar one-size-fits-all solution. Developers must create custom input validation mechanisms — a manual and error-prone process. In addition, the general lack of awareness of OData injection techniques further reduces the likelihood that custom validation methods will be implemented. 

**A New External Attack Surface**

OData vulnerabilities in LCNC environments often stem from the unrecognized risks associated with external data inputs. These are frequently integrated into workflows that manipulate critical enterprise data, including Web forms, email messages, social media, and external Web applications. These inputs typically are accepted without stringent validation, leaving the attack surface vulnerable and often undefended, as developers and security teams may overlook these sources as potential risks.  

This oversight allows attackers to exploit these inputs by injecting malicious OData queries. For instance, a simple product feedback form could be exploited to extract sensitive data or modify stored information. 

**Security Challenges **

Because most citizen developers don't have formal security training and are often unfamiliar with the dangers of accepting unchecked external inputs in their workflows, OData Injection vulnerabilities can flourish undetected.

Also, unlike SQL injection, validating user inputs in OData queries requires a more hands-on approach. Developers must manually sanitize inputs — removing harmful characters, ensuring proper formatting, and guarding against common injection techniques. This process takes time, effort, and more advanced programming knowledge that most LCNC developers lack.

Furthermore, in traditional development environments, security vulnerabilities are often tracked and remediated through ticketing systems or backlog management tools like Jira. This formal process does not exist in most LCNC development environments, where developers may not be full-time coders and have no formalized way to handle bug tracking or vulnerability management.

**Mitigation Best Practices**

Combating OData injection requires a proactive security strategy. Ideally, LCNC developers should be trained on OData query risks and how external inputs could be exploited. This is unrealistic, since citizen developers aren't full-time coders. 

Instead, automation can play a significant role in monitoring and detecting OData injection vulnerabilities. Security teams should deploy tools that continuously assess LCNC environments for potential vulnerabilities, especially as new applications and workflows are created. This will help identify weaknesses early and quickly provide developers with actionable insights into how to fix them.

Collaboration between security teams and LCNC developers is another essential piece of the puzzle. Security teams should be granted access to monitor the development process in real-time, particularly in environments where critical corporate data is being processed. When vulnerabilities are identified, security must communicate clearly with developers, offering specific guidance on how to remediate issues. This could include best practices for input validation and sanitation, as well as tools for automating the process where possible.

Lastly, security should be integrated into the LCNC development life cycle. Much like the "shift-left" movement in traditional software development, security checks should be built into the LCNC workflow from the outset. Automated testing tools can be leveraged to scan for vulnerabilities as applications are being built, reducing the likelihood of OData injection vulnerabilities slipping through the cracks.

As the adoption of LCNC continues to grow, so will the complexity of the threats organizations face. Addressing LCNC vulnerabilities like OData injection now will help keep enterprises safe in the long run.

**About the Author**

CTO & Co-Founder, Nokod Security

Amichai Shulman, chief technology officer (CTO) and co-founder of Nokod Security, is an internationally recognized expert and researcher in data and application security. He was previously co-founder, CTO, and chief scientist at Imperva for more than 15 years. Amichai is a frequent conference speaker and industry authority on cybersecurity. As an investor and adviser, he has guided successful startups, including Intsights and SkyFence. Amichai is also an adjunct professor at the Technion – Israel Institute of Technology.

OData Injection Risk in Low-Code/No-Code Environments

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.

Source: Rastislav Sedlak via Alamy Stock Photo

The Dubai Police are the latest victims of impersonation by fraudsters in the United Arab Emirates (UAE), who are sending thousands of text messages out to unwitting mobile users while purporting to represent the law enforcement agency.

Researchers at BforeAI observed a recent surge in phishing attacks leveraging alleged police communications, which encourage text recipients to click on a malicious URL to respond to supposed legal trouble or to register with an "official" online portal. The included links redirect victims to fake websites designed to harvest sensitive information, including bank details or personal identification details.

The campaign uses well-crafted lures with official branding, suggesting a moderate level of sophistication, according to BforeAI. But while the lures are tailored to UAE citizens, the phishing methodology resembles a 'spray-and-pray' model in its broad reach.

"The campaign targets individuals likely to respond to law enforcement-related communications, of which legitimate comms of this nature are not uncommon in the UAE — targeting particularly those with a limited understanding of digital threats," Abu Qureshi, lead for threat intelligence and mitigation at BforeAI, tells Dark Reading.

"The most striking aspect of this campaign is the calculated misuse of Dubai Police branding to establish credibility and deceive victims," he adds. "This demonstrates a sophisticated understanding of social engineering techniques and reliance on psychological manipulation, exploiting fear and trust in law enforcement — which for citizens of the UAE is of utmost importance."

Related:Governments, Telcos Ward Off China's Hacking Typhoons

**Cybercriminals Increasingly Target UAE, Middle East**

Cybercrime campaigns targeting organizations and individuals in Dubai and other parts of the UAE are noticeably on the rise. According to research from Kaspersky earlier this year, 87% of companies in UAE have faced some form of cyber incident in the past two years.

"The UAE is a high-value target due to its affluent population, high Internet penetration, and reliance on digital services," Qureshi says. "Cybercriminals exploit these factors alongside vulnerabilities in newly adopted technologies."

The cybercrime spree is part of a larger trend in the targeting of individuals and organizations in some areas of the Middle East in general, he notes.

"There's a focus on wealthy regions and individuals to maximize financial gain," he says. "There are also regional geopolitical interests and an increased focus on Middle Eastern entities due to economic and political dynamics."

Related:African Law Enforcement Nabs 1,000+ Cybercrime Suspects

To boot, because the area has embraced digital transformation and IT modernization with gusto, cybercriminals are targeting digital adoption vulnerabilities that come from the rapid implementation of advanced technologies without adequate protections, according to Qureshi.

**Anchoring a UAE Cybercrime Campaign in Singapore**

The cyberattackers behind the Dubai Police offensive appear to have used an automated domain generation algorithm (DGA) or bulk registration to quickly cycle through different domains to host malicious Web pages bent on financial fraud. Each domain is short-lived, in order to better avoid detection.

Most of those domains originated from Tencent servers based in Singapore, according to BforeAI researchers, who noted the company's servers have hosted malicious activity before, including spam, phishing, and botnets.

"Tencent, a Chinese-based technology giant, maintains a significant hub in Singapore, leveraging the city-state's strategic location and robust digital infrastructure," says Qureshi. "Despite Singapore's strong cyber-resilience and rigorous policies to address malicious activity, its status as a global tech hub makes it a prime location for abuse of legitimate platforms by cybercriminals."

Related:Yakuza Victim Data Leaked in Japanese Agency Attack

Qureshi adds that the presence of malicious activity on Tencent servers could be due to the exploitation of legitimate services.

"High-traffic servers can be abused to host or relay malicious content without the company's direct knowledge," he explains, adding that jurisdictional complexity could also be at play: "Singapore's law enforcement may face challenges in coordinating with foreign entities and differentiating criminal use from legitimate operations. While Tencent is based in Singapore — they are a Chinese firm."

Two of the registrants were found to be from India and Dubai itself, with suspicious names suggesting that they originate from a legitimate company, according to the research. For the most part though, the cyberattackers have managed to keep their identity anonymous.

Tencent did not immediately return a request for comment.

**How Organizations in the Middle East Can Protect Against Cyber Fraud**

For organizations in the region, campaigns like this should prompt changes in risk management, Qureshi advises. Although the phishing messages are broad-based, in the age of the mobile office, even campaigns designed to hit individuals can end up affecting companies.

Common-sense security hygiene includes the basics, like double-checking the official domain of the Dubai government and the payment portal before proceeding with any payment, as well as looking for red flags like missing HTTPs protocol, broken links, out-of-place Web designs, or suspicious phrasing or grammar.

Qureshi advises organizations to take several additional steps to mitigate their risk, including:

*   Enhanced monitoring: Implement robust predictive phishing detection systems and actively monitor for misuse of branding;
    
*   Awareness programs: Train employees on phishing recognition and reporting;
    
*   Collaboration: Work with CERTs and law enforcement to address identified threats;
    
*   Incident response: Develop and test response plans to address phishing-related breaches;
    
*   Reporting: Alert phishing reporting websites such as Etisalat and DU when employees receive phishing messages;
    
*   And continuous vigilance: Adopt a proactive cybersecurity stance to protect brand reputation and customer trust.
    

And finally, "this Dubai Police campaign highlights the globalized nature of cybercrime, where local targets are exploited using international infrastructure," Qureshi warns. "The importance of cross-border cooperation and leveraging threat intelligence to stay ahead of evolving tactics cannot be overstated."

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates.

Source: Mungkhood Studio via Shutterstock

NEWS BRIEF

Global insurance giant Lloyd's of London has launched a cyber insurance consortium to create a new shared risk facility for the cyber insurance market, offering qualified organizations exclusive rates, simplified insurance process, and comprehensive coverage.

A shared risk facility is a network of insurance firms that agree to collaborate and share the underwriting risk of policies. The consortium brings together a global network of Moody's-recognized AA-rated insurers and is designed to scale as additional insurers join the group. Through this model, insurers can deliver enhanced and more consistent insurance products and coverage, according to HITRUST.

Organizations seeking cyber insurance that have HITRUST certifications are eligible for lower insurance rates through the program, including a starting credit of 25% on premiums. The certification also allows for streamlined underwriting and a simpler application process. HITRUST said in a statement that some policies are being underwritten in "just one week."

New policies under the consortium have a single-page exclusion model, and organizations that participate will have access to increased capacity as the consortium grows to make sure they have insurance products that meet their needs.

"By integrating HITRUST certification into our underwriting process, we're able to offer tailored cyber insurance solutions that not only recognize but also reward organizations for their commitment to stringent security standards," said Josh Ladeau, CEO of Trium Cyber, the underwriting lead for the initiative, in a statement

To enable this consortium, HITRUST developed a secure API allowing insurers access to detailed information about an organization's HITRUST r2 certification. This way, insurers receive structured, consistent assessment data to facilitate the underwriting process. There are plans to expand eligibility in 2025 to other certification types, potentially including HITRUST's AI Security Certification.

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Source

DARKReading