Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.

Source: Nicolas Bentancor via Shutterstock

The purveyor of a rapidly emerging ransomware family being tracked as "Helldown" introduced a new Linux variant, targeting organizations across multiple sectors using VMware ESXi servers.

Several of the victims had Zyxel firewalls deployed as IPSec VPN access points at the time of breach, suggesting the attackers exploited a vulnerability or vulnerabilities in the technology to gain initial access, security researchers at Sekoia reported this week. Since surfacing in August, the group behind Helldown has quickly notched 31 victims, many of them US-based.

**Undocumented Zyxel Vulnerabilities?**

Available telemetry suggests the Zyxel flaw that the attackers are exploiting is undocumented, Seokia said. But Zyxel has issued fixes for multiple vulnerabilities in its firewalls after Helldown actors breached the company's network, also in August, and then leaked some 250GB worth of data. As of mid-November, no exploit code for any of these vulnerabilities appears to be publicly available, Sekoia said, while leaving open the possibility that the Helldown attackers could be exploiting any one of the vulnerabilities.

"Helldown is a notably active new intrusion set, as shown by its large number of victims," Sekoia researcher Jeremy Scion wrote this week. "Available data indicates that the group mainly targets Zyxel firewalls by exploiting undocumented vulnerabilities." Though the ransomware itself is standard fare, what makes the group dangerous is its apparent access to and effective use of undocumented vulnerability code, Scion noted.

Zyxel firewalls, like many other network and edge technologies, are a popular attacker target. Threat actors have been quick to exploit flaws in the company's products in various campaigns in the past, including one dubbed IZ1H9 that targeted Internet-of-Things (IoT) networks; another involving a Mirai variant; and another that hit Danish critical infrastructure.  

**A Troubling Shift**

Patrick Tiquet, vice president security and architecture at Keeper Security, viewed Helldown as a troubling shift in ransomware actor tactics. "While ransomware targeting Linux isn't unprecedented, Helldown's focus on VMware systems shows its operators are evolving to disrupt the virtualized infrastructures many businesses rely on," he said via email. "The message to security teams is clear: patch known vulnerabilities, monitor for unusual activity, and treat virtualized environments with the same vigilance as traditional ones."

Multiple security vendors have reported attacks involving Helldown since early August. Most of its victims have been small and medium sized businesses across different sectors, including transportation, manufacturing, healthcare, telecommunications, and IT services. Halycon, one of the first to spot Helldown, described the group as "highly aggressive" and capable of causing substantial disruption and financial losses to victims. According to Halycon, Helldown actors have a penchant for stealing large volumes of data from victims and threatening to leak the data unless it receives a ransom.

In a report earlier this month, Truesec perceived the threat actor as being more sophisticated in its initial compromise techniques compared to better known ransomware operators, such as the one behind Akira. In the attacks that Truesec analyzed, Helldown threat actors leveraged legitimate tools and other living-off-the-land techniques to execute their mission on a compromised network.

**Dangerous Adversary**

"Recent incidents showed that the group will thoroughly remove tools utilized during a compromise, as well as override the free disk space on the hard drive of different machines, in attempts to hinder the recovery process and reduce the effectiveness of file carving," Trusec observed. Helldown actors likely accessed victim environments directly from their Internet-facing Zyxel firewall, the security vendor posited. Once on a victim network, the threat actor used either TeamViewer or the default Windows RDP client for lateral movement, PowerShell for remote code execution, and Mimikatz to search for and retrieve credentials.

According to Sekoia, reports from multiple Helldown victims indicate that the attacker compromised Zyxel firewalls running firmware version 5.38. "Specifically, a file named zzz1.conf was uploaded, and a user account called OKSDW82A was created" on compromised systems, Scion noted. The attacker then used the temporary account to create an SSL VPN tunnel for accessing and pivoting further into the victim network.  

The attack chain included attempts by the threat actor to disable endpoint detection mechanisms using a tool called HRSword; leverage the domain controller's LDAP credentials to burrow deeper into the network; use certutil to download Advanced Port Scanner; use RDP or TeamViewer for remote access and lateral movement; and use PSExec for remote code execution.

Scion said Sekoia's analysis of the files that Helldown actors have published on their data leak site showed many of them to be unusually large and averaging around 70GB. The biggest file, in fact, weighed in at a hefty 431GB, which is noteworthy because ransomware actors typically tend to be more selective in the files they steal and use for extortion. The contents of the stolen files also tended to be more variable and random than usual for a ransomware operation. "The large volume and variety of data suggest that the attacker does not selectively choose which documents to steal," Scion said. "Instead, they appear to target data sources that store administrative files, such as PDFs and document scans, which typically contain sensitive information (personal, financial, etc.), thereby intensifying the pressure on victims."

Helldown's behavior itself is similar to that of Darkrace, a LockBit variant that first surfaced in August 2023 and may have been rebranded as Donex in February of this year. Though the links between the ransomware strains are not conclusive, there is a possibility that Helldown is a rebrand of Donex, Sekoia said.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Linux Variant of Helldown Ransomware Targets VMware ESXi Systems

In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.

Source: Panther Media GmbH via Alamy Stock Photo

Ransomware gangs such as Apos, Lynx, and Rabbit Hole are seeking pen testers to join their ransomware affiliate programs and assist in their malicious operations.

Penetration testing, i.e., simulating an attack in order to identify gaps and vulnerabilities within a system, is an essential cyber practice to gauge the strength of a system, program, or operation. Now, according to researchers at Cato Networks in its "Q3 2024 Cato CTRL SASE Threat Report," multiple Russian job listings have sprung up detailing requirements for the same skill set, preferably pen testers with experience in Russian language forums. It is the latest example of the professionalization of Russian cybercriminal groups.

"Ransomware is one of the most pervasive threats in the cybersecurity landscape," Etay Maor, chief security strategist at Cato Networks, wrote in a statement. "It impacts everyone — businesses and consumers — and threat actors are constantly trying to find new ways to make their ransomware attacks more effective."

Other findings in the Cato cyber-threat report include rising threats from Shadow AI, i.e., unauthorized artificial intelligence programs; and the lack of utilization of Transport Layer Security (TLS), a tool that allows organizations to decrypt, inspect, and re-encrypt traffic, but which poses some risks that prompt organizations to forgo it altogether.

**About the Author**

Russian Ransomware Gangs on the Hunt for Pen Testers

According to the unsealed criminal charges, the operation is believed to have running for nearly four years.

Source: Christophe Coat via Alamy Stock Photo

After being extradited from South Korea, a Russian cybercriminal leader has made his first appearance in the US District Court for the District of Maryland to face his charges.

Evgenii Ptitsyn, 42, is a Russian national who allegedly administered the sale, distribution, and operation of Phobos ransomware, which has been used against more than 1,000 victims, including public and private entities in the United States and globally. Using Phobos ransomware, its affiliates have extorted ransom payments amounting to more than $16 million, according to the indictment.

Ptitsyn and his affiliates conspired to partake in an international computer hacking and extortion scheme using the ransomware, according to the Justice Department, which believes the activity to have begun in at least November 2020.

Along with his co-conspirators, Ptitsyn would offer access to the ransomware to other criminals, creating an operation in which affiliates would use unauthorized credentials to gain access into victims' computer networks, steal files and programs, and encrypt the original versions of the stolen data before installing and executing the Phobos ransomware. The affiliates would threaten to expose the stolen files to the public or the victim's clients, customers, or constituents if the ransom was not paid.

"Ptitsyn and his co-conspirators hacked not only large corporations, but also schools, hospitals, nonprofits, and a federally recognized tribe, and they extorted more than $16 million in ransom payments," stated Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department's Criminal Division. "Ptitsyn's indictment, arrest, and extradition reflect the Criminal Division's commitment to leading the fight against the international scourge of ransomware."

Charged in a 13-count indictment with wire fraud conspiracy, wire fraud, conspiracy to commit computer fraud and abuse, four counts of causing intentional damage to protected computers, and four counts of extortion in relation to hacking, Ptitsyn will face a maximum penalty of 20 years in prison for each wire fraud count, 10 years for each computer hacking count, and five years for conspiracy to commit computer fraud and abuse, if he is convicted.

'Phobos' Ransomware Cybercriminal Extradited From South Korea

The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals.

Source: GK Images via Alamy Stock Photo

T-Mobile USA is the latest telecommunications provider to acknowledge it's been targeted by the Chinese advanced persistent threat (APT) known as Salt Typhoon, as part of a widescale and unsettling cyber-espionage operation that hacked numerous US and international telecommunications companies aiming to steal sensitive information.

The second-largest wireless carrier in the US is currently investigating and monitoring a cyberattack "consistent" with the recent activities of the Chinese state-sponsored cyber actor, a company spokesperson told Dark Reading late on Nov. 18 in a statement.

However, so far, the company has "had no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced," according to T-Mobile. Moreover, "there have been no significant impacts to T-Mobile systems or data," the company said. T-Mobile, based in Bellevue, Wash., has more than 127.5 million US subscribers.

However, T-Mobile's account differs from reports in which federal agencies said that there is evidence that the threat actor gained access to sensitive data, according to a published report in the Wall Street Journal that cited sources from the FBI and Cybersecurity and Infrastructure Security Agency (CISA).

Related:Akamai Reports Third Quarter 2024 Financial Results

According to those agencies, Salt Typhoon accessed call records of specific customers, private communications of targeted individuals, and information about law enforcement surveillance requests in an effort to gather intelligence on high-ranking US national security and policy officials, the report said.

**T-Mo Cyberattack: Full Impact Yet Unknown**

All in all, the wave of recent attacks by Salt Typhoon that have rocked telecom providers both at home and abroad — including AT&T, Verizon, and Lumen Technologies — is "unnerving," says one industry expert.

"No one is pleased with the idea that the Chinese government has access to information about us from our cellphones, one of the more intimate devices used in our daily life," says Jim Routh, former CISO at Aetna, American Express, and CVS and currently chief trust officer at security firm Saviynt. "The practical reality is that this incident does little to change the risk of a significant impact to US consumers."

As T-Mobile is not yet acknowledging that data was even stolen, let alone what type of data, the full impact of the attack won't be known for some time, Paul Bischoff, consumer privacy advocate at Comparitech, notes. That said, there is a chance it's not as serious as some fear depending on what is revealed, he observes.

Related:Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover

"Metadata like call times and participants, although concerning, is not nearly as scary as state-sponsored threat actors stealing texts and audio messages," Bischoff says.

Still, the national security implications of Chinese threat actors rooting around in the personal data of mobile device users, and then using that data to "island hop into a myriad of government agencies and critical infrastructures … are profound," observes another security expert, Tom Kellermann, senior vice president of cyber strategy at Contrast Security.

"This is the third telecom provider compromised by \[China\] in the last 12 months," Kellermann says. "The systematic campaign of infiltration will take months to root out."

**Further Salt Typhoon Telecom Attacks Imminent?**

Indeed, experts have surmised that the idea behind Salt Typhoon's wave of attacks is to leverage the useful information that can be gleaned from people's personal communications to launch further malicious activity and/or potentially disrupt communications to further China's interests in its political and economic conflict with the US.

"We can expect to see additional attacks by this group in the coming months, as \[it\] works to access the phone lines and records of national security officials and politicians," notes Chris Hauk, consumer privacy champion at Pixel Privacy.

Related:DHS Releases Secure AI Framework for Critical Infrastructure

The incidents are certainly a rude awakening for telecommunications and other critical infrastructure providers, and demonstrate just how vulnerable they are to compromise by organized cybercriminal groups, experts say. Indeed, T-Mobile itself doesn't have the best track record in cybersecurity, Bischoff notes, as just last month the mobile carrier paid a $31.5 million settlement to resolve multiple data breaches that took place over three years.

The threat of imminent further attacks by Salt Typhoon demand that telecom providers act fast to shore up cybersecurity efforts. "We can expect to continue to see attacks like this, as well as traditional ransomware attacks," Hauk notes, "as state actors continue to wage a cyberwar against the United States and its vulnerable infrastructure."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree

Individual companies and entire industries alike must take responsibility for protecting customer data — and doing the right thing when they fail.

Chris Lindsey, Application Security Evangelist, Mend.io

November 19, 2024

5 Min Read

Source: Anthony Brown via Alamy

Having a long career in cybersecurity doesn't stop me from being included in the same data breaches and mass involuntary disclosures of consumer information as everyone else. And like everyone else, I probably have now collected enough years of "free" credit monitoring that some of it could be passed on to my kids upon my death — maybe there will be some left for my grandkids, too.

Not that credit monitoring isn't helpful — one big benefit is the detection of data on the Dark Web, which has shed more light on the frequency of breaches. Through my free credit monitoring obtained after one breach, I have been notified about my data showing up on the Dark Web, indicating a new breach has occurred with a different company, long before the company notified me itself.

Last year, over a third of Americans experienced fraudulent charges on their debit or credit cards, email or social media account takeovers, or a fraudulent attempt to open a line of credit or take out a loan in their name, according to Pew Research Center.

Breaches don't seem to be slowing down. Identity Theft Resource Center reports there were 78% more breaches in 2023 than the previous year. There are hundreds of millions of victims each year.

It certainly feels like no one cares. It's true that stock prices do recover after a major breach, and they seem to be recovering faster each time. Wall Street must assume that consumers just don't care that much, but I don't see that continuing for long. Consumers might feel helpless, they might even feel hopeless, but they absolutely do care. If they start to take action, the economy will feel it.

Consider what might happen if most American consumers, concerned about the number of data breaches, decided to just take the simple action of freezing their credit. It would probably be healthier for the economy overall if the ability to borrow impulsively was removed, but it's not "good for business" and could negatively affect several sectors — retail in particular — significantly. This is not unrealistic. Just a few years ago, freezing and unfreezing credit was a bit of a hassle. Today it takes only a couple minutes per credit bureau.

So maybe companies ought to treat disclosure victims a little better and do more to not create victims in the first place.

Below are some ideas.

**Before a Breach**

At the very minimum, companies that hold personal health information or personally identifiable information on databases that can be accessed from the Internet should have a bug bounty program. Bug-bounty programs allow freelance security researchers to earn money by "hacking" companies and responsibly disclosing the vulnerabilities they found in the process. Without a clear program, these researchers are not only not guaranteed any reward for doing the right thing, they also are not guaranteed safe harbor against legal action being taken against them.

It also makes sense for companies of at least a certain size to obtain and share security certifications. At present, these certifications are voluntary. Eventually, government regulation may change that. For now, however, industry regulation will need to take the reins. Businesses that rely in any way on freely available consumer credit, such as retail stores that offer store credit cards, should be especially on top of their security certifications and wary of working with third parties who aren't.

**After a Breach**

The number of breaches should absolutely be lower than it is, but even with great security, breaches can and will still occur. What's important after a breach is protecting the affected consumers and not insulting them.

The first thing businesses should do is step up their disclosure game and notify customers in a timelier manner that their data has been compromised. It took Change Healthcare six months to send me a notification letter informing me that I was included in their breached data, but I was already keenly aware that this had happened months earlier. What was the point of the delay?

Next, companies need to do more than free credit monitoring. Credit monitoring is valuable, but it's reactive security on the consumer's end. Giving victims access to free password management services as well would provide them with a proactive tool.

But companies giving out another relatively cheap service is likely not going to cause companies enough pain to force them into prioritizing security any more than they are now. Regarding those industry regulations, certification should be contingent on an agreement to pay victims directly in the event of a breach, something like $5 to $50 per person per event.

If the company has good security implemented and proof that proper controls were in place, then they would pay less. If an ostensibly reputable company that has been identified as compliant is found to be grossly negligent, then not only should that company have to pay a higher amount to each consumer, the certification body should also have to pay out to victims. This extra agreement would bolster the overall value that the certifiers provide because it prevents blind certification to any company willing to pay for it.

The sun is setting on companies getting away with being opaque, cheap, and slow to react after major breaches of customer data. Individual companies and entire industries alike must take responsibility for protecting customer data and doing the right thing when they fail.

**About the Author**

Application Security Evangelist, Mend.io

Chris Lindsey is a seasoned speaker who has appeared at conferences, webinars, and private events. Currently building an online community and creating a podcast series, Chris draws on expertise from more than 15 years of direct security experience and over 35 years of experience leading teams in programming and software, solutions, and security architecture. For three years, Chris built and led an entire application security program that includes the implementation of mature AppSec programs, including oversight of security processes and procedures, SAST, DAST, CSA/OSA, compliance, training, developer communication, code reviews, application inventory gathering, and risk analysis.

We Can Do Better Than Free Credit Monitoring After a Breach

Freshly released court documents reveal new details on controversial Israeli spyware firm's operations.

Source: Shubham singh 007 via Shutterstock

Israel's NSO Group may know a lot more about how customers use its Pegasus commercial spyware product than the company has let on, newly released court documents connected to a legal dispute with Meta's WhatsApp suggest.

In fact, NSO Group installed and operated the spyware on behalf of its customers, making the company directly liable for the spyware's use, WhatsApp lawyers said in one court filing, released Nov. 14 in the US District Court for the Northern District of California.

The court documents are part of a lawsuit that WhatsApp filed against NSO Group in October 2019 after discovering the Israeli firm had used WhatsApp servers to distribute Pegasus to some 1,400 mobile phones, including those belonging to journalists and rights activists.

The lawyers also claimed that NSO Group repeatedly developed and used exploits for abusing WhatsApp's servers to install Pegasus on target devices, including at least once after WhatsApp had sued the company over the issue.

**NSO 'Solely Responsible'**

"NSO is solely responsible for Pegasus’s unauthorized access to WhatsApp's servers," the social media giant noted in one briefing. "Despite what NSO has claimed, its customers had a minimal role in how the spyware tool operated or collected information. All that NSO Group customers typically had to do was enter their target's phone number, press install and wait for the malware to install on the target device without any further interaction," they noted.

Related:Trustwave-Cybereason Merger Boosts MDR Portfolio

"In other words, the customer simply places an order for a target device's data, and NSO controls every aspect of the data retrieval and delivery process through its design of Pegasus," WhatsApp's lawyers said. The company, in fact, was so aware of how customers were using its malware that it actually disconnected service to 10 customers for excessive abuse, the lawyers claimed.

**Controversial Surveillance Software**

Pegasus is a controversial mobile spyware designed to secretly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detection by antivirus software. NSO Group claims to sell the technology solely to authorized government agencies for legitimate law enforcement, crime-fighting, and anti-terror purposes. But critics argue that the tool has been misused, particularly in authoritarian regimes, to target journalists, human rights activists, political dissidents, and others critical of the government.  

Related:Xiphera & Crypto Quantique Announce Partnership

A 2021 database leak revealed that NSO Group customers had, at the time, targeted more than 50,000 phone numbers for surveillance in countries like Mexico, Hungary, and India. The US government formally blacklisted the company in 2021, meaning its ability to operate in the US or do business with US entities abroad is severely restricted.

The NSO Group has tried to get US courts to dismiss WhatsApp's lawsuit against the company, citing, among other things, a lack of jurisdiction and the fact that its clients are mostly governments and therefore are not doing anything illegal. WhatsApp lawyers have sought to portray NSO Group as indeed being liable for Pegasus by attempting to tie the vendor more directly to customer use of the spyware tool.

In the newly released court documents, WhatsApp has alleged that NSO Group repeatedly and deliberated worked around the mechanisms the company put in place to prevent misuse of the secure messaging platform. One of them was a modified WhatsApp client app called the WhatsApp Installation Server (WIS) that could access WhatsApp's back-end servers in ways its own client software could not. NSO Group then developed tools named Heaven and Eden to interact with WIS in such a way as to trigger Pegasus downloads on target phones via WhatsApp. The company developed Eden after WhatsApp discovered Heaven and put up blocks against it. When WhatsApp engineers discovered Eden, NSO developed and used yet another tool, called Erised, through 2020, or after WhatsApp had filed its lawsuit.

Related:North Korea's Andariel Pivots to 'Play' Ransomware Games

The WhatsApp lawsuit is one of several that NSO Group is currently battling in courts worldwide from organizations and individuals impacted by the malware. In September, Apple sought voluntary dismissal of a 2021 lawsuit it had filed against NSO Group, citing concerns over the company having to share information with the court that other spyware makers could abuse going forward.

Back when the lawsuit was filed, the NSO Group was among a handful of known purveyors of such mobile spyware software. Since then, there has been a sharp increase in the number of commercial spyware vendors, driven largely by demand from government agencies. A Google report earlier this year identified spyware vendors like NSO Group as being responsible for nearly half of all zero-day exploits it counted between mid-2014 and December 2023.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

PRESS RELEASE

SILVER SPRING, Md. – The Security Industry Association (SIA) has named 24 recipients for this year’s SIA RISE Scholarship, a program offered through SIA’s RISE community, which supports the education and career development goals of young industry talent and emerging leaders.

Through this scholarship program – open to SIA student members and RISE members who are employees at SIA member companies – each awardee will receive a $3,000 scholarship to use toward continuing education and professional development courses, SIA program offerings and/or other academic or education programs. Scholarship funds can be used to expand knowledge in the areas of business, human resources, information technology, marketing, sales, project management, security engineering and/or risk management.

“SIA congratulates this year’s class of RISE Scholarship awardees – an impressive, diverse array of security professionals and rising stars who are making their mark on our industry,” said SIA CEO Don Erickson. “We are proud to present scholarships to more recipients this year than ever before and honored to support these inspiring young leaders as they pursue their educational and career development goals.”

The winners for this year’s RISE Scholarship are:

*   Zachary Allen, account executive, Convergint Technologies
    
*   Brianna Bonfondeo, account manager, Traka, ASSA ABLOY Global Solutions
    
*   Joi Brown, control center specialist, Rapid Response Monitoring Services
    
*   Brenda Constantin, account executive, 3Sixty Integrated, a Division of the Cook & Boardman Group
    
*   Jonathan Crabtree, channel sales specialist, Genetec
    
*   Taylor Davenport, HR business partner, i-PRO Americas
    
*   Mason Fanning, end user specialist, ASSA ABLOY
    
*   Natalie Fetsko, customer success manager, dormakaba
    
*   Aishwarya Gandhe, senior channel marketing coordinator, North America, Genetec
    
*   Anish Chandra Jalla, software developer II, Genetec
    
*   Kajaanei Kajenthiran, security guard, City of Toronto, Canada
    
*   Will Knehr, senior manager of information assurance and data privacy, i-PRO Americas
    
*   Ryan Knoll, account executive, Pro-Tec Design
    
*   Chandni Lalwani, DevOps engineer, HID Global
    
*   Vincent Malenfer-Henard, security analyst, Genetec
    
*   Josh Martin, mechanical engineer II, dormakaba
    
*   Bryn Menzel, director of strategic accounts and marketing, 3millID Corporation
    
*   Gabriella Moraniec, contracts manager, GSA Schedules
    
*   Taylor Nevells, digital marketing and content specialist, Wavelynx
    
*   Juan Pelayo, technical support supervisor, i-PRO Americas
    
*   Itzel Portillo, marketing specialist, Allegion
    
*   Joel Searle, program manager, ZBeta
    
*   Maria Sturges, project coordinator and administrator, Northland Controls
    
*   Julie Trinh, SDK specialist, Genetec
    

Learn more about the honorees here.

SIA would also like to thank the following individuals and companies which contributed to the 2024 RISE Scholarship fund. Tax-deductible donations were made through the Foundation for Advancing Security Talent (FAST), a nonprofit organization co-founded by SIA and the Electronic Security Association and dedicated to connecting passionate, innovative professionals with new opportunities in the security industry.

*   Secure Access & Digital Systems
    

SIA RISE is a community that fosters the careers of emerging leaders in the security industry. In addition to the SIA RISE Scholarship, SIA RISE offers fun in-person and virtual networking events for young professionals, the Talent Inclusion Mentorship Education (TIME) program for early and mid-career professionals, the 25 on the RISE Awards, career growth webinars and trade show education tracks and the annual AcceleRISE conference – a unique event designed to ignite new thinking, strengthen leadership and sharpen business acumen in young security talent. The SIA RISE community is open to all employees at SIA member companies who are young professionals under 40 or have been in the security industry for less than two years; learn more and sign up to join. 

About SIA

SIA is the leading trade association for global security solution providers, with over 1,500 innovative member companies representing thousands of security leaders and experts who shape the future of the security industry. SIA protects and advances its members’ interests by advocating pro-industry policies and legislation at the federal and state levels, creating open industry standards that enable integration, advancing industry professionalism through education and training, opening global market opportunities and collaborating with other like-minded organizations. As the premier sponsor of ISC Events expos and conferences, SIA ensures its members have access to top-level buyers and influencers, as well as unparalleled learning and network opportunities. SIA also enhances the position of its members in the security marketplace through SIA GovSummit, which brings together private industry with government decision makers, and Securing New Ground, the security industry’s top executive conference for peer-to-peer networking.

Security Industry Association Announces SIA RISE Scholarship Awardees

Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands.

Source: Valentin Baciu via Shutterstock

Companies worried about cyberattackers using large-language models (LLMs) and other generative AI systems that automatically scan and exploit their systems could gain a new defensive ally — a system capable of subverting the attacking AI.

Dubbed Mantis, the defensive system uses deceptive techniques to emulate targeted services and — when it detects a possible automated attacker — sends back a payload that contains a prompt-injection attack. The counterattack can be made invisible to a human attacker sitting at a terminal and will not affect legitimate visitors who are not using malicious LLMs, according to the paper penned by a group of researchers from George Mason University.

Because LLMs used in penetration testing are singularly focused on exploiting targets, they are easily co-opted, says Evgenios Kornaropoulos, an assistant professor of computer science at GMU and one of the authors of the paper.

"As long as the LLM believes that it's really close to acquiring the target, it will keep trying on the same loop," he says. "So essentially, we are kind of exploiting this vulnerability — this greedy approach — that LLMs take during these penetration-testing scenarios."

Cybersecurity researchers and AI engineers have proposed a variety of novel ways for LLMs to be used by attackers. From the ConfusedPilot attack, which uses indirect prompt injection to attack LLMs when they are ingesting documents during retrieval-augmented generation (RAG) applications, to the CodeBreaker attack, which causes code-generating LLMs to suggest insecure code, attackers have automated systems in their sights.

Yet, research on offensive and defensive uses of LLMs is still early: AI-augmented attacks are essentially automating the attacks that we already know about, says Dan Grant, principal data scientist at threat-defense firm GreyNoise Intelligence. Yet, signs of increasing use of automation among attackers is increasing: the volume of attacks has been slowly increasing in the wild and the time to exploit a vulnerability has been slowly decreasing.

"LLMs enable an extra layer of automation and discovery that we haven't really seen before, but \[attackers are\] still applying the same route to an attack," he says. "If you're doing a SQL injection, it's still a SQL injection whether an LLM wrote it or human wrote it. But what it is, is a force multiplier."

**Direct Attacks, Indirect Injections, and Triggers**

In their research, the GMU team created a game between an attacking LLM and a defending system, Mantis, to see if prompt injection could impact the attacker. Prompt injection attacks typically take two forms. Direct prompt injection attacks are natural-language commands that are entered directly into the LLM interface, such as a chatbot or a request sent to an API interface. Indirect prompt injection attacks are statements included in documents, web pages, or databases that are ingested by an LLM, such as when an LLM scans data as part of a retrieval-augmented generation (RAG) capability.

In the GMU research, the attacking LLM attempts to compromise a machine and deliver specific payloads as part of its goal, while the defending system aims to prevent the attacker's success. An attacking system will typically use an iterative loop that assesses the current state of the environment, selects an action to advance toward its goal, execute the action, and analyze the targeted system's response.

Using a decoy FTP server, Mantis sends a prompt-injection attack back to the LLM agent. Source: "Hacking Back the AI-Hacker" paper, George Mason University

The GMU researchers' approach is to target the last step by embedding prompt-injection commands in the response sent to the attacking AI. By allowing the attacker to gain initial access to a decoy service, such as a web login page or a fake FTP server, the group can send back a payload with text that contains instructions to any LLM taking part in the attack.

"By strategically embedding prompt injections into system responses, Mantis influences and misdirects LLM-based agents, disrupting their attack strategies," the researchers stated in their paper. "Once deployed, Mantis operates autonomously, orchestrating countermeasures based on the nature of detected interactions."

Because the attacking AI is analyzing the responses, a communications channel is created between the defender and the attacker, the researchers stated. Since the defender controls the communications, they can essentially attempt to exploit weaknesses in the attacker's LLM.

**Counter Attack, Passive Defense**

The Mantis team focused on two types of defensive actions: Passive defenses that attempt to slow the attacker down and raise the cost of their actions, and active defenses that hack back and aim to gain the ability to run commands on the attacker's system. Both strategies were effective with a greater than 95% success rate using the prompt-injection approach, the paper stated.

In fact, the researchers were surprised at how quickly they could redirect an attacking LLM, either causing it to consume resources or even to open a reverse shell back to the defender, says Dario Pasquini, a researcher at GMU and the lead author of the paper.

"It was very, very easy for us to steer the LLM to do what we wanted," he says. "Usually, in a normal setting, prompt injection is a little bit more difficult, but here — I guess because the task that the agent has to perform is very complicated — any kind of injection of prompt, such as suggesting that the LLM do something else, is \[effective\]."

By bracketing a command to the LLM with ANSI characters that hide the prompt text from the terminal, the attack can happen without the knowledge of a human attacker.

**Prompt Injection is the Weakness**

While attackers who want to shore up the resilience of their LLMs can attempt to harden their systems against exploits, the actual weakness is the ability to inject commands into prompts, which is a hard problem to solve, says Giuseppe Ateniese, a professor of cybersecurity engineering at George Mason University.

"We are exploiting those something that is very hard to patch," he says. "The only way to solve it for now is to put some human in the loop, but if you put the human in the loop, then what is the purpose of the LLM in the first place?"

In the end, as long as prompt-injection attacks continue to be effective, Mantis will still be able to turn attacking AIs into prey.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

AI About-Face: 'Mantis' Turns LLM Attackers Into Prey

PRESS RELEASE

NEW YORK, Nov. 14, 2024 /PRNewswire/ -- Kyndryl (NYSE: KD), the world's largest IT infrastructure services provider, today introduced a new suite of services, co-developed with Microsoft, to enhance cyber resilience for businesses globally.

Kyndryl and Microsoft have built upon their successful, long-standing partnership to develop differentiated, scalable security and resiliency services. The new services are integrated into Kyndryl Bridge, the industry-leading, artificial intelligence (AI)-powered, open integration digital business platform. Combining Kyndryl's deep services expertise with Microsoft's security technologies provides businesses a comprehensive approach to defending their operations from nefarious threats and attacks.  

This collaboration between Kyndryl and Microsoft can help customers address their expansive cyber resilience needs, ranging from compliance to secure, resilient IT infrastructure, especially considering that cyberattacks are the top concern for business leaders.

"As businesses continue to embrace digital modernization and rapid advancements in technology, the cyber threat landscape and growing regulatory pressures around the world are becoming increasingly complex," said Michelle Weston, Vice President of Security & Resiliency, Kyndryl. "Through our strategic partnership with Microsoft, we are positioned to meet our customers' needs by providing robust security capabilities and supporting their regulatory readiness. Our combined expertise allows us to deliver services that not only protect our customers' assets, but also empower them to thrive in a rapidly evolving digital environment."

"The need for robust cyber resilience has never been greater," said Ricardo Davila, Senior Director, Kyndryl, at Microsoft. "By leveraging Microsoft's security technologies and Kyndryl's expertise, together, we're helping businesses protect their critical assets, so they can operate with confidence. This partnership reinforces our shared commitment to combat cyber threats, so they can realize digital transformation across industries."

Through its services, Kyndryl provides customers:

*   Enhanced risk and compliance readiness: To help support customers' cyber regulatory readiness around the world, Kyndryl's services with Microsoft Purview can automatically assess and manage compliance across multi-cloud and hybrid cloud environments. A global team of security experts recommend the most relevant assessments and advise on which policies and operational procedures to implement to help mitigate compliance risk. 
    
*   Security information and event management (SIEM) migration: Customers can migrate existing Microsoft Sentinel SIEM solutions quickly, enhancing security operations center (SOC) capabilities and accelerating onboarding processes, reducing time to initiate the delivery of services.
    
*   Identity and access management (IAM): Protecting identities and controlling access is one of the first lines of defense against threats to an organization's data and systems. Using Zero Trust principles, Kyndryl's services with Microsoft Entra enhance security and provide a better user experience for customers by offering simplified user authentication, identity governance and integrations to help secure access to their resources.
    
*   Increased detection and response (XDR) capabilities: Businesses have increasingly complex IT architecture with remote endpoints that use several operating systems and device types. The XDR services with Microsoft Defender enable threat prevention, detection and response against increasingly sophisticated attacks on customer assets, including email, identity, Software as a Service (SaaS) applications, cloud infrastructure and data.
    

As part of the partnership, Kyndryl became a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft Security technology to better defend mutual customers against a world of increasing cyber threats.

Visit the Kyndryl and Microsoft alliance page for more information on the strategic partnership.

About Kyndryl  
Kyndryl (NYSE: KD) is the world's largest IT infrastructure services provider, serving thousands of enterprise customers in more than 60 countries. The Company designs, builds, manages and modernizes the complex, mission-critical information systems that the world depends on every day. For more information, visit www.kyndryl.com.

Forward-Looking Statements  
This press release contains "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements often contain words such as "will," "anticipate," "predict," "project," "plan," "forecast," "estimate," "expect," "intend," "target," "may," "should," "would," "could," "outlook" and other similar words or expressions or the negative thereof or other variations thereon. All statements, other than statements of historical fact, including without limitation statements representing management's beliefs about future events, transactions, strategies, operations and financial results, may be forward-looking statements. These statements do not guarantee future performance and speak only as of the date of this press release and the Company does not undertake to update its forward-looking statements. Actual outcomes or results may differ materially from those suggested by forward-looking statements as a result of risks and uncertainties including those described in the "Risk Factors" section of the Company's most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission.

Source

DARKReading